From f574549f1bced04670ce4d6dee5c92dfda5bedd0 Mon Sep 17 00:00:00 2001 From: libo429 Date: Sun, 22 Jun 2025 14:03:24 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BB=A3=E7=90=86=E9=9C=80=E6=B1=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: libo429 --- common/include/dm_constants.h | 3 + common/src/dm_constants.cpp | 3 + .../include/deviceprofile_connector.h | 6 +- .../src/deviceprofile_connector.cpp | 105 ++++++++++++++---- .../include/authentication/dm_auth_manager.h | 1 - .../include/authentication_v2/auth_manager.h | 1 - .../include/device_manager_service_impl.h | 1 + .../src/authentication/dm_auth_manager.cpp | 13 --- .../src/authentication_v2/auth_manager.cpp | 13 --- .../src/device_manager_service_impl.cpp | 70 ++++++++++-- .../service/include/device_manager_service.h | 5 + .../service/src/device_manager_service.cpp | 104 +++++++++++++++++ .../src/ipc/standard/ipc_cmd_parser.cpp | 6 +- .../UTTest_dm_auth_manager_first.cpp | 40 ------- .../auth_manager_fuzzer.cpp | 9 -- utils/BUILD.gn | 10 +- utils/include/appInfo/standard/app_manager.h | 2 + .../jsonstr_handle/dm_jsonstr_handle.h | 39 +++++++ utils/src/appInfo/standard/app_manager.cpp | 42 +++++++ .../src/jsonstr_handle/dm_jsonstr_handle.cpp | 69 ++++++++++++ 20 files changed, 421 insertions(+), 121 deletions(-) create mode 100644 utils/include/jsonstr_handle/dm_jsonstr_handle.h create mode 100644 utils/src/jsonstr_handle/dm_jsonstr_handle.cpp diff --git a/common/include/dm_constants.h b/common/include/dm_constants.h index c06637e10..cd17af833 100755 --- a/common/include/dm_constants.h +++ b/common/include/dm_constants.h @@ -56,6 +56,8 @@ DM_EXPORT extern const char* FIELD_CREDENTIAL_EXISTS; DM_EXPORT extern const char* DM_TYPE_MINE; DM_EXPORT extern const char* DM_TYPE_OH; DM_EXPORT extern const char* TAG_SESSION_HEARTBEAT; +DM_EXPORT extern const char* TAG_BUNDLE_NAME; +DM_EXPORT extern const char* TAG_TOKENID; //The following constant are provided only for HiLink. DM_EXPORT extern const char *EXT_PART; @@ -159,6 +161,7 @@ DM_EXPORT extern const char* CONN_SESSION_TYPE_HML; DM_EXPORT extern const char* CONN_SESSION_TYPE_BLE; DM_EXPORT extern const char* UN_BIND_PARAM_UDID_KEY; DM_EXPORT extern const char* PARAM_KEY_IS_PROXY_BIND; +DM_EXPORT extern const char* PARAM_KEY_IS_PROXY_UNBIND; DM_EXPORT extern const char* PARAM_KEY_IS_CALLING_PROXY_AS_SUBJECT; DM_EXPORT extern const char* PARAM_KEY_SUBJECT_PROXYED_SUBJECTS; DM_EXPORT extern const char* DM_VAL_TRUE; diff --git a/common/src/dm_constants.cpp b/common/src/dm_constants.cpp index 96a897a31..b39953b7d 100644 --- a/common/src/dm_constants.cpp +++ b/common/src/dm_constants.cpp @@ -47,6 +47,8 @@ const char* FIELD_CREDENTIAL_EXISTS = "isCredentialExists"; const char* DM_TYPE_MINE = "MINE"; const char* DM_TYPE_OH = "OH"; const char* TAG_SESSION_HEARTBEAT = "session_heartbeat"; +const char* TAG_BUNDLE_NAME = "bundleName"; +const char* TAG_TOKENID = "tokenId"; //The following constant are provided only for HiLink. const char *EXT_PART = "ext_part"; @@ -149,6 +151,7 @@ const char* CONN_SESSION_TYPE_HML = "HML"; const char* CONN_SESSION_TYPE_BLE = "BLE"; const char* UN_BIND_PARAM_UDID_KEY = "udidKey"; const char* PARAM_KEY_IS_PROXY_BIND = "isProxyBind"; +const char* PARAM_KEY_IS_PROXY_UNBIND = "isProxyUnBind"; const char* PARAM_KEY_IS_CALLING_PROXY_AS_SUBJECT = "isCallingProxyAsSubject"; const char* PARAM_KEY_SUBJECT_PROXYED_SUBJECTS = "subjectProxyOnes"; const char* DM_VAL_TRUE = "true"; diff --git a/commondependency/include/deviceprofile_connector.h b/commondependency/include/deviceprofile_connector.h index f48abb6c6..3f5a9f237 100644 --- a/commondependency/include/deviceprofile_connector.h +++ b/commondependency/include/deviceprofile_connector.h @@ -186,6 +186,10 @@ public: DM_EXPORT std::vector GetProcessInfoFromAclByUserId(const std::string &localDeviceId, const std::string &targetDeviceId, int32_t userId); + DM_EXPORT DistributedDeviceProfile::AccessControlProfile GetAccessControlProfileByAccessControlId( + int64_t accessControlId); + DM_EXPORT std::vector> GetAgentToProxyVecFromAclByUserId( + const std::string &localDeviceId, const std::string &targetDeviceId, int32_t userId); DM_EXPORT bool CheckSrcDevIdInAclForDevBind(const std::string &pkgName, const std::string &deviceId); DM_EXPORT bool CheckSinkDevIdInAclForDevBind(const std::string &pkgName, @@ -332,6 +336,7 @@ private: const std::vector &profilesFilter, const int32_t &userId); int32_t GetAuthForm(DistributedDeviceProfile::AccessControlProfile profiles, const std::string &trustDev, const std::string &reqDev); + bool CheckAuthFormProxyTokenId(const std::string &extraStr); int32_t CheckAuthForm(DmAuthForm form, DistributedDeviceProfile::AccessControlProfile profiles, DmDiscoveryInfo discoveryInfo); bool SingleUserProcess(const DistributedDeviceProfile::AccessControlProfile &profile, const DmAccessCaller &caller, @@ -386,7 +391,6 @@ private: std::string