fix: add device group relationship check

Signed-off-by: weiqian <weiqian22@huawei.com>

core/authentication/include/auth_hichain_adapter.h

@@ -47,6 +47,7 @@ bool CheckDeviceInGroupByType(const char *udid, const char *uuid, HichainGroup g
 bool CheckHasRelatedGroupInfo(HichainGroup groupType);
 void DestroyDeviceAuth(void);
 bool IsPotentialTrustedDevice(TrustedRelationIdType idType, const char *deviceId, bool isPrecise, bool isPointToPoint);
+bool IsSameAccountGroupDevice(const char *deviceId);
 void CancelRequest(int64_t authReqId, const char *appId);
 
 #ifdef __cplusplus

core/authentication/interface/auth_interface.h

@@ -150,6 +150,7 @@ void UnregGroupChangeListener(void);
 TrustedReturnType AuthHasTrustedRelation(void);
 bool AuthIsPotentialTrusted(const DeviceInfo *device);
 bool IsAuthHasTrustedRelation(void);
+bool AuthHasSameAccountGroup(const DeviceInfo *device);
 
 int32_t AuthStartListening(AuthLinkType type, const char *ip, int32_t port);
 void AuthStopListening(AuthLinkType type);

core/authentication/src/auth_hichain_adapter.c

@@ -289,6 +289,40 @@ uint32_t HichainGetJoinedGroups(int32_t groupType)
     return groupCnt;
 }
 
+bool IsSameAccountGroupDevice(const char *deviceId)
+{
+    (void)deviceId;
+    uint32_t groupNum = 0;
+    char *returnGroupVec = NULL;
+
+    const DeviceGroupManager *gmInstance = GetGmInstance();
+    if (gmInstance == NULL) {
+        AUTH_LOGE(AUTH_HICHAIN, "hichain GetGmInstance failed");
+        return false;
+    }
+    int32_t accountId = GetActiveOsAccountIds();
+    if (accountId <= 0) {
+        AUTH_LOGE(AUTH_HICHAIN, "accountId is invalid");
+        return false;
+    }
+
+    if (gmInstance->getJoinedGroups(accountId, AUTH_APPID, SAME_ACCOUNT_GROUY_TYPE, &returnGroupVec, &groupNum) !=
+        SOFTBUS_OK) {
+        AUTH_LOGE(AUTH_HICHAIN, "getJoinedGroups fail, accountId=%{public}d", accountId);
+        gmInstance->destroyInfo(&returnGroupVec);
+        return false;
+    }
+    if (groupNum == 0) {
+        AUTH_LOGE(AUTH_HICHAIN, "getJoinedGroups zero");
+        gmInstance->destroyInfo(&returnGroupVec);
+        return false;
+    } else {
+        AUTH_LOGI(AUTH_HICHAIN, "getJoinedGroups: %{public}d", groupNum);
+        gmInstance->destroyInfo(&returnGroupVec);
+        return true;
+    }
+}
+
 void CancelRequest(int64_t authReqId, const char *appId)
 {
     AUTH_CHECK_AND_RETURN_LOGE(appId != NULL, AUTH_HICHAIN, "appId is null");

core/authentication/src/auth_interface.c

@@ -642,6 +642,34 @@ bool AuthIsPotentialTrusted(const DeviceInfo *device)
     return false;
 }
 
+bool AuthHasSameAccountGroup(const DeviceInfo *device)
+{
+    if (device == NULL) {
+        AUTH_LOGE(AUTH_HICHAIN, "device is null");
+        return false;
+    }
+    uint8_t localAccountHash[SHA_256_HASH_LEN] = { 0 };
+    DeviceInfo defaultInfo;
+    (void)memset_s(&defaultInfo, sizeof(DeviceInfo), 0, sizeof(DeviceInfo));
+    bool isSameAccountGroup = false;
+
+    if (LnnGetLocalByteInfo(BYTE_KEY_ACCOUNT_HASH, localAccountHash, SHA_256_HASH_LEN) != SOFTBUS_OK) {
+        AUTH_LOGE(AUTH_HICHAIN, "get local accountHash fail");
+        return false;
+    }
+    if (memcmp(localAccountHash, device->accountHash, SHORT_ACCOUNT_HASH_LEN) == 0 && !LnnIsDefaultOhosAccount()) {
+        isSameAccountGroup = true;
+        AUTH_LOGI(AUTH_HICHAIN, "account is same, continue check same account group relation.");
+    }
+    if (isSameAccountGroup) {
+        if (!IsSameAccountGroupDevice(device->devId)) {
+            AUTH_LOGE(AUTH_HICHAIN, "device has not same account group relation, stop verify progress");
+            return false;
+        }
+    }
+    return true;
+}
+
 TrustedReturnType AuthHasTrustedRelation(void)
 {
     uint32_t num = 0;

core/bus_center/lnn/disc_mgr/src/lnn_coap_discovery_impl.c

@@ -42,6 +42,20 @@ static DiscInnerCallback g_discCb = {
     .OnDeviceFound = DeviceFound,
 };
 
