openharmony/security_huks
1
0
Fork 0
mirror of https://gitee.com/openharmony/security_huks synced 2024-11-27 00:40:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

删除打印路径敏感信息

Browse Source 
Signed-off-by: tangboyi <tangboyi1@huawei.com>
Change-Id: Ic82f170f0ea2852c90a736e407e900f7f9d614b7
Signed-off-by: tangboyi <tangboyi1@huawei.com>
This commit is contained in:
tangboyi 2024-09-19 19:27:11 +08:00
parent 83f41e9c47
commit 5d49df8f4e
9 changed files with 57 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
services/huks_standard/huks_service/main/hks_storage/include/hks_storage.h
View File

@ -42,13 +42,15 @@ int32_t HksStoreGetKeyBlobSize(const struct HksBlob *processName,
int32_t HksGetKeyCountByProcessName(const struct HksBlob *processName, uint32_t *fileCount);
#else // _STORAGE_LITE_
int32_t HksStoreKeyBlob(const struct HksStoreFileInfo *fileInfo, const struct HksBlob *keyBlob);
int32_t HksStoreKeyBlob(const struct HksStoreFileInfo *fileInfo, const struct HksStoreMaterial *material,
const struct HksBlob *keyBlob);
int32_t HksStoreDeleteKeyBlob(const struct HksStoreFileInfo *fileInfo);
int32_t HksStoreDeleteKeyBlob(const struct HksStoreFileInfo *fileInfo, const struct HksStoreMaterial *material);
int32_t HksStoreIsKeyBlobExist(const struct HksStoreFileInfo *fileInfo);
int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath, struct HksBlob *keyBlob);
int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath, const struct HksStoreMaterial *material,
struct HksBlob *keyBlob);
int32_t HksStoreGetKeyBlobSize(const struct HksStoreInfo *fileInfoPath, uint32_t *keyBlobSize);

2
services/huks_standard/huks_service/main/hks_storage/include/hks_storage_utils.h
View File

@ -101,7 +101,7 @@ int32_t HksFileInfoInit(struct HksStoreFileInfo *fileInfo);
void FileInfoFree(struct HksStoreFileInfo *fileInfo);
int32_t RecordKeyOperation(uint32_t operation, const char *path, const char *keyAlias);
int32_t RecordKeyOperation(uint32_t operation, const struct HksStoreMaterial *material, const char *keyAlias);
void FileNameListFree(struct HksFileEntry **fileNameList, uint32_t keyCount);

34
services/huks_standard/huks_service/main/hks_storage/src/hks_storage.c
View File

