openharmony/security_device_auth
1
0
Fork 0
mirror of https://gitee.com/openharmony/security_device_auth synced 2024-11-23 07:40:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

deviceauth SA standardization

Browse Source 
Signed-off-by: 赖剑桥 <laijianqiao@huawei.com>
This commit is contained in:
赖剑桥 2024-10-26 11:50:49 +08:00
parent 97b145d4a9
commit d387ebf235
19 changed files with 1901 additions and 264 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
BUILD.gn
View File

@ -21,7 +21,10 @@ group("deviceauth_sdk_build") {
group("deviceauth_service_build") {
if (os_level == "standard" || os_level == "small") {
deps = [ "services:deviceauth_service" ]
deps = [
"services:deviceauth_service",
"services/sa/sa_profile:deviceauth_sa_profile",
]
}
}

1
bundle.json
View File

@ -61,6 +61,7 @@
"openssl",
"os_account",
"samgr",
"safwk",
"ipc"
]
},

59
frameworks/inc/deviceauth_sa.h Normal file
View File

@ -0,0 +1,59 @@
/*
* Copyright (C) 2024-2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef DEVICE_AUTH_SA_H
#define DEVICE_AUTH_SA_H
#include <atomic>
#include "system_ability.h"
#include "iremote_broker.h"
#include "iremote_stub.h"
#include "nocopyable.h"
#include "ipc_dev_auth_stub.h"
namespace OHOS {
constexpr int SA_ID_DEVAUTH_SERVICE = 4701;
class DeviceAuthAbility : public SystemAbility, public ServiceDevAuth {
DECLARE_SYSTEM_ABILITY(DeviceAuthAbility);
public:
DISALLOW_COPY_AND_MOVE(DeviceAuthAbility);
DeviceAuthAbility(int saId, bool runOnCreate);
virtual ~DeviceAuthAbility();
int32_t Dump(int32_t fd, const std::vector<std::u16string> &args) override;
int32_t OnRemoteRequest(uint32_t code, MessageParcel &data,
MessageParcel &reply, MessageOption &option) override;
static sptr<DeviceAuthAbility> GetInstance();
static void DestroyInstance();
protected:
void OnStart() override;
void OnStop() override;
private:
static std::mutex g_instanceLock;
static sptr<DeviceAuthAbility> g_instance;
DeviceAuthAbility();
};
} // namespace OHOS
#endif

18
frameworks/inc/standard/ipc_dev_auth_stub.h
View File

@ -16,9 +16,10 @@
#ifndef IPC_DEV_AUTH_STUB_H
#define IPC_DEV_AUTH_STUB_H
#include "iremote_stub.h"
#include "ipc_iface.h"
#include "ipc_adapt.h"
#include "iremote_stub.h"
namespace OHOS {
typedef struct {
@ -32,7 +33,7 @@ class ServiceDevAuth : public IRemoteStub<IMethodsIpcCall> {
public:
ServiceDevAuth(bool serialInvokeFlag = true);
~ServiceDevAuth() override;
int32_t Dump(int32_t fd, const std::vector<std::u16string>& args) override;
int32_t Dump(int32_t fd, const std::vector<std::u16string> &args) override;
int32_t OnRemoteRequest(uint32_t code, MessageParcel &data,
MessageParcel &reply, MessageOption &option) override;
void ResetCallMap(void);
@ -43,13 +44,16 @@ public:
static void ActCallback(int32_t objIdx, int32_t callbackId, bool sync,
uintptr_t cbHook, MessageParcel &dataParcel, MessageParcel &reply);
private:
int32_t maxCallMapSz = MAX_CALLMAP_SIZE;
IpcServiceCallMap *callMapTable = nullptr;
int32_t callMapElemNum = 0;
IpcServiceCall GetCallMethodByMethodId(int32_t methodId);
protected:
int32_t HandleRestoreCall(MessageParcel &data, MessageParcel &reply);
int32_t HandleDeviceAuthCall(uint32_t code, MessageParcel &data,
MessageParcel &reply, MessageOption &option);
private:
int32_t maxCallMapSz = MAX_CALLMAP_SIZE;
IpcServiceCallMap *standardCallMapTable = nullptr;
int32_t callMapElemNum = 0;
IpcServiceCall GetCallMethodByMethodId(int32_t methodId);
};
class DevAuthDeathRecipient : public IRemoteObject::DeathRecipient {

