From 225e886e60a709616f8893d8eefa492b10fd2d30 Mon Sep 17 00:00:00 2001 From: chen0088 Date: Tue, 27 May 2025 19:41:49 +0800 Subject: [PATCH] add ACL check Signed-off-by: chen0088 --- bundle.json | 3 +- distributedcamera.gni | 7 ++ .../base/include/dcamera_capture_info_cmd.h | 5 +- .../base/include/icamera_controller.h | 3 +- .../base/src/dcamera_capture_info_cmd.cpp | 50 ++++++++----- .../base/dcamera_capture_info_cmd_test.cpp | 20 +++++- services/cameraservice/sinkservice/BUILD.gn | 12 ++++ .../dcamera_sink_controller.h | 8 ++- .../distributedcameramgr/dcamera_sink_dev.h | 4 +- .../distributed_camera_sink_service.cpp | 4 +- .../dcamera_sink_controller.cpp | 70 +++++++++++++++++- .../distributedcameramgr/dcamera_sink_dev.cpp | 8 ++- .../dcamera_sink_controller_test.cpp | 14 +++- .../mock_dcamera_sink_controller.h | 5 +- services/cameraservice/sourceservice/BUILD.gn | 15 +++- .../distributedcameramgr/dcamera_source_dev.h | 4 +- .../dcamera_source_controller.h | 14 +++- .../distributed_camera_source_service.cpp | 4 +- .../dcamera_source_dev.cpp | 8 ++- .../dcamera_source_controller.cpp | 71 ++++++++++++++++++- .../common/distributedcameramgr/BUILD.gn | 1 + .../dcamera_source_controller_test.cpp | 7 +- .../mock_dcamera_source_controller.h | 5 +- 23 files changed, 300 insertions(+), 42 deletions(-) diff --git a/bundle.json b/bundle.json index 4d2f1569..72577798 100644 --- a/bundle.json +++ b/bundle.json @@ -55,7 +55,8 @@ "safwk", "drivers_interface_camera", "access_token", - "av_codec" + "av_codec", + "os_account" ] }, "build": { diff --git a/distributedcamera.gni b/distributedcamera.gni index 0b3ebc48..a7a3a3cf 100644 --- a/distributedcamera.gni +++ b/distributedcamera.gni @@ -50,4 +50,11 @@ declare_args() { !defined(global_parts_info.security_device_security_level)) { device_security_level_camera = false } + + if (!defined(global_parts_info) || + defined(global_parts_info.account_os_account)) { + os_account_camera = true + } else { + os_account_camera = false + } } diff --git a/services/cameraservice/base/include/dcamera_capture_info_cmd.h b/services/cameraservice/base/include/dcamera_capture_info_cmd.h index 5e79e429..e8e25c01 100644 --- a/services/cameraservice/base/include/dcamera_capture_info_cmd.h +++ b/services/cameraservice/base/include/dcamera_capture_info_cmd.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -42,6 +42,9 @@ public: std::string command_; std::vector> value_; int32_t sceneMode_; + int32_t userId_; + uint64_t tokenId_; + std::string accountId_; public: int32_t Marshal(std::string& jsonStr); diff --git a/services/cameraservice/base/include/icamera_controller.h b/services/cameraservice/base/include/icamera_controller.h index 79b6eb9a..7c0884bd 100644 --- a/services/cameraservice/base/include/icamera_controller.h +++ b/services/cameraservice/base/include/icamera_controller.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -44,6 +44,7 @@ public: virtual int32_t PauseDistributedHardware(const std::string &networkId) = 0; virtual int32_t ResumeDistributedHardware(const std::string &networkId) = 0; virtual int32_t StopDistributedHardware(const std::string &networkId) = 0; + virtual void SetTokenId(uint64_t token) = 0; }; } // namespace DistributedHardware } // namespace OHOS diff --git a/services/cameraservice/base/src/dcamera_capture_info_cmd.cpp b/services/cameraservice/base/src/dcamera_capture_info_cmd.cpp index 97206641..13014ff8 100644 --- a/services/cameraservice/base/src/dcamera_capture_info_cmd.cpp +++ b/services/cameraservice/base/src/dcamera_capture_info_cmd.