1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dlp_policy_parcel.h"
17 #include "dlp_permission_log.h"
18 #include "permission_policy.h"
19 #include "securec.h"
20 namespace OHOS {
21 namespace Security {
22 namespace DlpPermission {
23 namespace {
24 const uint32_t MAX_ACCOUNT_NUM = 100;
25 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_DLP_PERMISSION, "DlpPermissionParcel"};
26 }
Marshalling(Parcel & out) const27 bool DlpPolicyParcel::Marshalling(Parcel& out) const
28 {
29 const std::vector<AuthUserInfo>& userList = this->policyParams_.authUsers_;
30 uint32_t listSize = userList.size();
31 if (!(out.WriteUint32(listSize))) {
32 DLP_LOG_ERROR(LABEL, "Write auth user num fail");
33 return false;
34 }
35
36 for (uint32_t i = 0; i < listSize; i++) {
37 sptr<AuthUserInfoParcel> authUserInfoParcel = new (std::nothrow) AuthUserInfoParcel();
38 if (authUserInfoParcel == nullptr) {
39 DLP_LOG_ERROR(LABEL, "Alloc auth user info parcel fail");
40 return false;
41 }
42 authUserInfoParcel->authUserInfo_ = userList[i];
43 if (!(out.WriteParcelable(authUserInfoParcel))) {
44 DLP_LOG_ERROR(LABEL, "Write auth user info parcel fail");
45 return false;
46 }
47 }
48 if (!(out.WriteBool(this->policyParams_.supportEveryone_))) {
49 DLP_LOG_ERROR(LABEL, "Write supportEveryone_ fail");
50 }
51 if (!(out.WriteUint8(this->policyParams_.everyonePerm_))) {
52 DLP_LOG_ERROR(LABEL, "Write everyonePerm_ fail");
53 }
54
55 MarshallingAccountInfo(out);
56 if (!(out.WriteUint8(this->policyParams_.perm_))) {
57 DLP_LOG_ERROR(LABEL, "Write perm fail");
58 }
59
60 MarshallingKey(out);
61 MarshallingExpireTime(out);
62 if (!(out.WriteUint32(this->policyParams_.dlpVersion_))) {
63 DLP_LOG_ERROR(LABEL, "Write dlpVersion_ fail");
64 }
65 if (!(out.WriteBool(this->policyParams_.debug_))) {
66 DLP_LOG_ERROR(LABEL, "Write debug_ fail");
67 }
68 return true;
69 }
70
MarshallingAccountInfo(Parcel & out) const71 void DlpPolicyParcel::MarshallingAccountInfo(Parcel& out) const
72 {
73 if (!(out.WriteString(this->policyParams_.ownerAccount_))) {
74 DLP_LOG_ERROR(LABEL, "Write owner account fail");
75 }
76 if (!(out.WriteString(this->policyParams_.ownerAccountId_))) {
77 DLP_LOG_ERROR(LABEL, "Write owner accountId fail");
78 }
79 if (!(out.WriteUint8(this->policyParams_.ownerAccountType_))) {
80 DLP_LOG_ERROR(LABEL, "Write owner account type fail");
81 }
82 if (!(out.WriteString(this->policyParams_.accountName_))) {
83 DLP_LOG_ERROR(LABEL, "Write accountName fail");
84 }
85 if (!(out.WriteString(this->policyParams_.acountId_))) {
86 DLP_LOG_ERROR(LABEL, "Write accountId fail");
87 }
88 if (!(out.WriteUint8(this->policyParams_.acountType_))) {
89 DLP_LOG_ERROR(LABEL, "Write accountType fail");
90 }
91 }
92
MarshallingKey(Parcel & out) const93 void DlpPolicyParcel::MarshallingKey(Parcel& out) const
94 {
95 if (!(out.WriteUint32(this->policyParams_.GetAeskeyLen()))) {
96 DLP_LOG_ERROR(LABEL, "Write aes key len fail");
97 }
98 if (!(out.WriteBuffer(this->policyParams_.GetAeskey(), this->policyParams_.GetAeskeyLen()))) {
99 DLP_LOG_ERROR(LABEL, "Write aes key fail");
