From df29b5f2175407a049166a3ad68496601aaeb439 Mon Sep 17 00:00:00 2001 From: BrainL Date: Tue, 25 Feb 2025 14:46:58 +0800 Subject: [PATCH 1/4] =?UTF-8?q?=E5=90=8C=E6=AD=A5=E8=80=81=E5=8C=96=20sync?= =?UTF-8?q?=20acl?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: BrainL --- .../include/deviceprofile_connector.h | 8 + .../src/deviceprofile_connector.cpp | 150 +++++++++++++++++- .../authentication/auth_message_processor.h | 5 + .../include/authentication/dm_auth_manager.h | 4 + .../authentication/auth_message_processor.cpp | 15 ++ .../src/authentication/dm_auth_manager.cpp | 6 + 6 files changed, 181 insertions(+), 7 deletions(-) diff --git a/commondependency/include/deviceprofile_connector.h b/commondependency/include/deviceprofile_connector.h index 664c0ecfe..ad391f8b1 100644 --- a/commondependency/include/deviceprofile_connector.h +++ b/commondependency/include/deviceprofile_connector.h @@ -24,6 +24,7 @@ #include "service_info_profile.h" #include "service_info_unique_key.h" #include "trusted_device_info.h" +#include "nlohmann/json.hpp" constexpr uint32_t ALLOW_AUTH_ONCE = 1; constexpr uint32_t ALLOW_AUTH_ALWAYS = 2; @@ -164,6 +165,8 @@ public: std::multimap GetDevIdAndUserIdByActHash(const std::string &localUdid, const std::string &peerUdid, int32_t peerUserId, const std::string &peerAccountHash); std::multimap GetDeviceIdAndUserId(const std::string &localUdid, int32_t localUserId); + void CreateLocalAclParcel(int32_t &size, std::string &localAcl, const std::string &remoteUdid); + void ParseRemoteAcl(int32_t &size, std::string &peerAcl, const std::string &remoteUdid); void HandleSyncBackgroundUserIdEvent(const std::vector &remoteUserIds, const std::string &remoteUdid, const std::vector &localUserIds, std::string &localUdid); void HandleDeviceUnBind(int32_t bindType, const std::string &peerUdid, @@ -191,6 +194,11 @@ private: void ProcessBindType(DistributedDeviceProfile::AccessControlProfile profiles, std::string localDeviceId, std::vector &sinkBindType, std::vector &bindTypeIndex, uint32_t index, std::string targetDeviceId); + void ParseAclFromJson(std::string &peerAcl, int32_t &size, DistributedDeviceProfile::AccessControlProfile profile, bool &isSame); + void SyncIdenticalAccountAcl(DistributedDeviceProfile::AccessControlProfile profile, + const nlohmann::json &jsonObject, bool &isSame, bool &isDelete, int32_t index); + void SyncPointToPointAcl(DistributedDeviceProfile::AccessControlProfile profile, + const nlohmann::json &jsonObject, bool &isSame, bool &isDelete, int32_t index); bool CheckAppLevelAccess(const DistributedDeviceProfile::AccessControlProfile &profile, const DmAccessCaller &caller, const DmAccessCallee &callee); int32_t GetAuthForm(DistributedDeviceProfile::AccessControlProfile profiles, const std::string &trustDev, diff --git a/commondependency/src/deviceprofile_connector.cpp b/commondependency/src/deviceprofile_connector.cpp index 9dfe1985a..310e0560f 100644 --- a/commondependency/src/deviceprofile_connector.cpp +++ b/commondependency/src/deviceprofile_connector.cpp @@ -399,18 +399,11 @@ std::vector DeviceProfileConnector::SyncAclByBindType(std::string pkgNa CompareBindType(profiles, pkgName, sinkBindType, localDeviceId, targetDeviceId); LOGI("SyncAclByBindType sinkBindType size is %{public}zu", sinkBindType.size()); for (uint32_t sinkIndex = 0; sinkIndex < sinkBindType.size(); sinkIndex++) { - bool deleteAclFlag = true; for (uint32_t srcIndex = 0; srcIndex < bindTypeVec.size(); srcIndex++) { if (sinkBindType[sinkIndex] == bindTypeVec[srcIndex]) { - deleteAclFlag = false; bindType.push_back(bindTypeVec[sinkIndex]); } } - if (deleteAclFlag) { - int32_t deleteIndex = profiles[bindTypeIndex[sinkIndex]].GetAccessControlId(); - DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(deleteIndex); - LOGI("SyncAclByBindType deleteAcl index is %{public}d", deleteIndex); - } } return bindType; } @@ -1462,6 +1455,149 @@ std::map DeviceProfileConnector::GetUserIdAndBindLevel(const s return userIdAndBindLevel; } +void DeviceProfileConnector::CreateLocalAclParcel(int32_t &size, std::string &localAcl, const std::string &remoteUdid) +{ + std::vector profiles = GetAccessControlProfile(); + std::vector profilesFilter = {}; + for (const auto &item : profiles) { + if (item.GetTrustDeviceId() == remoteUdid) { + profilesFilter.push_back(item); + } + } + size = static_cast(profilesFilter.size()); + nlohmann::json json; + for (uint32_t index = 0; index < profilesFilter.size(); index++) { + std::string accesserDeviceId = "accesserDeviceId" + std::to_string(index); + std::string accesserUserId = "accesserUserId" + std::to_string(index); + std::string accesserAccountId = "accesserAccountId" + std::to_string(index); + std::string accesserTokenId = "accesserTokenId" + std::to_string(index); + std::string accesseeDeviceId = "accesseeDeviceId" + std::to_string(index); + std::string accesseeUserId = "accesseeUserId" + std::to_string(index); + std::string accesseeAccountId = "accesseeAccountId" + std::to_string(index); + std::string accesseeTokenId = "accesseeTokenId" + std::to_string(index); + std::string bindType = "bindType" + std::to_string(index); + json[accesserDeviceId] = requestProfiles_.at(index).GetAccesser().GetAccesserDeviceId(); + json[accesserUserId] = requestProfiles_.at(index).GetAccesser().GetAccesserUserId(); + json[accesserAccountId] = requestProfiles_.at(index).GetAccesser().GetAccesserAccountId(); + json[accesserTokenId] = requestProfiles_.at(index).GetAccesser().GetAccesserTokenId(); + json[accesseeDeviceId] = requestProfiles_.at(index).GetAccessee().GetAccesseeDeviceId(); + json[accesseeUserId] = requestProfiles_.at(index).GetAccessee().GetAccesseeUserId(); + json[accesseeAccountId] = requestProfiles_.at(index).GetAccessee().GetAccesseeAccountId(); + json[accesseeTokenId] = requestProfiles_.at(index).GetAccessee().GetAccesseeTokenId(); + json[bindType] = requestProfiles_.at(index).GetBindType(); + } + localAcl = SafetyDump(json); +} + +void DeviceProfileConnector::ParseRemoteAcl(int32_t &size, std::string &peerAcl, const std::string &remoteUdid) +{ + if (size < 0) { + LOGI("ParseRemoteAcl peerAcl < 0, peer is old version."); + return; + } + std::vector profiles = GetAccessControlProfile(); + std::vector profilesFilter = {}; + for (const auto &item : profiles) { + if (item.GetTrustDeviceId() == remoteUdid) { + profilesFilter.push_back(item); + } + } + int32_t localAclSize = static_cast(profilesFilter.size()); + for (uint32_t item = 0; item < localAclSize; item++) { + LOGI("ParseRemoteAcl Start."); + bool isSame = true; + if (size == 0) { + isSame = false; + } else { + ParseAclFromJson(peerAcl, size, profilesFilter.at(item), isSame); + } + if (!isSame) { + DeviceProfileConnector::GetInstance().DeleteAccessControlById(profilesFilter.at(item).GetAccessControlId()); + } + } +} + +void