!1061 增加打点：调用者是否在后台发起AuthWidget

Merge pull request !1061 from liuziwei/master
2025-02-16 22:57:59 +00:00 · 2024-10-15 02:27:36 +00:00 · 2024-10-15 02:27:36 +00:00 · 1f8db3fe80
commit 1f8db3fe80
parent 5522e1178e d0c08a54de
12 changed files with 117 additions and 13 deletions
--- a/frameworks/native/common/dfx/inc/hisysevent_adapter.h
+++ b/frameworks/native/common/dfx/inc/hisysevent_adapter.h
@ -38,6 +38,7 @@ struct UserAuthTrace {
    std::string remoteUdid;
    std::string connectionName;
    std::string authFinishReason;
+    bool isBackgroundApplication = false;
 };

 struct UserAuthFwkTrace {
--- a/frameworks/native/common/dfx/src/hisysevent_adapter.cpp
+++ b/frameworks/native/common/dfx/src/hisysevent_adapter.cpp
@ -58,6 +58,7 @@ constexpr char STR_NETWORK_ID[] = "NETWORK_ID";
 constexpr char STR_SOCKET_ID[] = "SOCKET_ID";
 constexpr char STR_AUTH_FINISH_REASON[] = "AUTH_FINISH_REASON";
 constexpr char STR_OPERATION_TIME[] = "OPERATION_TIME";
+constexpr char STR_IS_BACKGROUND_APPLICATION[] = "IS_BACKGROUND_APPLICATION";

 static std::string MaskForStringId(const std::string &id)
 {
@ -149,7 +150,8 @@ void ReportUserAuth(const UserAuthTrace &info)
        STR_LOCAL_UDID, MaskForStringId(info.localUdid),
        STR_REMOTE_UDID, MaskForStringId(info.remoteUdid),
        STR_CONNECTION_NAME, info.connectionName,
-        STR_AUTH_FINISH_REASON, info.authFinishReason);
+        STR_AUTH_FINISH_REASON, info.authFinishReason,
+        STR_IS_BACKGROUND_APPLICATION, info.isBackgroundApplication);
    if (ret != 0) {
        IAM_LOGE("hisysevent write failed! ret %{public}d", ret);
    }
--- a/hisysevent.yaml
+++ b/hisysevent.yaml
@ -63,6 +63,7 @@ USERIAM_USER_AUTH:
  REMOTE_UDID: {type: STRING, desc: remote udid mask}
  CONNECTION_NAME: {type: STRING, desc: connection name}
  AUTH_FINISH_REASON: {type: STRING, desc: auth finish reason}
+  IS_BACKGROUND_APPLICATION: {type: BOOL, desc: is foreground application}

 USERIAM_USER_AUTH_FWK:
  __BASE: {type: SECURITY, level: CRITICAL, tag: UserAuth, desc: user auth security message}
--- a/services/context/inc/context_callback.h
+++ b/services/context/inc/context_callback.h
@ -56,6 +56,7 @@ public:
        std::optional<std::string> localUdid;
        std::optional<std::string> connectionName;
        std::optional<std::string> authFinishReason;
+        std::optional<bool> isBackgroundApplication;
    };
    using Notify = std::function<void(const MetaData &metaData, TraceFlag flag)>;
    static ContextCallbackNotifyListener &GetInstance();
@ -93,6 +94,7 @@ public:
    virtual void SetTraceRemoteUdid(const std::string &remoteUdid) = 0;
    virtual void SetTraceConnectionName(const std::string &connectionName) = 0;
    virtual void SetTraceAuthFinishReason(const std::string &authFinishReason) = 0;
+    virtual void SetTraceIsBackgroundApplication(bool isBackgroundApplication) = 0;
    virtual void ProcessAuthResult(int32_t tip, const std::vector<uint8_t> &extraInfo) = 0;
    virtual sptr<IamCallbackInterface> GetIamCallback() = 0;
    virtual std::string GetCallerName() = 0;
--- a/services/context/src/context_callback_impl.cpp
+++ b/services/context/src/context_callback_impl.cpp
@ -208,6 +208,11 @@ void ContextCallbackImpl::SetTraceAuthFinishReason(const std::string &authFinish
    metaData_.authFinishReason = authFinishReason;
 }