@ -275,11 +275,12 @@ static int32_t IsKeyBlobExist(const struct HksStoreFileInfo *fileInfo)
return HKS_SUCCESS;
}
int32_t HksStoreKeyBlob(const struct HksStoreFileInfo *fileInfo, const struct HksBlob *keyBlob)
int32_t HksStoreKeyBlob(const struct HksStoreFileInfo *fileInfo, const struct HksStoreMaterial *material,
const struct HksBlob *keyBlob)
{
int32_t ret;
do {
ret = RecordKeyOperation(KEY_OPERATION_SAVE, fileInfo->mainPath.path, fileInfo->mainPath.fileName);
ret = RecordKeyOperation(KEY_OPERATION_SAVE, material, fileInfo->mainPath.fileName);
HKS_IF_NOT_SUCC_BREAK(ret)
ret = HksStorageWriteFile(fileInfo->mainPath.path, fileInfo->mainPath.fileName, 0,
@ -297,11 +298,11 @@ int32_t HksStoreKeyBlob(const struct HksStoreFileInfo *fileInfo, const struct Hk
return ret;
}
int32_t HksStoreDeleteKeyBlob(const struct HksStoreFileInfo *fileInfo)
int32_t HksStoreDeleteKeyBlob(const struct HksStoreFileInfo *fileInfo, const struct HksStoreMaterial *material)
{
int32_t ret;
do {
ret = RecordKeyOperation(KEY_OPERATION_DELETE, fileInfo->mainPath.path, fileInfo->mainPath.fileName);
ret = RecordKeyOperation(KEY_OPERATION_DELETE, material, fileInfo->mainPath.fileName);
HKS_IF_NOT_SUCC_BREAK(ret)
ret = DeleteKeyBlob(fileInfo);
@ -321,11 +322,12 @@ int32_t HksStoreIsKeyBlobExist(const struct HksStoreFileInfo *fileInfo)
return ret;
}
int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath, struct HksBlob *keyBlob)
int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath, const struct HksStoreMaterial *material,
struct HksBlob *keyBlob)
{
int32_t ret;
do {
ret = RecordKeyOperation(KEY_OPERATION_GET, fileInfoPath->path, fileInfoPath->fileName);
ret = RecordKeyOperation(KEY_OPERATION_GET, material, fileInfoPath->fileName);
HKS_IF_NOT_SUCC_BREAK(ret)
ret = GetKeyBlob(fileInfoPath, keyBlob);
@ -578,7 +580,7 @@ static void DeleteUserIdMainPathAndBakPath(const char *userData, const char *deD
int32_t offset = sprintf_s(dePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s",
deDataPath, userData);
if (offset > 0) {
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", dePath);
HKS_LOG_I("delete de path, userid: %" LOG_PUBLIC "s", userData);
(void)HksDeleteDir(dePath);
} else {
HKS_LOG_E("get de path failed");
@ -588,7 +590,7 @@ static void DeleteUserIdMainPathAndBakPath(const char *userData, const char *deD
offset = sprintf_s(cePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s",
HKS_CE_ROOT_PATH, userData, ceOrEceDataPath);
if (offset > 0) {
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", cePath);
HKS_LOG_I("delete ce path, userid: %" LOG_PUBLIC "s", userData);
(void)HksDeleteDir(cePath);
} else {
HKS_LOG_E("get ce path failed");
@ -598,7 +600,7 @@ static void DeleteUserIdMainPathAndBakPath(const char *userData, const char *deD
offset = sprintf_s(ecePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s",
HKS_ECE_ROOT_PATH, userData, ceOrEceDataPath);
if (offset > 0) {
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", ecePath);
HKS_LOG_I("delete ece path, userid: %" LOG_PUBLIC "s", userData);
(void)HksDeleteDir(ecePath);
} else {
HKS_LOG_E("get ece path failed");
@ -632,7 +634,7 @@ static void DeleteUidMainPathAndBakPath(const char *userData, const char *uidDat
int32_t offset = sprintf_s(dePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s",
deDataPath, userData, uidData);
if (offset > 0) {
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", dePath);
HKS_LOG_I("delete de path, userid: %" LOG_PUBLIC "s, uid: %" LOG_PUBLIC "s", userData, uidData);
(void)HksDeleteDir(dePath);
} else {
HKS_LOG_E("get de path failed");
@ -642,7 +644,7 @@ static void DeleteUidMainPathAndBakPath(const char *userData, const char *uidDat
offset = sprintf_s(cePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
HKS_CE_ROOT_PATH, userData, ceOrEceDataPath, uidData);
if (offset > 0) {
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", cePath);
HKS_LOG_I("delete ce path, userid: %" LOG_PUBLIC "s, uid: %" LOG_PUBLIC "s", userData, uidData);
(void)HksDeleteDir(cePath);
} else {
HKS_LOG_E("get ce path failed");
@ -652,7 +654,7 @@ static void DeleteUidMainPathAndBakPath(const char *userData, const char *uidDat
offset = sprintf_s(ecePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
HKS_ECE_ROOT_PATH, userData, ceOrEceDataPath, uidData);
if (offset > 0) {
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", ecePath);
HKS_LOG_I("delete ece path, userid: %" LOG_PUBLIC "s, uid: %" LOG_PUBLIC "s", userData, uidData);
(void)HksDeleteDir(ecePath);
} else {
HKS_LOG_E("get ece path failed");
@ -710,7 +712,8 @@ void HksServiceDeleteUserIDKeyAliasFile(const struct HksBlob *userId)
// ignore these results for ensure to clear data as most as possible
ret = HksDeleteDir(userProcess);
HKS_IF_NOT_SUCC_LOGE(ret, "delete de path: %" LOG_PUBLIC "s failed, ret = %" LOG_PUBLIC "d", userProcess, ret)
HKS_IF_NOT_SUCC_LOGE(ret, "delete de path, userid: %" LOG_PUBLIC "s failed, ret = %" LOG_PUBLIC "d",
userData, ret)
#ifdef L2_STANDARD
(void)DeleteUserIdPath(userId);
#endif
@ -752,11 +755,12 @@ void HksServiceDeleteUIDKeyAliasFile(const struct HksProcessInfo *processInfo)
break;
}
HKS_LOG_I("delete path : %" LOG_PUBLIC "s", userProcess);
HKS_LOG_I("delete de path, userid: %" LOG_PUBLIC "s, uid: %" LOG_PUBLIC "s", userData, uidData);
// ignore these results for ensure to clear data as most as possible
ret = HksDeleteDir(userProcess);
HKS_IF_NOT_SUCC_LOGE(ret, "delete de path: %" LOG_PUBLIC "s failed, ret = %" LOG_PUBLIC "d", userProcess, ret)
HKS_IF_NOT_SUCC_LOGE(ret, "delete de path, userid: %" LOG_PUBLIC "s, uid: %" LOG_PUBLIC "s failed, "
"ret = %" LOG_PUBLIC "d", userData, uidData, ret)
#ifdef L2_STANDARD
(void)DeleteUidPath(processInfo);
#endif

