1 /* 2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #include "deviceprofile_connector.h" 17 #include "dm_anonymous.h" 18 #include "dm_constants.h" 19 #include "dm_crypto.h" 20 #include "dm_log.h" 21 #include "multiple_user_connector.h" 22 #include "distributed_device_profile_client.h" 23 24 using namespace OHOS::DistributedDeviceProfile; 25 26 namespace OHOS { 27 namespace DistributedHardware { 28 DM_IMPLEMENT_SINGLE_INSTANCE(DeviceProfileConnector); GetAccessControlProfile()29 std::vector<AccessControlProfile> DeviceProfileConnector::GetAccessControlProfile() 30 { 31 std::vector<AccessControlProfile> profiles; 32 std::map<std::string, std::string> queryParams; 33 int32_t userId = MultipleUserConnector::GetCurrentAccountUserID(); 34 queryParams["userId"] = std::to_string(userId); 35 if (DistributedDeviceProfileClient::GetInstance().GetAccessControlProfile(queryParams, profiles) != DM_OK) { 36 LOGE("DP GetAccessControlProfile failed."); 37 } 38 return profiles; 39 } 40 GetAccessControlProfileByUserId(int32_t userId)41 std::vector<AccessControlProfile> DeviceProfileConnector::GetAccessControlProfileByUserId(int32_t userId) 42 { 43 std::vector<AccessControlProfile> profiles; 44 std::map<std::string, std::string> queryParams; 45 queryParams[USERID] = std::to_string(userId); 46 if (DistributedDeviceProfileClient::GetInstance().GetAccessControlProfile(queryParams, profiles) != DM_OK) { 47 LOGE("DP GetAccessControlProfileByUserId failed."); 48 } 49 return profiles; 50 } 51 GetAppTrustDeviceList(const std::string & pkgName,const std::string & deviceId)52 std::unordered_map<std::string, DmAuthForm> DeviceProfileConnector::GetAppTrustDeviceList(const std::string &pkgName, 53 const std::string &deviceId) 54 { 55 std::vector<AccessControlProfile> profiles = GetAccessControlProfile(); 56 std::unordered_map<std::string, DmAuthForm> deviceIdMap; 57 for (auto &item : profiles) { 58 std::string trustDeviceId = item.GetTrustDeviceId(); 59 if (trustDeviceId == deviceId || item.GetStatus() != ACTIVE) { 60 continue; 61 } 62 DmDiscoveryInfo discoveryInfo = {pkgName, deviceId}; 63 int32_t bindType = HandleDmAuthForm(item, discoveryInfo); 64 LOGI("The udid %{public}s in ACL authForm is %{public}d.", GetAnonyString(trustDeviceId).c_str(), bindType); 65 if (bindType == DmAuthForm::INVALID_TYPE) { 66 continue; 67 } 68 if (deviceIdMap.find(trustDeviceId) == deviceIdMap.end()) { 69 deviceIdMap[trustDeviceId] = static_cast<DmAuthForm>(bindType); 70 continue; 71 } 72 DmAuthForm authForm = deviceIdMap.at(trustDeviceId); 73 if (bindType == authForm) { 74 continue; 75 } 76 if (bindType == DmAuthForm::IDENTICAL_ACCOUNT) { 77 deviceIdMap[trustDeviceId] = DmAuthForm::IDENTICAL_ACCOUNT; 78 continue; 79 } 80 if (bindType == DmAuthForm::PEER_TO_PEER && authForm == DmAuthForm::ACROSS_ACCOUNT) { 81 deviceIdMap[trustDeviceId] = DmAuthForm::PEER_TO_PEER; 82 continue; 83 } 84 } 85 return deviceIdMap; 86 } 87 GetDeviceAclParam(DmDiscoveryInfo discoveryInfo,bool & isOnline,int32_t & authForm)88 int32_t DeviceProfileConnector::GetDeviceAclParam(DmDiscoveryInfo discoveryInfo, bool &isOnline, int32_t &authForm) 89 { 90 std::vector<AccessControlProfile> profiles = GetAccessControlProfile(); 91 if (profiles.size() == 0) { 92 return DM_OK; 93 } 94 std::vector<int32_t> bindTypes; 95 for (auto &item : profiles) { 96 char deviceIdHash[DM_MAX_DEVICE_ID_LEN] = {0}; 97 if (Crypto::GetUdidHash(item.GetTrustDeviceId(), reinterpret_cast<uint8_t *>(deviceIdHash)) != DM_OK) { 98 LOGE("get deviceIdHash by deviceId: %{public}s failed.", GetAnonyString(deviceIdHash).c_str()); 99 return ERR_DM_FAILED; 100 } 101 if (static_cast<std::string>(deviceIdHash) != discoveryInfo.remoteDeviceIdHash || item.GetStatus() != ACTIVE) { 102 continue; 103 } 104 int32_t bindType = HandleDmAuthForm(item, discoveryInfo); 105 if (bindType == DmAuthForm::INVALID_TYPE) { 106 continue; 107 } 108 bindTypes.push_back(bindType); 109 } 110 if (std::count(bindTypes.begin(), bindTypes.end(), DmAuthForm::IDENTICAL_ACCOUNT) > 0) { 111 isOnline = true; 112 authForm = DmAuthForm::IDENTICAL_ACCOUNT; 113 LOGI("The found device is identical account device bind type."); 114 return DM_OK; 115 } 116 if (std::count(bindTypes.begin(), bindTypes.end(), DmAuthForm::PEER_TO_PEER) > 0) { 117 isOnline = true; 118 authForm = DmAuthForm::PEER_TO_PEER; 119 LOGI("The found device is peer-to-peer device bind-level."); 120 return DM_OK; 121 } 122 if (std::count(bindTypes.begin(), bindTypes.end(), DmAuthForm::ACROSS_ACCOUNT) > 0) { 123 isOnline = true; 124 authForm = DmAuthForm::ACROSS_ACCOUNT; 125 LOGI("The found device is across-account device bind-level."); 126 return DM_OK; 127 } 128 authForm = DmAuthForm::INVALID_TYPE; 