+void ContextCallbackImpl::SetTraceIsBackgroundApplication(bool isBackgroundApplication)
+{
+    metaData_.isBackgroundApplication = isBackgroundApplication;
+}
+
 void ContextCallbackImpl::SetCleaner(Context::ContextStopCallback callback)
 {
    stopCallback_ = callback;
--- a/services/context/src/context_callback_impl.h
+++ b/services/context/src/context_callback_impl.h
@ -48,6 +48,7 @@ public:
    void SetTraceRemoteUdid(const std::string &remoteUdid) override;
    void SetTraceConnectionName(const std::string &connectionName) override;
    void SetTraceAuthFinishReason(const std::string &authFinishReason) override;
+    void SetTraceIsBackgroundApplication(bool isBackgroundApplication) override;
    void SetCleaner(Context::ContextStopCallback callback) override;
    void ProcessAuthResult(int32_t tip, const std::vector<uint8_t> &extraInfo) override;
    sptr<IamCallbackInterface> GetIamCallback() override;
--- a/services/context/src/trace.cpp
+++ b/services/context/src/trace.cpp
@ -122,9 +122,8 @@ void Trace::CopyMetaDataToTraceInfo(const ContextCallbackNotifyListener::MetaDat
        info.callerType = metaData.callerType.value();
    }
    info.authResult = metaData.operationResult;
-    uint64_t timeSpan = static_cast<uint64_t>(std::chrono::duration_cast<std::chrono::milliseconds>(metaData.endTime -
+    info.authtimeSpan = static_cast<uint64_t>(std::chrono::duration_cast<std::chrono::milliseconds>(metaData.endTime -
        metaData.startTime).count());
-    info.authtimeSpan = timeSpan;
    if (metaData.authWidgetType.has_value()) {
        info.authWidgetType = metaData.authWidgetType.value();
    }
@ -149,6 +148,9 @@ void Trace::CopyMetaDataToTraceInfo(const ContextCallbackNotifyListener::MetaDat
    if (metaData.authFinishReason.has_value()) {
        info.authFinishReason = metaData.authFinishReason.value();
    }
+    if (metaData.isBackgroundApplication.has_value()) {
+        info.isBackgroundApplication = metaData.isBackgroundApplication.value();
+    }
 }

 void Trace::ProcessUserAuthEvent(const ContextCallbackNotifyListener::MetaData &metaData, TraceFlag flag)
--- a/services/ipc/inc/user_auth_service.h
+++ b/services/ipc/inc/user_auth_service.h
@ -79,8 +79,8 @@ private:
    bool CheckAuthTrustLevel(AuthTrustLevel authTrustLevel);
    bool CheckSingeFaceOrFinger(const std::vector<AuthType> &authType);
    int32_t CheckAuthWidgetType(const std::vector<AuthType> &authType);
-    int32_t CheckAuthPermissionAndParam(const std::string &callerName, int32_t callerType,
-        const AuthParamInner &authParam, const WidgetParam &widgetParam);
+    int32_t CheckAuthPermissionAndParam(const AuthParamInner &authParam, const WidgetParam &widgetParam,
+        bool isBackgroundApplication);
    uint64_t StartWidgetContext(const std::shared_ptr<ContextCallback> &contextCallback,
        const AuthParamInner &authParam, const WidgetParam &widgetParam, std::vector<AuthType> &validType,
        ContextFactory::AuthWidgetContextPara &para);
@ -101,7 +101,7 @@ private:
    int32_t CheckValidSolution(int32_t userId, const AuthParamInner &authParam, const WidgetParam &widgetParam,
        std::vector<AuthType> &validType);
    int32_t GetCallerInfo(bool isUserIdSpecified, int32_t userId, ContextFactory::AuthWidgetContextPara &para,
-        std::shared_ptr<ContextCallback> &contextCallback);
+        bool &isBackgroundApplication, std::shared_ptr<ContextCallback> &contextCallback);
    void FillGetPropertyKeys(AuthType authType, const std::vector<Attributes::AttributeKey> &keys,
        std::vector<uint32_t> &uint32Keys);
    void FillGetPropertyValue(AuthType authType, const std::vector<Attributes::AttributeKey> &keys, Attributes &values);
--- a/services/ipc/src/user_auth_service.cpp
+++ b/services/ipc/src/user_auth_service.cpp
@ -804,8 +804,8 @@ bool UserAuthService::CheckSingeFaceOrFinger(const std::vector<AuthType> &authTy
    return false;
 }

-int32_t UserAuthService::CheckAuthPermissionAndParam(const std::string &callerName, int32_t callerType,
-    const AuthParamInner &authParam, const WidgetParam &widgetParam)
+int32_t UserAuthService::CheckAuthPermissionAndParam(const AuthParamInner &authParam, const WidgetParam &widgetParam,
+    bool isBackgroundApplication)
 {
    if (!IpcCommon::CheckPermission(*this, IS_SYSTEM_APP) &&
        (widgetParam.windowMode != WindowModeType::UNKNOWN_WINDOW_MODE)) {
@ -820,8 +820,7 @@ int32_t UserAuthService::CheckAuthPermissionAndParam(const std::string &callerNa
        IAM_LOGE("CheckPermission failed");
        return CHECK_PERMISSION_FAILED;
    }
-    if (callerType == Security::AccessToken::TOKEN_HAP && (!IpcCommon::CheckPermission(*this, IS_SYSTEM_APP)) &&
-        (!IpcCommon::CheckForegroundApplication(callerName))) {
+    if (isBackgroundApplication && (!IpcCommon::CheckPermission(*this, IS_SYSTEM_APP))) {
        IAM_LOGE("failed to check foreground application");
        return CHECK_PERMISSION_FAILED;
    }
@ -904,13 +903,20 @@ int32_t UserAuthService::CheckValidSolution(int32_t userId, const AuthParamInner
 }

