/* * Copyright (c) 2023-2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "deviceprofile_connector.h" #include "dm_anonymous.h" #include "dm_constants.h" #include "dm_crypto.h" #include "dm_log.h" #include "multiple_user_connector.h" #include "distributed_device_profile_client.h" using namespace OHOS::DistributedDeviceProfile; namespace OHOS { namespace DistributedHardware { DM_IMPLEMENT_SINGLE_INSTANCE(DeviceProfileConnector); std::vector DeviceProfileConnector::GetAccessControlProfile() { std::vector profiles; std::map queryParams; int32_t userId = MultipleUserConnector::GetCurrentAccountUserID(); queryParams["userId"] = std::to_string(userId); if (DistributedDeviceProfileClient::GetInstance().GetAccessControlProfile(queryParams, profiles) != DM_OK) { LOGE("DP GetAccessControlProfile failed."); } return profiles; } std::vector DeviceProfileConnector::GetAccessControlProfileByUserId(int32_t userId) { std::vector profiles; std::map queryParams; queryParams[USERID] = std::to_string(userId); if (DistributedDeviceProfileClient::GetInstance().GetAccessControlProfile(queryParams, profiles) != DM_OK) { LOGE("DP GetAccessControlProfileByUserId failed."); } return profiles; } std::unordered_map DeviceProfileConnector::GetAppTrustDeviceList(const std::string &pkgName, const std::string &deviceId) { std::vector profiles = GetAccessControlProfile(); std::unordered_map deviceIdMap; for (auto &item : profiles) { std::string trustDeviceId = item.GetTrustDeviceId(); if (trustDeviceId == deviceId || item.GetStatus() != ACTIVE) { continue; } DmDiscoveryInfo discoveryInfo = {pkgName, deviceId}; int32_t bindType = HandleDmAuthForm(item, discoveryInfo); LOGI("The udid %{public}s in ACL authForm is %{public}d.", GetAnonyString(trustDeviceId).c_str(), bindType); if (bindType == DmAuthForm::INVALID_TYPE) { continue; } if (deviceIdMap.find(trustDeviceId) == deviceIdMap.end()) { deviceIdMap[trustDeviceId] = static_cast(bindType); continue; } DmAuthForm authForm = deviceIdMap.at(trustDeviceId); if (bindType == authForm) { continue; } if (bindType == DmAuthForm::IDENTICAL_ACCOUNT) { deviceIdMap[trustDeviceId] = DmAuthForm::IDENTICAL_ACCOUNT; continue; } if (bindType == DmAuthForm::PEER_TO_PEER && authForm == DmAuthForm::ACROSS_ACCOUNT) { deviceIdMap[trustDeviceId] = DmAuthForm::PEER_TO_PEER; continue; } } return deviceIdMap; } int32_t DeviceProfileConnector::GetDeviceAclParam(DmDiscoveryInfo discoveryInfo, bool &isOnline, int32_t &authForm) { std::vector profiles = GetAccessControlProfile(); if (profiles.size() == 0) { return DM_OK; } std::vector bindTypes; for (auto &item : profiles) { char deviceIdHash[DM_MAX_DEVICE_ID_LEN] = {0}; if (Crypto::GetUdidHash(item.GetTrustDeviceId(), reinterpret_cast(deviceIdHash)) != DM_OK) { LOGE("get deviceIdHash by deviceId: %{public}s failed.", GetAnonyString(deviceIdHash).c_str()); return ERR_DM_FAILED; } if (static_cast(deviceIdHash) != discoveryInfo.remoteDeviceIdHash || item.GetStatus() != ACTIVE) { continue; } int32_t bindType = HandleDmAuthForm(item, discoveryInfo); if (bindType == DmAuthForm::INVALID_TYPE) { continue; } bindTypes.push_back(bindType); } if (std::count(bindTypes.begin(), bindTypes.end(), DmAuthForm::IDENTICAL_ACCOUNT) > 0) { isOnline = true; authForm = DmAuthForm::IDENTICAL_ACCOUNT; LOGI("The found device is identical account device bind type."); return DM_OK; } if (std::count(bindTypes.begin(), bindTypes.end(), DmAuthForm::PEER_TO_PEER) > 0) { isOnline = true; authForm = DmAuthForm::PEER_TO_PEER; LOGI("The found device is peer-to-peer device bind-level."); return DM_OK; } if (std::count(bindTypes.begin(), bindTypes.end(), DmAuthForm::ACROSS_ACCOUNT) > 0) { isOnline = true; authForm = DmAuthForm::ACROSS_ACCOUNT; LOGI("The found