diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..e69de29 diff --git a/BUILD.gn b/BUILD.gn new file mode 100755 index 0000000..f077ba5 --- /dev/null +++ b/BUILD.gn @@ -0,0 +1,20 @@ +# Copyright (C) 2021 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") +group("dataclassification_build_module") { + deps = [ + "//base/security/dataclassification/interfaces/innerkits/fbe_iudf_xattr:fbe_iudf_xattr", + "//base/security/dataclassification/interfaces/innerkits/hwdevsl:hwdsl", + ] +} diff --git a/LICENSE b/LICENSE new file mode 100755 index 0000000..4a45986 --- /dev/null +++ b/LICENSE @@ -0,0 +1,177 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS \ No newline at end of file diff --git a/README.en.md b/README.en.md deleted file mode 100644 index f1fbab0..0000000 --- a/README.en.md +++ /dev/null @@ -1,36 +0,0 @@ -# security_dataclassification - -#### Description -{**When you're done, you can delete the content in this README and update the file with details for others getting started with your repository**} - -#### Software Architecture -Software architecture description - -#### Installation - -1. xxxx -2. xxxx -3. xxxx - -#### Instructions - -1. xxxx -2. xxxx -3. xxxx - -#### Contribution - -1. Fork the repository -2. Create Feat_xxx branch -3. Commit your code -4. Create Pull Request - - -#### Gitee Feature - -1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md -2. Gitee blog [blog.gitee.com](https://blog.gitee.com) -3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore) -4. The most valuable open source project [GVP](https://gitee.com/gvp) -5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help) -6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) diff --git a/README.md b/README.md old mode 100644 new mode 100755 index dabe199..ac949c9 --- a/README.md +++ b/README.md @@ -1,39 +1,75 @@ -# security_dataclassification +# dataclassification -#### 介绍 -{**以下是 Gitee 平台说明,您可以替换此简介** -Gitee 是 OSCHINA 推出的基于 Git 的代码托管平台(同时支持 SVN)。专为开发者提供稳定、高效、安全的云端软件开发协作平台 -无论是个人、团队、或是企业,都能够用 Gitee 实现代码托管、项目管理、协作开发。企业项目请看 [https://gitee.com/enterprises](https://gitee.com/enterprises)} +- [Introduction](#section11660541593) +- [Architecture](#section342962219551) +- [Available APIs](#section92711824195113) +- [Repositories Involved](#section155556361910) -#### 软件架构 -软件架构说明 +## Introduction + +The data classification module of OpenHarmony provides hierarchical data protection policies and related APIs. \(Currently, OpenHarmony does not provide implementations for specific APIs. These APIs must be implemented by the device vendors to protect the security of data on OpenHarmony devices.\) + +The data classification module provides the following APIs \(into two submodules\): + +- APIs for setting and obtaining the data label: With these APIs, you can set and obtain the security level of a file to be written to the disk. +- APIs for controlling cross-device data access based on the device security level: The distributed cross-device data transmission service can use these APIs to obtain the highest data security level supported by the peer device. + +The two submodules only contain API definitions, but do not implement these APIs. The following figure shows the architecture of the data classification module. + +## Architecture + +**Figure 1** Architecture of the data classification module -#### 安装教程 +![](figures/dataclassification.png) -1. xxxx -2. xxxx -3. xxxx +## Available APIs -#### 使用说明 +**Table 1** APIs provided by the data classification module -1. xxxx -2. xxxx -3. xxxx + + + + + + + + + + + + + + + + + + + + + + + + +

API

+

Description

+

int SetLabel(int userId, const char *filePath, const char *labelName, const char *labelValue, int flag);

+

Sets a specified label. Currently, this API returns success. You need to implement this function by yourself. You are advised to set the label in the extended attribute of a file. For details about the data security levels, see the developer documentation.

+

int GetLabel(int userId, const char *filePath, const char *labelName, char *labelValue, const int valueLen);

+

Obtains the label. Currently, this API returns S3. You need to implement this function by yourself. For details about the data security levels, see the developer documentation.

+

int GetFlag(int userId, const char *filePath, const char *labelName);

+

Obtains the flag of a data security level. Currently, this API returns FLAG_FILE_PROTECTION_COMPLETE_UNLESS_OPEN. You need to implement this function by yourself. For details about the data security levels, see the developer documentation.