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,9 +24,8 @@ namespace DistributedHardware { int32_t DCameraCaptureInfoCmd::Marshal(std::string& jsonStr) { cJSON *rootValue = cJSON_CreateObject(); - if (rootValue == nullptr) { - return DCAMERA_BAD_VALUE; - } + CHECK_NULL_RETURN((rootValue == nullptr), DCAMERA_BAD_VALUE); + cJSON_AddStringToObject(rootValue, "Type", type_.c_str()); cJSON_AddStringToObject(rootValue, "dhId", dhId_.c_str()); cJSON_AddStringToObject(rootValue, "Command", command_.c_str()); @@ -36,10 +35,7 @@ int32_t DCameraCaptureInfoCmd::Marshal(std::string& jsonStr) cJSON_AddItemToObject(rootValue, "Value", captureInfos); for (auto iter = value_.begin(); iter != value_.end(); iter++) { std::shared_ptr capture = *iter; - if (capture == nullptr) { - cJSON_Delete(rootValue); - return DCAMERA_BAD_VALUE; - } + CHECK_NULL_FREE_RETURN(capture, DCAMERA_BAD_VALUE, rootValue); cJSON *captureInfo = cJSON_CreateObject(); CHECK_NULL_FREE_RETURN(captureInfo, DCAMERA_BAD_VALUE, rootValue); cJSON_AddItemToArray(captureInfos, captureInfo); @@ -63,6 +59,9 @@ int32_t DCameraCaptureInfoCmd::Marshal(std::string& jsonStr) } } cJSON_AddNumberToObject(rootValue, "mode", sceneMode_); + cJSON_AddNumberToObject(rootValue, "userId", userId_); + cJSON_AddNumberToObject(rootValue, "tokenId", tokenId_); + cJSON_AddStringToObject(rootValue, "accountId", accountId_.c_str()); char *data = cJSON_Print(rootValue); if (data == nullptr) { @@ -78,21 +77,16 @@ int32_t DCameraCaptureInfoCmd::Marshal(std::string& jsonStr) int32_t DCameraCaptureInfoCmd::Unmarshal(const std::string& jsonStr) { cJSON *rootValue = cJSON_Parse(jsonStr.c_str()); - if (rootValue == nullptr) { - return DCAMERA_BAD_VALUE; - } + CHECK_NULL_RETURN((rootValue == nullptr), DCAMERA_BAD_VALUE); + cJSON *type = cJSON_GetObjectItemCaseSensitive(rootValue, "Type"); - if (type == nullptr || !cJSON_IsString(type) || (type->valuestring == nullptr)) { - cJSON_Delete(rootValue); - return DCAMERA_BAD_VALUE; - } + CHECK_AND_FREE_RETURN_RET_LOG((type == nullptr || !cJSON_IsString(type) || (type->valuestring == nullptr)), + DCAMERA_BAD_VALUE, rootValue, "type parse fail."); type_ = type->valuestring; cJSON *dhId = cJSON_GetObjectItemCaseSensitive(rootValue, "dhId"); - if (dhId == nullptr || !cJSON_IsString(dhId) || (dhId->valuestring == nullptr)) { - cJSON_Delete(rootValue); - return DCAMERA_BAD_VALUE; - } + CHECK_AND_FREE_RETURN_RET_LOG((dhId == nullptr || !cJSON_IsString(dhId) || (dhId->valuestring == nullptr)), + DCAMERA_BAD_VALUE, rootValue, "dhId parse fail."); dhId_ = dhId->valuestring; cJSON *command = cJSON_GetObjectItemCaseSensitive(rootValue, "Command"); @@ -110,6 +104,24 @@ int32_t DCameraCaptureInfoCmd::Unmarshal(const std::string& jsonStr) } else { sceneMode_ = mode->valueint; } + cJSON *userId = cJSON_GetObjectItemCaseSensitive(rootValue, "userId"); + if (userId == nullptr || !cJSON_IsNumber(userId)) { + userId_ = -1; + } else { + userId_ = userId->valueint; + } + cJSON *tokenId = cJSON_GetObjectItemCaseSensitive(rootValue, "tokenId"); + if (tokenId == nullptr || !cJSON_IsNumber(tokenId)) { + tokenId_ = 0; + } else { + tokenId_ = tokenId->valueint; + } + cJSON *accountId = cJSON_GetObjectItemCaseSensitive(rootValue, "accountId"); + if (accountId == nullptr || !cJSON_IsString(accountId) || (accountId->valuestring == nullptr)) { + accountId_ = ""; + } else { + accountId_ = accountId->valuestring; + } cJSON_Delete(rootValue); return ret; } diff --git a/services/cameraservice/base/test/unittest/common/base/dcamera_capture_info_cmd_test.cpp b/services/cameraservice/base/test/unittest/common/base/dcamera_capture_info_cmd_test.cpp index 47027af2..19d58ec9 100755 --- a/services/cameraservice/base/test/unittest/common/base/dcamera_capture_info_cmd_test.cpp +++ b/services/cameraservice/base/test/unittest/common/base/dcamera_capture_info_cmd_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -330,6 +330,21 @@ static const std::string TEST_CAPTURE_INFO_CMD_JSON_CAPTURESETTINGS_BODY_VALUE_E ] })"; +static const std::string TEST_CAPTURE_INFO_CMD_JSON_CAPTURESETTINGS_CHECK = R"({ + "Type": "OPERATION", + "dhId": "camrea_0", + "Command": "CAPTURE", + "Value": [ + {"Width": 1920, "Height": 1080, "Format": 1, "DataSpace": 1, + "IsCapture":true, "EncodeType": 1, "StreamType": 1, + "CaptureSettings": [{"SettingType": 