1507
frameworks/src/deviceauth_sa.cpp Normal file
View File

File diff suppressed because it is too large Load Diff

180
frameworks/src/lite/ipc_callback_proxy.c → frameworks/src/lite/client/ipc_callback_proxy.c
View File

@ -1,90 +1,90 @@
/*
* Copyright (C) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "ipc_callback_proxy.h"
#include "hc_log.h"
#include "hc_types.h"
#include "ipc_adapt.h"
#include "ipc_skeleton.h"
#include "securec.h"
#ifdef __cplusplus
extern "C" {
#endif
static void CbProxyFormReplyData(int32_t reqRetVal, IpcIo *replyDst, const IpcIo *replySrc)
{
errno_t eno;
if (reqRetVal != 0) {
*(int32_t *)(replyDst->bufferCur) = reqRetVal;
replyDst->bufferLeft = sizeof(int32_t);
return;
}
LOGI("with reply data, length(%zu), flag(%u)", replySrc->bufferLeft, replySrc->flag);
eno = memcpy_s(replyDst->bufferCur, replyDst->bufferLeft, replySrc->bufferCur, replySrc->bufferLeft);
if (eno != EOK) {
replyDst->flag = 0;
LOGE("memory copy reply data failed");
return;
}
replyDst->bufferLeft = replySrc->bufferLeft;
LOGI("out reply data, length(%zu)", replyDst->bufferLeft);
return;
}
void CbProxySendRequest(SvcIdentity sid, int32_t callbackId, uintptr_t cbHook, IpcIo *data, IpcIo *reply)
{
int32_t ret;
IpcIo *reqData = NULL;
int32_t dataSz;
uintptr_t outMsg = 0x0;
IpcIo replyTmp;
ShowIpcSvcInfo(&(sid));
reqData = (IpcIo *)InitIpcDataCache(IPC_DATA_BUFF_MAX_SZ);
if (reqData == NULL) {
return;
}
WriteInt32(reqData, callbackId);
WritePointer(reqData, cbHook);
dataSz = GetIpcIoDataLength((const IpcIo *)data);
LOGI("to form callback params data length(%d)", dataSz);
if (dataSz > 0) {
WriteUint32(reqData, dataSz);
if (!WriteBuffer(reqData, data->bufferBase + IpcIoBufferOffset(), dataSz)) {
HcFree((void *)reqData);
return;
}
}
/* callFlag: ipc mode is blocking or non blocking. */
MessageOption option;
MessageOptionInit(&option);
option.flags = ((reply != NULL) ? TF_OP_SYNC : TF_OP_ASYNC);
ret = SendRequest(sid, DEV_AUTH_CALLBACK_REQUEST, reqData, &replyTmp, option, &outMsg);
LOGI("SendRequest(%d) done, return(%d)", option.flags, ret);
HcFree((void *)reqData);
if (reply == NULL) {
return;
}
CbProxyFormReplyData(ret, reply, &replyTmp);
FreeBuffer((void *)outMsg);
return;
}
#ifdef __cplusplus
}
#endif
/*
* Copyright (C) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "ipc_callback_proxy.h"
#include "hc_log.h"
#include "hc_types.h"
#include "ipc_adapt.h"
#include "ipc_skeleton.h"
#include "securec.h"
#ifdef __cplusplus
extern "C" {
#endif
static void CbProxyFormReplyData(int32_t reqRetVal, IpcIo *replyDst, const IpcIo *replySrc)
{
errno_t eno;
if (reqRetVal != 0) {
*(int32_t *)(replyDst->bufferCur) = reqRetVal;
replyDst->bufferLeft = sizeof(int32_t);
return;
}
LOGI("with reply data, length(%zu), flag(%u)", replySrc->bufferLeft, replySrc->flag);
eno = memcpy_s(replyDst->bufferCur, replyDst->bufferLeft, replySrc->bufferCur, replySrc->bufferLeft);
if (eno != EOK) {
replyDst->flag = 0;
LOGE("memory copy reply data failed");
return;
}
replyDst->bufferLeft = replySrc->bufferLeft;
LOGI("out reply data, length(%zu)", replyDst->bufferLeft);
return;
}
void CbProxySendRequest(SvcIdentity sid, int32_t callbackId, uintptr_t cbHook, IpcIo *data, IpcIo *reply)
{
int32_t ret;
IpcIo *reqData = NULL;
int32_t dataSz;
uintptr_t outMsg = 0x0;
IpcIo replyTmp;
ShowIpcSvcInfo(&(sid));
reqData = (IpcIo *)InitIpcDataCache(IPC_DATA_BUFF_MAX_SZ);
if (reqData == NULL) {
return;
}
WriteInt32(reqData, callbackId);
WritePointer(reqData, cbHook);
dataSz = GetIpcIoDataLength((const IpcIo *)data);
LOGI("to form callback params data length(%d)", dataSz);
if (dataSz > 0) {
WriteUint32(reqData, dataSz);
if (!WriteBuffer(reqData, data->bufferBase + IpcIoBufferOffset(), dataSz)) {
HcFree((void *)reqData);
return;
}
}
/* callFlag: ipc mode is blocking or non blocking. */
MessageOption option;
MessageOptionInit(&option);
option.flags = ((reply != NULL) ? TF_OP_SYNC : TF_OP_ASYNC);
ret = SendRequest(sid, DEV_AUTH_CALLBACK_REQUEST, reqData, &replyTmp, option, &outMsg);
LOGI("SendRequest(%d) done, return(%d)", option.flags, ret);
HcFree((void *)reqData);
if (reply == NULL) {
return;
}
CbProxyFormReplyData(ret, reply, &replyTmp);
FreeBuffer((void *)outMsg);
return;
}
#ifdef __cplusplus
}
#endif

