1 /*
2 * Copyright (c) 2023-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "trust_profile_manager.h"
17 #include "subscribe_profile_manager.h"
18 #include "distributed_device_profile_log.h"
19 #include "rdb_adapter.h"
20 #include "profile_utils.h"
21 #include "device_manager.h"
22 #include "distributed_device_profile_constants.h"
23 #include "distributed_device_profile_errors.h"
24 #include "accesser.h"
25 #include "accessee.h"
26
27 namespace OHOS {
28 namespace DistributedDeviceProfile {
29 IMPLEMENT_SINGLE_INSTANCE(TrustProfileManager);
30 namespace {
31 const std::string TAG = "TrustProfileManager";
32 }
33
Init()34 int32_t TrustProfileManager::Init()
35 {
36 {
37 std::lock_guard<std::mutex> lock(rdbMutex_);
38 rdbStore_ = std::make_shared<RdbAdapter>();
39 if (rdbStore_ == nullptr) {
40 HILOGE("rdbStore_ is nullptr");
41 return DP_INIT_DB_FAILED;
42 }
43 int32_t ret = rdbStore_->Init();
44 if (ret != DP_SUCCESS) {
45 HILOGE("rdbStore_ Init failed");
46 return DP_INIT_DB_FAILED;
47 }
48 }
49 this->CreateTable();
50 this->CreateUniqueIndex();
51 HILOGI("end!");
52 return DP_SUCCESS;
53 }
54
UnInit()55 int32_t TrustProfileManager::UnInit()
56 {
57 {
58 std::lock_guard<std::mutex> lock(rdbMutex_);
59 if (rdbStore_ == nullptr) {
60 HILOGE("rdbStore_ is nullptr");
61 return DP_GET_RDBSTORE_FAIL;
62 }
63 int32_t ret = rdbStore_->UnInit();
64 if (ret != DP_SUCCESS) {
65 HILOGE("rdbStore_ Uninit failed");
66 return DP_UNINIT_FAIL;
67 }
68 rdbStore_ = nullptr;
69 }
70 HILOGI("end!");
71 return DP_SUCCESS;
72 }
73
PutTrustDeviceProfile(const TrustDeviceProfile & profile)74 int32_t TrustProfileManager::PutTrustDeviceProfile(const TrustDeviceProfile& profile)
75 {
76 ValuesBucket values;
77 ProfileUtils::TrustDeviceProfileToEntries(profile, values);
78 int64_t rowId = ROWID_INIT;
79 int32_t ret = RET_INIT;
80 {
81 std::lock_guard<std::mutex> lock(rdbMutex_);
82 if (rdbStore_ == nullptr) {
83 HILOGE("rdbStore_ is nullptr");
84 return DP_GET_RDBSTORE_FAIL;
85 }
86 ret = rdbStore_->Put(rowId, TRUST_DEVICE_TABLE, values);
87 if (ret != DP_SUCCESS) {
88 HILOGE("trust_device_table insert failed");
89 return DP_PUT_TRUST_DEVICE_PROFILE_FAIL;
90 }
91 }
92 HILOGI("end!");
93 return DP_SUCCESS;
94 }
95
PutAccessControlProfile(const AccessControlProfile & profile)96 int32_t TrustProfileManager::PutAccessControlProfile(const AccessControlProfile& profile)
97 {
98 AccessControlProfile accessControlProfile(profile);
99 bool isExists = false;
100 {
101 std::lock_guard<std::mutex> lock(aclMutex_);
102 CheckDeviceIdAndUserIdExists(profile, isExists);
103 int32_t ret = this->SetAccessControlProfileId(accessControlProfile);
104 if (ret != DP_SUCCESS) {
105 HILOGE("SetAccessControlProfileId failed");
106 return ret;
107 }
108 ret = this->PutAccesserProfile(accessControlProfile);
109 if (ret != DP_SUCCESS) {
110 HILOGE("PutAccesserProfile failed");
111 return ret;
112 }
113 ret = this->PutAccesseeProfile(accessControlProfile);
114 if (ret != DP_SUCCESS) {
115 HILOGE("PutAccesseeProfile failed");
116 return ret;
117 }
118 if (IsAclExists(accessControlProfile) == DP_DATA_EXISTS) {
119 HILOGE("acl is exists");
120 return DP_SUCCESS;
121 }
122 ValuesBucket values;
123 ProfileUtils::AccessControlProfileToEntries(accessControlProfile, values);
124 if (rdbStore_ == nullptr) {
125 HILOGE("rdbStore_ is nullptr");
126 return DP_GET_RDBSTORE_FAIL;
127 }
128 int64_t rowId = ROWID_INIT;
129 if (rdbStore_->Put(rowId, ACCESS_CONTROL_TABLE, values) != DP_SUCCESS) {
130 HILOGE("access_control_table insert failed");
131 return DP_PUT_ACL_PROFILE_FAIL;
132 }
133 HILOGI("PutAclProfile : %{public}s", accessControlProfile.dump().c_str());
134 }
135 int32_t putRet = this->PutAclCheck(accessControlProfile, isExists);
136 if (putRet != DP_SUCCESS) {
137 HILOGE("PutAclCheck failed");
138 return putRet;
139 }
140 DistributedHardware::DeviceManager::GetInstance().DpAclAdd(accessControlProfile.GetAccessControlId(),
141 accessControlProfile.GetTrustDeviceId(), accessControlProfile.GetBindType());
142 HILOGI("end!");
143 return DP_SUCCESS;
144 }
145
UpdateTrustDeviceProfile(const TrustDeviceProfile & profile)146 int32_t TrustProfileManager::UpdateTrustDeviceProfile(const TrustDeviceProfile& profile)
147 {
148 std::string deviceId = profile.GetDeviceId();
149 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_TRUST_DEVICE_TABLE_WHERE_DEVICEID,
150 std::vector<ValueObject>{ ValueObject(deviceId) });
151 if (resultSet == nullptr) {
152 HILOGE("resultSet is nullptr");
153 return DP_GET_RESULTSET_FAIL;
154 }
155 int32_t rowCount = ROWCOUNT_INIT;
156 resultSet->GetRowCount(rowCount);
157 if (rowCount == 0) {
158 HILOGE("deviceId not find");
159 resultSet->Close();
160 return DP_NOT_FIND_DATA;
161 }
162 int32_t ret = resultSet->GoToFirstRow();
163 if (ret != DP_SUCCESS) {
164 HILOGE("deviceId not find");
165 resultSet->Close();
166 return DP_NOT_FIND_DATA;
167 }
168 TrustDeviceProfile oldProfile;
169 ProfileUtils::ConvertToTrustDeviceProfile(resultSet, oldProfile);
170 resultSet->Close();
171 ValuesBucket values;
172 ProfileUtils::TrustDeviceProfileToEntries(profile, values);
173 int32_t changeRowCnt = CHANGEROWCNT_INIT;
174 {
175 std::lock_guard<std::mutex> lock(rdbMutex_);
176 if (rdbStore_ == nullptr) {
177 HILOGE("rdbStore_ is nullptr");
178 return DP_GET_RDBSTORE_FAIL;
179 }
180 ret = rdbStore_->Update(changeRowCnt, TRUST_DEVICE_TABLE, values, DEVICEID_EQUAL_CONDITION,
181 std::vector<ValueObject>{ ValueObject(profile.GetDeviceId()) });
182 if (ret != DP_SUCCESS) {
183 HILOGE("Update trust_device_table failed");
184 return DP_UPDATE_TRUST_DEVICE_PROFILE_FAIL;
185 }
186 }
187 this->UpdateTrustDeviceProfileNotify(oldProfile, profile);
188 HILOGI("end!");
189 return DP_SUCCESS;
190 }
191
UpdateAccessControlProfile(const AccessControlProfile & profile)192 int32_t TrustProfileManager::UpdateAccessControlProfile(const AccessControlProfile& profile)
193 {
194 AccessControlProfile oldProfile;
195 {
196 std::lock_guard<std::mutex> lock(aclMutex_);
197 int32_t ret = this->UpdateAclCheck(profile, oldProfile);
198 if (ret != DP_SUCCESS) {
199 HILOGE("UpdateAclCheck faild");
200 return ret;
201 }
202 this->UpdateAccesserProfile(profile);
203 this->UpdateAccesseeProfile(profile);
204 ValuesBucket values;
205 ProfileUtils::AccessControlProfileToEntries(profile, values);
206 int32_t changeRowCnt = CHANGEROWCNT_INIT;
207 if (rdbStore_ == nullptr) {
208 HILOGE("rdbStore_ is nullptr");
209 return DP_GET_RDBSTORE_FAIL;
210 }
211 ret = rdbStore_->Update(changeRowCnt, ACCESS_CONTROL_TABLE, values, ACCESSCONTROLID_EQUAL_CONDITION,
212 std::vector<ValueObject>{ ValueObject(profile.GetAccessControlId()) });
213 if (ret != DP_SUCCESS) {
214 HILOGE("update access_control_table failed");
215 return DP_UPDATE_ACL_PROFILE_FAIL;
216 }
217 }
218 this->NotifyCheck(profile, oldProfile);
219 HILOGI("UpdateAclProfile : %{public}s", profile.dump().c_str());
220 int32_t status = STATUS_INIT;
221 this->GetResultStatus(profile.GetTrustDeviceId(), status);
222 TrustDeviceProfile trustProfile;
223 ProfileUtils::ConvertToTrustDeviceProfile(profile, trustProfile);
224 trustProfile.SetStatus(status);
225 int32_t updateRet = this->UpdateTrustDeviceProfile(trustProfile);
226 if (updateRet != DP_SUCCESS) {
227 HILOGE("UpdateTrustDeviceProfile failed");
228 return DP_UPDATE_TRUST_DEVICE_PROFILE_FAIL;
229 }
230 HILOGI("end!");
231 return DP_SUCCESS;
232 }
233
GetTrustDeviceProfile(const std::string & deviceId,TrustDeviceProfile & profile)234 int32_t TrustProfileManager::GetTrustDeviceProfile(const std::string& deviceId, TrustDeviceProfile& profile)
235 {
236 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_TRUST_DEVICE_TABLE_WHERE_DEVICEID,
237 std::vector<ValueObject>{ ValueObject(deviceId) });
238 if (resultSet == nullptr) {
239 HILOGE("resultSet is nullptr");
240 return DP_GET_RESULTSET_FAIL;
241 }
242 int32_t rowCount = ROWCOUNT_INIT;
243 resultSet->GetRowCount(rowCount);
244 if (rowCount == 0) {
245 HILOGE("deviceId not find");
246 resultSet->Close();
247 return DP_NOT_FIND_DATA;
248 }
249 int32_t ret = resultSet->GoToFirstRow();
250 if (ret != DP_SUCCESS) {
251 HILOGE("not find trust device data");
252 resultSet->Close();
253 return DP_NOT_FIND_DATA;
254 }
255 ProfileUtils::ConvertToTrustDeviceProfile(resultSet, profile);
256 resultSet->Close();
257 HILOGI("end!");
258 return DP_SUCCESS;
259 }
260
GetAllTrustDeviceProfile(std::vector<TrustDeviceProfile> & profile)261 int32_t TrustProfileManager::GetAllTrustDeviceProfile(std::vector<TrustDeviceProfile>& profile)
262 {
263 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_TRUST_DEVICE_TABLE, std::vector<ValueObject> {});
264 if (resultSet == nullptr) {
265 HILOGE("resultSet is nullptr");
266 return DP_GET_RESULTSET_FAIL;
267 }
268 int32_t rowCount = ROWCOUNT_INIT;
269 resultSet->GetRowCount(rowCount);
270 if (rowCount == 0) {
271 HILOGE("trust_device_table no data");