100 }
101 if (!(out.WriteUint32(this->policyParams_.GetIvLen()))) {
102 DLP_LOG_ERROR(LABEL, "Write iv len fail");
103 }
104 if (!(out.WriteBuffer(this->policyParams_.GetIv(), this->policyParams_.GetIvLen()))) {
105 DLP_LOG_ERROR(LABEL, "Write iv fail");
106 }
107 if (!(out.WriteUint32(this->policyParams_.GetHmacKeyLen()))) {
108 DLP_LOG_ERROR(LABEL, "Write Hmac len fail");
109 }
110 if (this->policyParams_.GetHmacKeyLen() > 0) {
111 if (!(out.WriteBuffer(this->policyParams_.GetHmacKey(), this->policyParams_.GetHmacKeyLen()))) {
112 DLP_LOG_ERROR(LABEL, "Write Hmac fail");
113 }
114 }
115 }
116
MarshallingExpireTime(Parcel & out) const117 void DlpPolicyParcel::MarshallingExpireTime(Parcel& out) const
118 {
119 if (!(out.WriteUint64(this->policyParams_.expireTime_))) {
120 DLP_LOG_ERROR(LABEL, "Write expiryTime_ fail");
121 }
122 if (!(out.WriteUint32(this->policyParams_.needOnline_))) {
123 DLP_LOG_ERROR(LABEL, "Write needOnline_ fail");
124 }
125 }
126
ReadKey(PermissionPolicy & policy,Parcel & in)127 static bool ReadKey(PermissionPolicy& policy, Parcel& in)
128 {
129 uint32_t len;
130 if (!in.ReadUint32(len)) {
131 DLP_LOG_ERROR(LABEL, "Read aes key len fail");
132 return false;
133 }
134 if (!CheckAesParamLen(len)) {
135 DLP_LOG_ERROR(LABEL, "Aes key len is invalid, len=%{public}u", len);
136 return false;
137 }
138 const uint8_t* key = in.ReadUnpadBuffer(len);
139 if (key == nullptr) {
140 DLP_LOG_ERROR(LABEL, "Read aes key fail");
141 return false;
142 }
143 policy.SetAeskey(key, len);
144
145 if (!in.ReadUint32(len)) {
146 DLP_LOG_ERROR(LABEL, "Read iv len fail");
147 return false;
148 }
149 if (!CheckAesParamLen(len)) {
150 DLP_LOG_ERROR(LABEL, "Iv len is invalid, len=%{public}u", len);
151 return false;
152 }
153 const uint8_t* iv = in.ReadUnpadBuffer(len);
154 if (iv == nullptr) {
155 DLP_LOG_ERROR(LABEL, "Read iv fail");
156 return false;
157 }
158 policy.SetIv(iv, len);
159
160 if (!in.ReadUint32(len)) {
161 DLP_LOG_ERROR(LABEL, "Read hmac key len fail");
162 return false;
163 }
164 const uint8_t* hmacKey = nullptr;
165 if (len > 0) {
166 hmacKey = in.ReadUnpadBuffer(len);
167 if (hmacKey == nullptr) {
168 DLP_LOG_ERROR(LABEL, "Read hmacKey fail");
169 return false;
170 }
171 }
172 policy.SetHmacKey(hmacKey, len);
173 return true;
174 }
175
ReadAesParam(PermissionPolicy & policy,Parcel & in)176 static bool ReadAesParam(PermissionPolicy& policy, Parcel& in)
177 {
178 if (!ReadKey(policy, in)) {
179 return false;
180 }
181
182 if (!(in.ReadUint64(policy.expireTime_))) {
183 DLP_LOG_ERROR(LABEL, "Read expiryTime_ fail");
184 return false;
185 }
186 if (!(in.ReadUint32(policy.needOnline_))) {
187 DLP_LOG_ERROR(LABEL, "Read needOnline_ fail");
188 return false;
189 }
190 if (!(in.ReadUint32(policy.dlpVersion_))) {
191 DLP_LOG_ERROR(LABEL, "Read dlpVersion_ fail");
192 return false;
193 }
194 if (!(in.ReadBool(policy.debug_))) {
195 DLP_LOG_ERROR(LABEL, "Read debug_ fail");
196 return false;
197 }
198 return true;
199 }
200
ReadAccountInfo(PermissionPolicy & policy,Parcel & in)201 static bool ReadAccountInfo(PermissionPolicy& policy, Parcel& in)