+static int32_t LnnCheckDiscoveryDeviceInfo(const DeviceInfo *device)
+{
+    if (device->addr[0].type != CONNECTION_ADDR_WLAN && device->addr[0].type != CONNECTION_ADDR_ETH) {
+        LNN_LOGE(LNN_BUILDER, "discovery get invalid addrType=%{public}d", device->addr[0].type);
+        return SOFTBUS_INVALID_PARAM;
+    }
+    if (device->addr[0].info.ip.port == 0) {
+        LNN_LOGD(LNN_BUILDER, "discovery get port is 0!");
+        LnnCoapConnect(device->addr[0].info.ip.ip);
+        return SOFTBUS_INVALID_PARAM;
+    }
+    return SOFTBUS_OK;
+}
+
 static void DeviceFound(const DeviceInfo *device, const InnerDeviceInfoAddtions *addtions)
 {
     ConnectionAddr addr;
@@ -62,19 +76,20 @@ static void DeviceFound(const DeviceInfo *device, const InnerDeviceInfoAddtions
         AnonymizeFree(anonyDevId);
         return;
     }
-    AnonymizeFree(anonyDevId);
-    if (device->addr[0].type != CONNECTION_ADDR_WLAN && device->addr[0].type != CONNECTION_ADDR_ETH) {
-        LNN_LOGE(LNN_BUILDER, "discovery get invalid addrType=%{public}d", device->addr[0].type);
+    if (!AuthHasSameAccountGroup(device)) {
+        LNN_LOGE(LNN_BUILDER, "device has not same account group relation with local device, devId=%{public}s",
+            anonyDevId);
+        AnonymizeFree(anonyDevId);
         return;
     }
-    if (device->addr[0].info.ip.port == 0) {
-        LNN_LOGD(LNN_BUILDER, "discovery get port is 0!");
-        LnnCoapConnect(device->addr[0].info.ip.ip);
+    AnonymizeFree(anonyDevId);
+    if (LnnCheckDiscoveryDeviceInfo(device) != SOFTBUS_OK) {
+        LNN_LOGE(LNN_BUILDER, "get invalid device para");
         return;
     }
     addr.type = device->addr[0].type;
-    if (strncpy_s(addr.info.ip.ip, IP_STR_MAX_LEN, device->addr[0].info.ip.ip,
-        strlen(device->addr[0].info.ip.ip)) != 0) {
+    if (strncpy_s(addr.info.ip.ip, IP_STR_MAX_LEN, device->addr[0].info.ip.ip, strlen(device->addr[0].info.ip.ip)) !=
+        0) {
         LNN_LOGE(LNN_BUILDER, "strncpy ip failed");
         return;
     }

core/bus_center/lnn/lane_hub/heartbeat/src/lnn_heartbeat_medium_mgr.c

@@ -571,6 +571,7 @@ static int32_t HbAddAsyncProcessCallbackDelay(DeviceInfo *device)
             }
             bleExtra.status = BLE_REPORT_EVENT_INIT;
             AddNodeToLnnBleReportExtraMap(udidHash, &bleExtra);
+            // udidHash will free When the callback function HbProcessDfxMessage is started.
             return SOFTBUS_OK;
         }
         SoftBusFree(udidHash);
@@ -587,6 +588,12 @@ static int32_t SoftBusNetNodeResult(DeviceInfo *device, bool isConnect)
         anonyUdid, device->addr[0].type, isConnect);
     AnonymizeFree(anonyUdid);
 
+    if (isConnect) {
+        if (!AuthHasSameAccountGroup(device)) {
+            LNN_LOGE(LNN_HEART_BEAT, "device has not same account group relation with local device");
+            return SOFTBUS_NETWORK_HEARTBEAT_UNTRUSTED;
+        }
+    }
     if (HbAddAsyncProcessCallbackDelay(device) != SOFTBUS_OK) {
         LNN_LOGE(LNN_HEART_BEAT, "HbAddAsyncProcessCallbackDelay fail");
     }

tests/core/bus_center/test/heartbeat/hb_medium_mgr_test.cpp

@@ -823,16 +823,18 @@ HWTEST_F(HeartBeatMediumTest, SoftBusNetNodeResult_TEST01, TestSize.Level1)
     DeviceInfo device;
     (void)memset_s(&device, sizeof(DeviceInfo), 0, sizeof(DeviceInfo));
     NiceMock<HeartBeatStategyInterfaceMock> heartBeatMock;
+    NiceMock<LnnNetLedgertInterfaceMock> ledgerMock;
     EXPECT_CALL(heartBeatMock, LnnNotifyDiscoveryDevice)
         .WillOnce(Return(SOFTBUS_ERR))
         .WillRepeatedly(Return(SOFTBUS_OK));
     EXPECT_CALL(heartBeatMock, IsExistLnnDfxNodeByUdidHash).WillRepeatedly(Return(true));
+    EXPECT_CALL(ledgerMock, LnnGetLocalByteInfo).WillOnce(Return(SOFTBUS_ERR));
     int32_t ret = SoftBusNetNodeResult(&device, false);
     EXPECT_TRUE(ret == SOFTBUS_ERR);
     ret = SoftBusNetNodeResult(&device, false);
     EXPECT_TRUE(ret == SOFTBUS_NETWORK_NODE_DIRECT_ONLINE);
     ret = SoftBusNetNodeResult(&device, true);
-    EXPECT_TRUE(ret == SOFTBUS_NETWORK_NODE_OFFLINE);
+    EXPECT_TRUE(ret == SOFTBUS_NETWORK_HEARTBEAT_UNTRUSTED);
 }
 
 /*