1, "SettingValue": 0}]} + ], + "mode": 1, + "userId": 100, + "tokenId": 0, + "accountId": "accountId" +})"; + void DCameraCaptureInfoCmdlTest::SetUpTestCase(void) { @@ -463,6 +478,9 @@ HWTEST_F(DCameraCaptureInfoCmdlTest, Unmarshal_003, TestSize.Level1) ret = cmd.Unmarshal(TEST_CAPTURE_INFO_CMD_JSON_VALUE_ARRAY); EXPECT_EQ(DCAMERA_BAD_VALUE, ret); + + ret = cmd.Unmarshal(TEST_CAPTURE_INFO_CMD_JSON_CAPTURESETTINGS_CHECK); + EXPECT_EQ(DCAMERA_BAD_VALUE, ret); } HWTEST_F(DCameraCaptureInfoCmdlTest, Unmarshal_004, TestSize.Level1) diff --git a/services/cameraservice/sinkservice/BUILD.gn b/services/cameraservice/sinkservice/BUILD.gn index fd93d2d8..7aea5b3c 100644 --- a/services/cameraservice/sinkservice/BUILD.gn +++ b/services/cameraservice/sinkservice/BUILD.gn @@ -106,9 +106,14 @@ ohos_shared_library("distributed_camera_sink") { defines += [ "DUMP_DCAMERA_FILE" ] } + if (os_account_camera) { + defines += [ "OS_ACCOUNT_ENABLE" ] + } + external_deps = [ "access_token:libaccesstoken_sdk", "access_token:libtokenid_sdk", + "access_token:libtokensetproc_shared", "cJSON:cjson", "c_utils:utils", "camera_framework:camera_framework", @@ -128,6 +133,13 @@ ohos_shared_library("distributed_camera_sink") { "samgr:samgr_proxy", ] + if (os_account_camera) { + external_deps += [ + "os_account:libaccountkits", + "os_account:os_account_innerkits", + ] + } + if (device_security_level_camera) { external_deps += [ "device_security_level:dslm_sdk" ] defines += [ "DEVICE_SECURITY_LEVEL_ENABLE" ] diff --git a/services/cameraservice/sinkservice/include/distributedcameramgr/dcamera_sink_controller.h b/services/cameraservice/sinkservice/include/distributedcameramgr/dcamera_sink_controller.h index 3660d51e..441b12ea 100644 --- a/services/cameraservice/sinkservice/include/distributedcameramgr/dcamera_sink_controller.h +++ b/services/cameraservice/sinkservice/include/distributedcameramgr/dcamera_sink_controller.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -53,6 +53,7 @@ public: int32_t PauseDistributedHardware(const std::string &networkId) override; int32_t ResumeDistributedHardware(const std::string &networkId) override; int32_t StopDistributedHardware(const std::string &networkId) override; + void SetTokenId(uint64_t token) override; void OnStateChanged(std::shared_ptr& event); void OnMetadataResult(std::vector>& settings); @@ -85,6 +86,7 @@ private: void ProcessPostAuthorization(const AppExecFwk::InnerEvent::Pointer &event); int32_t CreateCtrlSession(); int32_t CheckSensitive(); + bool CheckAclRight(); bool isInit_; int32_t sessionState_; @@ -105,6 +107,10 @@ private: bool isSameAccount_ = false; bool isCheckSecLevel_ = false; int32_t sceneMode_ = 0; + int32_t userId_ = -1; + uint64_t tokenId_ = 0; + uint64_t sinkTokenId_ = 0; + std::string accountId_ = ""; const std::string SESSION_FLAG = "control"; const std::string SRC_TYPE = "camera"; diff --git a/services/cameraservice/sinkservice/include/distributedcameramgr/dcamera_sink_dev.h b/services/cameraservice/sinkservice/include/distributedcameramgr/dcamera_sink_dev.h index 8d6c15fd..0c8d4c0d 100644 --- a/services/cameraservice/sinkservice/include/distributedcameramgr/dcamera_sink_dev.h +++ b/services/cameraservice/sinkservice/include/distributedcameramgr/dcamera_sink_dev.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2023 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -44,6 +44,7 @@ public: int32_t PauseDistributedHardware(const std::string &networkId); int32_t ResumeDistributedHardware(const std::string &networkId); int32_t StopDistributedHardware(const std::string &networkId); + void SetTokenId(uint64_t token); private: bool isInit_; @@ -51,6 +52,7 @@ private: std::shared_ptr controller_; std::shared_ptr accessControl_; sptr sinkCallback_; + uint64_t tokenId_ = 0; }; } // namespace DistributedHardware } // namespace OHOS diff --git a/services/cameraservice/sinkservice/src/distributedcamera/distributed_camera_sink_service.cpp b/services/cameraservice/sinkservice/src/distributedcamera/distributed_camera_sink_service.cpp index 1c6f2407..8d456ca7 100644 --- a/services/cameraservice/sinkservice/src/distributedcamera/distributed_camera_sink_service.cpp +++ b/services/cameraservice/sinkservice/src/distributedcamera/distributed_camera_sink_service.