DeviceProfileConnector::ParseAclFromJson(std::string &peerAcl, int32_t &size, + AccessControlProfile profile, bool &isSame) +{ + nlohmann::json jsonObject = nlohmann::json::parse(peerAcl, nullptr, false); + if (jsonObject.is_discarded()) { + LOGE("ParseAclFromJson DecodeRequestAuth jsonStr error"); + return; + } + for (int32_t index = 0; index < size; index++) { + bool isDelete = false; + std::string accesserDeviceId = "accesserDeviceId" + std::to_string(index); + std::string accesserUserId = "accesserUserId" + std::to_string(index); + std::string accesserAccountId = "accesserAccountId" + std::to_string(index); + std::string accesserTokenId = "accesserTokenId" + std::to_string(index); + std::string accesseeDeviceId = "accesseeDeviceId" + std::to_string(index); + std::string accesseeUserId = "accesseeUserId" + std::to_string(index); + std::string accesseeAccountId = "accesseeAccountId" + std::to_string(index); + std::string accesseeTokenId = "accesseeTokenId" + std::to_string(index); + std::string bindType = "bindType" + std::to_string(index); + if (!IsString(jsonObject, accesserDeviceId) || !IsInt32(jsonObject, accesserUserId) || + !IsString(jsonObject, accesserAccountId) || !IsInt32(jsonObject, accesserTokenId) || + !IsString(jsonObject, accesseeDeviceId) || !IsInt32(jsonObject, accesseeUserId) || + !IsString(jsonObject, accesseeAccountId) || !IsInt32(jsonObject, accesseeTokenId) || + !IsInt32(jsonObject, bindType)) { + LOGE("ParseAclFromJson format error."); + isSame = true; + return; + } + if (profile.GetBindType() == DM_IDENTICAL_ACCOUNT && + jsonObject[bindType].get() == DM_IDENTICAL_ACCOUNT) { + SyncIdenticalAccountAcl(profile, jsonObject, isSame, isDelete, index); + } else { + SyncPointToPointAcl(profile, jsonObject, isSame, isDelete, index); + } + if (!isDelete) { + isSame = true; + return; + } + } +} + +void DeviceProfileConnector::SyncIdenticalAccountAcl(DistributedDeviceProfile::AccessControlProfile profile, + const nlohmann::json &jsonObject, bool &isSame, bool &isDelete, int32_t index) +{ + std::string accesserDeviceId = "accesserDeviceId" + std::to_string(index); + std::string accesserAccountId = "accesserAccountId" + std::to_string(index); + std::string accesseeDeviceId = "accesseeDeviceId" + std::to_string(index); + std::string accesseeAccountId = "accesseeAccountId" + std::to_string(index); + if (profile.GetAccesser().GetAccesserDeviceId() != jsonObject[accesseeDeviceId].get() || + profile.GetAccessee().GetAccesseeDeviceId() != jsonObject[accesserDeviceId].get() || + profile.GetAccesser().GetAccesserAccountId() != jsonObject[accesseeAccountId].get() || + profile.GetAccessee().GetAccesseeAccountId() != jsonObject[accesserAccountId].get()) { + isDelete = true; + isSame = false; + } +} + +void DeviceProfileConnector::SyncPointToPointAcl(DistributedDeviceProfile::AccessControlProfile profile, + const nlohmann::json &jsonObject, bool &isSame, bool &isDelete, int32_t index) +{ + std::string accesserDeviceId = "accesserDeviceId" + std::to_string(index); + std::string accesserUserId = "accesserUserId" + std::to_string(index); + std::string accesserAccountId = "accesserAccountId" + std::to_string(index); + std::string accesserTokenId = "accesserTokenId" + std::to_string(index); + std::string accesseeDeviceId = "accesseeDeviceId" + std::to_string(index); + std::string accesseeUserId = "accesseeUserId" + std::to_string(index); + std::string