From ef15ed9ce8b38ddc0999526499ce04041f25ed6d Mon Sep 17 00:00:00 2001 From: yangliu Date: Tue, 27 May 2025 19:11:45 +0800 Subject: [PATCH] update Signed-off-by: yangliu --- .../src/device_manager_adapter.cpp | 23 +++++++++++++------ .../include/communicator/commu_types.h | 3 +++ .../communicator/device_manager_adapter.h | 4 ++-- .../route_head_handler_impl.cpp | 3 ++- .../src/session_manager/session_manager.cpp | 23 +++++++++++++++++-- .../app/src/session_manager/session_manager.h | 1 + .../test/unittest/session_manager_test.cpp | 4 ++-- .../service/kvdb/auth_delegate.cpp | 10 ++++---- .../service/kvdb/auth_delegate.h | 2 +- .../service/test/mock/auth_delegate_mock.h | 2 +- .../test/mock/device_manager_adapter_mock.cpp | 4 ++-- 11 files changed, 56 insertions(+), 23 deletions(-) diff --git a/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp b/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp index 817824732..e83ac9d3a 100644 --- a/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp +++ b/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp @@ -625,22 +625,31 @@ bool DeviceManagerAdapter::IsSameAccount(const std::string &id) return DeviceManager::GetInstance().IsSameAccount(networkId); } -bool DeviceManagerAdapter::CheckAccessControl(const AccessCaller &accCaller, const AccessCallee &accCallee) +bool DeviceManagerAdapter::CheckAccessControl(const AccessCaller &accCaller, const AccessCallee &accCallee, + bool isSend) { DmAccessCaller dmAccessCaller = { .accountId = accCaller.accountId, .pkgName = accCaller.bundleName, - .networkId = accCaller.networkId, .userId = accCaller.userId }; - DmAccessCallee dmAccessCallee = { .accountId = accCallee.accountId, .networkId = accCallee.networkId, - .userId = accCallee.userId }; - return DeviceManager::GetInstance().CheckAccessControl(dmAccessCaller, dmAccessCallee); + .networkId = accCaller.networkId, .tokenId = accCaller.tokenId, .userId = accCaller.userId }; + DmAccessCallee dmAccessCallee = { .accountId = accCallee.accountId, .pkgName = accCallee.bundleName, + .networkId = accCallee.networkId, .tokenId = accCallee.tokenId,, .userId = accCallee.userId }; + if (isSend) { + return DeviceManager::GetInstance().CheckSrcAccessControl(dmAccessCaller, dmAccessCallee); + } else { + return DeviceManager::GetInstance().CheckSinkAccessControl(dmAccessCaller, dmAccessCallee); + } } -bool DeviceManagerAdapter::IsSameAccount(const AccessCaller &accCaller, const AccessCallee &accCallee) +bool DeviceManagerAdapter::IsSameAccount(const AccessCaller &accCaller, const AccessCallee &accCallee, bool isSend) { DmAccessCaller dmAccessCaller = { .accountId = accCaller.accountId, .networkId = accCaller.networkId, .userId = accCaller.userId }; DmAccessCallee dmAccessCallee = { .accountId = accCallee.accountId, .networkId = accCallee.networkId, .userId = accCallee.userId }; - return DeviceManager::GetInstance().CheckIsSameAccount(dmAccessCaller, dmAccessCallee); + if (isSend) { + return DeviceManager::GetInstance().CheckSrcIsSameAccount(dmAccessCaller, dmAccessCallee); + } else { + return DeviceManager::GetInstance().CheckSinkIsSameAccount(dmAccessCaller, dmAccessCallee); + } } void DeviceManagerAdapter::ResetLocalDeviceInfo() diff --git a/services/distributeddataservice/adapter/include/communicator/commu_types.h b/services/distributeddataservice/adapter/include/communicator/commu_types.h index 6b1f1af69..dcc50a689 100644 --- a/services/distributeddataservice/adapter/include/communicator/commu_types.h +++ b/services/distributeddataservice/adapter/include/communicator/commu_types.h @@ -35,12 +35,15 @@ struct API_EXPORT AccessCaller { std::string bundleName; std::string networkId; int32_t userId; + uint64_t tokenId; }; struct API_EXPORT AccessCallee { std::string accountId; + std::string bundleName; std::string networkId; int32_t userId; + uint64_t tokenId; }; struct API_EXPORT AclParams { diff --git a/services/distributeddataservice/adapter/include/communicator/device_manager_adapter.h b/services/distributeddataservice/adapter/include/communicator/device_manager_adapter.h