GetDeviceAuthVersionInfo(std::string localUdid, std::string remoteUdid, std::vector profiles); - void ParseExtra(const std::string &extra, uint64_t &peerTokenId, std::string &peerBundleName); bool CacheLnnAcl(DistributedDeviceProfile::AccessControlProfile profile, const std::string &localUdid, DmAclIdParam &dmAclIdParam); void CheckLastLnnAcl(const std::string &localDeviceId, int32_t userId, const std::string &remoteDeviceId, diff --git a/commondependency/src/deviceprofile_connector.cpp b/commondependency/src/deviceprofile_connector.cpp index 964636f86..162df890b 100644 --- a/commondependency/src/deviceprofile_connector.cpp +++ b/commondependency/src/deviceprofile_connector.cpp @@ -24,6 +24,9 @@ #include "multiple_user_connector.h" #include "distributed_device_profile_client.h" #include "system_ability_definition.h" +#include "ipc_skeleton.h" +#include "dm_jsonstr_handle.h" +#include "app_manager.h" using namespace OHOS::DistributedDeviceProfile; @@ -425,21 +428,6 @@ void DeviceProfileConnector::DeleteCacheAcl(std::vector delAclIdVec, } } -void DeviceProfileConnector::ParseExtra(const std::string &extra, uint64_t &peerTokenId, std::string &peerBundleName) -{ - JsonObject extraInfoJson(extra); - if (extraInfoJson.IsDiscarded()) { - LOGE("ParseExtra extraInfoJson error"); - return; - } - if (!extraInfoJson[TAG_PEER_BUNDLE_NAME].IsString() || !extraInfoJson[TAG_PEER_TOKENID].IsNumberInteger()) { - LOGE("ParseExtra TAG_PEER_BUNDLE_NAME or TAG_PEER_TOKENID error"); - return; - } - peerTokenId = extraInfoJson[TAG_PEER_TOKENID].Get(); - peerBundleName = extraInfoJson[TAG_PEER_BUNDLE_NAME].Get(); -} - bool DeviceProfileConnector::FindTargetAcl(const DistributedDeviceProfile::AccessControlProfile &acl, const std::string &localUdid, const uint32_t localTokenId, const std::string &remoteUdid, const uint32_t peerTokenId, @@ -573,7 +561,7 @@ void DeviceProfileConnector::FilterNeedDeleteACLInfos( { uint64_t peerTokenId = 0; std::string peerBundleName = ""; - ParseExtra(extra, peerTokenId, peerBundleName); + JsonStrHandle::GetInstance().GetPeerAppInfoParseExtra(extra, peerTokenId, peerBundleName); for (auto &item : profiles) { if (item.GetTrustDeviceId() != remoteUdid) { continue; @@ -796,6 +784,18 @@ int32_t DeviceProfileConnector::GetDeviceAclParam(DmDiscoveryInfo discoveryInfo, return DM_OK; } +bool DeviceProfileConnector::CheckAuthFormProxyTokenId(const std::string &extraStr) +{ + std::vector proxyTokenIdVec = JsonStrHandle::GetInstance().GetProxyTokenIdByExtra(extraStr); + int64_t callingTokenId = static_cast(IPCSkeleton::GetCallingTokenID()); + for (auto &proxyTokenId : proxyTokenIdVec) { + if (callingTokenId == proxyTokenId) { + return true; + } + } + return false; +} + int32_t DeviceProfileConnector::CheckAuthForm(DmAuthForm form, AccessControlProfile profiles, DmDiscoveryInfo discoveryInfo) { @@ -807,11 +807,13 @@ int32_t DeviceProfileConnector::CheckAuthForm(DmAuthForm form, AccessControlProf return form; } if (profiles.GetBindLevel() == APP || profiles.GetBindLevel() == SERVICE) { - if (discoveryInfo.pkgname == profiles.GetAccesser().GetAccesserBundleName() && + if ((discoveryInfo.pkgname == profiles.GetAccesser().GetAccesserBundleName() || + CheckAuthFormProxyTokenId(profiles.GetAccesser().GetAccesserExtraData())) && discoveryInfo.localDeviceId == profiles.GetAccesser().GetAccesserDeviceId()) { return form; } - if (discoveryInfo.pkgname == profiles.GetAccessee().GetAccesseeBundleName() && + if ((discoveryInfo.pkgname == profiles.GetAccessee().GetAccesseeBundleName() || + CheckAuthFormProxyTokenId(profiles.GetAccessee().GetAccesseeExtraData())) && discoveryInfo.localDeviceId == profiles.GetAccessee().GetAccesseeDeviceId()) { return form; } @@ -925,7 +927,7 @@ DM_EXPORT uint64_t DeviceProfileConnector::GetTokenIdByNameAndDeviceId(std::stri { uint64_t peerTokenId = 0; std::string pkgName = ""; - ParseExtra(extra, peerTokenId, pkgName); + JsonStrHandle::GetInstance().GetPeerAppInfoParseExtra(extra, peerTokenId, pkgName); std::vector profiles = GetAccessControlProfile(); for (auto &item : profiles) { if (item.GetAccesser().GetAccesserBundleName() == pkgName && @@ -1086,22 +1088,79 @@ std::vector DeviceProfileConnector::GetP std::string accesserUdid = item.GetAccesser().GetAccesserDeviceId(); std::string accesseeUdid = item.GetAccessee().GetAccesseeDeviceId(); OHOS::DistributedHardware::ProcessInfo processInfo; + std::string extraStr; if (accesserUdid == localDeviceId) { processInfo.pkgName = item.GetAccesser().GetAccesserBundleName(); processInfo.userId = item.GetAccesser().GetAccesserUserId(); processInfoVec.push_back(processInfo); - continue; - } - if (accesseeUdid == localDeviceId) { + extraStr = item.GetAccesser().GetAccesserExtraData(); + } else if (accesseeUdid == localDeviceId) { processInfo.pkgName = item.GetAccessee().GetAccesseeBundleName(); processInfo.userId = item.GetAccessee().GetAccesseeUserId(); processInfoVec.push_back(processInfo); + extraStr = item.GetAccessee().GetAccesseeExtraData(); + } else { continue; } + std::vector proxyTokenIdVec = JsonStrHandle::GetInstance().GetProxyTokenIdByExtra(extraStr); + for (auto &proxyTokenId : proxyTokenIdVec) { + std::string proxyBundleName; + if (AppManager::GetInstance().GetBundleNameByTokenId(proxyTokenId, proxyBundleName) != DM_OK) { + continue; + } + processInfo.pkgName = proxyBundleName; + processInfoVec.push_back(processInfo); + } } return processInfoVec; } +DM_EXPORT AccessControlProfile DeviceProfileConnector::GetAccessControlProfileByAccessControlId( + int64_t accessControlId) +{ + AccessControlProfile profile; + profile.SetAccessControlId(0); + std::vector profiles = GetAllAclIncludeLnnAcl(); + for (auto &item : profiles) { + if (item.GetAccessControlId() == accessControlId) { + return item; + } + } + return profile; +} + +DM_EXPORT std::vector> DeviceProfileConnector::GetAgentToProxyVecFromAclByUserId( + const std::string &localDeviceId, const std::string &targetDeviceId, int32_t userId) +{ + std::vector filterProfiles = GetAclProfileByUserId(localDeviceId, + userId, targetDeviceId); + LOGI("filterProfiles size is %{public}zu", filterProfiles.size()); + std::vector> agentToProxyVec; + for (auto &item : filterProfiles) { + if (IsLnnAcl(item) || item.GetTrustDeviceId() != targetDeviceId) { + continue; + } + std::string accesserUdid = item.GetAccesser().GetAccesserDeviceId(); + std::string accesseeUdid = item.GetAccessee().GetAccesseeDeviceId(); + int64_t agentTokenId; + std::string extraStr; + if (accesserUdid == localDeviceId) { + agentTokenId = item.GetAccesser().GetAccesserTokenId(); + extraStr = item.GetAccesser().GetAccesserExtraData(); + } else if (accesseeUdid == localDeviceId) { + agentTokenId = item.GetAccessee().GetAccesseeTokenId(); + extraStr = item.GetAccessee().GetAccesseeExtraData(); + } else { + continue; + } + std::vector proxyTokenIdVec = JsonStrHandle::GetInstance().GetProxyTokenIdByExtra(extraStr); + for (auto &proxyTokenId : proxyTokenIdVec) { + agentToProxyVec.push_back(std::pair(agentTokenId, proxyTokenId)); + } + } + return agentToProxyVec; +} + int32_t DeviceProfileConnector::PutAccessControlList(DmAclInfo aclInfo, DmAccesser dmAccesser, DmAccessee dmAccessee) { LOGI("Start."); @@ -1349,7 +1408,7 @@ void DeviceProfileConnector::DeleteAppBindLevel(DmOfflineParam &offlineParam, co int32_t deleteNums = 0; uint64_t peerTokenId = 0; std::string peerBundleName; - ParseExtra(extra, peerTokenId, peerBundleName); + JsonStrHandle::GetInstance().GetPeerAppInfoParseExtra(extra, peerTokenId, peerBundleName); for (auto &item : profiles) { if (item.GetTrustDeviceId() != remoteUdid || item.GetBindType() == DM_IDENTICAL_ACCOUNT || item.GetBindLevel() != APP) { diff --git a/services/implementation/include/authentication/dm_auth_manager.h b/services/implementation/include/authentication/dm_auth_manager.h index 3080fff94..a4d1ec014 100644 --- a/services/implementation/include/authentication/dm_auth_manager.h +++ b/services/implementation/include/authentication/dm_auth_manager.h @@ -593,7 +593,6 @@ private: bool IsSinkMsgValid(); bool IsSourceMsgValid(); void ProcessReqPublicKey(); - int32_t GetTokenIdByBundleName(int32_t userId, std::string &bundleName, int64_t &tokenId); void RegisterCleanNotifyCallback(CleanNotifyCallback cleanNotifyCallback); void GetBindCallerInfo(); diff --git a/services/implementation/include/authentication_v2/auth_manager.h b/services/implementation/include/authentication_v2/auth_manager.h index 8d46c6d21..336d31e11 100644 --- a/services/implementation/include/authentication_v2/auth_manager.h +++ b/services/implementation/include/authentication_v2/auth_manager.h @@ -110,7 +110,6 @@ public: void SetAuthContext(std::shared_ptr context); std::shared_ptr GetAuthContext(); static bool IsHmlSessionType(const std::string &sessionType); - int32_t GetTokenIdByBundleName(int32_t userId, std::string &bundleName, int64_t &tokenId); void GetBindTargetParams(std::string &pkgName, PeerTargetId &targetId, std::map &bindParam); void GetAuthCodeAndPkgName(std::string &pkgName, std::string &authCode); diff --git a/services/implementation/include/device_manager_service_impl.h b/services/implementation/include/device_manager_service_impl.h index 7e22d16a8..c7516b1a8 100644 --- a/services/implementation/include/device_manager_service_impl.h +++ b/services/implementation/include/device_manager_service_impl.h @@ -259,6 +259,7 @@ private: int32_t DeleteAclForProcV2(const std::string &localUdid, uint32_t localTokenId, const std::string &remoteUdid, int32_t bindLevel, const std::string &extra, int32_t userId); int32_t DeleteSkCredAndAcl(const std::vector &acls); + void DeleteCredential(DmAclIdParam &acl); void DeleteAclByTokenId(const int32_t accessTokenId, std::vector &profiles, std::map &delProfileMap, diff --git a/services/implementation/src/authentication/dm_auth_manager.cpp