8
services/huks_standard/huks_service/main/hks_storage/src/hks_storage_manager.c
View File

@ -307,7 +307,7 @@ int32_t HksManageStoreKeyBlob(const struct HksProcessInfo *processInfo, const st
ret = HksConstructStoreFileInfo(processInfo, paramSet, &material, &fileInfo);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks construct store file info failed, ret = %" LOG_PUBLIC "d.", ret)
ret = HksStoreKeyBlob(&fileInfo, keyBlob);
ret = HksStoreKeyBlob(&fileInfo, &material, keyBlob);
#endif
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks store key blob failed, ret = %" LOG_PUBLIC "d.", ret)
} while (0);
@ -339,7 +339,7 @@ int32_t HksManageStoreDeleteKeyBlob(const struct HksProcessInfo *processInfo, co
ret = HksConstructStoreFileInfo(processInfo, paramSet, &material, &fileInfo);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks construct store file info failed, ret = %" LOG_PUBLIC "d.", ret)
ret = HksStoreDeleteKeyBlob(&fileInfo);
ret = HksStoreDeleteKeyBlob(&fileInfo, &material);
#endif
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks delete key blob failed, ret = %" LOG_PUBLIC "d.", ret)
} while (0);
@ -404,11 +404,11 @@ int32_t HksManageStoreGetKeyBlob(const struct HksProcessInfo *processInfo, const
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks construct store file info failed, ret = %" LOG_PUBLIC "d.", ret)
if (storageType != HKS_STORAGE_TYPE_BAK_KEY) {
ret = HksStoreGetKeyBlob(&fileInfo.mainPath, keyBlob);
ret = HksStoreGetKeyBlob(&fileInfo.mainPath, &material, keyBlob);
}
#ifdef SUPPORT_STORAGE_BACKUP
else {
ret = HksStoreGetKeyBlob(&fileInfo.bakPath, keyBlob);
ret = HksStoreGetKeyBlob(&fileInfo.bakPath, &material, keyBlob);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks get key blob failed, ret = %" LOG_PUBLIC "d.", ret)
if (HksStorageWriteFile(fileInfo.mainPath.path, fileInfo.mainPath.fileName, 0,

18
services/huks_standard/huks_service/main/hks_storage/src/hks_storage_utils.c
View File