272 resultSet->Close();
273 return DP_NOT_FIND_DATA;
274 }
275 while (resultSet->GoToNextRow() == DP_SUCCESS) {
276 TrustDeviceProfile trustProfile;
277 ProfileUtils::ConvertToTrustDeviceProfile(resultSet, trustProfile);
278 profile.push_back(trustProfile);
279 }
280 resultSet->Close();
281 if (profile.empty()) {
282 return DP_NOT_FIND_DATA;
283 }
284 HILOGI("end!");
285 return DP_SUCCESS;
286 }
287
GetAccessControlProfile(int32_t userId,const std::string & bundleName,int32_t bindType,int32_t status,std::vector<AccessControlProfile> & profile)288 int32_t TrustProfileManager::GetAccessControlProfile(int32_t userId, const std::string& bundleName,
289 int32_t bindType, int32_t status, std::vector<AccessControlProfile>& profile)
290 {
291 if (bundleName.size() > MAX_STRING_LEN) {
292 HILOGE("bundleName is invalid");
293 return DP_INVALID_PARAMS;
294 }
295 HILOGI("Params, userId : %{public}s, bundleName : %{public}s, bindtype : %{public}d, status : %{public}d",
296 ProfileUtils::GetAnonyString(std::to_string(userId)).c_str(), bundleName.c_str(), bindType, status);
297 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_ACCESS_CONTROL_TABLE_WHERE_BINDTYPE_AND_STATUS,
298 std::vector<ValueObject>{ ValueObject(bindType), ValueObject(status) });
299 if (resultSet == nullptr) {
300 HILOGE("resultSet is nullptr");
301 return DP_GET_RESULTSET_FAIL;
302 }
303 int32_t rowCount = ROWCOUNT_INIT;
304 resultSet->GetRowCount(rowCount);
305 if (rowCount == 0) {
306 HILOGE("bindType and status not find");
307 resultSet->Close();
308 return DP_NOT_FIND_DATA;
309 }
310 int32_t ret = this->GetAclProfileByUserIdAndBundleName(resultSet, userId, bundleName, profile);
311 resultSet->Close();
312 if (ret != DP_SUCCESS) {
313 HILOGE("GetAclProfileByUserIdAndBundleName faild");
314 return DP_NOT_FIND_DATA;
315 }
316 if (profile.empty()) {
317 HILOGE("by userId bundleName bindType status not find data");
318 return DP_NOT_FIND_DATA;
319 }
320 HILOGI("end!");
321 return DP_SUCCESS;
322 }
323
GetAccessControlProfile(int32_t userId,const std::string & bundleName,const std::string & trustDeviceId,int32_t status,std::vector<AccessControlProfile> & profile)324 int32_t TrustProfileManager::GetAccessControlProfile(int32_t userId, const std::string& bundleName,
325 const std::string& trustDeviceId, int32_t status, std::vector<AccessControlProfile>& profile)
326 {
327 if (bundleName.size() > MAX_STRING_LEN || trustDeviceId.size() > MAX_STRING_LEN) {
328 HILOGE("bundleName or trustDeviceId is invalid");
329 return DP_INVALID_PARAMS;
330 }
331 HILOGI("Params, userId : %{public}s, bundleName : %{public}s, trustDeviceId : %{public}s, status : %{public}d",
332 ProfileUtils::GetAnonyString(std::to_string(userId)).c_str(),
333 bundleName.c_str(), ProfileUtils::GetAnonyString(trustDeviceId).c_str(), status);
334 std::shared_ptr<ResultSet> resultSet =
335 GetResultSet(SELECT_ACCESS_CONTROL_TABLE_WHERE_TRUSTDEVICEID_AND_STATUS,
336 std::vector<ValueObject>{ ValueObject(trustDeviceId), ValueObject(status) });
337 if (resultSet == nullptr) {
338 HILOGE("resultSet is nullptr");
339 return DP_GET_RESULTSET_FAIL;
340 }
341 int32_t rowCount = ROWCOUNT_INIT;
342 resultSet->GetRowCount(rowCount);
343 if (rowCount == 0) {
344 HILOGE("trustDeviceId and status not find");
345 resultSet->Close();
346 return DP_NOT_FIND_DATA;
347 }
348 int32_t ret = this->GetAclProfileByUserIdAndBundleName(resultSet, userId, bundleName, profile);
349 resultSet->Close();
350 if (ret != DP_SUCCESS) {
351 HILOGE("GetAclProfileByUserIdAndBundleName faild");
352 return ret;
353 }
354 if (profile.empty()) {
355 HILOGE("by userId bundleName trustDeviceId status not find data");
356 return DP_NOT_FIND_DATA;
357 }
358 HILOGI("end!");
359 return DP_SUCCESS;
360 }
361
GetAccessControlProfileByTokenId(int64_t tokenId,const std::string & trustDeviceId,int32_t status,std::vector<AccessControlProfile> & profile)362 int32_t TrustProfileManager::GetAccessControlProfileByTokenId(int64_t tokenId,
363 const std::string& trustDeviceId, int32_t status, std::vector<AccessControlProfile>& profile)
364 {
365 if (trustDeviceId.size() > MAX_STRING_LEN) {
366 HILOGE("trustDeviceId is invalid");
367 return DP_INVALID_PARAMS;
368 }
369 HILOGI("Params, tokenId : %{public}" PRId64 ", trustDeviceId : %{public}s, status : %{public}d",
370 tokenId, ProfileUtils::GetAnonyString(trustDeviceId).c_str(), status);
371 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_ACCESS_CONTROL_TABLE_WHERE_STATUS,
372 std::vector<ValueObject>{ ValueObject(status) });
373 if (resultSet == nullptr) {
374 HILOGE("resultSet is nullptr");
375 return DP_GET_RESULTSET_FAIL;
376 }
377 int32_t rowCount = ROWCOUNT_INIT;
378 resultSet->GetRowCount(rowCount);
379 if (rowCount == 0) {
380 HILOGE("trustDeviceId and status not find");
381 resultSet->Close();
382 return DP_NOT_FIND_DATA;
383 }
384 int32_t ret = this->GetAclProfileByTokenId(resultSet, trustDeviceId, tokenId, profile);
385 resultSet->Close();
386 if (ret != DP_SUCCESS) {
387 HILOGE("GetAclProfileByTokenId faild");
388 return ret;
389 }
390 if (profile.empty()) {
391 HILOGE("tokenId not find data");
392 return DP_NOT_FIND_DATA;
393 }
394 HILOGI("end!");
395 return DP_SUCCESS;
396 }
397
GetAccessControlProfile(int32_t userId,const std::string & accountId,std::vector<AccessControlProfile> & profile)398 int32_t TrustProfileManager::GetAccessControlProfile(int32_t userId,
399 const std::string& accountId, std::vector<AccessControlProfile>& profile)
400 {
401 if (accountId.size() > MAX_STRING_LEN) {
402 HILOGE("accountId is invalid");
403 return DP_INVALID_PARAMS;
404 }
405 HILOGI("Params, userId : %{public}s, accountId : %{public}s",
406 ProfileUtils::GetAnonyString(std::to_string(userId)).c_str(),
407 ProfileUtils::GetAnonyString(accountId).c_str());
408 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_ACCESS_CONTROL_TABLE, std::vector<ValueObject> {});
409 if (resultSet == nullptr) {
410 HILOGE("resultSet is nullptr");
411 return DP_GET_RESULTSET_FAIL;
412 }
413 int32_t rowCount = ROWCOUNT_INIT;
414 resultSet->GetRowCount(rowCount);
415 if (rowCount == 0) {
416 HILOGE("access_control_table no data");
417 resultSet->Close();
418 return DP_NOT_FIND_DATA;
419 }
420 while (resultSet->GoToNextRow() == DP_SUCCESS) {
421 int32_t columnIndex = COLUMNINDEX_INIT;
422 int64_t accesserId = ACCESSERID_INIT;
423 resultSet->GetColumnIndex(ACCESSER_ID, columnIndex);
424 resultSet->GetLong(columnIndex, accesserId);
425 int64_t accesseeId = ACCESSEEID_INIT;
426 resultSet->GetColumnIndex(ACCESSEE_ID, columnIndex);
427 resultSet->GetLong(columnIndex, accesseeId);
428 int32_t ret = this->GetAclProfileByUserIdAndAccountId(
429 resultSet, accesserId, accesseeId, userId, accountId, profile);
430 if (ret != DP_SUCCESS) {
431 HILOGE("GetAclProfileByUserIdAndAccountId faild");
432 return ret;
433 }
434 }
435 resultSet->Close();
436 if (profile.empty()) {
437 HILOGE("by userId accountId not find data");
438 return DP_NOT_FIND_DATA;
439 }
440 HILOGD("end!");
441 return DP_SUCCESS;
442 }
443
GetAccessControlProfile(int32_t userId,std::vector<AccessControlProfile> & profile)444 int32_t TrustProfileManager::GetAccessControlProfile(int32_t userId, std::vector<AccessControlProfile> &profile)
445 {
446 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_ACCESS_CONTROL_TABLE, std::vector<ValueObject> {});
447 if (resultSet == nullptr) {
448 HILOGE("resultSet is nullptr");
449 return DP_GET_RESULTSET_FAIL;
450 }
451 int32_t rowCount = ROWCOUNT_INIT;
452 resultSet->GetRowCount(rowCount);
453 if (rowCount == 0) {
454 HILOGE("access_control_table no data");
455 resultSet->Close();
456 return DP_NOT_FIND_DATA;
457 }
458 while (resultSet->GoToNextRow() == DP_SUCCESS) {
459 int32_t columnIndex = COLUMNINDEX_INIT;
460 int64_t accesserId = ACCESSERID_INIT;
461 resultSet->GetColumnIndex(ACCESSER_ID, columnIndex);
462 resultSet->GetLong(columnIndex, accesserId);
463 int64_t accesseeId = ACCESSEEID_INIT;
464 resultSet->GetColumnIndex(ACCESSEE_ID, columnIndex);
465 resultSet->GetLong(columnIndex, accesseeId);
466 int32_t ret = GetAccessControlProfiles(resultSet, accesserId, accesseeId, userId, profile);
467 if (ret != DP_SUCCESS) {
468 HILOGE("GetAccessControlProfile faild");
469 resultSet->Close();
470 return ret;
471 }
472 }
473 resultSet->Close();
474 if (profile.empty()) {
475 HILOGE("by userId not find data, userId: %{public}s",
476 ProfileUtils::GetAnonyString(std::to_string(userId)).c_str());
477 return DP_NOT_FIND_DATA;
478 }
479 HILOGD("end!");
480 return DP_SUCCESS;
481 }
482
GetAccessControlProfile(const QueryType & queryType,const QueryProfile & queryProfile,std::vector<AccessControlProfile> & profile)483 int32_t TrustProfileManager::GetAccessControlProfile(const QueryType& queryType,
484 const QueryProfile& queryProfile, std::vector<AccessControlProfile>& profile)
485 {
486 std::vector<AccessControlProfile> aclProfiles;
