From 44402dc32cd9f00e16466cc0ddc87ed162c963a8 Mon Sep 17 00:00:00 2001 From: libo429 Date: Thu, 19 Jun 2025 18:26:19 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BB=A3=E7=90=86-=E8=A7=A3=E7=BB=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: libo429 --- common/include/dm_constants.h | 7 + common/src/dm_constants.cpp | 7 + .../include/deviceprofile_connector.h | 11 +- .../src/deviceprofile_connector.cpp | 184 +++++++++++++++--- .../include/device_manager_service_impl.h | 1 + .../src/device_manager_service_impl.cpp | 49 +++-- .../service/include/device_manager_service.h | 5 + .../service/src/device_manager_service.cpp | 105 ++++++++++ .../src/ipc/standard/ipc_cmd_parser.cpp | 6 +- utils/include/appInfo/standard/app_manager.h | 1 + utils/src/appInfo/standard/app_manager.cpp | 29 +++ 11 files changed, 364 insertions(+), 41 deletions(-) diff --git a/common/include/dm_constants.h b/common/include/dm_constants.h index 98484ad06..af0eb9210 100755 --- a/common/include/dm_constants.h +++ b/common/include/dm_constants.h @@ -56,6 +56,8 @@ DM_EXPORT extern const char* FIELD_CREDENTIAL_EXISTS; DM_EXPORT extern const char* DM_TYPE_MINE; DM_EXPORT extern const char* DM_TYPE_OH; DM_EXPORT extern const char* TAG_SESSION_HEARTBEAT; +DM_EXPORT extern const char* TAG_BUNDLE_NAME; +DM_EXPORT extern const char* TAG_TOKENID; //The following constant are provided only for HiLink. DM_EXPORT extern const char *EXT_PART; @@ -158,6 +160,11 @@ DM_EXPORT extern const char* PARAM_KEY_HML_ACTIONID; DM_EXPORT extern const char* CONN_SESSION_TYPE_HML; DM_EXPORT extern const char* CONN_SESSION_TYPE_BLE; DM_EXPORT extern const char* UN_BIND_PARAM_UDID_KEY; +DM_EXPORT extern const char* PARAM_KEY_IS_PROXY_BIND; +DM_EXPORT extern const char* PARAM_KEY_IS_CALLING_PROXY_AS_SUBJECT; +DM_EXPORT extern const char* PARAM_KEY_SUBJECT_PROXYED_APPS; +DM_EXPORT extern const char* DM_VAL_TRUE; +DM_EXPORT extern const char* DM_VAL_FALSE; // screen state enum ScreenState { diff --git a/common/src/dm_constants.cpp b/common/src/dm_constants.cpp index f70b2272f..05484bc88 100644 --- a/common/src/dm_constants.cpp +++ b/common/src/dm_constants.cpp @@ -47,6 +47,8 @@ const char* FIELD_CREDENTIAL_EXISTS = "isCredentialExists"; const char* DM_TYPE_MINE = "MINE"; const char* DM_TYPE_OH = "OH"; const char* TAG_SESSION_HEARTBEAT = "session_heartbeat"; +const char* TAG_BUNDLE_NAME = "bundleName"; +const char* TAG_TOKENID = "tokenId"; //The following constant are provided only for HiLink. const char *EXT_PART = "ext_part"; @@ -148,6 +150,11 @@ const char* PARAM_KEY_HML_ACTIONID = "hmlActionId"; const char* CONN_SESSION_TYPE_HML = "HML"; const char* CONN_SESSION_TYPE_BLE = "BLE"; const char* UN_BIND_PARAM_UDID_KEY = "udidKey"; +const char* PARAM_KEY_IS_PROXY_BIND = "isProxyBind"; +const char* PARAM_KEY_IS_CALLING_PROXY_AS_SUBJECT = "isCallingProxyAsSubject"; +const char* PARAM_KEY_SUBJECT_PROXYED_APPS = "subjectProxyedApps"; +const char* DM_VAL_TRUE = "true"; +const char* DM_VAL_FALSE = "false"; // errCode map const std::map MAP_ERROR_CODE = { diff --git a/commondependency/include/deviceprofile_connector.h b/commondependency/include/deviceprofile_connector.h index 1aa8990e1..fe9feb377 100644 --- a/commondependency/include/deviceprofile_connector.h +++ b/commondependency/include/deviceprofile_connector.h @@ -104,6 +104,7 @@ typedef struct DmAclIdParam { int64_t accessControlId; int32_t skId; std::string credId; + bool isRetainCredId = false; } DmAclIdParam; typedef struct DmOfflineParam { @@ -186,6 +187,12 @@ public: DM_EXPORT std::vector GetProcessInfoFromAclByUserId(const std::string &localDeviceId, const std::string &targetDeviceId, int32_t userId); + DM_EXPORT std::vector GetProxyTokenIdByExtra(const std::string &extraInfo); + DM_EXPORT void ParseExtra(const std::string &extra, uint64_t &peerTokenId, std::string &peerBundleName); + DM_EXPORT std::vector> GetAgentToProxyVecFromAclByUserId( + const std::string &localDeviceId, const std::string &targetDeviceId, int32_t userId); + DM_EXPORT void FilterNeedDeleteCred(std::vector &acls, + std::vector &profiles); DM_EXPORT bool CheckSrcDevIdInAclForDevBind(const std::string &pkgName, const std::string &deviceId); DM_EXPORT bool CheckSinkDevIdInAclForDevBind(const std::string &pkgName, @@ -330,6 +337,9 @@ private: const std::vector &profilesFilter, const int32_t &userId); int32_t GetAuthForm(DistributedDeviceProfile::AccessControlProfile profiles, const std::string &trustDev, const std::string &reqDev); + bool CheckAuthFormProxyTokenId(const std::string extraStr); + int32_t FilterSameCredentialAndGetQuantity(int64_t accessControlId, const std::string &aclCredId, + std::vector &profiles); int32_t CheckAuthForm(DmAuthForm form, DistributedDeviceProfile::AccessControlProfile profiles, DmDiscoveryInfo