Add feature field

Signed-off-by: chengshaoling <chengshaoling@huawei.com>
Change-Id: Icd91fe126c29547780cdab9dc112ed9775d44320

OAT.xml

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Copyright (c) 2024 Huawei Device Co., Ltd.
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+
+    This is the configuration file template for OpenHarmony OSS Audit Tool, please copy it to your project root dir and modify it refer to OpenHarmony/tools_oat/README.
+
+-->
+
+<configuration>
+    <oatconfig>
+        <filefilterlist>
+            <filefilter name="defaultFilter" desc="Files not to check">
+                <filteritem type="filename" name="*.png|*.jpg" desc="Allow open source ux images"/>
+            </filefilter>
+        </filefilterlist>
+    </oatconfig>
+</configuration>

bundle.json

@@ -20,8 +20,7 @@
     ],
     "features": [
       "security_guard_enable",
-      "security_guard_event_file_source",
-      "security_guard_model_file_source"
+      "security_guard_enable_ext"
     ],
     "adapted_system_type": [
       "standard"

oem_property/BUILD.gn

@@ -11,7 +11,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-import("//base/security/security_guard/security_guard.gni")
 import("//build/ohos.gni")
 
 ohos_prebuilt_etc("security_guard_cfg") {
@@ -23,7 +22,7 @@ ohos_prebuilt_etc("security_guard_cfg") {
 }
 
 ohos_prebuilt_etc("security_guard_model_cfg") {
-  source = security_guard_model_file_source
+  source = "hos/security_guard_model.cfg"
   module_install_dir = ""
 
   subsystem_name = "security"
@@ -31,7 +30,7 @@ ohos_prebuilt_etc("security_guard_model_cfg") {
 }
 
 ohos_prebuilt_etc("security_guard_event_cfg") {
-  source = security_guard_event_file_source
+  source = "hos/security_guard_event.json"
   module_install_dir = ""
 
   subsystem_name = "security"

security_guard.gni

@@ -15,6 +15,5 @@ sg_root_dir = "//base/security/security_guard"
 fuzz_test_output_path = "security_guard/security_guard"
 declare_args() {
   security_guard_enable = true
-  security_guard_event_file_source = "hos/security_guard_event.json"
-  security_guard_model_file_source = "hos/security_guard_model.cfg"
+  security_guard_enable_ext = false
 }

services/config_manager/BUILD.gn

@@ -20,6 +20,11 @@ ohos_shared_library("sg_config_manager") {
 
   version_script = "sg_config_manager.map"
 
+  defines = []
+  if (security_guard_enable_ext) {
+    defines += [ "SECURITY_GUARD_ENABLE_EXT" ]
+  }
+
   configs = [ "${sg_root_dir}/resource/config/build:coverage_flags" ]
 
   include_dirs = [

services/config_manager/include/config_define.h

@@ -19,6 +19,16 @@
 #include <string>
 #include <vector>
 
+namespace {
+#ifndef SECURITY_GUARD_ENABLE_EXT
+    const std::string &SECURITY_GUARD_EVENT_CFG_FILE = "security_guard_event.json";
+    const std::string &SECURITY_GUARD_MODEL_CFG_FILE = "security_guard_model.cfg";
+#else
+    const std::string &SECURITY_GUARD_EVENT_CFG_FILE = "security_guard_event_ext.json";
+    const std::string &SECURITY_GUARD_MODEL_CFG_FILE = "security_guard_model_ext.cfg";
+#endif
+}
+
 namespace OHOS::Security::SecurityGuard {
 
 using LoadMode = enum {
@@ -37,8 +47,8 @@ using PathIndex = enum {
 };
 
 const std::vector<std::string> CONFIG_CACHE_FILES = {
-    "/data/service/el1/public/security_guard/tmp/security_guard_event.json",
-    "/data/service/el1/public/security_guard/tmp/security_guard_model.cfg",
+    "/data/service/el1/public/security_guard/tmp/" + SECURITY_GUARD_EVENT_CFG_FILE,
+    "/data/service/el1/public/security_guard/tmp/" + SECURITY_GUARD_MODEL_CFG_FILE,
     "/data/service/el1/public/security_guard/tmp/signature_rule.json",
     "/data/service/el1/public/security_guard/tmp/url_rule.json",
     "/data/service/el1/public/security_guard/tmp/local_app_attribute.json",
@@ -47,8 +57,8 @@ const std::vector<std::string> CONFIG_CACHE_FILES = {
 };
 