487 int32_t ret = GetAllAccessControlProfiles(aclProfiles);
488 if (ret != DP_SUCCESS) {
489 HILOGE("GetAllAccessControlProfiles faild");
490 return ret;
491 }
492 if (queryType == QueryType::ACER_AND_ACEE_TOKENID) {
493 GetAclByAcerAndAceeTokenId(queryProfile, aclProfiles, profile);
494 }
495 if (queryType == QueryType::ACER_TOKENID) {
496 GetAclByAcerTokenId(queryProfile, aclProfiles, profile);
497 }
498 if (profile.empty()) {
499 HILOGE("by userId and tokenId not find data, queryProfile : %{public}s", queryProfile.dump().c_str());
500 return DP_NOT_FIND_DATA;
501 }
502 HILOGI("profile size : %{public}zu", profile.size());
503 return DP_SUCCESS;
504 }
505
GetAclByAcerTokenId(const QueryProfile & queryProfile,const std::vector<AccessControlProfile> & aclProfiles,std::vector<AccessControlProfile> & profile)506 void TrustProfileManager::GetAclByAcerTokenId(const QueryProfile& queryProfile,
507 const std::vector<AccessControlProfile>& aclProfiles, std::vector<AccessControlProfile>& profile)
508 {
509 for (auto aclProfile : aclProfiles) {
510 if (aclProfile.GetTrustDeviceId() != queryProfile.GetAccesseeDeviceId() &&
511 aclProfile.GetTrustDeviceId() != queryProfile.GetAccesserDeviceId()) {
512 continue;
513 }
514 if (CheckForWardByAcer(queryProfile, aclProfile) || CheckReverseByAcer(queryProfile, aclProfile)) {
515 profile.emplace_back(aclProfile);
516 }
517 }
518 return;
519 }
520
GetAclByAcerAndAceeTokenId(const QueryProfile & queryProfile,const std::vector<AccessControlProfile> & aclProfiles,std::vector<AccessControlProfile> & profile)521 void TrustProfileManager::GetAclByAcerAndAceeTokenId(const QueryProfile& queryProfile,
522 const std::vector<AccessControlProfile>& aclProfiles, std::vector<AccessControlProfile>& profile)
523 {
524 for (auto aclProfile : aclProfiles) {
525 if (aclProfile.GetTrustDeviceId() != queryProfile.GetAccesseeDeviceId() &&
526 aclProfile.GetTrustDeviceId() != queryProfile.GetAccesserDeviceId()) {
527 continue;
528 }
529 if (CheckForWardByAcerAndAcee(queryProfile, aclProfile) ||
530 CheckReverseByAcerAndAcee(queryProfile, aclProfile)) {
531 profile.emplace_back(aclProfile);
532 }
533 }
534 return;
535 }
536
GetAllAccessControlProfile(std::vector<AccessControlProfile> & profile)537 int32_t TrustProfileManager::GetAllAccessControlProfile(std::vector<AccessControlProfile>& profile)
538 {
539 std::lock_guard<std::mutex> lock(aclMutex_);
540 return GetAllAccessControlProfiles(profile);
541 }
542
GetAccessControlProfile(const std::string & bundleName,int32_t bindType,int32_t status,std::vector<AccessControlProfile> & profile)543 int32_t TrustProfileManager::GetAccessControlProfile(const std::string& bundleName,
544 int32_t bindType, int32_t status, std::vector<AccessControlProfile>& profile)
545 {
546 if (bundleName.size() > MAX_STRING_LEN) {
547 HILOGE("bundleName is invalid");
548 return DP_INVALID_PARAMS;
549 }
550 HILOGI("Params, bundleName : %{public}s, bindType : %{public}d, status : %{public}d",
551 bundleName.c_str(), bindType, status);
552 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_ACCESS_CONTROL_TABLE_WHERE_BINDTYPE_AND_STATUS,
553 std::vector<ValueObject>{ ValueObject(bindType), ValueObject(status) });
554 if (resultSet == nullptr) {
555 HILOGE("resultSet is nullptr");
556 return DP_GET_RESULTSET_FAIL;
557 }
558 int32_t rowCount = ROWCOUNT_INIT;
559 resultSet->GetRowCount(rowCount);
560 if (rowCount == 0) {
561 HILOGE("bindType and status not find");
562 resultSet->Close();
563 return DP_NOT_FIND_DATA;
564 }
565 int32_t ret = this->GetAclProfileByBundleName(resultSet, bundleName, profile);
566 resultSet->Close();
567 if (ret != DP_SUCCESS) {
568 HILOGE("GetAclProfileByBundleName faild");
569 return ret;
570 }
571 if (profile.empty()) {
572 HILOGE("by bundleName bindType status not find data");
573 return DP_NOT_FIND_DATA;
574 }
575 HILOGI("end!");
576 return DP_SUCCESS;
577 }
578
GetAccessControlProfile(const std::string & bundleName,const std::string & trustDeviceId,int32_t status,std::vector<AccessControlProfile> & profile)579 int32_t TrustProfileManager::GetAccessControlProfile(const std::string& bundleName,
580 const std::string& trustDeviceId, int32_t status, std::vector<AccessControlProfile>& profile)
581 {
582 if (bundleName.size() > MAX_STRING_LEN || trustDeviceId.size() > MAX_STRING_LEN) {
583 HILOGE("bundleName or trustDeviceId is invalid");
584 return DP_INVALID_PARAMS;
585 }
586 HILOGI("Params, bundleName : %{public}s, trustDeviceId : %{public}s, status : %{public}d",
587 bundleName.c_str(), ProfileUtils::GetAnonyString(trustDeviceId).c_str(), status);
588 std::shared_ptr<ResultSet> resultSet =
589 GetResultSet(SELECT_ACCESS_CONTROL_TABLE_WHERE_TRUSTDEVICEID_AND_STATUS,
590 std::vector<ValueObject>{ ValueObject(trustDeviceId), ValueObject(status) });
591 if (resultSet == nullptr) {
592 HILOGE("resultSet is nullptr");
593 return DP_GET_RESULTSET_FAIL;
594 }
595 int32_t rowCount = ROWCOUNT_INIT;
596 resultSet->GetRowCount(rowCount);
597 if (rowCount == 0) {
598 HILOGE("trustDeviceId and status not find");
599 resultSet->Close();
600 return DP_NOT_FIND_DATA;
601 }
602 int32_t ret = this->GetAclProfileByBundleName(resultSet, bundleName, profile);
603 resultSet->Close();
604 if (ret != DP_SUCCESS) {
605 HILOGE("GetAclProfileByBundleName faild");
606 return ret;
607 }
608 if (profile.empty()) {
609 HILOGE("by bundleName trustDeviceId status not find data");
610 return DP_NOT_FIND_DATA;
611 }
612 HILOGI("end!");
613 return DP_SUCCESS;
614 }
615
GetAccessControlProfile(const std::map<std::string,std::string> & params,std::vector<AccessControlProfile> & profile)616 int32_t TrustProfileManager::GetAccessControlProfile(const std::map<std::string, std::string>& params,
617 std::vector<AccessControlProfile>& profile)
618 {
619 std::lock_guard<std::mutex> lock(aclMutex_);
620 if (params.find(TRUST_DEVICE_ID) != params.end() &&
621 ProfileUtils::IsPropertyValid(params, STATUS, INT32_MIN, INT32_MAX)) {
622 if (ProfileUtils::IsPropertyValid(params, USERID, INT32_MIN, INT32_MAX) &&
623 params.find(BUNDLENAME) != params.end()) {
624 return GetAccessControlProfile(std::atoi(params.at(USERID).c_str()),
625 params.at(BUNDLENAME), params.at(TRUST_DEVICE_ID), std::atoi(params.at(STATUS).c_str()), profile);
626 }
627 if (params.find(BUNDLENAME) != params.end()) {
628 return GetAccessControlProfile(params.at(BUNDLENAME),
629 params.at(TRUST_DEVICE_ID), std::atoi(params.at(STATUS).c_str()), profile);
630 }
631 if (ProfileUtils::IsPropertyValidInt64(params, TOKENID)) {
632 return GetAccessControlProfileByTokenId(std::atoi(params.at(TOKENID).c_str()),
633 params.at(TRUST_DEVICE_ID), std::atoi(params.at(STATUS).c_str()), profile);
634 }
635 }
636 if (ProfileUtils::IsPropertyValid(params, BIND_TYPE, INT32_MIN, INT32_MAX) &&
637 ProfileUtils::IsPropertyValid(params, STATUS, INT32_MIN, INT32_MAX)) {
638 if (ProfileUtils::IsPropertyValid(params, USERID, INT32_MIN, INT32_MAX) &&
639 params.find(BUNDLENAME) != params.end()) {
640 return GetAccessControlProfile(std::atoi(params.at(USERID).c_str()),
641 params.at(BUNDLENAME), std::atoi(params.at(BIND_TYPE).c_str()),
642 std::atoi(params.at(STATUS).c_str()), profile);
643 }
644 if (params.find(BUNDLENAME) != params.end()) {
645 return GetAccessControlProfile(params.at(BUNDLENAME), std::atoi(params.at(BIND_TYPE).c_str()),
646 std::atoi(params.at(STATUS).c_str()), profile);
647 }
648 }
649 if (ProfileUtils::IsPropertyValid(params, USERID, INT32_MIN, INT32_MAX)) {
650 if (params.find(ACCOUNTID) != params.end()) {
651 return GetAccessControlProfile(std::atoi(params.at(USERID).c_str()), params.at(ACCOUNTID), profile);
652 }
653 return GetAccessControlProfile(std::atoi(params.at(USERID).c_str()), profile);
654 }
655 QueryProfile queryProfile;
656 QueryType queryType;
657 if (GenerateQueryProfile(params, queryType, queryProfile)) {
658 return GetAccessControlProfile(queryType, queryProfile, profile);
659 }
660 HILOGE("params is error");
661 return DP_INVALID_PARAMS;
662 }
663
DeleteTrustDeviceProfile(const std::string & deviceId)664 int32_t TrustProfileManager::DeleteTrustDeviceProfile(const std::string& deviceId)
665 {
666 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_TRUST_DEVICE_TABLE_WHERE_DEVICEID,
667 std::vector<ValueObject>{ ValueObject(deviceId) });
668 if (resultSet == nullptr) {
669 HILOGE("resultSet is nullptr");
670 return DP_GET_RESULTSET_FAIL;
671 }
672 int32_t rowCount = ROWCOUNT_INIT;
673 resultSet->GetRowCount(rowCount);
674 if (rowCount == 0) {
675 HILOGE("no data");
676 resultSet->Close();
677 return DP_NOT_FIND_DATA;
678 }
679 resultSet->GoToFirstRow();
680 TrustDeviceProfile profile;
681 ProfileUtils::ConvertToTrustDeviceProfile(resultSet, profile);
682 resultSet->Close();
683 {
684 std::lock_guard<std::mutex> lock(rdbMutex_);
685 if (rdbStore_ == nullptr) {
686 HILOGE("rdbStore_ is nullptr");
687 return DP_GET_RDBSTORE_FAIL;
688 }
