From 8d25d4871c5302e09e4bc04e70404803d382d66d Mon Sep 17 00:00:00 2001 From: zhangzezhong Date: Wed, 18 Jun 2025 16:15:21 +0800 Subject: [PATCH] el5filekeymanager_0618 Signed-off-by: zhangzezhong --- frameworks/ets/ani/BUILD.gn | 1 + frameworks/ets/ani/el5filekeymanager/BUILD.gn | 79 +++++ .../@ohos.ability.screenLockFileManager.ets | 82 +++++ .../include/screen_lock_file_manager.h | 45 +++ .../src/screen_lock_file_manager.cpp | 328 ++++++++++++++++++ 5 files changed, 535 insertions(+) create mode 100644 frameworks/ets/ani/el5filekeymanager/BUILD.gn create mode 100644 frameworks/ets/ani/el5filekeymanager/ets/@ohos.ability.screenLockFileManager.ets create mode 100644 frameworks/ets/ani/el5filekeymanager/include/screen_lock_file_manager.h create mode 100644 frameworks/ets/ani/el5filekeymanager/src/screen_lock_file_manager.cpp diff --git a/frameworks/ets/ani/BUILD.gn b/frameworks/ets/ani/BUILD.gn index 213648161..ace11f6a6 100644 --- a/frameworks/ets/ani/BUILD.gn +++ b/frameworks/ets/ani/BUILD.gn @@ -20,6 +20,7 @@ group("arkts_package") { "accesstoken:accesstoken_ets", "common:common_ets", "privacy:privacy_ets", + "el5filekeymanager:el5filekeymanager_ets", ] } } diff --git a/frameworks/ets/ani/el5filekeymanager/BUILD.gn b/frameworks/ets/ani/el5filekeymanager/BUILD.gn new file mode 100644 index 000000000..e5fcfa084 --- /dev/null +++ b/frameworks/ets/ani/el5filekeymanager/BUILD.gn @@ -0,0 +1,79 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//base/security/access_token/access_token.gni") +import("//build/config/components/ets_frontend/ets2abc_config.gni") +import("//build/ohos.gni") +import("//build/ohos/ace/ace.gni") + +ohos_shared_library("el5filekeymanager_ani") { + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + + cflags_cc = [ "-DHILOG_ENABLE" ] + include_dirs = [ + "${access_token_path}/frameworks/common/include", + "${access_token_path}/interfaces/innerkits/accesstoken/include", + "${access_token_path}/interfaces/innerkits/privacy/include", + "${access_token_path}/frameworks/ets/ani/common/include", + "${access_token_path}/frameworks/ets/ani/privacy/include", + "./include", + "${access_token_path}/interfaces/inner_api/el5filekeymanager/include", + ] + sources = [ "src/screen_lock_file_manager.cpp" ] + + deps = [ + "${access_token_path}/frameworks/ets/ani/common:libani_common", + "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk", + "${access_token_path}/interfaces/inner_api/el5filekeymanager:el5_filekey_manager_sdk", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_single", + "napi:ace_napi", + "runtime_core:ani", + "runtime_core:libarkruntime", + ] + + part_name = "access_token" + subsystem_name = "security" +} + +generate_static_abc("screen_lock_file_manager") { + base_url = "./ets" + files = [ "./ets/@ohos.ability.screenLockFileManager.ets" ] + + is_boot_abc = "True" + device_dst_file = "/system/framework/screen_lock_file_manager.abc" +} + +ohos_prebuilt_etc("screen_lock_file_manager_etc") { + source = "$target_out_dir/screen_lock_file_manager.abc" + deps = [ ":screen_lock_file_manager" ] + module_install_dir = "framework" + + part_name = "access_token" + subsystem_name = "security" +} + +group("el5filekeymanager_ets") { + deps = [ + ":el5filekeymanager_ani", + ":screen_lock_file_manager_etc", + ] +} diff --git a/frameworks/ets/ani/el5filekeymanager/ets/@ohos.ability.screenLockFileManager.ets b/frameworks/ets/ani/el5filekeymanager/ets/@ohos.ability.screenLockFileManager.ets new file mode 100644 index 