diff --git a/common/include/device_manager_ipc_interface_code.h b/common/include/device_manager_ipc_interface_code.h index 40d4cfdd74c00e3beb6715e329379f9aa279cde5..90791f2e0895802f0de0d784fa5d9140c4c68f35 100644 --- a/common/include/device_manager_ipc_interface_code.h +++ b/common/include/device_manager_ipc_interface_code.h @@ -116,6 +116,10 @@ enum DMIpcCmdInterfaceCode { RESTORE_LOCAL_DEVICE_NAME, GET_DEVICE_NETWORK_ID_LIST, UNREGISTER_PIN_HOLDER_CALLBACK, + CHECK_SRC_ACCESS_CONTROL, + CHECK_SINK_ACCESS_CONTROL, + CHECK_SRC_SAME_ACCOUNT, + CHECK_SINK_SAME_ACCOUNT, // Add ipc msg here IPC_MSG_BUTT }; diff --git a/commondependency/include/deviceprofile_connector.h b/commondependency/include/deviceprofile_connector.h index f647d7490c3292a7e4e5f76070092d32a8496096..8a7d7e3487b77374332872fb46e0b26b1c4b0a1e 100644 --- a/commondependency/include/deviceprofile_connector.h +++ b/commondependency/include/deviceprofile_connector.h @@ -187,7 +187,6 @@ public: DM_EXPORT std::vector GetProcessInfoFromAclByUserId(const std::string &localDeviceId, const std::string &targetDeviceId, int32_t userId); - bool CheckIdenticalAccount(int32_t userId, const std::string &accountId); DM_EXPORT bool CheckSrcDevIdInAclForDevBind(const std::string &pkgName, const std::string &deviceId); DM_EXPORT bool CheckSinkDevIdInAclForDevBind(const std::string &pkgName, @@ -199,9 +198,9 @@ public: std::vector CompareBindType(std::vector profiles, std::string pkgName, std::vector &sinkBindType, std::string localDeviceId, std::string targetDeviceId); DM_EXPORT int32_t IsSameAccount(const std::string &udid); - DM_EXPORT int32_t CheckAccessControl(const DmAccessCaller &caller, + DM_EXPORT bool CheckAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid); - DM_EXPORT int32_t CheckIsSameAccount(const DmAccessCaller &caller, + DM_EXPORT bool CheckIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid); DM_EXPORT void DeleteAccessControlList(const std::string &udid); DM_EXPORT int32_t GetBindLevel(const std::string &pkgName, @@ -291,15 +290,6 @@ public: std::map> &aclMap, std::string dmVersion = ""); void GenerateAclHash(DistributedDeviceProfile::AccessControlProfile &acl, std::map> &aclMap, const std::string &dmVersion); - /** - * @brief Get the Acl List Hash for this dmVersion - * - * @param localDevUserInfo local device user info - * @param remoteDevUserInfo remote device user info - * @param aclList output save the acl hash - * @param dmVersion target dm version - * @return EXPORT 0 for success - */ DM_EXPORT int32_t GetAclListHashStr(const DevUserInfo &localDevUserInfo, const DevUserInfo &remoteDevUserInfo, std::string &aclListHash, std::string dmVersion = ""); DM_EXPORT bool IsLnnAcl(const DistributedDeviceProfile::AccessControlProfile &profile); @@ -315,6 +305,14 @@ public: std::vector &profiles); DM_EXPORT int32_t HandleAccountCommonEvent(const std::string &localUdid, const std::vector &deviceVec, const std::vector &foregroundUserIds, const std::vector &backgroundUserIds); + DM_EXPORT bool CheckSrcAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid); + DM_EXPORT bool CheckSinkAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid); + DM_EXPORT bool CheckSrcIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid); + DM_EXPORT bool CheckSinkIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid); private: int32_t HandleDmAuthForm(DistributedDeviceProfile::AccessControlProfile profiles, DmDiscoveryInfo discoveryInfo); void GetParamBindTypeVec(DistributedDeviceProfile::AccessControlProfile profiles, std::string requestDeviceId, @@ -383,6 +381,24 @@ private: DmAclIdParam &dmAclIdParam); void CheckLastLnnAcl(const std::string &localDeviceId, int32_t userId, const std::string &remoteDeviceId, DmOfflineParam &offlineParam, std::vector &profiles); + bool CheckSrcAcuntAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, + const std::string &sinkUdid); + bool CheckSrcShareAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, + const std::string &sinkUdid); + bool CheckSinkShareAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, + const std::string &sinkUdid); + bool CheckSrcP2PAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, + const std::string &sinkUdid); + bool CheckSinkAcuntAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, + const std::string &sinkUdid); + bool CheckSinkP2PAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, + const std::string &sinkUdid); }; extern "C" IDeviceProfileConnector *CreateDpConnectorInstance(); diff --git a/commondependency/src/deviceprofile_connector.cpp b/commondependency/src/deviceprofile_connector.cpp index 111b38c1243c23de640e54327a3d9d196eb7b2bd..beff77283a78de2ab65858a7df6bda76fca9ce0c 100644 --- a/commondependency/src/deviceprofile_connector.cpp +++ b/commondependency/src/deviceprofile_connector.cpp @@ -58,6 +58,37 @@ const std::string DM_VERSION_STR_5_1_0 = DM_VERSION_5_1_0; const std::vector DM_SUPPORT_ACL_AGING_VERSIONS = {DM_VERSION_STR_5_1_0}; } DM_IMPLEMENT_SINGLE_INSTANCE(DeviceProfileConnector); +void PrintProfile(const AccessControlProfile &profile) +{ + uint32_t bindType = profile.GetBindType(); + uint32_t bindLevel = profile.GetBindLevel(); + + std::string acerDeviceId = profile.GetAccesser().GetAccesserDeviceId(); + int32_t acerUserId = profile.GetAccesser().GetAccesserUserId(); + std::string acerAccountId = profile.GetAccesser().GetAccesserAccountId(); + int32_t acerTokenId = static_cast(profile.GetAccesser().GetAccesserTokenId()); + std::string acerPkgName = profile.GetAccesser().GetAccesserBundleName(); + std::string acerCredId = profile.GetAccesser().GetAccesserCredentialIdStr(); + int32_t acerSkId = profile.GetAccesser().GetAccesserSessionKeyId(); + + std::string aceeDeviceId = profile.GetAccessee().GetAccesseeDeviceId(); + int32_t aceeUserId = profile.GetAccessee().GetAccesseeUserId(); + std::string aceeAccountId = profile.GetAccessee().GetAccesseeAccountId(); + int32_t aceeTokenId = static_cast(profile.GetAccessee().GetAccesseeTokenId()); + std::string aceePkgName = profile.GetAccessee().GetAccesseeBundleName(); + std::string aceeCredId = profile.GetAccessee().GetAccesseeCredentialIdStr(); + int32_t aceeSkId = profile.GetAccessee().GetAccesseeSessionKeyId(); + + LOGI("bindType %{public}d, bindLevel %{public}d, acerDeviceId %{public}s, acerUserId %{public}d," + "acerAccountId %{public}s, acerTokenId %{public}d, acerPkgName %{public}s, acerCredId %{public}s," + "acerSkId %{public}d, aceeDeviceId %{public}s, aceeUserId %{public}d, aceeAccountId %{public}s," + "aceeTokenId %{public}d, aceePkgName %{public}s, aceeCredId %{public}s, aceeSkId %{public}d.", + bindType, bindLevel, GetAnonyString(acerDeviceId).c_str(), acerUserId, GetAnonyString(acerAccountId).c_str(), + acerTokenId, acerPkgName.c_str(), GetAnonyString(acerCredId).c_str(), acerSkId, + GetAnonyString(aceeDeviceId).c_str(), aceeUserId, GetAnonyString(aceeAccountId).c_str(), aceeTokenId, + aceePkgName.c_str(), GetAnonyString(aceeCredId).c_str(), aceeSkId); +} + DM_EXPORT int32_t DeviceProfileConnector::GetVersionByExtra(std::string &extraInfo, std::string &dmVersion) { JsonObject extraInfoJson(extraInfo); @@ -1630,7 +1661,7 @@ std::vector GetACLByDeviceIdAndUserId(std::vector