discoveryInfo); bool SingleUserProcess(const DistributedDeviceProfile::AccessControlProfile &profile, const DmAccessCaller &caller, @@ -384,7 +394,6 @@ private: std::string GetDeviceAuthVersionInfo(std::string localUdid, std::string remoteUdid, std::vector profiles); - void ParseExtra(const std::string &extra, uint64_t &peerTokenId, std::string &peerBundleName); bool CacheLnnAcl(DistributedDeviceProfile::AccessControlProfile profile, const std::string &localUdid, DmAclIdParam &dmAclIdParam); void CheckLastLnnAcl(const std::string &localDeviceId, int32_t userId, const std::string &remoteDeviceId, diff --git a/commondependency/src/deviceprofile_connector.cpp b/commondependency/src/deviceprofile_connector.cpp index 4b3a3b1dd..7b5c52ef9 100644 --- a/commondependency/src/deviceprofile_connector.cpp +++ b/commondependency/src/deviceprofile_connector.cpp @@ -24,6 +24,8 @@ #include "multiple_user_connector.h" #include "distributed_device_profile_client.h" #include "system_ability_definition.h" +#include "ipc_skeleton.h" +#include "app_manager.h" using namespace OHOS::DistributedDeviceProfile; @@ -48,6 +50,7 @@ const char* TAG_PEER_BUNDLE_NAME = "peerBundleName"; const char* TAG_PEER_TOKENID = "peerTokenId"; const char* TAG_ACL = "accessControlTable"; const char* TAG_DMVERSION = "dmVersion"; +const char* TAG_PROXY = "proxy"; const char* TAG_ACL_HASH_KEY_VERSION = "aclVersion"; const char* TAG_ACL_HASH_KEY_ACLHASHLIST = "aclHashList"; @@ -392,6 +395,7 @@ DM_EXPORT DmOfflineParam DeviceProfileConnector::FilterNeedDeleteACL(const std:: } FilterNeedDeleteACLInfos(profiles, localDeviceId, localTokenId, remoteDeviceId, extra, offlineParam); + FilterNeedDeleteCred(offlineParam.needDelAclInfos, profiles); return offlineParam; } @@ -425,7 +429,8 @@ void DeviceProfileConnector::DeleteCacheAcl(std::vector delAclIdVec, } } -void DeviceProfileConnector::ParseExtra(const std::string &extra, uint64_t &peerTokenId, std::string &peerBundleName) +DM_EXPORT void DeviceProfileConnector::ParseExtra(const std::string &extra, + uint64_t &peerTokenId, std::string &peerBundleName) { JsonObject extraInfoJson(extra); if (extraInfoJson.IsDiscarded()) { @@ -796,6 +801,18 @@ int32_t DeviceProfileConnector::GetDeviceAclParam(DmDiscoveryInfo discoveryInfo, return DM_OK; } +bool DeviceProfileConnector::CheckAuthFormProxyTokenId(const std::string extraStr) +{ + std::vector proxyTokenIdVec = GetProxyTokenIdByExtra(extraStr); + int64_t callingTokenId = static_cast(IPCSkeleton::GetCallingTokenID()); + for (auto &proxyTokenId : proxyTokenIdVec) { + if (callingTokenId == proxyTokenId) { + return true; + } + } + return false; +} + int32_t DeviceProfileConnector::CheckAuthForm(DmAuthForm form, AccessControlProfile profiles, DmDiscoveryInfo discoveryInfo) { @@ -807,11 +824,13 @@ int32_t DeviceProfileConnector::CheckAuthForm(DmAuthForm form, AccessControlProf return form; } if (profiles.GetBindLevel() == APP || profiles.GetBindLevel() == SERVICE) { - if (discoveryInfo.pkgname == profiles.GetAccesser().GetAccesserBundleName() && + if ((discoveryInfo.pkgname == profiles.GetAccesser().GetAccesserBundleName() || + CheckAuthFormProxyTokenId(profiles.GetAccesser().GetAccesserExtraData())) && discoveryInfo.localDeviceId == profiles.GetAccesser().GetAccesserDeviceId()) { return form; } - if (discoveryInfo.pkgname == profiles.GetAccessee().GetAccesseeBundleName() && + if ((discoveryInfo.pkgname == profiles.GetAccessee().GetAccesseeBundleName() || + CheckAuthFormProxyTokenId(profiles.GetAccessee().GetAccesseeExtraData())) && discoveryInfo.localDeviceId == profiles.GetAccessee().GetAccesseeDeviceId()) { return form; } @@ -1070,6 +1089,25 @@ DM_EXPORT std::vector DeviceProfileConnector::SyncAclByBindType( return bindType; } +DM_EXPORT std::vector DeviceProfileConnector::GetProxyTokenIdByExtra(const std::string &extraInfo) +{ + std::vector tokenIdVec; + JsonObject extraInfoJson(extraInfo); + if (extraInfoJson.IsDiscarded() || !IsString(extraInfoJson, TAG_PROXY)) { + LOGE("GetProxyTokenIdByExtra extraInfoJson error"); + return tokenIdVec; + } + std::string proxyListStr = extraInfoJson[TAG_PROXY].Get(); + JsonObject proxyList; + if (!proxyList.Parse(proxyListStr)) { + LOGE("GetProxyTokenIdByExtra proxyListStr Parse error"); + return tokenIdVec; + } + for (auto &item : proxyList.Items()) { + tokenIdVec.push_back(item.Get()); + } + return tokenIdVec; +} DM_EXPORT std::vector DeviceProfileConnector::GetProcessInfoFromAclByUserId( @@ -1086,22 +1124,65 @@ std::vector DeviceProfileConnector::GetP std::string accesserUdid = item.GetAccesser().GetAccesserDeviceId(); std::string accesseeUdid = item.GetAccessee().GetAccesseeDeviceId(); OHOS::DistributedHardware::ProcessInfo processInfo; + std::string extraStr; if (accesserUdid == localDeviceId) { processInfo.pkgName = item.GetAccesser().GetAccesserBundleName(); processInfo.userId = item.GetAccesser().GetAccesserUserId(); processInfoVec.push_back(processInfo); - continue; - } - if (accesseeUdid == localDeviceId) { + extraStr = item.GetAccesser().GetAccesserExtraData(); + } else if (accesseeUdid == localDeviceId) { processInfo.pkgName = item.GetAccessee().GetAccesseeBundleName(); processInfo.userId = item.GetAccessee().GetAccesseeUserId(); processInfoVec.push_back(processInfo); + extraStr = item.GetAccessee().GetAccesseeExtraData(); + } else { continue; } + std::vector proxyTokenIdVec = GetProxyTokenIdByExtra(extraStr); + for (auto &proxyTokenId : proxyTokenIdVec) { + std::string proxyBundleName; + if (AppManager::GetInstance().GetBundleNameByTokenId(proxyTokenId, proxyBundleName) != DM_OK) { + continue; + } + processInfo.pkgName = proxyBundleName; + processInfoVec.push_back(processInfo); + } } return processInfoVec; } +DM_EXPORT std::vector> DeviceProfileConnector::GetAgentToProxyVecFromAclByUserId( + const std::string &localDeviceId, const std::string &targetDeviceId, int32_t userId) +{ + std::vector filterProfiles = GetAclProfileByUserId(localDeviceId, + userId, targetDeviceId); + LOGI("filterProfiles size is %{public}zu", filterProfiles.size()); + std::vector> agentToProxyVec; + for (auto &item : filterProfiles) { + if (IsLnnAcl(item) || item.GetTrustDeviceId() != targetDeviceId) { + continue; + } + std::string accesserUdid = item.GetAccesser().GetAccesserDeviceId(); + std::string accesseeUdid = item.GetAccessee().GetAccesseeDeviceId(); + int64_t agentTokenId; + std::string extraStr; + if (accesserUdid == localDeviceId) { + agentTokenId = item.GetAccesser().GetAccesserTokenId(); + extraStr = item.GetAccesser().GetAccesserExtraData(); + } else if (accesseeUdid == localDeviceId) { + agentTokenId = item.GetAccessee().GetAccesseeTokenId(); + extraStr = item.GetAccessee().GetAccesseeExtraData(); + } else { + continue; + } + std::vector proxyTokenIdVec = GetProxyTokenIdByExtra(extraStr); + for (auto &proxyTokenId : proxyTokenIdVec) { + agentToProxyVec.push_back(std::pair(agentTokenId, proxyTokenId)); + } + } + return agentToProxyVec; +} + int32_t DeviceProfileConnector::PutAccessControlList(DmAclInfo aclInfo, DmAccesser dmAccesser, DmAccessee dmAccessee) { LOGI("Start."); @@ -1293,20 +1374,59 @@ DmOfflineParam DeviceProfileConnector::DeleteAccessControlList(const std::string return offlineParam; } +int32_t DeviceProfileConnector::FilterSameCredentialAndGetQuantity(int64_t accessControlId, + const std::string &aclCredId, std::vector &profiles) +{ + int32_t credIdNums = 0; + if (aclCredId == "") { + LOGE("aclCredId is empty."); + return credIdNums; + } + auto iterator = profiles.begin(); + while (iterator != profiles.end()) { + if (iterator->GetAccessControlId() == accessControlId && + (iterator->GetAccesser().GetAccesserCredentialIdStr() == aclCredId || + iterator->GetAccessee().GetAccesseeCredentialIdStr() == aclCredId)) { + iterator = profiles.erase(iterator); + continue; + } + if (iterator->GetAccessControlId() != accessControlId && + (iterator->GetAccesser().GetAccesserCredentialIdStr() == aclCredId || + iterator->GetAccessee().GetAccesseeCredentialIdStr() == aclCredId)) { + credIdNums++; + } + iterator++; + } + return credIdNums; +} + +DM_EXPORT void DeviceProfileConnector::FilterNeedDeleteCred(std::vector &acls, + std::vector &profiles) +{ + for (auto &item : acls) { + if (FilterSameCredentialAndGetQuantity(item.accessControlId, item.credId, profiles) > 0) { + item.isRetainCredId = true; + } + } +} + void DeviceProfileConnector::DeleteAppBindLevel(DmOfflineParam &offlineParam, const std::string &pkgName, const std::vector &profiles, const std::string &localUdid, const std::string &remoteUdid) { int32_t bindNums = 0; int32_t deleteNums = 0; + std::vector profilesTemp = profiles; for (auto &item : profiles) { if (item.GetTrustDeviceId() != remoteUdid || item.GetBindType() == DM_IDENTICAL_ACCOUNT || item.GetBindLevel() != APP) { continue; } bindNums++; + std::string aclCredId = ""; if (item.GetAccesser().GetAccesserBundleName() == pkgName && item.GetAccesser().GetAccesserDeviceId() == localUdid && item.GetAccessee().GetAccesseeDeviceId() == remoteUdid) { + aclCredId = item.GetAccesser().GetAccesserCredentialIdStr(); DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); deleteNums++; offlineParam.bindType = APP; @@ -1318,11 +1438,11 @@ void DeviceProfileConnector::DeleteAppBindLevel(DmOfflineParam &offlineParam, co LOGI("Src delete acl pkgName %{public}s, bindType %{public}d, localUdid %{public}s, remoteUdid %{public}s", pkgName.c_str(), item.GetBindType(), GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str()); - continue; } if (item.GetAccessee().GetAccesseeBundleName() == pkgName && item.GetAccessee().GetAccesseeDeviceId() == localUdid && item.GetAccesser().GetAccesserDeviceId() == remoteUdid) { + aclCredId = item.GetAccessee().GetAccesseeCredentialIdStr(); DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); deleteNums++; offlineParam.bindType = APP; @@ -1334,7 +1454,9 @@ void DeviceProfileConnector::DeleteAppBindLevel(DmOfflineParam &offlineParam, co LOGI("Sink delete acl pkgName %{public}s, bindType %{public}u, localUdid %{public}s, remoteUdid %{public}s", pkgName.c_str(), item.GetBindType(), GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str()); - continue; + } + if (FilterSameCredentialAndGetQuantity(item.GetAccessControlId(), aclCredId, profilesTemp) > 0) { + bindNums++; } } offlineParam.leftAclNumber = bindNums - deleteNums; @@ -1345,25 +1467,25 @@ void DeviceProfileConnector::DeleteAppBindLevel(DmOfflineParam &offlineParam, co const std::string &remoteUdid, const std::string &extra) { LOGI("DeviceProfileConnector::DeleteAppBindLevel extra %{public}s", extra.c_str()); - int32_t bindNums = 0; - int32_t deleteNums = 0; + offlineParam.leftAclNumber = 0; uint64_t peerTokenId = 0; std::string peerBundleName; ParseExtra(extra, peerTokenId, peerBundleName); + std::vector profilesTemp = profiles; for (auto &item : profiles) { if (item.GetTrustDeviceId() != remoteUdid || item.GetBindType() == DM_IDENTICAL_ACCOUNT || item.GetBindLevel() != APP) { continue; } - bindNums++; + std::string aclCredId = ""; + ProcessInfo processInfo; if (item.GetAccesser().GetAccesserBundleName() == pkgName && item.GetAccessee().GetAccesseeBundleName() == peerBundleName && item.GetAccesser().GetAccesserDeviceId() == localUdid && item.GetAccessee().GetAccesseeDeviceId() == remoteUdid) { + aclCredId = item.GetAccesser().GetAccesserCredentialIdStr(); DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); - deleteNums++; offlineParam.bindType = APP; - ProcessInfo processInfo; processInfo.pkgName = item.GetAccesser().GetAccesserBundleName(); processInfo.userId = item.GetAccesser().GetAccesserUserId(); offlineParam.processVec.push_back(processInfo); @@ -1371,16 +1493,13 @@ void DeviceProfileConnector::DeleteAppBindLevel(DmOfflineParam &offlineParam, co LOGI("Src delete acl pkgName %{public}s, bindType %{public}d, localUdid %{public}s, remoteUdid %{public}s", pkgName.c_str(), item.GetBindType(), GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str()); - continue; - } - if (item.GetAccessee().GetAccesseeBundleName() == pkgName && + } else if (item.GetAccessee().GetAccesseeBundleName() == pkgName && item.GetAccesser().GetAccesserBundleName() == peerBundleName && item.GetAccessee().GetAccesseeDeviceId() == localUdid && item.GetAccesser().GetAccesserDeviceId() == remoteUdid) { + aclCredId = item.GetAccessee().GetAccesseeCredentialIdStr(); DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); - deleteNums++; offlineParam.bindType = APP; - ProcessInfo processInfo; processInfo.pkgName = item.GetAccessee().GetAccesseeBundleName(); processInfo.userId = item.GetAccessee().GetAccesseeUserId(); offlineParam.processVec.push_back(processInfo); @@ -1388,10 +1507,13 @@ void DeviceProfileConnector::DeleteAppBindLevel(DmOfflineParam &offlineParam, co LOGI("Sink delete acl pkgName %{public}s, bindType %{public}u, localUdid %{public}s, remoteUdid %{public}s", pkgName.c_str(), item.GetBindType(), GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str()); - continue; + } else { + offlineParam.leftAclNumber++; + } + if (FilterSameCredentialAndGetQuantity(item.GetAccessControlId(), aclCredId, profilesTemp) > 0) { + offlineParam.leftAclNumber++; } } - offlineParam.leftAclNumber = bindNums - deleteNums; } void DeviceProfileConnector::DeleteDeviceBindLevel(DmOfflineParam &offlineParam, @@ -1399,28 +1521,33 @@ void DeviceProfileConnector::DeleteDeviceBindLevel(DmOfflineParam &offlineParam, { int32_t bindNums = 0; int32_t deleteNums = 0; + std::vector profilesTemp = profiles; for (auto &item : profiles) { if (item.GetTrustDeviceId() != remoteUdid || item.GetBindType() == DM_IDENTICAL_ACCOUNT) { continue; } bindNums++; + std::string aclCredId = ""; if (item.GetAccesser().GetAccesserDeviceId() == localUdid && item.GetAccessee().GetAccesseeDeviceId() == remoteUdid) { + aclCredId = item.GetAccesser().GetAccesserCredentialIdStr(); DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); deleteNums++; offlineParam.bindType = USER; LOGI("Src delete acl bindType %{public}d, localUdid %{public}s, remoteUdid %{public}s", item.GetBindType(), GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str()); - continue; } if (item.GetAccessee().GetAccesseeDeviceId() == localUdid && item.GetAccesser().GetAccesserDeviceId() == remoteUdid) { + aclCredId = item.GetAccessee().GetAccesseeCredentialIdStr(); DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); deleteNums++; offlineParam.bindType = USER; LOGI("Sink delete acl bindType %{public}u, localUdid %{public}s, remoteUdid %{public}s", item.GetBindType(), GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str()); - continue; + } + if (FilterSameCredentialAndGetQuantity(item.GetAccessControlId(), aclCredId, profilesTemp) > 0) { + bindNums++; } } offlineParam.leftAclNumber = bindNums - deleteNums; @@ -1431,33 +1558,38 @@ void DeviceProfileConnector::DeleteServiceBindLevel(DmOfflineParam &offlineParam { int32_t bindNums = 0; int32_t deleteNums = 0; + std::vector profilesTemp = profiles; for (auto &item : profiles) { if (item.GetTrustDeviceId() != remoteUdid || item.GetBindType() == DM_IDENTICAL_ACCOUNT || item.GetBindLevel() != SERVICE) { continue; } bindNums++; + std::string aclCredId = ""; if (item.GetAccesser().GetAccesserBundleName() == pkgName && item.GetAccesser().GetAccesserDeviceId() == localUdid && item.GetAccessee().GetAccesseeDeviceId() == remoteUdid) { + aclCredId = item.GetAccesser().GetAccesserCredentialIdStr(); DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); deleteNums++; offlineParam.bindType = SERVICE; LOGI("Src delete acl pkgName %{public}s, bindType %{public}d, localUdid %{public}s, remoteUdid %{public}s", pkgName.c_str(), item.GetBindType(), GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str()); - continue; } if (item.GetAccessee().GetAccesseeBundleName() == pkgName && item.GetAccessee().GetAccesseeDeviceId() == localUdid && item.GetAccesser().GetAccesserDeviceId() == remoteUdid) { + aclCredId = item.GetAccessee().GetAccesseeCredentialIdStr(); DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); deleteNums++; offlineParam.bindType = SERVICE; LOGI("Sink delete acl pkgName %{public}s, bindType %{public}u, localUdid %{public}s, remoteUdid %{public}s", pkgName.c_str(), item.GetBindType(), GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str()); - continue; + } + if (FilterSameCredentialAndGetQuantity(item.GetAccessControlId(), aclCredId, profilesTemp) > 0) { + bindNums++; } } offlineParam.leftAclNumber = bindNums - deleteNums; @@ -1995,6 +2127,7 @@ DM_EXPORT int32_t DeviceProfileConnector::HandleDevUnBindEvent(int32_t remoteUse continue; } } + FilterNeedDeleteCred(offlineParam.needDelAclInfos, profiles); return bindType; } @@ -2035,6 +2168,7 @@ DM_EXPORT DmOfflineParam DeviceProfileConnector::HandleAppUnBindEvent(int32_t re continue; } } + FilterNeedDeleteCred(offlineParam.needDelAclInfos, profiles); return offlineParam; } @@ -2112,6 +2246,7 @@ DM_EXPORT DmOfflineParam DeviceProfileConnector::HandleAppUnBindEvent(int32_t re continue; } } + FilterNeedDeleteCred(offlineParam.needDelAclInfos, profiles); return offlineParam; } @@ -2190,6 +2325,7 @@ DmOfflineParam DeviceProfileConnector::HandleServiceUnBindEvent(int32_t remoteUs continue; } } + FilterNeedDeleteCred(offlineParam.needDelAclInfos, profiles); return offlineParam; } diff --git a/services/implementation/include/device_manager_service_impl.h b/services/implementation/include/device_manager_service_impl.h index 7e22d16a8..8f2e5281f 100644 --- a/services/implementation/include/device_manager_service_impl.h +++ b/services/implementation/include/device_manager_service_impl.h @@ -186,6 +186,7 @@ public: int32_t bindLevel, const std::string &extra); int32_t DeleteAclV2(const std::string &sessionName, const std::string &localUdid, const std::string &remoteUdid, int32_t bindLevel, const std::string &extra); + int32_t GetTokenIdByBundleName(int32_t userId, std::string &bundleName, int64_t &tokenId); void NotifyCleanEvent(uint64_t logicalSessionId); void HandleServiceUnBindEvent(int32_t userId, const std::string &remoteUdid, int32_t remoteTokenId); diff --git a/services/implementation/src/device_manager_service_impl.cpp b/services/implementation/src/device_manager_service_impl.cpp index 0d3886893..acbff332d 100644 --- a/services/implementation/src/device_manager_service_impl.cpp +++ b/services/implementation/src/device_manager_service_impl.cpp @@ -694,9 +694,10 @@ void DeviceManagerServiceImpl::HandleOffline(DmDeviceState devState, DmDeviceInf softbusConnector_->SetProcessInfo(processInfo); } else if (static_cast(item.second) == SERVICE || static_cast(item.second) == APP) { LOGI("The offline device is PEER_TO_PEER_TYPE bind type, %{public}" PRIu32, item.second); - std::vector processInfoVec = - DeviceProfileConnector::GetInstance().GetProcessInfoFromAclByUserId(requestDeviceId, trustDeviceId, - item.first); + auto processInfoVec = DeviceProfileConnector::GetInstance().GetProcessInfoFromAclByUserId( + requestDeviceId, trustDeviceId, item.first); + std::set