update OpenHarmony 2.0 Canary

This commit is contained in:
mamingshuai
2021-06-02 00:03:58 +08:00
parent f726ba8af5
commit 654b63a18b
16 changed files with 804 additions and 64 deletions
View File
Executable
+20
View File
@@ -0,0 +1,20 @@
# Copyright (C) 2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//build/ohos.gni")
group("dataclassification_build_module") {
deps = [
"//base/security/dataclassification/interfaces/innerkits/fbe_iudf_xattr:fbe_iudf_xattr",
"//base/security/dataclassification/interfaces/innerkits/hwdevsl:hwdsl",
]
}
Executable
+177
View File
@@ -0,0 +1,177 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
-36
View File
@@ -1,36 +0,0 @@
# security_dataclassification
#### Description
{**When you're done, you can delete the content in this README and update the file with details for others getting started with your repository**}
#### Software Architecture
Software architecture description
#### Installation
1. xxxx
2. xxxx
3. xxxx
#### Instructions
1. xxxx
2. xxxx
3. xxxx
#### Contribution
1. Fork the repository
2. Create Feat_xxx branch
3. Commit your code
4. Create Pull Request
#### Gitee Feature
1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md
2. Gitee blog [blog.gitee.com](https://blog.gitee.com)
3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore)
4. The most valuable open source project [GVP](https://gitee.com/gvp)
5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help)
6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)
Regular → Executable
+64 -28
View File
@@ -1,39 +1,75 @@
# security_dataclassification
# dataclassification<a name="EN-US_TOPIC_0000001154987675"></a>
#### 介绍
{**以下是 Gitee 平台说明,您可以替换此简介**
Gitee 是 OSCHINA 推出的基于 Git 的代码托管平台(同时支持 SVN)。专为开发者提供稳定、高效、安全的云端软件开发协作平台
无论是个人、团队、或是企业,都能够用 Gitee 实现代码托管、项目管理、协作开发。企业项目请看 [https://gitee.com/enterprises](https://gitee.com/enterprises)}
- [Introduction](#section11660541593)
- [Architecture](#section342962219551)
- [Available APIs](#section92711824195113)
- [Repositories Involved](#section155556361910)
#### 软件架构
软件架构说明
## Introduction<a name="section11660541593"></a>
The data classification module of OpenHarmony provides hierarchical data protection policies and related APIs. \(Currently, OpenHarmony does not provide implementations for specific APIs. These APIs must be implemented by the device vendors to protect the security of data on OpenHarmony devices.\)
The data classification module provides the following APIs \(into two submodules\):
- APIs for setting and obtaining the data label: With these APIs, you can set and obtain the security level of a file to be written to the disk.
- APIs for controlling cross-device data access based on the device security level: The distributed cross-device data transmission service can use these APIs to obtain the highest data security level supported by the peer device.
The two submodules only contain API definitions, but do not implement these APIs. The following figure shows the architecture of the data classification module.
## Architecture<a name="section342962219551"></a>
**Figure 1** Architecture of the data classification module<a name="fig4460722185514"></a>
#### 安装教程
![](figures/dataclassification.png)
1. xxxx
2. xxxx
3. xxxx
## Available APIs<a name="section92711824195113"></a>
#### 使用说明
**Table 1** APIs provided by the data classification module
1. xxxx
2. xxxx
3. xxxx
<a name="table1741910115412"></a>
<table><thead align="left"><tr id="row84116107545"><th class="cellrowborder" valign="top" width="50%" id="mcps1.2.3.1.1"><p id="p19410105546"><a name="p19410105546"></a><a name="p19410105546"></a>API</p>
</th>
<th class="cellrowborder" valign="top" width="50%" id="mcps1.2.3.1.2"><p id="p20411510105417"><a name="p20411510105417"></a><a name="p20411510105417"></a>Description</p>
</th>
</tr>
</thead>
