1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #define LOG_TAG "SystemApi"
16 #include "system_api.h"
17 #include <regex>
18 #include <sys/stat.h>
19 #include <unistd.h>
20 #include "log_print.h"
21 #include "security_label.h"
22 #include "store_util.h"
23 namespace OHOS::DistributedKv {
24 using Label = DistributedDB::SecurityLabel;
25 using Flag = DistributedDB::SecurityFlag;
26 using SecurityLabel = OHOS::FileManagement::ModuleSecurityLabel::SecurityLabel;
SystemApi()27 SystemApi::SystemApi()
28 {
29 }
30
~SystemApi()31 SystemApi::~SystemApi()
32 {
33 }
34
RegOnAccessControlledEvent(const AccessEventHanle & callback)35 SystemApi::DBStatus SystemApi::RegOnAccessControlledEvent(const AccessEventHanle &callback)
36 {
37 return DBStatus::NOT_SUPPORT;
38 }
39
IsAccessControlled() const40 bool SystemApi::IsAccessControlled() const
41 {
42 return false;
43 }
44
SetSecurityOption(const std::string & filePath,const DBOption & option)45 SystemApi::DBStatus SystemApi::SetSecurityOption(const std::string &filePath, const DBOption &option)
46 {
47 if (filePath.empty() || option.securityLabel < Label::NOT_SET || option.securityLabel > Label::S4) {
48 return DBStatus::INVALID_ARGS;
49 }
50
51 struct stat curStat;
52 stat(filePath.c_str(), &curStat);
53 if (S_ISDIR(curStat.st_mode)) {
54 return DBStatus::NOT_SUPPORT;
55 }
56
57 if (access(filePath.c_str(), F_OK) != 0) {
58 return DBStatus::INVALID_ARGS;
59 }
60
61 if (option.securityLabel == Label::NOT_SET) {
62 return DBStatus::OK;
63 }
64
65 auto secLevel = std::string("s") + std::to_string(option.securityLabel - 1);
66 bool result = SecurityLabel::SetSecurityLabel(filePath, secLevel);
67 if (!result) {
68 ZLOGE("set label failed! level:%{public}s, file:%{public}s", secLevel.c_str(),
69 StoreUtil::Anonymous(filePath).c_str());
70 return DBStatus::DB_ERROR;
71 }
72
73 return DBStatus::OK;
74 }
75
GetSecurityOption(const std::string & filePath,DBOption & option) const76 SystemApi::DBStatus SystemApi::GetSecurityOption(const std::string &filePath, DBOption &option) const
77 {
78 if (filePath.empty()) {
79 return DBStatus::INVALID_ARGS;
80 }
81
82 struct stat curStat;
83 stat(filePath.c_str(), &curStat);
84 if (S_ISDIR(curStat.st_mode)) {
85 return DBStatus::NOT_SUPPORT;
86 }
87
88 if (access(filePath.c_str(), F_OK) != 0) {
89 option = {Label::NOT_SET, Flag::ECE};
90 return DBStatus::OK;
91 }
92
93 std::string value = SecurityLabel::GetSecurityLabel(filePath);
94 if (!std::regex_match(value, std::regex("s([01234])"))) {
95 option = {Label::NOT_SET, Flag::ECE};
96 return DBStatus::OK;
97 }
98 option = { (value[1] - '0') + 1, value[1] == '3' ? Flag::SECE : Flag::ECE};
99 return DBStatus::OK;
100 }
101
CheckDeviceSecurityAbility(const std::string & devId,const DBOption & option) const102 bool SystemApi::CheckDeviceSecurityAbility(const std::string &devId, const DBOption &option) const
103 {
104 return false;
105 }
106 } // namespace OHOS::DistributedKv