0
frameworks/src/lite/ipc_dev_auth_proxy.c → frameworks/src/lite/client/ipc_dev_auth_proxy.c
View File

166
frameworks/src/lite/ipc_callback_stub.c → frameworks/src/lite/server/ipc_callback_stub.c
View File

@ -1,83 +1,83 @@
/*
* Copyright (C) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "ipc_callback_stub.h"
#include "common_defs.h"
#include "device_auth_defines.h"
#include "hc_log.h"
#include "ipc_adapt.h"
#include "ipc_iface.h"
#include "ipc_skeleton.h"
#include "securec.h"
#ifdef __cplusplus
extern "C" {
#endif
static void DoCallBack(int32_t callbackId, uintptr_t cbHook, IpcIo *data, IpcIo *reply)
{
int32_t ret;
int32_t i;
IpcDataInfo cbDataCache[MAX_REQUEST_PARAMS_NUM] = { { 0 } };
if (cbHook == 0x0) {
LOGE("Invalid call back hook");
return;
}
uint32_t len = 0;
ReadUint32(data, &len); /* skip flat object length information */
for (i = 0; i < MAX_REQUEST_PARAMS_NUM; i++) {
ret = DecodeIpcData((uintptr_t)(data), &(cbDataCache[i].type),
&(cbDataCache[i].val), &(cbDataCache[i].valSz));
if (ret != HC_SUCCESS) {
LOGE("decode failed, ret %d", ret);
return;
}
}
ProcCbHook(callbackId, cbHook, cbDataCache, MAX_REQUEST_PARAMS_NUM, (uintptr_t)(reply));
return;
}
int32_t CbStubOnRemoteRequest(uint32_t code, IpcIo *data, IpcIo *reply, MessageOption option)
{
(void)option;
int32_t callbackId;
uintptr_t cbHook = 0x0;
LOGI("enter invoking callback...");
if (data == NULL) {
LOGE("invalid param");
return -1;
}
LOGI("receive ipc transact code(%u)", code);
switch (code) {
case DEV_AUTH_CALLBACK_REQUEST:
ReadInt32(data, &callbackId);
cbHook = ReadPointer(data);
DoCallBack(callbackId, cbHook, data, reply);
break;
default:
LOGE("Invoke callback cmd code(%u) error", code);
break;
}
LOGI("Invoke callback done, result(%d)", HC_SUCCESS);
return HC_SUCCESS;
}
#ifdef __cplusplus
}
#endif
/*
* Copyright (C) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "ipc_callback_stub.h"
#include "common_defs.h"
#include "device_auth_defines.h"
#include "hc_log.h"
#include "ipc_adapt.h"
#include "ipc_iface.h"
#include "ipc_skeleton.h"
#include "securec.h"
#ifdef __cplusplus
extern "C" {
#endif
static void DoCallBack(int32_t callbackId, uintptr_t cbHook, IpcIo *data, IpcIo *reply)