profiles; - std::map queryParams; - queryParams[USERID] = std::to_string(userId); - queryParams[ACCOUNTID] = accountId; - if (DistributedDeviceProfileClient::GetInstance().GetAccessControlProfile(queryParams, profiles) != DM_OK) { - LOGE("DP GetAccessControlProfile failed."); - } - for (auto &item : profiles) { - if (item.GetBindType() == DM_IDENTICAL_ACCOUNT && item.GetStatus() == ACTIVE) { return true; } } @@ -1721,7 +1735,7 @@ bool DeviceProfileConnector::CheckAppLevelAccess(const DistributedDeviceProfile: } } -DM_EXPORT int32_t DeviceProfileConnector::CheckIsSameAccount( +DM_EXPORT bool DeviceProfileConnector::CheckIsSameAccount( const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid) { @@ -1737,10 +1751,10 @@ DM_EXPORT int32_t DeviceProfileConnector::CheckIsSameAccount( } if (item.GetBindType() == DM_IDENTICAL_ACCOUNT) { LOGI("The udid %{public}s is identical bind.", GetAnonyString(item.GetTrustDeviceId()).c_str()); - return DM_OK; + return true; } } - return ERR_DM_FAILED; + return false; } DM_EXPORT int32_t DeviceProfileConnector::GetBindLevel(const std::string &pkgName, @@ -2830,6 +2844,304 @@ DM_EXPORT int32_t DeviceProfileConnector::HandleAccountCommonEvent( return DM_OK; } +DM_EXPORT bool DeviceProfileConnector::CheckSrcAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid) +{ + LOGI("srcUdid %{public}s, srcUserId %{publis}d, srcPkgName %{public}s, srcTokenId %{public}d," + "sinkUdid %{public}s, sinkUserId %{publis}d, sinkPkgName %{public}s, sinkTokenId %{public}d.", + GetAnonyString(srcUdid).c_str(), caller.userId, caller.pkgName.c_str(), static_cast(caller.tokenId), + GetAnonyString(sinkUdid).c_str(), callee.userId, callee.pkgName.c_str(), static_cast(callee.tokenId)); + std::vector profiles = GetAllAccessControlProfile(); + char localDeviceId[DEVICE_UUID_LENGTH] = {0}; + GetDevUdid(localDeviceId, DEVICE_UUID_LENGTH); + std::string localUdid = std::string(localDeviceId); + std::string trustUdid = localUdid == srcUdid ? sinkUdid : srcUdid; + for (const auto &item : profiles) { + PrintProfile(item); + if (item.GetTrustDeviceId() != trustUdid || item.GetStatus() != ACTIVE) { + continue; + } + switch (item.GetBindType()) { + case DM_IDENTICAL_ACCOUNT: + if (CheckSrcAcuntAccessControl(item, caller, srcUdid, callee, sinkUdid)) { + return true; + } + break; + case DM_SHARE: + if (CheckSrcShareAccessControl(item, caller, srcUdid, callee, sinkUdid)) { + return true; + } + break; + case DM_POINT_TO_POINT: + case DM_ACROSS_ACCOUNT: + if (CheckSrcP2PAccessControl(item, caller, srcUdid, callee, sinkUdid)) { + return true; + } + break; + default: + break; + } + } + return false; +} + +bool DeviceProfileConnector::CheckSrcAcuntAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid) +{ + std::string acerDeviceId = profile.GetAccesser().GetAccesserDeviceId(); + int32_t acerUserId = profile.GetAccesser().GetAccesserUserId(); + std::string acerAccountId = profile.GetAccesser().GetAccesserAccountId(); + + std::string aceeDeviceId = profile.GetAccessee().GetAccesseeDeviceId(); + int32_t aceeUserId = profile.GetAccessee().GetAccesseeUserId(); + std::string aceeAccountId = profile.GetAccessee().GetAccesseeAccountId(); + + uint32_t bindLevel = profile.GetBindLevel(); + + if (((srcUdid == acerDeviceId && caller.userId == acerUserId && caller.accountId == acerAccountId && + sinkUdid == aceeDeviceId) || (srcUdid == aceeDeviceId && caller.userId == aceeUserId && + caller.accountId == aceeAccountId && sinkUdid == acerDeviceId)) && bindLevel == USER) { + return true; + } + return false; +} + +bool DeviceProfileConnector::CheckSrcShareAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid) +{ + std::string acerDeviceId = profile.GetAccesser().GetAccesserDeviceId(); + int32_t acerUserId = profile.GetAccesser().GetAccesserUserId(); + std::string acerAccountId = profile.GetAccesser().GetAccesserAccountId(); + + std::string aceeDeviceId = profile.GetAccessee().GetAccesseeDeviceId(); + + uint32_t bindLevel = profile.GetBindLevel(); + if (srcUdid == acerDeviceId && caller.userId == acerUserId && caller.accountId == acerAccountId && + sinkUdid == aceeDeviceId && bindLevel == USER) { + return true; + } + return false; +} + +bool DeviceProfileConnector::CheckSrcP2PAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid) +{ + std::string acerDeviceId = profile.GetAccesser().GetAccesserDeviceId(); + int32_t acerUserId = profile.GetAccesser().GetAccesserUserId(); + int32_t acerTokenId = static_cast(profile.GetAccesser().GetAccesserTokenId()); + std::string acerPkgName = profile.GetAccesser().GetAccesserBundleName(); + + std::string aceeDeviceId = profile.GetAccessee().GetAccesseeDeviceId(); + int32_t aceeUserId = profile.GetAccessee().GetAccesseeUserId(); + int32_t aceeTokenId = static_cast(profile.GetAccessee().GetAccesseeTokenId()); + std::string aceePkgName = profile.GetAccessee().GetAccesseeBundleName(); + + uint32_t bindLevel = profile.GetBindLevel(); + if (bindLevel == USER && ((srcUdid == acerDeviceId && caller.userId == acerUserId && sinkUdid == aceeDeviceId) || + (srcUdid == aceeDeviceId && caller.userId == aceeUserId && sinkUdid == acerDeviceId))) { + return true; + } + if ((bindLevel == SERVICE || bindLevel == APP) && ((srcUdid == acerDeviceId && caller.userId == acerUserId && + static_cast(caller.tokenId) == acerTokenId && sinkUdid == aceeDeviceId) || (srcUdid == aceeDeviceId && + caller.userId == aceeUserId && static_cast(caller.tokenId) == aceeTokenId && + sinkUdid == acerDeviceId))) { + return true; + } + return false; +} + +DM_EXPORT bool DeviceProfileConnector::CheckSinkAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid) +{ + LOGI("srcUdid %{public}s, srcUserId %{publis}d, srcPkgName %{public}s, srcTokenId %{public}d," + "sinkUdid %{public}s, sinkUserId %{publis}d, sinkPkgName %{public}s, sinkTokenId %{public}d.", + GetAnonyString(srcUdid).c_str(), caller.userId, caller.pkgName.c_str(), static_cast(caller.tokenId), + GetAnonyString(sinkUdid).c_str(), callee.userId, callee.pkgName.c_str(), static_cast(callee.tokenId)); + std::vector profiles = GetAllAccessControlProfile(); + char localDeviceId[DEVICE_UUID_LENGTH] = {0}; + GetDevUdid(localDeviceId, DEVICE_UUID_LENGTH); + std::string localUdid = std::string(localDeviceId); + std::string trustUdid = localUdid == srcUdid ? sinkUdid : srcUdid; + for (const auto &item : profiles) { + PrintProfile(item); + if (item.GetTrustDeviceId() != trustUdid || item.GetStatus() != ACTIVE) { + continue; + } + switch (item.GetBindType()) { + case DM_IDENTICAL_ACCOUNT: + if (CheckSinkAcuntAccessControl(item, caller, srcUdid, callee, sinkUdid)) { + return true; + } + break; + case DM_SHARE: + if (CheckSinkShareAccessControl(item, caller, srcUdid, callee, sinkUdid)) { + return true; + } + break; + case DM_POINT_TO_POINT: + case DM_ACROSS_ACCOUNT: + if (CheckSinkP2PAccessControl(item, caller, srcUdid, callee, sinkUdid)) { + return true; + } + break; + default: + break; + } + } + return false; +} + +bool DeviceProfileConnector::CheckSinkAcuntAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid) +{ + std::string acerDeviceId = profile.GetAccesser().GetAccesserDeviceId(); + int32_t acerUserId = profile.GetAccesser().GetAccesserUserId(); + std::string