<tbody><tr id="row1411110205418"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p7664989558"><a name="p7664989558"></a><a name="p7664989558"></a>int SetLabel(int userId, const char *filePath, const char *labelName, const char *labelValue, int flag);</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p1941010175414"><a name="p1941010175414"></a><a name="p1941010175414"></a>Sets a specified label. Currently, this API returns success. You need to implement this function by yourself. You are advised to set the label in the extended attribute of a file. For details about the data security levels, see the developer documentation.</p>
</td>
</tr>
<tr id="row10411710145415"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p552394945518"><a name="p552394945518"></a><a name="p552394945518"></a>int GetLabel(int userId, const char *filePath, const char *labelName, char *labelValue, const int valueLen);</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p241101012548"><a name="p241101012548"></a><a name="p241101012548"></a>Obtains the label. Currently, this API returns <strong id="b499513695911"><a name="b499513695911"></a><a name="b499513695911"></a>S3</strong>. You need to implement this function by yourself. For details about the data security levels, see the developer documentation.</p>
</td>
</tr>
<tr id="row1142121095419"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p14759321205620"><a name="p14759321205620"></a><a name="p14759321205620"></a>int GetFlag(int userId, const char *filePath, const char *labelName);</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p14211020544"><a name="p14211020544"></a><a name="p14211020544"></a>Obtains the flag of a data security level. Currently, this API returns <strong id="b1887015618017"><a name="b1887015618017"></a><a name="b1887015618017"></a>FLAG_FILE_PROTECTION_COMPLETE_UNLESS_OPEN</strong>. You need to implement this function by yourself. For details about the data security levels, see the developer documentation.</p>
</td>
</tr>
<tr id="row10264187175820"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p1526447155814"><a name="p1526447155814"></a><a name="p1526447155814"></a>int32_t DEVSL_GetHighestSecLevel(DEVSLQueryParams *queryParams, uint32_t *levelInfo);</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p172641072584"><a name="p172641072584"></a><a name="p172641072584"></a>Obtains the highest security level supported by the peer device. Currently, this API returns <strong id="b76381220139"><a name="b76381220139"></a><a name="b76381220139"></a>S3</strong>. You need to implement this function by yourself. For details about the data security levels, see the developer documentation.</p>
</td>
</tr>
<tr id="row18882199125920"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p6882169185915"><a name="p6882169185915"></a><a name="p6882169185915"></a>int32_t DEVSL_OnStart(int32_t maxDevNum);</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p6882119135918"><a name="p6882119135918"></a><a name="p6882119135918"></a>Initializes the data classification module. You need to implement this function by yourself.</p>
</td>
</tr>
<tr id="row316118198591"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p1216221920596"><a name="p1216221920596"></a><a name="p1216221920596"></a>void DEVSL_ToFinish(void);</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p11162171911596"><a name="p11162171911596"></a><a name="p11162171911596"></a>Deinitializes the data classification module. You need to implement this function by yourself.</p>
</td>
</tr>
</tbody>
</table>
#### 参与贡献
## Repositories Involved<a name="section155556361910"></a>
1. Fork 本仓库
2. 新建 Feat_xxx 分支
3. 提交代码
4. 新建 Pull Request
Security subsystem
**base/security/dataclassification**
#### 特技
1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md
2. Gitee 官方博客 [blog.gitee.com](https://blog.gitee.com)
3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解 Gitee 上的优秀开源项目
4. [GVP](https://gitee.com/gvp) 全称是 Gitee 最有价值开源项目,是综合评定出的优秀开源项目
5. Gitee 官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help)
6. Gitee 封面人物是一档用来展示 Gitee 会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)
Executable
+75
View File
@@ -0,0 +1,75 @@
