openharmony/filemanagement_storage_service
1
0
Fork 0
mirror of https://gitee.com/openharmony/filemanagement_storage_service synced 2024-11-23 06:59:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

!1067 el5升级场景修复

Browse Source 
Merge pull request !1067 from sunxiaoqiang/master
This commit is contained in:
openharmony_ci 2024-07-21 07:57:03 +00:00 committed by Gitee
commit 4dabec2b71
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
11 changed files with 51 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
services/storage_daemon/crypto/src/fbex.cpp
View File

@ -138,13 +138,14 @@ static inline bool CheckWriteBuffValid(const uint8_t *eBuffer, uint32_t size, ui
return (eBuffer != nullptr) && (size == (GCM_NONCE_BYTES + AES_256_HASH_RANDOM_SIZE + GCM_MAC_BYTES));
}
int FBEX::InstallEL5KeyToKernel(uint32_t userIdSingle, uint32_t userIdDouble, uint8_t flag)
int FBEX::InstallEL5KeyToKernel(uint32_t userIdSingle, uint32_t userIdDouble, uint8_t flag, bool &isSupport)
{
LOGI("InstallEL5KeyToKernel enter, userId: %{public}d, flag: %{public}u", userIdDouble, flag);
int fd = open(FBEX_UECE_PATH, O_RDWR);
if (fd < 0) {
if (errno == ENOENT) {
LOGE("fbex_uece does not exist, fbe not support this command!");
isSupport = false;
return 0;
}
LOGE("open fbex_cmd failed, errno: %{public}d", errno);

4
services/storage_daemon/crypto/src/fscrypt_key_v1.cpp
View File

@ -195,10 +195,10 @@ bool FscryptKeyV1::UnlockUserScreen(uint32_t flag, uint32_t sdpClass, const std:
return true;
}
bool FscryptKeyV1::AddClassE(uint32_t status)
bool FscryptKeyV1::AddClassE(bool &isSupport, uint32_t status)
{
LOGI("AddClassE enter");
if (!fscryptV1Ext.AddClassE(status)) {
if (!fscryptV1Ext.AddClassE(isSupport, status)) {
LOGE("fscryptV1Ext AddClassE failed");
return false;
}

4
services/storage_daemon/crypto/src/fscrypt_key_v1_ext.cpp
View File

@ -111,7 +111,7 @@ bool FscryptKeyV1Ext::GenerateAppkey(uint32_t user, uint32_t appUid, std::unique
return true;
}
bool FscryptKeyV1Ext::AddClassE(uint32_t status)
bool FscryptKeyV1Ext::AddClassE(bool &isSupport, uint32_t status)
{
if (!FBEX::IsFBEXSupported()) {
return true;
@ -119,7 +119,7 @@ bool FscryptKeyV1Ext::AddClassE(uint32_t status)
LOGD("enter");
uint32_t userIdDouble = GetMappedUserId(userId_, type_);
LOGI("map userId %{public}u to %{public}u", userId_, userIdDouble);
if (FBEX::InstallEL5KeyToKernel(userId_, userIdDouble, status)) {
if (FBEX::InstallEL5KeyToKernel(userId_, userIdDouble, status, isSupport)) {
LOGE("AddESecret failed, userId_ %{public}d, status is %{public}d", userId_, status);
return false;
}

3
services/storage_daemon/crypto/src/fscrypt_key_v2.cpp
View File

@ -148,9 +148,10 @@ bool FscryptKeyV2::DeleteAppkey(const std::string KeyId)
return false;
}
bool FscryptKeyV2::AddClassE(uint32_t status)
bool FscryptKeyV2::AddClassE(bool &isSupport, uint32_t status)
{
(void)status;
(void)isSupport;
LOGI("Unsupported fscrypt v2");
return true;
}