accesseeAccountId = "accesseeAccountId" + std::to_string(index); + std::string accesseeTokenId = "accesseeTokenId" + std::to_string(index); + if (profile.GetAccesser().GetAccesserDeviceId() != jsonObject[accesserDeviceId].get() || + profile.GetAccesser().GetAccesserUserId() != jsonObject[accesserUserId].get() || + profile.GetAccesser().GetAccesserAccountId() != jsonObject[accesserAccountId].get() || + profile.GetAccesser().GetAccesserTokenId() != jsonObject[accesserTokenId].get() || + profile.GetAccessee().GetAccesseeDeviceId() != jsonObject[accesseeDeviceId].get() || + profile.GetAccessee().GetAccesseeUserId() != jsonObject[accesseeUserId].get() || + profile.GetAccessee().GetAccesseeAccountId() != jsonObject[accesseeAccountId].get() || + profile.GetAccessee().GetAccesseeTokenId() != jsonObject[accesseeTokenId].get()) { + isDelete = true; + isSame = false; + } +} + void DeviceProfileConnector::UpdateACL(std::string &localUdid, const std::vector &localUserIds, const std::string &remoteUdid, const std::vector &remoteFrontUserIds, const std::vector &remoteBackUserIds) diff --git a/services/implementation/include/authentication/auth_message_processor.h b/services/implementation/include/authentication/auth_message_processor.h index c388e8ab2..c6982184c 100644 --- a/services/implementation/include/authentication/auth_message_processor.h +++ b/services/implementation/include/authentication/auth_message_processor.h @@ -60,6 +60,10 @@ constexpr const char* TAG_HAVE_CREDENTIAL = "haveCredential"; constexpr const char* TAG_PUBLICKEY = "publicKey"; constexpr const char* TAG_SESSIONKEY = "sessionKey"; constexpr const char* TAG_BIND_LEVEL = "bindLevel"; +constexpr const char* TAG_LOCAL_ACL_SIZE = "localAclSize"; +constexpr const char* TAG_LOCAL_ALL_ACL = "localAllAcl"; +constexpr const char* TAG_PEER_ACL_SIZE = "peerAclSize"; +constexpr const char* TAG_PEER_ALL_ACL = "peerAllAcl"; constexpr const char* TAG_LOCAL_USERID = "localUserId"; constexpr const char* TAG_BIND_TYPE_SIZE = "bindTypeSize"; constexpr const char* TAG_ISONLINE = "isOnline"; @@ -115,6 +119,7 @@ private: void CreateResponseFinishMessage(nlohmann::json &json); void ParseResponseFinishMessage(nlohmann::json &json); void GetAuthReqMessage(nlohmann::json &json); + void ParseRemoteAcl(nlohmann::json &jsonObject); void ParsePkgNegotiateMessage(const nlohmann::json &json); void CreatePublicKeyMessageExt(nlohmann::json &json); void ParsePublicKeyMessageExt(nlohmann::json &json); diff --git a/services/implementation/include/authentication/dm_auth_manager.h b/services/implementation/include/authentication/dm_auth_manager.h index 3aa067a63..02d4b9716 100644 --- a/services/implementation/include/authentication/dm_auth_manager.h +++ b/services/implementation/include/authentication/dm_auth_manager.h @@ -200,6 +200,10 @@ typedef struct DmAuthResponseContext { bool isSrcPincodeImported = false; int32_t localSessionKeyId = 0; int32_t remoteSessionKeyId = 0; + int32_t localAclSize; + std::string localAllAcl; + int32_t peerAclSize = -1; + std::string peerAllAcl = ""; } DmAuthResponseContext; class AuthMessageProcessor; diff --git a/services/implementation/src/authentication/auth_message_processor.cpp b/services/implementation/src/authentication/auth_message_processor.cpp index 4c37a6187..c6c8840f1 100644 --- a/services/implementation/src/authentication/auth_message_processor.cpp +++ b/services/implementation/src/authentication/auth_message_processor.cpp @@ -705,6 +705,9 @@ void AuthMessageProcessor::CreateReqReCheckMessage(nlohmann::json &jsonObj) jsonTemp[TAG_TOKENID] = authResponseContext_->tokenId; jsonTemp[TAG_BUNDLE_NAME] = authResponseContext_->bundleName; jsonTemp[TAG_BIND_LEVEL] = authResponseContext_->bindLevel; + jsonTemp[TAG_LOCAL_ACL_SIZE] = authResponseContext_->localAclSize; + LOGI("CreateReqReCheckMessage localAclSize = %{public}d", authResponseContext_->localAclSize); + jsonTemp[TAG_LOCAL_ALL_ACL] = authResponseContext_->localAllAcl; std::string strTemp = SafetyDump(jsonTemp); std::string encryptStr = ""; CHECK_NULL_VOID(cryptoMgr_); @@ -760,6 +763,18 @@ void AuthMessageProcessor::ParseReqReCheckMessage(nlohmann::json &json) if (IsInt32(jsonObject, TAG_BIND_LEVEL)) { authResponseContext_->localBindLevel = jsonObject[TAG_BIND_LEVEL].get(); } + ParseRemoteAcl(jsonObject); +} + +void AuthMessageProcessor::ParseRemoteAcl(nlohmann::json &jsonObject) +{ + if (IsInt32(jsonObject, TAG_PEER_ACL_SIZE)) { + authResponseContext_->peerAclSize = jsonObject[TAG_PEER_ACL_SIZE].get(); + LOGI("ParseRemoteAcl peerAclSize = %{public}d", authResponseContext_->peerAclSize); + } + if (IsString(jsonObject, TAG_PEER_ALL_ACL)) { + authResponseContext_->peerAllAcl = jsonObject[TAG_PEER_ALL_ACL].get(); + } } int32_t AuthMessageProcessor::SaveSessionKey(const uint8_t *sessionKey, const uint32_t keyLen) diff --git a/services/implementation/src/authentication/dm_auth_manager.cpp b/services/implementation/src/authentication/dm_auth_manager.cpp index 6bae0a4a8..40fdda6b2 100644 --- a/services/implementation/src/authentication/dm_auth_manager.cpp +++ b/services/implementation/src/authentication/dm_auth_manager.cpp @@ -3049,9 +3049,12 @@ void DmAuthManager::RequestReCheckMsg() authResponseContext_->tokenId = authRequestContext_->tokenId; authResponseContext_->bundleName = authRequestContext_->hostPkgName; authResponseContext_->bindLevel = authRequestContext_->bindLevel; + DeviceProfileConnector::GetInstance().CreateLocalAclParcel(authResponseContext_->localAclSize, + authResponseContext_->localAllAcl, remoteDeviceId_); authMessageProcessor_->SetResponseContext(authResponseContext_); std::string message = authMessageProcessor_->CreateSimpleMessage(MSG_TYPE_REQ_RECHECK_MSG); softbusConnector_->GetSoftbusSession()->SendData(authResponseContext_->sessionId, message); + authResponseContext_->localAllAcl = ""; } void DmAuthManager::ResponseReCheckMsg() @@ -3067,6 +3070,9 @@ void DmAuthManager::ResponseReCheckMsg() authResponseState_->TransitionTo(std::make_shared()); return; } + DeviceProfileConnector::GetInstance().ParseRemoteAcl(authResponseContext_->peerAclSize, + authResponseContext_->peerAllAcl, remoteDeviceId_); + authResponseContext_->peerAllAcl = ""; char localDeviceId[DEVICE_UUID_LENGTH] = {0}; GetDevUdid(localDeviceId, DEVICE_UUID_LENGTH); authResponseContext_->edition = DM_VERSION_5_0_4; -- Gitee From 58c05310f149c312f47d2c612e98f5ec9ce339ec Mon Sep 17 00:00:00 2001 From: BrainL Date: Tue, 25 Feb 2025 16:38:31 +0800 Subject: [PATCH 2/4] connector update. Signed-off-by: BrainL --- .../include/deviceprofile_connector.h | 3 ++- .../src/deviceprofile_connector.cpp | 20 +++++++++---------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/commondependency/include/deviceprofile_connector.h b/commondependency/include/deviceprofile_connector.h index ad391f8b1..fc2cc8bd0 100644 --- a/commondependency/include/deviceprofile_connector.h +++ b/commondependency/include/deviceprofile_connector.h @@ -194,7 +194,8 @@ private: void ProcessBindType(DistributedDeviceProfile::AccessControlProfile profiles, std::string localDeviceId, std::vector &sinkBindType, std::vector &bindTypeIndex, uint32_t index, std::string targetDeviceId); - void ParseAclFromJson(std::string &peerAcl, int32_t &size, DistributedDeviceProfile::AccessControlProfile profile, bool &isSame); + void ParseAclFromJson(std::string &peerAcl, int32_t &size, + DistributedDeviceProfile::AccessControlProfile profile, bool &isSame); void SyncIdenticalAccountAcl(DistributedDeviceProfile::AccessControlProfile profile, const nlohmann::json &jsonObject, bool &isSame, bool &isDelete, int32_t index); void SyncPointToPointAcl(DistributedDeviceProfile::AccessControlProfile profile, diff --git a/commondependency/src/deviceprofile_connector.cpp b/commondependency/src/deviceprofile_connector.cpp index 310e0560f..f29a360cc 100644 --- a/commondependency/src/deviceprofile_connector.cpp +++ b/commondependency/src/deviceprofile_connector.cpp @@ -1476,15 +1476,15 @@ void DeviceProfileConnector::CreateLocalAclParcel(int32_t &size, std::string &lo std::string accesseeAccountId = "accesseeAccountId" + std::to_string(index); std::string accesseeTokenId = "accesseeTokenId" + std::to_string(index); std::string bindType = "bindType" + std::to_string(index); - json[accesserDeviceId] = requestProfiles_.at(index).GetAccesser().GetAccesserDeviceId(); - json[accesserUserId] = requestProfiles_.at(index).GetAccesser().GetAccesserUserId(); - json[accesserAccountId] = requestProfiles_.at(index).GetAccesser().GetAccesserAccountId(); - json[accesserTokenId] = requestProfiles_.at(index).GetAccesser().GetAccesserTokenId(); - json[accesseeDeviceId] = requestProfiles_.at(index).GetAccessee().GetAccesseeDeviceId(); - json[accesseeUserId] = requestProfiles_.at(index).GetAccessee().GetAccesseeUserId(); - json[accesseeAccountId] = requestProfiles_.at(index).GetAccessee().GetAccesseeAccountId(); - json[accesseeTokenId] = requestProfiles_.at(index).GetAccessee().GetAccesseeTokenId(); - json[bindType] = requestProfiles_.at(index).GetBindType(); + json[accesserDeviceId] = profilesFilter.at(index).GetAccesser().GetAccesserDeviceId(); + json[accesserUserId] = profilesFilter.at(index).GetAccesser().GetAccesserUserId(); + json[accesserAccountId] = profilesFilter.at(index).GetAccesser().GetAccesserAccountId(); + json[accesserTokenId] = profilesFilter.at(index).GetAccesser().GetAccesserTokenId(); + json[accesseeDeviceId] = profilesFilter.at(index).GetAccessee().GetAccesseeDeviceId(); + json[accesseeUserId] = profilesFilter.at(index).GetAccessee().GetAccesseeUserId(); + json[accesseeAccountId] = profilesFilter.at(index).GetAccessee().GetAccesseeAccountId(); + json[accesseeTokenId] = profilesFilter.at(index).GetAccessee().GetAccesseeTokenId(); + json[bindType] = profilesFilter.at(index).GetBindType(); } localAcl = SafetyDump(json); } @@ -1502,7 +1502,7 @@ void DeviceProfileConnector::ParseRemoteAcl(int32_t &size, std::string &peerAcl, profilesFilter.push_back(item); } } - int32_t localAclSize = static_cast(profilesFilter.size()); + uint32_t localAclSize = static_cast(profilesFilter.size()); for (uint32_t item = 0; item < localAclSize; item++) { LOGI("ParseRemoteAcl Start."); bool isSame = true; -- Gitee From 