mirror of
https://gitee.com/openharmony/filemanagement_storage_service
synced 2024-11-27 01:01:16 +00:00
commit
a4379d4eb9
@ -28,7 +28,9 @@ namespace StorageManager {
|
||||
// PrepareAddUser flags
|
||||
enum {
|
||||
CRYPTO_FLAG_EL1 = 1,
|
||||
CRYPTO_FLAG_EL2,
|
||||
CRYPTO_FLAG_EL2 = 2,
|
||||
CRYPTO_FLAG_EL3 = 4,
|
||||
CRYPTO_FLAG_EL4 = 8,
|
||||
};
|
||||
class IStorageManager : public IRemoteBroker {
|
||||
public:
|
||||
|
@ -485,10 +485,10 @@ int KeyManager::DeleteUserKeys(unsigned int user)
|
||||
}
|
||||
|
||||
#ifdef USER_CRYPTO_MIGRATE_KEY
|
||||
int KeyManager::UpdateUserAuth(unsigned int user, struct UserTokenSecret *userTokenSecret,
|
||||
int KeyManager::UpdateUserAuth(unsigned int user, struct UserTokenSecret &userTokenSecret,
|
||||
bool needGenerateShield)
|
||||
#else
|
||||
int KeyManager::UpdateUserAuth(unsigned int user, struct UserTokenSecret *userTokenSecret)
|
||||
int KeyManager::UpdateUserAuth(unsigned int user, struct UserTokenSecret &userTokenSecret)
|
||||
#endif
|
||||
{
|
||||
#ifdef USER_CRYPTO_MIGRATE_KEY
|
||||
@ -496,32 +496,27 @@ int KeyManager::UpdateUserAuth(unsigned int user, struct UserTokenSecret *userTo
|
||||
if (ret != 0) {
|
||||
LOGE("user %{public}u UpdateUserAuth el2 key fail", user);
|
||||
return -EFAULT;
|
||||
;
|
||||
}
|
||||
ret = UpdateCeEceSeceUserAuth(user, userTokenSecret, userEl3Key_, needGenerateShield);
|
||||
if (ret != 0) {
|
||||
LOGE("user %{public}u UpdateUserAuth el3 key fail", user);
|
||||
return -EFAULT;
|
||||
;
|
||||
}
|
||||
ret = UpdateCeEceSeceUserAuth(user, userTokenSecret, userEl4Key_, needGenerateShield);
|
||||
if (ret != 0) {
|
||||
LOGE("user %{public}u UpdateUserAuth el4 key fail", user);
|
||||
return -EFAULT;
|
||||
;
|
||||
}
|
||||
#else
|
||||
int ret = UpdateCeEceSeceUserAuth(user, userTokenSecret, userEl2Key_);
|
||||
if (ret != 0) {
|
||||
LOGE("user %{public}u UpdateUserAuth el2 key fail", user);
|
||||
return -EFAULT;
|
||||
;
|
||||
}
|
||||
ret = UpdateCeEceSeceUserAuth(user, userTokenSecret, userEl3Key_);
|
||||
if (ret != 0) {
|
||||
LOGE("user %{public}u UpdateUserAuth el3 key fail", user);
|
||||
return -EFAULT;
|
||||
;
|
||||
}
|
||||
ret = UpdateCeEceSeceUserAuth(user, userTokenSecret, userEl4Key_);
|
||||
if (ret != 0) {
|
||||
@ -529,18 +524,20 @@ int KeyManager::UpdateUserAuth(unsigned int user, struct UserTokenSecret *userTo
|
||||
return -EFAULT;
|
||||
}
|
||||
#endif
|
||||
std::lock_guard<std::mutex> lock(keyMutex_);
|
||||
userPinProtect[user] = !userTokenSecret.newSecret.empty();
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef USER_CRYPTO_MIGRATE_KEY
|
||||
int KeyManager::UpdateCeEceSeceUserAuth(unsigned int user,
|
||||
struct UserTokenSecret *userTokenSecret,
|
||||
struct UserTokenSecret &userTokenSecret,
|
||||
std::map<unsigned int, std::shared_ptr<BaseKey>> &userElKey_,
|
||||
bool needGenerateShield)
|
||||
{
|
||||
#else
|