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -30,6 +30,7 @@ #include "distributed_camera_allconnect_manager.h" #include "distributed_camera_errno.h" #include "distributed_hardware_log.h" +#include "token_setproc.h" namespace OHOS { namespace DistributedHardware { @@ -111,6 +112,7 @@ int32_t DistributedCameraSinkService::InitSink(const std::string& params, g_camDump.camNumber = static_cast(cameras.size()); for (auto& dhId : cameras) { std::shared_ptr sinkDevice = std::make_shared(dhId, sinkCallback); + sinkDevice->SetTokenId(GetFirstCallerTokenID()); ret = sinkDevice->Init(); CHECK_AND_RETURN_RET_LOG(ret != DCAMERA_OK, ret, "sink device init failed, ret: %{public}d", ret); { diff --git a/services/cameraservice/sinkservice/src/distributedcameramgr/dcamera_sink_controller.cpp b/services/cameraservice/sinkservice/src/distributedcameramgr/dcamera_sink_controller.cpp index 089bbfce..09b9e7b8 100644 --- a/services/cameraservice/sinkservice/src/distributedcameramgr/dcamera_sink_controller.cpp +++ b/services/cameraservice/sinkservice/src/distributedcameramgr/dcamera_sink_controller.cpp @@ -42,6 +42,10 @@ #include "idistributed_camera_source.h" #include "ipc_skeleton.h" #include "dcamera_low_latency.h" +#ifdef OS_ACCOUNT_ENABLE +#include "ohos_account_kits.h" +#include "os_account_manager.h" +#endif #include namespace OHOS { @@ -550,18 +554,18 @@ void DCameraSinkController::OnSessionState(int32_t state, std::string networkId) DHLOGI("channel is disconnected"); ffrt::submit([this]() { DHLOGI("DCameraSinkController::OnSessionState %{public}s new thread session state: %{public}d", - GetAnonyString(dhId_).c_str(), sessionState_); + GetAnonyString(dhId_).c_str(), sessionState_); prctl(PR_SET_NAME, CHANNEL_DISCONNECTED.c_str()); std::lock_guard autoLock(autoLock_); int32_t ret = CloseChannel(); if (ret != DCAMERA_OK) { DHLOGE("session state: %{public}d, %{public}s close channel failed, ret: %{public}d", - sessionState_, GetAnonyString(dhId_).c_str(), ret); + sessionState_, GetAnonyString(dhId_).c_str(), ret); } ret = StopCapture(); if (ret != DCAMERA_OK) { DHLOGE("session state: %{public}d, %{public}s stop capture failed, ret: %{public}d", - sessionState_, GetAnonyString(dhId_).c_str(), ret); + sessionState_, GetAnonyString(dhId_).c_str(), ret); } }); break; @@ -668,6 +672,13 @@ int32_t DCameraSinkController::HandleReceivedData(std::shared_ptr& d return ret; } sceneMode_ = captureInfoCmd.sceneMode_; + userId_ = captureInfoCmd.userId_; + tokenId_ = captureInfoCmd.tokenId_; + accountId_ = captureInfoCmd.accountId_; + if (!CheckAclRight()) { + DHLOGE("ACL check failed."); + return DCAMERA_BAD_VALUE; + } return StartCapture(captureInfoCmd.value_, sceneMode_); } else if ((!command.empty()) && (command.compare(DCAMERA_PROTOCOL_CMD_UPDATE_METADATA) == 0)) { DCameraMetadataSettingCmd metadataSettingCmd; @@ -684,6 +695,54 @@ int32_t DCameraSinkController::HandleReceivedData(std::shared_ptr& d return DCAMERA_BAD_VALUE; } +bool DCameraSinkController::CheckAclRight() +{ + if (userId_ == -1) { + DHLOGI("Acl check version compatibility processing."); + return true; + } + std::string sinkDevId; + int32_t ret = GetLocalDeviceNetworkId(sinkDevId); + CHECK_AND_RETURN_RET_LOG(ret != DCAMERA_OK, false, "GetLocalDeviceNetworkId failed, ret: %{public}d", ret); + int32_t userId = -1; + std::string accountId = ""; +#ifdef OS_ACCOUNT_ENABLE + std::vector ids; + ret = AccountSA::OsAccountManager::QueryActiveOsAccountIds(ids); + CHECK_AND_RETURN_RET_LOG(ret != DCAMERA_OK || ids.empty(), false, + "Get userId from active os accountIds fail, ret: %{public}d", ret); + userId = ids[0]; + + AccountSA::OhosAccountInfo