acerAccountId = profile.GetAccesser().GetAccesserAccountId(); + + std::string aceeDeviceId = profile.GetAccessee().GetAccesseeDeviceId(); + int32_t aceeUserId = profile.GetAccessee().GetAccesseeUserId(); + std::string aceeAccountId = profile.GetAccessee().GetAccesseeAccountId(); + + uint32_t bindLevel = profile.GetBindLevel(); + + if (((srcUdid == acerDeviceId && caller.userId == acerUserId && caller.accountId == acerAccountId && + sinkUdid == aceeDeviceId && callee.userId == aceeUserId && callee.accountId == aceeAccountId) || + (srcUdid == aceeDeviceId && caller.userId == aceeUserId && caller.accountId == aceeAccountId && + sinkUdid == acerDeviceId && callee.userId == acerUserId && callee.accountId == acerAccountId)) && + bindLevel == USER) { + return true; + } + return false; +} + +bool DeviceProfileConnector::CheckSinkShareAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid) +{ + std::string acerDeviceId = profile.GetAccesser().GetAccesserDeviceId(); + int32_t acerUserId = profile.GetAccesser().GetAccesserUserId(); + std::string acerAccountId = profile.GetAccesser().GetAccesserAccountId(); + + std::string aceeDeviceId = profile.GetAccessee().GetAccesseeDeviceId(); + int32_t aceeUserId = profile.GetAccessee().GetAccesseeUserId(); + std::string aceeAccountId = profile.GetAccessee().GetAccesseeAccountId(); + + uint32_t bindLevel = profile.GetBindLevel(); + if (srcUdid == acerDeviceId && caller.userId == acerUserId && caller.accountId == acerAccountId && + sinkUdid == aceeDeviceId && callee.userId == aceeUserId && callee.accountId == aceeAccountId && + bindLevel == USER) { + return true; + } + return false; +} + +bool DeviceProfileConnector::CheckSinkP2PAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid) +{ + std::string acerDeviceId = profile.GetAccesser().GetAccesserDeviceId(); + int32_t acerUserId = profile.GetAccesser().GetAccesserUserId(); + int32_t acerTokenId = static_cast(profile.GetAccesser().GetAccesserTokenId()); + std::string acerPkgName = profile.GetAccesser().GetAccesserBundleName(); + + std::string aceeDeviceId = profile.GetAccessee().GetAccesseeDeviceId(); + int32_t aceeUserId = profile.GetAccessee().GetAccesseeUserId(); + int32_t aceeTokenId = static_cast(profile.GetAccessee().GetAccesseeTokenId()); + std::string aceePkgName = profile.GetAccessee().GetAccesseeBundleName(); + + uint32_t bindLevel = profile.GetBindLevel(); + if (bindLevel == USER && ((srcUdid == acerDeviceId && caller.userId == acerUserId && sinkUdid == aceeDeviceId && + callee.userId == aceeUserId) || (srcUdid == aceeDeviceId && caller.userId == aceeUserId && + sinkUdid == acerDeviceId && callee.userId == acerUserId))) { + return true; + } + + if ((bindLevel == SERVICE || bindLevel == APP) && ((srcUdid == acerDeviceId && caller.userId == acerUserId && + static_cast(caller.tokenId) == acerTokenId && sinkUdid == aceeDeviceId && + callee.userId == aceeUserId && static_cast(callee.tokenId) == aceeTokenId) || + (srcUdid == aceeDeviceId && caller.userId == aceeUserId && + static_cast(caller.tokenId) == aceeTokenId && sinkUdid == acerDeviceId && + callee.userId == acerUserId && static_cast(callee.tokenId) == acerTokenId))) { + return true; + } + return false; +} + +DM_EXPORT bool DeviceProfileConnector::CheckSrcIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid) +{ + LOGI("srcUdid %{public}s, srcUserId %{publis}d, srcPkgName %{public}s, srcTokenId %{public}d," + "sinkUdid %{public}s, sinkUserId %{publis}d, sinkPkgName %{public}s, sinkTokenId %{public}d.", + GetAnonyString(srcUdid).c_str(), caller.userId, caller.pkgName.c_str(), static_cast(caller.tokenId), + GetAnonyString(sinkUdid).c_str(), callee.userId, callee.pkgName.c_str(), static_cast(callee.tokenId)); + std::vector profiles = GetAllAccessControlProfile(); + char localDeviceId[DEVICE_UUID_LENGTH] = {0}; + GetDevUdid(localDeviceId, DEVICE_UUID_LENGTH); + std::string localUdid = std::string(localDeviceId); + std::string trustUdid = localUdid == srcUdid ? sinkUdid : srcUdid; + for (const auto &item : profiles) { + PrintProfile(item); + if (item.GetTrustDeviceId() != trustUdid || item.GetStatus() != ACTIVE || + item.GetBindType() != DM_IDENTICAL_ACCOUNT) { + continue; + } + std::string acerUdid = item.GetAccesser().GetAccesserDeviceId(); + int32_t acerUserId = item.GetAccesser().GetAccesserUserId(); + std::string acerAccountId = item.GetAccesser().GetAccesserAccountId(); + + std::string aceeUdid = item.GetAccessee().GetAccesseeDeviceId(); + int32_t aceeUserId = item.GetAccessee().GetAccesseeUserId(); + std::string aceeAccountId = item.GetAccessee().GetAccesseeAccountId(); + + uint32_t bindLevel = item.GetBindLevel(); + + if (((srcUdid == acerUdid && caller.userId == acerUserId && caller.accountId == acerAccountId && + sinkUdid == aceeUdid && callee.accountId == aceeAccountId) || (srcUdid == aceeUdid && + caller.userId == aceeUserId && sinkUdid == acerUdid && callee.accountId == acerAccountId)) && + bindLevel == USER) { + return true; + } + } + return false; +} + +DM_EXPORT bool DeviceProfileConnector::CheckSinkIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid) +{ + LOGI("srcUdid %{public}s, srcUserId %{publis}d, srcPkgName %{public}s, srcTokenId %{public}d," + "sinkUdid %{public}s, sinkUserId %{publis}d, sinkPkgName %{public}s, sinkTokenId %{public}d.", + GetAnonyString(srcUdid).c_str(), caller.userId, caller.pkgName.c_str(), static_cast(caller.tokenId), + GetAnonyString(sinkUdid).c_str(), callee.userId, callee.pkgName.c_str(), static_cast(callee.tokenId)); + std::vector profiles = GetAllAccessControlProfile(); + char localDeviceId[DEVICE_UUID_LENGTH] = {0}; + GetDevUdid(localDeviceId, DEVICE_UUID_LENGTH); + std::string localUdid = std::string(localDeviceId); + std::string trustUdid = localUdid == srcUdid ? sinkUdid : srcUdid; + for (const auto &item : profiles) { + PrintProfile(item); + if (item.GetTrustDeviceId() != trustUdid || item.GetStatus() != ACTIVE || + item.GetBindType() != DM_IDENTICAL_ACCOUNT) { + continue; + } + std::string acerUdid = item.GetAccesser().GetAccesserDeviceId(); + int32_t acerUserId = item.GetAccesser().GetAccesserUserId(); + std::string acerAccountId = item.GetAccesser().GetAccesserAccountId(); + + std::string aceeUdid = item.GetAccessee().GetAccesseeDeviceId(); + int32_t aceeUserId = item.GetAccessee().GetAccesseeUserId(); + std::string aceeAccountId = item.GetAccessee().GetAccesseeAccountId(); + + uint32_t bindLevel = item.GetBindLevel(); + + if (((srcUdid == acerUdid && caller.userId == acerUserId && caller.accountId == acerAccountId && + sinkUdid == aceeUdid && callee.userId == aceeUserId && callee.accountId == aceeAccountId) || + (srcUdid == aceeUdid && caller.userId == aceeUserId && caller.accountId == aceeAccountId && + sinkUdid == acerUdid && callee.userId == acerUserId && callee.accountId == acerAccountId)) && + bindLevel == USER) { + return true; + } + } + return false; +} + IDeviceProfileConnector *CreateDpConnectorInstance() { return &DeviceProfileConnector::GetInstance(); diff --git a/interfaces/inner_kits/native_cpp/include/device_manager.h b/interfaces/inner_kits/native_cpp/include/device_manager.h index 46f0ff290e41bc1417f91ba5e5bea196f5d88292..706db7cc854ab26ab696d764beba3c57d228b8fc 