 int32_t UserAuthService::GetCallerInfo(bool isUserIdSpecified, int32_t userId,
-    ContextFactory::AuthWidgetContextPara &para, std::shared_ptr<ContextCallback> &contextCallback)
+    ContextFactory::AuthWidgetContextPara &para, bool &isBackgroundApplication,
+    std::shared_ptr<ContextCallback> &contextCallback)
 {
    static_cast<void>(IpcCommon::GetCallerName(*this, para.callerName, para.callerType));
    contextCallback->SetTraceCallerName(para.callerName);
    contextCallback->SetTraceCallerType(para.callerType);
    static_cast<void>(IpcCommon::GetCallingAppID(*this, para.callingAppID));

+    if (para.sdkVersion < INNER_API_VERSION_10000 && para.callerType == Security::AccessToken::TOKEN_HAP &&
+        (!IpcCommon::CheckForegroundApplication(para.callerName))) {
+        isBackgroundApplication = true;
+    }
+    contextCallback->SetTraceIsBackgroundApplication(isBackgroundApplication);
+
    if (isUserIdSpecified) {
        para.userId = userId;
        contextCallback->SetTraceUserId(para.userId);
@ -936,13 +942,15 @@ uint64_t UserAuthService::AuthWidget(int32_t apiVersion, const AuthParamInner &a
    ContextFactory::AuthWidgetContextPara para;
    para.sdkVersion = apiVersion;
    Attributes extraInfo;
-    int32_t checkRet = GetCallerInfo(authParam.isUserIdSpecified, authParam.userId, para, contextCallback);
+    bool isBackgroundApplication = false;
+    int32_t checkRet = GetCallerInfo(authParam.isUserIdSpecified, authParam.userId, para, isBackgroundApplication,
+        contextCallback);
    if (checkRet != SUCCESS) {
        contextCallback->SetTraceAuthFinishReason("UserAuthService AuthWidget GetCallerInfo fail");
        contextCallback->OnResult(checkRet, extraInfo);
        return BAD_CONTEXT_ID;
    }
-    checkRet = CheckAuthPermissionAndParam(para.callerName, para.callerType, authParam, widgetParam);
+    checkRet = CheckAuthPermissionAndParam(authParam, widgetParam, isBackgroundApplication);
    if (checkRet != SUCCESS) {
        IAM_LOGE("check permission and auth widget param failed");
        contextCallback->SetTraceAuthFinishReason("UserAuthService AuthWidget CheckAuthPermissionAndParam fail");
--- a/test/fuzztest/services/context/contextcallbackimpl_fuzzer/context_callback_impl_fuzzer.cpp
+++ b/test/fuzztest/services/context/contextcallbackimpl_fuzzer/context_callback_impl_fuzzer.cpp
@ -101,6 +101,9 @@ void FillSet(Parcel &parcel)
    uint64_t reuseUnlockResultDuration = parcel.ReadUint64();
    g_ContextCallback->SetTraceReuseUnlockResultDuration(reuseUnlockResultDuration);

+    bool isBackgroundApplication = parcel.ReadBool();
+    g_ContextCallback->SetTraceIsBackgroundApplication(isBackgroundApplication);
+
    g_ContextCallback->SetCleaner(nullptr);

    int32_t callerType = parcel.ReadInt32();
--- a/test/fuzztest/services/context/remoteauthcontext_fuzzer/remote_auth_context_fuzzer.cpp
+++ b/test/fuzztest/services/context/remoteauthcontext_fuzzer/remote_auth_context_fuzzer.cpp
@ -27,6 +27,7 @@
 #include "context_pool.h"
 #include "context_callback_impl.h"
 #include "simple_auth_context.h"
+#include "iam_common_defines.h"
 #include "iam_fuzz_test.h"
 #include "iam_logger.h"
 #include "iam_ptr.h"
@ -34,6 +35,8 @@
 #include "remote_auth_invoker_context.h"
 #include "remote_iam_callback.h"
 #include "context_appstate_observer.h"
+#include "auth_widget_helper.h"
+#include "remote_auth_service.h"

 #define LOG_TAG "USER_AUTH_SA"

@ -191,12 +194,87 @@ void RemoteIamCallbackFuzzTest(Parcel &parcel)
    IAM_LOGI("end");
 }

