From 2a20a625e4f255bb6f7fbb3d389f27ef3fe07040 Mon Sep 17 00:00:00 2001 From: bigtea Date: Mon, 19 May 2025 15:42:20 +0800 Subject: [PATCH] Add accesstoken user data dfx Signed-off-by: bigtea --- BUILD.gn | 3 +- services/accesstokenmanager/BUILD.gn | 4 +- .../service/accesstoken_manager_service.cpp | 4 +- services/common/BUILD.gn | 3 + services/common/dfx/include/data_usage_dfx.h | 34 ++++++ services/common/dfx/src/data_usage_dfx.cpp | 93 +++++++++++++++ services/common/dfx/test/BUILD.gn | 55 +++++++++ .../common/dfx/test/unittest/dfx_test.cpp | 106 ++++++++++++++++++ services/privacymanager/BUILD.gn | 1 + .../src/service/privacy_manager_service.cpp | 2 + 10 files changed, 301 insertions(+), 4 deletions(-) create mode 100644 services/common/dfx/include/data_usage_dfx.h create mode 100644 services/common/dfx/src/data_usage_dfx.cpp create mode 100644 services/common/dfx/test/BUILD.gn create mode 100644 services/common/dfx/test/unittest/dfx_test.cpp diff --git a/BUILD.gn b/BUILD.gn index da01e9973..f0c10144b 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -29,7 +29,8 @@ group("accesstoken_build_module_test") { "interfaces/innerkits/token_setproc/test:unittest", "services/accesstokenmanager/test:unittest", "services/common/database/test:unittest", - "services/common/json_parse/test:unittest" + "services/common/dfx/test:unittest", + "services/common/json_parse/test:unittest", ] if (ability_base_enable == true) { deps += [ diff --git a/services/accesstokenmanager/BUILD.gn b/services/accesstokenmanager/BUILD.gn index 334112d18..afcff493e 100644 --- a/services/accesstokenmanager/BUILD.gn +++ b/services/accesstokenmanager/BUILD.gn @@ -55,6 +55,7 @@ if (is_standard_system) { "${access_token_path}/services/common/app_manager/include", "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/database/include", + "${access_token_path}/services/common/dfx/include", "${access_token_path}/services/common/handler/include", "${access_token_path}/services/common/libraryloader/include", "${access_token_path}/services/common/utils/include", @@ -198,8 +199,7 @@ if (is_standard_system) { if (security_component_enhance_enable == true) { cflags_cc += [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] - sources += - [ "main/cpp/src/seccomp/sec_comp_enhance_agent.cpp" ] + sources += [ "main/cpp/src/seccomp/sec_comp_enhance_agent.cpp" ] } if ("${target_platform}" == "watch" || "${target_platform}" == "wearable") { cflags_cc += [ "-DDYNAMIC_CLOSE_LIBS" ] diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index e9d93c5e3..0fa0febd3 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -26,6 +26,7 @@ #include "accesstoken_info_manager.h" #include "accesstoken_service_ipc_interface_code.h" #include "constant_common.h" +#include "data_usage_dfx.h" #include "data_validator.h" #include "hap_token_info.h" #include "hap_token_info_inner.h" @@ -1408,6 +1409,7 @@ bool AccessTokenManagerService::Initialize() GetConfigValue(dfxInfo.parseConfigFlag); ReportSysEventServiceStart(dfxInfo); + ReportAccessTokenUserData(); LOGI(ATM_DOMAIN, ATM_TAG, "Initialize success"); return true; } diff --git a/services/common/BUILD.gn b/services/common/BUILD.gn index 3b4a6b43f..6fffa17a6 100644 --- a/services/common/BUILD.gn +++ b/services/common/BUILD.gn @@ -18,6 +18,7 @@ config("accesstoken_service_common_public_config") { visibility = [ ":*" ] include_dirs = [ "app_manager/include", + "dfx/include", "database/include", "libraryloader/include", "random/include", @@ -53,6 +54,7 @@ ohos_static_library("accesstoken_service_common") { "database/src/sqlite_helper.cpp", "database/src/statement.cpp", "database/src/variant_value.cpp", + "dfx/src/data_usage_dfx.cpp", "libraryloader/src/libraryloader.cpp", "random/src/random_openssl.cpp", ] @@ -69,6 +71,7 @@ ohos_static_library("accesstoken_service_common") { external_deps = [ "c_utils:utils", "hilog:libhilog", + "hisysevent:libhisysevent", "ipc:ipc_single", "openssl:libcrypto_shared", "safwk:system_ability_fwk", diff --git a/services/common/dfx/include/data_usage_dfx.h b/services/common/dfx/include/data_usage_dfx.h new file mode 100644 index 000000000..121407f74 --- /dev/null +++ b/services/common/dfx/include/data_usage_dfx.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESSTOKEN_DATA_USAGE_DFX_H +#define ACCESSTOKEN_DATA_USAGE_DFX_H + +#include +#include +#include "access_token.