330741fe5bd3338e1dadfa7a4f39585e1c73268f Mon Sep 17 00:00:00 2001 From: BrainL Date: Mon, 3 Mar 2025 11:44:13 +0800 Subject: [PATCH 3/4] modify sync ACL Signed-off-by: BrainL --- .../authentication/auth_message_processor.h | 2 ++ .../src/authentication/auth_message_processor.cpp | 14 ++++++++------ .../src/authentication/dm_auth_manager.cpp | 6 ++++++ 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/services/implementation/include/authentication/auth_message_processor.h b/services/implementation/include/authentication/auth_message_processor.h index 4d88a99fa..17ffb674d 100644 --- a/services/implementation/include/authentication/auth_message_processor.h +++ b/services/implementation/include/authentication/auth_message_processor.h @@ -60,6 +60,8 @@ extern const char* TAG_HAVE_CREDENTIAL; extern const char* TAG_PUBLICKEY; extern const char* TAG_SESSIONKEY; extern const char* TAG_BIND_LEVEL; +extern const char* TAG_ACL_SIZE; +extern const char* TAG_ALL_ACL; extern const char* TAG_LOCAL_USERID; extern const char* TAG_BIND_TYPE_SIZE; extern const char* TAG_ISONLINE; diff --git a/services/implementation/src/authentication/auth_message_processor.cpp b/services/implementation/src/authentication/auth_message_processor.cpp index 822c7f478..6cc473fa7 100644 --- a/services/implementation/src/authentication/auth_message_processor.cpp +++ b/services/implementation/src/authentication/auth_message_processor.cpp @@ -55,6 +55,8 @@ const char* TAG_HAVE_CREDENTIAL = "haveCredential"; const char* TAG_PUBLICKEY = "publicKey"; const char* TAG_SESSIONKEY = "sessionKey"; const char* TAG_BIND_LEVEL = "bindLevel"; +const char* TAG_ACL_SIZE = "aclSize"; +const char* TAG_ALL_ACL = "allAcl"; const char* TAG_LOCAL_USERID = "localUserId"; const char* TAG_BIND_TYPE_SIZE = "bindTypeSize"; const char* TAG_ISONLINE = "isOnline"; @@ -759,9 +761,9 @@ void AuthMessageProcessor::CreateReqReCheckMessage(nlohmann::json &jsonObj) jsonTemp[TAG_TOKENID] = authResponseContext_->tokenId; jsonTemp[TAG_BUNDLE_NAME] = authResponseContext_->bundleName; jsonTemp[TAG_BIND_LEVEL] = authResponseContext_->bindLevel; - jsonTemp[TAG_LOCAL_ACL_SIZE] = authResponseContext_->localAclSize; + jsonTemp[TAG_ACL_SIZE] = authResponseContext_->localAclSize; LOGI("CreateReqReCheckMessage localAclSize = %{public}d", authResponseContext_->localAclSize); - jsonTemp[TAG_LOCAL_ALL_ACL] = authResponseContext_->localAllAcl; + jsonTemp[TAG_ALL_ACL] = authResponseContext_->localAllAcl; std::string strTemp = SafetyDump(jsonTemp); std::string encryptStr = ""; CHECK_NULL_VOID(cryptoMgr_); @@ -822,12 +824,12 @@ void AuthMessageProcessor::ParseReqReCheckMessage(nlohmann::json &json) void AuthMessageProcessor::ParseRemoteAcl(nlohmann::json &jsonObject) { - if (IsInt32(jsonObject, TAG_PEER_ACL_SIZE)) { - authResponseContext_->peerAclSize = jsonObject[TAG_PEER_ACL_SIZE].get(); + if (IsInt32(jsonObject, TAG_ACL_SIZE)) { + authResponseContext_->peerAclSize = jsonObject[TAG_ACL_SIZE].get(); LOGI("ParseRemoteAcl peerAclSize = %{public}d", authResponseContext_->peerAclSize); } - if (IsString(jsonObject, TAG_PEER_ALL_ACL)) { - authResponseContext_->peerAllAcl = jsonObject[TAG_PEER_ALL_ACL].get(); + if (IsString(jsonObject, TAG_ALL_ACL)) { + authResponseContext_->peerAllAcl = jsonObject[TAG_ALL_ACL].get(); } } diff --git a/services/implementation/src/authentication/dm_auth_manager.cpp b/services/implementation/src/authentication/dm_auth_manager.cpp index 