||||
int KeyManager::UpdateCeEceSeceUserAuth(unsigned int user,
|
||||
struct UserTokenSecret *userTokenSecret,
|
||||
struct UserTokenSecret &userTokenSecret,
|
||||
std::map<unsigned int, std::shared_ptr<BaseKey>> &userElKey_)
|
||||
{
|
||||
#endif
|
||||
@ -555,13 +552,13 @@ int KeyManager::UpdateCeEceSeceUserAuth(unsigned int user,
|
||||
return -ENOENT;
|
||||
}
|
||||
auto item = userElKey_[user];
|
||||
UserAuth auth = {userTokenSecret->token, userTokenSecret->oldSecret, userTokenSecret->secureUid};
|
||||
UserAuth auth = {userTokenSecret.token, userTokenSecret.oldSecret, userTokenSecret.secureUid};
|
||||
if ((item->RestoreKey(auth) == false) && (item->RestoreKey(NULL_KEY_AUTH) == false)) {
|
||||
LOGE("Restore key error");
|
||||
return -EFAULT;
|
||||
}
|
||||
|
||||
auth.secret = userTokenSecret->newSecret;
|
||||
auth.secret = userTokenSecret.newSecret;
|
||||
#ifdef USER_CRYPTO_MIGRATE_KEY
|
||||
if (item->StoreKey(auth, needGenerateShield) == false) {
|
||||
#else
|
||||
@ -596,6 +593,12 @@ int KeyManager::ActiveUserKey(unsigned int user, const std::vector<uint8_t> &tok
|
||||
LOGI("Active user %{public}u el4 fail", user);
|
||||
return -EFAULT;
|
||||
}
|
||||
std::lock_guard<std::mutex> lock(keyMutex_);
|
||||
if (secret.empty()) {
|
||||
userPinProtect.insert(std::make_pair(user, false));
|
||||
} else {
|
||||
userPinProtect.insert(std::make_pair(user, true));
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -716,10 +719,14 @@ int KeyManager::InActiveUserKey(unsigned int user)
|
||||
int KeyManager::LockUserScreen(uint32_t user)
|
||||
{
|
||||
LOGI("start");
|
||||
std::lock_guard<std::mutex> lock(keyMutex_);
|
||||
auto iter = userPinProtect.find(user);
|
||||
if (iter == userPinProtect.end() || iter->second == false) {
|
||||
return 0;
|
||||
}
|
||||
if (!KeyCtrlHasFscryptSyspara()) {
|
||||
return 0;
|
||||
}
|
||||
std::lock_guard<std::mutex> lock(keyMutex_);
|
||||
if (userEl4Key_.find(user) == userEl4Key_.end()) {
|
||||
LOGE("Have not found user %{public}u el3 or el4", user);
|
||||
return -ENOENT;
|
||||
|
@ -915,16 +915,16 @@ HWTEST_F(CryptoKeyTest, key_manager_generate_delete_user_keys, TestSize.Level1)
|
||||
.newSecret = {'s', 'e', 'c', 'r', 'e', 't'}, .secureUid = 0};
|
||||
UserTokenSecret userTokenSecretNull = {.token = {}, .oldSecret = {}, .newSecret = {}, .secureUid = 0};
|
||||
#ifndef CRYPTO_TEST
|
||||
KeyManager::GetInstance()->UpdateUserAuth(userId, &userTokenSecret);
|
||||
KeyManager::GetInstance()->UpdateUserAuth(userId, userTokenSecret);
|
||||
KeyManager::GetInstance()->InActiveUserKey(userId); // may fail on some platforms
|
||||
#else
|
||||
EXPECT_EQ(0, KeyManager::GetInstance()->GenerateUserKeys(userId, 0));
|
||||
EXPECT_EQ(-EEXIST, KeyManager::GetInstance()->GenerateUserKeys(userId, 0)); // key existed
|
||||
EXPECT_EQ(0, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, EL1_KEY, {{userId, USER_EL1_DIR}}));
