Name |
Date |
Size |
#Lines |
LOC |
||
|---|---|---|---|---|---|---|
| .. | - | - | ||||
| figures/ | 12-May-2024 | - | ||||
| frameworks/datatransmitmgr/ | 12-May-2024 | - | 637 | 520 | ||
| interfaces/innerkits/datatransmitmgr/ | 12-May-2024 | - | 261 | 146 | ||
| test/unittest/datatransmitmgr/ | 12-May-2024 | - | 219 | 158 | ||
| .gitattributes | D | 12-May-2024 | 631 | 16 | 15 | |
| BUILD.gn | D | 12-May-2024 | 771 | 18 | 16 | |
| LICENSE | D | 12-May-2024 | 10.1 KiB | 177 | 150 | |
| README.md | D | 12-May-2024 | 5.9 KiB | 76 | 58 | |
| README_zh.md | D | 12-May-2024 | 3.4 KiB | 68 | 40 | |
| bundle.json | D | 12-May-2024 | 1.7 KiB | 55 | 54 |
README.md
1# dataclassification<a name="EN-US_TOPIC_0000001154987675"></a> 2 3- [Introduction](#section11660541593) 4- [Architecture](#section342962219551) 5- [Available APIs](#section92711824195113) 6- [Repositories Involved](#section155556361910) 7 8## Introduction<a name="section11660541593"></a> 9 10The data classification module of OpenHarmony provides hierarchical data protection policies and related APIs. \(Currently, OpenHarmony does not provide implementations for specific APIs. These APIs must be implemented by the device vendors to protect the security of data on OpenHarmony devices.\) 11 12The data classification module provides the following APIs \(into two submodules\): 13 14- APIs for setting and obtaining the data label: With these APIs, you can set and obtain the security level of a file to be written to the disk. 15- APIs for controlling cross-device data access based on the device security level: The distributed cross-device data transmission service can use these APIs to obtain the highest data security level supported by the peer device. 16 17The two submodules only contain API definitions, but do not implement these APIs. The following figure shows the architecture of the data classification module. 18 19## Architecture<a name="section342962219551"></a> 20 21**Figure 1** Architecture of the data classification module<a name="fig4460722185514"></a> 22 23 24 25 26## Available APIs<a name="section92711824195113"></a> 27 28**Table 1** APIs provided by the data classification module 29 30<a name="table1741910115412"></a> 31<table><thead align="left"><tr id="row84116107545"><th class="cellrowborder" valign="top" width="50%" id="mcps1.2.3.1.1"><p id="p19410105546"><a name="p19410105546"></a><a name="p19410105546"></a>API</p> 32</th> 33<th class="cellrowborder" valign="top" width="50%" id="mcps1.2.3.1.2"><p id="p20411510105417"><a name="p20411510105417"></a><a name="p20411510105417"></a>Description</p> 34</th> 35</tr> 36</thead> 37<tbody><tr id="row1411110205418"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p7664989558"><a name="p7664989558"></a><a name="p7664989558"></a>int SetLabel(int userId, const char *filePath, const char *labelName, const char *labelValue, int flag);</p> 38</td> 39<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p1941010175414"><a name="p1941010175414"></a><a name="p1941010175414"></a>Sets a specified label. Currently, this API returns success. You need to implement this function by yourself. You are advised to set the label in the extended attribute of a file. For details about the data security levels, see the developer documentation.</p> 40</td> 41</tr> 42<tr id="row10411710145415"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p552394945518"><a name="p552394945518"></a><a name="p552394945518"></a>int GetLabel(int userId, const char *filePath, const char *labelName, char *labelValue, const int valueLen);</p> 43</td> 44<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p241101012548"><a name="p241101012548"></a><a name="p241101012548"></a>Obtains the label. Currently, this API returns <strong id="b499513695911"><a name="b499513695911"></a><a name="b499513695911"></a>S3</strong>. You need to implement this function by yourself. For details about the data security levels, see the developer documentation.