689 int32_t deleteRows = DELETEROWS_INIT;
690 int32_t ret = rdbStore_->Delete(deleteRows, TRUST_DEVICE_TABLE, DEVICEID_EQUAL_CONDITION,
691 std::vector<ValueObject>{ ValueObject(deviceId) });
692 if (ret != DP_SUCCESS) {
693 HILOGE("delete trust_device_table data failed");
694 return DP_DELETE_TRUST_DEVICE_PROFILE_FAIL;
695 }
696 }
697 HILOGI("end!");
698 return DP_SUCCESS;
699 }
700
DeleteAccessControlProfile(int64_t accessControlId)701 int32_t TrustProfileManager::DeleteAccessControlProfile(int64_t accessControlId)
702 {
703 AccessControlProfile profile;
704 {
705 std::lock_guard<std::mutex> lock(aclMutex_);
706 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_ACCESS_CONTROL_TABLE_WHERE_ACCESSCONTROLID,
707 std::vector<ValueObject>{ ValueObject(accessControlId) });
708 if (resultSet == nullptr) {
709 HILOGE("resultSet is nullptr");
710 return DP_GET_RESULTSET_FAIL;
711 }
712 int32_t rowCount = ROWCOUNT_INIT;
713 resultSet->GetRowCount(rowCount);
714 if (rowCount == 0) {
715 HILOGE("by accessControlId not find data");
716 resultSet->Close();
717 return DP_NOT_FIND_DATA;
718 }
719 if (resultSet->GoToNextRow() != DP_SUCCESS) {
720 HILOGE("get AccessControlProfileResult failed");
721 resultSet->Close();
722 return DP_NOT_FIND_DATA;
723 }
724 ProfileUtils::ConvertToAccessControlProfile(resultSet, profile);
725 resultSet->Close();
726 int32_t ret = this->DeleteAccessControlProfileCheck(profile);
727 if (ret != DP_SUCCESS) {
728 HILOGE("DeleteAccessControlProfileCheck failed");
729 return ret;
730 }
731 }
732 int32_t delRet = this->DeleteTrustDeviceCheck(profile);
733 if (delRet != DP_SUCCESS) {
734 HILOGE("DeleteTrustDeviceCheck failed");
735 return delRet;
736 }
737 HILOGI("end!");
738 return DP_SUCCESS;
739 }
740
CreateTable()741 int32_t TrustProfileManager::CreateTable()
742 {
743 std::lock_guard<std::mutex> lock(rdbMutex_);
744 if (rdbStore_ == nullptr) {
745 HILOGE("rdbStore_ is nullptr");
746 return DP_GET_RDBSTORE_FAIL;
747 }
748 int32_t ret = rdbStore_->CreateTable(CREATE_TURST_DEVICE_TABLE_SQL);
749 if (ret != DP_SUCCESS) {
750 HILOGE("trust_device_table create failed");
751 return DP_CREATE_TABLE_FAIL;
752 }
753 ret = rdbStore_->CreateTable(CREATE_ACCESS_CONTROL_TABLE_SQL);
754 if (ret != DP_SUCCESS) {
755 HILOGE("access_control_table create failed");
756 return DP_CREATE_TABLE_FAIL;
757 }
758 ret = rdbStore_->CreateTable(CREATE_ACCESSER_TABLE_SQL);
759 if (ret != DP_SUCCESS) {
760 HILOGE("accesser_table create failed");
761 return DP_CREATE_TABLE_FAIL;
762 }
763 ret = rdbStore_->CreateTable(CREATE_ACCESSEE_TABLE_SQL);
764 if (ret != DP_SUCCESS) {
765 HILOGE("accessee_table create failed");
766 return DP_CREATE_TABLE_FAIL;
767 }
768 return DP_SUCCESS;
769 }
770
CreateUniqueIndex()771 int32_t TrustProfileManager::CreateUniqueIndex()
772 {
773 std::lock_guard<std::mutex> lock(rdbMutex_);
774 if (rdbStore_ == nullptr) {
775 HILOGE("rdbStore_ is nullptr");
776 return DP_GET_RDBSTORE_FAIL;
777 }
778 int32_t ret = rdbStore_->CreateTable(CREATE_TURST_DEVICE_TABLE_UNIQUE_INDEX_SQL);
779 if (ret != DP_SUCCESS) {
780 HILOGE("trust_device_table unique index create failed");
781 return DP_CREATE_UNIQUE_INDEX_FAIL;
782 }
783 ret = rdbStore_->CreateTable(CREATE_ACCESS_CONTROL_TABLE_UNIQUE_INDEX_SQL);
784 if (ret != DP_SUCCESS) {
785 HILOGE("access_control_table unique index create failed");
786 return DP_CREATE_UNIQUE_INDEX_FAIL;
787 }
788 ret = rdbStore_->CreateTable(CREATE_ACCESSER_TABLE_UNIQUE_INDEX_SQL);
789 if (ret != DP_SUCCESS) {
790 HILOGE("accesser_table unique index create failed");
791 return DP_CREATE_UNIQUE_INDEX_FAIL;
792 }
793 ret = rdbStore_->CreateTable(CREATE_ACCESSEE_TABLE_UNIQUE_INDEX_SQL);
794 if (ret != DP_SUCCESS) {
795 HILOGE("accessee_table unique index create failed");
796 return DP_CREATE_UNIQUE_INDEX_FAIL;
797 }
798 return DP_SUCCESS;
799 }
800
CheckForWardByAcerAndAcee(const QueryProfile & queryProfile,const AccessControlProfile & aclProfile)801 bool TrustProfileManager::CheckForWardByAcerAndAcee(const QueryProfile& queryProfile,
802 const AccessControlProfile& aclProfile)
803 {
804 if (aclProfile.GetAccesser().GetAccesserDeviceId() != queryProfile.GetAccesserDeviceId() ||
805 aclProfile.GetAccessee().GetAccesseeDeviceId() != queryProfile.GetAccesseeDeviceId() ||
806 aclProfile.GetStatus() != static_cast<int32_t>(Status::ACTIVE) ||
807 aclProfile.GetAccesser().GetAccesserAccountId() != queryProfile.GetAccesserAccountId() ||
808 aclProfile.GetAccessee().GetAccesseeAccountId() != queryProfile.GetAccesseeAccountId()) {
809 return false;
810 }
811 if ((aclProfile.GetAccesser().GetAccesserUserId() != queryProfile.GetAccesserUserId() &&
812 aclProfile.GetAccesser().GetAccesserUserId() != DEFAULT_USER_ID &&
813 aclProfile.GetAccesser().GetAccesserUserId() != DEFAULT_USER_ID_EXTRA) ||
814 (aclProfile.GetAccessee().GetAccesseeUserId() != queryProfile.GetAccesseeUserId() &&
815 aclProfile.GetAccessee().GetAccesseeUserId() != DEFAULT_USER_ID &&
816 aclProfile.GetAccessee().GetAccesseeUserId() != DEFAULT_USER_ID_EXTRA)) {
817 return false;
818 }
819 if (aclProfile.GetBindType() == static_cast<int32_t>(BindType::SAME_ACCOUNT) ||
820 aclProfile.GetBindLevel() == static_cast<int32_t>(BindLevel::DEVICE) ||
821 aclProfile.GetBindLevel() == static_cast<int32_t>(BindLevel::USER)) {
822 return true;
823 }
824 if (aclProfile.GetAccesser().GetAccesserTokenId() == queryProfile.GetAccesserTokenId() &&
825 aclProfile.GetAccessee().GetAccesseeTokenId() == queryProfile.GetAccesseeTokenId()) {
826 return true;
827 }
828 return false;
829 }
830
CheckForWardByAcer(const QueryProfile & queryProfile,const AccessControlProfile & aclProfile)831 bool TrustProfileManager::CheckForWardByAcer(const QueryProfile& queryProfile,
832 const AccessControlProfile& aclProfile)
833 {
834 if (aclProfile.GetAccesser().GetAccesserDeviceId() != queryProfile.GetAccesserDeviceId() ||
835 aclProfile.GetAccessee().GetAccesseeDeviceId() != queryProfile.GetAccesseeDeviceId() ||
836 aclProfile.GetStatus() != static_cast<int32_t>(Status::ACTIVE) ||
837 aclProfile.GetAccesser().GetAccesserAccountId() != queryProfile.GetAccesserAccountId()) {
838 return false;
839 }
840 if (aclProfile.GetAccesser().GetAccesserUserId() != queryProfile.GetAccesserUserId() &&
841 aclProfile.GetAccesser().GetAccesserUserId() != DEFAULT_USER_ID &&
842 aclProfile.GetAccesser().GetAccesserUserId() != DEFAULT_USER_ID_EXTRA) {
843 return false;
844 }
845 if (aclProfile.GetBindType() == static_cast<int32_t>(BindType::SAME_ACCOUNT) ||
846 aclProfile.GetBindLevel() == static_cast<int32_t>(BindLevel::DEVICE) ||
847 aclProfile.GetBindLevel() == static_cast<int32_t>(BindLevel::USER)) {
848 return true;
849 }
850 if (aclProfile.GetAccesser().GetAccesserTokenId() == queryProfile.GetAccesserTokenId()) {
851 return true;
852 }
853 return false;
854 }
855
CheckReverseByAcerAndAcee(const QueryProfile & queryProfile,const AccessControlProfile & aclProfile)856 bool TrustProfileManager::CheckReverseByAcerAndAcee(const QueryProfile& queryProfile,
857 const AccessControlProfile& aclProfile)
858 {
859 if (aclProfile.GetAccesser().GetAccesserDeviceId() != queryProfile.GetAccesseeDeviceId() ||
860 aclProfile.GetAccessee().GetAccesseeDeviceId() != queryProfile.GetAccesserDeviceId() ||
861 aclProfile.GetStatus() != static_cast<int32_t>(Status::ACTIVE) ||
862 aclProfile.GetAccesser().GetAccesserAccountId() != queryProfile.GetAccesseeAccountId() ||
863 aclProfile.GetAccessee().GetAccesseeAccountId() != queryProfile.GetAccesserAccountId()) {
864 return false;
865 }
866 if ((aclProfile.GetAccesser().GetAccesserUserId() != queryProfile.GetAccesseeUserId() &&
867 aclProfile.GetAccesser().GetAccesserUserId() != DEFAULT_USER_ID &&
868 aclProfile.GetAccesser().GetAccesserUserId() != DEFAULT_USER_ID_EXTRA) ||
869 (aclProfile.GetAccessee().GetAccesseeUserId() != queryProfile.GetAccesserUserId() &&
870 aclProfile.GetAccessee().GetAccesseeUserId() != DEFAULT_USER_ID &&
871 aclProfile.GetAccessee().GetAccesseeUserId() != DEFAULT_USER_ID_EXTRA)) {
872 return false;
873 }
874 if (aclProfile.GetBindType() == static_cast<int32_t>(BindType::SAME_ACCOUNT) ||
875 aclProfile.GetBindLevel() == static_cast<int32_t>(BindLevel::DEVICE) ||
876 aclProfile.GetBindLevel() == static_cast<int32_t>(BindLevel::USER)) {
877 return true;
878 }
879 if (aclProfile.GetAccesser().GetAccesserTokenId() == queryProfile.GetAccesseeTokenId() &&
880 aclProfile.GetAccessee().GetAccesseeTokenId() == queryProfile.GetAccesserTokenId()) {
881 return true;
882 }
883 return false;
884 }
885
CheckReverseByAcer(const QueryProfile & queryProfile,const AccessControlProfile & aclProfile)886 bool TrustProfileManager::CheckReverseByAcer(const QueryProfile& queryProfile,
887 const AccessControlProfile& aclProfile)
888 {
889 if (aclProfile.GetAccesser().GetAccesserDeviceId() != queryProfile.GetAccesseeDeviceId() ||
890 aclProfile.GetAccessee().GetAccesseeDeviceId() != queryProfile.GetAccesserDeviceId() ||