+void FuzzAuthWidgetHelper(Parcel &parcel)
+{
+    AuthParamInner authParam;
+    authParam.authTypes.push_back(FACE);
+    authParam.authTypes.push_back(ALL);
+    authParam.authTypes.push_back(PIN);
+    authParam.authTypes.push_back(FINGERPRINT);
+    authParam.authTrustLevel = ATL2;
+    WidgetParam widgetParam;
+    widgetParam.title = "使用密码验证";
+    widgetParam.navigationButtonText = "确定";
+    ContextFactory::AuthWidgetContextPara para;
+    para.userId = MAIN_USER_ID;
+    std::vector<AuthType> validType = {PIN, FACE, FINGERPRINT};
+    AuthWidgetHelper::InitWidgetContextParam(authParam, validType, widgetParam, para);
+}
+
+void FuzzGetUserAuthProfile(Parcel &parcel)
+{
+    int32_t userId = MAIN_USER_ID;
+    AuthType authType = PIN;
+    ContextFactory::AuthProfile profile = {};
+    AuthWidgetHelper::GetUserAuthProfile(userId, authType, profile);
+}
+
+void FillIAttributes(Parcel &parcel, Attributes &attributes)
+{
+    bool fillNull = parcel.ReadBool();
+    if (fillNull) {
+        return;
+    }
+
+    attributes.SetUint64Value(Attributes::ATTR_TEMPLATE_ID, parcel.ReadUint64());
+    attributes.SetUint64Value(Attributes::ATTR_CALLER_UID, parcel.ReadUint64());
+    attributes.SetUint32Value(Attributes::ATTR_PROPERTY_MODE, parcel.ReadUint32());
+    std::vector<uint64_t> templateIdList;
+    FillFuzzUint64Vector(parcel, templateIdList);
+    attributes.GetUint64ArrayValue(Attributes::ATTR_TEMPLATE_ID_LIST, templateIdList);
+    std::vector<uint8_t> extraInfo;
+    FillFuzzUint8Vector(parcel, extraInfo);
+    attributes.GetUint64ArrayValue(Attributes::ATTR_EXTRA_INFO, templateIdList);
+    attributes.SetUint64Value(Attributes::ATTR_CALLER_UID, parcel.ReadUint64());
+    attributes.SetUint32Value(Attributes::ATTR_SCHEDULE_MODE, parcel.ReadUint32());
+}
+
+void FuzzCheckValidSolution(Parcel &parcel)
+{
+    int32_t userId = MAIN_USER_ID;
+    std::vector<AuthType> authTypeList = {PIN, FACE, FINGERPRINT};
+    AuthTrustLevel atl = ATL2;
+    std::vector<AuthType> validTypeList = {PIN, FACE, FINGERPRINT};
+    AuthWidgetHelper::CheckValidSolution(userId, authTypeList, atl, validTypeList);
+}
+
+void FuzzCheckReuseUnlockResult(Parcel &parcel)
+{
+    ContextFactory::AuthWidgetContextPara para;
+    para.userId = MAIN_USER_ID;
+    std::vector<uint8_t> challenge;
+    FillFuzzUint8Vector(parcel, challenge);
+    AuthParamInner authParam = {
+        .userId = parcel.ReadInt32(),
+        .challenge = challenge,
+        .authType = static_cast<AuthType>(parcel.ReadInt32()),
+        .authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32()),
+    };
+    Attributes extraInfo;
+    FillIAttributes(parcel, extraInfo);
+    AuthWidgetHelper::CheckReuseUnlockResult(para, authParam, extraInfo);
+}
+
 using FuzzFunc = decltype(ContextAppStateObserverFuzzTest);
 FuzzFunc *g_fuzzFuncs[] = {
    ContextAppStateObserverFuzzTest,
    RemoteAuthContextFuzzTest,
    RemoteAuthInvokerContextFuzzTest,
    RemoteIamCallbackFuzzTest,
+    FuzzAuthWidgetHelper,
+    FuzzGetUserAuthProfile,
+    FuzzCheckValidSolution,
+    FuzzCheckReuseUnlockResult,
 };

 void RemoteAuthContextFuzzTest(const uint8_t *data, size_t size)
--- a/test/unittest/services/mocks/mock_context.h
+++ b/test/unittest/services/mocks/mock_context.h
@ -59,6 +59,7 @@ public:
    MOCK_METHOD1(SetTraceLocalUdid, void(const std::string &LocalUdid));
    MOCK_METHOD1(SetTraceConnectionName, void(const std::string &connectionName));
    MOCK_METHOD1(SetTraceAuthFinishReason, void(const std::string &authFinishReason));
+    MOCK_METHOD1(SetTraceIsBackgroundApplication, void(const bool isBackgroundApplication));
 };

 class MockContext final : public Context {