100644 --- a/interfaces/inner_kits/native_cpp/include/device_manager.h +++ b/interfaces/inner_kits/native_cpp/include/device_manager.h @@ -608,15 +608,6 @@ public: virtual int32_t UnRegisterDeviceScreenStatusCallback(const std::string &pkgName) = 0; virtual int32_t GetDeviceScreenStatus(const std::string &pkgName, const std::string &networkId, int32_t &screenStatus) = 0; - - /** - * @brief Set Dn Policy - * @param pkgName package name. - * @param policy contain DM_POLICY_STRATEGY_FOR_BLE and DM_POLICY_TIMEOUT key and value. - * DM_POLICY_STRATEGY_FOR_BLE: Strategy BLE networking go-online policy, suppress or restore. - * DM_POLICY_TIMEOUT: Indicates the duration for suppressing ble networking. - * @return Returns 0 if success. - */ virtual int32_t SetDnPolicy(const std::string &pkgName, std::map &policy) = 0; virtual int32_t StopAuthenticateDevice(const std::string &pkgName) = 0; virtual int32_t GetNetworkIdByUdid(const std::string &pkgName, const std::string &udid, std::string &networkId) = 0; @@ -630,17 +621,9 @@ public: std::vector &deviceList) = 0; virtual int32_t RegisterAuthenticationType(const std::string &pkgName, const std::map &authParam) = 0; - - /** - * @brief Query the device list of same account. - * @param filterOptions query parameters. - * @param callback qeury result callback. - * @return Returns 0 if success. - */ virtual int32_t GetDeviceProfileInfoList(const std::string &pkgName, const DmDeviceProfileInfoFilterOptions &filterOptions, std::shared_ptr callback) = 0; - virtual int32_t GetDeviceIconInfo(const std::string &pkgName, const DmDeviceIconInfoFilterOptions &filterOptions, std::shared_ptr callback) = 0; virtual int32_t PutDeviceProfileInfoList(const std::string &pkgName, @@ -659,12 +642,11 @@ public: virtual int32_t RestoreLocalDeviceName(const std::string &pkgName) = 0; virtual int32_t GetDeviceNetworkIdList(const std::string &bundleName, const NetworkIdQueryFilter &queryFilter, std::vector &networkIds) = 0; - /** - * @brief UnRegister Pin Code Holder Callback - * @param pkgName package name. - * @return Returns 0 if success. - */ virtual int32_t UnRegisterPinHolderCallback(const std::string &pkgName) = 0; + virtual bool CheckSrcAccessControl(const DmAccessCaller &caller, const DmAccessCallee &callee) = 0; + virtual bool CheckSinkAccessControl(const DmAccessCaller &caller, const DmAccessCallee &callee) = 0; + virtual bool CheckSrcIsSameAccount(const DmAccessCaller &caller, const DmAccessCallee &callee) = 0; + virtual bool CheckSinkIsSameAccount(const DmAccessCaller &caller, const DmAccessCallee &callee) = 0; }; } // namespace DistributedHardware } // namespace OHOS diff --git a/interfaces/inner_kits/native_cpp/include/device_manager_impl.h b/interfaces/inner_kits/native_cpp/include/device_manager_impl.h index 4f8be085e27ab27d669ed60387d11000ab38b0df..f32edc750b7b3caf36473ad726c2bf68e90d16b6 100644 --- a/interfaces/inner_kits/native_cpp/include/device_manager_impl.h +++ b/interfaces/inner_kits/native_cpp/include/device_manager_impl.h @@ -17,6 +17,7 @@ #define OHOS_DEVICE_MANAGER_IMPL_H #include "device_manager.h" +#include "device_manager_ipc_interface_code.h" #if !defined(__LITEOS_M__) #include "ipc_client_manager.h" #include "ipc_client_proxy.h" @@ -433,6 +434,10 @@ public: virtual int32_t GetDeviceNetworkIdList(const std::string &bundleName, const NetworkIdQueryFilter &queryFilter, std::vector &networkIds) override; virtual int32_t UnRegisterPinHolderCallback(const std::string &pkgName) override; + virtual bool CheckSrcAccessControl(const DmAccessCaller &caller, const DmAccessCallee &callee) override; + virtual bool CheckSinkAccessControl(const DmAccessCaller &caller, const DmAccessCallee &callee) override; + virtual bool CheckSrcIsSameAccount(const DmAccessCaller &caller, const DmAccessCallee &callee) override; + virtual bool CheckSinkIsSameAccount(const DmAccessCaller &caller, const DmAccessCallee &callee) override; private: DeviceManagerImpl() = default; @@ -452,6 +457,8 @@ private: uint16_t GetSubscribeIdFromMap(const std::string &pkgName); void SyncCallbackToService(DmCommonNotifyEvent dmCommonNotifyEvent, const std::string &pkgName); int32_t GetAnonyLocalUdid(const std::string &pkgName, std::string &anonyUdid); + bool CheckAclByIpcCode(const DmAccessCaller &caller, const DmAccessCallee &callee, + const DMIpcCmdInterfaceCode &ipcCode); private: #if !defined(__LITEOS_M__) diff --git a/interfaces/inner_kits/native_cpp/include/dm_device_info.h b/interfaces/inner_kits/native_cpp/include/dm_device_info.h index f4d1ea3d6dbc5a8b7b104d186cc23a0406bf9920..0ce101dd930b7f52110efd100da1656995cebcae 100644 --- a/interfaces/inner_kits/native_cpp/include/dm_device_info.h +++ b/interfaces/inner_kits/native_cpp/include/dm_device_info.h @@ -381,6 +381,7 @@ typedef struct DmAccessCallee { std::string accountId; std::string networkId; std::string peerId; + std::string pkgName; int32_t userId; uint64_t tokenId = 0; std::string extra; diff --git a/interfaces/inner_kits/native_cpp/src/device_manager_impl.cpp b/interfaces/inner_kits/native_cpp/src/device_manager_impl.cpp index a2af88d1a6fc72eef39c98eefeab8b0646b49854..46880bc039e33bbcdd37e108b13048987790fe6d 100644 --- a/interfaces/inner_kits/native_cpp/src/device_manager_impl.cpp +++ b/interfaces/inner_kits/native_cpp/src/device_manager_impl.cpp @@ -15,7 +15,6 @@ #include "device_manager_impl.h" #include -#include "device_manager_ipc_interface_code.h" #include "device_manager_notify.h" #include "dm_anonymous.h" #include "dm_constants.h" @@ -2223,52 +2222,6 @@ bool DeviceManagerImpl::IsSameAccount(const std::string &netWorkId) return true; } -bool DeviceManagerImpl::CheckAccessControl(const DmAccessCaller &caller, const DmAccessCallee &callee) -{ - LOGI("Start"); - std::shared_ptr req = std::make_shared(); - std::shared_ptr rsp = std::make_shared(); - req->SetAccessCaller(caller); - req->SetAccessCallee(callee); - int32_t ret = ipcClientProxy_->SendRequest(CHECK_ACCESS_CONTROL, req, rsp); - if (ret != DM_OK) { - DmRadarHelper::GetInstance().ReportDmBehavior(caller.pkgName, "CheckAccessControl", ret, anonyLocalUdid_); - LOGE("CheckAccessControl Send Request failed ret: %{public}d", ret); - return false; - } - ret = rsp->GetErrCode(); - if (ret != DM_OK) { - DmRadarHelper::GetInstance().ReportDmBehavior(caller.pkgName, "CheckAccessControl", ret, anonyLocalUdid_); - LOGE("CheckAccessControl Failed with ret: %{public}d", ret); - return false; - } - DmRadarHelper::GetInstance().ReportDmBehavior(caller.pkgName, "CheckAccessControl", DM_OK, anonyLocalUdid_); - return true; -} - -bool DeviceManagerImpl::CheckIsSameAccount(const DmAccessCaller &caller, const DmAccessCallee &callee) -{ - LOGI("Start"); - std::shared_ptr req = std::make_shared(); - std::shared_ptr rsp = std::make_shared(); - req->SetAccessCaller(caller); - req->SetAccessCallee(callee); - int32_t ret = ipcClientProxy_->SendRequest(CHECK_SAME_ACCOUNT, req, rsp); - if (ret != DM_OK) { - DmRadarHelper::GetInstance().ReportDmBehavior(caller.pkgName, "CheckIsSameAccount", ret, anonyLocalUdid_); - LOGE("CheckIsSameAccount Send Request failed ret: %{public}d", ret); - return false; - } - ret = rsp->GetErrCode(); - if (ret != DM_OK) { - DmRadarHelper::GetInstance().ReportDmBehavior(caller.pkgName, "CheckIsSameAccount", ret, anonyLocalUdid_); - LOGE("CheckIsSameAccount Failed with ret: %{public}d", ret); - return false; - } - DmRadarHelper::GetInstance().ReportDmBehavior(caller.pkgName, "CheckIsSameAccount", DM_OK, anonyLocalUdid_); - return true; -} - int32_t DeviceManagerImpl::GetErrCode(int32_t errCode) { auto flag = MAP_ERROR_CODE.find(errCode); @@ -2951,5 +2904,66 @@ int32_t DeviceManagerImpl::UnRegisterPinHolderCallback(const std::string &pkgNam } return DM_OK; } + +bool DeviceManagerImpl::CheckAccessControl(const DmAccessCaller &caller, const DmAccessCallee &callee) +{ + LOGI("Start"); + return CheckAclByIpcCode(caller, callee, CHECK_ACCESS_CONTROL); +} + +bool DeviceManagerImpl::CheckIsSameAccount(const DmAccessCaller &caller, const DmAccessCallee &callee) +{ + LOGI("Start"); + return CheckAclByIpcCode(caller, callee, CHECK_SAME_ACCOUNT); +} + + +bool DeviceManagerImpl::CheckSrcAccessControl(const DmAccessCaller &caller, const DmAccessCallee &callee) +{ + LOGI("Start"); + return CheckAclByIpcCode(caller, callee, CHECK_SRC_ACCESS_CONTROL); +} + +bool DeviceManagerImpl::CheckSinkAccessControl(const DmAccessCaller &caller, const DmAccessCallee &callee) +{ + LOGI("Start"); + return CheckAclByIpcCode(caller, callee, CHECK_SINK_ACCESS_CONTROL); +} + +bool DeviceManagerImpl::CheckSrcIsSameAccount(const DmAccessCaller &caller, const DmAccessCallee &callee) +{ + LOGI("Start"); + return CheckAclByIpcCode(caller, callee, CHECK_SRC_SAME_ACCOUNT); +} + +bool DeviceManagerImpl::CheckSinkIsSameAccount(const DmAccessCaller &caller, const DmAccessCallee &callee) +{ + LOGI("Start"); + return CheckAclByIpcCode(caller, callee, CHECK_SINK_SAME_ACCOUNT); +} + +bool DeviceManagerImpl::CheckAclByIpcCode(const DmAccessCaller &caller, const DmAccessCallee &callee, + const DMIpcCmdInterfaceCode &ipcCode) +{ + LOGI("start, ipcCode %{public}d.", static_cast(ipcCode)); + std::shared_ptr req = std::make_shared(); + std::shared_ptr rsp = std::make_shared(); + req->SetAccessCaller(caller); + req->SetAccessCallee(callee); + int32_t ret = ipcClientProxy_->SendRequest(ipcCode, req, rsp); + if (ret != DM_OK) { + DmRadarHelper::GetInstance().ReportDmBehavior(caller.pkgName, "CheckAclByIpcCode", ret, anonyLocalUdid_); + LOGE("CheckIsSameAccount Send Request failed ret: %{public}d", ret); + return false; + } + ret = rsp->GetErrCode(); + if (ret != DM_OK) { + DmRadarHelper::GetInstance().ReportDmBehavior(caller.pkgName, "CheckAclByIpcCode", ret, anonyLocalUdid_); + LOGE("CheckIsSameAccount Failed with ret: %{public}d", ret); + return false; + } + DmRadarHelper::GetInstance().ReportDmBehavior(caller.pkgName, "CheckAclByIpcCode", DM_OK, anonyLocalUdid_); + return true; +} } // namespace DistributedHardware } // namespace OHOS diff --git a/interfaces/inner_kits/native_cpp/src/ipc/standard/ipc_cmd_parser.cpp b/interfaces/inner_kits/native_cpp/src/ipc/standard/ipc_cmd_parser.cpp index e9dafe94936942675c38fc51b49307f92363457e..25f7080568803e72967442a31e3c58824397560c 100644 --- a/interfaces/inner_kits/native_cpp/src/ipc/standard/ipc_cmd_parser.cpp +++ b/interfaces/inner_kits/native_cpp/src/ipc/standard/ipc_cmd_parser.cpp @@ -76,6 +76,31 @@ namespace DistributedHardware { namespace { const int32_t DM_MAX_TRUST_DEVICE_NUM = 200; } +int32_t SetRequest(const DMIpcCmdInterfaceCode &ipcCode, std::shared_ptr pBaseReq, MessageParcel &data) +{ + LOGI("start ipcCode %{public}d.", static_cast(ipcCode)); + CHECK_NULL_RETURN(pBaseReq, ERR_DM_FAILED); + std::shared_ptr pReq = std::static_pointer_cast(pBaseReq); + DmAccessCaller caller = pReq->GetAccessCaller(); + DmAccessCallee callee = pReq->GetAccessCallee(); + if (!IpcModelCodec::EncodeDmAccessCaller(caller, data)) { + LOGE("write caller failed"); + return ERR_DM_IPC_WRITE_FAILED; + } + if (!IpcModelCodec::EncodeDmAccessCallee(callee, data)) { + LOGE("write caller failed"); + return ERR_DM_IPC_WRITE_FAILED; + } + return DM_OK; +} + +int32_t ReadResponse(const DMIpcCmdInterfaceCode &ipcCode, MessageParcel &reply, std::shared_ptr pBaseRsp) +{ + LOGI("start ipcCode %{public}d.", static_cast(ipcCode)); + CHECK_NULL_RETURN(pBaseRsp, ERR_DM_FAILED); + pBaseRsp->SetErrCode(reply.ReadInt32()); + return DM_OK; +} ON_IPC_SET_REQUEST(REGISTER_DEVICE_MANAGER_LISTENER, std::shared_ptr pBaseReq, MessageParcel &data) { @@ -1477,50 +1502,22 @@ ON_IPC_READ_RESPONSE(CHECK_API_PERMISSION, MessageParcel &reply, std::shared_ptr ON_IPC_SET_REQUEST(CHECK_ACCESS_CONTROL, std::shared_ptr pBaseReq, MessageParcel &data) { - CHECK_NULL_RETURN(pBaseReq, ERR_DM_FAILED); - std::shared_ptr pReq = std::static_pointer_cast(pBaseReq); - DmAccessCaller caller = pReq->GetAccessCaller(); - DmAccessCallee callee = pReq->GetAccessCallee(); - if (!IpcModelCodec::EncodeDmAccessCaller(caller, data)) { - LOGE("write caller failed"); - return ERR_DM_IPC_WRITE_FAILED; - } - if (!IpcModelCodec::EncodeDmAccessCallee(callee, data)) { - LOGE("write caller failed"); - return ERR_DM_IPC_WRITE_FAILED; - } - return DM_OK; + return SetRequest(CHECK_ACCESS_CONTROL, pBaseReq, data); } ON_IPC_READ_RESPONSE(CHECK_ACCESS_CONTROL, MessageParcel &reply, std::shared_ptr pBaseRsp) { - CHECK_NULL_RETURN(pBaseRsp, ERR_DM_FAILED); - pBaseRsp->SetErrCode(reply.ReadInt32()); - return DM_OK; + return ReadResponse(CHECK_ACCESS_CONTROL, reply, pBaseRsp); } ON_IPC_SET_REQUEST(CHECK_SAME_ACCOUNT, std::shared_ptr pBaseReq, MessageParcel &data) { - CHECK_NULL_RETURN(pBaseReq, ERR_DM_FAILED); - std::shared_ptr pReq = std::static_pointer_cast(pBaseReq); - DmAccessCaller caller = pReq->GetAccessCaller(); - DmAccessCallee callee = pReq->GetAccessCallee(); - if (!IpcModelCodec::EncodeDmAccessCaller(caller, data)) { - LOGE("write caller failed"); - return ERR_DM_IPC_WRITE_FAILED; - } - if (!IpcModelCodec::EncodeDmAccessCallee(callee, data)) { - LOGE("write caller failed"); - return ERR_DM_IPC_WRITE_FAILED; - } - return DM_OK; + return SetRequest(CHECK_SAME_ACCOUNT, pBaseReq, data); } ON_IPC_READ_RESPONSE(CHECK_SAME_ACCOUNT, MessageParcel &reply, std::shared_ptr pBaseRsp) { - CHECK_NULL_RETURN(pBaseRsp, ERR_DM_FAILED); - pBaseRsp->SetErrCode(reply.ReadInt32()); - return DM_OK; + return ReadResponse(CHECK_SAME_ACCOUNT, reply, pBaseRsp); } ON_IPC_SET_REQUEST(SHIFT_LNN_GEAR, std::shared_ptr pBaseReq, MessageParcel &data) @@ -2142,5 +2139,45 @@ ON_IPC_READ_RESPONSE(UNREGISTER_PIN_HOLDER_CALLBACK, MessageParcel &reply, std:: pRsp->SetErrCode(reply.ReadInt32()); return DM_OK; } + +ON_IPC_SET_REQUEST(CHECK_SRC_ACCESS_CONTROL, std::shared_ptr pBaseReq, MessageParcel &data) +{ + return SetRequest(CHECK_SRC_ACCESS_CONTROL, pBaseReq, data); +} + +ON_IPC_READ_RESPONSE(CHECK_SRC_ACCESS_CONTROL, MessageParcel &reply, std::shared_ptr pBaseRsp) +{ + return ReadResponse(CHECK_SRC_ACCESS_CONTROL, reply, pBaseRsp); +} + +ON_IPC_SET_REQUEST(CHECK_SINK_ACCESS_CONTROL, std::shared_ptr pBaseReq, MessageParcel &data) +{ + return SetRequest(CHECK_SINK_ACCESS_CONTROL, pBaseReq, data); +} + +ON_IPC_READ_RESPONSE(CHECK_SINK_ACCESS_CONTROL, MessageParcel &reply, std::shared_ptr pBaseRsp) +{ + return ReadResponse(CHECK_SINK_ACCESS_CONTROL, reply, pBaseRsp); +} + +ON_IPC_SET_REQUEST(CHECK_SRC_SAME_ACCOUNT, std::shared_ptr pBaseReq, MessageParcel &data) +{ + return SetRequest(CHECK_SRC_SAME_ACCOUNT, pBaseReq, data); +} + +ON_IPC_READ_RESPONSE(CHECK_SRC_SAME_ACCOUNT, MessageParcel &reply, std::shared_ptr pBaseRsp) +{ + return ReadResponse(CHECK_SRC_SAME_ACCOUNT, reply, pBaseRsp); +} + +ON_IPC_SET_REQUEST(CHECK_SINK_SAME_ACCOUNT, std::shared_ptr pBaseReq, MessageParcel &data) +{ + return SetRequest(CHECK_SINK_SAME_ACCOUNT, pBaseReq, data); +} + +ON_IPC_READ_RESPONSE(CHECK_SINK_SAME_ACCOUNT, MessageParcel &reply, std::shared_ptr pBaseRsp) +{ + return ReadResponse(CHECK_SINK_SAME_ACCOUNT, reply, pBaseRsp); +} } // namespace DistributedHardware } // namespace OHOS diff --git a/services/implementation/include/device_manager_service_impl.h b/services/implementation/include/device_manager_service_impl.h index aa1feb4256306513d1f185522e36d9142417fcb1..614ad91e6c9ee2ecc8560539557d739a5f34572e 100644 --- a/services/implementation/include/device_manager_service_impl.h +++ b/services/implementation/include/device_manager_service_impl.h @@ -148,9 +148,9 @@ public: int32_t IsSameAccount(const std::string &udid); uint64_t GetTokenIdByNameAndDeviceId(std::string pkgName, std::string requestDeviceId); void ScreenCommonEventCallback(std::string commonEventType); - int32_t CheckIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, + bool CheckIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid); - int32_t CheckAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, + bool CheckAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid); void HandleDeviceNotTrust(const std::string &udid); int32_t GetBindLevel(const std::string &pkgName, const std::string &localUdid, @@ -192,6 +192,14 @@ public: uint64_t logicalSessionId, const std::string &pkgName); void HandleCommonEventBroadCast(const std::vector &foregroundUserIds, const std::vector &backgroundUserIds, const std::string &remoteUdid); + bool CheckSrcAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid); + bool CheckSinkAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid); + bool CheckSrcIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid); + bool CheckSinkIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid); private: int32_t PraseNotifyEventJson(const std::string &event, JsonObject &jsonObject); std::string GetUdidHashByNetworkId(const std::string &networkId); diff --git a/services/implementation/include/device_manager_service_impl_lite.h b/services/implementation/include/device_manager_service_impl_lite.h index 08796fc0a1f3fc46507bbd57aa417c2f6233c052..78d1b7dfbadf7987f392e8cd259a850f2164e052 100644 --- a/services/implementation/include/device_manager_service_impl_lite.h +++ b/services/implementation/include/device_manager_service_impl_lite.h @@ -124,9 +124,9 @@ public: int32_t IsSameAccount(const std::string &udid); uint64_t GetTokenIdByNameAndDeviceId(std::string pkgName, std::string requestDeviceId); void ScreenCommonEventCallback(std::string commonEventType); - int32_t CheckIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, + bool CheckIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid); - int32_t CheckAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, + bool CheckAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid); void HandleDeviceNotTrust(const std::string &udid); int32_t GetBindLevel(const std::string &pkgName, const std::string &localUdid, @@ -170,6 +170,14 @@ public: int32_t remoteTokenId); void HandleCommonEventBroadCast(const std::vector &foregroundUserIds, const std::vector &backgroundUserIds, const std::string &remoteUdid); + bool CheckSrcAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid); + bool CheckSinkAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid); + bool CheckSrcIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid); + bool CheckSinkIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid); private: std::string GetUdidHashByNetworkId(const std::string &networkId); diff --git a/services/implementation/src/device_manager_service_impl.cpp b/services/implementation/src/device_manager_service_impl.cpp index 8bc029e69c88ef8c454a49a0a8bad329e080f4cd..134050258efbefde5cfc49d6eaee33f90cfdf1ca 100644 --- a/services/implementation/src/device_manager_service_impl.cpp +++ b/services/implementation/src/device_manager_service_impl.cpp @@ -1840,23 +1840,20 @@ void DeviceManagerServiceImpl::ScreenCommonEventCallback(std::string commonEvent LOGI("DeviceManagerServiceImpl::ScreenCommonEventCallback error."); } -int32_t DeviceManagerServiceImpl::CheckIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, +bool DeviceManagerServiceImpl::CheckIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid) { return DeviceProfileConnector::GetInstance().CheckIsSameAccount(caller, srcUdid, callee, sinkUdid); } -int32_t DeviceManagerServiceImpl::CheckAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, +bool DeviceManagerServiceImpl::CheckAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid) { CHECK_NULL_RETURN(hiChainConnector_, ERR_DM_POINT_NULL); - bool ret = hiChainConnector_->IsDevicesInP2PGroup(srcUdid, sinkUdid); - if (!ret) { - int32_t checkRet = DeviceProfileConnector::GetInstance().CheckAccessControl(caller, - srcUdid, callee, sinkUdid); - return checkRet; + if (!hiChainConnector_->IsDevicesInP2PGroup(srcUdid, sinkUdid)) { + return DeviceProfileConnector::GetInstance().CheckAccessControl(caller, srcUdid, callee, sinkUdid); } else { - return DM_OK; + return true; } } @@ -2676,6 +2673,30 @@ void DeviceManagerServiceImpl::SetBindCallerInfoToBindParam(const std::map &foregroundUserIds, const std::vector &backgroundUserIds, const std::string &remoteUdid); + bool CheckSrcAccessControl(const DmAccessCaller &caller, const DmAccessCallee &callee); + bool CheckSinkAccessControl(const DmAccessCaller &caller, const DmAccessCallee &callee); + bool CheckSrcIsSameAccount(const DmAccessCaller &caller, const DmAccessCallee &callee); + bool CheckSinkIsSameAccount(const DmAccessCaller &caller, const DmAccessCallee &callee); private: bool IsDMServiceImplReady(); bool IsDMImplSoLoaded(); @@ -386,6 +390,8 @@ private: bool IsCallerInWhiteList(); bool IsDMAdapterCheckApiWhiteListLoaded(); #endif + bool GetAccessUdidByNetworkId(const std::string &srcNetWorkId, std::string &srcUdid, + const std::string &sinkNetWorkId, std::string &sinkUdid); private: bool isImplsoLoaded_ = false; diff --git a/services/service/include/idevice_manager_service_impl.h b/services/service/include/idevice_manager_service_impl.h index 7825f64767874a83cf6cd8920bbcc630b49d1d70..a9a57ebb8b63337deb7370ab65de97b9dc706f82 100644 --- a/services/service/include/idevice_manager_service_impl.h +++ b/services/service/include/idevice_manager_service_impl.h @@ -223,9 +223,9 @@ public: virtual int32_t IsSameAccount(const std::string &udid) = 0; virtual uint64_t GetTokenIdByNameAndDeviceId(std::string pkgName, std::string requestDeviceId) = 0; virtual void ScreenCommonEventCallback(std::string commonEventType) = 0; - virtual int32_t CheckIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, + virtual bool CheckIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid) = 0; - virtual int32_t CheckAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, + virtual bool CheckAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid) = 0; virtual void HandleDeviceNotTrust(const std::string &udid) = 0; virtual std::multimap GetDeviceIdAndUserId(int32_t userId, @@ -272,6 +272,14 @@ public: int32_t remoteTokenId) = 0; virtual void HandleCommonEventBroadCast(const std::vector &foregroundUserIds, const std::vector &backgroundUserIds, const std::string &remoteUdid) = 0; + virtual bool CheckSrcAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid) = 0; + virtual bool CheckSinkAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid) = 0; + virtual bool CheckSrcIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid) = 0; + virtual bool CheckSinkIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, + const DmAccessCallee &callee, const std::string &sinkUdid) = 0; }; using CreateDMServiceFuncPtr = IDeviceManagerServiceImpl *(*)(void); diff --git a/services/service/src/device_manager_service.cpp b/services/service/src/device_manager_service.cpp index a1785e60012d6d97e71548c7ef72354f3a77b64d..1f832ea277f645a81e2c92b52635a2005c92c23a 100644 --- a/services/service/src/device_manager_service.cpp +++ b/services/service/src/device_manager_service.cpp @@ -1880,35 +1880,23 @@ int32_t DeviceManagerService::IsSameAccount(const std::string &networkId) bool DeviceManagerService::CheckAccessControl(const DmAccessCaller &caller, const DmAccessCallee &callee) { - if (!PermissionManager::GetInstance().CheckPermission()) { - LOGE("The caller: %{public}s does not have permission to call CheckAccessControl.", caller.pkgName.c_str()); - return false; - } - if (!IsDMServiceImplReady()) { - LOGE("CheckAccessControl failed, instance not init or init failed."); - return false; - } std::string srcUdid = ""; - SoftbusListener::GetUdidByNetworkId(caller.networkId.c_str(), srcUdid); std::string sinkUdid = ""; - SoftbusListener::GetUdidByNetworkId(callee.networkId.c_str(), sinkUdid); - return dmServiceImpl_->CheckAccessControl(caller, srcUdid, callee, sinkUdid); + if (!GetAccessUdidByNetworkId(caller.networkId.c_str(), srcUdid, callee.networkId.c_str(), sinkUdid)) { + LOGE("GetAccessUdidByNetworkId failed."); + return false; + } + return dmServiceImpl_->CheckAccessControl(caller, srcUdid, callee, sinkUdid); } bool DeviceManagerService::CheckIsSameAccount(const DmAccessCaller &caller, const DmAccessCallee &callee) { - if (!PermissionManager::GetInstance().CheckPermission()) { - LOGE("The caller: %{public}s does not have permission to call CheckIsSameAccount.", caller.pkgName.c_str()); - return false; - } - if (!IsDMServiceImplReady()) { - LOGE("CheckIsSameAccount failed, instance not init or init failed."); - return false; - } std::string srcUdid = ""; - SoftbusListener::GetUdidByNetworkId(caller.networkId.c_str(), srcUdid); std::string sinkUdid = ""; - SoftbusListener::GetUdidByNetworkId(callee.networkId.c_str(), sinkUdid); + if (!GetAccessUdidByNetworkId(caller.networkId.c_str(), srcUdid, callee.networkId.c_str(), sinkUdid)) { + LOGE("GetAccessUdidByNetworkId failed."); + return false; + } return dmServiceImpl_->CheckIsSameAccount(caller, srcUdid, callee, sinkUdid); } @@ -3907,5 +3895,67 @@ int32_t DeviceManagerService::UnRegisterPinHolderCallback(const std::string &pkg CHECK_NULL_RETURN(pinHolder_, ERR_DM_POINT_NULL); return pinHolder_->UnRegisterPinHolderCallback(pkgName); } + +bool DeviceManagerService::GetAccessUdidByNetworkId(const std::string &srcNetWorkId, std::string &srcUdid, + const std::string &sinkNetWorkId, std::string &sinkUdid) +{ + LOGI("start srcNetWorkId %{public}s, sinkNetWorkId %{public}s.", GetAnonyString(srcNetWorkId).c_str(), + GetAnonyString(sinkNetWorkId).c_str()); + if (!PermissionManager::GetInstance().CheckPermission()) { + LOGE("The caller not have permission to call GetAccessUdidByNetworkId."); + return false; + } + if (!IsDMServiceImplReady()) { + LOGE("GetAccessUdidByNetworkId failed, instance not init or init failed."); + return false; + } + SoftbusListener::GetUdidByNetworkId(srcNetWorkId.c_str(), srcUdid); + SoftbusListener::GetUdidByNetworkId(sinkNetWorkId.c_str(), sinkUdid); + return true; +} + +bool DeviceManagerService::CheckSrcAccessControl(const DmAccessCaller &caller, const DmAccessCallee &callee) +{ + std::string srcUdid = ""; + std::string sinkUdid = ""; + if (!GetAccessUdidByNetworkId(caller.networkId.c_str(), srcUdid, callee.networkId.c_str(), sinkUdid)) { + LOGE("The caller %{public}s GetAccessUdidByNetworkId failed.", caller.pkgName.c_str()); + return false; + } + return dmServiceImpl_->CheckSrcAccessControl(caller, srcUdid, callee, sinkUdid); +} + +bool DeviceManagerService::CheckSinkAccessControl(const DmAccessCaller &caller, const DmAccessCallee &callee) +{ + std::string srcUdid = ""; + std::string sinkUdid = ""; + if (!GetAccessUdidByNetworkId(caller.networkId.c_str(), srcUdid, callee.networkId.c_str(), sinkUdid)) { + LOGE("The caller %{public}s GetAccessUdidByNetworkId failed.", caller.pkgName.c_str()); + return false; + } + return dmServiceImpl_->CheckSinkAccessControl(caller, srcUdid, callee, sinkUdid); +} + +bool DeviceManagerService::CheckSrcIsSameAccount(const DmAccessCaller &caller, const DmAccessCallee &callee) +{ + std::string srcUdid = ""; + std::string sinkUdid = ""; + if (!GetAccessUdidByNetworkId(caller.networkId.c_str(), srcUdid, callee.networkId.c_str(), sinkUdid)) { + LOGE("The caller %{public}s GetAccessUdidByNetworkId failed.", caller.pkgName.c_str()); + return false; + } + return dmServiceImpl_->CheckSrcIsSameAccount(caller, srcUdid, callee, sinkUdid); +} + +bool DeviceManagerService::CheckSinkIsSameAccount(const DmAccessCaller &caller, const DmAccessCallee &callee) +{ + std::string srcUdid = ""; + std::string sinkUdid = ""; + if (!GetAccessUdidByNetworkId(caller.networkId.c_str(), srcUdid, callee.networkId.c_str(), sinkUdid)) { + LOGE("The caller %{public}s GetAccessUdidByNetworkId failed.", caller.pkgName.c_str()); + return false; + } + return dmServiceImpl_->CheckSinkIsSameAccount(caller, srcUdid, callee, sinkUdid); +} } // namespace DistributedHardware } // namespace OHOS diff --git a/services/service/src/ipc/standard/ipc_cmd_parser.cpp b/services/service/src/ipc/standard/ipc_cmd_parser.cpp index f2340bdeecd7caa0041f9323cdad4e0814cad212..24bd36b3f493fe651b3466416b9119bd7f6ed862 100644 --- a/services/service/src/ipc/standard/ipc_cmd_parser.cpp +++ b/services/service/src/ipc/standard/ipc_cmd_parser.cpp @@ -53,6 +53,64 @@ namespace OHOS { namespace DistributedHardware { const unsigned int XCOLLIE_TIMEOUT_S = 5; constexpr const char* SCENEBOARD_PROCESS = "com.ohos.sceneboard"; +void DecodeDmAccessCaller(MessageParcel &parcel, DmAccessCaller &caller) +{ + caller.accountId = parcel.ReadString(); + caller.pkgName = parcel.ReadString(); + caller.networkId = parcel.ReadString(); + caller.userId = parcel.ReadInt32(); + caller.tokenId = parcel.ReadUint64(); + caller.extra = parcel.ReadString(); +} + +void DecodeDmAccessCallee(MessageParcel &parcel, DmAccessCallee &callee) +{ + callee.accountId = parcel.ReadString(); + callee.networkId = parcel.ReadString(); + callee.peerId = parcel.ReadString(); + callee.userId = parcel.ReadInt32(); + callee.extra = parcel.ReadString(); + callee.tokenId = parcel.ReadUint64(); +} + +int32_t OnIpcCmd(const