000000000..477293f27 --- /dev/null +++ b/frameworks/ets/ani/el5filekeymanager/ets/@ohos.ability.screenLockFileManager.ets @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +export namespace screenLockFileManager { + loadLibrary("el5filekeymanager_ani.z"); + + export enum DataType { + MEDIA_DATA = 0x00000001, + ALL_DATA = 0xffffffff + } + + export enum AccessStatus { + ACCESS_DENIED = -1, + ACCESS_GRANTED = 0 + } + + + export enum ReleaseStatus { + RELEASE_DENIED = -1, + RELEASE_GRANTED = 0 + } + + + export enum KeyStatus { + KEY_NOT_EXIST = -2, + KEY_RELEASED = -1, + KEY_EXIST = 0 + } + + native function acquireAccessSync(): AccessStatus; + native function acquireAccessExecute(dataType: DataType): AccessStatus; + native function releaseAccessSync(): ReleaseStatus; + native function releaseAccessExecute(dataType: DataType): ReleaseStatus; + native function queryAppKeyStateSync(): KeyStatus; + native function queryAppKeyStateExecute(dataType: DataType): KeyStatus; + + export function acquireAccess(dataType?: DataType): AccessStatus { + return dataType !== undefined + ? acquireAccessExecute(dataType) + : acquireAccessSync(); + } + export function releaseAccess(dataType?: DataType): ReleaseStatus { + return dataType !== undefined + ? releaseAccessExecute(dataType) + : releaseAccessSync(); + } + export function queryAppKeyState(dataType?: DataType): KeyStatus { + return dataType !== undefined + ? queryAppKeyStateExecute(dataType) + : queryAppKeyStateSync(); + } +} + +export namespace privacyManager{ + export enum KeyStatus { + KEY_NOT_EXIST = -2, + KEY_RELEASED = -1, + KEY_EXIST = 0 + } +} + +function main(){ + console.log("begin") + console.log(screenLockFileManager.AccessStatus.ACCESS_DENIED) + console.log(screenLockFileManager.AccessStatus.ACCESS_GRANTED) + console.log("namespace privacyManager") + console.log(privacyManager.KeyStatus.KEY_EXIST) + console.log("end") + console.log(screenLockFileManager.acquireAccess()) + console.log("end2") +} \ No newline at end of file diff --git a/frameworks/ets/ani/el5filekeymanager/include/screen_lock_file_manager.h b/frameworks/ets/ani/el5filekeymanager/include/screen_lock_file_manager.h new file mode 100644 index 000000000..48a91cf6c --- /dev/null +++ b/frameworks/ets/ani/el5filekeymanager/include/screen_lock_file_manager.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SCREEN_LOCK_FILE_MANGER_H +#define SCREEN_LOCK_FILE_MANGER_H + +namespace OHOS { +namespace Security { +namespace AccessToken { +enum DataType { + MEDIA_DATA = 0x00000001, + ALL_DATA = 0xffffffff, +}; + +enum AccessStatus { + ACCESS_DENIED = -1, + ACCESS_GRANTED = 0 +}; + +enum ReleaseStatus { + RELEASE_DENIED = -1, + RELEASE_GRANTED = 0 +}; + +enum KeyStatus { + KEY_NOT_EXIST = -2, + KEY_RELEASED = -1, + KEY_EXIST = 0 +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif //SCREEN_LOCK_FILE_MANGER_H diff --git a/frameworks/ets/ani/el5filekeymanager/src/screen_lock_file_manager.cpp b/frameworks/ets/ani/el5filekeymanager/src/screen_lock_file_manager.cpp new file mode 100644 index 000000000..898a9aa94 --- /dev/null +++ b/frameworks/ets/ani/el5filekeymanager/src/screen_lock_file_manager.cpp @@ -0,0 +1,328 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "screen_lock_file_manager.h" +#include "el5_filekey_manager_kit.h" +#include "el5_filekey_manager_error.h" + +#include "accesstoken_log.h" +#include "ani_error.h" +#include "ani_utils.h" +#include "data_lock_type.h" + +#include +#include + + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { LOG_CORE, 0xD005A08, "AniScreenLockFileManager" }; + +const std::unordered_map EL5ErrMsgMap { + {EFM_ERR_NO_PERMISSION, "Permission denied."