b/services/implementation/src/authentication/dm_auth_manager.cpp index 26d07d2d1..515b38e1e 100644 --- a/services/implementation/src/authentication/dm_auth_manager.cpp +++ b/services/implementation/src/authentication/dm_auth_manager.cpp @@ -3268,19 +3268,6 @@ void DmAuthManager::JoinLnn(const std::string &deviceId, bool isForceJoin) } } -int32_t DmAuthManager::GetTokenIdByBundleName(int32_t userId, std::string &bundleName, int64_t &tokenId) -{ - int32_t ret = AppManager::GetInstance().GetNativeTokenIdByName(bundleName, tokenId); - if (ret == DM_OK) { - return DM_OK; - } - ret = AppManager::GetInstance().GetHapTokenIdByName(userId, bundleName, 0, tokenId); - if (ret != DM_OK) { - LOGE("get tokenId by bundleName failed %{public}s", GetAnonyString(bundleName).c_str()); - } - return ret; -} - void DmAuthManager::OnSoftbusJoinLNNResult(const int32_t sessionId, const char *networkId, int32_t result) { (void)sessionId; diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index 24967de41..293054d3d 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -490,19 +490,6 @@ void AuthManager::ParseUltrasonicSide(const JsonObject &jsonObject) } } -int32_t AuthManager::GetTokenIdByBundleName(int32_t userId, std::string &bundleName, int64_t &tokenId) -{ - int32_t ret = AppManager::GetInstance().GetNativeTokenIdByName(bundleName, tokenId); - if (ret == DM_OK) { - return DM_OK; - } - ret = AppManager::GetInstance().GetHapTokenIdByName(userId, bundleName, 0, tokenId); - if (ret != DM_OK) { - LOGE("get tokenId by bundleName failed %{public}s", GetAnonyString(bundleName).c_str()); - } - return ret; -} - bool CheckBindLevel(const JsonItemObject &jsonObj, const std::string &key, int32_t &bindLevel) { if (IsJsonValIntegerString(jsonObj, TAG_BIND_LEVEL)) { diff --git a/services/implementation/src/device_manager_service_impl.cpp b/services/implementation/src/device_manager_service_impl.cpp index 4de0a19f1..5789d6101 100644 --- a/services/implementation/src/device_manager_service_impl.cpp +++ b/services/implementation/src/device_manager_service_impl.cpp @@ -65,6 +65,7 @@ constexpr const char* DM_TAG_LOGICAL_SESSION_ID = "logicalSessionId"; constexpr const char* DM_TAG_PEER_DISPLAY_ID = "peerDisplayId"; constexpr const char* DM_TAG_ACCESSEE_USER_ID = "accesseeUserId"; constexpr const char* DM_TAG_EXTRA_INFO = "extraInfo"; +constexpr const char* FILED_AUTHORIZED_APP_LIST = "authorizedAppList"; constexpr const char* CHANGE_PINTYPE = "1"; constexpr const char* BIND_CALLER_USERID = "bindCallerUserId"; // currently, we just support one bind session in one device at same time @@ -694,9 +695,10 @@ void DeviceManagerServiceImpl::HandleOffline(DmDeviceState devState, DmDeviceInf softbusConnector_->SetProcessInfo(processInfo); } else if (static_cast(item.second) == SERVICE || static_cast(item.second) == APP) { LOGI("The offline device is PEER_TO_PEER_TYPE bind type, %{public}" PRIu32, item.second); - std::vector processInfoVec = - DeviceProfileConnector::GetInstance().GetProcessInfoFromAclByUserId(requestDeviceId, trustDeviceId, - item.first); + auto processInfoVec = DeviceProfileConnector::GetInstance().GetProcessInfoFromAclByUserId( + requestDeviceId, trustDeviceId, item.first); + std::set processInfoSet(processInfoVec.begin(), processInfoVec.end()); + processInfoVec.assign(processInfoSet.begin(), processInfoSet.end()); softbusConnector_->SetProcessInfoVec(processInfoVec); } deviceStateMgr_->HandleDeviceStatusChange(devState, devInfo); @@ -743,12 +745,16 @@ void DeviceManagerServiceImpl::SetOnlineProcessInfo(const uint32_t &bindType, Pr std::vector processInfoVec = DeviceProfileConnector::GetInstance().GetProcessInfoFromAclByUserId(requestDeviceId, trustDeviceId, MultipleUserConnector::GetFirstForegroundUserId()); + std::set processInfoSet(processInfoVec.begin(), processInfoVec.end()); + processInfoVec.assign(processInfoSet.begin(), processInfoSet.end()); softbusConnector_->SetProcessInfoVec(processInfoVec); devInfo.authForm = DmAuthForm::PEER_TO_PEER; } else if (bindType == APP_ACROSS_ACCOUNT_TYPE || bindType == SERVICE_ACROSS_ACCOUNT_TYPE) { std::vector processInfoVec = DeviceProfileConnector::GetInstance().GetProcessInfoFromAclByUserId(requestDeviceId, trustDeviceId, MultipleUserConnector::GetFirstForegroundUserId()); + std::set processInfoSet(processInfoVec.begin(), processInfoVec.end()); + processInfoVec.assign(processInfoSet.begin(), processInfoSet.end()); softbusConnector_->SetProcessInfoVec(processInfoVec); devInfo.authForm = DmAuthForm::ACROSS_ACCOUNT; } else if (bindType == SHARE_TYPE) { @@ -2744,6 +2750,48 @@ int32_t DeviceManagerServiceImpl::DeleteAcl(const std::string &pkgName, const st return ERR_DM_FAILED; } +void DeviceManagerServiceImpl::DeleteCredential(DmAclIdParam &acl) +{ + CHECK_NULL_VOID(hiChainAuthConnector_); + JsonObject credJson; + int32_t ret = hiChainAuthConnector_->QueryCredInfoByCredId(acl.userId, acl.credId, credJson); + if (ret != DM_OK || !credJson.Contains(acl.credId)) { + LOGE("DeleteCredential err, ret:%{public}d", ret); + return; + } + if (!credJson[acl.credId].Contains(FILED_AUTHORIZED_APP_LIST)) { + ret = hiChainAuthConnector_->DeleteCredential(acl.userId, acl.credId); + if (ret != DM_OK) { + LOGE("DeletecredId err, ret:%{public}d", ret); + } + return; + } + DistributedDeviceProfile::AccessControlProfile profile = + DeviceProfileConnector::GetInstance().GetAccessControlProfileByAccessControlId(acl.accessControlId); + if (profile.GetAccessControlId() != acl.accessControlId) { + LOGE("DeleteCredential, no found profile"); + return; + } + std::vector appList; + credJson[acl.credId][FILED_AUTHORIZED_APP_LIST].Get(appList); + auto erIt = std::find(appList.begin(), appList.end(), std::to_string(profile.GetAccesser().GetAccesserTokenId())); + if (erIt != appList.end()) { + appList.erase(erIt); + } + auto eeIt = std::find(appList.begin(), appList.end(), std::to_string(profile.GetAccessee().GetAccesseeTokenId())); + if (eeIt != appList.end()) { + appList.erase(eeIt); + } + if (appList.size() == 0) { + ret = hiChainAuthConnector_->DeleteCredential(acl.userId, acl.credId); + if (ret != DM_OK) { + LOGE("DeletecredId err, ret:%{public}d", ret); + } + return; + } + hiChainAuthConnector_->UpdateCredential(acl.credId, acl.userId, appList); +} + int32_t DeviceManagerServiceImpl::DeleteSkCredAndAcl(const std::vector &acls) { LOGI("start."); @@ -2753,16 +2801,13 @@ int32_t DeviceManagerServiceImpl::DeleteSkCredAndAcl(const std::vectorDeleteCredential(item.userId, item.credId); - if (ret != DM_OK) { - LOGE("DeletecredId err, userId:%{public}d, credId:%{public}s, ret:%{public}d", item.userId, - item.credId.c_str(), ret); + LOGE("DeleteSessionKey err, ret:%{public}d", ret); } + DeleteCredential(item); DeviceProfileConnector::GetInstance().DeleteAccessControlById(item.accessControlId); } return ret; @@ -2798,9 +2843,10 @@ int32_t DeviceManagerServiceImpl::DeleteAclV2(const std::string &pkgName, const { LOGI("pkgName %{public}s, localUdid %{public}s, remoteUdid %{public}s, bindLevel %{public}d.", pkgName.c_str(), GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str(), bindLevel); - uint32_t tokenId = 0; - MultipleUserConnector::GetTokenId(tokenId); + int64_t tokenId = 0; int32_t userId = MultipleUserConnector::GetCurrentAccountUserID(); + std::string bundleName = pkgName; + AppManager::GetInstance().GetTokenIdByBundleName(userId, bundleName, tokenId); bool isNewVersion = IsAuthNewVersion(bindLevel, localUdid, remoteUdid, tokenId, userId); if (!isNewVersion) { return DeleteAcl(pkgName, localUdid, remoteUdid, bindLevel, extra); diff --git a/services/service/include/device_manager_service.h b/services/service/include/device_manager_service.h index da3023d9a..d082452f7 100644 --- a/services/service/include/device_manager_service.h +++ b/services/service/include/device_manager_service.h @@ -96,6 +96,9 @@ public: int32_t BindDevice(const std::string &pkgName, int32_t authType, const std::string &deviceId, const std::string &bindParam); + int32_t UnBindDeviceParseExtra(const std::string &pkgName, const std::string &udidHash, + const std::string &extra); + int32_t UnBindDevice(const std::string &pkgName, const std::string &udidHash); int32_t UnBindDevice(const std::string &pkgName, const std::string &udidHash, const std::string &extra); @@ -205,6 +208,8 @@ public: void HandleUserStop(int32_t stopUserId, const std::string &stopEventUdid); void HandleUserStop(int32_t stopUserId, const std::string &stopEventUdid, const std::vector &acceptEventUdids); + std::set> GetProxyInfosByParseExtra(const std::string &pkgName, + const std::string &extra, std::vector> &agentToProxyVec); #endif int32_t SetDnPolicy(const std::string &pkgName, std::map &policy); void ClearDiscoveryCache(const ProcessInfo &processInfo); diff --git a/services/service/src/device_manager_service.cpp b/services/service/src/device_manager_service.cpp index 2bcd88c8f..c2894be60 100644 --- a/services/service/src/device_manager_service.cpp +++ b/services/service/src/device_manager_service.cpp @@ -33,6 +33,7 @@ #include "dm_comm_tool.h" #include "dm_random.h" #include "dm_transport_msg.h" +#include "dm_jsonstr_handle.h" #include "ipc_skeleton.h" #include "iservice_registry.h" #include "kv_adapter_manager.h" @@ -73,6 +74,7 @@ namespace { const int32_t NORMAL = 0; const int32_t SYSTEM_BASIC = 1; const int32_t SYSTEM_CORE = 2; + const uint32_t UNBIND_PROXY_ITEM_SIZE = 1; constexpr const char *ALL_PKGNAME = ""; constexpr const char *NETWORKID = "NETWORK_ID"; constexpr uint32_t INVALIED_BIND_LEVEL = 0; @@ -836,6 +838,108 @@ int32_t DeviceManagerService::UnBindDevice(const std::string &pkgName, const std return DM_OK; } +#if !