 const std::vector<std::string> CONFIG_UPTATE_FILES = {
-    "/data/service/el1/public/security_guard/security_guard_event.json",
-    "/data/service/el1/public/security_guard/security_guard_model.cfg",
+    "/data/service/el1/public/security_guard/" + SECURITY_GUARD_EVENT_CFG_FILE,
+    "/data/service/el1/public/security_guard/" + SECURITY_GUARD_MODEL_CFG_FILE,
     "/data/service/el1/public/security_guard/signature_rule.json",
     "/data/service/el1/public/security_guard/url_rule.json",
     "/data/service/el1/public/security_guard/local_app_attr.json",
@@ -57,8 +67,8 @@ const std::vector<std::string> CONFIG_UPTATE_FILES = {
 };
 
 const std::vector<std::string> CONFIG_PRESET_FILES = {
-    "/system/etc/security_guard_event.json",
-    "/system/etc/security_guard_model.cfg"
+    "/system/etc/" + SECURITY_GUARD_EVENT_CFG_FILE,
+    "/system/etc/" + SECURITY_GUARD_MODEL_CFG_FILE
 };
 
 const std::string CONFIG_ROOT_PATH = "/data/service/el1/public/security_guard/";

services/data_collect/BUILD.gn

@@ -24,6 +24,11 @@ ohos_shared_library("sg_collect_service") {
     "${sg_root_dir}/resource/config/build:coverage_flags",
   ]
 
+  defines = []
+  if (security_guard_enable_ext) {
+    defines += [ "SECURITY_GUARD_ENABLE_EXT" ]
+  }
+
   include_dirs = [
     "${sg_root_dir}/interfaces/inner_api/collect/include",
     "${sg_root_dir}/interfaces/inner_api/collector/include",

services/data_collect/sa/data_collect_manager_service.cpp

@@ -70,12 +70,15 @@ namespace {
         {"ConfigUpdate", {MANAGE_CONFIG_PERMISSION}},
         {"QuerySecurityEventConfig", {MANAGE_CONFIG_PERMISSION}},
     };
-
-    const std::string TRUST_LIST_FILE_PATH = "/system/etc/config_update_trust_list.json";
     std::unordered_set<std::string> g_configCacheFilesSet;
     constexpr uint32_t FINISH = 0;
     constexpr uint32_t CONTINUE = 1;
     constexpr size_t MAX_DISTRIBUTE_LENS = 100;
+#ifndef SECURITY_GUARD_ENABLE_EXT
+    const std::string TRUST_LIST_FILE_PATH = "/system/etc/config_update_trust_list.json";
+#else
+    const std::string TRUST_LIST_FILE_PATH = "/system/etc/config_update_trust_list_ext.json";
+#endif
 }
 
 REGISTER_SYSTEM_ABILITY_BY_ID(DataCollectManagerService, DATA_COLLECT_MANAGER_SA_ID, true);

services/security_collector/BUILD.gn

@@ -30,6 +30,11 @@ ohos_shared_library("security_collector_service") {
     "${sg_root_dir}/interfaces/inner_api/data_collect_manager/include",
   ]
 
+  defines = []
+  if (security_guard_enable_ext) {
+    defines += [ "SECURITY_GUARD_ENABLE_EXT" ]
+  }
+
   sources = [
     "${sg_root_dir}/frameworks/common/collector/src/security_collector_subscribe_info.cpp",
     "${sg_root_dir}/frameworks/common/json/src/json_cfg.cpp",

services/security_collector/src/data_collection.cpp

@@ -22,7 +22,11 @@
 
 namespace OHOS::Security::SecurityCollector {
 namespace {
+#ifndef SECURITY_GUARD_ENABLE_EXT
     const char* SA_CONFIG_PATH = "/system/etc/security_audit.cfg";
+#else
+    const char* SA_CONFIG_PATH = "/system/etc/security_audit_ext.cfg";
+#endif
 }
 
 DataCollection &DataCollection::GetInstance()

test/fuzztest/config_manager/configmanager_fuzzer/BUILD.gn

@@ -39,6 +39,11 @@ ohos_fuzztest("ConfigManagerFuzzTest") {
     "-fno-omit-frame-pointer",
   ]
 