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +uint64_t GetUserDataRemainSize(); +uint64_t GetFileSize(const char* filePath); +void GetDatabaseFileSize(const std::string& name, std::vector& filePath, std::vector& fileSize); +void ReportAccessTokenUserData(); +void ReportPrivacyUserData(); +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESSTOKEN_DATA_USAGE_DFX_H diff --git a/services/common/dfx/src/data_usage_dfx.cpp b/services/common/dfx/src/data_usage_dfx.cpp new file mode 100644 index 000000000..46f35018e --- /dev/null +++ b/services/common/dfx/src/data_usage_dfx.cpp @@ -0,0 +1,93 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "data_usage_dfx.h" + +#include +#include "accesstoken_common_log.h" +#include "directory_ex.h" +#include "hisysevent.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +constexpr const char* ACCESSTOKEN_NAME = "access_token"; +constexpr const char* NATIVE_CFG_FILE_PATH = "/data/service/el0/access_token/nativetoken.json"; +constexpr const char* DATABASE_DIR_PATH = "/data/service/el1/public/access_token/"; +constexpr const char* DATA_FOLDER = "/data"; +constexpr const char* ACCESSTOKEN_DATABASE_NAME = "access_token.db"; +constexpr const char* ACCESSTOKEN_DATABASE_NAME_BACK = "access_token_slave.db"; +constexpr const char* PRIVACY_DATABASE_NAME = "permission_used_record.db"; +static constexpr uint64_t INVALID_SIZE = 0; +} + +uint64_t GetUserDataRemainSize() +{ + struct statfs stat; + if (statfs(DATA_FOLDER, &stat) != 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to get data remain size."); + return INVALID_SIZE; + } + return static_cast(stat.f_bfree) * stat.f_bsize; +} + +uint64_t GetFileSize(const char* filePath) +{ + struct stat fileInfo; + if (stat(filePath, &fileInfo) != 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to get file stat, path=%{public}s.", filePath); + return INVALID_SIZE; + } + return fileInfo.st_size; +} + +void GetDatabaseFileSize(const std::string& name, std::vector& filePath, std::vector& fileSize) +{ + std::vector files; + GetDirFiles(DATABASE_DIR_PATH, files); + for (const std::string& file : files) { + if (file.find(name) != std::string::npos) { + fileSize.emplace_back(GetFileSize(file.c_str())); + filePath.emplace_back(file); + } + } +} + +void ReportAccessTokenUserData() +{ + std::vector filePath = { NATIVE_CFG_FILE_PATH }; + std::vector fileSize = { GetFileSize(NATIVE_CFG_FILE_PATH) }; + GetDatabaseFileSize(ACCESSTOKEN_DATABASE_NAME, filePath, fileSize); + GetDatabaseFileSize(ACCESSTOKEN_DATABASE_NAME_BACK, filePath, fileSize); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::FILEMANAGEMENT, "USER_DATA_SIZE", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "COMPONENT_NAME", ACCESSTOKEN_NAME, "PARTITION_NAME", DATA_FOLDER, + "REMAIN_PARTITION_SIZE", GetUserDataRemainSize(), + "FILE_OR_FOLDER_PATH", filePath, "FILE_OR_FOLDER_SIZE", fileSize); +} + +void ReportPrivacyUserData() +{ + std::vector filePath; + std::vector fileSize; + GetDatabaseFileSize(PRIVACY_DATABASE_NAME, filePath, fileSize); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::FILEMANAGEMENT, "USER_DATA_SIZE", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "COMPONENT_NAME", ACCESSTOKEN_NAME, "PARTITION_NAME", DATA_FOLDER, + "REMAIN_PARTITION_SIZE", GetUserDataRemainSize(), + "FILE_OR_FOLDER_PATH", filePath, "FILE_OR_FOLDER_SIZE", fileSize); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/services/common/dfx/test/BUILD.gn b/services/common/dfx/test/BUILD.gn new file mode 100644 index 000000000..ac387e2fe --- /dev/null +++ b/services/common/dfx/test/BUILD.gn @@ -0,0 +1,55 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/test.gni") +import("../../../../access_token.gni") + +ohos_unittest("libdfx_test") { + subsystem_name = "accesscontrol" + module_out_path = module_output_path_unittest_accesstoken + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + + include_dirs = [ + "${access_token_path}/frameworks/accesstoken/include", + "${access_token_path}/frameworks/common/include", + "${access_token_path}/services/common/dfx/include", + ] + + sources = [ "unittest/dfx_test.cpp" ] + + configs = [ "${access_token_path}/config:coverage_flags" ] + + cflags_cc = [ "-DHILOG_ENABLE" ] + + deps = [ + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${access_token_path}/frameworks/common:accesstoken_common_cxx", + "${access_token_path}/services/common:accesstoken_service_common", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "hisysevent:libhisysevent", + ] +} + +group("unittest") { + testonly = true + deps = [ ":libdfx_test" ] +} diff --git a/services/common/dfx/test/unittest/dfx_test.cpp b/services/common/dfx/test/unittest/dfx_test.cpp new file mode 100644 index 000000000..856fd8b55 --- /dev/null +++ b/services/common/dfx/test/unittest/dfx_test.cpp @@ -0,0 +1,106 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include "data_usage_dfx.h" +#include +#include + +using namespace testing::ext; + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +constexpr const char* INVALID_FILE = "/data/123456/xyz"; +constexpr const char* ACCESSTOKEN_DATABASE_NAME = "access_token.db"; +constexpr const char* TEST_FILE_PATH = "/data/test/dfx_test_file.txt"; +constexpr const char* TEST_TXT = "1234567890abcdefghij"; +constexpr int32_t TEST_SIZE = 20; +} // namespace +class DfxTest : public testing::Test { +public: + static void SetUpTestCase(void); + static void TearDownTestCase(void); + void SetUp(); + void TearDown(); +}; + +void DfxTest::SetUpTestCase() {} +void DfxTest::TearDownTestCase() {} +void DfxTest::SetUp() {} +void DfxTest::TearDown() {} + +/** + * @tc.name: GetUserDataRemainSizeTest001 + * @tc.desc: Test GetUserDataRemainSize function + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(DfxTest, GetUserDataRemainSizeTest001, TestSize.Level1) +{ + // expect size > 0 + uint64_t size = GetUserDataRemainSize(); + EXPECT_GT(size, 0); +} + +/** + * @tc.name: GetFileSizeTest001 + * @tc.desc: Test GetFileSize function + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(DfxTest, GetFileSizeTest001, TestSize.Level1) +{ + FILE* file = fopen(TEST_FILE_PATH, "w"); + size_t written = fwrite(TEST_TXT, sizeof(char), TEST_SIZE, file); + EXPECT_EQ(written, TEST_SIZE); + fclose(file); + + // test file size is 20 + uint64_t testFileSize = GetFileSize(TEST_FILE_PATH); + EXPECT_EQ(testFileSize, TEST_SIZE); + + remove(TEST_FILE_PATH); + + // invalid file size is 0 + uint64_t invalidSize = GetFileSize(INVALID_FILE); + EXPECT_EQ(invalidSize, 0); +} + +/** + * @tc.name: GetDatabaseFileSizeTest001 + * @tc.desc: Test GetDatabaseFileSize function + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(DfxTest, GetDatabaseFileSizeTest001, TestSize.Level1) +{ + std::vector filePath; + std::vector fileSize; + GetDatabaseFileSize(ACCESSTOKEN_DATABASE_NAME, filePath, fileSize); + EXPECT_GT(filePath.size(), 0); + EXPECT_GT(fileSize.size(), 0); + EXPECT_EQ(filePath.size(), fileSize.size()); + + std::vector invalidFilePath; + std::vector invalidFileSize; + GetDatabaseFileSize(INVALID_FILE, invalidFilePath, invalidFileSize); + EXPECT_EQ(invalidFilePath.size(), 0); + EXPECT_EQ(invalidFileSize.size(), 0); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/privacymanager/BUILD.gn b/services/privacymanager/BUILD.gn index a397ebdb7..3918d3409 100644 --- a/services/privacymanager/BUILD.gn +++ b/services/privacymanager/BUILD.gn @@ -155,6 +155,7 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/services/common/app_manager/include", "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/database/include", + "${access_token_path}/services/common/dfx/include", "${access_token_path}/services/common/handler/include", "${access_token_path}/services/common/libraryloader/include", "${access_token_path}/services/common/screenlock_manager/include", diff --git a/services/privacymanager/src/service/privacy_manager_service.cpp b/services/privacymanager/src/service/privacy_manager_service.cpp index 046b6b4c8..75887d9b8 100644 --- a/services/privacymanager/src/service/privacy_manager_service.cpp +++ b/services/privacymanager/src/service/privacy_manager_service.cpp @@ -28,6 +28,7 @@ #endif //COMMON_EVENT_SERVICE_ENABLE #include "constant_common.h" #include "constant.h" +#include "data_usage_dfx.h" #include "ipc_skeleton.h" #include "permission_record_manager.h" #include "privacy_error.h" @@ -519,6 +520,7 @@ bool PrivacyManagerService::Initialize() eventHandler_ = std::make_shared(eventRunner_); ActiveStatusCallbackManager::GetInstance().InitEventHandler(eventHandler_); #endif + ReportPrivacyUserData(); return true; } -- Gitee