From 4660edfd9398f8b401406f5f024142c62695db85 Mon Sep 17 00:00:00 2001
From: lihehe <lihehao@huawei.com>
Date: Wed, 27 Dec 2023 20:37:57 +0800
Subject: [PATCH] wait init local thread to exit

Change-Id: Ib2fb969165f3087a361ae2531c424deb742e3d8c
---
 .../utils/src/local_code_sign_utils.cpp       | 50 ++++++-----
 utils/include/code_sign_utils_helper.h        | 34 ++++++++
 utils/src/code_sign_utils_helper.cpp          | 84 +++++++++++++++++++
 3 files changed, 145 insertions(+), 23 deletions(-)
 create mode 100644 utils/include/code_sign_utils_helper.h
 create mode 100644 utils/src/code_sign_utils_helper.cpp

diff --git a/services/key_enable/utils/src/local_code_sign_utils.cpp b/services/key_enable/utils/src/local_code_sign_utils.cpp
index df2c329..7bf2678 100644
--- a/services/key_enable/utils/src/local_code_sign_utils.cpp
+++ b/services/key_enable/utils/src/local_code_sign_utils.cpp
@@ -40,9 +40,9 @@ public:
     InitLocalCertThread() {}
     ~InitLocalCertThread() {}
 
-    bool GetStatus()
+    int32_t GetRet()
     {
-        return success;
+        return initResult;
     }
 
     ByteBuffer& GetCert()
@@ -52,18 +52,17 @@ public:
 protected:
     bool Run()
     {
-        std::unique_lock<std::mutex> lock(g_lock);
-        int32_t ret;
-        do {
-            ret = LocalCodeSignKit::InitLocalCertificate(cert);
-            usleep(INIT_LOCAL_CERT_SLEEP_US);
-        } while (ret == CS_ERR_SA_GET_PROXY);
-        success = (ret == CS_SUCCESS);
-        g_condition.notify_one();
+        int32_t ret = LocalCodeSignKit::InitLocalCertificate(cert);
+        if (ret != CS_ERR_SA_GET_PROXY) {
+            g_condition.notify_one();
+            initResult = ret;
+            return false;
+        }
+        usleep(INIT_LOCAL_CERT_SLEEP_US);
         return true;
     }
 private:
-    bool success = false;
+    int32_t initResult;
     ByteBuffer cert;
 };
 }
@@ -80,18 +79,23 @@ int32_t InitLocalCertificate(uint8_t *certData, uint32_t *certSize)
     }
 
     std::unique_lock<std::mutex> lock(g_lock);
-    auto waitStatus = g_condition.wait_for(lock, std::chrono::milliseconds(INIT_LOCAL_CERT_TIMEOUT_MS),
-        [&thread]() { return thread->GetStatus(); });
-    if (!waitStatus) {
-        LOG_ERROR(LABEL, "init local cert timeout");
-        return CS_ERR_INIT_LOCAL_CERT;
-    }
+    int32_t ret = g_condition.wait_for(lock, std::chrono::milliseconds(INIT_LOCAL_CERT_TIMEOUT_MS),
+        [&thread]() { return thread->GetRet(); });
 
-    ByteBuffer &cert = thread->GetCert();
-    if (memcpy_s(certData, *certSize, cert.GetBuffer(), cert.GetSize()) != EOK) {
-        return CS_ERR_MEMORY;
-    }
-    *certSize = cert.GetSize();
+    do {
+        if (ret != CS_SUCCESS) {
+            LOG_ERROR(LABEL, "init local cert timeout or error");
+            break;
+        }
+
+        ByteBuffer &cert = thread->GetCert();
+        if (memcpy_s(certData, *certSize, cert.GetBuffer(), cert.GetSize()) != EOK) {
+            ret = CS_ERR_MEMORY;
+            break;
+        }
+        *certSize = cert.GetSize();
+    } while(0);
 