{
int32_t ret;
int32_t i;
IpcDataInfo cbDataCache[MAX_REQUEST_PARAMS_NUM] = { { 0 } };
if (cbHook == 0x0) {
LOGE("Invalid call back hook");
return;
}
uint32_t len = 0;
ReadUint32(data, &len); /* skip flat object length information */
for (i = 0; i < MAX_REQUEST_PARAMS_NUM; i++) {
ret = DecodeIpcData((uintptr_t)(data), &(cbDataCache[i].type),
&(cbDataCache[i].val), &(cbDataCache[i].valSz));
if (ret != HC_SUCCESS) {
LOGE("decode failed, ret %d", ret);
return;
}
}
ProcCbHook(callbackId, cbHook, cbDataCache, MAX_REQUEST_PARAMS_NUM, (uintptr_t)(reply));
return;
}
int32_t CbStubOnRemoteRequest(uint32_t code, IpcIo *data, IpcIo *reply, MessageOption option)
{
(void)option;
int32_t callbackId;
uintptr_t cbHook = 0x0;
LOGI("enter invoking callback...");
if (data == NULL) {
LOGE("invalid param");
return -1;
}
LOGI("receive ipc transact code(%u)", code);
switch (code) {
case DEV_AUTH_CALLBACK_REQUEST:
ReadInt32(data, &callbackId);
cbHook = ReadPointer(data);
DoCallBack(callbackId, cbHook, data, reply);
break;
default:
LOGE("Invoke callback cmd code(%u) error", code);
break;
}
LOGI("Invoke callback done, result(%d)", HC_SUCCESS);
return HC_SUCCESS;
}
#ifdef __cplusplus
}
#endif

0
frameworks/src/lite/ipc_dev_auth_stub.c → frameworks/src/lite/server/ipc_dev_auth_stub.c
View File

0
frameworks/src/standard/ipc_callback_proxy.cpp → frameworks/src/standard/client/ipc_callback_proxy.cpp
View File

2
frameworks/src/standard/ipc_dev_auth_proxy.cpp → frameworks/src/standard/client/ipc_dev_auth_proxy.cpp
View File

@ -47,7 +47,7 @@ int32_t ProxyDevAuth::DoCallRequest(MessageParcel &dataParcel, MessageParcel &re
ret = remote->SendRequest(static_cast<uint32_t>(DevAuthInterfaceCode::DEV_AUTH_CALL_REQUEST),
dataParcel, replyParcel, option);
if (ret != ERR_NONE) {
LOGE("SendRequest fail.");
LOGE("ProxyDevAuth::DoCallRequest SendRequest fail. ret = %d", ret);
ret = HC_ERR_IPC_INTERNAL_FAILED;
} else {
replyParcel.ReadInt32(ret);

1
frameworks/src/standard/ipc_adapt.cpp
View File

@ -22,7 +22,6 @@
#include "ipc_dev_auth_proxy.h"
#include "ipc_dev_auth_stub.h"
#include "ipc_sdk.h"
#include "ipc_service.h"
#include "ipc_skeleton.h"
#include "iservice_registry.h"
#include "securec.h"