|
||||
EXPECT_EQ(0, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, EL2_KEY, {{userId, USER_EL2_DIR}}));
|
||||
EXPECT_EQ(0, KeyManager::GetInstance()->UpdateUserAuth(userId, &userTokenSecretNull));
|
||||
EXPECT_EQ(0, KeyManager::GetInstance()->UpdateUserAuth(userId, userTokenSecretNull));
|
||||
EXPECT_EQ(0, KeyManager::GetInstance()->UpdateKeyContext(userId));
|
||||
KeyManager::GetInstance()->UpdateUserAuth(userId, &userTokenSecret);
|
||||
KeyManager::GetInstance()->UpdateUserAuth(userId, userTokenSecret);
|
||||
EXPECT_EQ(-EFAULT, KeyManager::GetInstance()->UpdateKeyContext(userId)); // no need to update keycontext
|
||||
KeyManager::GetInstance()->InActiveUserKey(userId); // may fail on some platforms
|
||||
EXPECT_EQ(0, KeyManager::GetInstance()->ActiveUserKey(userId, {}, {}));
|
||||
@ -940,7 +940,7 @@ HWTEST_F(CryptoKeyTest, key_manager_generate_delete_user_keys, TestSize.Level1)
|
||||
EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, EL2_KEY, {{userId, USER_EL2_DIR}}));
|
||||
EXPECT_EQ(0, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, static_cast<KeyType>(0),
|
||||
{{userId, USER_EL2_DIR}})); // bad keytype
|
||||
EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->UpdateUserAuth(userId, &userTokenSecretNull));
|
||||
EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->UpdateUserAuth(userId, userTokenSecretNull));
|
||||
EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->UpdateKeyContext(userId));
|
||||
EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->InActiveUserKey(userId));
|
||||
EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->ActiveUserKey(userId, {}, {}));
|
||||
|
@ -38,7 +38,7 @@ int32_t KeyManager::DeleteUserKeys(unsigned int user)
|
||||
{
|
||||
return E_OK;
|
||||
}
|
||||
int32_t KeyManager::UpdateUserAuth(unsigned int user, struct UserTokenSecret *userTokenSecret)
|
||||
int32_t KeyManager::UpdateUserAuth(unsigned int user, struct UserTokenSecret &userTokenSecret)
|
||||
{
|
||||
return E_OK;
|
||||
}
|
||||
|
@ -49,13 +49,13 @@ public:
|
||||
int DeleteUserKeys(unsigned int user);
|
||||
|
||||
#ifdef USER_CRYPTO_MIGRATE_KEY
|
||||
int UpdateUserAuth(unsigned int user, struct UserTokenSecret *userTokenSecret,
|
||||
int UpdateUserAuth(unsigned int user, struct UserTokenSecret &userTokenSecret,
|
||||
bool needGenerateShield = true);
|
||||
int UpdateCeEceSeceUserAuth(unsigned int user, struct UserTokenSecret *userTokenSecret,
|
||||
int UpdateCeEceSeceUserAuth(unsigned int user, struct UserTokenSecret &userTokenSecret,
|
||||
std::map<unsigned int, std::shared_ptr<BaseKey>> &userElKey_, bool needGenerateShield);
|
||||
#else
|
||||
int UpdateUserAuth(unsigned int user, struct UserTokenSecret *userTokenSecret);
|
||||
int UpdateCeEceSeceUserAuth(unsigned int user, struct UserTokenSecret *userTokenSecret,
|
||||
int UpdateUserAuth(unsigned int user, struct UserTokenSecret &userTokenSecret);
