From aa09844644089b25dd5eae1bb2a54a0f99140b6a Mon Sep 17 00:00:00 2001 From: wind Date: Tue, 27 Feb 2024 11:15:03 +0800 Subject: [PATCH 1/2] add ndk for asset Signed-off-by: wind --- .../src/coreImpl/check/rules/syscap_rule.json | 1 + security/asset/BUILD.gn | 35 ++ security/asset/inc/asset_api.h | 148 ++++++ security/asset/inc/asset_type.h | 444 ++++++++++++++++++ security/asset/libasset.ndk.json | 29 ++ 5 files changed, 657 insertions(+) create mode 100755 security/asset/BUILD.gn create mode 100755 security/asset/inc/asset_api.h create mode 100755 security/asset/inc/asset_type.h create mode 100755 security/asset/libasset.ndk.json diff --git a/build-tools/capi_parser/src/coreImpl/check/rules/syscap_rule.json b/build-tools/capi_parser/src/coreImpl/check/rules/syscap_rule.json index e4a146f9..df5fd838 100644 --- a/build-tools/capi_parser/src/coreImpl/check/rules/syscap_rule.json +++ b/build-tools/capi_parser/src/coreImpl/check/rules/syscap_rule.json @@ -155,6 +155,7 @@ "SystemCapability.Security.DeviceSecurityLevel", "SystemCapability.Security.Huks.Core", "SystemCapability.Security.Huks.Extension", + "SystemCapability.Security.Asset", "SystemCapability.Security.AccessToken", "SystemCapability.Security.Cipher", "SystemCapability.Security.CertificateManager", diff --git a/security/asset/BUILD.gn b/security/asset/BUILD.gn new file mode 100755 index 00000000..e115ec0b --- /dev/null +++ b/security/asset/BUILD.gn @@ -0,0 +1,35 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") + +ohos_ndk_library("libasset_ndk") { + output_name = "asset_ndk" + output_extension = "z.so" + ndk_description_file = "./libasset.ndk.json" + min_compact_version = "11" + system_capability = "SystemCapability.Security.Asset" + system_capability_headers = [ + "inc/asset_api.h", + "inc/asset_type.h", + ] +} + +ohos_ndk_headers("asset_header") { + dest_dir = "$ndk_headers_out_dir/asset" + sources = [ + "inc/asset_api.h", + "inc/asset_type.h", + ] +} + diff --git a/security/asset/inc/asset_api.h b/security/asset/inc/asset_api.h new file mode 100755 index 00000000..87b2652d --- /dev/null +++ b/security/asset/inc/asset_api.h @@ -0,0 +1,148 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ASSET_API_H +#define ASSET_API_H + +#include +#include + +#include "asset_type.h" + +/** + * @addtogroup AssetApi + * @{ + * + * @brief Provides APIs for storing and managing short sensitive data of users, including adding, deleting, updating, + * and querying the data. + * The short sensitive data refers to sensitive data shorter than 1024 bytes, including the user passwords + * (accounts/passwords), token data (application credentials), and critical data in plaintext (bank card numbers). + * + * @since 11 + */ + +/** + * @file asset_api.h + * + * @brief Declares the APIs for accessing assets. + * + * @library libasset_ndk.z.so + * @kit Asset Store Kit + * @syscap SystemCapability.Security.Asset + * @since 11 + */ + +#ifdef __cplusplus +extern "C" { +#endif +/** + * @brief Adds an asset. + * + * @param attributes Pointer to the attributes of the asset to add. + * @param attributes Number of the attributes of the asset to add. + * @return Returns ASSET_SUCCESS if the operation is successful; returns an error code otherwise. + * @since 11 + */ +int32_t OH_Asset_Add(const Asset_Attr *attributes, uint32_t attrCnt); + +/** + * @brief Removes one or more assets. + * + * @param query Pointer to the conditions for removing the assets. + * @param queryCnt Number of conditions for removing the assets. + * @return Returns ASSET_SUCCESS if the operation is successful; returns an error code otherwise. + * @since 11 + */ +int32_t OH_Asset_Remove(const Asset_Attr *query, uint32_t queryCnt); + +/** + * @brief Updates an asset. + * + * @param query Pointer to the conditions for updating the asset. + * @param queryCnt Number of conditions for