osAccountInfo; + ret = AccountSA::OhosAccountKits::GetInstance().GetOhosAccountInfo(osAccountInfo); + CHECK_AND_RETURN_RET_LOG(ret != DCAMERA_OK, false, + "Get accountId from ohos account info fail, ret: %{public}d", ret); + accountId = osAccountInfo.uid_; +#endif + ret = DeviceManager::GetInstance().InitDeviceManager(DCAMERA_PKG_NAME, initCallback_); + if (ret != DCAMERA_OK) { + DHLOGE("InitDeviceManager failed ret = %{public}d", ret); + return false; + } + DmAccessCaller dmSrcCaller = { + .accountId = accountId_, + .pkgName = DCAMERA_PKG_NAME, + .networkId = srcDevId_, + .userId = userId_, + .tokenId = tokenId_, + }; + DmAccessCallee dmDstCallee = { + .networkId = sinkDevId, + .accountId = accountId, + .userId = userId, + .tokenId = sinkTokenId_, + .pkgName = DCAMERA_PKG_NAME, + }; + DHLOGI("CheckAclRight srcDevId: %{public}s, accountId: %{public}s, sinkDevId: %{public}s", + GetAnonyString(srcDevId_).c_str(), GetAnonyString(accountId).c_str(), GetAnonyString(sinkDevId).c_str()); + return DeviceManager::GetInstance().CheckSinkAccessControl(dmSrcCaller, dmDstCallee); +} + int32_t DCameraSinkController::PauseDistributedHardware(const std::string &networkId) { DHLOGI("Pause distributed hardware dhId: %{public}s", GetAnonyString(dhId_).c_str()); @@ -822,6 +881,11 @@ bool DCameraSinkController::CheckPermission() return uid == DCAMERA_UID; } +void DCameraSinkController::SetTokenId(uint64_t token) +{ + sinkTokenId_ = token; +} + void DeviceInitCallback::OnRemoteDied() { DHLOGI("DeviceInitCallback OnRemoteDied"); diff --git a/services/cameraservice/sinkservice/src/distributedcameramgr/dcamera_sink_dev.cpp b/services/cameraservice/sinkservice/src/distributedcameramgr/dcamera_sink_dev.cpp index b2581d87..9185dbb9 100644 --- a/services/cameraservice/sinkservice/src/distributedcameramgr/dcamera_sink_dev.cpp +++ b/services/cameraservice/sinkservice/src/distributedcameramgr/dcamera_sink_dev.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2023 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -45,6 +45,7 @@ int32_t DCameraSinkDev::Init() DHLOGI("Init dhId: %{public}s", GetAnonyString(dhId_).c_str()); accessControl_ = std::make_shared(); controller_ = std::make_shared(accessControl_, sinkCallback_); + controller_->SetTokenId(tokenId_); DCameraIndex index("", dhId_); std::vector indexs; indexs.push_back(index); @@ -210,5 +211,10 @@ int32_t DCameraSinkDev::StopDistributedHardware(const std::string &networkId) return controller_->StopDistributedHardware(networkId); } + +void DCameraSinkDev::SetTokenId(uint64_t token) +{ + tokenId_ = token; +} } // namespace DistributedHardware } // namespace OHOS \ No newline at end of file diff --git a/services/cameraservice/sinkservice/test/unittest/common/distributedcameramgr/dcamera_sink_controller_test.cpp b/services/cameraservice/sinkservice/test/unittest/common/distributedcameramgr/dcamera_sink_controller_test.cpp index e4e62788..5459cee7 100644 --- a/services/cameraservice/sinkservice/test/unittest/common/distributedcameramgr/dcamera_sink_controller_test.cpp +++ b/services/cameraservice/sinkservice/test/unittest/common/distributedcameramgr/dcamera_sink_controller_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -798,5 +798,17 @@ HWTEST_F(DCameraSinkControllerTest, dcamera_sink_controller_test_035, TestSize.L EXPECT_EQ(result, DCAMERA_BAD_VALUE); } +/** + * @tc.name: dcamera_sink_controller_test_036 + * @tc.desc: Verify function. + * @tc.type: FUNC + * @tc.require: DTS + */ +HWTEST_F(DCameraSinkControllerTest, dcamera_sink_controller_test_036, TestSize.Level1) +{ + EXPECT_TRUE(controller_->CheckAclRight()); + controller_->userId_ = 100; + EXPECT_FALSE(controller_->CheckAclRight()); +} } // namespace DistributedHardware } // namespace OHOS \ No newline at end of file diff --git a/services/cameraservice/sinkservice/test/unittest/common/distributedcameramgr/mock_dcamera_sink_controller.h b/services/cameraservice/sinkservice/test/unittest/common/distributedcameramgr/mock_dcamera_sink_controller.h index dec6dbd0..3d1d4cfd 100644 --- a/services/cameraservice/sinkservice/test/unittest/common/distributedcameramgr/mock_dcamera_sink_controller.h +++ b/services/cameraservice/sinkservice/test/unittest/common/distributedcameramgr/mock_dcamera_sink_controller.