# 数据分级保护<a name="ZH-CN_TOPIC_0000001154987675"></a>
- [简介](#section11660541593)
- [系统架构](#section342962219551)
- [接口说明](#section92711824195113)
- [相关仓](#section155556361910)
## 简介<a name="section11660541593"></a>
在OpenHarmony中,数据分级保护模块负责提供数据分级的保护策略。数据分级保护模块提供了数据分级相关的接口定义。(OpenHarmony当前不提供实际的功能实现。依赖设备厂商实现接口对应的功能,对搭载OpenHarmony的设备上的数据提供安全保护)。
数据分级保护模块当前提供如下接口定义:
- 数据分级标签设置和查询接口:对业务生成的文件数据提供设置和查询风险等级标签的接口,业务可使用该接口设定和查询落盘文件数据的风险等级,使该文件在系统中具有对应的数据风险分级标识。
- 基于设备安全等级的数据跨设备访问控制接口:提供基于设备安全等级的数据跨设备访问控制的接口,分布式跨设备数据传输业务可使用该接口获得对端设备可支持的数据风险等级。
为实现上述接口定义,数据分级保护模块当前包含数据分级标签设置查询接口和基于设备安全等级的数据跨设备访问控制接口两个子模块,模块中仅包括接口定义,而不包含实际的功能实现,其部署逻辑如下图:
## 系统架构<a name="section342962219551"></a>
**图 1** 数据分级保护子系统架构图<a name="fig4460722185514"></a>
![](figures/dataclassification_zh.png)
## 接口说明<a name="section92711824195113"></a>
**表 1** 数据分级保护提供的API接口功能介绍
<a name="table1741910115412"></a>
<table><thead align="left"><tr id="row84116107545"><th class="cellrowborder" valign="top" width="50%" id="mcps1.2.3.1.1"><p id="p19410105546"><a name="p19410105546"></a><a name="p19410105546"></a>接口名</p>
</th>
<th class="cellrowborder" valign="top" width="50%" id="mcps1.2.3.1.2"><p id="p20411510105417"><a name="p20411510105417"></a><a name="p20411510105417"></a>描述</p>
</th>
</tr>
</thead>
<tbody><tr id="row1411110205418"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p7664989558"><a name="p7664989558"></a><a name="p7664989558"></a>int SetLabel(int userId, const char *filePath, const char *labelName, const char *labelValue, int flag);</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p1941010175414"><a name="p1941010175414"></a><a name="p1941010175414"></a>设置风险等级标签能力,当前返回成功,设备厂商需自行实现标签风险等级设置能力。建议设置在文件的扩展属性中,数据风险等级更详细的定义描述参考开发者文档。</p>
</td>
</tr>
<tr id="row10411710145415"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p552394945518"><a name="p552394945518"></a><a name="p552394945518"></a>int GetLabel(int userId, const char *filePath, const char *labelName, char *labelValue, const int valueLen);</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p241101012548"><a name="p241101012548"></a><a name="p241101012548"></a>查询风险等级标签能力,当前返回S3,设备厂商自行实现标签风险等级查询能力。数据风险等级更详细的定义描述参考开发者文档。</p>
</td>
</tr>
<tr id="row1142121095419"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p14759321205620"><a name="p14759321205620"></a><a name="p14759321205620"></a>int GetFlag(int userId, const char *filePath, const char *labelName);</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p14211020544"><a name="p14211020544"></a><a name="p14211020544"></a>查询风险等级的辅助信息,当前返回FLAG_FILE_PROTECTION_COMPLETE_UNLESS_OPEN,设备厂商自行实现标风险等级的辅助信息查询能力。数据风险等级更详细的定义描述参考开发者文档。</p>
</td>
</tr>
<tr id="row10264187175820"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p1526447155814"><a name="p1526447155814"></a><a name="p1526447155814"></a>int32_t DEVSL_GetHighestSecLevel(DEVSLQueryParams *queryParams, uint32_t *levelInfo);</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p172641072584"><a name="p172641072584"></a><a name="p172641072584"></a>获取对应设备可支持的数据风险等级,当前返回S3,设备厂商需自行实现该功能,数据风险等级更详细的定义描述参考开发者文档。</p>
</td>
</tr>
<tr id="row18882199125920"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p6882169185915"><a name="p6882169185915"></a><a name="p6882169185915"></a>int32_t DEVSL_OnStart(int32_t maxDevNum);</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p6882119135918"><a name="p6882119135918"></a><a name="p6882119135918"></a>设备数据安全等级模块初始化,设备厂商需自行实现该功能。</p>
</td>
</tr>
<tr id="row316118198591"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p1216221920596"><a name="p1216221920596"></a><a name="p1216221920596"></a>void DEVSL_ToFinish(void);</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p11162171911596"><a name="p11162171911596"></a><a name="p11162171911596"></a>设备数据安全等级模块去初始化,设备厂商需自行实现该功能。</p>
</td>
</tr>
</tbody>
</table>
## 相关仓<a name="section155556361910"></a>
安全子系统
base/security/dataclassification
BIN
View File
Binary file not shown.

After

Width:  |  Height:  |  Size: 7.5 KiB

BIN
View File
Binary file not shown.