device is across-account device bind-level."); return DM_OK; } authForm = DmAuthForm::INVALID_TYPE; return DM_OK; } int32_t DeviceProfileConnector::CheckAuthForm(DmAuthForm form, AccessControlProfile profiles, DmDiscoveryInfo discoveryInfo) { if (profiles.GetBindLevel() == DEVICE || (profiles.GetBindLevel() == APP && discoveryInfo.pkgname == "")) { return form; } if (profiles.GetBindLevel() == APP) { if (discoveryInfo.pkgname == profiles.GetAccesser().GetAccesserBundleName() && discoveryInfo.localDeviceId == profiles.GetAccesser().GetAccesserDeviceId()) { return form; } if (discoveryInfo.pkgname == profiles.GetAccessee().GetAccesseeBundleName() && discoveryInfo.localDeviceId == profiles.GetAccessee().GetAccesseeDeviceId()) { return form; } } return DmAuthForm::INVALID_TYPE; } int32_t DeviceProfileConnector::HandleDmAuthForm(AccessControlProfile profiles, DmDiscoveryInfo discoveryInfo) { if (profiles.GetBindType() == DM_IDENTICAL_ACCOUNT) { return DmAuthForm::IDENTICAL_ACCOUNT; } if (profiles.GetBindType() == DM_POINT_TO_POINT) { return CheckAuthForm(DmAuthForm::PEER_TO_PEER, profiles, discoveryInfo); } if (profiles.GetBindType() == DM_ACROSS_ACCOUNT) { return CheckAuthForm(DmAuthForm::ACROSS_ACCOUNT, profiles, discoveryInfo); } return DmAuthForm::INVALID_TYPE; } uint32_t DeviceProfileConnector::CheckBindType(std::string trustDeviceId, std::string requestDeviceId) { LOGI("Start."); std::vector profiles = GetAccessControlProfile(); LOGI("AccessControlProfile size is %{public}zu", profiles.size()); uint32_t highestPriority = INVALIED_TYPE; for (auto &item : profiles) { if (trustDeviceId != item.GetTrustDeviceId() || item.GetStatus() != ACTIVE) { continue; } uint32_t priority = static_cast(GetAuthForm(item, trustDeviceId, requestDeviceId)); if (priority > highestPriority) { highestPriority = priority; } } return highestPriority; } int32_t DeviceProfileConnector::GetAuthForm(DistributedDeviceProfile::AccessControlProfile profiles, const std::string &trustDev, const std::string &reqDev) { LOGI("BindType %{public}d, bindLevel %{public}d", profiles.GetBindType(), profiles.GetBindLevel()); uint32_t priority = INVALIED_TYPE; uint32_t bindType = profiles.GetBindType(); switch (bindType) { case DM_IDENTICAL_ACCOUNT: priority = IDENTICAL_ACCOUNT_TYPE; break; case DM_POINT_TO_POINT: if (profiles.GetBindLevel() == DEVICE) { priority = DEVICE_PEER_TO_PEER_TYPE; } else if (profiles.GetBindLevel() == APP && profiles.GetAccesser().GetAccesserDeviceId() == reqDev && profiles.GetAccessee().GetAccesseeDeviceId() == trustDev) { priority = APP_PEER_TO_PEER_TYPE; } else if (profiles.GetBindLevel() == APP && profiles.GetAccessee().GetAccesseeDeviceId() == reqDev && profiles.GetAccesser().GetAccesserDeviceId() == trustDev) { priority = APP_PEER_TO_PEER_TYPE; } break; case DM_ACROSS_ACCOUNT: if (profiles.GetBindLevel() == DEVICE) { priority = DEVICE_ACROSS_ACCOUNT_TYPE; } else if (profiles.GetBindLevel() == APP && profiles.GetAccesser().GetAccesserDeviceId() == reqDev && profiles.GetAccessee().GetAccesseeDeviceId() == trustDev) { priority = APP_ACROSS_ACCOUNT_TYPE; } else if (profiles.GetBindLevel() == APP && profiles.GetAccessee().GetAccesseeDeviceId() == reqDev && profiles.GetAccesser().GetAccesserDeviceId() == trustDev) { priority = APP_ACROSS_ACCOUNT_TYPE; } break; default: LOGE("unknown bind type %{public}d.", bindType); break; } return priority; } std::vector DeviceProfileConnector::GetBindTypeByPkgName(std::string pkgName, std::string requestDeviceId, std::string trustUdid) { LOGI("Start."); std::vector profiles = GetAccessControlProfile(); LOGI("AccessControlProfile size is %{public}zu", profiles.size()); std::vector bindTypeVec; for (auto &item : profiles) { if (trustUdid != item.GetTrustDeviceId() || item.GetStatus() != ACTIVE) { continue; } GetParamBindTypeVec(item, pkgName, requestDeviceId, bindTypeVec); } return bindTypeVec; } void DeviceProfileConnector::GetParamBindTypeVec(AccessControlProfile profiles, std::string pkgName, std::string requestDeviceId, std::vector &bindTypeVec) { if (profiles.GetBindType() == DM_IDENTICAL_ACCOUNT) { bindTypeVec.push_back(IDENTICAL_ACCOUNT_TYPE); } if (profiles.GetBindType() == DM_POINT_TO_POINT) { if (profiles.GetBindLevel() == DEVICE) { bindTypeVec.push_back(DEVICE_PEER_TO_PEER_TYPE); } if (profiles.GetBindLevel() == APP) { if (profiles.GetAccesser().GetAccesserBundleName() == pkgName && profiles.GetAccesser().GetAccesserDeviceId() == requestDeviceId) { bindTypeVec.push_back(APP_PEER_TO_PEER_TYPE); } if ((profiles.GetAccessee().GetAccesseeBundleName() == pkgName && profiles.GetAccessee().GetAccesseeDeviceId() == requestDeviceId)) { bindTypeVec.push_back(APP_PEER_TO_PEER_TYPE); } } } if (profiles.GetBindType() == DM_ACROSS_ACCOUNT) { if (profiles.GetBindLevel() == DEVICE) { bindTypeVec.push_back(DEVICE_ACROSS_ACCOUNT_TYPE); } if (profiles.GetBindLevel() == APP) { if (profiles.GetAccesser().GetAccesserBundleName() == pkgName && profiles.GetAccesser().GetAccesserDeviceId() == requestDeviceId) { bindTypeVec.push_back(APP_ACROSS_ACCOUNT_TYPE); } if ((profiles.GetAccessee().GetAccesseeBundleName() == pkgName && profiles.GetAccessee().GetAccesseeDeviceId() == requestDeviceId)) { bindTypeVec.push_back(APP_ACROSS_ACCOUNT_TYPE); } } } } std::vector DeviceProfileConnector::CompareBindType(std::vector profiles, std::string pkgName, std::vector &sinkBindType, std::string localDeviceId, std::string targetDeviceId) { std::vector bindTypeIndex; for (uint32_t index = 0; index < profiles.size(); index++) { if (profiles[index].GetTrustDeviceId() != targetDeviceId || profiles[index].GetStatus() != ACTIVE) { continue; } DmDiscoveryInfo paramInfo = { .pkgname = pkgName, .localDeviceId = localDeviceId, }; ProcessBindType(profiles[index], paramInfo, sinkBindType, bindTypeIndex, index); } return bindTypeIndex; } void DeviceProfileConnector::ProcessBindType(AccessControlProfile profiles, DmDiscoveryInfo paramInfo, std::vector &sinkBindType, std::vector &bindTypeIndex, uint32_t index) { if (profiles.GetBindType() == DM_IDENTICAL_ACCOUNT) { sinkBindType.push_back(IDENTICAL_ACCOUNT_TYPE); bindTypeIndex.push_back(index); } if (profiles.GetBindType() == DM_POINT_TO_POINT) { if (profiles.GetBindLevel() == DEVICE) { sinkBindType.push_back(DEVICE_PEER_TO_PEER_TYPE); bindTypeIndex.push_back(index); } if (profiles.GetBindLevel() == APP) { if (profiles.GetAccesser().GetAccesserBundleName() == paramInfo.pkgname && profiles.GetAccesser().GetAccesserDeviceId() == paramInfo.localDeviceId) { sinkBindType.push_back(APP_PEER_TO_PEER_TYPE); bindTypeIndex.push_back(index); } if (profiles.GetAccessee().GetAccesseeBundleName() == paramInfo.pkgname && profiles.GetAccessee().GetAccesseeDeviceId() == paramInfo.localDeviceId) { sinkBindType.push_back(APP_PEER_TO_PEER_TYPE); bindTypeIndex.push_back(index); } } } if (profiles.GetBindType() == DM_ACROSS_ACCOUNT) { if (profiles.GetBindLevel() == DEVICE) { sinkBindType.push_back(DEVICE_ACROSS_ACCOUNT_TYPE); bindTypeIndex.push_back(index); } if (profiles.GetBindLevel() == APP) { if (profiles.GetAccesser().GetAccesserBundleName() == paramInfo.pkgname && profiles.GetAccesser().GetAccesserDeviceId() == paramInfo.localDeviceId) { sinkBindType.push_back(APP_ACROSS_ACCOUNT_TYPE); bindTypeIndex.push_back(index); } if (profiles.GetAccessee().GetAccesseeBundleName() == paramInfo.pkgname && profiles.GetAccessee().GetAccesseeDeviceId() == paramInfo.localDeviceId) { sinkBindType.push_back(APP_ACROSS_ACCOUNT_TYPE); bindTypeIndex.push_back(index); } } } } std::vector