(defined(__LITEOS_M__) || defined(LITE_DEVICE)) +std::set> DeviceManagerService::GetProxyInfosByParseExtra( + const std::string &pkgName, const std::string &extra, + std::vector> &agentToProxyVec) +{ + std::set> proxyInfos; + JsonObject jsonObject(extra); + if (jsonObject.IsDiscarded()) { + proxyInfos.insert(std::pair(pkgName, extra)); + return proxyInfos; + } + if (IsString(jsonObject, PARAM_KEY_IS_PROXY_UNBIND) && + jsonObject[PARAM_KEY_IS_PROXY_UNBIND].Get() == DM_VAL_TRUE) { + if (!IsString(jsonObject, PARAM_KEY_SUBJECT_PROXYED_SUBJECTS)) { + return proxyInfos; + } + } else { + if (!jsonObject.Contains(PARAM_KEY_SUBJECT_PROXYED_SUBJECTS)) { + proxyInfos.insert(std::pair(pkgName, extra)); + } + return proxyInfos; + } + if (!AppManager::GetInstance().IsSystemSA()) { + LOGE("no proxy permission"); + return proxyInfos; + } + std::string subjectProxyAppsStr = jsonObject[PARAM_KEY_SUBJECT_PROXYED_SUBJECTS].Get(); + JsonObject allProxyObj; + if (!allProxyObj.Parse(subjectProxyAppsStr) || allProxyObj.Items().size() != UNBIND_PROXY_ITEM_SIZE) { + return proxyInfos; + } + int64_t proxyTokenId = static_cast(IPCSkeleton::GetCallingTokenID()); + for (const auto &object : allProxyObj.Items()) { + if (!object.Contains(TAG_BUNDLE_NAME) || !IsString(object, TAG_BUNDLE_NAME)) { + continue; + } + if (!object.Contains(TAG_TOKENID) || !IsInt64(object, TAG_TOKENID)) { + continue; + } + std::string bundleName = object[TAG_BUNDLE_NAME].Get(); + int64_t agentTokenId = object[TAG_TOKENID].Get(); + for (uint32_t i = 0; i < agentToProxyVec.size(); i++) { + if (agentTokenId == agentToProxyVec[i].first && proxyTokenId == agentToProxyVec[i].second) { + proxyInfos.insert(std::pair(bundleName, object.Dump())); + break; + } + } + } + return proxyInfos; +} +#endif + +int32_t DeviceManagerService::UnBindDeviceParseExtra(const std::string &pkgName, const std::string &udidHash, + const std::string &extra) +{ + int32_t result = ValidateUnBindDeviceParams(pkgName, udidHash, extra); + if (result != DM_OK) { + return result; + } + std::string realDeviceId = udidHash; +#if !(defined(__LITEOS_M__) || defined(LITE_DEVICE)) + std::string udidHashTemp = ""; + if (GetUdidHashByAnoyDeviceId(udidHash, udidHashTemp) == DM_OK) { + realDeviceId = udidHashTemp; + } + CHECK_NULL_RETURN(softbusListener_, ERR_DM_POINT_NULL); + std::string udid = ""; + if (softbusListener_->GetUdidFromDp(realDeviceId, udid) != DM_OK) { + LOGE("Get udid by udidhash failed."); + return ERR_DM_FAILED; + } + char localUdid[DEVICE_UUID_LENGTH] = {0}; + GetDevUdid(localUdid, DEVICE_UUID_LENGTH); + int32_t userId = MultipleUserConnector::GetCurrentAccountUserID(); + std::vector> agentToProxyVec = + DeviceProfileConnector::GetInstance().GetAgentToProxyVecFromAclByUserId( + std::string(localUdid), udid, userId); + std::set> proxyInfoSet = GetProxyInfosByParseExtra( + pkgName, extra, agentToProxyVec); + if (proxyInfoSet.size() != UNBIND_PROXY_ITEM_SIZE) { + LOGE("UnBind size error."); + return ERR_DM_FAILED; + } + auto proxyInfo = proxyInfoSet.begin(); + uint64_t peerTokenId = 0; + std::string peerBundleName = ""; + JsonStrHandle::GetInstance().GetPeerAppInfoParseExtra(proxyInfo->second, peerTokenId, peerBundleName); + if (peerBundleName == "") { + result = UnBindDevice(proxyInfo->first, udidHash); + } else { + result = UnBindDevice(proxyInfo->first, udidHash, proxyInfo->second); + } +#else + if (extra == "") { + result = UnBindDevice(pkgName, udidHash); + } else { + result = UnBindDevice(pkgName, udidHash, extra); + } +#endif + return result; +} + int32_t DeviceManagerService::UnBindDevice(const std::string &pkgName, const std::string &udidHash, const std::string &extra) { diff --git a/services/service/src/ipc/standard/ipc_cmd_parser.cpp b/services/service/src/ipc/standard/ipc_cmd_parser.cpp index 58517d156..9a70e7077 100644 --- a/services/service/src/ipc/standard/ipc_cmd_parser.cpp +++ b/services/service/src/ipc/standard/ipc_cmd_parser.cpp @@ -873,11 +873,7 @@ ON_IPC_CMD(UNBIND_DEVICE, MessageParcel &data, MessageParcel &reply) std::string deviceId = data.ReadString(); std::string extra = data.ReadString(); int32_t result = 0; - if (extra == "") { - result = DeviceManagerService::GetInstance().UnBindDevice(pkgName, deviceId); - } else { - result = DeviceManagerService::GetInstance().UnBindDevice(pkgName, deviceId, extra); - } + result = DeviceManagerService::GetInstance().UnBindDeviceParseExtra(pkgName, deviceId, extra); if (!reply.WriteInt32(result)) { LOGE("write result failed"); return ERR_DM_IPC_WRITE_FAILED; diff --git a/test/commonunittest/UTTest_dm_auth_manager_first.cpp b/test/commonunittest/UTTest_dm_auth_manager_first.cpp index aff6cb61d..e82099835 100644 --- a/test/commonunittest/UTTest_dm_auth_manager_first.cpp +++ b/test/commonunittest/UTTest_dm_auth_manager_first.cpp @@ -1954,46 +1954,6 @@ HWTEST_F(DmAuthManagerTest, GetCloseSessionDelaySeconds_001, testing::ext::TestS ASSERT_EQ(ret, DM_OK); } -HWTEST_F(DmAuthManagerTest, GetTokenIdByBundleName_001, testing::ext::TestSize.Level1) -{ - int32_t userId = 1; - std::string bundleName = "b********Info"; - int64_t tokenId = 