891 aclProfile.GetStatus() != static_cast<int32_t>(Status::ACTIVE) ||
892 aclProfile.GetAccessee().GetAccesseeAccountId() != queryProfile.GetAccesserAccountId()) {
893 return false;
894 }
895 if (aclProfile.GetAccessee().GetAccesseeUserId() != queryProfile.GetAccesserUserId() &&
896 aclProfile.GetAccessee().GetAccesseeUserId() != DEFAULT_USER_ID &&
897 aclProfile.GetAccessee().GetAccesseeUserId() != DEFAULT_USER_ID_EXTRA) {
898 return false;
899 }
900 if (aclProfile.GetBindType() == static_cast<int32_t>(BindType::SAME_ACCOUNT) ||
901 aclProfile.GetBindLevel() == static_cast<int32_t>(BindLevel::DEVICE) ||
902 aclProfile.GetBindLevel() == static_cast<int32_t>(BindLevel::USER)) {
903 return true;
904 }
905 if (aclProfile.GetAccessee().GetAccesseeTokenId() == queryProfile.GetAccesserTokenId()) {
906 return true;
907 }
908 return false;
909 }
910
GenerateQueryProfile(const std::map<std::string,std::string> & params,QueryType & queryType,QueryProfile & queryProfile)911 bool TrustProfileManager::GenerateQueryProfile(const std::map<std::string, std::string>& params,
912 QueryType& queryType, QueryProfile& queryProfile)
913 {
914 if (params.find(ACCESSER_DEVICE_ID) != params.end() && params.find(ACCESSEE_DEVICE_ID) != params.end() &&
915 params.find(ACCESSER_ACCOUNT_ID) != params.end() &&
916 ProfileUtils::IsPropertyValid(params, ACCESSER_USER_ID, INT32_MIN, INT32_MAX) &&
917 ProfileUtils::IsPropertyValidInt64(params, ACCESSER_TOKEN_ID)) {
918 if (params.find(ACCESSEE_ACCOUNT_ID) != params.end() &&
919 ProfileUtils::IsPropertyValid(params, ACCESSEE_USER_ID, INT32_MIN, INT32_MAX) &&
920 ProfileUtils::IsPropertyValidInt64(params, ACCESSEE_TOKEN_ID)) {
921 queryProfile.SetAccesserDeviceId(params.at(ACCESSER_DEVICE_ID));
922 queryProfile.SetAccesserUserId(std::atoi(params.at(ACCESSER_USER_ID).c_str()));
923 queryProfile.SetAccesserAccountId(params.at(ACCESSER_ACCOUNT_ID));
924 queryProfile.SetAccesserTokenId(std::atoi(params.at(ACCESSER_TOKEN_ID).c_str()));
925 queryProfile.SetAccesseeDeviceId(params.at(ACCESSEE_DEVICE_ID));
926 queryProfile.SetAccesseeUserId(std::atoi(params.at(ACCESSEE_USER_ID).c_str()));
927 queryProfile.SetAccesseeAccountId(params.at(ACCESSEE_ACCOUNT_ID));
928 queryProfile.SetAccesseeTokenId(std::atoi(params.at(ACCESSEE_TOKEN_ID).c_str()));
929 queryType = QueryType::ACER_AND_ACEE_TOKENID;
930 return true;
931 }
932 queryProfile.SetAccesserDeviceId(params.at(ACCESSER_DEVICE_ID));
933 queryProfile.SetAccesserTokenId(std::atoi(params.at(ACCESSER_TOKEN_ID).c_str()));
934 queryProfile.SetAccesserUserId(std::atoi(params.at(ACCESSER_USER_ID).c_str()));
935 queryProfile.SetAccesserAccountId(params.at(ACCESSER_ACCOUNT_ID));
936 queryProfile.SetAccesseeDeviceId(params.at(ACCESSEE_DEVICE_ID));
937 queryType = QueryType::ACER_TOKENID;
938 return true;
939 }
940 return false;
941 }
942
GetAllAccessControlProfiles(std::vector<AccessControlProfile> & profiles)943 int32_t TrustProfileManager::GetAllAccessControlProfiles(std::vector<AccessControlProfile>& profiles)
944 {
945 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_ACCESS_CONTROL_TABLE, std::vector<ValueObject> {});
946 if (resultSet == nullptr) {
947 HILOGE("resultSet is nullptr");
948 return DP_GET_RESULTSET_FAIL;
949 }
950 int32_t rowCount = ROWCOUNT_INIT;
951 resultSet->GetRowCount(rowCount);
952 if (rowCount == 0) {
953 HILOGE("access_control_table no data");
954 resultSet->Close();
955 return DP_NOT_FIND_DATA;
956 }
957 while (resultSet->GoToNextRow() == DP_SUCCESS) {
958 int32_t columnIndex = COLUMNINDEX_INIT;
959 int64_t accesserId = ACCESSERID_INIT;
960 resultSet->GetColumnIndex(ACCESSER_ID, columnIndex);
961 resultSet->GetLong(columnIndex, accesserId);
962 int64_t accesseeId = ACCESSEEID_INIT;
963 resultSet->GetColumnIndex(ACCESSEE_ID, columnIndex);
964 resultSet->GetLong(columnIndex, accesseeId);
965 int32_t ret = this->GetAccessControlProfile(resultSet, accesserId, accesseeId, profiles);
966 if (ret != DP_SUCCESS) {
967 HILOGE("GetAccessControlProfile faild");
968 resultSet->Close();
969 return ret;
970 }
971 }
972 resultSet->Close();
973 if (profiles.empty()) {
974 return DP_NOT_FIND_DATA;
975 }
976 HILOGI("end!");
977 return DP_SUCCESS;
978 }
979
GetAclProfileByUserIdAndBundleName(std::shared_ptr<ResultSet> resultSet,int32_t userId,const std::string & bundleName,std::vector<AccessControlProfile> & profile)980 int32_t TrustProfileManager::GetAclProfileByUserIdAndBundleName(std::shared_ptr<ResultSet> resultSet,
981 int32_t userId, const std::string& bundleName, std::vector<AccessControlProfile>& profile)
982 {
983 if (resultSet == nullptr) {
984 HILOGE("resultSet is nullptr");
985 return DP_GET_RESULTSET_FAIL;
986 }
987 while (resultSet->GoToNextRow() == DP_SUCCESS) {
988 int32_t columnIndex = COLUMNINDEX_INIT;
989 int64_t accesserId = ACCESSERID_INIT;
990 resultSet->GetColumnIndex(ACCESSER_ID, columnIndex);
991 resultSet->GetLong(columnIndex, accesserId);
992 int64_t accesseeId = ACCESSEEID_INIT;
993 resultSet->GetColumnIndex(ACCESSEE_ID, columnIndex);
994 resultSet->GetLong(columnIndex, accesseeId);
995 int32_t bindType = BINDTYPE_INIT;
996 resultSet->GetColumnIndex(BIND_TYPE, columnIndex);
997 resultSet->GetInt(columnIndex, bindType);
998 int32_t bindLevel = BINDLEVEL_INIT;
999 resultSet->GetColumnIndex(BIND_LEVEL, columnIndex);
1000 resultSet->GetInt(columnIndex, bindLevel);
1001 if (bindType == static_cast<int32_t>(BindType::SAME_ACCOUNT) ||
1002 bindLevel == static_cast<int32_t>(BindLevel::DEVICE) ||
1003 bindLevel == static_cast<int32_t>(BindLevel::USER)) {
1004 int32_t ret = this->GetAccessControlProfiles(resultSet, accesserId, accesseeId, userId, profile);
1005 if (ret != DP_SUCCESS) {
1006 HILOGE("GetAccessControlProfiles failed");
1007 return ret;
1008 }
1009 } else {
1010 int32_t ret = this->GetAccessControlProfiles(resultSet, accesserId,
1011 accesseeId, userId, bundleName, profile);
1012 if (ret != DP_SUCCESS) {
1013 HILOGE("GetAccessControlProfiles failed");
1014 return ret;
1015 }
1016 }
1017 }
1018 return DP_SUCCESS;
1019 }
1020
GetAclProfileByUserIdAndAccountId(std::shared_ptr<ResultSet> resultSet,int64_t accesserId,int64_t accesseeId,int32_t userId,const std::string & accountId,std::vector<AccessControlProfile> & profile)1021 int32_t TrustProfileManager::GetAclProfileByUserIdAndAccountId(std::shared_ptr<ResultSet> resultSet, int64_t accesserId,
1022 int64_t accesseeId, int32_t userId, const std::string& accountId, std::vector<AccessControlProfile>& profile)
1023 {
1024 std::shared_ptr<ResultSet> accesserResultSet =
1025 GetResultSet(SELECT_ACCESSER_TABLE_WHERE_ACCESSERID_AND_ACCESSERUSERID_ACCESSERACCOUNTID,
1026 std::vector<ValueObject>{ ValueObject(accesserId), ValueObject(userId), ValueObject(accountId) });
1027 if (accesserResultSet == nullptr) {
1028 HILOGE("accesserResultSet is nullptr");
1029 return DP_GET_RESULTSET_FAIL;
1030 }
1031 int32_t rowCount = ROWCOUNT_INIT;
1032 accesserResultSet->GetRowCount(rowCount);
1033 if (rowCount != 0) {
1034 std::shared_ptr<ResultSet> accesseeResultSet = GetResultSet(SELECT_ACCESSEE_TABLE_WHERE_ACCESSEEID,
1035 std::vector<ValueObject>{ ValueObject(accesseeId) });
1036 if (accesseeResultSet == nullptr) {
1037 HILOGE("accesseeResultSet is nullptr");
1038 return DP_GET_RESULTSET_FAIL;
1039 }
1040 ProfileUtils::ConvertToAccessControlProfiles(resultSet, accesserResultSet, accesseeResultSet, profile);
1041 accesserResultSet->Close();
1042 accesseeResultSet->Close();
1043 return DP_SUCCESS;
1044 }
1045 accesserResultSet->Close();
1046
1047 std::shared_ptr<ResultSet> accesseeResultSet =
1048 GetResultSet(SELECT_ACCESSEE_TABLE_WHERE_ACCESSEEID_AND_ACCESSEEUSEEID_ACCESSEEACCOUNTID,
1049 std::vector<ValueObject>{ ValueObject(accesseeId), ValueObject(userId), ValueObject(accountId) });
1050 if (accesseeResultSet == nullptr) {
1051 HILOGE("accesseeResultSet is nullptr");
1052 return DP_GET_RESULTSET_FAIL;
1053 }
1054 accesseeResultSet->GetRowCount(rowCount);
1055 if (rowCount != 0) {
1056 accesserResultSet = GetResultSet(SELECT_ACCESSER_TABLE_WHERE_ACCESSERID,
1057 std::vector<ValueObject>{ ValueObject(accesserId) });
1058 if (accesserResultSet == nullptr) {
1059 HILOGE("accesserResultSet is nullptr");
1060 return DP_GET_RESULTSET_FAIL;
1061 }
1062 ProfileUtils::ConvertToAccessControlProfiles(resultSet, accesserResultSet, accesseeResultSet, profile);
1063 accesserResultSet->Close();
1064 }
1065 accesseeResultSet->Close();
1066 return DP_SUCCESS;
1067 }
1068
GetAclProfileByTokenId(std::shared_ptr<ResultSet> resultSet,const std::string & trustDeviceId,int64_t tokenId,std::vector<AccessControlProfile> & profile)1069 int32_t TrustProfileManager::GetAclProfileByTokenId(std::shared_ptr<ResultSet> resultSet,
1070 const std::string& trustDeviceId, int64_t tokenId, std::vector<AccessControlProfile>& profile)
1071 {
1072 if (resultSet == nullptr) {
1073 HILOGE("resultSet is nullptr");