42
services/storage_daemon/crypto/src/key_manager.cpp
View File

@ -212,11 +212,21 @@ int KeyManager::GenerateAndInstallEl5Key(uint32_t userId, const std::string &dir
if (elKey == nullptr) {
return -EOPNOTSUPP;
}
if (elKey->AddClassE(FIRST_CREATE_KEY) == false) {
saveESecretStatus[userId] = true;
if (elKey->AddClassE(saveESecretStatus[userId], FIRST_CREATE_KEY) == false) {
DoDeleteUserKeys(userId);
LOGE("user %{public}u el5 create error", userId);
return -EFAULT;
}
std::string keyDir = GetKeyDirByUserAndType(userId, EL5_KEY);
if (keyDir == "") {
return E_KEY_TYPE_INVAL;
}
std::string keyUeceDir = UECE_DIR + "/" + std::to_string(userId);
if (!saveESecretStatus[userId]) {
OHOS::ForceRemoveDirectory(keyDir);
OHOS::ForceRemoveDirectory(keyUeceDir);
}
saveESecretStatus[userId] = (!auth.secret.IsEmpty() && !auth.token.IsEmpty());
if ((!auth.secret.IsEmpty() && !auth.token.IsEmpty()) &&
(!elKey->EncryptClassE(auth, saveESecretStatus[userId], userId, USER_ADD_AUTH))) {
@ -912,12 +922,9 @@ int KeyManager::ActiveCeSceSeceUserKey(unsigned int user,
LOGE("Have not found user %{public}u el", user);
return -ENOENT;
}
std::string keyUeceDir = UECE_DIR + "/" + std::to_string(user);
if ((type == EL5_KEY) && !IsDir(keyUeceDir)) {
LOGE("Have not found uece dir %{public}u el", user);
if ((type == EL5_KEY) && CheckAndDeleteEmptyEl5Directory(keyDir, user) != 0) {
return -ENOENT;
}
std::shared_ptr<BaseKey> elKey = GetBaseKey(keyDir);
if (elKey == nullptr) {
LOGE("elKey failed");
@ -946,6 +953,31 @@ int KeyManager::ActiveCeSceSeceUserKey(unsigned int user,
return 0;
}
int KeyManager::CheckAndDeleteEmptyEl5Directory(std::string keyDir, unsigned int user)
{
std::string keyUeceDir = UECE_DIR + "/" + std::to_string(user);
if (!IsDir(keyDir) || !IsDir(keyUeceDir)) {
LOGE("Have not found dir %{public}u el5", user);
return -ENOENT;
}
bool deleteSuccess = false;
if (IsDir(keyDir) && std::filesystem::is_empty(keyDir)) {
OHOS::ForceRemoveDirectory(keyDir);
LOGE("Have removed key dir %{public}u el5", user);
deleteSuccess = true;
}
if (IsDir(keyUeceDir) && std::filesystem::is_empty(keyUeceDir)) {
OHOS::ForceRemoveDirectory(keyUeceDir);
LOGE("Have removed key uece dir %{public}u el5", user);
deleteSuccess = true;
}
if (deleteSuccess) {
return -ENOENT;
}
return 0;
}
int KeyManager::ActiveUeceUserKey(unsigned int user,
const std::vector<uint8_t> &token,
const std::vector<uint8_t> &secret, std::shared_ptr<BaseKey> elKey)

2
services/storage_daemon/include/crypto/base_key.h
View File

@ -52,7 +52,7 @@ public:
virtual bool UnlockUserScreen(uint32_t flag, uint32_t sdpClass, const std::string &mnt = MNT_DATA) = 0;
virtual bool GenerateAppkey(uint32_t userId, uint32_t appUid, std::string &keyId) = 0;
virtual bool DeleteAppkey(const std::string KeyId) = 0;
virtual bool AddClassE(uint32_t status) = 0;
virtual bool AddClassE(bool &isSupport, uint32_t status) = 0;
virtual bool DeleteClassEPinCode(uint32_t userId) = 0;
virtual bool DecryptClassE(const UserAuth &auth, bool &isSupport, uint32_t user, uint32_t status) = 0;
virtual bool EncryptClassE(const UserAuth &auth, bool &isSupport, uint32_t user, uint32_t status) = 0;