0
frameworks/src/standard/ipc_callback_stub.cpp → frameworks/src/standard/server/ipc_callback_stub.cpp
View File

43
frameworks/src/standard/ipc_dev_auth_stub.cpp → frameworks/src/standard/server/ipc_dev_auth_stub.cpp
View File

@ -57,14 +57,14 @@ ServiceDevAuth::ServiceDevAuth(bool serialInvokeFlag) : IRemoteStub(serialInvoke
ServiceDevAuth::~ServiceDevAuth()
{
maxCallMapSz = MAX_CALLMAP_SIZE;
if (callMapTable != nullptr) {
delete[] callMapTable;
callMapTable = nullptr;
if (standardCallMapTable != nullptr) {
delete[] standardCallMapTable;
standardCallMapTable = nullptr;
}
callMapElemNum = 0;
}
int32_t ServiceDevAuth::Dump(int32_t fd, const std::vector<std::u16string>& args)
int32_t ServiceDevAuth::Dump(int32_t fd, const std::vector<std::u16string> &args)
{
std::vector<std::string> strArgs;
for (auto arg : args) {
@ -93,13 +93,13 @@ IpcServiceCall ServiceDevAuth::GetCallMethodByMethodId(int32_t methodId)
{
int32_t i;
if (callMapTable == nullptr) {
if (standardCallMapTable == nullptr) {
return nullptr;
}
for (i = 0; i < maxCallMapSz; i++) {
if ((callMapTable[i].methodId == methodId) && (callMapTable[i].method != nullptr)) {
return callMapTable[i].method;
if ((standardCallMapTable[i].methodId == methodId) && (standardCallMapTable[i].method != nullptr)) {
return standardCallMapTable[i].method;
}
}
return nullptr;
@ -202,7 +202,7 @@ static void InitCbStubTable()
return;
}
static int32_t HandleRestoreCall(MessageParcel &data, MessageParcel &reply)
int32_t ServiceDevAuth::HandleRestoreCall(MessageParcel &data, MessageParcel &reply)
{
#ifdef DEV_AUTH_SERVICE_BUILD
int32_t osAccountId = DEFAULT_UPGRADE_OS_ACCOUNT_ID;
@ -245,11 +245,13 @@ int32_t ServiceDevAuth::HandleDeviceAuthCall(uint32_t code, MessageParcel &data,
}
serviceCall = GetCallMethodByMethodId(methodId);
if (serviceCall == nullptr) {
LOGE("ServiceDevAuth::HandleDeviceAuthCall serviceCall is nullptr, methodId: %d", methodId);
ret = HC_ERR_IPC_METHOD_ID_INVALID;
break;
}
ret = DecodeCallRequest(data, reqParams, MAX_REQUEST_PARAMS_NUM, reqParamNum);
if (ret != HC_SUCCESS) {
LOGE("ServiceDevAuth::HandleDeviceAuthCall DecodeCallRequest ret: %d", ret);
break;
}
if (reqParamNum < (MAX_REQUEST_PARAMS_NUM - 1)) {
@ -294,23 +296,23 @@ int32_t ServiceDevAuth::SetCallMap(IpcServiceCall method, int32_t methodId)
if ((1 + callMapElemNum) > maxCallMapSz) {
maxCallMapSz += MAX_CALLMAP_SIZE;
if (callMapTable != nullptr) {
callMapTmp = callMapTable;
callMapTable = nullptr;
if (standardCallMapTable != nullptr) {
callMapTmp = standardCallMapTable;
standardCallMapTable = nullptr;
}
}
if (callMapTable == nullptr) {
callMapTable = new(std::nothrow) IpcServiceCallMap[maxCallMapSz];
if (callMapTable == nullptr) {
if (standardCallMapTable == nullptr) {
standardCallMapTable = new(std::nothrow) IpcServiceCallMap[maxCallMapSz];
if (standardCallMapTable == nullptr) {
return HC_ERR_ALLOC_MEMORY;
}
len = sizeof(IpcServiceCallMap) * maxCallMapSz;
(void)memset_s(callMapTable, len, 0, len);
(void)memset_s(standardCallMapTable, len, 0, len);
if (callMapTmp != nullptr) {
eno = memcpy_s(callMapTable, len, callMapTmp, (sizeof(IpcServiceCallMap) * callMapElemNum));
eno = memcpy_s(standardCallMapTable, len, callMapTmp, (sizeof(IpcServiceCallMap) * callMapElemNum));
if (eno != EOK) {
delete[] callMapTable;
callMapTable = callMapTmp;
delete[] standardCallMapTable;
standardCallMapTable = callMapTmp;
maxCallMapSz -= MAX_CALLMAP_SIZE;
return HC_ERR_MEMORY_COPY;
}
@ -318,8 +320,9 @@ int32_t ServiceDevAuth::SetCallMap(IpcServiceCall method, int32_t methodId)
callMapTmp = nullptr;
}
}
callMapTable[callMapElemNum].method = method;
callMapTable[callMapElemNum].methodId = methodId;
standardCallMapTable[callMapElemNum].method = method;
standardCallMapTable[callMapElemNum].methodId = methodId;
callMapElemNum++;
return HC_SUCCESS;
}