1074 return DP_GET_RESULTSET_FAIL;
1075 }
1076 while (resultSet->GoToNextRow() == DP_SUCCESS) {
1077 int32_t columnIndex = COLUMNINDEX_INIT;
1078 int64_t accesserId = ACCESSERID_INIT;
1079 resultSet->GetColumnIndex(ACCESSER_ID, columnIndex);
1080 resultSet->GetLong(columnIndex, accesserId);
1081 int64_t accesseeId = ACCESSEEID_INIT;
1082 resultSet->GetColumnIndex(ACCESSEE_ID, columnIndex);
1083 resultSet->GetLong(columnIndex, accesseeId);
1084 int32_t bindType = BINDTYPE_INIT;
1085 resultSet->GetColumnIndex(BIND_TYPE, columnIndex);
1086 resultSet->GetInt(columnIndex, bindType);
1087 int32_t bindLevel = BINDLEVEL_INIT;
1088 resultSet->GetColumnIndex(BIND_LEVEL, columnIndex);
1089 resultSet->GetInt(columnIndex, bindLevel);
1090 if (bindType == static_cast<int32_t> (BindType::SAME_ACCOUNT) ||
1091 bindLevel == static_cast<int32_t> (BindLevel::DEVICE) ||
1092 bindLevel == static_cast<int32_t>(BindLevel::USER)) {
1093 int32_t ret = this->GetAccessControlProfilesByDeviceId(
1094 resultSet, accesserId, accesseeId, trustDeviceId, profile);
1095 if (ret != DP_SUCCESS) {
1096 HILOGE("GetAccessControlProfile failed");
1097 return ret;
1098 }
1099 } else {
1100 int32_t ret = this->GetAccessControlProfilesByTokenId(resultSet, accesserId,
1101 accesseeId, trustDeviceId, tokenId, profile);
1102 if (ret != DP_SUCCESS) {
1103 HILOGE("GetAccessControlProfilesByTokenId failed");
1104 return ret;
1105 }
1106 }
1107 }
1108 return DP_SUCCESS;
1109 }
1110
GetAclProfileByBundleName(std::shared_ptr<ResultSet> resultSet,const std::string & bundleName,std::vector<AccessControlProfile> & profile)1111 int32_t TrustProfileManager::GetAclProfileByBundleName(std::shared_ptr<ResultSet> resultSet,
1112 const std::string& bundleName, std::vector<AccessControlProfile>& profile)
1113 {
1114 if (resultSet == nullptr) {
1115 HILOGE("resultSet is nullptr");
1116 return DP_GET_RESULTSET_FAIL;
1117 }
1118 while (resultSet->GoToNextRow() == DP_SUCCESS) {
1119 int32_t columnIndex = COLUMNINDEX_INIT;
1120 int64_t accesserId = ACCESSERID_INIT;
1121 resultSet->GetColumnIndex(ACCESSER_ID, columnIndex);
1122 resultSet->GetLong(columnIndex, accesserId);
1123 int64_t accesseeId = ACCESSEEID_INIT;
1124 resultSet->GetColumnIndex(ACCESSEE_ID, columnIndex);
1125 resultSet->GetLong(columnIndex, accesseeId);
1126 int32_t bindType = BINDTYPE_INIT;
1127 resultSet->GetColumnIndex(BIND_TYPE, columnIndex);
1128 resultSet->GetInt(columnIndex, bindType);
1129 int32_t bindLevel = BINDLEVEL_INIT;
1130 resultSet->GetColumnIndex(BIND_LEVEL, columnIndex);
1131 resultSet->GetInt(columnIndex, bindLevel);
1132 if (bindType == static_cast<int32_t> (BindType::SAME_ACCOUNT) ||
1133 bindLevel == static_cast<int32_t> (BindLevel::DEVICE) ||
1134 bindLevel == static_cast<int32_t>(BindLevel::USER)) {
1135 int32_t ret = this->GetAccessControlProfile(resultSet, accesserId, accesseeId, profile);
1136 if (ret != DP_SUCCESS) {
1137 HILOGE("GetAccessControlProfile failed");
1138 return ret;
1139 }
1140 } else {
1141 int32_t ret = this->GetAccessControlProfiles(resultSet, accesserId, accesseeId, bundleName, profile);
1142 if (ret != DP_SUCCESS) {
1143 HILOGE("GetAccessControlProfiles failed");
1144 return ret;
1145 }
1146 }
1147 }
1148 return DP_SUCCESS;
1149 }
1150
PutAccesserProfile(const AccessControlProfile & profile)1151 int32_t TrustProfileManager::PutAccesserProfile(const AccessControlProfile& profile)
1152 {
1153 Accesser accesser = profile.GetAccesser();
1154 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_ACCESSER_TABLE_WHERE_ALL, std::vector<ValueObject>{
1155 ValueObject(accesser.GetAccesserDeviceId()), ValueObject(accesser.GetAccesserUserId()),
1156 ValueObject(accesser.GetAccesserAccountId()), ValueObject(accesser.GetAccesserTokenId()),
1157 ValueObject(accesser.GetAccesserBundleName()), ValueObject(accesser.GetAccesserHapSignature()),
1158 ValueObject(static_cast<int32_t>(accesser.GetAccesserBindLevel())),
1159 ValueObject(accesser.GetAccesserDeviceName()), ValueObject(accesser.GetAccesserServiceName()),
1160 ValueObject(accesser.GetAccesserCredentialId()),
1161 ValueObject(static_cast<int32_t>(accesser.GetAccesserStatus())),
1162 ValueObject(accesser.GetAccesserSessionKeyId())});
1163 if (resultSet == nullptr) {
1164 HILOGE("resultSet is nullptr");
1165 return DP_GET_RESULTSET_FAIL;
1166 }
1167 int32_t rowCount = ROWCOUNT_INIT;
1168 resultSet->GetRowCount(rowCount);
1169 if (rowCount > 0) {
1170 HILOGI("accesser is exists");
1171 resultSet->Close();
1172 return DP_SUCCESS;
1173 }
1174 resultSet->Close();
1175 ValuesBucket values;
1176 ProfileUtils::AccesserToEntries(profile, values);
1177 int64_t rowId = ROWID_INIT;
1178 {
1179 std::lock_guard<std::mutex> lock(rdbMutex_);
1180 if (rdbStore_ == nullptr) {
1181 HILOGE("rdbStore_ is nullptr");
1182 return DP_GET_RDBSTORE_FAIL;
1183 }
1184 int32_t ret = rdbStore_->Put(rowId, ACCESSER_TABLE, values);
1185 if (ret != DP_SUCCESS) {
1186 HILOGE("accesser_table insert failed");
1187 return DP_PUT_ACCESSER_PROFILE_FAIL;
1188 }
1189 }
1190 HILOGI("PutAccesser : %{public}s", profile.GetAccesser().dump().c_str());
1191 return DP_SUCCESS;
1192 }
1193
PutAccesseeProfile(const AccessControlProfile & profile)1194 int32_t TrustProfileManager::PutAccesseeProfile(const AccessControlProfile& profile)
1195 {
1196 Accessee accessee = profile.GetAccessee();
1197 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_ACCESSEE_TABLE_WHERE_ALL, std::vector<ValueObject>{
1198 ValueObject(accessee.GetAccesseeDeviceId()), ValueObject(accessee.GetAccesseeUserId()),
1199 ValueObject(accessee.GetAccesseeAccountId()), ValueObject(accessee.GetAccesseeTokenId()),
1200 ValueObject(accessee.GetAccesseeBundleName()), ValueObject(accessee.GetAccesseeHapSignature()),
1201 ValueObject(static_cast<int32_t>(accessee.GetAccesseeBindLevel())),
1202 ValueObject(accessee.GetAccesseeDeviceName()), ValueObject(accessee.GetAccesseeServiceName()),
1203 ValueObject(accessee.GetAccesseeCredentialId()),
1204 ValueObject(static_cast<int32_t>(accessee.GetAccesseeStatus())),
1205 ValueObject(accessee.GetAccesseeSessionKeyId())});
1206 if (resultSet == nullptr) {
1207 HILOGE("resultSet is nullptr");
1208 return DP_GET_RESULTSET_FAIL;
1209 }
1210 int32_t rowCount = ROWCOUNT_INIT;
1211 resultSet->GetRowCount(rowCount);
1212 if (rowCount > 0) {
1213 HILOGI("accessee is exists");
1214 resultSet->Close();
1215 return DP_SUCCESS;
1216 }
1217 resultSet->Close();
1218 ValuesBucket values;
1219 ProfileUtils::AccesseeToEntries(profile, values);
1220 int64_t rowId = ROWID_INIT;
1221 {
1222 std::lock_guard<std::mutex> lock(rdbMutex_);
1223 if (rdbStore_ == nullptr) {
1224 HILOGE("rdbStore_ is nullptr");
1225 return DP_GET_RDBSTORE_FAIL;
1226 }
1227 int32_t ret = rdbStore_->Put(rowId, ACCESSEE_TABLE, values);
1228 if (ret != DP_SUCCESS) {
1229 HILOGE("accessee_table insert failed");
1230 return DP_PUT_ACCESSEE_PROFILE_FAIL;
1231 }
1232 }
1233 HILOGI("PutAccessee : %{public}s", profile.GetAccessee().dump().c_str());
1234 return DP_SUCCESS;
1235 }
1236
SetAccessControlId(AccessControlProfile & profile)1237 int32_t TrustProfileManager::SetAccessControlId(AccessControlProfile& profile)
1238 {
1239 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_ACCESS_CONTROL_TABLE, std::vector<ValueObject> {});
1240 if (resultSet == nullptr) {
1241 HILOGE("resultSet is nullptr");
1242 return DP_GET_RESULTSET_FAIL;
1243 }
1244 int32_t rowCount = ROWCOUNT_INIT;
1245 resultSet->GetRowCount(rowCount);
1246 if (rowCount == 0) {
1247 profile.SetAccessControlId(1);
1248 resultSet->Close();
1249 return DP_SUCCESS;
1250 }
1251 int64_t accessControlId = ACCESSCONTROLID_INIT;
1252 int32_t columnIndex = COLUMNINDEX_INIT;
1253 resultSet->GoToLastRow();
1254 resultSet->GetColumnIndex(ACCESS_CONTROL_ID, columnIndex);
1255 resultSet->GetLong(columnIndex, accessControlId);
1256 resultSet->Close();
1257 profile.SetAccessControlId(accessControlId+1);
1258 return DP_SUCCESS;
1259 }
1260
SetAccesserId(AccessControlProfile & profile)1261 int32_t TrustProfileManager::SetAccesserId(AccessControlProfile& profile)
1262 {
1263 Accesser accesser = profile.GetAccesser();
1264 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_ACCESSER_TABLE_WHERE_ALL, std::vector<ValueObject>{
1265 ValueObject(accesser.GetAccesserDeviceId()), ValueObject(accesser.GetAccesserUserId()),
1266 ValueObject(accesser.GetAccesserAccountId()), ValueObject(accesser.GetAccesserTokenId()),
1267 ValueObject(accesser.GetAccesserBundleName()), ValueObject(accesser.GetAccesserHapSignature()),
1268 ValueObject(static_cast<int32_t>(accesser.GetAccesserBindLevel())),
1269 ValueObject(accesser.GetAccesserDeviceName()), ValueObject(accesser.GetAccesserServiceName()),
1270 ValueObject(accesser.GetAccesserCredentialId()),
1271 ValueObject(static_cast<int32_t>(accesser.GetAccesserStatus())),
1272 ValueObject(accesser.GetAccesserSessionKeyId())});
1273 if (resultSet == nullptr) {
1274 HILOGE("resultSet is nullptr");
