openharmony/distributeddatamgr_datamgr_service
1
0
Fork 0
mirror of https://gitee.com/openharmony/distributeddatamgr_datamgr_service synced 2024-11-27 00:51:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

update

Browse Source 
Signed-off-by: yangliu <yangliu178@huawei.com>
This commit is contained in:
yangliu 2024-11-09 21:17:46 +08:00
parent 3411eff93b
commit 786a5747e3
6 changed files with 91 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
services/distributeddataservice/adapter/include/communicator/commu_types.h
View File

@ -46,7 +46,6 @@ struct API_EXPORT AccessCallee {
struct API_EXPORT AclParams {
AccessCaller accCaller;
AccessCallee accCallee;
bool isSendStatus = true;
int32_t authType = 0;
};

130
services/distributeddataservice/app/src/session_manager/session_manager.cpp
View File

@ -61,89 +61,83 @@ Session SessionManager::GetSession(const SessionPoint &from, const std::string &
}
AclParams aclParams;
if (!GetAuthParams(from, targetDeviceId, aclParams)) {
if (!GetSendAuthParams(from, targetDeviceId, aclParams)) {
return session;
}
return GetTrustUsers(from, targetDeviceId, users, session, aclParams);
}
Session SessionManager::GetTrustUsers(const SessionPoint &from, const std::string &targetDeviceId,
const std::vector<DistributedData::UserStatus> &users, const AclParams) const
{
std::vector<uint32_t> noAccountUsers {};
for (const auto &user : users) {
bool isSameAccountUser = true;
bool isPermitted = AuthDelegate::GetInstance()->CheckAccess(from.userId, user.id,
targetDeviceId, aclParams, isSameAccountUser);
ZLOGI("access to peer user %{public}d is %{public}d", user.id, isPermitted);
if (isPermitted) {
if (!isSameAccountUser) {
auto it = std::find(noAccountUsers.begin(), noAccountUsers.end(), user.id);
if (it == noAccountUsers.end()) {
noAccountUsers.push_back(user.id);
}
} else {
auto it = std::find(session.targetUserIds.begin(), session.targetUserIds.end(), user.id);
if (it == session.targetUserIds.end()) {
session.targetUserIds.push_back(user.id);
}
auto permittedPair = AuthDelegate::GetInstance()->CheckAccess(from.userId, user.id, targetDeviceId, aclParams);
if (permittedPair.first) {
auto it = std::find(session.targetUserIds.begin(), session.targetUserIds.end(), user.id);
if (it == session.targetUserIds.end() && permittedPair.second) {
session.targetUserIds.insert(session.targetUserIds.begin(), user.id);
}
if (!noAccountUsers.empty()) {
session.targetUserIds.insert(session.targetUserIds.end(), noAccountUsers.begin(), noAccountUsers.end());
if (it == session.targetUserIds.end() && !permittedPair.second) {
session.targetUserIds.push_back(user.id);
}
}
}
ZLOGD("end");
ZLOGI("access to peer user:%{public}d", session.targetUserIds[0]);
return session;
}
bool SessionManager::GetAuthParams(const SessionPoint &from, const std::string &targetDeviceId,
bool SessionManager::GetSendAuthParams(const SessionPoint &from, const std::string &targetDeviceId,
AclParams &aclParams) const
{
std::vector<StoreMetaData> metaData;
if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ from.deviceId,
std::to_string(from.userId) }), metaData)) {
ZLOGE("load meta failed, deviceId:%{public}s, user:%{public}d",
Anonymous::Change(from.deviceId).c_str(),from.userId);
return false;
}
for (const auto &storeMeta : metaData) {
if (storeMeta.appId == from.appId && storeMeta.storeId == from.storeId) {
aclParams.accCaller.bundleName = storeMeta.bundleName;
aclParams.accCaller.accountId = AccountDelegate::GetInstance()->GetCurrentAccountId();
aclParams.accCaller.userId = from.userId;
aclParams.accCaller.networkId = DmAdapter::GetInstance().ToNetworkID(from.deviceId);
aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId);
aclParams.authType = storeMeta.authType;
break;
}
}
if (metaData.empty()) {