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -93,6 +93,9 @@ public: { return DCAMERA_OK; } + void SetTokenId(uint64_t token) + { + } }; } // namespace DistributedHardware } // namespace OHOS diff --git a/services/cameraservice/sourceservice/BUILD.gn b/services/cameraservice/sourceservice/BUILD.gn index 4b6bc930..8c2b1d96 100644 --- a/services/cameraservice/sourceservice/BUILD.gn +++ b/services/cameraservice/sourceservice/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021-2024 Huawei Device Co., Ltd. +# Copyright (c) 2021-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -119,6 +119,10 @@ ohos_shared_library("distributed_camera_source") { defines += [ "DUMP_DCAMERA_FILE" ] } + if (os_account_camera) { + defines += [ "OS_ACCOUNT_ENABLE" ] + } + if (!distributed_camera_common) { cflags = [ "-DDCAMERA_MMAP_RESERVE" ] } @@ -126,10 +130,12 @@ ohos_shared_library("distributed_camera_source") { external_deps = [ "access_token:libaccesstoken_sdk", "access_token:libtokenid_sdk", + "access_token:libtokensetproc_shared", "av_codec:av_codec_client", "cJSON:cjson", "c_utils:utils", "camera_framework:camera_framework", + "device_manager:devicemanagersdk", "distributed_hardware_fwk:distributed_av_receiver", "distributed_hardware_fwk:distributedhardwareutils", "distributed_hardware_fwk:libdhfwk_sdk", @@ -151,6 +157,13 @@ ohos_shared_library("distributed_camera_source") { "samgr:samgr_proxy", ] + if (os_account_camera) { + external_deps += [ + "os_account:libaccountkits", + "os_account:os_account_innerkits", + ] + } + subsystem_name = "distributedhardware" part_name = "distributed_camera" diff --git a/services/cameraservice/sourceservice/include/distributedcameramgr/dcamera_source_dev.h b/services/cameraservice/sourceservice/include/distributedcameramgr/dcamera_source_dev.h index eadc30ab..15484d23 100644 --- a/services/cameraservice/sourceservice/include/distributedcameramgr/dcamera_source_dev.h +++ b/services/cameraservice/sourceservice/include/distributedcameramgr/dcamera_source_dev.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -69,6 +69,7 @@ public: void SetHicollieFlag(bool flag); bool GetHicollieFlag(); int32_t GetFullCaps(); + void SetTokenId(uint64_t token); class DCameraSourceDevEventHandler : public AppExecFwk::EventHandler { public: @@ -120,6 +121,7 @@ private: std::atomic hicollieFlag_ = true; sptr hdiCallback_; int32_t sceneMode_ = 0; + uint64_t tokenId_ = 0; std::map memberFuncMap_; std::map eventResultMap_; diff --git a/services/cameraservice/sourceservice/include/distributedcameramgr/dcameracontrol/dcamera_source_controller.h b/services/cameraservice/sourceservice/include/distributedcameramgr/dcameracontrol/dcamera_source_controller.h index e5c4aca0..7e7bb417 100644 --- a/services/cameraservice/sourceservice/include/distributedcameramgr/dcameracontrol/dcamera_source_controller.h +++ b/services/cameraservice/sourceservice/include/distributedcameramgr/dcameracontrol/dcamera_source_controller.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,6 +24,7 @@ #include "dcamera_source_state_machine.h" #include "icamera_channel.h" #include "iremote_object.h" +#include "device_manager.h" #include "v1_1/id_camera_provider.h" @@ -48,6 +49,7 @@ public: int32_t PauseDistributedHardware(const std::string &networkId) override; int32_t ResumeDistributedHardware(const std::string &networkId) override; int32_t StopDistributedHardware(const std::string &networkId) override; + void SetTokenId(uint64_t token) override; void OnSessionState(int32_t state, std::string networkId); void OnSessionError(int32_t eventType, int32_t eventReason, std::string