updating the asset. + * @param attributes Pointer to the attributes of the asset to update. + * @param attributes Number of the attributes of the asset to update. + * @return Returns ASSET_SUCCESS if the operation is successful; returns an error code otherwise. + * @since 11 + */ +int32_t OH_Asset_Update(const Asset_Attr *query, uint32_t queryCnt, + const Asset_Attr *attributesToUpdate, uint32_t updateCnt); + +/** + * @brief Preprocesses data before querying the asset that can be accessed only after a successful user authentication. + * + * @param query Pointer to the search criteria of the asset. + * @param queryCnt Number of the search criteria. + * @param challenge Pointer to the challenge value to be used when OH_Asset_Query is called. + * @return Returns ASSET_SUCCESS if the operation is successful; returns an error code otherwise. + * @since 11 + */ +int32_t OH_Asset_PreQuery(const Asset_Attr *query, uint32_t queryCnt, Asset_Blob *challenge); + +/** + * @brief Queries assets. + * + * @param query Pointer to the search criteria. + * @param queryCnt Number of the search criteria. + * @param resultSet Pointer to the query result obtained. + * @return Returns ASSET_SUCCESS if the operation is successful; returns an error code otherwise. + * @since 11 + */ +int32_t OH_Asset_Query(const Asset_Attr *query, uint32_t queryCnt, Asset_ResultSet *resultSet); + +/** + * @brief Processes data after the query of the asset that requires user authentication. + * + * @param handle Pointer to the handle of the data to process, which includes the challenge value returned by + * OH_Asset_PreQuery. + * @param handleCnt Number of the elements in the handle attribute set. + * @return Returns ASSET_SUCCESS if the operation is successful; returns an error code otherwise. + * @since 11 + */ +int32_t OH_Asset_PostQuery(const Asset_Attr *handle, uint32_t handleCnt); + +/** + * @brief Parses the query result to obtain the specified attribute value. + * + * @param result Pointer to the query result to parse, which is obtained by OH_Asset_Query. + * @param tag Tag of the attribute to obtain. + * @return Returns Asset_Attr obtained if the operation is successful; returns NULL otherwise. + * The attribute does not need to be released by the service. + * @since 11 + */ +Asset_Attr *OH_Asset_ParseAttr(const Asset_Result *result, Asset_Tag tag); + +/** + * @brief Releases the memory occupied by the challenge value. + * + * @param blob Pointer to the challenge value (obtained by OH_Asset_PreQuery) to release. + * @since 11 + */ +void OH_Asset_FreeBlob(Asset_Blob *blob); + +/** + * @brief Releases the memory occupied by the query result. + * + * @param resultSet Pointer to the query result (obtained by OH_Asset_Query) to release. + * @since 11 + */ +void OH_Asset_FreeResultSet(Asset_ResultSet *resultSet); + +#ifdef __cplusplus +} +#endif + +/** @} */ +#endif // ASSET_API_H diff --git a/security/asset/inc/asset_type.h b/security/asset/inc/asset_type.h new file mode 100755 index 00000000..3649dfa8 --- /dev/null +++ b/security/asset/inc/asset_type.h @@ -0,0 +1,444 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ASSET_TYPE_H +#define ASSET_TYPE_H + +/** + * @addtogroup AssetType + * @{ + * + * @brief Provides the enums, structs, and error codes used in the Asset APIs. + * + * @since 11 + */ + +/** + * @file asset_type.h + * + * @brief Defines the enums, structs, and error codes used in the Asset APIs. + * + * @library libasset_ndk.z.so + * @kit Asset Store Kit + * @syscap SystemCapability.Security.Asset + * @since 11 + */ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Enumerates the types of the asset attribute tags. + * + * @since 11 + */ +typedef enum { + /** + * The asset attribute tag is a Boolean value. + */ + ASSET_TYPE_BOOL = 0x1 << 28, + /** + * The asset attribute tag is a number. + */ + ASSET_TYPE_NUMBER = 0x2 << 28, + /** + * The asset attribute tag is an array of bytes. + */ + ASSET_TYPE_BYTES = 0x3 << 28, +} Asset_TagType; + +/** + * @brief Defines the mask used to obtain the type of the asset attribute tag. + * + * @since 11 + */ +#define ASSET_TAG_TYPE_MASK (0xF << 28) + +/** + * @brief Enumerates the asset attribute tags. + * + * @since 11 + */ +typedef enum { + /** + * Sensitive user data in the form of bytes, such as passwords and tokens. + */ + ASSET_TAG_SECRET = ASSET_TYPE_BYTES | 0x01, + /** + * Asset alias (identifier) in the form of bytes. + */ + ASSET_TAG_ALIAS = ASSET_TYPE_BYTES | 0x02, + /** + * Time when the asset is accessible. The value is of the uint32 type, which is a 32-bit unsigned integer. + */ + ASSET_TAG_ACCESSIBILITY = ASSET_TYPE_NUMBER | 0x03, + /** + * A Boolean value indicating whether the asset is available only with a lock screen password. + */ + ASSET_TAG_REQUIRE_PASSWORD_SET = ASSET_TYPE_BOOL | 0x04, + /** + * User authentication type for the asset. The value is of the uint32 type. + */ + ASSET_TAG_AUTH_TYPE = ASSET_TYPE_NUMBER | 0x05, + /** + * Validity period of the user authentication, in seconds. The value is of the uint32 type. + */ + ASSET_TAG_AUTH_VALIDITY_PERIOD = ASSET_TYPE_NUMBER | 0x06, + /** + * Challenge value, in the form of bytes, used for anti-replay during the authentication. + */ + ASSET_TAG_AUTH_CHALLENGE = ASSET_TYPE_BYTES | 0x07, + /** + * Authentication token, in the form of bytes, obtained after a successful user authentication. + */ + ASSET_TAG_AUTH_TOKEN = ASSET_TYPE_BYTES | 0x08, + /** + * Asset synchronization type. The value is of the uint32 type. + */ + ASSET_TAG_SYNC_TYPE = ASSET_TYPE_NUMBER | 0x10, + /** + * A Boolean value indicating whether the asset needs to be stored persistently. + * The ohos.permission.STORE_PERSISTENT_DATA permission is required if OH_Asset_Add is called with this tag. + * + * @permission ohos.permission.STORE_PERSISTENT_DATA + */ + ASSET_TAG_IS_PERSISTENT = ASSET_TYPE_BOOL | 0x11, + /** + * An immutable custom field, in the form of bytes. + */ + ASSET_TAG_DATA_LABEL_CRITICAL_1 = ASSET_TYPE_BYTES | 0x20, + /** + * An immutable custom field, in the form of bytes. + */ + ASSET_TAG_DATA_LABEL_CRITICAL_2 = ASSET_TYPE_BYTES | 0x21, + /** + * An immutable custom field, in the form of bytes. + */ + ASSET_TAG_DATA_LABEL_CRITICAL_3 = ASSET_TYPE_BYTES | 0x22, + /** + * An immutable custom field, in the form of bytes. + */ + ASSET_TAG_DATA_LABEL_CRITICAL_4 = ASSET_TYPE_BYTES | 0x23, + /** + * A mutable custom field, in the form of bytes. + */ + ASSET_TAG_DATA_LABEL_NORMAL_1 = ASSET_TYPE_BYTES | 0x30, + /** + * A mutable custom field, in the form of bytes. + */ + ASSET_TAG_DATA_LABEL_NORMAL_2 = ASSET_TYPE_BYTES | 0x31, + /** + * A mutable custom field, in the form of bytes. + */ + ASSET_TAG_DATA_LABEL_NORMAL_3 = ASSET_TYPE_BYTES | 0x32, + /** + * A mutable custom field, in the form of bytes. + */ + ASSET_TAG_DATA_LABEL_NORMAL_4 = ASSET_TYPE_BYTES | 0x33, + /** + * Return type of the queried asset. The value is of the uint32 type. + */ + ASSET_TAG_RETURN_TYPE = ASSET_TYPE_NUMBER | 0x40, + /** + * Maximum number of assets that can be returned at a time if multiple asset records match the specified conditions. + * The value is of the uint32 type. + */ + ASSET_TAG_RETURN_LIMIT = ASSET_TYPE_NUMBER | 0x41, + /** + * Offset that indicates the start asset when multiple asset records are returned. The value is of the uint32 type. + */ + ASSET_TAG_RETURN_OFFSET = ASSET_TYPE_NUMBER | 0x42, + /** + * Sorting order of the assets in the query result. The value is of the uint32 type. + */ + ASSET_TAG_RETURN_ORDERED_BY = ASSET_TYPE_NUMBER | 0x43, + /** + * Policy used to resolve the conflict occurred when an asset is added. The value is of the uint32 type. + */ + ASSET_TAG_CONFLICT_RESOLUTION = ASSET_TYPE_NUMBER | 0x44, +} Asset_Tag; + +/** + * @brief Enumerates the result codes used in the ASSET APIs. + * + * @since 11 + */ +typedef enum { + /** + * The operation is successful. + */ + ASSET_SUCCESS = 0, + /** + * The caller does not have the required permission. + */ + ASSET_PERMISSION_DENIED = 201, + /** + * The parameter is invalid. + */ + ASSET_INVALID_ARGUMENT = 401, + /** + * The asset service is unavailable. + */ + ASSET_SERVICE_UNAVAILABLE = 24000001, + /** + * The asset is not found. + */ + ASSET_NOT_FOUND = 24000002, + /** + * The asset already exists. + */ + ASSET_DUPLICATED = 24000003, + /** + * The access to the asset is denied. + */ + ASSET_ACCESS_DENIED = 24000004, + /** + * The lock screen status does not match the access control type specified. + */ + ASSET_STATUS_MISMATCH = 24000005, + /** + * The system memory is insufficient. + */ + ASSET_OUT_OF_MEMORY = 24000006, + /** + * The asset is corrupted. + */ + ASSET_DATA_CORRUPTED = 24000007, + /** + * The database operation failed. + */ + ASSET_DATABASE_ERROR = 24000008, + /** + * The cryptography operation failed. + */ + ASSET_CRYPTO_ERROR = 24000009, + /** + * The inter-process communication (IPC) failed. + */ + ASSET_IPC_ERROR = 24000010, + /** + * The Bundle Manager service is abnormal. + */ + ASSET_BMS_ERROR = 24000011, + /** + * The Account service is abnormal. + */ + ASSET_ACCOUNT_ERROR = 24000012, + /** + * The Access Token service is abnormal. + */ + ASSET_ACCESS_TOKEN_ERROR = 24000013, + /** + * The file operation failed. + */ + ASSET_FILE_OPERATION_ERROR = 24000014, + /** + * The operation for obtaining the system time failed. + */ + ASSET_GET_SYSTEM_TIME_ERROR = 24000015, + /** + * The number of cached assets exceeds the limit. + */ + ASSET_LIMIT_EXCEEDED = 24000016, + /** + * The function is not supported. + */ + ASSET_UNSUPPORTED = 24000017, +} Asset_ResultCode; + +/** + * @brief Enumerates the types of the access control based on the lock screen status. + * + * @since 11 + */ +typedef enum { + /** + * The asset can be accessed after the device is powered on. + */ + ASSET_ACCESSIBILITY_DEVICE_POWERED_ON = 0, + /** + * The asset can be accessed only after the device is unlocked for the first time. + */ + ASSET_ACCESSIBILITY_DEVICE_FIRST_UNLOCKED = 1, + /** + * The asset can be accessed only after the device is unlocked. + */ + ASSET_ACCESSIBILITY_DEVICE_UNLOCKED = 2, +} Asset_Accessibility; + +/** + * @brief Enumerates the user authentication types supported for assets. + * + * @since 11 + */ +typedef enum { + /** + * No user authentication is required before the asset is accessed. + */ + ASSET_AUTH_TYPE_NONE = 0x00, + /** + * The asset can be accessed if any user authentication (such as PIN, facial, or fingerprint authentication) is + * successful. + */ + ASSET_AUTH_TYPE_ANY = 0xFF, +} Asset_AuthType; + +/** + * @brief Enumerates the asset synchronization types. + * + * @since 11 + */ +typedef enum { + /** + * Asset synchronization is not allowed. + */ + ASSET_SYNC_TYPE_NEVER = 0, + /** + * Asset synchronization is allowed only on the local device, for example, in data restoration on the local device. + */ + ASSET_SYNC_TYPE_THIS_DEVICE = 1 << 0, + /** + * Asset synchronization is allowed only between trusted devices, for example, in the case of cloning. + */ + ASSET_SYNC_TYPE_TRUSTED_DEVICE = 1 << 1, +} Asset_SyncType; + +/** + * @brief Enumerates the policies for resolving the conflict (for example, duplicate alias) occurred when + * an asset is added. + * + * @since 11 + */ +typedef enum { + /** + * Overwrite the existing asset. + */ + ASSET_CONFLICT_OVERWRITE = 0, + /** + * Throw an exception for the service to perform subsequent processing. + */ + ASSET_CONFLICT_THROW_ERROR = 1, +} Asset_ConflictResolution; + +/** + * @brief Enumerates the types of the asset query result. + * + * @since 11 + */ +typedef