</p> 45</td> 46</tr> 47<tr id="row1142121095419"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p14759321205620"><a name="p14759321205620"></a><a name="p14759321205620"></a>int GetFlag(int userId, const char *filePath, const char *labelName);</p> 48</td> 49<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p14211020544"><a name="p14211020544"></a><a name="p14211020544"></a>Obtains the flag of a data security level. Currently, this API returns <strong id="b1887015618017"><a name="b1887015618017"></a><a name="b1887015618017"></a>FLAG_FILE_PROTECTION_COMPLETE_UNLESS_OPEN</strong>. You need to implement this function by yourself. For details about the data security levels, see the developer documentation.</p> 50</td> 51</tr> 52<tr id="row10264187175820"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p1526447155814"><a name="p1526447155814"></a><a name="p1526447155814"></a>int32_t DEVSL_GetHighestSecLevel(DEVSLQueryParams *queryParams, uint32_t *levelInfo);</p> 53</td> 54<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p172641072584"><a name="p172641072584"></a><a name="p172641072584"></a>Obtains the highest security level supported by the peer device. Currently, this API returns <strong id="b76381220139"><a name="b76381220139"></a><a name="b76381220139"></a>S3</strong>. You need to implement this function by yourself. For details about the data security levels, see the developer documentation.</p> 55</td> 56</tr> 57<tr id="row18882199125920"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p6882169185915"><a name="p6882169185915"></a><a name="p6882169185915"></a>int32_t DEVSL_OnStart(int32_t maxDevNum);</p> 58</td> 59<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p6882119135918"><a name="p6882119135918"></a><a name="p6882119135918"></a>Initializes the data classification module. You need to implement this function by yourself.</p> 60</td> 61</tr> 62<tr id="row316118198591"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p1216221920596"><a name="p1216221920596"></a><a name="p1216221920596"></a>void DEVSL_ToFinish(void);</p> 63</td> 64<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p11162171911596"><a name="p11162171911596"></a><a name="p11162171911596"></a>Deinitializes the data classification module. You need to implement this function by yourself.</p> 65</td> 66</tr> 67</tbody> 68</table> 69 70## Repositories Involved<a name="section155556361910"></a> 71 72Security subsystem 73 74**base/security/dataclassification** 75 76
README_zh.md
1# 数据传输管控<a name="ZH-CN_TOPIC_0000001150002727"></a> 2 3- [简介](#section11660541593) 4- [目录](#section161941989596) 5- [接口说明](#section1312121216216) 6- [相关仓](#section1371113476307) 7 8## 简介<a name="section11660541593"></a> 9 10在OpenHarmony中,数据传输管控模块负责为分布式服务提供跨设备传输时的管控策略。数据传输管控模块提供了数据传输管控相关的接口定义。 11 12数据传输管控模块当前提供如下接口定义: 13 14- 数据传输管控接口:为分布式服务提供数据跨设备传输时的管控策略,获取允许发送到对端设备的数据的最高风险等级。 15 16为实现上述接口定义,数据传输管控模块当前包含数据传输管控接口,其部署逻辑如下图: 17 18 19 20- 分布式服务:提供分布式数据管理能力的分布式服务,包含分布式文件系统、分布式数据管理等。 21 22- 数据传输管控模块:为分布式服务提供数据跨设备传输时的管控策略,获取允许发送到对端设备的数据的最高风险等级。 23 24- 设备安全等级管理模块:为数据传输管控提供设备安全等级信息。 25 26系统中涉及提供数据访问能力分布式服务,在发起数据传输前,需要确认对端设备的安全等级是否能满足当前数据风险等级的要求,即满足下表所示的管控要求: 27 28**表 1** 各安全等级的设备可支持的数据风险等级映射表 29 30| **设备安全等级** | **SL5** | **SL4** | **SL3** | **SL2** | **SL1** | 31| ---------------- | --------- | --------- | --------- | --------- | --------- | 32| **数据风险等级** | **S0~S4** | **S0~S4** | **S0~S3** | **S0~S2** | **S0~S1** | 33 34分布式服务根据数据传输管控返回的数据风险等级实施默认拦截。在数据传输被拦截时,用户可授权放通(如,弹框并经用户确认后即可放通数据传输),设备厂商可自行实现该放通授权机制。 35 36 37## 目录<a name="section161941989596"></a> 38 39``` 40/base/security/dataclassification 41├── frameworks # 框架层 42│ └── datatransmitmgr # 基础功能代码存放目录 43└── interfaces # 接口层 44 └── innerkits # 内部接口层 45 └── datatransmitmgr # 内部接口代码存放目录 46``` 47 48## 接口说明<a name="section1312121216216"></a> 49 50**表 2** 数据传输管控提供的API接口功能介绍 51 52| 接口名 | 描述 | 53| ------------------------------------------------------------ | -------------------------------------- | 54| int32_t DATASL_GetHighestSecLevel(DEVSLQueryParams *queryParams, uint32_t *levelInfo); | 获取对应设备可支持的数据风险等级。 | 55| int32_t DATASL_GetHighestSecLevelAsync(DEVSLQueryParams *queryParams, HigestSecInfoCallback *callback); | 异步获取对应设备可支持的数据风险等级。 | 56| int32_t DATASL_OnStart(void); | 模块初始化。 | 57| void DATASL_OnStop(void); | 模块去初始化。 | 58 59 60 61 62## 相关仓<a name="section1371113476307"></a> 63 64**安全子系统** 65 66base/security/dataclassification 67 68