After

Width:  |  Height:  |  Size: 5.9 KiB

+72
View File
@@ -0,0 +1,72 @@
/*
* Copyright (C) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "fbe_sdp_policy.h"
extern "C" __attribute (()) bool IsSupportIudf()
{
return false;
}
extern "C" __attribute (()) int SetLabel(int userId, const char* filePath,
const char* labelName, const char* labelValue, int flag)
{
return RET_SDP_OK;
}
extern "C" __attribute (()) int GetLabel(int userId, const char* filePath,
const char* labelName, char* labelValue, const int valueLen)
{
return RET_SDP_OK;
}
extern "C" __attribute (()) int GetFlag(int userId, const char* filePath, const char* labelName)
{
return RET_SDP_OK;
}
extern "C" __attribute (()) int SetEcePathPolicy(int userId, const char *path)
{
return RET_SDP_OK;
}
extern "C" __attribute (()) int SetSecePathPolicy(int userId, const char *path)
{
return RET_SDP_OK;
}
extern "C" __attribute (()) int GetPathPolicy(const char *path)
{
if (!IsSupportIudf()) {
return RET_SDP_SUPPORT_IUDF_ERROR;
}
return FSCRYPT_NO_ECE_OR_SECE_CLASS;
}
__attribute (()) int GetLockState(int userId, int flag)
{
return RET_LOCK_IUDF_SERVICE_NO_SUPPORT;
}
__attribute (()) int RegisterLockStateChangeCallback(int flag,
std::function<int32_t(int32_t, int32_t)> &lockStateChangedListener)
{
return RET_SDP_OK;
}
__attribute (()) int UnRegisterLockStateChangeCallback(
std::function<int32_t(int32_t, int32_t)> &lockStateChangedListener)
{
return RET_SDP_OK;
}
+49
View File
@@ -0,0 +1,49 @@
/*
* Copyright (C) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "dev_slinfo_mgr.h"
#ifdef __cplusplus
extern "C" {
#endif
#define DEVSL_API __attribute__ ((visibility ("default")))
DEVSL_API int32_t DEVSL_OnStart(int32_t maxDevNum)
{
return DEVSL_SUCCESS;
}
DEVSL_API void DEVSL_ToFinish(void)
{
return;
}
DEVSL_API int32_t DEVSL_GetHighestSecLevel(DEVSLQueryParams *queryParams, uint32_t *levelInfo)
{
*levelInfo = DATA_SEC_LEVEL3;
return DEVSL_SUCCESS;
}
DEVSL_API int32_t DEVSL_GetLocalCertData(uint8_t *buff, uint32_t bufSz, uint32_t *dataLen)
{
buff[0] = 0;
*dataLen = 0;
return DEVSL_SUCCESS;
}
#ifdef __cplusplus
}
#endif
@@ -0,0 +1,35 @@
# Copyright (c) 2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//build/ohos.gni")
################################################################
# C++, Main source file here.
################################################################
config("fbe_iudf_xattr_config") {
include_dirs = [ "include" ]
}
ohos_shared_library("fbe_iudf_xattr") {
subsystem_name = "security"
part_name = "dataclassification"
public_configs = [ ":fbe_iudf_xattr_config" ]
include_dirs = [ "include" ]
sources = [
"//base/security/dataclassification/frameworks/fbesdp/fbe_sdp_policy.cpp"
]
deps = [ "//utils/native/base:utils" ]
}
@@ -0,0 +1,62 @@
/*
* Copyright (C) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef FBE_SDP_CODE_NUM
#define FBE_SDP_CODE_NUM
enum ErrorCode {
RET_SDP_NOT_SUPPORT_ATTR = -13,
RET_SDP_NOT_SET_ERROR = -12,
RET_SDP_CODE_FAILED_ERROR = -11,
RET_SDP_CONTEXT_ERROR = -10,
RET_SDP_LABEL_HAS_BEEN_SET = -9,
RET_SDP_GENERIC_ERROR = -8,
RET_SDP_FILE_OPEN_ERROR = -7,
RET_SDP_GET_DESC_ERROR = -6,
RET_SDP_SUPPORT_IUDF_ERROR = -5,
RET_SDP_IOCTL_ERROR = -4,
RET_SDP_OPEN_ERROR = -3,
RET_SDP_MEMORY_ERROR = -2,
RET_SDP_PARAM_ERROR = -1,
RET_SDP_OK = 0,
};
enum FsCryptType {
FSCRYPT_NO_ECE_OR_SECE_CLASS = 1,