+  defines = []
+  if (security_guard_enable_ext) {
+    defines += [ "SECURITY_GUARD_ENABLE_EXT" ]
+  }
+
   sources = [
     "${sg_root_dir}/frameworks/common/json/src/json_cfg.cpp",
     "${sg_root_dir}/frameworks/common/utils/src/security_guard_utils.cpp",

test/fuzztest/data_collect/datacollect_fuzzer/BUILD.gn

@@ -50,6 +50,10 @@ ohos_fuzztest("DataCollectFuzzTest") {
     "-fno-omit-frame-pointer",
   ]
 
+  defines = []
+  if (security_guard_enable_ext) {
+    defines += [ "SECURITY_GUARD_ENABLE_EXT" ]
+  }
   sources = [
     "${sg_root_dir}/frameworks/common/collector/src/security_collector_subscribe_info.cpp",
     "${sg_root_dir}/frameworks/common/json/src/json_cfg.cpp",

test/fuzztest/security_collector/securitycollector_fuzzer/BUILD.gn

@@ -20,6 +20,11 @@ ohos_fuzztest("SecurityCollectorFuzzTest") {
   fuzz_config_file =
       "${sg_root_dir}/test/fuzztest/security_collector/securitycollector_fuzzer"
 
+  defines = []
+  if (security_guard_enable_ext) {
+    defines += [ "SECURITY_GUARD_ENABLE_EXT" ]
+  }
+
   include_dirs = [
     "${sg_root_dir}/interfaces/inner_api/common/include",
     "${sg_root_dir}/interfaces/inner_api/collector/include",

test/unittest/config_manager/BUILD.gn

@@ -37,6 +37,11 @@ ohos_unittest("SecurityGuardConfigManagerTest") {
     "${sg_root_dir}/interfaces/inner_api/classify/include",
   ]
 
+  defines = []
+  if (security_guard_enable_ext) {
+    defines += [ "SECURITY_GUARD_ENABLE_EXT" ]
+  }
+
   sources = [
     "${sg_root_dir}/frameworks/common/json/src/json_cfg.cpp",
     "${sg_root_dir}/frameworks/common/utils/src/security_guard_utils.cpp",

test/unittest/config_manager/src/security_guard_config_manager_test.cpp

@@ -203,9 +203,9 @@ HWTEST_F(SecurityGuardConfigManagerTest, TestConfigDataManager003, TestSize.Leve
 HWTEST_F(SecurityGuardConfigManagerTest, TestConfigSubsciber003, TestSize.Level1)
 {
     EXPECT_TRUE(
-        ConfigSubscriber::UpdateConfig("/data/service/el1/public/security_guard/tmp/security_guard_event.json"));
+        ConfigSubscriber::UpdateConfig(CONFIG_CACHE_FILES[EVENT_CFG_INDEX]));
     EXPECT_TRUE(
-        ConfigSubscriber::UpdateConfig("/data/service/el1/public/security_guard/tmp/security_guard_model.cfg"));
+        ConfigSubscriber::UpdateConfig(CONFIG_CACHE_FILES[MODEL_CFG_INDEX]));
     EXPECT_TRUE(ConfigSubscriber::UpdateConfig("/data/service/el1/public/security_guard/tmp/signature_rule.json"));
 }
 

test/unittest/data_collect/BUILD.gn

@@ -19,7 +19,10 @@ ohos_unittest("data_collect_test") {
   part_name = "security_guard"
   subsystem_name = "security"
   module_out_path = part_name + "/" + part_name
-
+  defines = []
+  if (security_guard_enable_ext) {
+    defines += [ "SECURITY_GUARD_ENABLE_EXT" ]
+  }
   include_dirs = [
     "include",
     "${sg_root_dir}/services/config_manager/include",
@@ -206,6 +209,11 @@ ohos_unittest("SecurityGuardDataCollectSaTest") {
     "${sg_root_dir}/services/risk_classify/model_manager/include",
   ]
 
