From 78f2e491164c7b16a1f6dbb08c438fec4f780896 Mon Sep 17 00:00:00 2001 From: yangwei_814916 Date: Sun, 25 May 2025 15:20:31 +0800 Subject: [PATCH 1/2] =?UTF-8?q?ACL=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: yangwei_814916 --- .../include/deviceprofile_connector.h | 6 + .../src/deviceprofile_connector.cpp | 113 +++++++++++++----- 2 files changed, 87 insertions(+), 32 deletions(-) diff --git a/commondependency/include/deviceprofile_connector.h b/commondependency/include/deviceprofile_connector.h index 60027daf1..6b22ed66f 100644 --- a/commondependency/include/deviceprofile_connector.h +++ b/commondependency/include/deviceprofile_connector.h @@ -406,6 +406,12 @@ private: bool CheckSinkP2PAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile, const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid); + bool CheckSinkUserAcl(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, + const std::string &sinkUdid); + bool CheckSinkAppOrServiceAcl(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, + const std::string &sinkUdid); }; extern "C" IDeviceProfileConnector *CreateDpConnectorInstance(); diff --git a/commondependency/src/deviceprofile_connector.cpp b/commondependency/src/deviceprofile_connector.cpp index 861e9da02..7ed6e6158 100644 --- a/commondependency/src/deviceprofile_connector.cpp +++ b/commondependency/src/deviceprofile_connector.cpp @@ -1677,8 +1677,12 @@ DM_EXPORT bool DeviceProfileConnector::CheckAccessControl( const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid) { - LOGI("PkgName = %{public}s, srcUdid = %{public}s, sinkUdid = %{public}s", - caller.pkgName.c_str(), GetAnonyString(srcUdid).c_str(), GetAnonyString(sinkUdid).c_str()); + LOGI("srcUdid %{public}s, srcUserId %{public}d, srcPkgName %{public}s, srcTokenId %{public}d," + "srcAccountId %{public}s, sinkUdid %{public}s, sinkUserId %{public}d, sinkPkgName %{public}s," + "sinkTokenId %{public}d, sinkAccountId %{public}s.", GetAnonyString(srcUdid).c_str(), caller.userId, + caller.pkgName.c_str(), static_cast(caller.tokenId), GetAnonyString(caller.accountId).c_str(), + GetAnonyString(sinkUdid).c_str(), callee.userId, callee.pkgName.c_str(), static_cast(callee.tokenId), + GetAnonyString(callee.accountId).c_str()); std::vector profiles = GetAllAccessControlProfile(); std::vector profilesFilter = GetACLByDeviceIdAndUserId(profiles, caller, srcUdid, callee, sinkUdid); @@ -1751,8 +1755,12 @@ DM_EXPORT bool DeviceProfileConnector::CheckIsSameAccount( const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid) { - LOGI("DeviceProfileConnector::CheckIsSameAccount pkgName %{public}s, srcUdid %{public}s, sinkUdid %{public}s", - caller.pkgName.c_str(), GetAnonyString(srcUdid).c_str(), GetAnonyString(sinkUdid).c_str()); + LOGI("srcUdid %{public}s, srcUserId %{public}d, srcPkgName %{public}s, srcTokenId %{public}d," + "srcAccountId %{public}s, sinkUdid %{public}s, sinkUserId %{public}d, sinkPkgName %{public}s," + "sinkTokenId %{public}d, sinkAccountId %{public}s.", GetAnonyString(srcUdid).c_str(), caller.userId, + caller.pkgName.c_str(), static_cast(caller.tokenId), GetAnonyString(caller.accountId).c_str(), + GetAnonyString(sinkUdid).c_str(), callee.userId, callee.pkgName.c_str(), static_cast(callee.tokenId), + GetAnonyString(callee.accountId).c_str()); std::vector profiles = GetAllAccessControlProfile(); std::vector profilesFilter = GetACLByDeviceIdAndUserId(profiles, caller, srcUdid, callee, sinkUdid); @@ -3047,23 +3055,33 @@ bool DeviceProfileConnector::CheckSrcP2PAccessControl(const DistributedDevicePro std::string aceePkgName = profile.GetAccessee().GetAccesseeBundleName(); uint32_t bindLevel = profile.GetBindLevel(); - //bind level is user, accesser is caller, accessee is callee - if (bindLevel == USER && srcUdid == acerDeviceId && caller.userId == acerUserId && sinkUdid == aceeDeviceId) { - return true; - } - //bind level is user, accessee is caller, accesser is callee - if (bindLevel == USER && srcUdid == aceeDeviceId && caller.userId == aceeUserId && sinkUdid == acerDeviceId) { - return true; - } - //bind level is app or service, accesser is caller, accessee is callee - if ((bindLevel == SERVICE || bindLevel == APP) && srcUdid == acerDeviceId && caller.userId == acerUserId && - static_cast(caller.tokenId) == acerTokenId && sinkUdid == aceeDeviceId) { - return true; - } - //bind level is app or service, accessee is caller, accesser is callee - if ((bindLevel == SERVICE || bindLevel == APP) && srcUdid == aceeDeviceId && caller.userId == aceeUserId && - static_cast(caller.tokenId) == aceeTokenId && sinkUdid == acerDeviceId) { - return true; + switch (bindLevel) { + case USER: + //bind level is user, accesser is caller, accessee is callee + if (srcUdid == acerDeviceId && caller.userId == acerUserId && sinkUdid == aceeDeviceId) { + return true; + } + //bind level is user, accessee is caller, accesser is callee + if (srcUdid == aceeDeviceId && caller.userId == aceeUserId && sinkUdid == acerDeviceId) { + return true; + } + break; + case SERVICE: + case APP: + //bind level is user, accesser is caller, accessee is callee + if (srcUdid == acerDeviceId && caller.userId == acerUserId && + static_cast(caller.tokenId) == acerTokenId && sinkUdid == aceeDeviceId) { + return true; + } + //bind level is user, accessee is caller, accesser is callee + if (srcUdid == aceeDeviceId && caller.userId == aceeUserId && + static_cast(caller.tokenId) == aceeTokenId && sinkUdid == acerDeviceId) { + return true; + } + break; + default: + LOGE("invalid bindLevel %{public}d.", bindLevel); + break; } return false; } @@ -3156,37 +3174,68 @@ bool DeviceProfileConnector::CheckSinkShareAccessControl(const DistributedDevice bool DeviceProfileConnector::CheckSinkP2PAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile, const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid) +{ + uint32_t bindLevel = profile.GetBindLevel(); + switch (bindLevel) { + case USER: + if (CheckSinkUserAcl(profile, caller, srcUdid, callee, sinkUdid)) { + return true; + } + break; + case SERVICE: + case APP: + if (CheckSinkAppOrServiceAcl(profile, caller, srcUdid, callee, sinkUdid)) { + return true; + } + break; + default: + LOGE("invalid bindLevel %{public}d.", bindLevel); + break; + } + return false; +} + +bool DeviceProfileConnector::CheckSinkUserAcl(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, + const std::string &sinkUdid) { std::string acerDeviceId = profile.GetAccesser().GetAccesserDeviceId(); int32_t acerUserId = profile.GetAccesser().GetAccesserUserId(); - int32_t acerTokenId = static_cast(profile.GetAccesser().GetAccesserTokenId()); - std::string acerPkgName = profile.GetAccesser().GetAccesserBundleName(); std::string aceeDeviceId = profile.GetAccessee().GetAccesseeDeviceId(); int32_t aceeUserId = profile.GetAccessee().GetAccesseeUserId(); - int32_t aceeTokenId = static_cast(profile.GetAccessee().GetAccesseeTokenId()); - std::string aceePkgName = profile.GetAccessee().GetAccesseeBundleName(); - - uint32_t bindLevel = profile.GetBindLevel(); - //bind level is user, accesser is caller, accessee is callee - if (bindLevel == USER && srcUdid == acerDeviceId && caller.userId == acerUserId && sinkUdid == aceeDeviceId && + if (srcUdid == acerDeviceId && caller.userId == acerUserId && sinkUdid == aceeDeviceId && callee.userId == aceeUserId) { return true; } //bind level is user, accessee is caller, accesser is callee - if (bindLevel == USER && srcUdid == aceeDeviceId && caller.userId == aceeUserId && sinkUdid == acerDeviceId && + if (srcUdid == aceeDeviceId && caller.userId == aceeUserId && sinkUdid == acerDeviceId && callee.userId == acerUserId) { return true; } + return false; +} + +bool DeviceProfileConnector::CheckSinkAppOrServiceAcl(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, + const std::string &sinkUdid) +{ + std::string acerDeviceId = profile.GetAccesser().GetAccesserDeviceId(); + int32_t acerUserId = profile.GetAccesser().GetAccesserUserId(); + int32_t acerTokenId = static_cast(profile.GetAccesser().GetAccesserTokenId()); + + std::string