+

int32_t DEVSL_GetHighestSecLevel(DEVSLQueryParams *queryParams, uint32_t *levelInfo);

+

Obtains the highest security level supported by the peer device. Currently, this API returns S3. You need to implement this function by yourself. For details about the data security levels, see the developer documentation.

+

int32_t DEVSL_OnStart(int32_t maxDevNum);

+

Initializes the data classification module. You need to implement this function by yourself.

+

void DEVSL_ToFinish(void);

+

Deinitializes the data classification module. You need to implement this function by yourself.

+
-#### 参与贡献 +## Repositories Involved -1. Fork 本仓库 -2. 新建 Feat_xxx 分支 -3. 提交代码 -4. 新建 Pull Request +Security subsystem +**base/security/dataclassification** -#### 特技 - -1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md -2. Gitee 官方博客 [blog.gitee.com](https://blog.gitee.com) -3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解 Gitee 上的优秀开源项目 -4. [GVP](https://gitee.com/gvp) 全称是 Gitee 最有价值开源项目,是综合评定出的优秀开源项目 -5. Gitee 官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help) -6. Gitee 封面人物是一档用来展示 Gitee 会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) diff --git a/README_zh.md b/README_zh.md new file mode 100755 index 0000000..1303c53 --- /dev/null +++ b/README_zh.md @@ -0,0 +1,75 @@ +# 数据分级保护 + +- [简介](#section11660541593) +- [系统架构](#section342962219551) +- [接口说明](#section92711824195113) +- [相关仓](#section155556361910) + +## 简介 + +在OpenHarmony中,数据分级保护模块负责提供数据分级的保护策略。数据分级保护模块提供了数据分级相关的接口定义。(OpenHarmony当前不提供实际的功能实现。依赖设备厂商实现接口对应的功能,对搭载OpenHarmony的设备上的数据提供安全保护)。 + +数据分级保护模块当前提供如下接口定义: + +- 数据分级标签设置和查询接口:对业务生成的文件数据提供设置和查询风险等级标签的接口,业务可使用该接口设定和查询落盘文件数据的风险等级,使该文件在系统中具有对应的数据风险分级标识。 +- 基于设备安全等级的数据跨设备访问控制接口:提供基于设备安全等级的数据跨设备访问控制的接口,分布式跨设备数据传输业务可使用该接口获得对端设备可支持的数据风险等级。 + +为实现上述接口定义,数据分级保护模块当前包含数据分级标签设置查询接口和基于设备安全等级的数据跨设备访问控制接口两个子模块,模块中仅包括接口定义,而不包含实际的功能实现,其部署逻辑如下图: + +## 系统架构 + +**图 1** 数据分级保护子系统架构图 + + +![](figures/dataclassification_zh.png) + +## 接口说明 + +**表 1** 数据分级保护提供的API接口功能介绍 + + + + + + + + + + + + + + + + + + + + + + + + + +

接口名

+

描述

+

int SetLabel(int userId, const char *filePath, const char *labelName, const char *labelValue, int flag);

+

设置风险等级标签能力,当前返回成功,设备厂商需自行实现标签风险等级设置能力。建议设置在文件的扩展属性中,数据风险等级更详细的定义描述参考开发者文档。

+

int GetLabel(int userId, const char *filePath, const char *labelName, char *labelValue, const int valueLen);

+

查询风险等级标签能力,当前返回S3,设备厂商自行实现标签风险等级查询能力。数据风险等级更详细的定义描述参考开发者文档。

+

int GetFlag(int userId, const char *filePath, const char *labelName);

+

查询风险等级的辅助信息,当前返回FLAG_FILE_PROTECTION_COMPLETE_UNLESS_OPEN,设备厂商自行实现标风险等级的辅助信息查询能力。数据风险等级更详细的定义描述参考开发者文档。

+

int32_t DEVSL_GetHighestSecLevel(DEVSLQueryParams *queryParams, uint32_t *levelInfo);

+

获取对应设备可支持的数据风险等级,当前返回S3,设备厂商需自行实现该功能,数据风险等级更详细的定义描述参考开发者文档。

+

int32_t DEVSL_OnStart(int32_t maxDevNum);