129 return DM_OK; 130 } 131 CheckAuthForm(DmAuthForm form,AccessControlProfile profiles,DmDiscoveryInfo discoveryInfo)132 int32_t DeviceProfileConnector::CheckAuthForm(DmAuthForm form, AccessControlProfile profiles, 133 DmDiscoveryInfo discoveryInfo) 134 { 135 if (profiles.GetBindLevel() == DEVICE || (profiles.GetBindLevel() == APP && discoveryInfo.pkgname == "")) { 136 return form; 137 } 138 if (profiles.GetBindLevel() == APP) { 139 if (discoveryInfo.pkgname == profiles.GetAccesser().GetAccesserBundleName() && 140 discoveryInfo.localDeviceId == profiles.GetAccesser().GetAccesserDeviceId()) { 141 return form; 142 } 143 if (discoveryInfo.pkgname == profiles.GetAccessee().GetAccesseeBundleName() && 144 discoveryInfo.localDeviceId == profiles.GetAccessee().GetAccesseeDeviceId()) { 145 return form; 146 } 147 } 148 return DmAuthForm::INVALID_TYPE; 149 } 150 HandleDmAuthForm(AccessControlProfile profiles,DmDiscoveryInfo discoveryInfo)151 int32_t DeviceProfileConnector::HandleDmAuthForm(AccessControlProfile profiles, DmDiscoveryInfo discoveryInfo) 152 { 153 if (profiles.GetBindType() == DM_IDENTICAL_ACCOUNT) { 154 return DmAuthForm::IDENTICAL_ACCOUNT; 155 } 156 if (profiles.GetBindType() == DM_POINT_TO_POINT) { 157 return CheckAuthForm(DmAuthForm::PEER_TO_PEER, profiles, discoveryInfo); 158 } 159 if (profiles.GetBindType() == DM_ACROSS_ACCOUNT) { 160 return CheckAuthForm(DmAuthForm::ACROSS_ACCOUNT, profiles, discoveryInfo); 161 } 162 return DmAuthForm::INVALID_TYPE; 163 } 164 CheckBindType(std::string trustDeviceId,std::string requestDeviceId)165 uint32_t DeviceProfileConnector::CheckBindType(std::string trustDeviceId, std::string requestDeviceId) 166 { 167 LOGI("Start."); 168 std::vector<AccessControlProfile> profiles = GetAccessControlProfile(); 169 LOGI("AccessControlProfile size is %{public}zu", profiles.size()); 170 uint32_t highestPriority = INVALIED_TYPE; 171 for (auto &item : profiles) { 172 if (trustDeviceId != item.GetTrustDeviceId() || item.GetStatus() != ACTIVE) { 173 continue; 174 } 175 uint32_t priority = static_cast<uint32_t>(GetAuthForm(item, trustDeviceId, requestDeviceId)); 176 if (priority > highestPriority) { 177 highestPriority = priority; 178 } 179 } 180 return highestPriority; 181 } 182 GetAuthForm(DistributedDeviceProfile::AccessControlProfile profiles,const std::string & trustDev,const std::string & reqDev)183 int32_t DeviceProfileConnector::GetAuthForm(DistributedDeviceProfile::AccessControlProfile profiles, 184 const std::string &trustDev, const std::string &reqDev) 185 { 186 LOGI("BindType %{public}d, bindLevel %{public}d", 187 profiles.GetBindType(), profiles.GetBindLevel()); 188 uint32_t priority = INVALIED_TYPE; 189 uint32_t bindType = profiles.GetBindType(); 190 switch (bindType) { 191 case DM_IDENTICAL_ACCOUNT: 192 priority = IDENTICAL_ACCOUNT_TYPE; 193 break; 194 case DM_POINT_TO_POINT: 195 if (profiles.GetBindLevel() == DEVICE) { 196 priority = DEVICE_PEER_TO_PEER_TYPE; 197 } else if (profiles.GetBindLevel() == APP && profiles.GetAccesser().GetAccesserDeviceId() == reqDev && 198 profiles.GetAccessee().GetAccesseeDeviceId() == trustDev) { 199 priority = APP_PEER_TO_PEER_TYPE; 200 } else if (profiles.GetBindLevel() == APP && profiles.GetAccessee().GetAccesseeDeviceId() == reqDev && 201 profiles.GetAccesser().GetAccesserDeviceId() == trustDev) { 202 priority = APP_PEER_TO_PEER_TYPE; 203 } 204 break; 205 case DM_ACROSS_ACCOUNT: 206 if (profiles.GetBindLevel() == DEVICE) { 207 priority = DEVICE_ACROSS_ACCOUNT_TYPE; 208 } else if (profiles.GetBindLevel() == APP && profiles.GetAccesser().GetAccesserDeviceId() == reqDev && 209 profiles.GetAccessee().GetAccesseeDeviceId() == trustDev) { 210 priority = APP_ACROSS_ACCOUNT_TYPE; 211 } else if (profiles.GetBindLevel() == APP && profiles.GetAccessee().GetAccesseeDeviceId() == reqDev && 212 profiles.GetAccesser().GetAccesserDeviceId() == trustDev) { 213 priority = APP_ACROSS_ACCOUNT_TYPE; 214 } 215 break; 216 default: 217 LOGE("unknown bind type %{public}d.", bindType); 218 break; 219 } 220 return priority; 221 } 222 GetBindTypeByPkgName(std::string pkgName,std::string requestDeviceId,std::string trustUdid)223 std::vector<int32_t> DeviceProfileConnector::GetBindTypeByPkgName(std::string pkgName, std::string requestDeviceId, 224 std::string trustUdid) 225 { 226 LOGI("Start."); 227 std::vector<AccessControlProfile> profiles = GetAccessControlProfile(); 228 LOGI("AccessControlProfile size is %{public}zu", profiles.size()); 229 std::vector<int32_t> bindTypeVec; 230 for (auto &item : profiles) { 231 if (trustUdid != item.GetTrustDeviceId() || item.GetStatus() != ACTIVE) { 232 continue; 233 } 234 GetParamBindTypeVec(item, pkgName, requestDeviceId, bindTypeVec); 