DeviceProfileConnector::SyncAclByBindType(std::string pkgName, std::vector bindTypeVec, std::string localDeviceId, std::string targetDeviceId) { std::vector profiles = GetAccessControlProfile(); LOGI("AccessControlProfile size is %{public}zu", profiles.size()); std::vector sinkBindType; std::vector bindType; std::vector bindTypeIndex = CompareBindType(profiles, pkgName, sinkBindType, localDeviceId, targetDeviceId); for (uint32_t sinkIndex = 0; sinkIndex < sinkBindType.size(); sinkIndex++) { bool deleteAclFlag = true; for (uint32_t srcIndex = 0; srcIndex < bindTypeVec.size(); srcIndex++) { if (sinkBindType[sinkIndex] == bindTypeVec[srcIndex]) { deleteAclFlag = false; bindType.push_back(bindTypeVec[sinkIndex]); } } if (deleteAclFlag) { int32_t deleteIndex = profiles[bindTypeIndex[sinkIndex]].GetAccessControlId(); DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(deleteIndex); } } return bindType; } std::vector DeviceProfileConnector::GetPkgNameFromAcl(std::string &localDeviceId, std::string &targetDeviceId) { LOGI("Start."); std::vector profiles = GetAccessControlProfile(); LOGI("AccessControlProfile size is %{public}zu", profiles.size()); std::vector pkgNameVec; for (auto &item : profiles) { if (item.GetTrustDeviceId() != targetDeviceId || item.GetStatus() != ACTIVE) { continue; } if ((item.GetAccesser().GetAccesserDeviceId() == localDeviceId && item.GetAccessee().GetAccesseeDeviceId() == targetDeviceId) || (item.GetAccesser().GetAccesserDeviceId() == targetDeviceId && item.GetAccessee().GetAccesseeDeviceId() == localDeviceId)) { pkgNameVec.push_back(item.GetAccesser().GetAccesserBundleName()); } } return pkgNameVec; } DmOfflineParam DeviceProfileConnector::GetOfflineParamFromAcl(std::string trustDeviceId, std::string requestDeviceId) { LOGI("TrustDeviceId = %{public}s and requestDeviceId = %{public}s", GetAnonyString(trustDeviceId).c_str(), GetAnonyString(requestDeviceId).c_str()); std::vector profiles = GetAccessControlProfile(); LOGI("AccessControlProfile size is %{public}zu", profiles.size()); DmOfflineParam offlineParam; offlineParam.leftAclNumber = 0; offlineParam.bindType = INVALIED_TYPE; for (auto &item : profiles) { if (item.GetTrustDeviceId() != trustDeviceId || item.GetStatus() != ACTIVE) { continue; } offlineParam.leftAclNumber++; uint32_t priority = INVALIED_TYPE; if (item.GetBindType() == DM_IDENTICAL_ACCOUNT) { priority = IDENTICAL_ACCOUNT_TYPE; } else if (item.GetBindLevel() == DEVICE && item.GetAuthenticationType() == ALLOW_AUTH_ALWAYS) { priority = DEVICE_PEER_TO_PEER_TYPE; } else if (item.GetBindLevel() == DEVICE && item.GetAuthenticationType() == ALLOW_AUTH_ONCE) { priority = DEVICE_PEER_TO_PEER_TYPE; offlineParam.pkgNameVec.push_back(item.GetAccesser().GetAccesserBundleName()); } else if ((item.GetAccesser().GetAccesserDeviceId() == requestDeviceId && item.GetAccessee().GetAccesseeDeviceId() == trustDeviceId) || (item.GetAccesser().GetAccesserDeviceId() == trustDeviceId && item.GetAccessee().GetAccesseeDeviceId() == requestDeviceId)) { priority = APP_PEER_TO_PEER_TYPE; offlineParam.pkgNameVec.push_back(item.GetAccesser().GetAccesserBundleName()); } if (priority > offlineParam.bindType) { offlineParam.bindType = priority; } } return offlineParam; } int32_t DeviceProfileConnector::PutAccessControlList(DmAclInfo aclInfo, DmAccesser dmAccesser, DmAccessee dmAccessee) { LOGI("Start."); Accesser accesser; accesser.SetAccesserDeviceId(dmAccesser.requestDeviceId); accesser.SetAccesserUserId(dmAccesser.requestUserId); accesser.SetAccesserAccountId(dmAccesser.requestAccountId); accesser.SetAccesserTokenId(dmAccesser.requestTokenId); accesser.SetAccesserBundleName(dmAccesser.requestBundleName); Accessee