diff --git a/commondependency/src/deviceprofile_connector.cpp b/commondependency/src/deviceprofile_connector.cpp index 6ec0ef91d0f1c56ebf4d29bb121078a02c13585c..630476310a35a6fb71c544016c6d9169a198cb4a 100644 --- a/commondependency/src/deviceprofile_connector.cpp +++ b/commondependency/src/deviceprofile_connector.cpp @@ -394,18 +394,11 @@ std::vector DeviceProfileConnector::SyncAclByBindType(std::string pkgNa CompareBindType(profiles, pkgName, sinkBindType, localDeviceId, targetDeviceId); LOGI("SyncAclByBindType sinkBindType size is %{public}zu", sinkBindType.size()); for (uint32_t sinkIndex = 0; sinkIndex < sinkBindType.size(); sinkIndex++) { - bool deleteAclFlag = true; for (uint32_t srcIndex = 0; srcIndex < bindTypeVec.size(); srcIndex++) { if (sinkBindType[sinkIndex] == bindTypeVec[srcIndex]) { - deleteAclFlag = false; bindType.push_back(bindTypeVec[sinkIndex]); } } - if (deleteAclFlag) { - int32_t deleteIndex = profiles[bindTypeIndex[sinkIndex]].GetAccessControlId(); - DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(deleteIndex); - LOGI("SyncAclByBindType deleteAcl index is %{public}d", deleteIndex); - } } return bindType; } diff --git a/services/implementation/include/authentication/auth_message_processor.h b/services/implementation/include/authentication/auth_message_processor.h index d21279a34ad47be10783315c8473819e23a254e9..dfc9a74626562eac308d0f08159ffa2dba0088eb 100644 --- a/services/implementation/include/authentication/auth_message_processor.h +++ b/services/implementation/include/authentication/auth_message_processor.h @@ -77,6 +77,7 @@ constexpr const char* TAG_EDITION = "edition"; constexpr const char* TAG_BUNDLE_NAME = "bundleName"; constexpr const char* TAG_CRYPTIC_MSG = "encryptMsg"; constexpr const char* TAG_PEER_BUNDLE_NAME = "PEER_BUNDLE_NAME"; +constexpr const char* TAG_PROFILES_SIZE = "PROFILES_SIZE"; class DmAuthManager; struct DmAuthRequestContext; @@ -91,8 +92,10 @@ public: int32_t ParseMessage(const std::string &message); void SetRequestContext(std::shared_ptr authRequestContext); void SetResponseContext(std::shared_ptr authResponseContext); + void SetRequestProfiles(std::vector profiles); std::shared_ptr GetResponseContext(); std::shared_ptr GetRequestContext(); + std::vector GetRequestProfiles(); std::string CreateDeviceAuthMessage(int32_t msgType, const uint8_t *data, uint32_t dataLen); void CreateResponseAuthMessageExt(nlohmann::json &json); void ParseAuthResponseMessageExt(nlohmann::json &json); @@ -107,17 +110,27 @@ private: void CreateResponseAuthMessage(nlohmann::json &json); void ParseAuthResponseMessage(nlohmann::json &json); int32_t ParseAuthRequestMessage(nlohmann::json &json); + void SyncIdenticalAccountAcl(DistributedDeviceProfile::AccessControlProfile profile, + const nlohmann::json &json, bool &isSame, bool &isDelete, int32_t index); + void SyncPointToPointAcl(DistributedDeviceProfile::AccessControlProfile profile, + const nlohmann::json &json, bool &isSame, bool &isDelete, int32_t index); void ParseNegotiateMessage(const nlohmann::json &json); void ParseRespNegotiateMessage(const nlohmann::json &json); void CreateResponseFinishMessage(nlohmann::json &json); void ParseResponseFinishMessage(nlohmann::json &json); void GetAuthReqMessage(nlohmann::json &json); void ParsePkgNegotiateMessage(const nlohmann::json &json); + void ParseRemoteAcl(const nlohmann::json &json); void CreatePublicKeyMessageExt(nlohmann::json &json); void ParsePublicKeyMessageExt(nlohmann::json &json); void GetJsonObj(nlohmann::json &jsonObj); void CreateReqReCheckMessage(nlohmann::json &jsonObj); void ParseReqReCheckMessage(nlohmann::json &json); + void SyncAclByRemote(DistributedDeviceProfile::AccessControlProfile