+  defines = []
+  if (security_guard_enable_ext) {
+    defines += [ "SECURITY_GUARD_ENABLE_EXT" ]
+  }
+
   sources = [
     "${sg_root_dir}/frameworks/common/json/src/json_cfg.cpp",
     "${sg_root_dir}/frameworks/common/utils/src/security_guard_utils.cpp",

test/unittest/data_collect/include/config_define.h

@@ -19,6 +19,16 @@
 #include <string>
 #include <vector>
 
+namespace {
+#ifndef SECURITY_GUARD_ENABLE_EXT
+    const std::string &SECURITY_GUARD_EVENT_CFG_FILE = "security_guard_event.json";
+    const std::string &SECURITY_GUARD_MODEL_CFG_FILE = "security_guard_model.cfg";
+#else
+    const std::string &SECURITY_GUARD_EVENT_CFG_FILE = "security_guard_event_ext.json";
+    const std::string &SECURITY_GUARD_MODEL_CFG_FILE = "security_guard_model_ext.cfg";
+#endif
+}
+
 namespace OHOS::Security::SecurityGuard {
 using LoadMode = enum {
     INIT_MODE,
@@ -31,18 +41,20 @@ using PathIndex = enum {
 };
 
 const std::vector<std::string> CONFIG_CACHE_FILES = {
-    "/data/app/el1/100/base/com.ohos.security.hsdr/cache/security_guard/security_guard/security_guard_event.json",
-    "/data/app/el1/100/base/com.ohos.security.hsdr/cache/security_guard/security_guard/security_guard_model.cfg"
+    "/data/app/el1/100/base/com.ohos.security.hsdr/cache/security_guard/security_guard/"
+        + SECURITY_GUARD_EVENT_CFG_FILE,
+    "/data/app/el1/100/base/com.ohos.security.hsdr/cache/security_guard/security_guard/"
+        + SECURITY_GUARD_MODEL_CFG_FILE
 };
 
 const std::vector<std::string> CONFIG_UPTATE_FILES = {
-    "/data/service/el1/public/security_guard/security_guard_event.json",
-    "/data/service/el1/public/security_guard/security_guard_model.cfg"
+    "/data/service/el1/public/security_guard/" + SECURITY_GUARD_EVENT_CFG_FILE,
+    "/data/service/el1/public/security_guard/" + SECURITY_GUARD_MODEL_CFG_FILE
 };
 
 const std::vector<std::string> CONFIG_PRESET_FILES = {
-    "/system/etc/security_guard_event.json",
-    "/system/etc/security_guard_model.cfg"
+    "/system/etc/" + SECURITY_GUARD_EVENT_CFG_FILE,
+    "/system/etc/" + SECURITY_GUARD_MODEL_CFG_FILE
 };
 
 const std::string CONFIG_ROOT_PATH = "/data/app/el1/100/base/com.ohos.security.hsdr/cache/";

test/unittest/data_collect/sa/security_guard_data_collect_sa_test.cpp

@@ -1415,7 +1415,7 @@ HWTEST_F(SecurityGuardDataCollectSaTest, ConfigUpdate03, TestSize.Level1)
 HWTEST_F(SecurityGuardDataCollectSaTest, ConfigUpdate04, TestSize.Level1)
 {
     SecurityGuard::SecurityConfigUpdateInfo subscribeInfo(-1,
-        "security_guard_event.json");
+        CONFIG_CACHE_FILES[EVENT_CFG_INDEX]);
     sptr<MockRemoteObject> obj(new (std::nothrow) MockRemoteObject());
 
     EXPECT_CALL(*(AccessToken::AccessTokenKit::GetInterface()), VerifyAccessToken)

test/unittest/mock/config_manager/config_define.h

@@ -19,6 +19,16 @@
 #include <string>
 #include <vector>
 
+namespace {
+#ifndef SECURITY_GUARD_ENABLE_EXT
+    const std::string &SECURITY_GUARD_EVENT_CFG_FILE = "security_guard_event.json";
+    const std::string &SECURITY_GUARD_MODEL_CFG_FILE = "security_guard_model.cfg";
+#else
+    const std::string &SECURITY_GUARD_EVENT_CFG_FILE = "security_guard_event_ext.json";
+    const std::string &SECURITY_GUARD_MODEL_CFG_FILE = "security_guard_model_ext.cfg";
+#endif
+}
+
 namespace OHOS::Security::SecurityGuard {
 using LoadMode = enum {
     INIT_MODE,
@@ -31,18 +41,18 @@ using PathIndex = enum {
 };
 