accessee; accessee.SetAccesseeDeviceId(dmAccessee.trustDeviceId); accessee.SetAccesseeUserId(dmAccessee.trustUserId); accessee.SetAccesseeAccountId(dmAccessee.trustAccountId); accessee.SetAccesseeTokenId(dmAccessee.trustTokenId); accessee.SetAccesseeBundleName(dmAccessee.trustBundleName); AccessControlProfile profile; profile.SetBindType(aclInfo.bindType); profile.SetBindLevel(aclInfo.bindLevel); profile.SetStatus(ACTIVE); profile.SetTrustDeviceId(aclInfo.trustDeviceId); profile.SetDeviceIdType((int32_t)DeviceIdType::UDID); profile.SetDeviceIdHash(aclInfo.deviceIdHash); profile.SetAuthenticationType(aclInfo.authenticationType); profile.SetAccessee(accessee); profile.SetAccesser(accesser); int32_t ret = DistributedDeviceProfileClient::GetInstance().PutAccessControlProfile(profile); if (ret != DM_OK) { LOGE("PutAccessControlProfile failed."); } return ret; } int32_t DeviceProfileConnector::DeleteAccessControlList(int32_t userId, std::string &accountId) { LOGI("Start."); std::vector profiles; std::map queryParams; queryParams["userId"] = std::to_string(userId); if (DistributedDeviceProfileClient::GetInstance().GetAccessControlProfile(queryParams, profiles) != DM_OK) { LOGE("DP GetAccessControlProfile failed."); } LOGI("Size is %{public}zu", profiles.size()); for (auto &item : profiles) { LOGI("BindType is : %{public}d.", item.GetBindType()); DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); } return DM_OK; } void DeviceProfileConnector::DeleteAccessControlList(const std::string &udid) { LOGI("Udid: %{public}s.", GetAnonyString(udid).c_str()); if (udid.empty()) { LOGE("DeleteAccessControlList udid is empty."); return; } std::vector profiles = GetAccessControlProfile(); LOGI("Size is %{public}zu", profiles.size()); for (const auto &item : profiles) { if (item.GetTrustDeviceId() == udid) { DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); } } } void DeviceProfileConnector::DeleteAclForAccountLogOut(const std::string &localUdid, int32_t userId, const std::string &remoteUdid) { LOGI("localUdid %{public}s, userId %{public}d, remoteUdid %{public}s.", GetAnonyString(localUdid).c_str(), userId, GetAnonyString(remoteUdid).c_str()); std::vector profiles = GetAccessControlProfileByUserId(userId); for (const auto &item : profiles) { if (item.GetTrustDeviceId() == remoteUdid) { DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); } } } void DeviceProfileConnector::DeleteAclForUserRemoved(int32_t userId) { LOGI("DeleteAclForUserRemoved userId %{public}d.", userId); std::vector profiles = GetAccessControlProfileByUserId(userId); for (const auto &item : profiles) { if (item.GetAccesser().GetAccesserUserId() == userId || item.GetAccessee().GetAccesseeUserId() == userId) { DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); } } } std::map DeviceProfileConnector::GetDeviceIdAndBindType(int32_t userId, const std::string &accountId, const std::string &localUdid) { LOGI("userId %{public}d, accountId %{public}s.", userId, GetAnonyString(accountId).c_str()); std::vector profiles = GetAccessControlProfileByUserId(userId); std::map deviceIdMap; for (const auto &item : profiles) { if (item.GetAccesser().GetAccesserUserId() == userId && item.GetAccesser().GetAccesserAccountId() == accountId && item.GetAccesser().GetAccesserDeviceId() == localUdid) { LOGI("Account logout localUdid %{public}s is src.", GetAnonyString(localUdid).c_str()); UpdateBindType(item.GetTrustDeviceId(), item.GetBindType(), deviceIdMap); continue; } if (item.GetAccessee().GetAccesseeUserId() == userId && item.GetAccessee().GetAccesseeAccountId() == accountId && item.GetAccessee().GetAccesseeDeviceId() == localUdid) { LOGI("Account logout localUdid %{public}s is