index 53135966b..5cc8aff7e 100644 --- a/services/distributeddataservice/adapter/include/communicator/device_manager_adapter.h +++ b/services/distributeddataservice/adapter/include/communicator/device_manager_adapter.h @@ -71,8 +71,8 @@ public: void NotifyReadyEvent(const std::string &uuid); int32_t GetAuthType(const std::string& id); bool IsSameAccount(const std::string &id); - bool IsSameAccount(const AccessCaller &accCaller, const AccessCallee &accCallee); - bool CheckAccessControl(const AccessCaller &accCaller, const AccessCallee &accCallee); + bool IsSameAccount(const AccessCaller &accCaller, const AccessCallee &accCallee, bool isSend = true); + bool CheckAccessControl(const AccessCaller &accCaller, const AccessCallee &accCallee, bool isSend = true); void Offline(const DmDeviceInfo &info); void OnReady(const DmDeviceInfo &info); friend class DataMgrDmStateCall; diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index 9437ee8ac..bb90620dd 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -296,6 +296,7 @@ std::string RouteHeadHandlerImpl::ParseStoreId(const std::string &deviceId, cons if (labelTag != label) { continue; } + session_.storeId = storeMeta.storeId; return storeMeta.storeId; } return ""; @@ -331,7 +332,7 @@ bool RouteHeadHandlerImpl::ParseHeadDataUser(const uint8_t *data, uint32_t total } // flip the local and peer ends - SessionPoint local { .deviceId = session_.targetDeviceId, .appId = session_.appId }; + SessionPoint local { .deviceId = session_.targetDeviceId, .appId = session_.appId, .storeId = session_.storeId }; SessionPoint peer { .deviceId = session_.sourceDeviceId, .userId = session_.sourceUserId, .appId = session_.appId, .accountId = session_.accountId }; ZLOGD("valid session:appId:%{public}s, srcDevId:%{public}s, srcUser:%{public}u, trgDevId:%{public}s,", diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.cpp b/services/distributeddataservice/app/src/session_manager/session_manager.cpp index cb435f6fb..552e1ace2 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.cpp +++ b/services/distributeddataservice/app/src/session_manager/session_manager.cpp @@ -98,6 +98,7 @@ bool SessionManager::GetSendAuthParams(const SessionPoint &local, const std::str aclParams.accCaller.accountId = local.accountId; aclParams.accCaller.userId = local.userId; aclParams.accCaller.networkId = DmAdapter::GetInstance().ToNetworkID(local.deviceId); + aclParams.accCaller.tokenId = storeMeta.tokenId; aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId); aclParams.authType = storeMeta.authType; @@ -120,16 +121,19 @@ bool SessionManager::GetRecvAuthParams(const SessionPoint &local, const SessionP return false; } for (const auto &storeMeta : metaData) { - if (storeMeta.appId == local.appId) { + if (storeMeta.appId == local.appId && storeMeta.storeId == local.storeId) { auto accountId = AccountDelegate::GetInstance()->GetCurrentAccountId(); aclParams.accCaller.bundleName = storeMeta.bundleName; aclParams.accCaller.accountId = accountId; aclParams.accCaller.userId = local.userId; aclParams.accCaller.networkId = DmAdapter::GetInstance().ToNetworkID(local.deviceId); + aclParams.accCaller.tokenId = GetTokenId(storeMeta.bundleName, local); + aclParams.accCallee.bundleName = storeMeta.bundleName; aclParams.accCallee.accountId = accountFlag ? peer.accountId : accountId; aclParams.accCallee.userId = peer.userId; aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(peer.deviceId); + aclParams.accCallee.tokenId = storeMeta.tokenId; aclParams.authType = storeMeta.authType; return true; } @@ -140,6 +144,21 @@ bool SessionManager::GetRecvAuthParams(const SessionPoint &local, const SessionP return false; } +uint64_t SessionManager::GetTokenId(const std::string &bundleName, const SessionPoint &local) const +{ + StoreMetaData meta; + meta.bundleName = bundleName; + meta.storeId = local.storeId; + meta.user = std::to_string(local.userId); + meta.devicdId = local.deviceId; + if (!MetaDataManager::GetInstance().LoadMeta(meta.GetKey(), meta)) { + ZLOGE("load