@ -280,9 +280,9 @@ void FileInfoFree(struct HksStoreFileInfo *fileInfo)
* |<- anonymous len ->||<- suffix len ->|
* |<----------------- keyAlias len ----------------------->|
*/
int32_t RecordKeyOperation(uint32_t operation, const char *path, const char *keyAlias)
int32_t RecordKeyOperation(uint32_t operation, const struct HksStoreMaterial *material, const char *keyAlias)
{
(void)path;
(void)material;
uint32_t bufSize = strlen(keyAlias) + 1;
char *outKeyAlias = (char *)HksMalloc(bufSize);
HKS_IF_NULL_RETURN(outKeyAlias, HKS_ERROR_MALLOC_FAIL)
@ -306,15 +306,19 @@ int32_t RecordKeyOperation(uint32_t operation, const char *path, const char *key
int32_t ret = HKS_SUCCESS;
switch (operation) {
case KEY_OPERATION_SAVE:
HKS_LOG_I("generate key, storage path: %" LOG_PUBLIC "s, key alias: %" LOG_PUBLIC "s",
path, outKeyAlias);
HKS_LOG_I("generate key, storage userid: %" LOG_PUBLIC "s, uid: %" LOG_PUBLIC "s, "
"storage level: %" LOG_PUBLIC "u, key alias: %" LOG_PUBLIC "s",
material->userIdPath, material->uidPath, material->pathType, outKeyAlias);
break;
case KEY_OPERATION_GET:
HKS_LOG_I("use key, storage path: %" LOG_PUBLIC "s, key alias: %" LOG_PUBLIC "s", path, outKeyAlias);
HKS_LOG_I("use key, storage userid: %" LOG_PUBLIC "s, uid: %" LOG_PUBLIC "s, "
"storage level: %" LOG_PUBLIC "u, key alias: %" LOG_PUBLIC "s",
material->userIdPath, material->uidPath, material->pathType, outKeyAlias);
break;
case KEY_OPERATION_DELETE:
HKS_LOG_I("delete key, storage path: %" LOG_PUBLIC "s, key alias: %" LOG_PUBLIC "s",
path, outKeyAlias);
HKS_LOG_I("delete key, storage userid: %" LOG_PUBLIC "s, uid: %" LOG_PUBLIC "s, "
"storage level: %" LOG_PUBLIC "u, key alias: %" LOG_PUBLIC "s",
material->userIdPath, material->uidPath, material->pathType, outKeyAlias);
break;
default:
ret = HKS_ERROR_INVALID_ARGUMENT;

20
services/huks_standard/huks_service/main/os_dependency/sa/hks_sa.cpp
View File

@ -349,18 +349,17 @@ void MoveMineOldFile(const char *oldDir, const char *newDir)
std::error_code errCode{};
std::filesystem::create_directory(newDir, errCode);
if (errCode.value() != 0) {
HKS_LOG_E("create_directory %" LOG_PUBLIC "s failed %" LOG_PUBLIC "s", newPath, errCode.message().c_str());
HKS_LOG_E("create_directory newDir failed %" LOG_PUBLIC "s", errCode.message().c_str());
}
std::filesystem::copy(curPath, newPath,
std::filesystem::copy_options::recursive | std::filesystem::copy_options::overwrite_existing, errCode);
if (errCode.value() != 0) {
HKS_LOG_E("copy %" LOG_PUBLIC "s to %" LOG_PUBLIC "s failed %" LOG_PUBLIC "s",
curPath, newPath, errCode.message().c_str());
HKS_LOG_E("copy curPath to newPath failed %" LOG_PUBLIC "s", errCode.message().c_str());
break;
}
std::filesystem::remove_all(curPath, errCode);
if (errCode.value() != 0) {
HKS_LOG_E("remove_all %" LOG_PUBLIC "s failed %" LOG_PUBLIC "s", curPath, errCode.message().c_str());
HKS_LOG_E("remove_all curPath failed %" LOG_PUBLIC "s", errCode.message().c_str());
}
}
closedir(dir);
@ -372,24 +371,23 @@ void MoveDirectoryTree(const char *oldDir, const char *newDir)
std::error_code errCode{};
std::filesystem::create_directory(newDir, errCode);
if (errCode.value() != 0) {
HKS_LOG_E("create_directory %" LOG_PUBLIC "s failed %" LOG_PUBLIC "s", newDir, errCode.message().c_str());
HKS_LOG_E("create_directory newDir failed %" LOG_PUBLIC "s", errCode.message().c_str());
} else {
HKS_LOG_I("create_directory %" LOG_PUBLIC "s ok!", newDir);
HKS_LOG_I("create_directory newDir ok!");
}
std::filesystem::copy(oldDir, newDir,
std::filesystem::copy_options::recursive | std::filesystem::copy_options::overwrite_existing, errCode);
if (errCode.value() != 0) {
HKS_LOG_E("copy %" LOG_PUBLIC "s to %" LOG_PUBLIC "s failed %" LOG_PUBLIC "s",
oldDir, newDir, errCode.message().c_str());
HKS_LOG_E("copy oldDir to newDir failed %" LOG_PUBLIC "s", errCode.message().c_str());
return;
}
HKS_LOG_I("copy %" LOG_PUBLIC "s to %" LOG_PUBLIC "s ok!", oldDir, newDir);
HKS_LOG_I("copy oldDir to newDir ok!");
std::filesystem::remove_all(oldDir, errCode);
if (errCode.value() != 0) {
HKS_LOG_E("remove_all %" LOG_PUBLIC "s failed %" LOG_PUBLIC "s", oldDir, errCode.message().c_str());
HKS_LOG_E("remove_all oldDir failed %" LOG_PUBLIC "s", errCode.message().c_str());
return;
}
HKS_LOG_I("remove_all %" LOG_PUBLIC "s ok!", oldDir);
HKS_LOG_I("remove_all oldDir ok!");
}
void HksService::OnStart()