0; - EXPECT_CALL(*appManagerMock_, GetNativeTokenIdByName(_, _)).WillOnce(Return(DM_OK)); - int32_t ret = authManager_->GetTokenIdByBundleName(userId, bundleName, tokenId); - ASSERT_EQ(ret, DM_OK); - - EXPECT_CALL(*appManagerMock_, GetNativeTokenIdByName(_, _)).WillOnce(Return(ERR_DM_FAILED)); - EXPECT_CALL(*appManagerMock_, GetHapTokenIdByName(_, _, _, _)).WillOnce(Return(ERR_DM_FAILED)); - ret = authManager_->GetTokenIdByBundleName(userId, bundleName, tokenId); - ASSERT_EQ(ret, ERR_DM_FAILED); - - EXPECT_CALL(*appManagerMock_, GetNativeTokenIdByName(_, _)).WillOnce(Return(DM_OK)); - EXPECT_CALL(*appManagerMock_, GetHapTokenIdByName(_, _, _, _)).WillOnce(Return(DM_OK)); - ret = authManager_->GetTokenIdByBundleName(userId, bundleName, tokenId); - ASSERT_EQ(ret, DM_OK); - - std::string deviceId = "de*******8"; - authManager_->authResponseContext_ = std::make_shared(); - authManager_->authRequestContext_ = std::make_shared(); - authManager_->authRequestContext_->connSessionType = CONN_SESSION_TYPE_HML; - authManager_->JoinLnn(deviceId, false); - - int32_t errorCode = 0; - std::shared_ptr listener = std::make_shared(); - authManager_->authUiStateMgr_ = std::make_shared(listener); - authManager_->authResponseContext_->authType = AUTH_TYPE_IMPORT_AUTH_CODE; - authManager_->UpdateInputPincodeDialog(errorCode); - - authManager_->authResponseContext_->authType = AUTH_TYPE_NFC; - errorCode = ERR_DM_HICHAIN_PROOFMISMATCH; - authManager_->pincodeDialogEverShown_ = false; - authManager_->authRequestContext_->hostPkgName = "hostPkgName"; - authManager_->importAuthCode_ = "14785"; - authManager_->importPkgName_ = "hostPkgName"; - authManager_->UpdateInputPincodeDialog(errorCode); -} - HWTEST_F(DmAuthManagerTest, CheckNeedShowAuthInfoDialog_001, testing::ext::TestSize.Level1) { authManager_->authResponseContext_ = std::make_shared(); diff --git a/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.cpp b/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.cpp index f5026935e..fae170d20 100644 --- a/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.cpp +++ b/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.cpp @@ -170,14 +170,6 @@ void ParseJsonObjectFuzzTest(FuzzedDataProvider &fdp) authManager->ParseJsonObject(jsonObject); } -void GetTokenIdByBundleNameFuzzTest(FuzzedDataProvider &fdp) -{ - int32_t userId = fdp.ConsumeIntegral(); - std::string bundleName = fdp.ConsumeRandomLengthString(); - int64_t tokenId = fdp.ConsumeIntegral(); - authManager->GetTokenIdByBundleName(userId, bundleName, tokenId); -} - void GetBindLevelFuzzTest(FuzzedDataProvider &fdp) { int32_t bindLevel = fdp.ConsumeIntegral(); @@ -380,7 +372,6 @@ void AuthManagerFuzzTest(const uint8_t* data, size_t size) AuthDeviceFinishFuzzTest(fdp); GetAuthCodeAndPkgNameFuzzTest(fdp); GetPinCodeFuzzTest(fdp); - GetTokenIdByBundleNameFuzzTest(fdp); AuthenticateDeviceFuzzTest(fdp); BindTargetFuzzTest(fdp); ParseUltrasonicSideFuzzTest(fdp); diff --git a/utils/BUILD.gn b/utils/BUILD.gn index 7f4e0fe83..c4d1ba8fe 100644 --- a/utils/BUILD.gn +++ b/utils/BUILD.gn @@ -24,9 +24,10 @@ if (defined(ohos_lite)) { shared_library("devicemanagerutils") { include_dirs = [ "include", + "include/appInfo/lite", "include/crypto", "include/fwkload/lite", - "include/appInfo/lite", + "include/jsonstr_handle", "include/timer/lite", "${common_path}/include", "${common_path}/include/dfx", @@ -51,6 +52,7 @@ if (defined(ohos_lite)) { "src/crypto/dm_crypto.cpp", "src/dm_random.cpp", "src/fwkload/lite/dm_distributed_hardware_load.cpp", + "src/jsonstr_handle/dm_jsonstr_handle.cpp", "src/timer/lite/dm_timer.cpp", ] @@ -75,10 +77,11 @@ if (defined(ohos_lite)) { config("devicemanagerutils_config") { include_dirs = [ "include", + "include/appInfo/standard", "include/crypto", - "include/kvadapter", "include/fwkload/standard", - "include/appInfo/standard", + "include/jsonstr_handle", + "include/kvadapter", "include/timer", "${innerkits_path}/native_cpp/include", "${common_path}/include", @@ -128,6 +131,7 @@ if (defined(ohos_lite)) { "src/appInfo/standard/app_manager.cpp", "src/crypto/dm_crypto.cpp", "src/dm_random.cpp", + "src/jsonstr_handle/dm_jsonstr_handle.cpp", "src/kvadapter/dm_kv_info.cpp", "src/kvadapter/kv_adapter.cpp", "src/kvadapter/kv_adapter_manager.cpp", diff --git a/utils/include/appInfo/standard/app_manager.h b/utils/include/appInfo/standard/app_manager.h index 117fef077..09247de53 100644 --- a/utils/include/appInfo/standard/app_manager.h +++ b/utils/include/appInfo/standard/app_manager.h @@ -44,6 +44,8 @@ public: int32_t instIndex, int64_t &tokenId); DM_EXPORT int32_t GetCallerProcessName(std::string &processName); DM_EXPORT int32_t GetBundleNameForSelf(std::string &bundleName); + DM_EXPORT int32_t GetBundleNameByTokenId(int64_t tokenId, std::string &bundleName); + DM_EXPORT int32_t GetTokenIdByBundleName(int32_t userId, std::string &bundleName, int64_t &tokenId); private: bool GetBundleManagerProxy(sptr &bundleManager); std::mutex appIdMapLock_; diff --git a/utils/include/jsonstr_handle/dm_jsonstr_handle.h b/utils/include/jsonstr_handle/dm_jsonstr_handle.h new file mode 100644 index 000000000..357357414 --- /dev/null +++ b/utils/include/jsonstr_handle/dm_jsonstr_handle.