235 } 236 return bindTypeVec; 237 } 238 GetParamBindTypeVec(AccessControlProfile profiles,std::string pkgName,std::string requestDeviceId,std::vector<int32_t> & bindTypeVec)239 void DeviceProfileConnector::GetParamBindTypeVec(AccessControlProfile profiles, std::string pkgName, 240 std::string requestDeviceId, std::vector<int32_t> &bindTypeVec) 241 { 242 if (profiles.GetBindType() == DM_IDENTICAL_ACCOUNT) { 243 bindTypeVec.push_back(IDENTICAL_ACCOUNT_TYPE); 244 } 245 if (profiles.GetBindType() == DM_POINT_TO_POINT) { 246 if (profiles.GetBindLevel() == DEVICE) { 247 bindTypeVec.push_back(DEVICE_PEER_TO_PEER_TYPE); 248 } 249 if (profiles.GetBindLevel() == APP) { 250 if (profiles.GetAccesser().GetAccesserBundleName() == pkgName && 251 profiles.GetAccesser().GetAccesserDeviceId() == requestDeviceId) { 252 bindTypeVec.push_back(APP_PEER_TO_PEER_TYPE); 253 } 254 if ((profiles.GetAccessee().GetAccesseeBundleName() == pkgName && 255 profiles.GetAccessee().GetAccesseeDeviceId() == requestDeviceId)) { 256 bindTypeVec.push_back(APP_PEER_TO_PEER_TYPE); 257 } 258 } 259 } 260 if (profiles.GetBindType() == DM_ACROSS_ACCOUNT) { 261 if (profiles.GetBindLevel() == DEVICE) { 262 bindTypeVec.push_back(DEVICE_ACROSS_ACCOUNT_TYPE); 263 } 264 if (profiles.GetBindLevel() == APP) { 265 if (profiles.GetAccesser().GetAccesserBundleName() == pkgName && 266 profiles.GetAccesser().GetAccesserDeviceId() == requestDeviceId) { 267 bindTypeVec.push_back(APP_ACROSS_ACCOUNT_TYPE); 268 } 269 if ((profiles.GetAccessee().GetAccesseeBundleName() == pkgName && 270 profiles.GetAccessee().GetAccesseeDeviceId() == requestDeviceId)) { 271 bindTypeVec.push_back(APP_ACROSS_ACCOUNT_TYPE); 272 } 273 } 274 } 275 } 276 CompareBindType(std::vector<AccessControlProfile> profiles,std::string pkgName,std::vector<int32_t> & sinkBindType,std::string localDeviceId,std::string targetDeviceId)277 std::vector<int32_t> DeviceProfileConnector::CompareBindType(std::vector<AccessControlProfile> profiles, 278 std::string pkgName, std::vector<int32_t> &sinkBindType, std::string localDeviceId, std::string targetDeviceId) 279 { 280 std::vector<int32_t> bindTypeIndex; 281 for (uint32_t index = 0; index < profiles.size(); index++) { 282 if (profiles[index].GetTrustDeviceId() != targetDeviceId || profiles[index].GetStatus() != ACTIVE) { 283 continue; 284 } 285 DmDiscoveryInfo paramInfo = { 286 .pkgname = pkgName, 287 .localDeviceId = localDeviceId, 288 }; 289 ProcessBindType(profiles[index], paramInfo, sinkBindType, bindTypeIndex, index); 290 } 291 return bindTypeIndex; 292 } 293 ProcessBindType(AccessControlProfile profiles,DmDiscoveryInfo paramInfo,std::vector<int32_t> & sinkBindType,std::vector<int32_t> & bindTypeIndex,uint32_t index)294 void DeviceProfileConnector::ProcessBindType(AccessControlProfile profiles, DmDiscoveryInfo paramInfo, 295 std::vector<int32_t> &sinkBindType, std::vector<int32_t> &bindTypeIndex, uint32_t index) 296 { 297 if (profiles.GetBindType() == DM_IDENTICAL_ACCOUNT) { 298 sinkBindType.push_back(IDENTICAL_ACCOUNT_TYPE); 299 bindTypeIndex.push_back(index); 300 } 301 if (profiles.GetBindType() == DM_POINT_TO_POINT) { 302 if (profiles.GetBindLevel() == DEVICE) { 303 sinkBindType.push_back(DEVICE_PEER_TO_PEER_TYPE); 304 bindTypeIndex.push_back(index); 305 } 306 if (profiles.GetBindLevel() == APP) { 307 if (profiles.GetAccesser().GetAccesserBundleName() == paramInfo.pkgname && 308 profiles.GetAccesser().GetAccesserDeviceId() == paramInfo.localDeviceId) { 309 sinkBindType.push_back(APP_PEER_TO_PEER_TYPE); 310 bindTypeIndex.push_back(index); 311 } 312 if (profiles.GetAccessee().GetAccesseeBundleName() == paramInfo.pkgname && 313 profiles.GetAccessee().GetAccesseeDeviceId() == paramInfo.localDeviceId) { 314 sinkBindType.push_back(APP_PEER_TO_PEER_TYPE); 315 bindTypeIndex.push_back(index); 316 } 317 } 318 } 319 if (profiles.GetBindType() == DM_ACROSS_ACCOUNT) { 320 if (profiles.GetBindLevel() == DEVICE) { 321 sinkBindType.push_back(DEVICE_ACROSS_ACCOUNT_TYPE); 322 bindTypeIndex.push_back(index); 323 } 324 if (profiles.GetBindLevel() == APP) { 325 if (profiles.GetAccesser().GetAccesserBundleName() == paramInfo.pkgname && 326 profiles.GetAccesser().GetAccesserDeviceId() == paramInfo.localDeviceId) { 327 sinkBindType.push_back(APP_ACROSS_ACCOUNT_TYPE); 328 bindTypeIndex.push_back(index); 329 } 330 if (profiles.GetAccessee().GetAccesseeBundleName() == paramInfo.pkgname && 331 profiles.GetAccessee().GetAccesseeDeviceId() == paramInfo.localDeviceId) { 332 sinkBindType.push_back(APP_ACROSS_ACCOUNT_TYPE); 333 bindTypeIndex.push_back(index); 334 } 335 } 336 } 337 } 338 SyncAclByBindType(std::string pkgName,std::vector<int32_t> bindTypeVec,std::string