1/* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16import dlpPermission from '@ohos.dlpPermission'; 17import fs from '@ohos.file.fs'; 18import account from '@ohos.account.distributedAccount' 19import account_osAccount from '@ohos.account.osAccount'; 20import Want from '@ohos.app.ability.Want'; 21import { BusinessError } from '@ohos.base'; 22import common from '@ohos.app.ability.common'; 23import { PreferencesManager } from '../feature/PreferencesManager'; 24import Logger from '../util/Logger'; 25 26const TAG: string = 'DlpManager'; 27const SOURCEURI: string = 'file://docs/storage/Users/currentUser'; 28let context: common.UIAbilityContext = getContext(this) as common.UIAbilityContext; 29let accountAbility = account.getDistributedAccountAbility(); 30// 用户列表 31let userList: Array<dlpPermission.AuthUser> = [{ 32 'authAccount': '123@ohos.com', 33 'authAccountType': dlpPermission.AccountType.CLOUD_ACCOUNT, 34 'dlpFileAccess': dlpPermission.DLPFileAccess.READ_ONLY, 35 // 授权到期时间戳 36 'permExpiryTime': 8888520175, 37}, { 38 'authAccount': '456@ohos.com', 39 'authAccountType': dlpPermission.AccountType.CLOUD_ACCOUNT, 40 'dlpFileAccess': dlpPermission.DLPFileAccess.FULL_CONTROL, 41 // 授权到期时间戳 42 'permExpiryTime': 8888520175, 43}] 44 45// dlp信息类型 46export class TestDlpFileInfo { 47 plaintextPath: string = ''; 48 ciphertextPath: string = ''; 49} 50 51// 用户信息类型 52interface UserInfo { 53 name: string, 54 id: string, 55 event: string, 56 nickname: string, 57 avatar: string 58} 59 60export class DlpManager { 61 // linkFile文件名 62 private linkFileName: string = ''; 63 // link地址文件名 64 private linkFilePath: string = ''; 65 // dlp文件 66 private dlpFile: dlpPermission.DLPFile = {} as dlpPermission.DLPFile; 67 // 沙箱包名 68 private sandboxBundleName: string = 'com.example.fileEdit'; 69 private sandboxAbilityName: string = 'EntryAbility'; 70 // dlp文件的句柄 71 private dlpFd: number = -1; 72 // 账号信息 73 private accountInfo?: account_osAccount.OsAccountInfo; 74 // dlp文件路径地址 75 private dlpFileUri: string = ''; 76 private preferencesManager: PreferencesManager = new PreferencesManager(); 77 78 constructor() { 79 } 80 81 // 获取用户id 82 async getUserId(): Promise<number> { 83 let accountMgr = account_osAccount.getAccountManager(); 84 return await accountMgr.getOsAccountLocalIdFromProcess(); 85 } 86 87 // 获取帐号信息 88 async getOsAccountInfo(): Promise<account_osAccount.OsAccountInfo> { 89 let accountMgr = account_osAccount.getAccountManager(); 90 return await accountMgr.getCurrentOsAccount(); 91 } 92 93 // 获取AuthPerm 94 getAuthPerm(accountName: string, dlpProperty: dlpPermission.DLPProperty): dlpPermission.DLPFileAccess { 95 let perm: dlpPermission.DLPFileAccess = dlpPermission.DLPFileAccess.NO_PERMISSION; 96 if (accountName === dlpProperty.ownerAccount) { 97 return dlpPermission.DLPFileAccess.FULL_CONTROL; 98 } 99 if ((dlpProperty.everyoneAccessList !== undefined) && (dlpProperty.everyoneAccessList.length > 0)) { 100 perm = Math.max(...dlpProperty.everyoneAccessList); 101 } 102 let authUserList = dlpProperty.authUserList ?? []; 103 for (let i = 0; i < authUserList.length; ++i) { 104 let authUser = authUserList[i]; 105 if (authUser.authAccount === accountName) { 106 return authUser.dlpFileAccess; 107 } 108 } 109 return perm; 110 } 111 112 // 帐号登录 113 async AccountLogin(accountName: string) { 114 Logger.info('AccountLogin start'); 115 let info: UserInfo = { 116 name: '', 117 id: '1234', 118 event: 'Ohos.account.event.LOGIN', 119 nickname: 'nickname', 120 avatar: 'avatar' 121 }; 122 info.name = accountName; 123 info.event = 'Ohos.account.event.LOGIN'; 124 try { 125 await accountAbility.setOsAccountDistributedInfo(info); 126 } catch (err) { 127 console.error(TAG, `setOsAccountDistributedInfo LOGIN