detail); @@ -58,6 +60,8 @@ private: void PostChannelDisconnectedEvent(); int32_t PublishEnableLatencyMsg(const std::string& devId); void HandleReceivedData(std::shared_ptr &dataBuffer); + bool CheckAclRight(); + bool GetOsAccountInfo(); class DCameraHdiRecipient : public IRemoteObject::DeathRecipient { public: void OnRemoteDied(const wptr &remote) override; @@ -84,6 +88,14 @@ private: std::atomic isChannelConnected_ = false; std::mutex channelMtx_; std::condition_variable channelCond_; + std::string accountId_ = ""; + int32_t userId_ = -1; + std::string srcDevId_ = ""; + uint64_t tokenId_ = 0; +}; + +class DeviceInitCallback : public DmInitCallback { + void OnRemoteDied() override; }; } // namespace DistributedHardware } // namespace OHOS diff --git a/services/cameraservice/sourceservice/src/distributedcamera/distributed_camera_source_service.cpp b/services/cameraservice/sourceservice/src/distributedcamera/distributed_camera_source_service.cpp index db51843b..3f9a0c34 100644 --- a/services/cameraservice/sourceservice/src/distributedcamera/distributed_camera_source_service.cpp +++ b/services/cameraservice/sourceservice/src/distributedcamera/distributed_camera_source_service.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2023 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -37,6 +37,7 @@ #include "distributed_camera_errno.h" #include "distributed_hardware_log.h" #include "dcamera_handler.h" +#include "token_setproc.h" namespace OHOS { namespace DistributedHardware { @@ -250,6 +251,7 @@ int32_t DistributedCameraSourceService::RegisterDistributedHardware(const std::s "dcamera source RegisterDistributedHardware fail."); CamDevErase(camIndex); } + camDev->SetTokenId(GetFirstCallerTokenID()); DHLOGI("RegisterDistributedHardware end devId: %{public}s, dhId: %{public}s, sinkVersion: %{public}s", GetAnonyString(devId).c_str(), GetAnonyString(dhId).c_str(), params.sinkVersion.c_str()); return ret; diff --git a/services/cameraservice/sourceservice/src/distributedcameramgr/dcamera_source_dev.cpp b/services/cameraservice/sourceservice/src/distributedcameramgr/dcamera_source_dev.cpp index 3c92ae9d..595e2e7b 100644 --- a/services/cameraservice/sourceservice/src/distributedcameramgr/dcamera_source_dev.cpp +++ b/services/cameraservice/sourceservice/src/distributedcameramgr/dcamera_source_dev.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -464,6 +464,7 @@ int32_t DCameraSourceDev::OpenCamera() DHLOGI("DCameraSourceDev Execute OpenCamera devId %{public}s dhId %{public}s", GetAnonyString(devId_).c_str(), GetAnonyString(dhId_).c_str()); ReportCameraOperaterEvent(OPEN_CAMERA_EVENT, GetAnonyString(devId_), dhId_, "execute open camera event."); + controller_->SetTokenId(tokenId_); std::shared_ptr openInfo = std::make_shared(); int32_t ret = GetLocalDeviceNetworkId(openInfo->sourceDevId_); DcameraRadar::GetInstance().ReportDcameraOpen("GetLocalDeviceNetworkId", CameraOpen::OPEN_CAMERA, @@ -874,5 +875,10 @@ bool DCameraSourceDev::GetHicollieFlag() { return hicollieFlag_.load(); } + +void DCameraSourceDev::SetTokenId(uint64_t token) +{ + tokenId_ = token; +} } // namespace DistributedHardware } // namespace OHOS diff --git a/services/cameraservice/sourceservice/src/distributedcameramgr/dcameracontrol/dcamera_source_controller.cpp b/services/cameraservice/sourceservice/src/distributedcameramgr/dcameracontrol/dcamera_source_controller.cpp index 03a47786..08680d05 100644 --- a/services/cameraservice/sourceservice/src/distributedcameramgr/dcameracontrol/dcamera_source_controller.cpp +++ b/services/cameraservice/sourceservice/src/distributedcameramgr/dcameracontrol/dcamera_source_controller.