8
services/huks_standard/huks_service/main/upgrade/file_transfer/src/hks_file_transfer.c
View File

@ -152,7 +152,7 @@ static int32_t TransferFile(const char *alias, const char *oldPath, const struct
}
// The result of the info record dose not need to take into consideration.
(void)RecordKeyOperation(KEY_OPERATION_SAVE, newPath, alias);
HKS_LOG_I("transfer key, storage userid: %" LOG_PUBLIC "d, uid: %" LOG_PUBLIC "d", info->userId, info->uid);
ret = HksFileWrite(newPath, alias, 0, fileContent->data, fileContent->size);
if (ret != HKS_SUCCESS) {
@ -229,11 +229,13 @@ static int ProcessFileUpgrade(const char *filePath, const struct stat *st, int t
struct HksUpgradeFileTransferInfo info = { 0 };
ret = HksParseConfig(alias, &fileContent, &info);
if (ret != HKS_SUCCESS) {
HKS_LOG_E("HksParseConfig failed, path is %" LOG_PUBLIC "s", filePath);
HKS_LOG_E("HksParseConfig failed, userid: %" LOG_PUBLIC "d, uid: %" LOG_PUBLIC "d",
info.userId, info.uid);
break;
}
if (info.skipTransfer) {
HKS_LOG_I("file %" LOG_PUBLIC "s should skip transfer.", filePath);
HKS_LOG_I("file should skip transfer, userid: %" LOG_PUBLIC "d, uid: %" LOG_PUBLIC "d",
info.userId, info.uid);
break;
}
HKS_IF_NOT_SUCC_LOGE(TransferFile(alias, path, &fileContent, &info), "TransferFile failed!")

2
utils/compatibility_bin/compatibility_standard_bin.c
View File

@ -47,7 +47,7 @@
static void ChangeDirAndFilesPerm(const char *path)
{
HKS_LOG_E("enter ChangeDirAndFilesPerm %" LOG_PUBLIC "s", path);
HKS_LOG_E("enter ChangeDirAndFilesPerm");
DIR *dir;
struct dirent *ptr;
dir = opendir(path);

5
utils/file_iterative_reader/src/hks_iterative_reader.c
View File

@ -137,7 +137,7 @@ static int32_t HksGetOldStoreFileInfo(const char *path, struct HksReadFileInfoLi
{
DIR *dir = opendir(path);
if (dir == NULL) {
HKS_LOG_E("open dir %" LOG_PUBLIC "s failed.", path);
HKS_LOG_E("open dir failed");
return HKS_ERROR_MAKE_DIR_FAIL;
}
struct dirent *ptr;
@ -154,8 +154,7 @@ static int32_t HksGetOldStoreFileInfo(const char *path, struct HksReadFileInfoLi
HKS_LOG_E("construct src and target path failed!");
break;
}
HKS_IF_NOT_SUCC_LOGE_BREAK(HksGetOldStoreFileInfo(subPath, infos),
"HksGetOldStoreFileInfo failed, path is %" LOG_PUBLIC "s", subPath)
HKS_IF_NOT_SUCC_LOGE_BREAK(HksGetOldStoreFileInfo(subPath, infos), "HksGetOldStoreFileInfo failed")
} else {
AppendFilePath(path, ptr->d_name, infos);
}