+

设备数据安全等级模块初始化,设备厂商需自行实现该功能。

+

void DEVSL_ToFinish(void);

+

设备数据安全等级模块去初始化,设备厂商需自行实现该功能。

+
+ +## 相关仓 + +安全子系统 + +base/security/dataclassification + diff --git a/figures/dataclassification.png b/figures/dataclassification.png new file mode 100755 index 0000000..9ac3c6b Binary files /dev/null and b/figures/dataclassification.png differ diff --git a/figures/dataclassification_zh.png b/figures/dataclassification_zh.png new file mode 100755 index 0000000..aa46194 Binary files /dev/null and b/figures/dataclassification_zh.png differ diff --git a/frameworks/fbesdp/fbe_sdp_policy.cpp b/frameworks/fbesdp/fbe_sdp_policy.cpp new file mode 100644 index 0000000..68c520f --- /dev/null +++ b/frameworks/fbesdp/fbe_sdp_policy.cpp @@ -0,0 +1,72 @@ +/* + * Copyright (C) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "fbe_sdp_policy.h" + +extern "C" __attribute (()) bool IsSupportIudf() +{ + return false; +} + +extern "C" __attribute (()) int SetLabel(int userId, const char* filePath, + const char* labelName, const char* labelValue, int flag) +{ + return RET_SDP_OK; +} + +extern "C" __attribute (()) int GetLabel(int userId, const char* filePath, + const char* labelName, char* labelValue, const int valueLen) +{ + return RET_SDP_OK; +} + +extern "C" __attribute (()) int GetFlag(int userId, const char* filePath, const char* labelName) +{ + return RET_SDP_OK; +} + +extern "C" __attribute (()) int SetEcePathPolicy(int userId, const char *path) +{ + return RET_SDP_OK; +} + +extern "C" __attribute (()) int SetSecePathPolicy(int userId, const char *path) +{ + return RET_SDP_OK; +} + +extern "C" __attribute (()) int GetPathPolicy(const char *path) +{ + if (!IsSupportIudf()) { + return RET_SDP_SUPPORT_IUDF_ERROR; + } + return FSCRYPT_NO_ECE_OR_SECE_CLASS; +} + +__attribute (()) int GetLockState(int userId, int flag) +{ + return RET_LOCK_IUDF_SERVICE_NO_SUPPORT; +} + +__attribute (()) int RegisterLockStateChangeCallback(int flag, + std::function &lockStateChangedListener) +{ + return RET_SDP_OK; +} +__attribute (()) int UnRegisterLockStateChangeCallback( + std::function &lockStateChangedListener) +{ + return RET_SDP_OK; +} diff --git a/frameworks/hwdevsl/dev_slinfo_mgr.c b/frameworks/hwdevsl/dev_slinfo_mgr.c new file mode 100644 index 0000000..42c1573 --- /dev/null +++ b/frameworks/hwdevsl/dev_slinfo_mgr.c @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dev_slinfo_mgr.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define DEVSL_API __attribute__ ((visibility ("default"))) + +DEVSL_API int32_t DEVSL_OnStart(int32_t maxDevNum) +{ + return DEVSL_SUCCESS; +} + +DEVSL_API void DEVSL_ToFinish(void) +{ + return; +} + +DEVSL_API int32_t DEVSL_GetHighestSecLevel(DEVSLQueryParams *queryParams, uint32_t *levelInfo) +{ + *levelInfo = DATA_SEC_LEVEL3; + return DEVSL_SUCCESS; +} + +DEVSL_API int32_t DEVSL_GetLocalCertData(uint8_t *buff, uint32_t bufSz, uint32_t *dataLen) +{ + buff[0] = 0; + *dataLen = 0; + return DEVSL_SUCCESS; +} +#ifdef __cplusplus +} +#endif + diff --git a/interfaces/innerkits/fbe_iudf_xattr/BUILD.gn b/interfaces/innerkits/fbe_iudf_xattr/BUILD.gn new file mode 