feat: support plugin

Signed-off-by: zhuofan0129 <861080528@qq.com>
2024-11-23 06:41:06 +00:00 · 2023-12-05 19:51:36 +08:00 · 2023-12-05 19:51:36 +08:00 · 86528cdd27
commit 86528cdd27
parent 2cb4ed47f0
11 changed files with 66 additions and 16 deletions
--- a/baselib/msglib/src/standard/messenger_device_socket_manager.c
+++ b/baselib/msglib/src/standard/messenger_device_socket_manager.c
@ -452,8 +452,8 @@ static int32_t ProcessCreateServer(const char *session, const char *pkg, int32_t
        return socket;
    }
    ret = Listen(socket, serverQos, sizeof(serverQos) / sizeof(QosTV), &serverListener);
+    SECURITY_LOG_INFO("Listen %{public}s with socket %{public}d ret is %{public}d", sessionName, socket, ret);
    if (ret != 0) {
-        SECURITY_LOG_ERROR("Listen Socket %{public}d failed", socket);
        Shutdown(socket);
        return ret;
    }
@ -471,11 +471,9 @@ static bool CreateServer(DeviceSocketManager *inst)

    int32_t socket = 0;
    if (ProcessCreateServer(inst->primarySockName, inst->pkgName, &socket) == 0) {
-        SECURITY_LOG_INFO("Listen success, socket is %{public}d", socket);
        inst->primarySocket = socket;
    }
    if (ProcessCreateServer(inst->secondarySockName, inst->pkgName, &socket) == 0) {
-        SECURITY_LOG_INFO("Listen success, socket is %{public}d", socket);
        inst->secondarySocket = socket;
    }

@ -630,14 +628,11 @@ static void BindSync(int32_t socket, const DeviceIdentify *devId)
        .OnBytes = ClientOnBytes,
    };
    int32_t ret = Bind(socket, clientQos, sizeof(clientQos) / sizeof(QosTV), &clientListener);
-    SECURITY_LOG_INFO("Primary Bind ret is %{public}d", ret);
+    SECURITY_LOG_INFO("Bind socket %{public}d ret is %{public}d", socket, ret);
    if (ret == 0) {
-        SECURITY_LOG_INFO("Bind Success");
        ClientOnBind(socket, devId);
        return;
    }
-
-    SECURITY_LOG_ERROR("Bind Failed");
 }

 static int32_t ProcessBindSocket(const char *socketName, DeviceIdentify *devId, int32_t *socketId)
@ -661,13 +656,12 @@ static int32_t ProcessBindSocket(const char *socketName, DeviceIdentify *devId,
        return ret;
    }
    char clientName[SOCKET_NAME_LEN + 1] = {0};
-    ret = snprintf_s(clientName, SOCKET_NAME_LEN, SOCKET_NAME_LEN - 1, "device.security.level.%lu",
-        (unsigned long)maskId);
+    ret = snprintf_s(clientName, SOCKET_NAME_LEN, SOCKET_NAME_LEN - 1, "device.security.level.%x", maskId);
    if (ret < 0) {
        SECURITY_LOG_ERROR("snprintf failed");
        return ret;
    }
-    SECURITY_LOG_INFO("clientName is %{public}s", clientName);
+
    char pkgName[PKG_NAME_LEN + 1] = {0};
    ret = memcpy_s(pkgName, PKG_NAME_LEN, inst->pkgName, PKG_NAME_LEN);
    if (ret != EOK) {
@ -683,6 +677,7 @@ static int32_t ProcessBindSocket(const char *socketName, DeviceIdentify *devId,
        .dataType = DATA_TYPE_BYTES,
    };
    int32_t socket = Socket(socketInfo);
+    SECURITY_LOG_INFO("clientName is %{public}s to socket %{public}s %{public}d", clientName, socketName, socket);
    if (socket <= 0) {
        return -1;
    }
@ -705,12 +700,10 @@ void *BindSyncWithPthread(void *arg)

    int32_t socket = 0;
    if (ProcessBindSocket(inst->primarySockName, &identity, &socket) == 0) {
-        SECURITY_LOG_INFO("Socket is %{public}d ", socket);
        BindSync(socket, &identity);
    }

    if (ProcessBindSocket(inst->secondarySockName, &identity, &socket) == 0) {
-        SECURITY_LOG_INFO("Socket is %{public}d ", socket);
        BindSync(socket, &identity);
    }