2
services/storage_daemon/include/crypto/fbex.h
View File

@ -57,7 +57,7 @@ public:
static int WriteESecretToKernel(UserIdToFbeStr &userIdToFbe, uint32_t status, uint8_t *eBuffer, uint32_t length);
static bool IsMspReady();
static int GetStatus();
static int InstallEL5KeyToKernel(uint32_t userIdSingle, uint32_t userIdDouble, uint8_t flag);
static int InstallEL5KeyToKernel(uint32_t userIdSingle, uint32_t userIdDouble, uint8_t flag, bool &isSupport);
static int DeleteClassEPinCode(uint32_t userIdSingle, uint32_t userIdDouble);
static int ChangePinCodeClassE(uint32_t userIdSingle, uint32_t userIdDouble, bool &isFbeSupport);
static int GenerateAppkey(UserIdToFbeStr &userIdToFbe, uint32_t appUid, std::unique_ptr<uint8_t[]> &keyId,

2
services/storage_daemon/include/crypto/fscrypt_key_v1.h
View File

@ -39,7 +39,7 @@ public:
bool GenerateAppkey(uint32_t userId, uint32_t appUid, std::string &keyId);
bool DeleteAppkey(const std::string keyId);
void DropCachesIfNeed();
bool AddClassE(uint32_t status = 0);
bool AddClassE(bool &isSupport, uint32_t status = 0);
bool DeleteClassEPinCode(uint32_t userId = 0);
bool ChangePinCodeClassE(bool &isFbeSupport, uint32_t userId = 0);
bool DecryptClassE(const UserAuth &auth, bool &isSupport, uint32_t user = 0, uint32_t status = 0);

2
services/storage_daemon/include/crypto/fscrypt_key_v1_ext.h
View File

@ -35,7 +35,7 @@ public:
bool InactiveKeyExt(uint32_t flag);
bool LockUserScreenExt(uint32_t flag, uint32_t &elType);
bool UnlockUserScreenExt(uint32_t flag, uint8_t *iv, uint32_t size);
bool AddClassE(uint32_t status);
bool AddClassE(bool &isSupport, uint32_t status);
bool DeleteClassEPinCode(uint32_t userId);
bool ChangePinCodeClassE(uint32_t userId, bool &isFbeSupport);
bool ReadClassE(uint32_t status, uint8_t *classEBuffer, uint32_t length, bool &isFbeSupport);

2
services/storage_daemon/include/crypto/fscrypt_key_v2.h
View File

@ -34,7 +34,7 @@ public:
bool InactiveKey(uint32_t flag = 0, const std::string &mnt = MNT_DATA);
bool LockUserScreen(uint32_t flag = 0, uint32_t sdpClass = 0, const std::string &mnt = MNT_DATA);
bool UnlockUserScreen(uint32_t flag = 0, uint32_t sdpClass = 0, const std::string &mnt = MNT_DATA);
bool AddClassE(uint32_t status = 0);
bool AddClassE(bool &isSupport, uint32_t status = 0);
bool DeleteClassEPinCode(uint32_t userId = 0);
bool ChangePinCodeClassE(bool &isFbeSupport, uint32_t userId = 0);
bool DecryptClassE(const UserAuth &auth, bool &isSupport, uint32_t user = 0, uint32_t status = 0);

1
services/storage_daemon/include/crypto/key_manager.h
View File

@ -120,6 +120,7 @@ private:
const std::vector<uint8_t> &token, std::string keyDir,
const std::vector<uint8_t> &secret, std::shared_ptr<BaseKey> elKey);
int InactiveUserElKey(unsigned int user, std::map<unsigned int, std::shared_ptr<BaseKey>> &userElxKey_);
int CheckAndDeleteEmptyEl5Directory(std::string keyDir, unsigned int user);
std::map<unsigned int, std::shared_ptr<BaseKey>> userEl1Key_;
std::map<unsigned int, std::shared_ptr<BaseKey>> userEl2Key_;