100644 index 0000000..46600d4 --- /dev/null +++ b/interfaces/innerkits/fbe_iudf_xattr/BUILD.gn @@ -0,0 +1,35 @@ +# Copyright (c) 2021 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") + +################################################################ +# C++, Main source file here. +################################################################ +config("fbe_iudf_xattr_config") { + include_dirs = [ "include" ] +} + +ohos_shared_library("fbe_iudf_xattr") { + subsystem_name = "security" + part_name = "dataclassification" + + public_configs = [ ":fbe_iudf_xattr_config" ] + + include_dirs = [ "include" ] + sources = [ + "//base/security/dataclassification/frameworks/fbesdp/fbe_sdp_policy.cpp" + ] + + deps = [ "//utils/native/base:utils" ] +} diff --git a/interfaces/innerkits/fbe_iudf_xattr/include/fbe_sdp_code_num.h b/interfaces/innerkits/fbe_iudf_xattr/include/fbe_sdp_code_num.h new file mode 100644 index 0000000..0270b53 --- /dev/null +++ b/interfaces/innerkits/fbe_iudf_xattr/include/fbe_sdp_code_num.h @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FBE_SDP_CODE_NUM +#define FBE_SDP_CODE_NUM + +enum ErrorCode { + RET_SDP_NOT_SUPPORT_ATTR = -13, + RET_SDP_NOT_SET_ERROR = -12, + RET_SDP_CODE_FAILED_ERROR = -11, + RET_SDP_CONTEXT_ERROR = -10, + RET_SDP_LABEL_HAS_BEEN_SET = -9, + RET_SDP_GENERIC_ERROR = -8, + RET_SDP_FILE_OPEN_ERROR = -7, + RET_SDP_GET_DESC_ERROR = -6, + RET_SDP_SUPPORT_IUDF_ERROR = -5, + RET_SDP_IOCTL_ERROR = -4, + RET_SDP_OPEN_ERROR = -3, + RET_SDP_MEMORY_ERROR = -2, + RET_SDP_PARAM_ERROR = -1, + RET_SDP_OK = 0, +}; + +enum FsCryptType { + FSCRYPT_NO_ECE_OR_SECE_CLASS = 1, + FSCRYPT_SDP_ECE_CLASS = 2, + FSCRYPT_SDP_SECE_CLASS = 3, + FSCRYPT_SDP_GET_FEB_VER = 10, +}; + +enum FbeVesion { + FBE_VER_NO_2 = 2, + FBE_VER_NO_3 = 3, +}; + +enum FbeLockState { + FLAG_LOCAL_STATE = 0x01, +}; + +enum FbeLockErrorCode { + RET_LOCK_IUDF_SERVICE_NO_SUPPORT = -7, + RET_LOCK_CALLBACK_NOT_REGIST = -6, + RET_LOCK_CALLBACK_HAS_BEEN_REGIST = -5, + RET_LOCK_REMOTE_EXCEPTION = -4, + RET_LOCK_INVALID_PARAM_ERROR = -3, + RET_LOCK_SERVICE_NOT_FOUND = -2, + RET_LOCK_PARAM_ERROR = -1, + RET_LOCK_OK = 0, +}; +#endif \ No newline at end of file diff --git a/interfaces/innerkits/fbe_iudf_xattr/include/fbe_sdp_policy.h b/interfaces/innerkits/fbe_iudf_xattr/include/fbe_sdp_policy.h new file mode 100644 index 0000000..1506391 --- /dev/null +++ b/interfaces/innerkits/fbe_iudf_xattr/include/fbe_sdp_policy.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FBE_IUDF_H +#define FBE_IUDF_H + +#include "fbe_sdp_code_num.h" +#include + +#define LABEL_VALUE_S0 "S0" +#define LABEL_VALUE_S1 "S1" +#define LABEL_VALUE_S2 "S2" +#define LABEL_VALUE_S3 "S3" +#define LABEL_VALUE_S4 "S4" +#define LABEL_NAME_SECURITY_LEVEL "SecurityLevel" +#define FLAG_FILE_PROTECTION_COMPLETE 0 +#define FLAG_FILE_PROTECTION_COMPLETE_UNLESS_OPEN 1 + +extern "C" __attribute (()) bool IsSupportIudf(); +extern "C" __attribute (()) int SetEcePathPolicy(int userId, const char *path); +extern "C" __attribute (()) int SetSecePathPolicy(int userId, const char *path); +extern "C" __attribute (()) int