--- a/bundle.json
+++ b/bundle.json
@ -67,6 +67,17 @@
                        ],
                        "header_base": "//base/security/device_security_level/interfaces/inner_api/include"
                    }
+                },
+                {
+                    "name": "//base/security/device_security_level/services/sa:dslm_service",
+                    "header": {
+                        "header_files": [
+                            "dslm_cred.h",
+                            "dslm_credential_utils.h",
+                            "dslm_credential.h"
+                        ],
+                        "header_base": "//base/security/device_security_level/oem_property/include"
+                    }
                }
            ],
            "test": [
--- a/oem_property/include/dslm_credential.h
+++ b/oem_property/include/dslm_credential.h
@ -18,7 +18,6 @@

 #include <stdint.h>

-#include "device_security_defines.h"
 #include "dslm_cred.h"

 #ifdef __cplusplus
@ -34,6 +33,15 @@ int32_t DefaultInitDslmCred(DslmCredInfo *credInfo);

 int32_t GetSupportedCredTypes(CredType *list, uint32_t len);

+int32_t VerifyOhosDslmCred(const DeviceIdentify *device, uint64_t challenge, const DslmCredBuff *credBuff,
+    DslmCredInfo *credInfo);
+
+int32_t RequestOhosDslmCred(const DeviceIdentify *device, const RequestObject *obj, DslmCredBuff **credBuff);
+
+int32_t InitOhosDslmCred(DslmCredInfo *credInfo);
+
+int32_t GetCredFromCurrentDevice(char *credStr, uint32_t maxLen);
+
 #ifdef __cplusplus
 }
 #endif
--- a/oem_property/include/dslm_credential_utils.h
+++ b/oem_property/include/dslm_credential_utils.h
--- a/services/msg/BUILD.gn
+++ b/services/msg/BUILD.gn
@ -14,6 +14,10 @@
 import("//base/security/device_security_level/common/dslm.gni")
 import("//build/ohos.gni")

+declare_args() {
+  device_security_level_feature_secondary_session_name = ""
+}
+
 # service_msg object
 ohos_source_set("service_msg_obj") {
  sources = [ "dslm_messenger_wrapper.c" ]
@ -51,6 +55,10 @@ ohos_source_set("service_msg_obj") {
    ]
  }

+  if (device_security_level_feature_secondary_session_name != "") {
+    defines = [ "SECONDARY_SOCKET_NAME=\"${device_security_level_feature_secondary_session_name}\"" ]
+  }
+
  configs = [ "../../common:common_configs" ]

  part_name = "device_security_level"
--- a/services/msg/dslm_messenger_wrapper.c
+++ b/services/msg/dslm_messenger_wrapper.c
@ -134,5 +134,9 @@ __attribute__((weak)) const char *GetMessengerPrimarySessionName(void)

 __attribute__((weak)) const char *GetMessengerSecondarySessionName(void)
 {
+#ifdef SECONDARY_SOCKET_NAME
+    return SECONDARY_SOCKET_NAME;
+#else
    return NULL;
+#endif
 }
--- a/services/sa/BUILD.gn
+++ b/services/sa/BUILD.gn
@ -16,6 +16,8 @@ import("//build/ohos.gni")