ZLOGE("not find metadata,appId:%{public}s,localDevId:%{public}d,tarDevid:%{public}d", from.appId.c_str(),
Anonymous::Change(from.deviceId).c_str(), Anonymous::Change(targetDeviceId).c_str());
}
return true;
}
bool SessionManager::GetRecvAuthParams(const SessionPoint &from, const std::string &targetDeviceId,
AclParams &aclParams, int32_t peerUser) const
{
std::vector<StoreMetaData> metaData;
if (aclParams.isSendStatus) {
if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ from.deviceId }), metaData)) {
ZLOGW("load meta failed, deviceId:%{public}s", Anonymous::Change(from.deviceId).c_str());
return false;
}
for (const auto &storeMeta : metaData) {
if (storeMeta.appId == from.appId && storeMeta.storeId == from.storeId) {
aclParams.accCaller.bundleName = storeMeta.bundleName;
aclParams.accCaller.accountId = AccountDelegate::GetInstance()->GetCurrentAccountId();
aclParams.accCaller.userId = from.userId;
aclParams.accCaller.networkId = DmAdapter::GetInstance().ToNetworkID(from.deviceId);
if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ targetDeviceId,
std::to_string(peerUser) }), metaData)) {
ZLOGE("load meta failed, deviceId:%{public}s, user:%{public}d",
Anonymous::Change(targetDeviceId).c_str(), peerUser);
return false;
}
for (const auto &storeMeta : metaData) {
if (storeMeta.appId == from.appId) {
auto accountId = AccountDelegate::GetInstance()->GetCurrentAccountId();
aclParams.accCaller.bundleName = storeMeta.bundleName;
aclParams.accCaller.accountId = accountId;
aclParams.accCaller.userId = from.userId;
aclParams.accCaller.networkId = DmAdapter::GetInstance().ToNetworkID(from.deviceId);
aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId);
aclParams.authType = storeMeta.authType;
break;
}
}
} else {
if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ targetDeviceId }), metaData)) {
ZLOGW("load meta failed, deviceId:%{public}s", Anonymous::Change(targetDeviceId).c_str());
return false;
}
for (const auto &storeMeta : metaData) {
if (storeMeta.appId == from.appId) {
auto accountId = AccountDelegate::GetInstance()->GetCurrentAccountId();
aclParams.accCaller.bundleName = storeMeta.bundleName;
aclParams.accCaller.accountId = accountId;
aclParams.accCaller.userId = from.userId;
aclParams.accCaller.networkId = DmAdapter::GetInstance().ToNetworkID(from.deviceId);
aclParams.accCallee.accountId = accountId;
aclParams.accCallee.userId = peerUser;
aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId);
aclParams.authType = storeMeta.authType;
break;
}
aclParams.accCallee.accountId = accountId;
aclParams.accCallee.userId = peerUser;
aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId);
aclParams.authType = storeMeta.authType;
break;
}
}
if (metaData.empty()) {
ZLOGE("not find metadata,appId:%{public}s,isSendStatus:%{public}d,localDevId:%{public}d,tarDevid:%{public}d",
from.appId.c_str(), aclParams.isSendStatus, Anonymous::Change(from.deviceId).c_str(),
Anonymous::Change(targetDeviceId).c_str());
ZLOGE("not find metadata,appId:%{public}s,localDevId:%{public}d,tarDevid:%{public}d", from.appId.c_str(),
Anonymous::Change(from.deviceId).c_str(), Anonymous::Change(targetDeviceId).c_str());
}
return true;
}
@ -152,11 +146,11 @@ bool SessionManager::CheckSession(const SessionPoint &from, const SessionPoint &
{
AclParams aclParams;
aclParams.isSendStatus = false;
if (!GetAuthParams(from, to.deviceId, aclParams, to.userId)) {
if (!GetRecvAuthParams(from, to.deviceId, aclParams, to.userId)) {
return false;
}
bool isSameAccountUser = true;
return AuthDelegate::GetInstance()->CheckAccess(from.userId, to.userId, to.deviceId, aclParams, isSameAccountUser);
auto permittedPair = AuthDelegate::GetInstance()->CheckAccess(from.userId, to.userId, to.deviceId, aclParams);
return permittedPair.first;
}
bool Session::Marshal(json &node) const