8f62fdc91..ad64cb663 100644 --- a/services/implementation/src/authentication/dm_auth_manager.cpp +++ b/services/implementation/src/authentication/dm_auth_manager.cpp @@ -3106,10 +3106,13 @@ void DmAuthManager::ResponseReCheckMsg() authResponseContext_->peerBundleName, 0, authResponseContext_->tokenId) != DM_OK) { LOGE("get tokenId by bundleName failed %{public}s", GetAnonyString(authResponseContext_->bundleName).c_str()); } + DeviceProfileConnector::GetInstance().CreateLocalAclParcel(authResponseContext_->localAclSize, + authResponseContext_->localAllAcl, remoteDeviceId_); authResponseContext_->bundleName = authResponseContext_->peerBundleName; authMessageProcessor_->SetEncryptFlag(true); std::string message = authMessageProcessor_->CreateSimpleMessage(MSG_TYPE_RESP_RECHECK_MSG); softbusConnector_->GetSoftbusSession()->SendData(authResponseContext_->sessionId, message); + authResponseContext_->localAllAcl = ""; PutAccessControlList(); } @@ -3125,6 +3128,9 @@ void DmAuthManager::RequestReCheckMsgDone() authRequestState_->TransitionTo(std::make_shared()); return; } + DeviceProfileConnector::GetInstance().ParseRemoteAcl(authResponseContext_->peerAclSize, + authResponseContext_->peerAllAcl, remoteDeviceId_); + authResponseContext_->peerAllAcl = ""; authRequestState_->TransitionTo(std::make_shared()); PutAccessControlList(); } -- Gitee From 2359c30d76b031bd76fb38e6d506601549f40159 Mon Sep 17 00:00:00 2001 From: BrainL Date: Wed, 5 Mar 2025 09:42:22 +0800 Subject: [PATCH 4/4] fix code review Signed-off-by: BrainL --- commondependency/src/deviceprofile_connector.cpp | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/commondependency/src/deviceprofile_connector.cpp b/commondependency/src/deviceprofile_connector.cpp index 472d78504..5c244bc20 100644 --- a/commondependency/src/deviceprofile_connector.cpp +++ b/commondependency/src/deviceprofile_connector.cpp @@ -40,6 +40,7 @@ const uint32_t DEVICE = 1; const uint32_t SERVICE = 2; const uint32_t APP = 3; constexpr uint32_t MAX_SESSION_KEY_LENGTH = 512; +constexpr uint32_t MAX_ACL_LENGTH = 1024; namespace OHOS { namespace DistributedHardware { @@ -415,11 +416,18 @@ std::vector DeviceProfileConnector::SyncAclByBindType(std::string pkgNa CompareBindType(profiles, pkgName, sinkBindType, localDeviceId, targetDeviceId); LOGI("SyncAclByBindType sinkBindType size is %{public}zu", sinkBindType.size()); for (uint32_t sinkIndex = 0; sinkIndex < sinkBindType.size(); sinkIndex++) { + bool deleteAclFlag = true; for (uint32_t srcIndex = 0; srcIndex < bindTypeVec.size(); srcIndex++) { if (sinkBindType[sinkIndex] == bindTypeVec[srcIndex]) { + deleteAclFlag = false; bindType.push_back(bindTypeVec[sinkIndex]); } } + if (deleteAclFlag) { + int32_t deleteIndex = profiles[bindTypeIndex[sinkIndex]].GetAccessControlId(); + DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(deleteIndex); + LOGI("SyncAclByBindType deleteAcl index is %{public}d", deleteIndex); + } } return bindType; } @@ -1499,8 +1507,8 @@ void DeviceProfileConnector::CreateLocalAclParcel(int32_t &size, std::string &lo void DeviceProfileConnector::ParseRemoteAcl(int32_t &size, std::string &peerAcl, const std::string &remoteUdid) { - if (size < 0) { - LOGI("ParseRemoteAcl peerAcl < 0, peer is old version."); + if (size < 0 || size > MAX_ACL_LENGTH) { + LOGI("ParseRemoteAcl peerAcl size error."); return; } std::vector profiles = GetAccessControlProfile(); -- Gitee