localDeviceId,std::string targetDeviceId)339 std::vector<int32_t> DeviceProfileConnector::SyncAclByBindType(std::string pkgName, std::vector<int32_t> bindTypeVec, 340 std::string localDeviceId, std::string targetDeviceId) 341 { 342 std::vector<AccessControlProfile> profiles = GetAccessControlProfile(); 343 LOGI("AccessControlProfile size is %{public}zu", profiles.size()); 344 std::vector<int32_t> sinkBindType; 345 std::vector<int32_t> bindType; 346 std::vector<int32_t> bindTypeIndex = 347 CompareBindType(profiles, pkgName, sinkBindType, localDeviceId, targetDeviceId); 348 for (uint32_t sinkIndex = 0; sinkIndex < sinkBindType.size(); sinkIndex++) { 349 bool deleteAclFlag = true; 350 for (uint32_t srcIndex = 0; srcIndex < bindTypeVec.size(); srcIndex++) { 351 if (sinkBindType[sinkIndex] == bindTypeVec[srcIndex]) { 352 deleteAclFlag = false; 353 bindType.push_back(bindTypeVec[sinkIndex]); 354 } 355 } 356 if (deleteAclFlag) { 357 int32_t deleteIndex = profiles[bindTypeIndex[sinkIndex]].GetAccessControlId(); 358 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(deleteIndex); 359 } 360 } 361 return bindType; 362 } 363 GetPkgNameFromAcl(std::string & localDeviceId,std::string & targetDeviceId)364 std::vector<std::string> DeviceProfileConnector::GetPkgNameFromAcl(std::string &localDeviceId, 365 std::string &targetDeviceId) 366 { 367 LOGI("Start."); 368 std::vector<AccessControlProfile> profiles = GetAccessControlProfile(); 369 LOGI("AccessControlProfile size is %{public}zu", profiles.size()); 370 std::vector<std::string> pkgNameVec; 371 for (auto &item : profiles) { 372 if (item.GetTrustDeviceId() != targetDeviceId || item.GetStatus() != ACTIVE) { 373 continue; 374 } 375 if ((item.GetAccesser().GetAccesserDeviceId() == localDeviceId && 376 item.GetAccessee().GetAccesseeDeviceId() == targetDeviceId) || 377 (item.GetAccesser().GetAccesserDeviceId() == targetDeviceId && 378 item.GetAccessee().GetAccesseeDeviceId() == localDeviceId)) { 379 pkgNameVec.push_back(item.GetAccesser().GetAccesserBundleName()); 380 } 381 } 382 return pkgNameVec; 383 } 384 GetOfflineParamFromAcl(std::string trustDeviceId,std::string requestDeviceId)385 DmOfflineParam DeviceProfileConnector::GetOfflineParamFromAcl(std::string trustDeviceId, std::string requestDeviceId) 386 { 387 LOGI("TrustDeviceId = %{public}s and requestDeviceId = %{public}s", 388 GetAnonyString(trustDeviceId).c_str(), GetAnonyString(requestDeviceId).c_str()); 389 std::vector<AccessControlProfile> profiles = GetAccessControlProfile(); 390 LOGI("AccessControlProfile size is %{public}zu", profiles.size()); 391 DmOfflineParam offlineParam; 392 offlineParam.leftAclNumber = 0; 393 offlineParam.bindType = INVALIED_TYPE; 394 for (auto &item : profiles) { 395 if (item.GetTrustDeviceId() != trustDeviceId || item.GetStatus() != ACTIVE) { 396 continue; 397 } 398 offlineParam.leftAclNumber++; 399 uint32_t priority = INVALIED_TYPE; 400 if (item.GetBindType() == DM_IDENTICAL_ACCOUNT) { 401 priority = IDENTICAL_ACCOUNT_TYPE; 402 } else if (item.GetBindLevel() == DEVICE && item.GetAuthenticationType() == ALLOW_AUTH_ALWAYS) { 403 priority = DEVICE_PEER_TO_PEER_TYPE; 404 } else if (item.GetBindLevel() == DEVICE && item.GetAuthenticationType() == ALLOW_AUTH_ONCE) { 405 priority = DEVICE_PEER_TO_PEER_TYPE; 406 offlineParam.pkgNameVec.push_back(item.GetAccesser().GetAccesserBundleName()); 407 } else if ((item.GetAccesser().GetAccesserDeviceId() == requestDeviceId && 408 item.GetAccessee().GetAccesseeDeviceId() == trustDeviceId) || 409 (item.GetAccesser().GetAccesserDeviceId() == trustDeviceId && 410 item.GetAccessee().GetAccesseeDeviceId() == requestDeviceId)) { 411 priority = APP_PEER_TO_PEER_TYPE; 412 offlineParam.pkgNameVec.push_back(item.GetAccesser().GetAccesserBundleName()); 413 } 414 if (priority > offlineParam.bindType) { 415 offlineParam.bindType = priority; 416 } 417 } 418 return offlineParam; 419 } 420 PutAccessControlList(DmAclInfo aclInfo,DmAccesser dmAccesser,DmAccessee dmAccessee)421 int32_t DeviceProfileConnector::PutAccessControlList(DmAclInfo aclInfo, DmAccesser dmAccesser, DmAccessee dmAccessee) 422 { 423 LOGI("Start."); 424 Accesser accesser; 425 accesser.SetAccesserDeviceId(dmAccesser.requestDeviceId); 426 accesser.SetAccesserUserId(dmAccesser.requestUserId); 427 accesser.SetAccesserAccountId(dmAccesser.requestAccountId); 428 accesser.SetAccesserTokenId(dmAccesser.requestTokenId); 429 accesser.SetAccesserBundleName(dmAccesser.requestBundleName); 430 Accessee accessee; 431 accessee.SetAccesseeDeviceId(dmAccessee.trustDeviceId); 432 accessee.SetAccesseeUserId(dmAccessee.trustUserId); 433 accessee.SetAccesseeAccountId(dmAccessee.trustAccountId); 434 