From 7472f234e14e21853aab13b91b893e9d58585cf1 Mon Sep 17 00:00:00 2001
From: libo429 <libo429@huawei.com>
Date: Thu, 15 May 2025 17:31:42 +0800
Subject: [PATCH] =?UTF-8?q?acl=E8=A2=AB=E8=AF=AF=E5=88=A0=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: libo429 <libo429@huawei.com>
---
 .../include/authentication_v2/dm_auth_state.h |  2 ++
 .../auth_stages/auth_negotiate.cpp            | 24 +++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/services/implementation/include/authentication_v2/dm_auth_state.h b/services/implementation/include/authentication_v2/dm_auth_state.h
index be7f0e228..9a9081667 100644
--- a/services/implementation/include/authentication_v2/dm_auth_state.h
+++ b/services/implementation/include/authentication_v2/dm_auth_state.h
@@ -475,6 +475,8 @@ private:
         JsonObject &credTypeJson);
     void GetSinkCredTypeForP2P(std::shared_ptr<DmAuthContext> context, const JsonItemObject &credObj,
         JsonObject &aclInfo, JsonObject &credTypeJson, int32_t credType, std::vector<std::string> &deleteCredInfo);
+    void FilterProfilesByContext(std::vector<DistributedDeviceProfile::AccessControlProfile> &profiles,
+        std::shared_ptr<DmAuthContext> context);
 };
 
 class AuthSinkDataSyncState : public DmAuthState {
diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp
index 0cc567754..3da6b139d 100644
--- a/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp
+++ b/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp
@@ -281,12 +281,36 @@ void AuthSinkNegotiateStateMachine::GetSinkCredTypeForP2P(std::shared_ptr<DmAuth
     }
 }
 
+void AuthSinkNegotiateStateMachine::FilterProfilesByContext(
+    std::vector<DistributedDeviceProfile::AccessControlProfile> &profiles, std::shared_ptr<DmAuthContext> context)
+{
+    CHECK_NULL_VOID(context);
+    std::vector<DistributedDeviceProfile::AccessControlProfile> aclProfilesVec;
+    for (const auto &item : profiles) {
+        std::string accesserDeviceIdHash = Crypto::GetUdidHash(item.GetAccesser().GetAccesserDeviceId());
+        std::string accesseeDeviceIdHash = Crypto::GetUdidHash(item.GetAccessee().GetAccesseeDeviceId());
+        if ((context->accesser.deviceIdHash == accesserDeviceIdHash &&
+            context->accessee.deviceIdHash == accesseeDeviceIdHash &&
+            context->accesser.userId == item.GetAccesser().GetAccesserUserId() &&
+            context->accessee.userId == item.GetAccessee().GetAccesseeUserId()) ||
+            (context->accessee.deviceIdHash == accesserDeviceIdHash &&
+            context->accesser.deviceIdHash == accesseeDeviceIdHash &&
+            context->accessee.userId == item.GetAccesser().GetAccesserUserId() &&
+            context->accesser.userId == item.GetAccessee().GetAccesseeUserId())) {
+            aclProfilesVec.push_back(item);
+        }
+    }
+    profiles.clear();
+    profiles.assign(aclProfilesVec.begin(), aclProfilesVec.end());
+}
+
 void AuthSinkNegotiateStateMachine::GetSinkAclInfo(std::shared_ptr<DmAuthContext> context,
     JsonObject &credInfo, JsonObject &aclInfo)
 {
     CHECK_NULL_VOID(context);
     std::vector<DistributedDeviceProfile::AccessControlProfile> profiles =
         DeviceProfileConnector::GetInstance().GetAllAclIncludeLnnAcl();
+    FilterProfilesByContext(profiles, context);
     uint32_t bindLevel = DM_INVALIED_TYPE;
     for (const auto &item : profiles) {
         std::string trustDeviceId = item.GetTrustDeviceId();
-- 
Gitee