}, + {EFM_ERR_NOT_SYSTEM_APP, "Not system app."}, + {EFM_ERR_INVALID_PARAMETER, "Parameter error."}, + {EFM_ERR_SYSTEMCAP_NOT_SUPPORT, "The specified SystemCapability name was not found."}, + {EFM_ERR_INVALID_DATATYPE, "Invalid DataType."}, + {EFM_ERR_REMOTE_CONNECTION, "The system ability work abnormally."}, + {EFM_ERR_FIND_ACCESS_FAILED, "The application is not enabled the data protection under lock screen."}, + {EFM_ERR_ACCESS_RELEASED, "File access is denied."}, + {EFM_ERR_RELEASE_ACCESS_FAILED, "File access was not acquired."}, +}; +} + +std::string GetErrorMessage(uint32_t errCode, const std::string& extendMsg) +{ + auto iter = EL5ErrMsgMap.find(errCode); + if (iter != EL5ErrMsgMap.end()) { + return iter->second + (extendMsg.empty() ? "" : ("" + extendMsg)); + } + std::string errMsg = "Unknown error, errCode " + std::to_string(errCode) + "."; + return errMsg; +} + +bool CheckDataType(ani_env* env, int32_t dataLockType) +{ + if ((static_cast(dataLockType) != DataLockType::MEDIA_DATA) && + (static_cast(dataLockType) != DataLockType::ALL_DATA)) { + BusinessErrorAni::ThrowError(env, EFM_ERR_INVALID_DATATYPE, GetErrorMessage(EFM_ERR_INVALID_DATATYPE,"Invalid DataType.")); + return false; + } + return true; +} + +static ani_int AcquireAccessSync([[maybe_unused]] ani_env* env) +{ + int32_t flag = AccessStatus::ACCESS_DENIED; + + ACCESSTOKEN_LOG_INFO(LABEL, "AcquireAccessSync begin."); + ACCESSTOKEN_LOG_INFO(LABEL, "AcquireAccessSync begin0.5."); + if (env == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Env null"); + ACCESSTOKEN_LOG_INFO(LABEL, "AcquireAccessSync begin0.6."); + return flag; + } + ACCESSTOKEN_LOG_INFO(LABEL, "AcquireAccessSync begin1."); + int32_t dataLockType = static_cast(DataLockType::MEDIA_DATA); + if (!CheckDataType(env, dataLockType)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid DataType."); + return flag; + } + ACCESSTOKEN_LOG_INFO(LABEL, "AcquireAccessSync begin2."); + + auto retCode = El5FilekeyManagerKit::AcquireAccess(static_cast(dataLockType)); + + ACCESSTOKEN_LOG_INFO(LABEL, "AcquireAccessSync begin3."); + if (retCode != EFM_SUCCESS) { + //int32_t stsCode = GetStsErrorCode(retCode); + ACCESSTOKEN_LOG_INFO(LABEL, "AcquireAccessSync begin3.5."); + BusinessErrorAni::ThrowError(env, retCode, GetErrorMessage(retCode, "AcquireAccess FAILED")); + return flag; + } else { + return flag = retCode; + ACCESSTOKEN_LOG_INFO(LABEL, "AcquireAccessSync begin3.6."); + } + ACCESSTOKEN_LOG_INFO(LABEL, "AcquireAccessSync begin4."); + return flag; +} + +static ani_int AcquireAccessExecute([[maybe_unused]] ani_env* env, ani_int datatype) +{ + int32_t flag = AccessStatus::ACCESS_DENIED; + + ACCESSTOKEN_LOG_INFO(LABEL, "AcquireAccessExcute begin."); + if (env == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Env null"); + return flag; + } + + int32_t dataLockType = static_cast(datatype); + if (!CheckDataType(env, dataLockType)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid DataType."); + return flag; + } + + auto retCode = El5FilekeyManagerKit::AcquireAccess(static_cast(dataLockType)); + if (retCode != EFM_SUCCESS) { + //int32_t stsCode = GetStsErrorCode(retCode); + BusinessErrorAni::ThrowError(env, retCode, GetErrorMessage(retCode, "AcquireAccess FAILED")); + return flag; + } else { + return flag = retCode; + } +} + +static