processInfoSet(processInfoVec.begin(), processInfoVec.end()); + processInfoVec.assign(processInfoSet.begin(), processInfoSet.end()); softbusConnector_->SetProcessInfoVec(processInfoVec); } deviceStateMgr_->HandleDeviceStatusChange(devState, devInfo); @@ -743,12 +744,16 @@ void DeviceManagerServiceImpl::SetOnlineProcessInfo(const uint32_t &bindType, Pr std::vector processInfoVec = DeviceProfileConnector::GetInstance().GetProcessInfoFromAclByUserId(requestDeviceId, trustDeviceId, MultipleUserConnector::GetFirstForegroundUserId()); + std::set processInfoSet(processInfoVec.begin(), processInfoVec.end()); + processInfoVec.assign(processInfoSet.begin(), processInfoSet.end()); softbusConnector_->SetProcessInfoVec(processInfoVec); devInfo.authForm = DmAuthForm::PEER_TO_PEER; } else if (bindType == APP_ACROSS_ACCOUNT_TYPE || bindType == SERVICE_ACROSS_ACCOUNT_TYPE) { std::vector processInfoVec = DeviceProfileConnector::GetInstance().GetProcessInfoFromAclByUserId(requestDeviceId, trustDeviceId, MultipleUserConnector::GetFirstForegroundUserId()); + std::set processInfoSet(processInfoVec.begin(), processInfoVec.end()); + processInfoVec.assign(processInfoSet.begin(), processInfoSet.end()); softbusConnector_->SetProcessInfoVec(processInfoVec); devInfo.authForm = DmAuthForm::ACROSS_ACCOUNT; } else if (bindType == SHARE_TYPE) { @@ -2395,6 +2400,7 @@ void DeviceManagerServiceImpl::DeleteAclByTokenId(const int32_t accessTokenId, std::map &delProfileMap, std::vector> &delACLInfoVec, std::vector &userIdVec) { + std::vector profilesTemp = profiles; for (auto &item : profiles) { int64_t accesssertokenId = item.GetAccesser().GetAccesserTokenId(); int64_t accessseetokenId = item.GetAccessee().GetAccesseeTokenId(); @@ -2406,6 +2412,7 @@ void DeviceManagerServiceImpl::DeleteAclByTokenId(const int32_t accessTokenId, DmOfflineParam offlineParam; delProfileMap[item.GetAccessControlId()] = item; DeviceProfileConnector::GetInstance().CacheAcerAclId(item, offlineParam.needDelAclInfos); + DeviceProfileConnector::GetInstance().FilterNeedDeleteCred(offlineParam.needDelAclInfos, profilesTemp); DeleteSkCredAndAcl(offlineParam.needDelAclInfos); listener_->OnAppUnintall(item.GetAccesser().GetAccesserBundleName()); if (item.GetBindLevel() == USER) { @@ -2417,6 +2424,7 @@ void DeviceManagerServiceImpl::DeleteAclByTokenId(const int32_t accessTokenId, if (accessTokenId == static_cast(accessseetokenId)) { DmOfflineParam offlineParam; DeviceProfileConnector::GetInstance().CacheAceeAclId(item, offlineParam.needDelAclInfos); + DeviceProfileConnector::GetInstance().FilterNeedDeleteCred(offlineParam.needDelAclInfos, profilesTemp); delProfileMap[item.GetAccessControlId()] = item; DeleteSkCredAndAcl(offlineParam.needDelAclInfos); listener_->OnAppUnintall(item.GetAccessee().GetAccesseeBundleName()); @@ -2443,6 +2451,7 @@ void DeviceManagerServiceImpl::GetDelACLInfoVec(const int32_t &accessTokenId, std::vector> &delACLInfoVec, std::vector &userIdVec, const uint32_t &userId) { + std::vector profilesTemp = profiles; std::map delProfileMap; char localDeviceId[DEVICE_UUID_LENGTH] = {0}; GetDevUdid(localDeviceId, DEVICE_UUID_LENGTH); @@ -2460,6 +2469,7 @@ void DeviceManagerServiceImpl::GetDelACLInfoVec(const int32_t &accessTokenId, DmOfflineParam offlineParam; delProfileMap[item.GetAccessControlId()] = item; DeviceProfileConnector::GetInstance().CacheAcerAclId(item, offlineParam.needDelAclInfos); + DeviceProfileConnector::GetInstance().FilterNeedDeleteCred(offlineParam.needDelAclInfos, profilesTemp); DeleteSkCredAndAcl(offlineParam.needDelAclInfos); if (item.GetBindLevel() == USER) { userIdVec.push_back(item.GetAccessee().GetAccesseeUserId()); @@ -2472,6 +2482,7 @@ void DeviceManagerServiceImpl::GetDelACLInfoVec(const int32_t &accessTokenId, localUdid == item.GetAccesser().GetAccesserDeviceId()) { DmOfflineParam offlineParam; DeviceProfileConnector::GetInstance().CacheAceeAclId(item, offlineParam.needDelAclInfos); + DeviceProfileConnector::GetInstance().FilterNeedDeleteCred(offlineParam.needDelAclInfos, profilesTemp); delProfileMap[item.GetAccessControlId()] = item; DeleteSkCredAndAcl(offlineParam.needDelAclInfos); if (item.GetBindLevel() == USER) { @@ -2753,15 +2764,17 @@ int32_t DeviceManagerServiceImpl::DeleteSkCredAndAcl(const std::vectorDeleteCredential(item.userId, item.credId); - if (ret != DM_OK) { - LOGE("DeletecredId err, userId:%{public}d, credId:%{public}s, ret:%{public}d", item.userId, - item.credId.c_str(), ret); + if (item.isRetainCredId != true) { + ret = hiChainAuthConnector_->DeleteCredential(item.userId, item.credId); + if (ret != DM_OK) { + LOGE("DeletecredId err, ret:%{public}d", ret); + } } DeviceProfileConnector::GetInstance().DeleteAccessControlById(item.accessControlId); } @@ -2793,14 +2806,28 @@ int32_t DeviceManagerServiceImpl::DeleteAclForProcV2(const std::string &localUdi