sink.", GetAnonyString(localUdid).c_str()); UpdateBindType(item.GetTrustDeviceId(), item.GetBindType(), deviceIdMap); continue; } } return deviceIdMap; } void DeviceProfileConnector::UpdateBindType(const std::string &udid, int32_t bindType, std::map &deviceMap) { LOGI("BindType %{public}d.", bindType); if (deviceMap.find(udid) == deviceMap.end()) { deviceMap[udid] = bindType; } else { deviceMap[udid] = std::min(deviceMap[udid], bindType); } } DmOfflineParam DeviceProfileConnector::DeleteAccessControlList(std::string pkgName, std::string localDeviceId, std::string remoteDeviceId) { LOGI("DeleteAccessControlList by pkgName %{public}s, localDeviceId %{public}s, remoteDeviceId %{public}s.", pkgName.c_str(), GetAnonyString(localDeviceId).c_str(), GetAnonyString(remoteDeviceId).c_str()); std::vector profiles = GetAccessControlProfile(); LOGI("Size is %{public}zu", profiles.size()); DmOfflineParam offlineParam; offlineParam.bindType = INVALIED_TYPE; offlineParam.leftAclNumber = 0; for (auto &item : profiles) { if (item.GetTrustDeviceId() != remoteDeviceId || item.GetStatus() != ACTIVE) { continue; } if (item.GetBindType() == DM_IDENTICAL_ACCOUNT) { LOGE("Identical account forbid unbind."); offlineParam.bindType = INVALIED_TYPE; return offlineParam; } if (item.GetTrustDeviceId() == remoteDeviceId) { offlineParam.leftAclNumber++; if (item.GetBindLevel() == DEVICE && item.GetBindType() != DM_IDENTICAL_ACCOUNT && (item.GetAccesser().GetAccesserBundleName() == pkgName || item.GetAccesser().GetAccesserBundleName() == "")) { LOGI("DeleteAccessControlList device unbind."); offlineParam.bindType = DEVICE_PEER_TO_PEER_TYPE; } } } for (auto &item : profiles) { if (item.GetTrustDeviceId() != remoteDeviceId || item.GetStatus() != ACTIVE) { continue; } if ((item.GetAccesser().GetAccesserDeviceId() == localDeviceId && item.GetAccessee().GetAccesseeDeviceId() == remoteDeviceId) || (item.GetAccessee().GetAccesseeDeviceId() == localDeviceId && item.GetAccesser().GetAccesserDeviceId() == remoteDeviceId)) { if (offlineParam.bindType == DEVICE_PEER_TO_PEER_TYPE) { DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); offlineParam.leftAclNumber--; } else if (item.GetAccesser().GetAccesserBundleName() == pkgName && item.GetAccessee().GetAccesseeBundleName() == pkgName) { offlineParam.bindType = APP_PEER_TO_PEER_TYPE; DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); offlineParam.leftAclNumber--; break; } } } return offlineParam; } int32_t DeviceProfileConnector::UpdateAccessControlList(int32_t userId, std::string &oldAccountId, std::string &newAccountId) { LOGI("Start."); std::vector profiles = GetAccessControlProfile(); LOGI("AccessControlProfile size is %{public}zu", profiles.size()); for (auto &item : profiles) { if ((item.GetAccesser().GetAccesserUserId() == userId && item.GetAccesser().GetAccesserAccountId() == oldAccountId) || (item.GetAccessee().GetAccesseeUserId() == userId && item.GetAccessee().GetAccesseeAccountId() == oldAccountId)) { item.SetStatus(INACTIVE); DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(item); } if ((item.GetAccesser().GetAccesserUserId() == userId && item.GetAccesser().GetAccesserAccountId() == newAccountId) || (item.GetAccessee().GetAccesseeUserId() == userId && item.GetAccessee().GetAccesseeAccountId() == newAccountId)) { item.SetStatus(ACTIVE); DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(item); } } return DM_OK; } bool DeviceProfileConnector::CheckIdenticalAccount(int32_t userId, const std::string &accountId) { LOGI("Start"); std::vector profiles; std::map queryParams; queryParams["userId"] = std::to_string(userId); queryParams["accountId"] = accountId; if (DistributedDeviceProfileClient::GetInstance().GetAccessControlProfile(queryParams, profiles) != DM_OK) { LOGE("DP