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OHOS_DM_JSONSTR_HANDLE_H +#define OHOS_DM_JSONSTR_HANDLE_H + +#include "dm_single_instance.h" +#include +#include + +#ifndef DM_EXPORT +#define DM_EXPORT __attribute__ ((visibility ("default"))) +#endif // DM_EXPORT + +namespace OHOS { +namespace DistributedHardware { +class JsonStrHandle { + DM_DECLARE_SINGLE_INSTANCE(JsonStrHandle); + +public: + DM_EXPORT void GetPeerAppInfoParseExtra(const std::string &extra, + uint64_t &peerTokenId, std::string &peerBundleName); + DM_EXPORT std::vector GetProxyTokenIdByExtra(const std::string &extraInfo); +}; +} // namespace DistributedHardware +} // namespace OHOS +#endif // OHOS_DM_JSONSTR_HANDLE_H diff --git a/utils/src/appInfo/standard/app_manager.cpp b/utils/src/appInfo/standard/app_manager.cpp index ad0d95522..b424debff 100644 --- a/utils/src/appInfo/standard/app_manager.cpp +++ b/utils/src/appInfo/standard/app_manager.cpp @@ -191,6 +191,35 @@ DM_EXPORT int32_t AppManager::GetCallerName(bool isSystemSA, std::string &caller return DM_OK; } +DM_EXPORT int32_t AppManager::GetBundleNameByTokenId(int64_t tokenId, std::string &bundleName) +{ + if (tokenId < 0) { + LOGE("GetBundleNameByTokenId error."); + return ERR_DM_FAILED; + } + AccessTokenID tokenIdTemp = static_cast(tokenId); + ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenIdTemp); + if (tokenTypeFlag == ATokenTypeEnum::TOKEN_HAP) { + HapTokenInfo tokenInfo; + if (AccessTokenKit::GetHapTokenInfo(tokenIdTemp, tokenInfo) != EOK) { + LOGE("GetHapTokenInfo failed."); + return ERR_DM_FAILED; + } + bundleName = std::move(tokenInfo.bundleName); + } else if (tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) { + NativeTokenInfo tokenInfo; + if (AccessTokenKit::GetNativeTokenInfo(tokenIdTemp, tokenInfo) != EOK) { + LOGE("GetNativeTokenInfo failed."); + return ERR_DM_FAILED; + } + bundleName = std::move(tokenInfo.processName); + } else { + LOGE("failed, unsupported process."); + return ERR_DM_FAILED; + } + return DM_OK; +} + DM_EXPORT int32_t AppManager::GetNativeTokenIdByName(std::string &processName, int64_t &tokenId) { @@ -251,6 +280,19 @@ DM_EXPORT int32_t AppManager::GetCallerProcessName(std::string &processName) return DM_OK; } +int32_t AppManager::GetTokenIdByBundleName(int32_t userId, std::string &bundleName, int64_t &tokenId) +{ + int32_t ret = GetNativeTokenIdByName(bundleName, tokenId); + if (ret == DM_OK) { + return DM_OK; + } + ret = GetHapTokenIdByName(userId, bundleName, 0, tokenId); + if (ret != DM_OK) { + LOGE("get tokenId by bundleName failed %{public}s", GetAnonyString(bundleName).c_str()); + } + return ret; +} + int32_t AppManager::GetBundleNameForSelf(std::string &bundleName) { sptr bundleManager = nullptr; diff --git a/utils/src/jsonstr_handle/dm_jsonstr_handle.cpp b/utils/src/jsonstr_handle/dm_jsonstr_handle.cpp new file mode 100644 index 000000000..9789df5d0 --- /dev/null +++ b/utils/src/jsonstr_handle/dm_jsonstr_handle.cpp @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dm_jsonstr_handle.h" + +#include "json_object.h" +#include "dm_anonymous.h" +#include "dm_error_type.h" +#include "dm_log.h" + +const char* TAG_PROXY = "proxy"; +const char* TAG_PEER_BUNDLE_NAME = "peerBundleName"; +const char* TAG_PEER_TOKENID = "peerTokenId"; + +namespace OHOS { +namespace DistributedHardware { +DM_IMPLEMENT_SINGLE_INSTANCE(JsonStrHandle); + +DM_EXPORT void JsonStrHandle::GetPeerAppInfoParseExtra(const std::string &extra, + uint64_t &peerTokenId, std::string &peerBundleName) +{ + JsonObject extraInfoJson(extra); + if (extraInfoJson.IsDiscarded()) { + LOGE("ParseExtra extraInfoJson error"); + return; + } + if (!IsString(extraInfoJson, TAG_PEER_BUNDLE_NAME) || !IsInt64(extraInfoJson, TAG_PEER_TOKENID)) { + LOGE("ParseExtra TAG_PEER_BUNDLE_NAME or TAG_PEER_TOKENID error"); + return; + } + peerTokenId = extraInfoJson[TAG_PEER_TOKENID].Get(); + peerBundleName = extraInfoJson[TAG_PEER_BUNDLE_NAME].Get(); +} + +DM_EXPORT std::vector JsonStrHandle::GetProxyTokenIdByExtra(const std::string &extraInfo) +{ + std::vector tokenIdVec; + JsonObject extraInfoJson(extraInfo); + if (extraInfoJson.IsDiscarded() || !IsString(extraInfoJson, TAG_PROXY)) { + LOGE("GetProxyTokenIdByExtra extraInfoJson error"); + return tokenIdVec; + } + std::string proxyListStr = extraInfoJson[TAG_PROXY].Get(); + JsonObject proxyList; + if (!proxyList.Parse(proxyListStr)) { + LOGE("GetProxyTokenIdByExtra proxyListStr Parse error"); + return tokenIdVec; + } + for (auto &item : proxyList.Items()) { + if (item.IsNumber()) { + tokenIdVec.push_back(item.Get()); + } + } + return tokenIdVec; +} +} // namespace DistributedHardware +} // namespace OHOS -- Gitee