accessee.SetAccesseeTokenId(dmAccessee.trustTokenId); 435 accessee.SetAccesseeBundleName(dmAccessee.trustBundleName); 436 AccessControlProfile profile; 437 profile.SetBindType(aclInfo.bindType); 438 profile.SetBindLevel(aclInfo.bindLevel); 439 profile.SetStatus(ACTIVE); 440 profile.SetTrustDeviceId(aclInfo.trustDeviceId); 441 profile.SetDeviceIdType((int32_t)DeviceIdType::UDID); 442 profile.SetDeviceIdHash(aclInfo.deviceIdHash); 443 profile.SetAuthenticationType(aclInfo.authenticationType); 444 profile.SetAccessee(accessee); 445 profile.SetAccesser(accesser); 446 int32_t ret = DistributedDeviceProfileClient::GetInstance().PutAccessControlProfile(profile); 447 if (ret != DM_OK) { 448 LOGE("PutAccessControlProfile failed."); 449 } 450 return ret; 451 } 452 DeleteAccessControlList(int32_t userId,std::string & accountId)453 int32_t DeviceProfileConnector::DeleteAccessControlList(int32_t userId, std::string &accountId) 454 { 455 LOGI("Start."); 456 std::vector<AccessControlProfile> profiles; 457 std::map<std::string, std::string> queryParams; 458 queryParams["userId"] = std::to_string(userId); 459 if (DistributedDeviceProfileClient::GetInstance().GetAccessControlProfile(queryParams, profiles) != DM_OK) { 460 LOGE("DP GetAccessControlProfile failed."); 461 } 462 LOGI("Size is %{public}zu", profiles.size()); 463 for (auto &item : profiles) { 464 LOGI("BindType is : %{public}d.", item.GetBindType()); 465 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); 466 } 467 return DM_OK; 468 } 469 DeleteAccessControlList(const std::string & udid)470 void DeviceProfileConnector::DeleteAccessControlList(const std::string &udid) 471 { 472 LOGI("Udid: %{public}s.", GetAnonyString(udid).c_str()); 473 if (udid.empty()) { 474 LOGE("DeleteAccessControlList udid is empty."); 475 return; 476 } 477 std::vector<AccessControlProfile> profiles = GetAccessControlProfile(); 478 LOGI("Size is %{public}zu", profiles.size()); 479 for (const auto &item : profiles) { 480 if (item.GetTrustDeviceId() == udid) { 481 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); 482 } 483 } 484 } 485 DeleteAclForAccountLogOut(const std::string & localUdid,int32_t userId,const std::string & remoteUdid)486 void DeviceProfileConnector::DeleteAclForAccountLogOut(const std::string &localUdid, int32_t userId, 487 const std::string &remoteUdid) 488 { 489 LOGI("localUdid %{public}s, userId %{public}d, remoteUdid %{public}s.", GetAnonyString(localUdid).c_str(), userId, 490 GetAnonyString(remoteUdid).c_str()); 491 std::vector<AccessControlProfile> profiles = GetAccessControlProfileByUserId(userId); 492 for (const auto &item : profiles) { 493 if (item.GetTrustDeviceId() == remoteUdid) { 494 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); 495 } 496 } 497 } 498 DeleteAclForUserRemoved(int32_t userId)499 void DeviceProfileConnector::DeleteAclForUserRemoved(int32_t userId) 500 { 501 LOGI("DeleteAclForUserRemoved userId %{public}d.", userId); 502 std::vector<AccessControlProfile> profiles = GetAccessControlProfileByUserId(userId); 503 for (const auto &item : profiles) { 504 if (item.GetAccesser().GetAccesserUserId() == userId || item.GetAccessee().GetAccesseeUserId() == userId) { 505 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); 506 } 507 } 508 } 509 GetDeviceIdAndBindType(int32_t userId,const std::string & accountId,const std::string & localUdid)510 std::map<std::string, int32_t> DeviceProfileConnector::GetDeviceIdAndBindType(int32_t userId, 511 const std::string &accountId, const std::string &localUdid) 512 { 513 LOGI("userId %{public}d, accountId %{public}s.", userId, GetAnonyString(accountId).c_str()); 514 std::vector<AccessControlProfile> profiles = GetAccessControlProfileByUserId(userId); 515 std::map<std::string, int32_t> deviceIdMap; 516 for (const auto &item : profiles) { 517 if (item.GetAccesser().GetAccesserUserId() == userId && 518 item.GetAccesser().GetAccesserAccountId() == accountId && 519 item.GetAccesser().GetAccesserDeviceId() == localUdid) { 520 LOGI("Account logout localUdid %{public}s is src.", GetAnonyString(localUdid).c_str()); 521 UpdateBindType(item.GetTrustDeviceId(), item.GetBindType(), deviceIdMap); 522 continue; 523 } 524 if (item.GetAccessee().GetAccesseeUserId() == userId && 525 item.GetAccessee().GetAccesseeAccountId() == accountId && 526 item.GetAccessee().GetAccesseeDeviceId() == localUdid) { 527 LOGI("Account logout localUdid %{public}s is sink.", GetAnonyString(localUdid).c_str()); 528 UpdateBindType(item.GetTrustDeviceId(), item.GetBindType(), deviceIdMap); 529 continue; 530 } 531 } 532 return deviceIdMap; 533 } 534 UpdateBindType(const std::string & udid,int32_t bindType,std::map<std::string,int32_t> & deviceMap)535 