FSCRYPT_SDP_ECE_CLASS = 2,
FSCRYPT_SDP_SECE_CLASS = 3,
FSCRYPT_SDP_GET_FEB_VER = 10,
};
enum FbeVesion {
FBE_VER_NO_2 = 2,
FBE_VER_NO_3 = 3,
};
enum FbeLockState {
FLAG_LOCAL_STATE = 0x01,
};
enum FbeLockErrorCode {
RET_LOCK_IUDF_SERVICE_NO_SUPPORT = -7,
RET_LOCK_CALLBACK_NOT_REGIST = -6,
RET_LOCK_CALLBACK_HAS_BEEN_REGIST = -5,
RET_LOCK_REMOTE_EXCEPTION = -4,
RET_LOCK_INVALID_PARAM_ERROR = -3,
RET_LOCK_SERVICE_NOT_FOUND = -2,
RET_LOCK_PARAM_ERROR = -1,
RET_LOCK_OK = 0,
};
#endif
@@ -0,0 +1,47 @@
/*
* Copyright (C) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef FBE_IUDF_H
#define FBE_IUDF_H
#include "fbe_sdp_code_num.h"
#include <functional>
#define LABEL_VALUE_S0 "S0"
#define LABEL_VALUE_S1 "S1"
#define LABEL_VALUE_S2 "S2"
#define LABEL_VALUE_S3 "S3"
#define LABEL_VALUE_S4 "S4"
#define LABEL_NAME_SECURITY_LEVEL "SecurityLevel"
#define FLAG_FILE_PROTECTION_COMPLETE 0
#define FLAG_FILE_PROTECTION_COMPLETE_UNLESS_OPEN 1
extern "C" __attribute (()) bool IsSupportIudf();
extern "C" __attribute (()) int SetEcePathPolicy(int userId, const char *path);
extern "C" __attribute (()) int SetSecePathPolicy(int userId, const char *path);
extern "C" __attribute (()) int GetPathPolicy(const char *path);
extern "C" __attribute (()) int SetLabel(int userId, const char *filePath,
const char *labelName, const char *labelValue, int flag);
extern "C" __attribute (()) int GetLabel(int userId, const char *filePath,
const char *labelName, char *labelValue, const int valueLen);
extern "C" __attribute (()) int GetFlag(int userId, const char *filePath, const char *labelName);
__attribute (()) int GetLockState(int userId, int flag);
__attribute (()) int RegisterLockStateChangeCallback(int flag,
std::function<int32_t(int32_t, int32_t)> &lockStateChangedListener);
__attribute (()) int UnRegisterLockStateChangeCallback(
std::function<int32_t(int32_t, int32_t)> &lockStateChangedListener);
#endif
+36
View File
@@ -0,0 +1,36 @@
# Copyright (c) 2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//build/ohos.gni")
################################################################
# C++, Main source file here.
################################################################
config("hwdsl_config") {
include_dirs = [ "include" ]
}
ohos_shared_library("hwdsl") {
subsystem_name = "security"
part_name = "dataclassification"
public_configs = [ ":hwdsl_config" ]
include_dirs = [ "include/1.0" ]
sources = [
"//base/security/dataclassification/frameworks/hwdevsl/dev_slinfo_mgr.c"
]
deps = [ "//utils/native/base:utils" ]
}
@@ -0,0 +1,129 @@
/*
* Copyright (C) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef DEV_SLINFO_MGR_H
#define DEV_SLINFO_MGR_H
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct {
uint8_t *val;
uint32_t len;
uint32_t mSize;
} DEVSLData;
#define DEV_TYPE_PHONE 1 /* device type - PHONE */
#define DEV_TYPE_PAD 2 /* device type - PAD */
#define DEV_TYPE_TV 3 /* device type - TV */
#define DEV_TYPE_PC 4 /* device type - PC */
#define DEV_TYPE_WATCH 5 /* device type - WATCH */
/* caller queries data security level :
* 1 - if with udid, devType should be 0
* 2 - if devType > 0, only queried data security level with policy configuriation
*/
typedef struct {
const uint8_t *udid; /* if devType is 0, it must */
const uint8_t *sensitiveData; /* optional */