return DM_OK; } +int32_t DeviceManagerServiceImpl::GetTokenIdByBundleName(int32_t userId, std::string &bundleName, int64_t &tokenId) +{ + int32_t ret = AppManager::GetInstance().GetNativeTokenIdByName(bundleName, tokenId); + if (ret == DM_OK) { + return DM_OK; + } + ret = AppManager::GetInstance().GetHapTokenIdByName(userId, bundleName, 0, tokenId); + if (ret != DM_OK) { + LOGE("get tokenId by bundleName failed %{public}s", GetAnonyString(bundleName).c_str()); + } + return ret; +} + int32_t DeviceManagerServiceImpl::DeleteAclV2(const std::string &pkgName, const std::string &localUdid, const std::string &remoteUdid, int32_t bindLevel, const std::string &extra) { LOGI("pkgName %{public}s, localUdid %{public}s, remoteUdid %{public}s, bindLevel %{public}d.", pkgName.c_str(), GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str(), bindLevel); - uint32_t tokenId = 0; - MultipleUserConnector::GetTokenId(tokenId); + int64_t tokenId = 0; int32_t userId = MultipleUserConnector::GetCurrentAccountUserID(); + std::string bundleName = pkgName; + GetTokenIdByBundleName(userId, bundleName, tokenId); bool isNewVersion = IsAuthNewVersion(bindLevel, localUdid, remoteUdid, tokenId, userId); if (!isNewVersion) { return DeleteAcl(pkgName, localUdid, remoteUdid, bindLevel, extra); diff --git a/services/service/include/device_manager_service.h b/services/service/include/device_manager_service.h index d2bec5c49..012a88a2d 100644 --- a/services/service/include/device_manager_service.h +++ b/services/service/include/device_manager_service.h @@ -96,6 +96,9 @@ public: int32_t BindDevice(const std::string &pkgName, int32_t authType, const std::string &deviceId, const std::string &bindParam); + int32_t UnBindDeviceParseExtra(const std::string &pkgName, const std::string &udidHash, + const std::string &extra); + int32_t UnBindDevice(const std::string &pkgName, const std::string &udidHash); int32_t UnBindDevice(const std::string &pkgName, const std::string &udidHash, const std::string &extra); @@ -205,6 +208,8 @@ public: void HandleUserStop(int32_t stopUserId, const std::string &stopEventUdid); void HandleUserStop(int32_t stopUserId, const std::string &stopEventUdid, const std::vector &acceptEventUdids); + std::set> GetProxyInfosByParseExtra(const std::string &pkgName, + const std::string &extra, std::vector> &agentToProxyVec); #endif int32_t SetDnPolicy(const std::string &pkgName, std::map &policy); void ClearDiscoveryCache(const ProcessInfo &processInfo); diff --git a/services/service/src/device_manager_service.cpp b/services/service/src/device_manager_service.cpp index c32ff62d2..601efcea2 100644 --- a/services/service/src/device_manager_service.cpp +++ b/services/service/src/device_manager_service.cpp @@ -836,6 +836,111 @@ int32_t DeviceManagerService::UnBindDevice(const std::string &pkgName, const std return DM_OK; } +#if !(defined(__LITEOS_M__) || defined(LITE_DEVICE)) +std::set> DeviceManagerService::GetProxyInfosByParseExtra( + const std::string &pkgName, const std::string &extra, + std::vector> &agentToProxyVec) +{ + std::set> proxyInfos; + JsonObject jsonObject(extra); + if (jsonObject.IsDiscarded() || !IsString(jsonObject, PARAM_KEY_IS_PROXY_BIND)) { + proxyInfos.insert(std::pair(pkgName, extra)); + return proxyInfos; + } + if (jsonObject[PARAM_KEY_IS_PROXY_BIND].Get() != DM_VAL_TRUE) { + proxyInfos.insert(std::pair(pkgName, extra)); + return proxyInfos; + } + if (!AppManager::GetInstance().IsSystemSA()) { + LOGE("no proxy permission"); + return proxyInfos; + } + if (!IsString(jsonObject, PARAM_KEY_IS_CALLING_PROXY_AS_SUBJECT) || + (jsonObject[PARAM_KEY_IS_CALLING_PROXY_AS_SUBJECT].Get() == DM_VAL_TRUE)) { + proxyInfos.insert(std::pair(pkgName, extra)); + return proxyInfos; + } + if (!jsonObject.Contains(PARAM_KEY_SUBJECT_PROXYED_APPS) || + !IsString(jsonObject, PARAM_KEY_SUBJECT_PROXYED_APPS)) { + LOGE("no subject proxyed apps"); + return proxyInfos; + } + std::string subjectProxyAppsStr = jsonObject[PARAM_KEY_SUBJECT_PROXYED_APPS].Get(); + JsonObject allProxyObj; + if (!allProxyObj.Parse(subjectProxyAppsStr)) { + return proxyInfos; + } + int64_t proxyTokenId = static_cast(IPCSkeleton::GetCallingTokenID()); + for (const auto &object : allProxyObj.Items()) { + if (!object.Contains(TAG_BUNDLE_NAME) || !IsString(object, TAG_BUNDLE_NAME)) { + continue; + } + if (!object.Contains(TAG_TOKENID) || !IsInt64(object, TAG_TOKENID)) { + continue; + } + std::string bundleName = object[TAG_BUNDLE_NAME].Get(); + int64_t agentTokenId = object[TAG_TOKENID].Get(); + for (uint32_t i = 0; i < agentToProxyVec.size(); i++) { + if (agentTokenId == agentToProxyVec[i].first && proxyTokenId == agentToProxyVec[i].second) { + proxyInfos.insert(std::pair(bundleName, object.Dump())); + break; + } + } + } + return proxyInfos; +} +#endif + +int32_t DeviceManagerService::UnBindDeviceParseExtra(const std::string &pkgName, const std::string &udidHash, + const std::string &extra) +{ + int32_t result = ValidateUnBindDeviceParams(pkgName, udidHash, extra); + if (result != DM_OK) { + return result; + } + std::string realDeviceId = udidHash; +#if !