|
||||
int UpdateCeEceSeceUserAuth(unsigned int user, struct UserTokenSecret &userTokenSecret,
|
||||
std::map<unsigned int, std::shared_ptr<BaseKey>> &userElKey_);
|
||||
|
||||
#endif
|
||||
@ -99,6 +99,7 @@ private:
|
||||
std::map<unsigned int, std::shared_ptr<BaseKey>> userEl3Key_;
|
||||
std::map<unsigned int, std::shared_ptr<BaseKey>> userEl4Key_;
|
||||
std::shared_ptr<BaseKey> globalEl1Key_ { nullptr };
|
||||
std::map<unsigned int, bool> userPinProtect;
|
||||
|
||||
std::mutex keyMutex_;
|
||||
bool hasGlobalDeviceKey_;
|
||||
|
@ -270,7 +270,7 @@ int32_t StorageDaemon::UpdateUserAuth(uint32_t userId, uint64_t secureUid,
|
||||
UserTokenSecret userTokenSecret = {
|
||||
.token = token, .oldSecret = oldSecret, .newSecret = newSecret, .secureUid = secureUid};
|
||||
#ifdef USER_CRYPTO_MANAGER
|
||||
return KeyManager::GetInstance()->UpdateUserAuth(userId, &userTokenSecret);
|
||||
return KeyManager::GetInstance()->UpdateUserAuth(userId, userTokenSecret);
|
||||
#else
|
||||
return E_OK;
|
||||
#endif
|
||||
@ -287,7 +287,7 @@ int32_t StorageDaemon::PrepareUserDirsAndUpdateUserAuth(uint32_t userId, const s
|
||||
return ret;
|
||||
}
|
||||
UserTokenSecret userTokenSecret = {.token = token, .oldSecret = {'!'}, .newSecret = secret, .secureUid = 0};
|
||||
ret = KeyManager::GetInstance()->UpdateUserAuth(userId, &userTokenSecret);
|
||||
ret = KeyManager::GetInstance()->UpdateUserAuth(userId, userTokenSecret);
|
||||
if (ret != E_OK) {
|
||||
return ret;
|
||||
}
|
||||
|
@ -436,7 +436,7 @@ HWTEST_F(StorageDaemonProxyTest, StorageDaemonProxyTest_LockUserScreen_001, Test
|
||||
.WillOnce(testing::Invoke(mock_.GetRefPtr(), &StorageDaemonServiceMock::InvokeSendRequest));
|
||||
int32_t ret = proxy_->LockUserScreen(USER_ID1);
|
||||
ASSERT_TRUE(ret == E_OK);
|
||||
ASSERT_TRUE(static_cast<int32_t>(StorageDaemonInterfaceCode::INACTIVE_USER_KEY) == mock_->code_);
|
||||
ASSERT_TRUE(static_cast<int32_t>(StorageDaemonInterfaceCode::LOCK_USER_SCREEN) == mock_->code_);
|
||||
|
||||
GTEST_LOG_(INFO) << "StorageDaemonProxyTest_LockUserScreen_001 end";
|
||||
}
|
||||
@ -456,7 +456,7 @@ HWTEST_F(StorageDaemonProxyTest, StorageDaemonProxyTest_UnlockUserScreen_001, Te
|
||||
.WillOnce(testing::Invoke(mock_.GetRefPtr(), &StorageDaemonServiceMock::InvokeSendRequest));
|
||||
int32_t ret = proxy_->UnlockUserScreen(USER_ID1);
|
||||
ASSERT_TRUE(ret == E_OK);
|
||||
ASSERT_TRUE(static_cast<int32_t>(StorageDaemonInterfaceCode::INACTIVE_USER_KEY) == mock_->code_);
|
||||
ASSERT_TRUE(static_cast<int32_t>(StorageDaemonInterfaceCode::UNLOCK_USER_SCREEN) == mock_->code_);
|
||||
|
||||
GTEST_LOG_(INFO) << "StorageDaemonProxyTest_UnlockUserScreen_001 end";
|
||||
}
|
||||
|
@ -282,9 +282,9 @@ HWTEST_F(StorageManagerClientTest, Client_manager_service_LockUserScreen_0000, T
|
||||
|
||||
ASSERT_TRUE(storageManagerClient_ != nullptr);
|
||||
|
||||
uint32_t userId = 107;