failed${err.code}, message:${err.message}`); 128 return 129 } 130 let user = await accountAbility.getOsAccountDistributedInfo(); 131 Logger.info(`CurrentMessage is ${JSON.stringify(user)}`); 132 } 133 134 // 帐号登出 135 async AccountLogout() { 136 Logger.info('AccountLogout start'); 137 let accountInfo = await accountAbility.getOsAccountDistributedInfo(); 138 let info: UserInfo = { 139 name: '', 140 id: '1234', 141 event: 'Ohos.account.event.LOGIN', 142 nickname: 'nickname', 143 avatar: 'avatar' 144 } 145 if (accountInfo.name === 'ohosAnonymousName') { 146 return 147 } 148 info.name = accountInfo.name 149 info.event = 'Ohos.account.event.LOGOUT' 150 await accountAbility.setOsAccountDistributedInfo(info); 151 Logger.info('AccountLogout end'); 152 } 153 154 // 生成可选参数的DLP策略 155 async genTestOptionalDlpProperty(): Promise<dlpPermission.DLPProperty> { 156 let accountInfo = await this.getOsAccountInfo(); 157 let property: dlpPermission.DLPProperty = { 158 'ownerAccount': accountInfo.distributedInfo.name, 159 'ownerAccountID': accountInfo.distributedInfo.id, 160 'ownerAccountType': dlpPermission.AccountType.CLOUD_ACCOUNT, 161 'contactAccount': accountInfo.distributedInfo.name, 162 'offlineAccess': true, 163 }; 164 return property; 165 } 166 167 // 生成DLP策略 168 async genTestDlpProperty(): Promise<dlpPermission.DLPProperty> { 169 this.accountInfo = await this.getOsAccountInfo(); 170 let property: dlpPermission.DLPProperty = { 171 'ownerAccount': this.accountInfo.distributedInfo.name, 172 'ownerAccountID': this.accountInfo.distributedInfo.name, 173 'ownerAccountType': dlpPermission.AccountType.CLOUD_ACCOUNT, 174 'authUserList': userList, 175 'contactAccount': this.accountInfo.distributedInfo.name, 176 'offlineAccess': true, 177 'everyoneAccessList': [dlpPermission.DLPFileAccess.READ_ONLY], 178 }; 179 return property; 180 } 181 182 // 启动沙箱应用 183 startSandboxApp(): void { 184 let want: Want = { 185 bundleName: this.sandboxBundleName, 186 abilityName: this.sandboxAbilityName, 187 uri: this.linkFilePath, 188 parameters: { 189 'linkFileName': { 190 'name': this.linkFileName 191 }, 192 'uri': this.linkFilePath, 193 'dlpUri': { 194 'name': this.dlpFileUri 195 }, 196 } 197 }; 198 context.startAbility(want, (err) => { 199 Logger.info() 200 }); 201 } 202 203 // 生成测试DLP文件 204 async genTestDlpFile(plaintextPath: string, ciphertextFd: number, displayName: string, currentPerssion: number, dlpFileInfos: Array<TestDlpFileInfo>) { 205 Logger.info('GenTestDlpFile start'); 206 let file: fs.File = fs.openSync(plaintextPath, fs.OpenMode.READ_WRITE); 207 this.dlpFd = ciphertextFd; 208 this.dlpFileUri = `${SOURCEURI}/${displayName}`; 209 let fileInfo: TestDlpFileInfo = new TestDlpFileInfo(); 210 fileInfo.plaintextPath = plaintextPath; 211 fileInfo.ciphertextPath = this.dlpFileUri; 212 dlpFileInfos.push(fileInfo); 213 AppStorage.set<Array<TestDlpFileInfo>>('dlpFileInfos', dlpFileInfos); 214 await this.preferencesManager.putDlpFileInfos(dlpFileInfos); 215 Logger.info(`file.fd:${file.fd},dlpFd:${this.dlpFd}`); 216 let property = await this.genTestDlpProperty(); 217 property.everyoneAccessList = [currentPerssion + 1]; 218 Logger.info(`everyoneList ${JSON.stringify(property.everyoneAccessList)},current`); 219 try { 220 this.dlpFile = await dlpPermission.generateDLPFile(file.fd, this.dlpFd, property); 221 if (await dlpPermission.isDLPFile(this.dlpFd)) { 222 Logger.info(`generateDLPFile success`); 223 } else { 224 Logger.info(`generateDLPFile fail`); 225 } 226 this.dlpFile.closeDLPFile(); 227 } 228 229 catch (err) { 230 let error: BusinessError = err as BusinessError; 231 Logger.error(`generateDLPFile failed, errCode:${error.code},message:${error.message}`); 232 fs.closeSync(file.fd); 233 fs.closeSync(this.dlpFd); 234 } 235 } 236} 237 238 239