DMIpcCmdInterfaceCode &ipcCode, MessageParcel &data, MessageParcel &reply) +{ + LOGI("start ipcCode %{public}d.", static_cast(ipcCode)); + DmAccessCaller caller; + DmAccessCallee callee; + DecodeDmAccessCaller(data, caller); + DecodeDmAccessCallee(data, callee); + int32_t result = DM_OK; + switch (ipcCode) { + case CHECK_ACCESS_CONTROL: + result = DeviceManagerService::GetInstance().CheckAccessControl(caller, callee); + break; + case CHECK_SAME_ACCOUNT: + result = DeviceManagerService::GetInstance().CheckIsSameAccount(caller, callee); + break; + case CHECK_SRC_ACCESS_CONTROL: + result = DeviceManagerService::GetInstance().CheckSrcAccessControl(caller, callee); + break; + case CHECK_SINK_ACCESS_CONTROL: + result = DeviceManagerService::GetInstance().CheckSinkAccessControl(caller, callee); + break; + case CHECK_SRC_SAME_ACCOUNT: + result = DeviceManagerService::GetInstance().CheckSrcIsSameAccount(caller, callee); + break; + case CHECK_SINK_SAME_ACCOUNT: + result = DeviceManagerService::GetInstance().CheckSinkIsSameAccount(caller, callee); + break; + default: + LOGE("invalid ipccode"); + result = ERR_DM_FAILED; + break; + } + if (!reply.WriteInt32(result)) { + LOGE("write result failed."); + return ERR_DM_IPC_WRITE_FAILED; + } + return DM_OK; +} int32_t SetXcollieTimer() { @@ -126,26 +184,6 @@ void DecodePeerTargetId(MessageParcel &parcel, PeerTargetId &targetId) targetId.wifiPort = parcel.ReadUint16(); } -void DecodeDmAccessCaller(MessageParcel &parcel, DmAccessCaller &caller) -{ - caller.accountId = parcel.ReadString(); - caller.pkgName = parcel.ReadString(); - caller.networkId = parcel.ReadString(); - caller.userId = parcel.ReadInt32(); - caller.tokenId = parcel.ReadUint64(); - caller.extra = parcel.ReadString(); -} - -void DecodeDmAccessCallee(MessageParcel &parcel, DmAccessCallee &callee) -{ - callee.accountId = parcel.ReadString(); - callee.networkId = parcel.ReadString(); - callee.peerId = parcel.ReadString(); - callee.userId = parcel.ReadInt32(); - callee.extra = parcel.ReadString(); - callee.tokenId = parcel.ReadUint64(); -} - ON_IPC_SET_REQUEST(SERVER_DEVICE_STATE_NOTIFY, std::shared_ptr pBaseReq, MessageParcel &data) { CHECK_NULL_RETURN(pBaseReq, ERR_DM_FAILED); @@ -1391,33 +1429,14 @@ ON_IPC_CMD(CHECK_API_PERMISSION, MessageParcel &data, MessageParcel &reply) ON_IPC_CMD(CHECK_ACCESS_CONTROL, MessageParcel &data, MessageParcel &reply) { - DmAccessCaller caller; - DmAccessCallee callee; - DecodeDmAccessCaller(data, caller); - DecodeDmAccessCallee(data, callee); - int32_t result = DeviceManagerService::GetInstance().CheckAccessControl(caller, callee); - if (!reply.WriteInt32(result)) { - LOGE("write result failed."); - return ERR_DM_IPC_WRITE_FAILED; - } - return DM_OK; + return OnIpcCmd(CHECK_ACCESS_CONTROL, data, reply); } ON_IPC_CMD(CHECK_SAME_ACCOUNT, MessageParcel &data, MessageParcel &reply) { - DmAccessCaller caller; - DmAccessCallee callee; - DecodeDmAccessCaller(data, caller); - DecodeDmAccessCallee(data, callee); - int32_t result = DeviceManagerService::GetInstance().CheckIsSameAccount(caller, callee); - if (!reply.WriteInt32(result)) { - LOGE("write result failed."); - return ERR_DM_IPC_WRITE_FAILED; - } - return DM_OK; + return OnIpcCmd(CHECK_SAME_ACCOUNT, data, reply); } - ON_IPC_CMD(SHIFT_LNN_GEAR, MessageParcel &data, MessageParcel &reply) { std::string pkgName = data.ReadString(); @@ -1943,5 +1962,25 @@ ON_IPC_CMD(UNREGISTER_PIN_HOLDER_CALLBACK, MessageParcel &data, MessageParcel &r } return DM_OK; } + +ON_IPC_CMD(CHECK_SRC_ACCESS_CONTROL, MessageParcel &data, MessageParcel &reply) +{ + return OnIpcCmd(CHECK_SRC_ACCESS_CONTROL, data, reply); +} + +ON_IPC_CMD(CHECK_SINK_ACCESS_CONTROL, MessageParcel &data, MessageParcel &reply) +{ + return OnIpcCmd(CHECK_SINK_ACCESS_CONTROL, data, reply); +} + +ON_IPC_CMD(CHECK_SRC_SAME_ACCOUNT, MessageParcel &data, MessageParcel &reply) +{ + return OnIpcCmd(CHECK_SRC_SAME_ACCOUNT, data, reply); +} + +ON_IPC_CMD(CHECK_SINK_SAME_ACCOUNT, MessageParcel &data, MessageParcel &reply) +{ + return OnIpcCmd(CHECK_SINK_SAME_ACCOUNT, data, reply); +} } // namespace DistributedHardware } // namespace OHOS diff --git a/test/commonunittest/UTTest_dm_deviceprofile_connector.cpp b/test/commonunittest/UTTest_dm_deviceprofile_connector.cpp index 3731b851f7f6f5c0041ddf7acb502eab066fbd2f..f470f41571ecd128d71a3180ff2f93e9bc0dbfc9 100644 --- a/test/commonunittest/UTTest_dm_deviceprofile_connector.cpp +++ b/test/commonunittest/UTTest_dm_deviceprofile_connector.cpp @@ -1021,14 +1021,6 @@ HWTEST_F(DeviceProfileConnectorTest, ProcessBindType_004, testing::ext::TestSize EXPECT_EQ(bindTypeIndex, vector({0})); } -HWTEST_F(DeviceProfileConnectorTest, CheckIdenticalAccount_001, testing::ext::TestSize.Level1) -{ - int32_t userId = 0; - std::string accountId; - bool ret = DeviceProfileConnector::GetInstance().CheckIdenticalAccount(userId, accountId); - EXPECT_EQ(ret, true); -} - HWTEST_F(DeviceProfileConnectorTest, CheckSrcDevIdInAclForDevBind_001, testing::ext::TestSize.Level1) { std::string pkgName; diff --git a/test/commonunittest/UTTest_dm_deviceprofile_connector_second.cpp b/test/commonunittest/UTTest_dm_deviceprofile_connector_second.cpp index a7afeaccc7cb203d440262e146694bcec47553cf..4cd98feeb13d9b6b48f58690bd26da84f443b59e 100644 --- a/test/commonunittest/UTTest_dm_deviceprofile_connector_second.cpp +++ b/test/commonunittest/UTTest_dm_deviceprofile_connector_second.cpp @@ -166,13 +166,11 @@ HWTEST_F(DeviceProfileConnectorSecondTest, PutAccessControlList_201, testing::ex EXPECT_EQ(ret, ERR_DM_FAILED); } -HWTEST_F(DeviceProfileConnectorSecondTest, CheckIdenticalAccount_201, testing::ext::TestSize.Level1) +HWTEST_F(DeviceProfileConnectorSecondTest, DeleteSigTrustACL_201, testing::ext::TestSize.Level1) { int32_t userId = 0; std::string accountId; EXPECT_CALL(*distributedDeviceProfileClientMock_, GetAccessControlProfile(_, _)).WillOnce(Return(ERR_DM_FAILED)); - bool ret = DeviceProfileConnector::GetInstance().CheckIdenticalAccount(userId, accountId); - EXPECT_FALSE(ret); userId = 1; int32_t bindType = 1; diff --git a/test/servicesfuzztest/deviceprofileconnector_fuzzer/device_profile_connector_fuzzer.cpp b/test/servicesfuzztest/deviceprofileconnector_fuzzer/device_profile_connector_fuzzer.cpp index 7629856a16c371078609d0c5fe2efbc0f6f7b657..5301a71782fd64d4eafd411a7bc5d7883da3a616 100644 --- a/test/servicesfuzztest/deviceprofileconnector_fuzzer/device_profile_connector_fuzzer.cpp +++ b/test/servicesfuzztest/deviceprofileconnector_fuzzer/device_profile_connector_fuzzer.cpp @@ -62,7 +62,6 @@ void DeviceProfileConnectorFuzzTest(const uint8_t* data, size_t size) DeviceProfileConnector::GetInstance().GetProcessInfoFromAclByUserId(localDeviceId, targetDeviceId, userId); DeviceProfileConnector::GetInstance().PutAccessControlList(aclInfo, dmAccesser, dmAccessee); DeviceProfileConnector::GetInstance().UpdateAccessControlList(userId, accountId, accountId); - DeviceProfileConnector::GetInstance().CheckIdenticalAccount(userId, accountId); DeviceProfileConnector::GetInstance().CheckDevIdInAclForDevBind(pkgName, localDeviceId); DeviceProfileConnector::GetInstance().DeleteTimeOutAcl(localDeviceId, offlineParam); DeviceProfileConnector::GetInstance().GetTrustNumber(localDeviceId);