 const std::vector<std::string> CONFIG_CACHE_FILES = {
-    "/data/service/el1/public/security_guard/test/tmp/security_guard_event.json",
-    "/data/service/el1/public/security_guard/test/tmp/security_guard_model.cfg",
+    "/data/service/el1/public/security_guard/test/tmp/" + SECURITY_GUARD_EVENT_CFG_FILE,
+    "/data/service/el1/public/security_guard/test/tmp/" + SECURITY_GUARD_MODEL_CFG_FILE,
 };
 
 const std::vector<std::string> CONFIG_UPTATE_FILES = {
-    "/data/service/el1/public/security_guard/security_guard_event.json",
-    "/data/service/el1/public/security_guard/security_guard_model.cfg",
+    "/data/service/el1/public/security_guard/" + SECURITY_GUARD_EVENT_CFG_FILE,
+    "/data/service/el1/public/security_guard/" + SECURITY_GUARD_MODEL_CFG_FILE,
 };
 
 const std::vector<std::string> CONFIG_PRESET_FILES = {
-    "/system/etc/security_guard_event.json",
-    "/system/etc/security_guard_model.cfg"
+    "/system/etc/" + SECURITY_GUARD_EVENT_CFG_FILE,
+    "/system/etc/" + SECURITY_GUARD_MODEL_CFG_FILE
 };
 
 const std::string CONFIG_ROOT_PATH = "/data/service/el1/public/security_guard/test/";

test/unittest/model_manager/include/config_define.h

@@ -19,6 +19,16 @@
 #include <string>
 #include <vector>
 
+namespace {
+#ifndef SECURITY_GUARD_ENABLE_EXT
+    const std::string &SECURITY_GUARD_EVENT_CFG_FILE = "security_guard_event.json";
+    const std::string &SECURITY_GUARD_MODEL_CFG_FILE = "security_guard_model.cfg";
+#else
+    const std::string &SECURITY_GUARD_EVENT_CFG_FILE = "security_guard_event_ext.json";
+    const std::string &SECURITY_GUARD_MODEL_CFG_FILE = "security_guard_model_ext.cfg";
+#endif
+}
+
 namespace OHOS::Security::SecurityGuard {
 using LoadMode = enum {
     INIT_MODE,
@@ -31,18 +41,20 @@ using PathIndex = enum {
 };
 
 const std::vector<std::string> CONFIG_CACHE_FILES = {
-    "/data/app/el1/100/base/com.ohos.security.hsdr/cache/security_guard/security_guard/security_guard_event.json",
-    "/data/app/el1/100/base/com.ohos.security.hsdr/cache/security_guard/security_guard/security_guard_model.cfg"
+    "/data/app/el1/100/base/com.ohos.security.hsdr/cache/security_guard/security_guard/"
+        + SECURITY_GUARD_EVENT_CFG_FILE,
+    "/data/app/el1/100/base/com.ohos.security.hsdr/cache/security_guard/security_guard/"
+        + SECURITY_GUARD_MODEL_CFG_FILE
 };
 
 const std::vector<std::string> CONFIG_UPTATE_FILES = {
-    "/data/service/el1/public/security_guard/security_guard_event.json",
-    "/data/service/el1/public/security_guard/security_guard_model.cfg"
+    "/data/service/el1/public/security_guard/" + SECURITY_GUARD_EVENT_CFG_FILE,
+    "/data/service/el1/public/security_guard/" + SECURITY_GUARD_MODEL_CFG_FILE
 };
 
 const std::vector<std::string> CONFIG_PRESET_FILES = {
-    "/system/etc/security_guard_event.json",
-    "/system/etc/security_guard_model.cfg"
+    "/system/etc/" + SECURITY_GUARD_EVENT_CFG_FILE,
+    "/system/etc/" + SECURITY_GUARD_MODEL_CFG_FILE
 };
 
 const std::string CONFIG_ROOT_PATH = "/data/app/el1/100/base/com.ohos.security.hsdr/cache/";

test/unittest/security_collector/BUILD.gn

@@ -160,6 +160,11 @@ ohos_unittest("DataCollectionTest") {
   subsystem_name = "security"
   module_out_path = part_name + "/" + part_name
 
+  defines = []
+  if (security_guard_enable_ext) {
+    defines += [ "SECURITY_GUARD_ENABLE_EXT" ]
+  }
+
   include_dirs = [
     "data_collection/include",
     "${sg_root_dir}/interfaces/inner_api/collector/include",