void DeviceProfileConnector::UpdateBindType(const std::string &udid, int32_t bindType, 536 std::map<std::string, int32_t> &deviceMap) 537 { 538 LOGI("BindType %{public}d.", bindType); 539 if (deviceMap.find(udid) == deviceMap.end()) { 540 deviceMap[udid] = bindType; 541 } else { 542 deviceMap[udid] = std::min(deviceMap[udid], bindType); 543 } 544 } 545 DeleteAccessControlList(std::string pkgName,std::string localDeviceId,std::string remoteDeviceId)546 DmOfflineParam DeviceProfileConnector::DeleteAccessControlList(std::string pkgName, std::string localDeviceId, 547 std::string remoteDeviceId) 548 { 549 LOGI("DeleteAccessControlList by pkgName %{public}s, localDeviceId %{public}s, remoteDeviceId %{public}s.", 550 pkgName.c_str(), GetAnonyString(localDeviceId).c_str(), GetAnonyString(remoteDeviceId).c_str()); 551 std::vector<AccessControlProfile> profiles = GetAccessControlProfile(); 552 LOGI("Size is %{public}zu", profiles.size()); 553 DmOfflineParam offlineParam; 554 offlineParam.bindType = INVALIED_TYPE; 555 offlineParam.leftAclNumber = 0; 556 for (auto &item : profiles) { 557 if (item.GetTrustDeviceId() != remoteDeviceId || item.GetStatus() != ACTIVE) { 558 continue; 559 } 560 if (item.GetBindType() == DM_IDENTICAL_ACCOUNT) { 561 LOGE("Identical account forbid unbind."); 562 offlineParam.bindType = INVALIED_TYPE; 563 return offlineParam; 564 } 565 if (item.GetTrustDeviceId() == remoteDeviceId) { 566 offlineParam.leftAclNumber++; 567 if (item.GetBindLevel() == DEVICE && item.GetBindType() != DM_IDENTICAL_ACCOUNT && 568 (item.GetAccesser().GetAccesserBundleName() == pkgName || 569 item.GetAccesser().GetAccesserBundleName() == "")) { 570 LOGI("DeleteAccessControlList device unbind."); 571 offlineParam.bindType = DEVICE_PEER_TO_PEER_TYPE; 572 } 573 } 574 } 575 for (auto &item : profiles) { 576 if (item.GetTrustDeviceId() != remoteDeviceId || item.GetStatus() != ACTIVE) { 577 continue; 578 } 579 if ((item.GetAccesser().GetAccesserDeviceId() == localDeviceId && 580 item.GetAccessee().GetAccesseeDeviceId() == remoteDeviceId) || 581 (item.GetAccessee().GetAccesseeDeviceId() == localDeviceId && 582 item.GetAccesser().GetAccesserDeviceId() == remoteDeviceId)) { 583 if (offlineParam.bindType == DEVICE_PEER_TO_PEER_TYPE) { 584 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); 585 offlineParam.leftAclNumber--; 586 } else if (item.GetAccesser().GetAccesserBundleName() == pkgName && 587 item.GetAccessee().GetAccesseeBundleName() == pkgName) { 588 offlineParam.bindType = APP_PEER_TO_PEER_TYPE; 589 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); 590 offlineParam.leftAclNumber--; 591 break; 592 } 593 } 594 } 595 return offlineParam; 596 } 597 UpdateAccessControlList(int32_t userId,std::string & oldAccountId,std::string & newAccountId)598 int32_t DeviceProfileConnector::UpdateAccessControlList(int32_t userId, std::string &oldAccountId, 599 std::string &newAccountId) 600 { 601 LOGI("Start."); 602 std::vector<AccessControlProfile> profiles = GetAccessControlProfile(); 603 LOGI("AccessControlProfile size is %{public}zu", profiles.size()); 604 for (auto &item : profiles) { 605 if ((item.GetAccesser().GetAccesserUserId() == userId && 606 item.GetAccesser().GetAccesserAccountId() == oldAccountId) || 607 (item.GetAccessee().GetAccesseeUserId() == userId && 608 item.GetAccessee().GetAccesseeAccountId() == oldAccountId)) { 609 item.SetStatus(INACTIVE); 610 DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(item); 611 } 612 if ((item.GetAccesser().GetAccesserUserId() == userId && 613 item.GetAccesser().GetAccesserAccountId() == newAccountId) || 614 (item.GetAccessee().GetAccesseeUserId() == userId && 615 item.GetAccessee().GetAccesseeAccountId() == newAccountId)) { 616 item.SetStatus(ACTIVE); 617 DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(item); 618 } 619 } 620 return DM_OK; 621 } 622 CheckIdenticalAccount(int32_t userId,const std::string & accountId)623 bool DeviceProfileConnector::CheckIdenticalAccount(int32_t userId, const std::string &accountId) 624 { 625 LOGI("Start"); 626 std::vector<AccessControlProfile> profiles; 627 std::map<std::string, std::string> queryParams; 628 queryParams["userId"] = std::to_string(userId); 629 queryParams["accountId"] = accountId; 630 if (DistributedDeviceProfileClient::GetInstance().GetAccessControlProfile(queryParams, profiles) != DM_OK) { 631 LOGE("DP GetAccessControlProfile failed."); 632 } 633 for (auto &item : profiles) { 634 if (item.GetBindType() == DM_IDENTICAL_ACCOUNT && item.GetStatus() == ACTIVE) { 635 return true; 636 } 637 } 638 return false; 639 } DeleteP2PAccessControlList(int32_t userId,std::string & accountId)640 int32_t