enum { + /** + * The query result contains the asset in plaintext and its attributes. + */ + ASSET_RETURN_ALL = 0, + /** + * The query result contains only the asset attributes. + */ + ASSET_RETURN_ATTRIBUTES = 1, +} Asset_ReturnType; + +/** + * @brief Defines an asset value in the forma of a binary array, that is, a variable-length byte array. + * + * @since 11 + */ +typedef struct { + /** + * Size of the byte array. + */ + uint32_t size; + /** + * Pointer to the byte array. + */ + uint8_t *data; +} Asset_Blob; + +/** + * @brief Defines the value (content) of an asset attribute. + * + * @since 11 + */ +typedef union { + /** + * Asset of the Boolean type. + */ + bool boolean; + /** + * Asset of the uint32 type. + */ + uint32_t u32; + /** + * Asset of the bytes type. + */ + Asset_Blob blob; +} Asset_Value; + +/** + * @brief Defines an asset attribute. + * + * @since 11 + */ +typedef struct { + /** + * Tag of the asset attribute. + */ + uint32_t tag; + /** + * Value of the asset attribute. + */ + Asset_Value value; +} Asset_Attr; + +/** + * @brief Represents information about an asset. + * + * @since 11 + */ +typedef struct { + /** + * Number of asset attributes. + */ + uint32_t count; + /** + * Pointer to the array of the asset attributes. + */ + Asset_Attr *attrs; +} Asset_Result; + +/** + * @brief Represents information about a set of assets. + * + * @since 11 + */ +typedef struct { + /** + * Number of assets. + */ + uint32_t count; + /** + * Pointer to the array of the assets. + */ + Asset_Result *results; +} Asset_ResultSet; + +#ifdef __cplusplus +} +#endif + +/** @} */ +#endif // ASSET_TYPE_H \ No newline at end of file diff --git a/security/asset/libasset.ndk.json b/security/asset/libasset.ndk.json new file mode 100755 index 00000000..7ea9eec4 --- /dev/null +++ b/security/asset/libasset.ndk.json @@ -0,0 +1,29 @@ +[ + { + "name": "OH_Asset_Add" + }, + { + "name": "OH_Asset_Remove" + }, + { + "name": "OH_Asset_Update" + }, + { + "name": "OH_Asset_PreQuery" + }, + { + "name": "OH_Asset_Query" + }, + { + "name": "OH_Asset_PostQuery" + }, + { + "name": "OH_Asset_ParseAttr" + }, + { + "name": "OH_Asset_FreeBlob" + }, + { + "name": "OH_Asset_FreeResultSet" + } +] \ No newline at end of file -- Gitee From 0b250fd5663c2a4c15dd26e305ea761ea09bc454 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B0=B9=E8=80=80=E5=BE=B7?= Date: Tue, 5 Mar 2024 17:01:48 +0800 Subject: [PATCH 2/2] change asset build gn MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 尹耀德 --- security/asset/BUILD.gn | 69 ++++++++++++++++++++--------------------- 1 file changed, 34 insertions(+), 35 deletions(-) diff --git a/security/asset/BUILD.gn b/security/asset/BUILD.gn index e115ec0b..b17dfefd 100755 --- a/security/asset/BUILD.gn +++ b/security/asset/BUILD.gn @@ -1,35 +1,34 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import("//build/ohos.gni") - -ohos_ndk_library("libasset_ndk") { - output_name = "asset_ndk" - output_extension = "z.so" - ndk_description_file = "./libasset.ndk.json" - min_compact_version = "11" - system_capability = "SystemCapability.Security.Asset" - system_capability_headers = [ - "inc/asset_api.h", - "inc/asset_type.h", - ] -} - -ohos_ndk_headers("asset_header") { - dest_dir = "$ndk_headers_out_dir/asset" - sources = [ - "inc/asset_api.h", - "inc/asset_type.h", - ] -} - +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") + +ohos_ndk_library("libasset_ndk") { + output_name = "asset_ndk" + output_extension = "z.so" + ndk_description_file = "./libasset.ndk.json" + min_compact_version = "11" + system_capability = "SystemCapability.Security.Asset" + system_capability_headers = [ + "inc/asset_api.h", + "inc/asset_type.h", + ] +} + +ohos_ndk_headers("asset_header") { + dest_dir = "$ndk_headers_out_dir/asset" + sources = [ + "inc/asset_api.h", + "inc/asset_type.h", + ] +} -- Gitee