aceeDeviceId = profile.GetAccessee().GetAccesseeDeviceId(); + int32_t aceeUserId = profile.GetAccessee().GetAccesseeUserId(); + int32_t aceeTokenId = static_cast(profile.GetAccessee().GetAccesseeTokenId()); //bind level is app or service, accesser is caller, accessee is callee - if ((bindLevel == SERVICE || bindLevel == APP) && srcUdid == acerDeviceId && caller.userId == acerUserId && + if (srcUdid == acerDeviceId && caller.userId == acerUserId && static_cast(caller.tokenId) == acerTokenId && sinkUdid == aceeDeviceId && callee.userId == aceeUserId && static_cast(callee.tokenId) == aceeTokenId) { return true; } //bind level is app or service, accessee is caller, accesser is callee - if ((bindLevel == SERVICE || bindLevel == APP) && srcUdid == aceeDeviceId && caller.userId == aceeUserId && + if (srcUdid == aceeDeviceId && caller.userId == aceeUserId && static_cast(caller.tokenId) == aceeTokenId && sinkUdid == acerDeviceId && callee.userId == acerUserId && static_cast(callee.tokenId) == acerTokenId) { return true; -- Gitee From 7579fda0f9e56dab8f23414420bc77467ab22f89 Mon Sep 17 00:00:00 2001 From: yangwei_814916 Date: Sun, 1 Jun 2025 17:40:23 +0800 Subject: [PATCH 2/2] =?UTF-8?q?ACL=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: yangwei_814916 --- commondependency/include/deviceprofile_connector.h | 4 ++-- commondependency/src/deviceprofile_connector.cpp | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/commondependency/include/deviceprofile_connector.h b/commondependency/include/deviceprofile_connector.h index 6b22ed66f..43339f114 100644 --- a/commondependency/include/deviceprofile_connector.h +++ b/commondependency/include/deviceprofile_connector.h @@ -406,10 +406,10 @@ private: bool CheckSinkP2PAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile, const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid); - bool CheckSinkUserAcl(const DistributedDeviceProfile::AccessControlProfile &profile, + bool CheckSinkUserP2PAcl(const DistributedDeviceProfile::AccessControlProfile &profile, const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid); - bool CheckSinkAppOrServiceAcl(const DistributedDeviceProfile::AccessControlProfile &profile, + bool CheckSinkAppOrServiceP2PAcl(const DistributedDeviceProfile::AccessControlProfile &profile, const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid); }; diff --git a/commondependency/src/deviceprofile_connector.cpp b/commondependency/src/deviceprofile_connector.cpp index 7ed6e6158..6a93d416e 100644 --- a/commondependency/src/deviceprofile_connector.cpp +++ b/commondependency/src/deviceprofile_connector.cpp @@ -3178,13 +3178,13 @@ bool DeviceProfileConnector::CheckSinkP2PAccessControl(const DistributedDevicePr uint32_t bindLevel = profile.GetBindLevel(); switch (bindLevel) { case USER: - if (CheckSinkUserAcl(profile, caller, srcUdid, callee, sinkUdid)) { + if (CheckSinkUserP2PAcl(profile, caller, srcUdid, callee, sinkUdid)) { return true; } break; case SERVICE: case APP: - if (CheckSinkAppOrServiceAcl(profile, caller, srcUdid, callee, sinkUdid)) { + if (CheckSinkAppOrServiceP2PAcl(profile, caller, srcUdid, callee, sinkUdid)) { return true; } break; @@ -3195,7 +3195,7 @@ bool DeviceProfileConnector::CheckSinkP2PAccessControl(const DistributedDevicePr return false; } -bool DeviceProfileConnector::CheckSinkUserAcl(const DistributedDeviceProfile::AccessControlProfile &profile, +bool DeviceProfileConnector::CheckSinkUserP2PAcl(const DistributedDeviceProfile::AccessControlProfile &profile, const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid) { @@ -3217,7 +3217,7 @@ bool DeviceProfileConnector::CheckSinkUserAcl(const DistributedDeviceProfile::Ac return false; } -bool DeviceProfileConnector::CheckSinkAppOrServiceAcl(const DistributedDeviceProfile::AccessControlProfile &profile, +bool DeviceProfileConnector::CheckSinkAppOrServiceP2PAcl(const DistributedDeviceProfile::AccessControlProfile &profile, const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid) { -- Gitee