DeviceProfileConnector::DeleteP2PAccessControlList(int32_t userId, std::string &accountId) 641 { 642 LOGI("Start"); 643 std::vector<AccessControlProfile> profiles; 644 std::map<std::string, std::string> queryParams; 645 queryParams["userId"] = std::to_string(userId); 646 queryParams["accountId"] = accountId; 647 if (DistributedDeviceProfileClient::GetInstance().GetAccessControlProfile(queryParams, profiles) != DM_OK) { 648 LOGE("DP GetAccessControlProfile failed."); 649 } 650 for (auto &item : profiles) { 651 if (item.GetBindType() == DM_IDENTICAL_ACCOUNT || item.GetStatus() != ACTIVE) { 652 continue; 653 } 654 if ((item.GetAccesser().GetAccesserUserId() == userId && 655 item.GetAccesser().GetAccesserAccountId() == accountId) || 656 (item.GetAccessee().GetAccesseeUserId() == userId && 657 item.GetAccessee().GetAccesseeAccountId() == accountId)) { 658 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); 659 } 660 } 661 return DM_OK; 662 } 663 CheckSrcDevIdInAclForDevBind(const std::string & pkgName,const std::string & deviceId)664 bool DeviceProfileConnector::CheckSrcDevIdInAclForDevBind(const std::string &pkgName, const std::string &deviceId) 665 { 666 LOGI("Start"); 667 std::vector<AccessControlProfile> profiles = GetAccessControlProfile(); 668 LOGI("AccessControlProfile size is %{public}zu", profiles.size()); 669 for (auto &item : profiles) { 670 if (item.GetTrustDeviceId() == deviceId && item.GetStatus() == ACTIVE && 671 item.GetBindLevel() == DEVICE && (item.GetAccessee().GetAccesseeBundleName() == pkgName || 672 item.GetAccesser().GetAccesserBundleName() == "") && item.GetAccessee().GetAccesseeUserId() == 0 && 673 item.GetAccessee().GetAccesseeAccountId() == "") { 674 return true; 675 } 676 } 677 return false; 678 } 679 CheckSinkDevIdInAclForDevBind(const std::string & pkgName,const std::string & deviceId)680 bool DeviceProfileConnector::CheckSinkDevIdInAclForDevBind(const std::string &pkgName, const std::string &deviceId) 681 { 682 LOGI("Start"); 683 std::vector<AccessControlProfile> profiles = GetAccessControlProfile(); 684 LOGI("AccessControlProfile size is %{public}zu", profiles.size()); 685 for (auto &item : profiles) { 686 if (item.GetTrustDeviceId() == deviceId && item.GetStatus() == ACTIVE && 687 item.GetBindLevel() == DEVICE && (item.GetAccesser().GetAccesserBundleName() == pkgName || 688 item.GetAccesser().GetAccesserBundleName() == "") && item.GetAccesser().GetAccesserUserId() == 0 && 689 item.GetAccesser().GetAccesserAccountId() == "") { 690 return true; 691 } 692 } 693 return false; 694 } 695 CheckDevIdInAclForDevBind(const std::string & pkgName,const std::string & deviceId)696 bool DeviceProfileConnector::CheckDevIdInAclForDevBind(const std::string &pkgName, const std::string &deviceId) 697 { 698 return (CheckSinkDevIdInAclForDevBind(pkgName, deviceId) || CheckSrcDevIdInAclForDevBind(pkgName, deviceId)); 699 } 700 DeleteTimeOutAcl(const std::string & deviceId)701 uint32_t DeviceProfileConnector::DeleteTimeOutAcl(const std::string &deviceId) 702 { 703 LOGI("Start"); 704 std::vector<AccessControlProfile> profiles = GetAccessControlProfile(); 705 LOGI("AccessControlProfile size is %{public}zu", profiles.size()); 706 uint32_t res = 0; 707 for (auto &item : profiles) { 708 if (item.GetTrustDeviceId() != deviceId || item.GetStatus() != ACTIVE) { 709 continue; 710 } 711 res++; 712 if (item.GetAuthenticationType() == ALLOW_AUTH_ONCE) { 713 res--; 714 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId()); 715 } 716 } 717 return res; 718 } 719 GetTrustNumber(const std::string & deviceId)720 int32_t DeviceProfileConnector::GetTrustNumber(const std::string &deviceId) 721 { 722 LOGI("Start"); 723 std::vector<AccessControlProfile> profiles = GetAccessControlProfile(); 724 LOGI("AccessControlProfile size is %{public}zu", profiles.size()); 725 int32_t trustNumber = 0; 726 for (auto &item : profiles) { 727 if (item.GetTrustDeviceId() == deviceId && item.GetStatus() == ACTIVE) { 728 trustNumber++; 729 } 730 } 731 return trustNumber; 732 } 733 CheckPkgnameInAcl(std::string pkgName,std::string localDeviceId,std::string remoteDeviceId)734 bool DeviceProfileConnector::CheckPkgnameInAcl(std::string pkgName, std::string localDeviceId, 735 std::string remoteDeviceId) 736 { 737 LOGI("Start"); 738 std::vector<AccessControlProfile> profiles = GetAccessControlProfile(); 739 LOGI("AccessControlProfile size is %{public}zu", profiles.size()); 740 for (auto &item : profiles) { 741 if (item.GetTrustDeviceId() != remoteDeviceId || item.GetStatus() != ACTIVE || 742 item.GetBindType() == DM_IDENTICAL_ACCOUNT) { 743 continue; 744 } 745 if (item.GetBindLevel() == DEVICE && (item.GetAccesser().GetAccesserBundleName() == pkgName || 746 item.GetAccessee().GetAccesseeBundleName() == pkgName || 747 item.GetAccesser().GetAccesserBundleName() == "" || item.GetAccessee().GetAccesseeBundleName() == "")) { 748 LOGI("The pkgname %{public}s is peer-to-peer device unbind.", pkgName.c_str()); 749 return true; 750 } else if (item.GetBindLevel() == APP && item.GetAccesser().GetAccesserBundleName() == pkgName && 751 item.GetAccesser().GetAccesserDeviceId() == localDeviceId) { 752 LOGI("The accesser pkgname %{public}s is peer-to-peer app unbind.", pkgName.c_str()); 753 return true; 754 } else if (item.GetBindLevel() == APP && item.GetAccessee().GetAccesseeBundleName() == pkgName && 755 item.GetAccessee().GetAccesseeDeviceId() == localDeviceId) { 756 LOGI("The accessee pkgname %{public}s is peer-to-peer app unbind.", pkgName.c_str()); 757 return true; 758 } 759 } 760 return false; 761 } 762 IsSameAccount(const std::string & udid)763 int32_t DeviceProfileConnector::IsSameAccount(const std::string &udid) 764 { 765 LOGI("Start."); 766 std::vector<AccessControlProfile> profiles = GetAccessControlProfile(); 767 for (auto &item : profiles) { 768 if (item.GetTrustDeviceId() == udid && item.GetStatus() == ACTIVE) { 769 if (item.GetBindType() == DM_IDENTICAL_ACCOUNT) { // 同账号 770 LOGI("The udid %{public}s is identical bind.", GetAnonyString(udid).c_str()); 771 return DM_OK; 772 } 773 } 774 } 775 return ERR_DM_FAILED; 776 } 777 CheckAccessControl(const DmAccessCaller & caller,const std::string & srcUdid,const DmAccessCallee & callee,const std::string & sinkUdid)778 int32_t DeviceProfileConnector::CheckAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, 779 const DmAccessCallee &callee, const std::string &sinkUdid) 780 { 781 LOGI("PkgName %{public}s, srcUdid %{public}s, sinkUdid %{public}s", 782 caller.pkgName.c_str(), GetAnonyString(srcUdid).c_str(), GetAnonyString(sinkUdid).c_str()); 783 std::vector<AccessControlProfile> profiles = GetAccessControlProfile(); 784 for (auto &item : profiles) { 785 if (item.GetStatus() != ACTIVE || (item.GetTrustDeviceId() != sinkUdid && 786 item.GetTrustDeviceId() != srcUdid)) { 787 continue; 788 } 789 if (SingleUserProcess(item, caller, callee)) { 790 return DM_OK; 791 } 792 } 793 return ERR_DM_FAILED; 794 } 795 SingleUserProcess(const DistributedDeviceProfile::AccessControlProfile & profile,const DmAccessCaller & caller,const DmAccessCallee & callee)796 bool DeviceProfileConnector::SingleUserProcess(const DistributedDeviceProfile::AccessControlProfile &profile, 797 const DmAccessCaller &caller, const DmAccessCallee &callee) 798 { 799 LOGI("BindType %{public}d, bindLevel %{public}d.", 800 profile.GetBindType(), profile.GetBindLevel()); 801 uint32_t bindType = profile.GetBindType(); 802 bool ret = false; 803 switch (bindType) { 804 case DM_IDENTICAL_ACCOUNT: 805 ret = true; 806 break; 807 case DM_POINT_TO_POINT: 808 if (profile.GetBindLevel() == DEVICE || profile.GetBindLevel() == SERVICE) { 809 ret = true; 810 } else if (profile.GetBindLevel() == APP && 811 profile.GetAccesser().GetAccesserBundleName() == caller.pkgName) { 812 ret = true; 813 } 814 break; 815 case DM_ACROSS_ACCOUNT: 816 if (profile.GetBindLevel() == DEVICE || profile.GetBindLevel() == SERVICE) { 817 ret = true; 818 } else if (profile.GetBindLevel() == APP && 819 profile.GetAccesser().GetAccesserBundleName() == caller.pkgName) { 820 ret = true; 821 } 822 break; 823 default: 824 LOGE("unknown bind type %{public}d.", bindType); 825 break; 826 } 827 return ret; 828 } 829 CheckIsSameAccount(const DmAccessCaller & caller,const std::string & srcUdid,const DmAccessCallee & callee,const std::string & sinkUdid)830 int32_t DeviceProfileConnector::CheckIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid, 831 const DmAccessCallee &callee, const std::string &sinkUdid) 832 { 833 LOGI(" DeviceProfileConnector::CheckIsSameAccount pkgName %{public}s, srcUdid %{public}s, sinkUdid %{public}s", 834 caller.pkgName.c_str(), GetAnonyString(srcUdid).c_str(), GetAnonyString(sinkUdid).c_str()); 835 std::vector<AccessControlProfile> profiles = GetAccessControlProfile(); 836 for (auto &item : profiles) { 837 if (item.GetStatus() != ACTIVE || (item.GetTrustDeviceId() != sinkUdid && 838 item.GetTrustDeviceId() != srcUdid)) { 839 continue; 840 } 841 if (item.GetBindType() == DM_IDENTICAL_ACCOUNT) { 842 LOGI("The udid %{public}s is identical bind.", GetAnonyString(item.GetTrustDeviceId()).c_str()); 843 return DM_OK; 844 } 845 } 846 return ERR_DM_FAILED; 847 } 848 CreateDpConnectorInstance()849 IDeviceProfileConnector *CreateDpConnectorInstance() 850 { 851 return &DeviceProfileConnector::GetInstance(); 852 } 853 } // namespace DistributedHardware 854 } // namespace OHOS 855