GetAccessControlProfile failed."); } for (auto &item : profiles) { if (item.GetBindType() == DM_IDENTICAL_ACCOUNT && item.GetStatus() == ACTIVE) { return true; } } return false; } int32_t DeviceProfileConnector::DeleteP2PAccessControlList(int32_t userId, std::string &accountId) { LOGI("Start"); std::vector profiles; std::map queryParams; queryParams["userId"] = std::to_string(userId); queryParams["accountId"] = accountId; if (DistributedDeviceProfileClient::GetInstance().GetAccessControlProfile(queryParams, profiles) != DM_OK) { LOGE("DP GetAccessControlProfile failed."); } for (auto &item : profiles) { if (item.GetBindType() == DM_IDENTICAL_ACCOUNT || item.GetStatus() != ACTIVE) { continue; } if ((item.GetAccesser().GetAccesserUserId() == userId && item.GetAccesser().GetAccesserAccountId() == accountId) || (item.GetAccessee().GetAccesseeUserId() == userId && item.GetAccessee().GetAccesseeAccountId() == accountId)) { DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); } } return DM_OK; } bool DeviceProfileConnector::CheckSrcDevIdInAclForDevBind(const std::string &pkgName, const std::string &deviceId) { LOGI("Start"); std::vector profiles = GetAccessControlProfile(); LOGI("AccessControlProfile size is %{public}zu", profiles.size()); for (auto &item : profiles) { if (item.GetTrustDeviceId() == deviceId && item.GetStatus() == ACTIVE && item.GetBindLevel() == DEVICE && (item.GetAccessee().GetAccesseeBundleName() == pkgName || item.GetAccesser().GetAccesserBundleName() == "") && item.GetAccessee().GetAccesseeUserId() == 0 && item.GetAccessee().GetAccesseeAccountId() == "") { return true; } } return false; } bool DeviceProfileConnector::CheckSinkDevIdInAclForDevBind(const std::string &pkgName, const std::string &deviceId) { LOGI("Start"); std::vector profiles = GetAccessControlProfile(); LOGI("AccessControlProfile size is %{public}zu", profiles.size()); for (auto &item : profiles) { if (item.GetTrustDeviceId() == deviceId && item.GetStatus() == ACTIVE && item.GetBindLevel() == DEVICE && (item.GetAccesser().GetAccesserBundleName() == pkgName || item.GetAccesser().GetAccesserBundleName() == "") && item.GetAccesser().GetAccesserUserId() == 0 && item.GetAccesser().GetAccesserAccountId() == "") { return true; } } return false; } bool DeviceProfileConnector::CheckDevIdInAclForDevBind(const std::string &pkgName, const std::string &deviceId) { return (CheckSinkDevIdInAclForDevBind(pkgName, deviceId) || CheckSrcDevIdInAclForDevBind(pkgName, deviceId)); } uint32_t DeviceProfileConnector::DeleteTimeOutAcl(const std::string &deviceId) { LOGI("Start"); std::vector profiles = GetAccessControlProfile(); LOGI("AccessControlProfile size is %{public}zu", profiles.size()); uint32_t res = 0; for (auto &item : profiles) { if (item.GetTrustDeviceId() != deviceId || item.GetStatus() != ACTIVE) { continue; } res++; if (item.GetAuthenticationType() == ALLOW_AUTH_ONCE) { res--; DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); } } return res; } int32_t DeviceProfileConnector::GetTrustNumber(const std::string &deviceId) { LOGI("Start"); std::vector profiles = GetAccessControlProfile(); LOGI("AccessControlProfile size is %{public}zu", profiles.size()); int32_t trustNumber = 0; for (auto &item : profiles) { if (item.GetTrustDeviceId() == deviceId && item.GetStatus() == ACTIVE) { trustNumber++; } } return trustNumber; } bool DeviceProfileConnector::CheckPkgnameInAcl(std::string pkgName, std::string localDeviceId, std::string remoteDeviceId) { LOGI("Start"); std::vector profiles = GetAccessControlProfile(); LOGI("AccessControlProfile size is %{public}zu", profiles.size()); for (auto &item : profiles) { if (item.GetTrustDeviceId() != remoteDeviceId || item.GetStatus() != ACTIVE || item.GetBindType() == DM_IDENTICAL_ACCOUNT) { continue; } if (item.GetBindLevel() == DEVICE && (item.GetAccesser().GetAccesserBundleName() == pkgName || item.GetAccessee().GetAccesseeBundleName() == pkgName || item.GetAccesser().GetAccesserBundleName() == "" || item.GetAccessee().GetAccesseeBundleName() == "")) { LOGI("The pkgname %{public}s is peer-to-peer device unbind.", pkgName.c_str()); return true; } else if (item.GetBindLevel() == APP && item.GetAccesser().GetAccesserBundleName() == pkgName && item.GetAccesser().GetAccesserDeviceId() == localDeviceId) { LOGI("The accesser pkgname %{public}s is peer-to-peer app unbind.", pkgName.c_str()); return true; } else if (item.GetBindLevel() == APP && item.GetAccessee().GetAccesseeBundleName() == pkgName && item.GetAccessee().GetAccesseeDeviceId() == localDeviceId) { LOGI("The accessee pkgname %{public}s is peer-to-peer app unbind.", pkgName.c_str()); return true; } } return false; } int32_t DeviceProfileConnector::IsSameAccount(const std::string &udid) { LOGI("Start."); std::vector profiles = GetAccessControlProfile(); for (auto &item : profiles) { if (item.GetTrustDeviceId() == udid && item.GetStatus() == ACTIVE) { if (item.GetBindType() == DM_IDENTICAL_ACCOUNT) { // 同账号 LOGI("The udid %{public}s is identical bind.", GetAnonyString(udid).c_str()); return DM_OK; } } } return ERR_DM_FAILED; } int32_t DeviceProfileConnector::CheckAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid) { LOGI("PkgName %{public}s, srcUdid %{public}s, sinkUdid %{public}s", caller.pkgName.c_str(), GetAnonyString(srcUdid).c_str(), GetAnonyString(sinkUdid).c_str()); std::vector profiles = GetAccessControlProfile(); for (auto &item : profiles) { if (item.GetStatus() != ACTIVE || (item.GetTrustDeviceId() != sinkUdid && item.GetTrustDeviceId() != srcUdid)) { continue; } if (SingleUserProcess(item, caller, callee)) { return DM_OK; } } return ERR_DM_FAILED; } bool DeviceProfileConnector::SingleUserProcess(const DistributedDeviceProfile::AccessControlProfile &profile, const DmAccessCaller &caller, const DmAccessCallee &callee) { LOGI("BindType %{public}d, bindLevel %{public}d.", profile.GetBindType(), profile.GetBindLevel()); uint32_t bindType = profile.GetBindType(); bool ret = false; switch (bindType) { case DM_IDENTICAL_ACCOUNT: ret = true; break; case DM_POINT_TO_POINT: if (profile.GetBindLevel() == DEVICE || profile.GetBindLevel() == SERVICE) { ret = true; } else if (profile.GetBindLevel() == APP && profile.GetAccesser().GetAccesserBundleName() == caller.pkgName) { ret = true; } break; case DM_ACROSS_ACCOUNT: if (profile.GetBindLevel() == DEVICE || profile.GetBindLevel() == SERVICE) { ret = true; } else if (profile.GetBindLevel() == APP && profile.GetAccesser().GetAccesserBundleName() == caller.pkgName) { ret = true; } break; default: LOGE("unknown bind type %{public}d.", bindType); break; } return ret; } int32_t DeviceProfileConnector::CheckIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid) { LOGI(" DeviceProfileConnector::CheckIsSameAccount pkgName %{public}s, srcUdid %{public}s, sinkUdid %{public}s", caller.pkgName.c_str(), GetAnonyString(srcUdid).c_str(), GetAnonyString(sinkUdid).c_str()); std::vector profiles = GetAccessControlProfile(); for (auto &item : profiles) { if (item.GetStatus() != ACTIVE || (item.GetTrustDeviceId() != sinkUdid && item.GetTrustDeviceId() != srcUdid)) { continue; } if (item.GetBindType() == DM_IDENTICAL_ACCOUNT) { LOGI("The udid %{public}s is identical bind.", GetAnonyString(item.GetTrustDeviceId()).c_str()); return DM_OK; } } return ERR_DM_FAILED; } IDeviceProfileConnector *CreateDpConnectorInstance() { return &DeviceProfileConnector::GetInstance(); } } // namespace DistributedHardware } // namespace OHOS