|
||||
uint32_t userId = 100;
|
||||
int32_t ret = storageManagerClient_->LockUserScreen(userId);
|
||||
EXPECT_TRUE(ret == E_OK);
|
||||
EXPECT_TRUE(ret == E_PERMISSION_DENIED);
|
||||
|
||||
GTEST_LOG_(INFO) << "Client_manager_service_LockUserScreen_0000 end";
|
||||
}
|
||||
@ -304,9 +304,9 @@ HWTEST_F(StorageManagerClientTest, Client_manager_service_UnlockUserScreen_0000,
|
||||
|
||||
ASSERT_TRUE(storageManagerClient_ != nullptr);
|
||||
|
||||
uint32_t userId = 107;
|
||||
uint32_t ret = storageManagerClient_->UnlockUserScreen(userId);
|
||||
EXPECT_TRUE(ret == E_OK);
|
||||
uint32_t userId = 104;
|
||||
int32_t ret = storageManagerClient_->UnlockUserScreen(userId);
|
||||
EXPECT_TRUE(ret == E_PERMISSION_DENIED);
|
||||
|
||||
GTEST_LOG_(INFO) << "Client_manager_service_UnlockUserScreen_0000 end";
|
||||
}
|
||||
|
@ -254,7 +254,7 @@ HWTEST_F(FileSystemCryptoTest, Storage_manager_crypto_LockUserScreen_0000, TestS
|
||||
GTEST_LOG_(INFO) << "FileSystemCryptoTest-start Storage_manager_crypto_LockUserScreen_0000";
|
||||
std::shared_ptr<FileSystemCrypto> fileSystemCrypto_ =
|
||||
DelayedSingleton<FileSystemCrypto>::GetInstance();
|
||||
int32_t userId = 102;
|
||||
int32_t userId = 100;
|
||||
|
||||
int32_t ret = fileSystemCrypto_->LockUserScreen(userId);
|
||||
EXPECT_EQ(ret, E_OK);
|
||||
@ -276,7 +276,7 @@ HWTEST_F(FileSystemCryptoTest, Storage_manager_crypto_UnlockUserScreen_0000, Tes
|
||||
GTEST_LOG_(INFO) << "FileSystemCryptoTest-start Storage_manager_crypto_UnlockUserScreen_0000";
|
||||
std::shared_ptr<FileSystemCrypto> fileSystemCrypto_ =
|
||||
DelayedSingleton<FileSystemCrypto>::GetInstance();
|
||||
int32_t userId = 102;
|
||||
int32_t userId = 100;
|
||||
|
||||
int32_t ret = fileSystemCrypto_->UnlockUserScreen(userId);
|
||||
EXPECT_EQ(ret, E_OK);
|
||||
|
@ -473,7 +473,7 @@ HWTEST_F(StorageDaemonCommunicationTest, Daemon_communication_LockUserScreen_000
|
||||
GTEST_LOG_(INFO) << "StorageDaemonCommunicationTest-begin Daemon_communication_LockUserScreen_0000 SUCCESS";
|
||||
std::shared_ptr<StorageDaemonCommunication> sdCommunication =
|
||||
DelayedSingleton<StorageDaemonCommunication>::GetInstance();
|
||||
uint32_t userId = 102;
|
||||
uint32_t userId = 100;
|
||||
int32_t result = sdCommunication->LockUserScreen(userId);
|
||||
EXPECT_EQ(result, E_OK);
|
||||
|
||||
@ -494,7 +494,7 @@ HWTEST_F(StorageDaemonCommunicationTest, Daemon_communication_UnlockUserScreen_0
|
||||
GTEST_LOG_(INFO) << "StorageDaemonCommunicationTest-begin Daemon_communication_UnlockUserScreen_0000 SUCCESS";
|
||||
std::shared_ptr<StorageDaemonCommunication> sdCommunication =
|
||||
DelayedSingleton<StorageDaemonCommunication>::GetInstance();
|
||||
uint32_t userId = 102;
|
||||
uint32_t userId = 100;
|
||||
int32_t result = sdCommunication->UnlockUserScreen(userId);
|
||||
EXPECT_EQ(result, E_OK);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user