116
services/BUILD.gn
View File

@ -238,68 +238,13 @@ if (os_level == "mini" || os_level == "small") {
}
}
ohos_prebuilt_etc("auth_service.rc") {
source = "${frameworks_path}/src/standard/deviceauth_service.cfg"
ohos_prebuilt_etc("pre_deviceauth_service") {
source = "${deviceauth_path}/services/deviceauth_service.cfg"
relative_install_dir = "init"
subsystem_name = "security"
part_name = "device_auth"
}
group("etc") {
deps = [ ":auth_service.rc" ]
}
ohos_executable("deviceauth_service") {
subsystem_name = "security"
part_name = "device_auth"
install_enable = true
include_dirs += [
"${frameworks_path}/inc/standard",
"${dev_frameworks_path}/inc/permission_adapter",
"${dev_frameworks_path}/inc/hiview_adapter",
]
sources = deviceauth_ipc_files
sources += permission_adapter_files
sources += [ "${frameworks_path}/src/ipc_service.c" ]
defines = [ "HILOG_ENABLE" ]
defines += [ "DEV_AUTH_HIVIEW_ENABLE" ]
defines += [ "DEV_AUTH_SERVICE_BUILD" ]
cflags = build_flags
if (target_cpu == "arm") {
cflags += [ "-DBINDER_IPC_32BIT" ]
}
branch_protector_ret = "pac_ret"
sanitize = {
cfi = true
cfi_cross_dso = true
integer_overflow = true
boundary_sanitize = true
ubsan = true
debug = false
}
deps = [
":auth_service.rc",
":deviceauth",
"${deps_adapter_path}:${hal_module_name}",
]
external_deps = [
"access_token:libaccesstoken_sdk",
"bounds_checking_function:libsec_shared",
"cJSON:cjson",
"c_utils:utils",
"hilog:libhilog",
"init:libbegetutil",
"ipc:ipc_single",
"samgr:samgr_proxy",
]
}
ohos_shared_library("deviceauth_sdk") {
subsystem_name = "security"
part_name = "device_auth"
@ -352,4 +297,61 @@ if (os_level == "mini" || os_level == "small") {
"samgr:samgr_proxy",
]
}
ohos_shared_library("deviceauth_service") {
subsystem_name = "security"
part_name = "device_auth"
version_script = "device_auth.map"
public_configs = [ ":deviceauth_config" ]
branch_protector_ret = "pac_ret"
sanitize = {
cfi = true
cfi_cross_dso = true
integer_overflow = true
boundary_sanitize = true
ubsan = true
debug = false
}
cflags = build_flags
cflags += [ "-fPIC" ]
if (target_cpu == "arm") {
cflags += [ "-DBINDER_IPC_32BIT" ]
}
include_dirs += [
"${frameworks_path}/inc",
"${frameworks_path}/inc/standard",
"${dev_frameworks_path}/inc/permission_adapter",
"${dev_frameworks_path}/inc/hiview_adapter",
]
defines = [ "HILOG_ENABLE" ]
defines += [ "DEV_AUTH_HIVIEW_ENABLE" ]
defines += [ "DEV_AUTH_SERVICE_BUILD" ]
sources = deviceauth_ipc_files
sources += permission_adapter_files
sources += [ "${frameworks_path}/src/deviceauth_sa.cpp" ]
deps = [
":deviceauth",
":pre_deviceauth_service",
"${deps_adapter_path}:${hal_module_name}",
]
external_deps = [
"access_token:libaccesstoken_sdk",
"bounds_checking_function:libsec_shared",
"cJSON:cjson",
"c_utils:utils",
"hilog:libhilog",
"init:libbegetutil",
"ipc:ipc_core",
"ipc:ipc_single",
"safwk:system_ability_fwk",
"samgr:samgr_proxy",
]
}
}