uint32_t idLen; /* if udid is a string, the length should not with end tag 0 */
uint32_t sensitiveDataLen; /* length of sensitiveData */
uint32_t devType; /* only support PHONE, PAD, TV, PC, WATCH */
} DEVSLQueryParams;
/* tmpParams is pointer */
#define DEVSL_INIT_PARAMS(tmpParams) do { \
(tmpParams)->udid = NULL; \
(tmpParams)->sensitiveData = NULL; \
(tmpParams)->idLen = 0; \
(tmpParams)->sensitiveDataLen = 0; \
(tmpParams)->devType = 0; \
} while (0)
enum {
DEVSL_SUCCESS = 0,
DEVSL_ERROR,
DEVSL_ERR_UNINITIALIZED,
DEVSL_ERR_INITIALIZED,
DEVSL_ERR_INVALID_PARAMS,
DEVSL_ERR_ALLOC_MEMORY,
DEVSL_ENTRY_NUMBER_ERROR,
DEVSL_INIT_MUTEX_FAILED,
DEVSL_ASYNC_PROCESSING,
DEVSL_RESOURCE_BUSY,
DEVSL_ERR_IN_LOCKING,
DEVSL_ERR_GET_LOCAL_SENSITIVE,
DEVSL_ERR_ENTRY_FULL,
DEVSL_ERR_MEM_CPY,
DEVSL_ERR_CREATE_THREAD,
DEVSL_ASYNC_QUERY,
DEVSL_UNKNOWN_SEC_LEVEL,
DEVSL_ERR_PARSE_CFG,
DEVSL_ERR_GET_TIME,
DEVSL_ERR_FORM_CERT,
DEVSL_ERR_HKS_BLOB_BUFFER,
DEVSL_ERR_HKS_ATTEST_KEY,
DEVSL_ERR_HKS_CERT_CHAIN,
DEVSL_ERR_CERT_CHAIN_BUFFER,
DEVSL_ERR_GET_CERT_CHAIN,
DEVSL_ERR_VALIDATE_ATTEST_CERT,
DEVSL_ERR_ENTRY_NULL,
DEVSL_ERR_QUERY_SEC_LEVEL,
DEVSL_ERR_PROFILE_CONN,
DEVSL_ERR_PROFILE_GET_DATA,
DEVSL_ERR_PROFILE_PUT_DATA,
DEVSL_ERR_PROFILE_PUT_SERVICE,
DEVSL_ERR_PROFILE_PUT_DEVICE,
DEVSL_ERR_PROFILE_PROC_HOST,
DEVSL_ERR_PROFILE_DEV_DATA,
DEVSL_ERR_PROFILE_UDID,
DEVSL_ERR_PROFILE_DATA_CTX,
DEVSL_ERR_CERT_DATA_LEN,
DEVSL_ERR_PROFILE_CONN_IN_QUERY,
DEVSL_LEVEL_ONLY_WITH_POLICY,
DEVSL_ERR_WITHOUT_PERMISSION,
DEVSL_ERR_UNKNOWN_DEV_TYPE,
DEVSL_ERR_PROFILE_INIT
};
#define DATA_SEC_LEVEL0 0 /* s0 */
#define DATA_SEC_LEVEL1 1 /* s1 */
#define DATA_SEC_LEVEL2 2 /* s2 */
#define DATA_SEC_LEVEL3 3 /* s3 */
#define DATA_SEC_LEVEL4 4 /* s4 */
/*
* note: 1 - if return error code, the out levelInfo is invalid
* 2 - if @param queryParams's devType > 0, only do the compatible processing
* @param queryParams - if caller set the devType valid, get data security level only with policy configuration
* @param levelInfo - store the queried data level
* if success, return DEVSL_SUCCESS, else return error code.
*/
int32_t DEVSL_GetHighestSecLevel(DEVSLQueryParams *queryParams, uint32_t *levelInfo);
/* cert buffer length must be more than 13k, suggest 14k */
int32_t DEVSL_GetLocalCertData(uint8_t *buff, uint32_t bufSz, uint32_t *dataLen);
/* not support mutil-thread */
int32_t DEVSL_OnStart(int32_t maxDevNum);
/* not support mutil-thread */
void DEVSL_ToFinish(void);
#ifdef __cplusplus
}
#endif
#endif
Executable
+38
View File
@@ -0,0 +1,38 @@
{
"subsystem": "security",
"parts": {
"dataclassification": {
"variants": [
"phone",
"wearable"
],
"module_list": [
"//base/security/dataclassification/interfaces/innerkits/hwdevsl:hwdsl",
"//base/security/dataclassification/interfaces/innerkits/fbe_iudf_xattr:fbe_iudf_xattr"
],
"inner_kits": [
{
"name": "//base/security/dataclassification/interfaces/innerkits/fbe_iudf_xattr:fbe_iudf_xattr",
"header": {
"header_files": [
"fbe_sdp_code_num.h",
"fbe_sdp_policy.h"
],
"header_base": "//base/security/dataclassification/interfaces/innerkits/fbe_iudf_xattr/include"
}
},
{
"name": "//base/security/dataclassification/interfaces/innerkits/hwdevsl:hwdsl",
"header": {
"header_files": [
"1.0/dev_slinfo_mgr.h"
],
"header_base": "//base/security/dataclassification/interfaces/innerkits/hwdevsl/include"
}
}
],
"test_list": [
]
}
}
}