202 {
203 if (!(in.ReadString(policy.ownerAccount_))) {
204 DLP_LOG_ERROR(LABEL, "Read owner account fail");
205 return false;
206 }
207 if (!(in.ReadString(policy.ownerAccountId_))) {
208 DLP_LOG_ERROR(LABEL, "Read owner accountId fail");
209 return false;
210 }
211 uint8_t res = 0;
212 if (!(in.ReadUint8(res))) {
213 DLP_LOG_ERROR(LABEL, "Read owner account type fail");
214 return false;
215 }
216 policy.ownerAccountType_ = static_cast<DlpAccountType>(res);
217 if (!(in.ReadString(policy.accountName_))) {
218 DLP_LOG_ERROR(LABEL, "Read accountName fail");
219 return false;
220 }
221 if (!(in.ReadString(policy.acountId_))) {
222 DLP_LOG_ERROR(LABEL, "Read accountId fail");
223 return false;
224 }
225 uint8_t type = 0;
226 if (!(in.ReadUint8(type))) {
227 DLP_LOG_ERROR(LABEL, "Read account type fail");
228 return false;
229 }
230 policy.acountType_ = static_cast<DlpAccountType>(type);
231 return true;
232 }
233
ReadParcel(Parcel & in,DlpPolicyParcel * policyParcel)234 static bool ReadParcel(Parcel& in, DlpPolicyParcel* policyParcel)
235 {
236 uint32_t listSize;
237 if (!in.ReadUint32(listSize)) {
238 DLP_LOG_ERROR(LABEL, "Read auth user num fail");
239 return false;
240 }
241 if (listSize > MAX_ACCOUNT_NUM) {
242 DLP_LOG_ERROR(LABEL, "Auth users number exceeds %{public}u, total=%{public}u", MAX_ACCOUNT_NUM, listSize);
243 return false;
244 }
245 for (uint32_t i = 0; i < listSize; i++) {
246 sptr<AuthUserInfoParcel> authUserInfoParcel = in.ReadParcelable<AuthUserInfoParcel>();
247 if (authUserInfoParcel == nullptr) {
248 DLP_LOG_ERROR(LABEL, "Read auth user info parcel fail");
249 return false;
250 }
251 policyParcel->policyParams_.authUsers_.emplace_back(authUserInfoParcel->authUserInfo_);
252 }
253 if (!(in.ReadBool(policyParcel->policyParams_.supportEveryone_))) {
254 DLP_LOG_ERROR(LABEL, "Write supportEveryone_ fail");
255 return false;
256 }
257 uint8_t everyonePerm;
258 if (!(in.ReadUint8(everyonePerm))) {
259 DLP_LOG_ERROR(LABEL, "Write everyonePerm_ fail");
260 return false;
261 }
262 policyParcel->policyParams_.everyonePerm_ = static_cast<DLPFileAccess>(everyonePerm);
263 if (!ReadAccountInfo(policyParcel->policyParams_, in)) {
264 DLP_LOG_ERROR(LABEL, "Read owner info fail");
265 return false;
266 }
267 uint8_t perm = 0;
268 if (!(in.ReadUint8(perm))) {
269 DLP_LOG_ERROR(LABEL, "Read owner account type fail");
270 return false;
271 }
272 policyParcel->policyParams_.perm_ = static_cast<DLPFileAccess>(perm);
273 return ReadAesParam(policyParcel->policyParams_, in);
274 }
275
Unmarshalling(Parcel & in)276 DlpPolicyParcel* DlpPolicyParcel::Unmarshalling(Parcel& in)
277 {
278 DlpPolicyParcel* policyParcel = new (std::nothrow) DlpPolicyParcel();
279 if (policyParcel == nullptr) {
280 DLP_LOG_ERROR(LABEL, "Alloc policy parcel fail");
281 return nullptr;
282 }
283
284 if (!ReadParcel(in, policyParcel)) {
285 delete policyParcel;
286 policyParcel = nullptr;
287 }
288 return policyParcel;
289 }
290 } // namespace DlpPermission
291 } // namespace Security
292 } // namespace OHOS
293