8
services/deviceauth.gni
View File

@ -436,10 +436,10 @@ if (defined(ohos_lite)) {
deviceauth_ipc_files = [
"${frameworks_path}/src/${ipc_adapt_path}/ipc_adapt.${ipc_src_suffix}",
"${frameworks_path}/src/${ipc_adapt_path}/ipc_dev_auth_proxy.${ipc_src_suffix}",
"${frameworks_path}/src/${ipc_adapt_path}/ipc_dev_auth_stub.${ipc_src_suffix}",
"${frameworks_path}/src/${ipc_adapt_path}/ipc_callback_proxy.${ipc_src_suffix}",
"${frameworks_path}/src/${ipc_adapt_path}/ipc_callback_stub.${ipc_src_suffix}",
"${frameworks_path}/src/${ipc_adapt_path}/client/ipc_dev_auth_proxy.${ipc_src_suffix}",
"${frameworks_path}/src/${ipc_adapt_path}/server/ipc_dev_auth_stub.${ipc_src_suffix}",
"${frameworks_path}/src/${ipc_adapt_path}/client/ipc_callback_proxy.${ipc_src_suffix}",
"${frameworks_path}/src/${ipc_adapt_path}/server/ipc_callback_stub.${ipc_src_suffix}",
]
identity_manager_inc = [ "${identity_manager_path}/inc" ]

28
services/deviceauth_service.cfg Normal file
View File

@ -0,0 +1,28 @@
{
"jobs" : [{
"name" : "post-fs-data",
"cmds" : [
"mkdir /data/service/el1/public/deviceauth 0711 deviceauth deviceauth",
"mkdir /data/service/el1/public/deviceauth/account 0711 deviceauth deviceauth",
"mkdir /data/service/el1/public/deviceauth/pseudonym 0711 deviceauth deviceauth",
"start deviceauth_service"
]
}
],
"services" : [{
"name" : "deviceauth_service",
"path" : ["/system/bin/sa_main", "/system/profile/deviceauth_service.json"],
"uid" : "deviceauth",
"gid" : ["deviceauth", "shell", "netsys_socket"],
"secon" : "u:r:deviceauth_service:s0",
"permission" : [
"ohos.permission.DISTRIBUTED_DATASYNC",
"ohos.permission.GET_BUNDLE_INFO_PRIVILEGED",
"ohos.permission.GET_NETWORK_INFO",
"ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS",
"ohos.permission.MANAGE_DEVICE_AUTH_CRED",
"ohos.permission.MANAGE_LOCAL_ACCOUNTS"
]
}
]
}

12
services/sa/sa_profile/4701.json Normal file
View File

@ -0,0 +1,12 @@
{
"process": "deviceauth_service",
"systemability": [
{
"name": 4701,
"libpath": "libdeviceauth_service.z.so",
"run-on-create": true,
"distributed": false,
"dump_level": 1
}
]
}

19
services/sa/sa_profile/BUILD.gn Normal file
View File

@ -0,0 +1,19 @@
# Copyright (C) 2024-2024 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//build/ohos/sa_profile/sa_profile.gni")
ohos_sa_profile("deviceauth_sa_profile") {
part_name = "device_auth"
sources = [ "4701.json" ]
}