profile, + int32_t size, const nlohmann::json &json); + void CreateLocalAclParcel(nlohmann::json &json); + void ParseAclFromJson(const nlohmann::json &json, int32_t size, + DistributedDeviceProfile::AccessControlProfile profile, bool &isSame); private: std::weak_ptr authMgr_; @@ -128,6 +141,7 @@ private: std::mutex encryptFlagMutex_; bool encryptFlag_ = false; std::shared_ptr cryptoMgr_ = nullptr; + std::vector requestProfiles_; }; } // namespace DistributedHardware } // namespace OHOS diff --git a/services/implementation/src/authentication/auth_message_processor.cpp b/services/implementation/src/authentication/auth_message_processor.cpp index b67246a0b4afb00059c8509d13377ccd84db51e2..bca54b3e2e1ac3116591935f7b4fba81a5376ae3 100644 --- a/services/implementation/src/authentication/auth_message_processor.cpp +++ b/services/implementation/src/authentication/auth_message_processor.cpp @@ -219,6 +219,30 @@ void AuthMessageProcessor::CreateNegotiateMessage(nlohmann::json &json) json[TAG_EDITION] = authResponseContext_->edition; } +void AuthMessageProcessor::CreateLocalAclParcel(nlohmann::json &json) +{ + for (uint32_t item = 0; item < requestProfiles_.size(); item++) { + std::string accesserDeviceId = "accesserDeviceId" + std::to_string(item); + std::string accesserUserId = "accesserUserId" + std::to_string(item); + std::string accesserAccountId = "accesserAccountId" + std::to_string(item); + std::string accesserTokenId = "accesserTokenId" + std::to_string(item); + std::string accesseeDeviceId = "accesseeDeviceId" + std::to_string(item); + std::string accesseeUserId = "accesseeUserId" + std::to_string(item); + std::string accesseeAccountId = "accesseeAccountId" + std::to_string(item); + std::string accesseeTokenId = "accesseeTokenId" + std::to_string(item); + std::string bindType = "bindType" + std::to_string(item); + json[accesserDeviceId] = requestProfiles_.at(item).GetAccesser().GetAccesserDeviceId(); + json[accesserUserId] = requestProfiles_.at(item).GetAccesser().GetAccesserUserId(); + json[accesserAccountId] = requestProfiles_.at(item).GetAccesser().GetAccesserAccountId(); + json[accesserTokenId] = requestProfiles_.at(item).GetAccesser().GetAccesserTokenId(); + json[accesseeDeviceId] = requestProfiles_.at(item).GetAccessee().GetAccesseeDeviceId(); + json[accesseeUserId] = requestProfiles_.at(item).GetAccessee().GetAccesseeUserId(); + json[accesseeAccountId] = requestProfiles_.at(item).GetAccessee().GetAccesseeAccountId(); + json[accesseeTokenId] = requestProfiles_.at(item).GetAccessee().GetAccesseeTokenId(); + json[bindType] = requestProfiles_.at(item).GetBindType(); + } +} + void AuthMessageProcessor::CreateRespNegotiateMessage(nlohmann::json &json) { if (cryptoAdapter_ == nullptr) { @@ -602,6 +626,108 @@ void AuthMessageProcessor::ParseNegotiateMessage(const nlohmann::json &json) ParsePkgNegotiateMessage(json); } +void AuthMessageProcessor::ParseRemoteAcl(const nlohmann::json &json) +{ + int32_t profilesSize = 0; + if (IsInt32(json, TAG_PROFILES_SIZE)) { + profilesSize = json[TAG_PROFILES_SIZE].get(); + } + for (uint32_t reqItem = 0; reqItem < requestProfiles_.size(); reqItem++) { + LOGI("ParseRemoteAcl SyncAclByRemote Start."); + SyncAclByRemote(requestProfiles_.at(reqItem), profilesSize, json); + } +} + +void AuthMessageProcessor::ParseAclFromJson(const nlohmann::json &jsonObject, int32_t size, + DistributedDeviceProfile::AccessControlProfile profile, bool &isSame) +{ + for (int32_t item = 0; item < size; item++) { + bool isDelete = false; + std::string accesserDeviceId = "accesserDeviceId" + std::to_string(item); + std::string accesserUserId = "accesserUserId" + std::to_string(item); + std::string