GetPathPolicy(const char *path); +extern "C" __attribute (()) int SetLabel(int userId, const char *filePath, + const char *labelName, const char *labelValue, int flag); +extern "C" __attribute (()) int GetLabel(int userId, const char *filePath, + const char *labelName, char *labelValue, const int valueLen); +extern "C" __attribute (()) int GetFlag(int userId, const char *filePath, const char *labelName); +__attribute (()) int GetLockState(int userId, int flag); + +__attribute (()) int RegisterLockStateChangeCallback(int flag, + std::function &lockStateChangedListener); + +__attribute (()) int UnRegisterLockStateChangeCallback( + std::function &lockStateChangedListener); +#endif diff --git a/interfaces/innerkits/hwdevsl/BUILD.gn b/interfaces/innerkits/hwdevsl/BUILD.gn new file mode 100644 index 0000000..fcc8a23 --- /dev/null +++ b/interfaces/innerkits/hwdevsl/BUILD.gn @@ -0,0 +1,36 @@ +# Copyright (c) 2021 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") + +################################################################ +# C++, Main source file here. +################################################################ +config("hwdsl_config") { + include_dirs = [ "include" ] +} + +ohos_shared_library("hwdsl") { + subsystem_name = "security" + part_name = "dataclassification" + + public_configs = [ ":hwdsl_config" ] + + include_dirs = [ "include/1.0" ] + + sources = [ + "//base/security/dataclassification/frameworks/hwdevsl/dev_slinfo_mgr.c" + ] + + deps = [ "//utils/native/base:utils" ] +} diff --git a/interfaces/innerkits/hwdevsl/include/1.0/dev_slinfo_mgr.h b/interfaces/innerkits/hwdevsl/include/1.0/dev_slinfo_mgr.h new file mode 100644 index 0000000..749e69b --- /dev/null +++ b/interfaces/innerkits/hwdevsl/include/1.0/dev_slinfo_mgr.h @@ -0,0 +1,129 @@ +/* + * Copyright (C) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef DEV_SLINFO_MGR_H +#define DEV_SLINFO_MGR_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + uint8_t *val; + uint32_t len; + uint32_t mSize; +} DEVSLData; + +#define DEV_TYPE_PHONE 1 /* device type - PHONE */ +#define DEV_TYPE_PAD 2 /* device type - PAD */ +#define DEV_TYPE_TV 3 /* device type - TV */ +#define DEV_TYPE_PC 4 /* device type - PC */ +#define DEV_TYPE_WATCH 5 /* device type - WATCH */ + +/* caller queries data security level : + * 1 - if with udid, devType should be 0 + * 2 - if devType > 0, only queried data security level with policy configuriation + */ +typedef struct { + const uint8_t *udid; /* if devType is 0, it must */ + const uint8_t *sensitiveData; /* optional */ + uint32_t idLen; /* if udid is a string, the length should not with end tag 0 */ + uint32_t sensitiveDataLen; /* length of sensitiveData */ + uint32_t devType; /* only support PHONE, PAD, TV, PC, WATCH */ +} DEVSLQueryParams; + +/* tmpParams is pointer */ +#define DEVSL_INIT_PARAMS(tmpParams) do { \ + (tmpParams)->udid = NULL; \ + (tmpParams)->sensitiveData = NULL; \ + (tmpParams)->idLen = 0; \ + (tmpParams)->sensitiveDataLen = 0; \ + (tmpParams)->devType = 0; \ +} while (0) + +enum { + DEVSL_SUCCESS = 