1275 return DP_GET_RESULTSET_FAIL;
1276 }
1277 int32_t rowCount = ROWCOUNT_INIT;
1278 int64_t accesserId = ACCESSERID_INIT;
1279 int32_t columnIndex = COLUMNINDEX_INIT;
1280 resultSet->GetRowCount(rowCount);
1281 if (rowCount > 0) {
1282 resultSet->GoToFirstRow();
1283 resultSet->GetColumnIndex(ACCESSER_ID, columnIndex);
1284 resultSet->GetLong(columnIndex, accesserId);
1285 profile.SetAccesserId(accesserId);
1286 resultSet->Close();
1287 return DP_SUCCESS;
1288 }
1289 resultSet->Close();
1290 resultSet = GetResultSet(SELECT_ACCESSER_TABLE, std::vector<ValueObject> {});
1291 if (resultSet == nullptr) {
1292 HILOGE("resultSet is nullptr");
1293 return DP_GET_RESULTSET_FAIL;
1294 }
1295 resultSet->GetRowCount(rowCount);
1296 if (rowCount == 0) {
1297 profile.GetAccesser().SetAccesserId(1);
1298 profile.SetAccesserId(1);
1299 resultSet->Close();
1300 return DP_SUCCESS;
1301 }
1302 resultSet->GoToLastRow();
1303 resultSet->GetColumnIndex(ACCESSER_ID, columnIndex);
1304 resultSet->GetLong(columnIndex, accesserId);
1305 resultSet->Close();
1306 accesserId = accesserId + 1;
1307 profile.SetAccesserId(accesserId);
1308 return DP_SUCCESS;
1309 }
1310
SetAccesseeId(AccessControlProfile & profile)1311 int32_t TrustProfileManager::SetAccesseeId(AccessControlProfile& profile)
1312 {
1313 Accessee accessee = profile.GetAccessee();
1314 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_ACCESSEE_TABLE_WHERE_ALL, std::vector<ValueObject>{
1315 ValueObject(accessee.GetAccesseeDeviceId()), ValueObject(accessee.GetAccesseeUserId()),
1316 ValueObject(accessee.GetAccesseeAccountId()), ValueObject(accessee.GetAccesseeTokenId()),
1317 ValueObject(accessee.GetAccesseeBundleName()), ValueObject(accessee.GetAccesseeHapSignature()),
1318 ValueObject(static_cast<int32_t>(accessee.GetAccesseeBindLevel())),
1319 ValueObject(accessee.GetAccesseeDeviceName()), ValueObject(accessee.GetAccesseeServiceName()),
1320 ValueObject(accessee.GetAccesseeCredentialId()),
1321 ValueObject(static_cast<int32_t>(accessee.GetAccesseeStatus())),
1322 ValueObject(accessee.GetAccesseeSessionKeyId())});
1323 if (resultSet == nullptr) {
1324 HILOGE("resultSet is nullptr");
1325 return DP_GET_RESULTSET_FAIL;
1326 }
1327 int32_t rowCount = ROWCOUNT_INIT;
1328 int64_t accesseeId = ACCESSEEID_INIT;
1329 int32_t columnIndex = COLUMNINDEX_INIT;
1330 resultSet->GetRowCount(rowCount);
1331 if (rowCount > 0) {
1332 resultSet->GoToFirstRow();
1333 resultSet->GetColumnIndex(ACCESSEE_ID, columnIndex);
1334 resultSet->GetLong(columnIndex, accesseeId);
1335 profile.SetAccesseeId(accesseeId);
1336 resultSet->Close();
1337 return DP_SUCCESS;
1338 }
1339 resultSet->Close();
1340 resultSet = GetResultSet(SELECT_ACCESSEE_TABLE, std::vector<ValueObject> {});
1341 if (resultSet == nullptr) {
1342 HILOGE("resultSet is nullptr");
1343 return DP_GET_RESULTSET_FAIL;
1344 }
1345 resultSet->GetRowCount(rowCount);
1346 if (rowCount == 0) {
1347 profile.GetAccessee().SetAccesseeId(1);
1348 profile.SetAccesseeId(1);
1349 resultSet->Close();
1350 return DP_SUCCESS;
1351 }
1352 resultSet->GoToLastRow();
1353 resultSet->GetColumnIndex(ACCESSEE_ID, columnIndex);
1354 resultSet->GetLong(columnIndex, accesseeId);
1355 resultSet->Close();
1356 accesseeId = accesseeId + 1;
1357 profile.SetAccesseeId(accesseeId);
1358 return DP_SUCCESS;
1359 }
1360
UpdateAccesserProfile(const AccessControlProfile & profile)1361 int32_t TrustProfileManager::UpdateAccesserProfile(const AccessControlProfile& profile)
1362 {
1363 ValuesBucket values;
1364 ProfileUtils::AccesserToEntries(profile, values);
1365 int32_t changeRowCnt = CHANGEROWCNT_INIT;
1366 {
1367 std::lock_guard<std::mutex> lock(rdbMutex_);
1368 if (rdbStore_ == nullptr) {
1369 HILOGE("rdbStore_ is nullptr");
1370 return DP_GET_RDBSTORE_FAIL;
1371 }
1372 int32_t ret = rdbStore_->Update(changeRowCnt, ACCESSER_TABLE, values, ACCESSERID_EQUAL_CONDITION,
1373 std::vector<ValueObject> {ValueObject(profile.GetAccesserId())});
1374 if (ret != DP_SUCCESS) {
1375 HILOGE("accesser_table update failed");
1376 return DP_UPDATE_ACCESSER_PROFILE_FAIL;
1377 }
1378 }
1379 HILOGI("UpdateAccesser : %{public}s", profile.GetAccesser().dump().c_str());
1380 return DP_SUCCESS;
1381 }
1382
UpdateAccesseeProfile(const AccessControlProfile & profile)1383 int32_t TrustProfileManager::UpdateAccesseeProfile(const AccessControlProfile& profile)
1384 {
1385 ValuesBucket values;
1386 ProfileUtils::AccesseeToEntries(profile, values);
1387 int32_t changeRowCnt = CHANGEROWCNT_INIT;
1388 {
1389 std::lock_guard<std::mutex> lock(rdbMutex_);
1390 if (rdbStore_ == nullptr) {
1391 HILOGE("rdbStore_ is nullptr");
1392 return DP_GET_RDBSTORE_FAIL;
1393 }
1394 int32_t ret = rdbStore_->Update(changeRowCnt, ACCESSEE_TABLE, values, ACCESSEEID_EQUAL_CONDITION,
1395 std::vector<ValueObject>{ ValueObject(profile.GetAccesseeId()) });
1396 if (ret != DP_SUCCESS) {
1397 HILOGE("accessee_table update failed");
1398 return DP_UPDATE_ACCESSEE_PROFILE_FAIL;
1399 }
1400 }
1401 HILOGI("UpdateAccessee : %{public}s", profile.GetAccessee().dump().c_str());
1402 return DP_SUCCESS;
1403 }
1404
UpdateTrustDeviceProfileNotify(const TrustDeviceProfile & oldProfile,const TrustDeviceProfile & newProfile)1405 int32_t TrustProfileManager::UpdateTrustDeviceProfileNotify(const TrustDeviceProfile& oldProfile,
1406 const TrustDeviceProfile &newProfile)
1407 {
1408 if (oldProfile.GetStatus() != newProfile.GetStatus()) {
1409 int32_t ret = SubscribeProfileManager::GetInstance().NotifyTrustDeviceProfileUpdate(oldProfile, newProfile);
1410 if (ret != DP_SUCCESS) {
1411 HILOGE("NotifyTrustDeviceProfileUpdate failed");
1412 return DP_NOTIFY_TRUST_DEVICE_FAIL;
1413 }
1414 }
1415 return DP_SUCCESS;
1416 }
1417
GetResultStatus(const std::string & trustDeviceId,int32_t & trustDeviceStatus)1418 int32_t TrustProfileManager::GetResultStatus(const std::string& trustDeviceId, int32_t& trustDeviceStatus)
1419 {
1420 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_ACCESS_CONTROL_TABLE_WHERE_TRUSTDEVICEID,
1421 std::vector<ValueObject>{ ValueObject(trustDeviceId) });
1422 if (resultSet == nullptr) {
1423 HILOGE("resultSet is nullptr");
1424 return DP_GET_RESULTSET_FAIL;
1425 }
1426 int32_t rowCount = ROWCOUNT_INIT;
1427 resultSet->GetRowCount(rowCount);
1428 if (rowCount == 0) {
1429 HILOGE("trustDeviceId not find");
1430 resultSet->Close();
1431 return DP_NOT_FIND_DATA;
1432 }
1433 int32_t columnIndex = COLUMNINDEX_INIT;
1434 trustDeviceStatus = 0;
1435 while (resultSet->GoToNextRow() == DP_SUCCESS) {
1436 int32_t status = STATUS_INIT;
1437 resultSet->GetColumnIndex(STATUS, columnIndex);
1438 resultSet->GetInt(columnIndex, status);
1439 if (status == 1) {
1440 trustDeviceStatus = 1;
1441 break;
1442 }
1443 }
1444 resultSet->Close();
1445 return DP_SUCCESS;
1446 }
1447
GetAccessControlProfile(std::shared_ptr<ResultSet> resultSet,int64_t accesserId,int64_t accesseeId,std::vector<AccessControlProfile> & profile)1448 int32_t TrustProfileManager::GetAccessControlProfile(std::shared_ptr<ResultSet> resultSet,
1449 int64_t accesserId, int64_t accesseeId, std::vector<AccessControlProfile>& profile)
1450 {
1451 std::shared_ptr<ResultSet> accesserResultSet = GetResultSet(SELECT_ACCESSER_TABLE_WHERE_ACCESSERID,
1452 std::vector<ValueObject>{ ValueObject(accesserId) });
1453 if (accesserResultSet == nullptr) {
1454 HILOGE("accesserResultSet is nullptr");
1455 return DP_GET_RESULTSET_FAIL;
1456 }
1457 int32_t rowCount = ROWCOUNT_INIT;
1458 accesserResultSet->GetRowCount(rowCount);
1459 if (rowCount == 0) {
1460 HILOGE("not find data");
1461 accesserResultSet->Close();
1462 return DP_NOT_FIND_DATA;
1463 }
1464 std::shared_ptr<ResultSet> accesseeResultSet = GetResultSet(SELECT_ACCESSEE_TABLE_WHERE_ACCESSEEID,
1465 std::vector<ValueObject>{ ValueObject(accesseeId) });
1466 if (accesseeResultSet == nullptr) {
1467 HILOGE("accesseeResultSet is nullptr");
1468 return DP_GET_RESULTSET_FAIL;
1469 }
1470 accesseeResultSet->GetRowCount(rowCount);
1471 if (rowCount == 0) {
1472 HILOGE("not find data");
1473 accesserResultSet->Close();
1474 accesseeResultSet->Close();
1475 return DP_NOT_FIND_DATA;
1476 }
1477 ProfileUtils::ConvertToAccessControlProfiles(resultSet, accesserResultSet, accesseeResultSet, profile);
1478 accesserResultSet->Close();
1479 accesseeResultSet->Close();
1480 return DP_SUCCESS;
1481 }
1482
GetAccessControlProfilesByDeviceId(std::shared_ptr<ResultSet> resultSet,int64_t accesserId,int64_t accesseeId,const std::string & trustDeviceId,std::vector<AccessControlProfile> & profile)1483 int32_t TrustProfileManager::GetAccessControlProfilesByDeviceId(
1484 std::shared_ptr<ResultSet> resultSet, int64_t accesserId, int64_t accesseeId,
1485 const std::string& trustDeviceId, std::vector<AccessControlProfile>& profile)
1486 {
1487 std::shared_ptr<ResultSet> accesserResultSet =
1488 GetResultSet(SELECT_ACCESSER_TABLE_WHERE_ACCESSERID_AND_ACCESSERDEVICEID,