8
services/distributeddataservice/app/src/session_manager/session_manager.h
View File

@ -53,10 +53,10 @@ public:
Session GetSession(const SessionPoint &from, const std::string &targetDeviceId) const;
bool CheckSession(const SessionPoint &from, const SessionPoint &to) const;
private:
bool GetAuthParams(const SessionPoint &from, const std::string &targetDeviceId,
AclParams &aclParams, int peerUser = 0) const;
Session SessionManager::GetTrustUsers(const SessionPoint &from, const std::string &targetDeviceId,
const std::vector<DistributedData::UserStatus> &users, const AclParams) const;
bool GetSendAuthParams(const SessionPoint &from, const std::string &targetDeviceId,
AclParams &aclParams) const;
bool GetRecvAuthParams(const SessionPoint &from, const std::string &targetDeviceId,
AclParams &aclParams, int peerUser) const;
};
} // namespace OHOS::DistributedData

36
services/distributeddataservice/service/kvdb/auth_delegate.cpp
View File

@ -30,9 +30,8 @@ using DmAdapter = OHOS::DistributedData::DeviceManagerAdapter;
class AuthHandlerStub : public AuthHandler {
public:
// override for mock auth in current version, need remove in the future
bool CheckAccess(
int localUserId, int peerUserId, const std::string &peerDeviceId,
const AclParams &aclParams, bool &isSameAccountUser) override;
std::pair<bool, bool> CheckAccess(int localUserId, int peerUserId, const std::string &peerDeviceId,
const AclParams &aclParams) override;
private:
bool IsUserActive(const std::vector<UserStatus> &users, int32_t userId);
bool CheckUsers(int localUserId, int peerUserId, const std::string &peerDeviceId);
@ -57,38 +56,37 @@ bool AuthHandlerStub::CheckUsers(int localUserId, int peerUserId, const std::str
return peerUserId != SYSTEM_USER && IsUserActive(localUsers, localUserId) && IsUserActive(peerUsers, peerUserId);
}
bool AuthHandlerStub::CheckAccess(int localUserId, int peerUserId, const std::string &peerDeviceId,
const AclParams &aclParams, bool &isSameAccountUser)
std::pair<bool, bool> AuthHandlerStub::CheckAccess(int localUserId, int peerUserId, const std::string &peerDeviceId,
const AclParams &aclParams)
{
if (IsSystemUser(localUserId, peerUserId)) {
return std::make_pair(true, false);
}
if (!CheckUsers(localUserId, peerUserId, peerDeviceId)) {
return std::make_pair(false, false);
}
if (!DmAdapter::GetInstance().IsOHOSType(peerDeviceId)) {
return CheckUsers(localUserId, peerUserId, peerDeviceId);
return std::make_pair(true, false);
}
if (aclParams.authType == static_cast<int32_t>(DistributedKv::AuthType::DEFAULT)) {
if (IsSystemUser(localUserId, peerUserId)) {
return true;
}
if (!CheckUsers(localUserId, peerUserId, peerDeviceId)) {
return false;
}
if (DmAdapter::GetInstance().CheckIsSameAccount(aclParams.accCaller, aclParams.accCallee)) {
return true;
return std::make_pair(true, true);
}
if (DmAdapter::GetInstance().CheckAccessControl(aclParams.accCaller, aclParams.accCallee)) {
isSameAccountUser = false;
return true;
return std::make_pair(true, false);
}
ZLOGE("CheckAccess failed. bundleName:%{public}s, localUser:%{public}d, peerUser:%{public}d",
aclParams.accCaller.bundleName.c_str(), localUserId, peerUserId);
return false;
return std::make_pair(false, false);
}
if (aclParams.authType == static_cast<int32_t>(DistributedKv::AuthType::IDENTICAL_ACCOUNT) &&
DmAdapter::GetInstance().IsSameAccount(peerDeviceId)) {
return CheckUsers(localUserId, peerDeviceId, peerDeviceId);
auto isSameAccount = DmAdapter::GetInstance().CheckIsSameAccount(aclParams.accCaller, aclParams.accCallee)) {
return std::make_pair(isSameAccount, true);
}
ZLOGE("CheckAccess failed.bundleName:%{public}s,peerDeviceId:%{public}s,authtype:%{public}d",
aclParams.accCaller.bundleName.c_str(), Anonymous::Change(peerDeviceId).c_str(), aclParams.authType);
return false;
return std::make_pair(false, false);
}
bool AuthHandlerStub::IsUserActive(const std::vector<UserStatus> &users, int32_t userId)

5
services/distributeddataservice/service/kvdb/auth_delegate.h
View File

@ -33,9 +33,8 @@ enum AUTH_GROUP_TYPE {
class AuthHandler {
public:
virtual bool CheckAccess(
int localUserId, int peerUserId, const std::string &peerDeviceId,
const AclParams &aclParams, bool &isSameAccountUser);
virtual std::pair<bool, bool> CheckAccess(int localUserId, int peerUserId,
const std::string &peerDeviceId, const AclParams &aclParams, bool &isSameAccountUser);
};
class AuthDelegate {

13
services/distributeddataservice/service/test/kvdb_service_test.cpp
View File

@ -658,31 +658,30 @@ HWTEST_F(AuthHandlerTest, AuthHandler, TestSize.Level0)
int peerUserId = 0;
std::string peerDeviceId = "";
AclParams aclParams;
aclParams.isSendStatus = false;
aclParams.authType = static_cast<int32_t>(DistributedKv::AuthType::IDENTICAL_ACCOUNT);
auto result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, aclParams);
EXPECT_TRUE(result);
EXPECT_TRUE(result.first);
aclParams.authType = static_cast<int32_t>(DistributedKv::AuthType::DEFAULT);
result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, aclParams);
EXPECT_TRUE(result);
EXPECT_TRUE(result.first);
aclParams.authType = static_cast<int32_t>(DistributedKv::AuthType::IDENTICAL_ACCOUNT);
peerDeviceId = "peerDeviceId";
result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, aclParams);
EXPECT_TRUE(result);
EXPECT_TRUE(result.first);
aclParams.authType = static_cast<int32_t>(DistributedKv::AuthType::DEFAULT);
result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, aclParams);
EXPECT_TRUE(result);
EXPECT_TRUE(result.first);
localUserId = 1;
result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, aclParams);
EXPECT_FALSE(result);
EXPECT_FALSE(result.first);
peerUserId = 1;
result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, aclParams);
EXPECT_FALSE(result);
EXPECT_FALSE(result.first);
}
} // namespace DistributedDataTest
} // namespace OHOS::Test