meta failed, deviceId:%{public}s, user:%{public}d, storeId:%{public}s, bundleName:%{public}s", + Anonymous::Change(local.deviceId).c_str(), local.userId, + Anonymous::Change(local.storeId).c_str(), bundleName.c_str()); + } + return meta.tokenId; +} + bool SessionManager::CheckSession(const SessionPoint &local, const SessionPoint &peer, bool accountFlag) const { AclParams aclParams; @@ -148,7 +167,7 @@ bool SessionManager::CheckSession(const SessionPoint &local, const SessionPoint return false; } auto [isPermitted, isSameAccount] = AuthDelegate::GetInstance()->CheckAccess(local.userId, - peer.userId, peer.deviceId, aclParams); + peer.userId, peer.deviceId, aclParams, false); ZLOGD("peer.deviceId:%{public}s, peer.userId:%{public}d, isPermitted:%{public}d, isSameAccount: %{public}d", Anonymous::Change(peer.deviceId).c_str(), peer.userId, isPermitted, isSameAccount); if (isPermitted && local.userId != UserDelegate::SYSTEM_USER) { diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.h b/services/distributeddataservice/app/src/session_manager/session_manager.h index c41e30c23..a0c239cf3 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.h +++ b/services/distributeddataservice/app/src/session_manager/session_manager.h @@ -60,6 +60,7 @@ private: AclParams &aclParams) const; bool GetRecvAuthParams(const SessionPoint &local, const SessionPoint &peer, bool accountFlag, AclParams &aclParams) const; + uint64_t GetTokenId(const std::string &bundleName, const SessionPoint &local) const; }; } // namespace OHOS::DistributedData diff --git a/services/distributeddataservice/app/test/unittest/session_manager_test.cpp b/services/distributeddataservice/app/test/unittest/session_manager_test.cpp index a6452ce4d..793b73c6d 100644 --- a/services/distributeddataservice/app/test/unittest/session_manager_test.cpp +++ b/services/distributeddataservice/app/test/unittest/session_manager_test.cpp @@ -574,7 +574,7 @@ HWTEST_F(SessionManagerTest, ShouldAddSystemUserWhenLocalUserIdIsSystem, TestSiz std::vector users; CreateUserStatus(users); EXPECT_CALL(*userDelegateMock, GetRemoteUserStatus(_)).WillOnce(Return(users)); - EXPECT_CALL(AuthHandlerMock::GetInstance(), CheckAccess(_, _, _, _)) + EXPECT_CALL(AuthHandlerMock::GetInstance(), CheckAccess(_, _, _, _, _)) .WillOnce(Return(std::pair(true, true))) .WillOnce(Return(std::pair(true, false))) .WillOnce(Return(std::pair(false, true))) @@ -633,7 +633,7 @@ HWTEST_F(SessionManagerTest, CheckSession, TestSize.Level1) EXPECT_CALL(*metaDataMock, LoadMeta(_, _, _)) .WillOnce(DoAll(SetArgReferee<1>(datas), Return(false))) .WillRepeatedly(DoAll(SetArgReferee<1>(datas), Return(true))); - EXPECT_CALL(AuthHandlerMock::GetInstance(), CheckAccess(_, _, _, _)) + EXPECT_CALL(AuthHandlerMock::GetInstance(), CheckAccess(_, _, _, _, _)) .WillOnce(Return(std::pair(false, true))) .WillOnce(Return(std::pair(true, false))); bool result = SessionManager::GetInstance().CheckSession(localSys, localNormal, true); diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.cpp b/services/distributeddataservice/service/kvdb/auth_delegate.cpp index f76965451..f9478fda8 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.cpp +++ b/services/distributeddataservice/service/kvdb/auth_delegate.cpp @@ -29,7 +29,7 @@ class AuthHandlerStub : public AuthHandler { public: // override for mock auth in current version, need remove in the future std::pair CheckAccess(int localUserId, int peerUserId, const std::string &peerDeviceId, - const AclParams &aclParams) override; + const AclParams &aclParams, bool isSend = true) override; private: bool IsUserActive(const std::vector &users, int32_t userId); bool CheckUsers(int localUserId, int peerUserId, const std::string &peerDeviceId); @@ -55,7 +55,7 @@ bool AuthHandlerStub::CheckUsers(int localUserId, int peerUserId, const std::str } std::pair AuthHandlerStub::CheckAccess(int localUserId, int peerUserId, const std::string &peerDeviceId, - const AclParams &aclParams) + const AclParams &aclParams, bool