accesserAccountId = "accesserAccountId" + std::to_string(item); + std::string accesserTokenId = "accesserTokenId" + std::to_string(item); + std::string accesseeDeviceId = "accesseeDeviceId" + std::to_string(item); + std::string accesseeUserId = "accesseeUserId" + std::to_string(item); + std::string accesseeAccountId = "accesseeAccountId" + std::to_string(item); + std::string accesseeTokenId = "accesseeTokenId" + std::to_string(item); + std::string bindType = "bindType" + std::to_string(item); + if (!IsString(jsonObject, accesserDeviceId) || !IsInt32(jsonObject, accesserUserId) || + !IsString(jsonObject, accesserAccountId) || !IsInt32(jsonObject, accesserTokenId) || + !IsString(jsonObject, accesseeDeviceId) || !IsInt32(jsonObject, accesseeUserId) || + !IsString(jsonObject, accesseeAccountId) || !IsInt32(jsonObject, accesseeTokenId) || + !IsInt32(jsonObject, bindType)) { + LOGE("ParseAclFromJson format error."); + isSame = true; + return; + } + if (profile.GetBindType() == DM_IDENTICAL_ACCOUNT && + jsonObject[bindType].get() == DM_IDENTICAL_ACCOUNT) { + SyncIdenticalAccountAcl(profile, jsonObject, isSame, isDelete, item); + } else { + SyncPointToPointAcl(profile, jsonObject, isSame, isDelete, item); + } + if (!isDelete) { + isSame = true; + return; + } + } +} + +void AuthMessageProcessor::SyncIdenticalAccountAcl(DistributedDeviceProfile::AccessControlProfile profile, + const nlohmann::json &jsonObject, bool &isSame, bool &isDelete, int32_t index) +{ + std::string accesserDeviceId = "accesserDeviceId" + std::to_string(index); + std::string accesserAccountId = "accesserAccountId" + std::to_string(index); + std::string accesseeDeviceId = "accesseeDeviceId" + std::to_string(index); + std::string accesseeAccountId = "accesseeAccountId" + std::to_string(index); + if (profile.GetAccesser().GetAccesserDeviceId() != jsonObject[accesseeDeviceId].get() || + profile.GetAccessee().GetAccesseeDeviceId() != jsonObject[accesserDeviceId].get() || + profile.GetAccesser().GetAccesserAccountId() != jsonObject[accesseeAccountId].get() || + profile.GetAccessee().GetAccesseeAccountId() != jsonObject[accesserAccountId].get()) { + isDelete = true; + isSame = false; + } +} + +void AuthMessageProcessor::SyncPointToPointAcl(DistributedDeviceProfile::AccessControlProfile profile, + const nlohmann::json &jsonObject, bool &isSame, bool &isDelete, int32_t index) +{ + std::string accesserDeviceId = "accesserDeviceId" + std::to_string(index); + std::string accesserUserId = "accesserUserId" + std::to_string(index); + std::string accesserAccountId = "accesserAccountId" + std::to_string(index); + std::string accesserTokenId = "accesserTokenId" + std::to_string(index); + std::string accesseeDeviceId = "accesseeDeviceId" + std::to_string(index); + std::string accesseeUserId = "accesseeUserId" + std::to_string(index); + std::string accesseeAccountId = "accesseeAccountId" + std::to_string(index); + std::string accesseeTokenId = "accesseeTokenId" + std::to_string(index); + if (profile.GetAccesser().GetAccesserDeviceId() != jsonObject[accesserDeviceId].get() || + profile.GetAccesser().GetAccesserUserId() != jsonObject[accesserUserId].get() || + profile.GetAccesser().GetAccesserAccountId() != jsonObject[accesserAccountId].get() || + profile.GetAccesser().GetAccesserTokenId() != jsonObject[accesserTokenId].get() || + profile.GetAccessee().GetAccesseeDeviceId() != jsonObject[accesseeDeviceId].get() || + profile.GetAccessee().GetAccesseeUserId() != jsonObject[accesseeUserId].get() || + profile.GetAccessee().GetAccesseeAccountId() != jsonObject[accesseeAccountId].get() || + profile.GetAccessee().GetAccesseeTokenId() != jsonObject[accesseeTokenId].get()) { + isDelete = true; + isSame = false; + } +} + +void AuthMessageProcessor::SyncAclByRemote(DistributedDeviceProfile::AccessControlProfile profile, + int32_t size, const nlohmann::json &json) +{ + bool isSame = true; + if (size == 0) { + isSame = false; + } else { + ParseAclFromJson(json, size, profile, isSame); + } + if (!isSame) { + DeviceProfileConnector::GetInstance().DeleteAccessControlById(profile.GetAccessControlId()); + } +} + void AuthMessageProcessor::ParseRespNegotiateMessage(const nlohmann::json &json) { if (IsBool(json, TAG_IDENTICAL_ACCOUNT)) { @@ -644,6 +770,11 @@ void AuthMessageProcessor::SetResponseContext(std::shared_ptr profiles) +{ + requestProfiles_ = profiles; +} + std::shared_ptr AuthMessageProcessor::GetResponseContext() { return authResponseContext_; @@ -654,6 +785,11 @@ std::shared_ptr AuthMessageProcessor::GetRequestContext() return authRequestContext_; } +std::vector AuthMessageProcessor::GetRequestProfiles() +{ + return requestProfiles_; +} + std::string AuthMessageProcessor::CreateDeviceAuthMessage(int32_t msgType, const uint8_t *data, uint32_t dataLen) { LOGI("CreateDeviceAuthMessage start, msgType %{public}d.", msgType); @@ -675,6 +811,8 @@ void AuthMessageProcessor::CreateReqReCheckMessage(nlohmann::json &jsonObj) jsonTemp[TAG_TOKENID] = authResponseContext_->tokenId; jsonTemp[TAG_BUNDLE_NAME] = authResponseContext_->bundleName; jsonTemp[TAG_BIND_LEVEL] = authResponseContext_->bindLevel; + jsonTemp[TAG_PROFILES_SIZE] = requestProfiles_.size(); + CreateLocalAclParcel(jsonTemp); std::string strTemp = SafetyDump(jsonTemp); std::string encryptStr = ""; CHECK_NULL_VOID(cryptoMgr_); @@ -730,6 +868,7 @@ void AuthMessageProcessor::ParseReqReCheckMessage(nlohmann::json &json) if (IsInt32(jsonObject, TAG_BIND_LEVEL)) { authResponseContext_->localBindLevel = jsonObject[TAG_BIND_LEVEL].get(); } + ParseRemoteAcl(jsonObject); } int32_t AuthMessageProcessor::SaveSessionKey(const uint8_t *sessionKey, const uint32_t keyLen) diff --git a/services/implementation/src/authentication/dm_auth_manager.cpp b/services/implementation/src/authentication/dm_auth_manager.cpp index 1d284dab319c86f50b0c62a9c70aea1ca5dca597..cd47aa505affe838589672c3c38b5e5124bc72db 100644 --- a/services/implementation/src/authentication/dm_auth_manager.cpp +++ b/services/implementation/src/authentication/dm_auth_manager.cpp @@ -914,6 +914,15 @@ void DmAuthManager::RespNegotiate(const int32_t &sessionId) return; } LOGI("DmAuthManager::RespNegotiate sessionid %{public}d", sessionId); + std::vector profiles = + DeviceProfileConnector::GetInstance().GetAccessControlProfile(); + std::vector profilesFilter = {}; + for (auto &item : profiles) { + if (item.GetTrustDeviceId() == authResponseContext_->localDeviceId) { + profilesFilter.push_back(item); + } + } + authMessageProcessor_->SetRequestProfiles(profilesFilter); remoteDeviceId_ = authResponseContext_->localDeviceId; authResponseContext_->networkId = softbusConnector_->GetLocalDeviceNetworkId(); authResponseContext_->targetDeviceName = softbusConnector_->GetLocalDeviceName(); @@ -965,6 +974,15 @@ void DmAuthManager::SendAuthRequest(const int32_t &sessionId) return; } remoteDeviceId_ = authResponseContext_->localDeviceId; + std::vector profiles = + DeviceProfileConnector::GetInstance().GetAccessControlProfile(); + std::vector profilesFilter = {}; + for (auto &item : profiles) { + if (item.GetTrustDeviceId() == remoteDeviceId_) { + profilesFilter.push_back(item); + } + } + authMessageProcessor_->SetRequestProfiles(profilesFilter); remoteVersion_ = ConvertSinkVersion(authResponseContext_->dmVersion); if (timer_ != nullptr) { timer_->DeleteTimer(std::string(NEGOTIATE_TIMEOUT_TASK));