(defined(__LITEOS_M__) || defined(LITE_DEVICE)) + std::string udidHashTemp = ""; + if (GetUdidHashByAnoyDeviceId(udidHash, udidHashTemp) == DM_OK) { + realDeviceId = udidHashTemp; + } + CHECK_NULL_RETURN(softbusListener_, ERR_DM_POINT_NULL); + std::string udid = ""; + if (softbusListener_->GetUdidFromDp(realDeviceId, udid) != DM_OK) { + LOGE("Get udid by udidhash failed."); + return ERR_DM_FAILED; + } + char localUdid[DEVICE_UUID_LENGTH] = {0}; + GetDevUdid(localUdid, DEVICE_UUID_LENGTH); + int32_t userId = MultipleUserConnector::GetCurrentAccountUserID(); + std::vector> agentToProxyVec = + DeviceProfileConnector::GetInstance().GetAgentToProxyVecFromAclByUserId( + std::string(localUdid), udid, userId); + std::set> proxyInfoSet = GetProxyInfosByParseExtra( + pkgName, extra, agentToProxyVec); + if (proxyInfoSet.size() == 0) { + LOGE("proxyInfoSet is empty."); + return ERR_DM_FAILED; + } + auto proxyInfo = proxyInfoSet.begin(); + uint64_t peerTokenId = 0; + std::string peerBundleName = ""; + DeviceProfileConnector::GetInstance().ParseExtra(proxyInfo->second, peerTokenId, peerBundleName); + if (peerBundleName == "") { + result = UnBindDevice(proxyInfo->first, udidHash); + } else { + result = UnBindDevice(proxyInfo->first, udidHash, proxyInfo->second); + } +#else + if (extra == "") { + result = UnBindDevice(pkgName, udidHash); + } else { + result = UnBindDevice(pkgName, udidHash, extra); + } +#endif + return result; +} + int32_t DeviceManagerService::UnBindDevice(const std::string &pkgName, const std::string &udidHash, const std::string &extra) { diff --git a/services/service/src/ipc/standard/ipc_cmd_parser.cpp b/services/service/src/ipc/standard/ipc_cmd_parser.cpp index 58517d156..9a70e7077 100644 --- a/services/service/src/ipc/standard/ipc_cmd_parser.cpp +++ b/services/service/src/ipc/standard/ipc_cmd_parser.cpp @@ -873,11 +873,7 @@ ON_IPC_CMD(UNBIND_DEVICE, MessageParcel &data, MessageParcel &reply) std::string deviceId = data.ReadString(); std::string extra = data.ReadString(); int32_t result = 0; - if (extra == "") { - result = DeviceManagerService::GetInstance().UnBindDevice(pkgName, deviceId); - } else { - result = DeviceManagerService::GetInstance().UnBindDevice(pkgName, deviceId, extra); - } + result = DeviceManagerService::GetInstance().UnBindDeviceParseExtra(pkgName, deviceId, extra); if (!reply.WriteInt32(result)) { LOGE("write result failed"); return ERR_DM_IPC_WRITE_FAILED; diff --git a/utils/include/appInfo/standard/app_manager.h b/utils/include/appInfo/standard/app_manager.h index 117fef077..24c12464d 100644 --- a/utils/include/appInfo/standard/app_manager.h +++ b/utils/include/appInfo/standard/app_manager.h @@ -44,6 +44,7 @@ public: int32_t instIndex, int64_t &tokenId); DM_EXPORT int32_t GetCallerProcessName(std::string &processName); DM_EXPORT int32_t GetBundleNameForSelf(std::string &bundleName); + DM_EXPORT int32_t GetBundleNameByTokenId(int64_t tokenId, std::string &bundleName); private: bool GetBundleManagerProxy(sptr &bundleManager); std::mutex appIdMapLock_; diff --git a/utils/src/appInfo/standard/app_manager.cpp b/utils/src/appInfo/standard/app_manager.cpp index ad0d95522..db43c8270 100644 --- a/utils/src/appInfo/standard/app_manager.cpp +++ b/utils/src/appInfo/standard/app_manager.cpp @@ -191,6 +191,35 @@ DM_EXPORT int32_t AppManager::GetCallerName(bool isSystemSA, std::string &caller return DM_OK; } +DM_EXPORT int32_t AppManager::GetBundleNameByTokenId(int64_t tokenId, std::string &bundleName) +{ + if (tokenId < 0) { + LOGE("GetBundleNameByTokenId error."); + return ERR_DM_FAILED; + } + AccessTokenID tokenIdTemp = static_cast(tokenId); + ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenIdTemp); + if (tokenTypeFlag == ATokenTypeEnum::TOKEN_HAP) { + HapTokenInfo tokenInfo; + if (AccessTokenKit::GetHapTokenInfo(tokenIdTemp, tokenInfo) != EOK) { + LOGE("GetHapTokenInfo failed."); + return ERR_DM_FAILED; + } + bundleName = std::move(tokenInfo.bundleName); + } else if (tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) { + NativeTokenInfo tokenInfo; + if (AccessTokenKit::GetNativeTokenInfo(tokenIdTemp, tokenInfo) != EOK) { + LOGE("GetNativeTokenInfo failed."); + return ERR_DM_FAILED; + } + bundleName = std::move(tokenInfo.processName); + } else { + LOGE("failed, unsupported process."); + return ERR_DM_FAILED; + } + return DM_OK; +} + DM_EXPORT int32_t AppManager::GetNativeTokenIdByName(std::string &processName, int64_t &tokenId) { -- Gitee