ani_int ReleaseAccessSync([[maybe_unused]] ani_env* env) +{ + int32_t flag = ReleaseStatus::RELEASE_DENIED; + + ACCESSTOKEN_LOG_INFO(LABEL, "ReleaseAccessSync begin."); + if (env == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Env null"); + return flag; + } + + int32_t dataLockType = static_cast(DataLockType::MEDIA_DATA); + if (!CheckDataType(env, dataLockType)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid DataType."); + return flag; + } + + auto retCode = El5FilekeyManagerKit::ReleaseAccess(static_cast(dataLockType)); + if (retCode != EFM_SUCCESS) { + //int32_t stsCode = GetStsErrorCode(retCode); + BusinessErrorAni::ThrowError(env, retCode, GetErrorMessage(retCode, "ReleaseAccess FAILED")); + return flag; + } else { + return flag = retCode; + } +} + +static ani_int ReleaseAccessExecute([[maybe_unused]] ani_env* env, ani_int datatype) +{ + int32_t flag = ReleaseStatus::RELEASE_DENIED; + + ACCESSTOKEN_LOG_INFO(LABEL, "AcquireAccessExcute begin."); + if (env == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Env null"); + return flag; + } + + int32_t dataLockType = static_cast(datatype); + if (!CheckDataType(env, dataLockType)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid DataType."); + return flag; + } + + auto retCode = El5FilekeyManagerKit::ReleaseAccess(static_cast(dataLockType)); + if (retCode != EFM_SUCCESS) { + //int32_t stsCode = GetStsErrorCode(retCode); + BusinessErrorAni::ThrowError(env, retCode, GetErrorMessage(retCode, "ReleaseAccess FAILED")); + return flag; + } else { + return flag = retCode; + } +} + +static ani_int QueryAppKeyStateSync([[maybe_unused]] ani_env* env) +{ + int32_t flag = KeyStatus::KEY_RELEASED; + ACCESSTOKEN_LOG_INFO(LABEL, "QueryAppKeyStateSync begin."); + if (env == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Env null"); + return flag; + } + + int32_t dataLockType = static_cast(DataLockType::MEDIA_DATA); + if (!CheckDataType(env, dataLockType)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid DataType."); + return flag; + } + + auto retCode = El5FilekeyManagerKit::QueryAppKeyState(static_cast(dataLockType)); + switch (retCode) { + case EFM_SUCCESS: + retCode = KEY_EXIST; + break; + case EFM_ERR_ACCESS_RELEASED: + retCode = KEY_RELEASED; + break; + case EFM_ERR_FIND_ACCESS_FAILED: + retCode = KEY_NOT_EXIST; + break; + default: + //ThrowError(env, retCode); + BusinessErrorAni::ThrowError(env, retCode, GetErrorMessage(retCode, "QueryAppKeyState FAILED")); + retCode = KEY_RELEASED; + break; + } + return flag = retCode; +} + +static ani_int QueryAppKeyStateExecute([[maybe_unused]] ani_env* env, ani_int datatype) +{ + int32_t flag = KEY_RELEASED; + ACCESSTOKEN_LOG_INFO(LABEL, "AcquireAccessExcute begin."); + if (env == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Env null"); + return flag; + } + + int32_t dataLockType = static_cast(datatype); + if (!CheckDataType(env, dataLockType)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid DataType."); + return flag; + } + + auto retCode = El5FilekeyManagerKit::QueryAppKeyState(static_cast(dataLockType)); + switch (retCode) { + case EFM_SUCCESS: + retCode = KEY_EXIST; + break; + case EFM_ERR_ACCESS_RELEASED: + retCode = KEY_RELEASED; + break; + case EFM_ERR_FIND_ACCESS_FAILED: + retCode = KEY_NOT_EXIST; + break; + default: + //ThrowError(env, retCode); + BusinessErrorAni::ThrowError(env, retCode, GetErrorMessage(retCode, "QueryAppKeyState FAILED")); + retCode = KEY_RELEASED; + break; + } + return flag = retCode; +} + +extern "C" { +ANI_EXPORT ani_status ANI_Constructor(ani_vm* vm, uint32_t* result) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "ANI_Constructor begin"); + if (vm == nullptr || result == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "nullptr vm or result"); + return ANI_INVALID_ARGS; + } + ani_env* env; + if (ANI_OK != vm->GetEnv(ANI_VERSION_1, &env)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Unsupported ANI_VERSION_1"); + return ANI_OUT_OF_MEMORY; + } + + if (env == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "nullptr env"); + return ANI_NOT_FOUND; + } + //namesapece test + if (env->ResetError() != ANI_OK) { + ACCESSTOKEN_LOG_ERROR(LABEL, "ResetError failed."); + } + ani_namespace testns; + ani_status test_staus = env->FindNamespace("L@ohos/ability/screenLockFileManager/privacyManager;", &testns); + if (ANI_OK != test_staus) { + ACCESSTOKEN_LOG_ERROR(LABEL, "FindNamespace privacyManager failed."); + return test_staus; + } + + ani_namespace ns; + if (ANI_OK != env->FindNamespace("L@ohos/ability/screenLockFileManager/screenLockFileManager;", &ns)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "FindNamespace screenLockFileManager failed."); + return ANI_NOT_FOUND; + } + + // namespace method input param without ani_object + std::array nsMethods = { + ani_native_function { "acquireAccessSync", nullptr, reinterpret_cast(AcquireAccessSync) }, + ani_native_function{ "acquireAccessExecute", nullptr, reinterpret_cast(AcquireAccessExecute)}, + ani_native_function{ "releaseAccessSync", nullptr, reinterpret_cast(ReleaseAccessSync)}, + ani_native_function{ "releaseAccessExecute", nullptr, reinterpret_cast(ReleaseAccessExecute)}, + ani_native_function{ "queryAppKeyStateSync", nullptr, reinterpret_cast(QueryAppKeyStateSync)}, + ani_native_function { "queryAppKeyStateExecute", nullptr, reinterpret_cast(QueryAppKeyStateExecute) }, + }; + ani_status status = env->Namespace_BindNativeFunctions(ns, nsMethods.data(), nsMethods.size()); + if (status != ANI_OK) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Namespace_BindNativeFunctions failed status : %{public}d.", status); + } + if (env->ResetError() != ANI_OK) { + ACCESSTOKEN_LOG_ERROR(LABEL, "ResetError failed."); + } + // const char* className = "L@ohos/screenLockFileManager/screenLockFileManager/ScreenLockFileManagerInner;"; + // ani_class cls; + // if (ANI_OK != env->FindClass(className, &cls)) { + // ACCESSTOKEN_LOG_ERROR(LABEL, "Not found %{public}s", className); + // return ANI_NOT_FOUND; + // } + + // std::array methods = { + // ani_native_function { "acquireAccessSync", nullptr, reinterpret_cast(AcquireAccessSync) }, + // ani_native_function{ "acquireAccessExecute", nullptr, reinterpret_cast(AcquireAccessExecute)}, + // ani_native_function{ "releaseAccessSync", nullptr, reinterpret_cast(ReleaseAccessSync)}, + // ani_native_function{ "releaseAccessExecute", nullptr, reinterpret_cast(ReleaseAccessExecute)}, + // ani_native_function{ "queryAppKeyStateSync", nullptr, reinterpret_cast(QueryAppKeyStateSync)}, + // ani_native_function { "queryAppKeyStateExecute", nullptr, reinterpret_cast(QueryAppKeyStateExecute) }, + // }; + + // if (ANI_OK != env->Class_BindNativeMethods(cls, methods.data(), methods.size())) { + // ACCESSTOKEN_LOG_ERROR(LABEL, "Cannot bind native methods to %{public}s", className); + // return ANI_ERROR; + // }; + + *result = ANI_VERSION_1; + return ANI_OK; +} +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS -- Gitee