isSend) { if (IsSystemUser(localUserId, peerUserId)) { return std::make_pair(true, false); @@ -64,10 +64,10 @@ std::pair AuthHandlerStub::CheckAccess(int localUserId, int peerUser return std::make_pair(false, false); } if (aclParams.authType == static_cast(DistributedKv::AuthType::DEFAULT)) { - if (DmAdapter::GetInstance().IsSameAccount(aclParams.accCaller, aclParams.accCallee)) { + if (DmAdapter::GetInstance().IsSameAccount(aclParams.accCaller, aclParams.accCallee, isSend)) { return std::make_pair(true, true); } - if (DmAdapter::GetInstance().CheckAccessControl(aclParams.accCaller, aclParams.accCallee)) { + if (DmAdapter::GetInstance().CheckAccessControl(aclParams.accCaller, aclParams.accCallee, isSend)) { return std::make_pair(true, false); } ZLOGE("CheckAccess failed. bundleName:%{public}s, localUser:%{public}d, peerUser:%{public}d", @@ -76,7 +76,7 @@ std::pair AuthHandlerStub::CheckAccess(int localUserId, int peerUser } if (aclParams.authType == static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT)) { - auto isSameAccount = DmAdapter::GetInstance().IsSameAccount(aclParams.accCaller, aclParams.accCallee); + auto isSameAccount = DmAdapter::GetInstance().IsSameAccount(aclParams.accCaller, aclParams.accCallee, isSend); return std::make_pair(isSameAccount, isSameAccount); } ZLOGE("CheckAccess failed.bundleName:%{public}s,peerDeviceId:%{public}s,authtype:%{public}d", diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.h b/services/distributeddataservice/service/kvdb/auth_delegate.h index 199b7e745..97f77990d 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.h +++ b/services/distributeddataservice/service/kvdb/auth_delegate.h @@ -34,7 +34,7 @@ enum AUTH_GROUP_TYPE { class AuthHandler { public: virtual std::pair CheckAccess(int localUserId, int peerUserId, - const std::string &peerDeviceId, const AclParams &aclParams); + const std::string &peerDeviceId, const AclParams &aclParams, bool isSend = true); }; class AuthDelegate { diff --git a/services/distributeddataservice/service/test/mock/auth_delegate_mock.h b/services/distributeddataservice/service/test/mock/auth_delegate_mock.h index 4524aec56..5c20c6460 100644 --- a/services/distributeddataservice/service/test/mock/auth_delegate_mock.h +++ b/services/distributeddataservice/service/test/mock/auth_delegate_mock.h @@ -31,7 +31,7 @@ public: return instance; } MOCK_METHOD((std::pair), CheckAccess, - (int localUserId, int peerUserId, const std::string &peerDeviceId, const AclParams &aclParams), (override)); + (int localUserId, int peerUserId, const std::string &peerDeviceId, const AclParams &aclParams, bool isSend), (override)); }; } // namespace DistributedData } // namespace OHOS diff --git a/services/distributeddataservice/service/test/mock/device_manager_adapter_mock.cpp b/services/distributeddataservice/service/test/mock/device_manager_adapter_mock.cpp index 7bc2b7e82..12adf604e 100644 --- a/services/distributeddataservice/service/test/mock/device_manager_adapter_mock.cpp +++ b/services/distributeddataservice/service/test/mock/device_manager_adapter_mock.cpp @@ -42,7 +42,7 @@ bool OHOS::DistributedData::DeviceManagerAdapter::IsOHOSType(const std::string & return BDeviceManagerAdapter::deviceManagerAdapter->IsOHOSType(id); } -bool DeviceManagerAdapter::IsSameAccount(const AccessCaller &accCaller, const AccessCallee &accCallee) +bool DeviceManagerAdapter::IsSameAccount(const AccessCaller &accCaller, const AccessCallee &accCallee, bool isSend) { if (BDeviceManagerAdapter::deviceManagerAdapter == nullptr) { return false; @@ -58,7 +58,7 @@ bool DeviceManagerAdapter::IsSameAccount(const std::string &devicdId) return BDeviceManagerAdapter::deviceManagerAdapter->IsSameAccount(devicdId); } -bool DeviceManagerAdapter::CheckAccessControl(const AccessCaller &accCaller, const AccessCallee &accCallee) +bool DeviceManagerAdapter::CheckAccessControl(const AccessCaller &accCaller, const AccessCallee &accCallee, bool isSend) { if (BDeviceManagerAdapter::deviceManagerAdapter == nullptr) { return false; -- Gitee