 # sa lib
 if (defined(ohos_lite)) {
+  group("dslm_service") {
+  }
  if (ohos_kernel_type == "liteos_a" || ohos_kernel_type == "linux") {
    ohos_static_library("service_sa_static") {
      sources = [ "common/dslm_rpc_process.c" ]
@ -137,6 +139,12 @@ if (defined(ohos_lite)) {
    }
  }
 } else {
+  config("dslm_service_config") {
+    include_dirs = [ "../../oem_property/include" ]
+  }
+  declare_args() {
+    device_security_level_feature_plugin_path = ""
+  }
  ohos_shared_library("dslm_service") {
    sanitize = {
      integer_overflow = true
@ -163,6 +171,11 @@ if (defined(ohos_lite)) {
      "../../interfaces/inner_api/include",
    ]

+    if (device_security_level_feature_plugin_path != "") {
+      defines =
+          [ "PLUGIN_SO_PATH=\"${device_security_level_feature_plugin_path}\"" ]
+    }
+
    deps = [
      "../../baselib/utils:utils_static",
      "../../oem_property:dslm_oem_ext",
@ -181,7 +194,7 @@ if (defined(ohos_lite)) {
    ]

    configs = [ "../../common:common_configs" ]
-
+    public_configs = [ ":dslm_service_config" ]
    part_name = "device_security_level"
    subsystem_name = "security"
  }
--- a/services/sa/standard/dslm_service.cpp
+++ b/services/sa/standard/dslm_service.cpp
@ -15,6 +15,7 @@

 #include "dslm_service.h"

+#include <dlfcn.h>
 #include <thread>

 #include "iremote_object.h"
@ -39,7 +40,7 @@ DslmService::DslmService(int32_t saId, bool runOnCreate) : SystemAbility(saId, r
 void DslmService::OnStart()
 {
    SECURITY_LOG_INFO("start");
-
+    ProcessLoadPlugin();
    std::thread thread([this]() {
        if (InitService() == SUCCESS) {
            SECURITY_LOG_INFO("init service success");
@ -85,6 +86,16 @@ int32_t DslmService::ProcessGetDeviceSecurityLevel(MessageParcel &data, MessageP
 {
    return Singleton<DslmIpcProcess>::GetInstance().DslmProcessGetDeviceSecurityLevel(data, reply);
 }
+
+void DslmService::ProcessLoadPlugin(void)
+{
+#ifdef PLUGIN_SO_PATH
+    auto *handle = dlopen(PLUGIN_SO_PATH, RTLD_NOW);
+    if (!handle) {
+        SECURITY_LOG_ERROR("load %{public}s failed for %{public}s", PLUGIN_SO_PATH, dlerror());
+    }
+#endif
+}
 } // namespace DeviceSecurityLevel
 } // namespace Security
 } // namespace OHOS
--- a/services/sa/standard/dslm_service.h
+++ b/services/sa/standard/dslm_service.h
@ -45,6 +45,7 @@ public:
    int32_t OnRemoteRequest(uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) override;

 private:
+    static void ProcessLoadPlugin(void);
    int32_t ProcessGetDeviceSecurityLevel(MessageParcel &data, MessageParcel &reply);
 };
 } // namespace DeviceSecurityLevel
--- a/test/dslm_fuzz_test/dslm_fuzzer/BUILD.gn
+++ b/test/dslm_fuzz_test/dslm_fuzzer/BUILD.gn
@ -34,7 +34,7 @@ if (os_level == "standard") {

    sources = [ "dslm_fuzzer.cpp" ]

-    deps = [ "../../../services/sa:dslm_service" ]
+    deps = [ "../../../oem_property/ohos:dslm_service" ]

    external_deps = [
      "c_utils:utils",
--- a/test/dslm_unit_test/dslm_oem_property_test.cpp
+++ b/test/dslm_unit_test/dslm_oem_property_test.cpp
@ -22,6 +22,7 @@
 #include "securec.h"
 #include "token_setproc.h"

+#include "device_security_defines.h"
 #include "dslm_credential.h"
 #include "dslm_credential_utils.h"
 #include "dslm_crypto.h"