README.md
1# Data Transfer Management<a name="EN-US_TOPIC_0000001150002727"></a>
2
3
4## Introduction<a name="section11660541593"></a>
5
6In OpenHarmony, the data transfer management module provides cross-device data transfer management and control policies for distributed services. The data transfer management module defines a sef of APIs to provide management and control policies for cross-device data transmission and obtain the highest risk level of data to be sent to the peer device.
7
8The figure below illustrates the deployment logic of the data transfer management module.
9
10
11
12- Distributed service: provides distributed data management capabilities, including the distributed file system and distributed data management.
13
14- Data transfer management module: provides management and control policies for cross-device data transmission and obtains the highest risk level of data to be sent to the peer device.
15
16- Device security level management module: provides device security level information for data transfer management and control.
17
18Before data is transferred, the distributed service checks whether the security level of the peer device supports the risk level of the data to be transferred. The table below lists the mappings between the device security levels and data risk levels.
19
20**Table 1** Mappings between data risk levels and device security levels
21
22| **Device Security Level**| **SL5** | **SL4** | **SL3** | **SL2** | **SL1** |
23| ---------------- | --------- | --------- | --------- | --------- | --------- |
24| **Data Risk Level**| **S0 to S4** | **S0 to S4** | **S0 to S3** | **S0 to S2** | **S0 to S1** |
25
26The distributed service blocks data transmission based on the data risk level returned by the data transfer management module. Before data transmission is denied, a dialog box can be displayed to ask for user's permission. Data can be transferred if the user allows. The device vendors can implement the authorization mechanism.
27
28
29## Directory Structure<a name="section161941989596"></a>
30
31```
32/base/security/dataclassification
33├── frameworks # Framework code
34│ └── datatransmitmgr # Code of basic functions
35└── interfaces # APIs
36 ── innerkits # Internal APIs
37 └── datatransmitmgr # Code of internal APIs
38```
39
40## Available APIs<a name="section1312121216216"></a>
41
42**Table 2** APIs of the data transfer management module
43
44| API | Description |
45| ------------------------------------------------------------ | -------------------------------------- |
46| int32_t DATASL_GetHighestSecLevel(DEVSLQueryParams *queryParams, uint32_t *levelInfo); | Obtains the data risk levels supported by the device. |
47| int32_t DATASL_GetHighestSecLevelAsync(DEVSLQueryParams *queryParams, HigestSecInfoCallback *callback); | Asynchronously obtains the data risk levels supported by the device.|
48| int32_t DATASL_OnStart(void); | Starts initialization. |
49| void DATASL_OnStop(void); | Stops initialization. |
50
51
52
53
54## Repositories Involved<a name="section1371113476307"></a>
55
56**Security subsystem**
57
58base/security/dataclassification
59
README_zh.md
1# 数据传输管控<a name="ZH-CN_TOPIC_0000001150002727"></a>
2
3- [简介](#section11660541593)
4- [目录](#section161941989596)
5- [接口说明](#section1312121216216)
6- [相关仓](#section1371113476307)
7
8## 简介<a name="section11660541593"></a>
9
10在OpenHarmony中,数据传输管控模块负责为分布式服务提供跨设备传输时的管控策略。数据传输管控模块提供了数据传输管控相关的接口定义。
11
12数据传输管控模块当前提供如下接口定义:
13
14- 数据传输管控接口:为分布式服务提供数据跨设备传输时的管控策略,获取允许发送到对端设备的数据的最高风险等级。
15
16为实现上述接口定义,数据传输管控模块当前包含数据传输管控接口,其部署逻辑如下图:
17
18
19
20- 分布式服务:提供分布式数据管理能力的分布式服务,包含分布式文件系统、分布式数据管理等。
21
22- 数据传输管控模块:为分布式服务提供数据跨设备传输时的管控策略,获取允许发送到对端设备的数据的最高风险等级。
23
24- 设备安全等级管理模块:为数据传输管控提供设备安全等级信息。
25
26系统中涉及提供数据访问能力分布式服务,在发起数据传输前,需要确认对端设备的安全等级是否能满足当前数据风险等级的要求,即满足下表所示的管控要求:
27
28**表 1** 各安全等级的设备可支持的数据风险等级映射表
29
30| **设备安全等级** | **SL5** | **SL4** | **SL3** | **SL2** | **SL1** |
31| ---------------- | --------- | --------- | --------- | --------- | --------- |
32| **数据风险等级** | **S0~S4** | **S0~S4** | **S0~S3** | **S0~S2** | **S0~S1** |
33
34分布式服务根据数据传输管控返回的数据风险等级实施默认拦截。在数据传输被拦截时,用户可授权放通(如,弹框并经用户确认后即可放通数据传输),设备厂商可自行实现该放通授权机制。
35
36
37## 目录<a name="section161941989596"></a>
38
39```
40/base/security/dataclassification
41├── frameworks # 框架层
42│ └── datatransmitmgr # 基础功能代码存放目录
43└── interfaces # 接口层
44 └── innerkits # 内部接口层
45 └── datatransmitmgr # 内部接口代码存放目录
46```
47
48## 接口说明<a name="section1312121216216"></a>
49
50**表 2** 数据传输管控提供的API接口功能介绍
51
52| 接口名 | 描述 |
53| ------------------------------------------------------------ | -------------------------------------- |
54| int32_t DATASL_GetHighestSecLevel(DEVSLQueryParams *queryParams, uint32_t *levelInfo); | 获取对应设备可支持的数据风险等级。 |
55| int32_t DATASL_GetHighestSecLevelAsync(DEVSLQueryParams *queryParams, HigestSecInfoCallback *callback); | 异步获取对应设备可支持的数据风险等级。 |
56| int32_t DATASL_OnStart(void); | 模块初始化。 |
57| void DATASL_OnStop(void); | 模块去初始化。 |
58
59
60
61
62## 相关仓<a name="section1371113476307"></a>
63
64**安全子系统**
65
66base/security/dataclassification
67
68