-    return CS_SUCCESS;
+    thread->NotifyExitAsync();
+    return ret;
 }
\ No newline at end of file
diff --git a/utils/include/code_sign_utils_helper.h b/utils/include/code_sign_utils_helper.h
new file mode 100644
index 0000000..900c631
--- /dev/null
+++ b/utils/include/code_sign_utils_helper.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CODE_SIGN_UTILS_HELPER_H
+#define CODE_SIGN_UTILS_HELPER_H
+
+#include <linux/fsverity.h>
+#include <string>
+
+#include "code_sign_block.h"
+#include "code_sign_enable_multi_task.h"
+
+namespace OHOS {
+namespace Security {
+namespace CodeSign {
+void ShowCodeSignInfo(const std::string &path, const struct code_sign_enable_arg &arg);
+int32_t IsSupportFsVerity(const std::string &path);
+int32_t InitCodeSignTasks(CodeSignBlock &codeSignBlock, CodeSignEnableMultiTask &multiTask);
+}
+}
+}
+#endif
\ No newline at end of file
diff --git a/utils/src/code_sign_utils_helper.cpp b/utils/src/code_sign_utils_helper.cpp
new file mode 100644
index 0000000..e2f227c
--- /dev/null
+++ b/utils/src/code_sign_utils_helper.cpp
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "code_sign_utils.h"
+
+#include "log.h"
+
+namespace OHOS {
+namespace Security {
+namespace CodeSign {
+void ShowCodeSignInfo(const std::string &path, const struct code_sign_enable_arg &arg)
+{
+    uint8_t *salt = reinterpret_cast<uint8_t *>(arg.salt_ptr);
+    uint8_t rootHash[64] = {0};
+    uint8_t *rootHashPtr = rootHash;
+    if (arg.flags & CodeSignBlock::CSB_SIGN_INFO_MERKLE_TREE) {
+        rootHashPtr = reinterpret_cast<uint8_t *>(arg.root_hash_ptr);
+    }
+
+    LOG_DEBUG(LABEL, "{ "
+        "file:%{public}s version:%{public}d hash_algorithm:%{public}d block_size:%{public}d sig_size:%{public}d "
+        "data_size:%{public}lld salt_size:%{public}d salt:[%{public}d, ..., %{public}d, ..., %{public}d] "
+        "flags:%{public}d tree_offset:%{public}lld root_hash:[%{public}d, %{public}d, %{public}d, ..., %{public}d, "
+        "..., %{public}d] }",
+        path.c_str(), arg.cs_version, arg.hash_algorithm, arg.block_size, arg.sig_size,
+        arg.data_size, arg.salt_size, salt[0], salt[16], salt[31], arg.flags, arg.tree_offset, // 16, 31 data index
+        rootHashPtr[0], rootHashPtr[1], rootHashPtr[2], rootHashPtr[32], rootHashPtr[63]); // 2, 32, 63 data index
+}
+
+int32_t InitCodeSignTasks(CodeSignBlock &codeSignBlock, CodeSignEnableMultiTask &multiTask)
+{
+    int32_t ret;
+    do {
+        std::string targetFile;
+        struct code_sign_enable_arg arg = {0};
+        ret = codeSignBlock.GetOneFileAndCodeSignInfo(targetFile, arg);
+        if (ret == CS_SUCCESS_END) {
+            ret = CS_SUCCESS;
+            break;
+        } else if (ret != CS_SUCCESS) {
+            return ret;
+        }
+        ShowCodeSignInfo(targetFile, arg);
+        if (!CheckFilePathValid(targetFile, Constants::ENABLE_APP_BASE_PATH)) {
+            return CS_ERR_FILE_PATH;
+        }
+        ret = IsSupportFsVerity(targetFile);
+        if (ret != CS_SUCCESS) {
+            return ret;
+        }
+        multiTask.AddTaskData(targetFile, arg);
+    } while (ret == CS_SUCCESS);
+    return CS_SUCCESS;
+}
+
+int32_t IsSupportFsVerity(const std::string &path)
+{
+    struct statx stat = {};
+    if (Statx(AT_FDCWD, path.c_str(), 0, STATX_ALL, &stat) != 0) {
+        LOG_ERROR(LABEL, "Get attributes failed, errno = <%{public}d, %{public}s>",
+            errno, strerror(errno));
+        return CS_ERR_FILE_INVALID;
+    }
+    if (stat.stx_attributes_mask & STATX_ATTR_VERITY) {
+        return CS_SUCCESS;
+    }
+    LOG_INFO(LABEL, "Fs-verity is not supported.");
+    return CS_ERR_FSVREITY_NOT_SUPPORTED;
+}
+}
+}
+}
\ No newline at end of file
-- 
Gitee