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -38,6 +38,10 @@ #include "distributed_hardware_log.h" #include "idistributed_camera_sink.h" #include "dcamera_low_latency.h" +#ifdef OS_ACCOUNT_ENABLE +#include "ohos_account_kits.h" +#include "os_account_manager.h" +#endif namespace OHOS { namespace DistributedHardware { @@ -80,6 +84,9 @@ int32_t DCameraSourceController::StartCapture(std::vector& o std::string devId = indexs_.begin()->devId_; DHLOGI("DCameraSourceController OpenChannel Start, devId: %{public}s, dhId: %{public}s", GetAnonyString(devId).c_str(), GetAnonyString(dhId).c_str()); + srcDevId_ = openInfo->sourceDevId_; + if (!CheckAclRight()) { + DHLOGE("ACL check failed."); + return DCAMERA_BAD_OPERATE; + } if (!ManageSelectChannel::GetInstance().GetSrcConnect()) { sptr camSinkSrv = DCameraSourceServiceIpc::GetInstance().GetSinkRemoteCamSrv(devId); if (camSinkSrv == nullptr) { @@ -367,6 +379,53 @@ int32_t DCameraSourceController::OpenChannel(std::shared_ptr& o return PublishEnableLatencyMsg(devId); } +bool DCameraSourceController::CheckAclRight() +{ + if (!GetOsAccountInfo()) { + return false; + } + std::shared_ptr initCallback = std::make_shared(); + int32_t ret = DeviceManager::GetInstance().InitDeviceManager(DCAMERA_PKG_NAME, initCallback); + if (ret != DCAMERA_OK) { + DHLOGE("InitDeviceManager failed ret = %{public}d", ret); + return false; + } + DmAccessCaller dmSrcCaller = { + .accountId = accountId_, + .pkgName = DCAMERA_PKG_NAME, + .networkId = srcDevId_, + .userId = userId_, + .tokenId = tokenId_, + }; + DmAccessCallee dmDstCallee = { + .networkId = devId_, + }; + DHLOGI("CheckAclRight dmSrcCaller networkId: %{public}s, accountId: %{public}s, devId: %{public}s", + GetAnonyString(srcDevId_).c_str(), GetAnonyString(accountId_).c_str(), GetAnonyString(devId_).c_str()); + if (DeviceManager::GetInstance().CheckSrcAccessControl(dmSrcCaller, dmDstCallee)) { + return true; + } + return false; +} + +bool DCameraSourceController::GetOsAccountInfo() +{ +#ifdef OS_ACCOUNT_ENABLE + std::vector ids; + int32_t ret = AccountSA::OsAccountManager::QueryActiveOsAccountIds(ids); + CHECK_AND_RETURN_RET_LOG(ret != DCAMERA_OK || ids.empty(), false, + "Get userId from active os accountIds fail, ret: %{public}d", ret); + userId_ = ids[0]; + + AccountSA::OhosAccountInfo osAccountInfo; + ret = AccountSA::OhosAccountKits::GetInstance().GetOhosAccountInfo(osAccountInfo); + CHECK_AND_RETURN_RET_LOG(ret != DCAMERA_OK, false, + "Get accountId from ohos account info fail, ret: %{public}d", ret); + accountId_ = osAccountInfo.uid_; +#endif + return true; +} + int32_t DCameraSourceController::CloseChannel() { if (indexs_.empty() || indexs_.size() > DCAMERA_MAX_NUM) { @@ -593,5 +652,15 @@ void DCameraSourceController::DCameraHdiRecipient::OnRemoteDied(const wptrInit(indexs_); EXPECT_EQ(ret, DCAMERA_INIT_ERR); DCameraIndex index1; @@ -536,7 +536,7 @@ HWTEST_F(DCameraSourceControllerTest, dcamera_source_controller_test_015_1, Test std::shared_ptr openInfo = std::make_shared(); int32_t ret = GetLocalDeviceNetworkId(openInfo->sourceDevId_); ret = controller_->OpenChannel(openInfo); - controller_->UnInit(); + ret = controller_->UnInit(); ManageSelectChannel::GetInstance().SetSrcConnect(saved); EXPECT_EQ(ret, DCAMERA_OK); } @@ -764,6 +764,7 @@ HWTEST_F(DCameraSourceControllerTest, dcamera_source_controller_test_023, TestSi } controller_->HandleReceivedData(dataBuffer); cJSON_Delete(metaJson1); + EXPECT_FALSE(controller_->CheckAclRight()); } } diff --git a/services/cameraservice/sourceservice/test/unittest/common/distributedcameramgr/mock_dcamera_source_controller.h b/services/cameraservice/sourceservice/test/unittest/common/distributedcameramgr/mock_dcamera_source_controller.h index a01f611c..7e462076 100644 --- a/services/cameraservice/sourceservice/test/unittest/common/distributedcameramgr/mock_dcamera_source_controller.h +++ b/services/cameraservice/sourceservice/test/unittest/common/distributedcameramgr/mock_dcamera_source_controller.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -85,6 +85,9 @@ public: { return DCAMERA_OK; } + void SetTokenId(uint64_t token) + { + } }; class MockDCameraSourceControllerRetErr : public MockDCameraSourceController { public: -- Gitee