0, + DEVSL_ERROR, + DEVSL_ERR_UNINITIALIZED, + DEVSL_ERR_INITIALIZED, + DEVSL_ERR_INVALID_PARAMS, + DEVSL_ERR_ALLOC_MEMORY, + DEVSL_ENTRY_NUMBER_ERROR, + DEVSL_INIT_MUTEX_FAILED, + DEVSL_ASYNC_PROCESSING, + DEVSL_RESOURCE_BUSY, + DEVSL_ERR_IN_LOCKING, + DEVSL_ERR_GET_LOCAL_SENSITIVE, + DEVSL_ERR_ENTRY_FULL, + DEVSL_ERR_MEM_CPY, + DEVSL_ERR_CREATE_THREAD, + DEVSL_ASYNC_QUERY, + DEVSL_UNKNOWN_SEC_LEVEL, + DEVSL_ERR_PARSE_CFG, + DEVSL_ERR_GET_TIME, + DEVSL_ERR_FORM_CERT, + DEVSL_ERR_HKS_BLOB_BUFFER, + DEVSL_ERR_HKS_ATTEST_KEY, + DEVSL_ERR_HKS_CERT_CHAIN, + DEVSL_ERR_CERT_CHAIN_BUFFER, + DEVSL_ERR_GET_CERT_CHAIN, + DEVSL_ERR_VALIDATE_ATTEST_CERT, + DEVSL_ERR_ENTRY_NULL, + DEVSL_ERR_QUERY_SEC_LEVEL, + DEVSL_ERR_PROFILE_CONN, + DEVSL_ERR_PROFILE_GET_DATA, + DEVSL_ERR_PROFILE_PUT_DATA, + DEVSL_ERR_PROFILE_PUT_SERVICE, + DEVSL_ERR_PROFILE_PUT_DEVICE, + DEVSL_ERR_PROFILE_PROC_HOST, + DEVSL_ERR_PROFILE_DEV_DATA, + DEVSL_ERR_PROFILE_UDID, + DEVSL_ERR_PROFILE_DATA_CTX, + DEVSL_ERR_CERT_DATA_LEN, + DEVSL_ERR_PROFILE_CONN_IN_QUERY, + DEVSL_LEVEL_ONLY_WITH_POLICY, + DEVSL_ERR_WITHOUT_PERMISSION, + DEVSL_ERR_UNKNOWN_DEV_TYPE, + DEVSL_ERR_PROFILE_INIT +}; + +#define DATA_SEC_LEVEL0 0 /* s0 */ +#define DATA_SEC_LEVEL1 1 /* s1 */ +#define DATA_SEC_LEVEL2 2 /* s2 */ +#define DATA_SEC_LEVEL3 3 /* s3 */ +#define DATA_SEC_LEVEL4 4 /* s4 */ + +/* + * note: 1 - if return error code, the out levelInfo is invalid + * 2 - if @param queryParams's devType > 0, only do the compatible processing + * @param queryParams - if caller set the devType valid, get data security level only with policy configuration + * @param levelInfo - store the queried data level + * if success, return DEVSL_SUCCESS, else return error code. + */ +int32_t DEVSL_GetHighestSecLevel(DEVSLQueryParams *queryParams, uint32_t *levelInfo); +/* cert buffer length must be more than 13k, suggest 14k */ +int32_t DEVSL_GetLocalCertData(uint8_t *buff, uint32_t bufSz, uint32_t *dataLen); +/* not support mutil-thread */ +int32_t DEVSL_OnStart(int32_t maxDevNum); +/* not support mutil-thread */ +void DEVSL_ToFinish(void); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/ohos.build b/ohos.build new file mode 100755 index 0000000..fb8100a --- /dev/null +++ b/ohos.build @@ -0,0 +1,38 @@ +{ + "subsystem": "security", + "parts": { + "dataclassification": { + "variants": [ + "phone", + "wearable" + ], + "module_list": [ + "//base/security/dataclassification/interfaces/innerkits/hwdevsl:hwdsl", + "//base/security/dataclassification/interfaces/innerkits/fbe_iudf_xattr:fbe_iudf_xattr" + ], + "inner_kits": [ + { + "name": "//base/security/dataclassification/interfaces/innerkits/fbe_iudf_xattr:fbe_iudf_xattr", + "header": { + "header_files": [ + "fbe_sdp_code_num.h", + "fbe_sdp_policy.h" + ], + "header_base": "//base/security/dataclassification/interfaces/innerkits/fbe_iudf_xattr/include" + } + }, + { + "name": "//base/security/dataclassification/interfaces/innerkits/hwdevsl:hwdsl", + "header": { + "header_files": [ + "1.0/dev_slinfo_mgr.h" + ], + "header_base": "//base/security/dataclassification/interfaces/innerkits/hwdevsl/include" + } + } + ], + "test_list": [ + ] + } + } +}