1489 std::vector<ValueObject>{ ValueObject(accesserId), ValueObject(trustDeviceId) });
1490 if (accesserResultSet == nullptr) {
1491 HILOGE("accesserResultSet is nullptr");
1492 return DP_GET_RESULTSET_FAIL;
1493 }
1494 int32_t rowCount = ROWCOUNT_INIT;
1495 accesserResultSet->GetRowCount(rowCount);
1496 if (rowCount != 0) {
1497 std::shared_ptr<ResultSet> accesseeResultSet = GetResultSet(SELECT_ACCESSEE_TABLE_WHERE_ACCESSEEID,
1498 std::vector<ValueObject>{ ValueObject(accesseeId) });
1499 if (accesseeResultSet == nullptr) {
1500 HILOGE("accesseeResultSet is nullptr");
1501 return DP_GET_RESULTSET_FAIL;
1502 }
1503 ProfileUtils::ConvertToAccessControlProfiles(resultSet, accesserResultSet, accesseeResultSet, profile);
1504 accesserResultSet->Close();
1505 accesseeResultSet->Close();
1506 return DP_SUCCESS;
1507 }
1508 accesserResultSet->Close();
1509
1510 std::shared_ptr<ResultSet> accesseeResultSet =
1511 GetResultSet(SELECT_ACCESSEE_TABLE_WHERE_ACCESSEEID_AND_ACCESSEEDEVICEID,
1512 std::vector<ValueObject>{ ValueObject(accesseeId), ValueObject(trustDeviceId) });
1513 if (accesseeResultSet == nullptr) {
1514 HILOGE("accesseeResultSet is nullptr");
1515 return DP_GET_RESULTSET_FAIL;
1516 }
1517 accesseeResultSet->GetRowCount(rowCount);
1518 if (rowCount != 0) {
1519 accesserResultSet = GetResultSet(SELECT_ACCESSER_TABLE_WHERE_ACCESSERID,
1520 std::vector<ValueObject>{ ValueObject(accesserId) });
1521 if (accesserResultSet == nullptr) {
1522 HILOGE("accesserResultSet is nullptr");
1523 return DP_GET_RESULTSET_FAIL;
1524 }
1525 ProfileUtils::ConvertToAccessControlProfiles(resultSet, accesserResultSet, accesseeResultSet, profile);
1526 accesserResultSet->Close();
1527 }
1528 accesseeResultSet->Close();
1529 return DP_SUCCESS;
1530 }
1531
DeleteAccessControlProfileCheck(AccessControlProfile & profile)1532 int32_t TrustProfileManager::DeleteAccessControlProfileCheck(AccessControlProfile& profile)
1533 {
1534 Accessee accessee;
1535 int32_t ret = this->DeleteAccesseeCheck(profile.GetAccesseeId(), accessee);
1536 if (ret != DP_SUCCESS) {
1537 HILOGE("DeleteAccesseeCheck failed");
1538 return ret;
1539 }
1540 Accesser accesser;
1541 ret = this->DeleteAccesserCheck(profile.GetAccesserId(), accesser);
1542 if (ret != DP_SUCCESS) {
1543 HILOGE("DeleteAccesserCheck failed");
1544 return ret;
1545 }
1546 {
1547 std::lock_guard<std::mutex> lock(rdbMutex_);
1548 if (rdbStore_ == nullptr) {
1549 HILOGE("rdbStore_ is nullptr");
1550 return DP_GET_RDBSTORE_FAIL;
1551 }
1552 int32_t deleteRows = DELETEROWS_INIT;
1553 ret = rdbStore_->Delete(deleteRows, ACCESS_CONTROL_TABLE, ACCESSCONTROLID_EQUAL_CONDITION,
1554 std::vector<ValueObject>{ ValueObject(profile.GetAccessControlId()) });
1555 if (ret != DP_SUCCESS) {
1556 HILOGE("delete access_control_table failed");
1557 return DP_DELETE_ACCESS_CONTROL_PROFILE_FAIL;
1558 }
1559 }
1560 HILOGI("DeleteAclProfile : %{public}s", profile.dump().c_str());
1561 AccessControlProfile resultProfile(profile);
1562 resultProfile.SetAccesser(accesser);
1563 resultProfile.SetAccessee(accessee);
1564 profile = resultProfile;
1565 return DP_SUCCESS;
1566 }
1567
GetResultSet(const std::string & sql,std::vector<ValueObject> condition)1568 std::shared_ptr<ResultSet> TrustProfileManager::GetResultSet(
1569 const std::string& sql, std::vector<ValueObject> condition)
1570 {
1571 if (sql.empty() || sql.length() > MAX_STRING_LEN) {
1572 HILOGE("sql is invalid");
1573 return nullptr;
1574 }
1575 if (condition.size() > MAX_PARAM_SIZE) {
1576 HILOGE("condition is invalid");
1577 return nullptr;
1578 }
1579 std::lock_guard<std::mutex> lock(rdbMutex_);
1580 if (rdbStore_ == nullptr) {
1581 HILOGE("rdbStore_ is nullptr");
1582 return nullptr;
1583 }
1584 return rdbStore_->Get(sql, condition);
1585 }
1586
SetAccessControlProfileId(AccessControlProfile & accessControlProfile)1587 int32_t TrustProfileManager::SetAccessControlProfileId(AccessControlProfile& accessControlProfile)
1588 {
1589 int32_t ret = this->SetAccessControlId(accessControlProfile);
1590 if (ret != DP_SUCCESS) {
1591 HILOGE("SetAccessControlId failed");
1592 return ret;
1593 }
1594 ret = this->SetAccesserId(accessControlProfile);
1595 if (ret != DP_SUCCESS) {
1596 HILOGE("SetAccesserId failed");
1597 return ret;
1598 }
1599 ret = this->SetAccesseeId(accessControlProfile);
1600 if (ret != DP_SUCCESS) {
1601 HILOGE("SetAccesseeId failed");
1602 return ret;
1603 }
1604 Accesser accesser(accessControlProfile.GetAccesser());
1605 accesser.SetAccesserId(accessControlProfile.GetAccesserId());
1606 accessControlProfile.SetAccesser(accesser);
1607 Accessee accessee(accessControlProfile.GetAccessee());
1608 accessee.SetAccesseeId(accessControlProfile.GetAccesseeId());
1609 accessControlProfile.SetAccessee(accessee);
1610 return DP_SUCCESS;
1611 }
1612
GetAccessControlProfiles(std::shared_ptr<ResultSet> resultSet,int64_t accesserId,int64_t accesseeId,int32_t userId,const std::string & bundleName,std::vector<AccessControlProfile> & profile)1613 int32_t TrustProfileManager::GetAccessControlProfiles(std::shared_ptr<ResultSet> resultSet,
1614 int64_t accesserId, int64_t accesseeId, int32_t userId, const std::string& bundleName,
1615 std::vector<AccessControlProfile>& profile)
1616 {
1617 std::shared_ptr<ResultSet> accesserResultSet =
1618 GetResultSet(SELECT_ACCESSER_TABLE_WHERE_ACCESSERID_AND_ACCESSERUSERID_ACCESSERBUNDLENAME,
1619 std::vector<ValueObject>{ ValueObject(accesserId), ValueObject(userId), ValueObject(bundleName) });
1620 if (accesserResultSet == nullptr) {
1621 HILOGE("accesserResultSet is nullptr");
1622 return DP_GET_RESULTSET_FAIL;
1623 }
1624 int32_t rowCount = ROWCOUNT_INIT;
1625 accesserResultSet->GetRowCount(rowCount);
1626 if (rowCount != 0) {
1627 std::shared_ptr<ResultSet> accesseeResultSet = GetResultSet(SELECT_ACCESSEE_TABLE_WHERE_ACCESSEEID,
1628 std::vector<ValueObject>{ ValueObject(accesseeId) });
1629 if (accesseeResultSet == nullptr) {
1630 HILOGE("accesseeResultSet is nullptr");
1631 return DP_GET_RESULTSET_FAIL;
1632 }
1633 ProfileUtils::ConvertToAccessControlProfiles(resultSet, accesserResultSet, accesseeResultSet, profile);
1634 accesserResultSet->Close();
1635 accesseeResultSet->Close();
1636 return DP_SUCCESS;
1637 }
1638 accesserResultSet->Close();
1639
1640 std::shared_ptr<ResultSet> accesseeResultSet =
1641 GetResultSet(SELECT_ACCESSEE_TABLE_WHERE_ACCESSEEID_AND_ACCESSEEUSEEID_ACCESSEEBUNDLENAME,
1642 std::vector<ValueObject>{ ValueObject(accesseeId), ValueObject(userId), ValueObject(bundleName) });
1643 if (accesseeResultSet == nullptr) {
1644 HILOGE("accesseeResultSet is nullptr");
1645 return DP_GET_RESULTSET_FAIL;
1646 }
1647 accesseeResultSet->GetRowCount(rowCount);
1648 if (rowCount != 0) {
1649 accesserResultSet = GetResultSet(SELECT_ACCESSER_TABLE_WHERE_ACCESSERID,
1650 std::vector<ValueObject>{ ValueObject(accesserId) });
1651 if (accesserResultSet == nullptr) {
1652 HILOGE("accesserResultSet is nullptr");
1653 return DP_GET_RESULTSET_FAIL;
1654 }
1655 ProfileUtils::ConvertToAccessControlProfiles(resultSet, accesserResultSet, accesseeResultSet, profile);
1656 accesserResultSet->Close();
1657 }
1658 accesseeResultSet->Close();
1659 return DP_SUCCESS;
1660 }
1661
GetAccessControlProfiles(std::shared_ptr<ResultSet> resultSet,int64_t accesserId,int64_t accesseeId,int32_t userId,std::vector<AccessControlProfile> & profile)1662 int32_t TrustProfileManager::GetAccessControlProfiles(std::shared_ptr<ResultSet> resultSet, int64_t accesserId,
1663 int64_t accesseeId, int32_t userId, std::vector<AccessControlProfile>& profile)
1664 {
1665 std::shared_ptr<ResultSet> accesserResultSet =
1666 GetResultSet(SELECT_ACCESSER_TABLE_WHERE_ACCESSERID_AND_ACCESSERUSERID,
1667 std::vector<ValueObject>{ ValueObject(accesserId), ValueObject(userId) });
1668 if (accesserResultSet == nullptr) {
1669 HILOGE("accesserResultSet is nullptr");
1670 return DP_GET_RESULTSET_FAIL;
1671 }
1672 int32_t rowCount = ROWCOUNT_INIT;
1673 accesserResultSet->GetRowCount(rowCount);
1674 if (rowCount != 0) {
1675 std::shared_ptr<ResultSet> accesseeResultSet = GetResultSet(SELECT_ACCESSEE_TABLE_WHERE_ACCESSEEID,
1676 std::vector<ValueObject>{ ValueObject(accesseeId) });
1677 if (accesseeResultSet == nullptr) {
1678 HILOGE("accesseeResultSet is nullptr");
1679 return DP_GET_RESULTSET_FAIL;
1680 }
1681 ProfileUtils::ConvertToAccessControlProfiles(resultSet, accesserResultSet, accesseeResultSet, profile);
1682 accesserResultSet->Close();
1683 accesseeResultSet->Close();
1684 return DP_SUCCESS;
1685 }
1686 accesserResultSet->Close();
1687
1688 std::shared_ptr<ResultSet> accesseeResultSet =
1689 GetResultSet(SELECT_ACCESSEE_TABLE_WHERE_ACCESSEEID_AND_ACCESSEEUSERID,
1690 std::vector<ValueObject>{ ValueObject(accesseeId), ValueObject(userId) });
1691 if (accesseeResultSet == nullptr) {
1692 HILOGE("accesseeResultSet is nullptr");
1693 return DP_GET_RESULTSET_FAIL;
1694 }
1695 accesseeResultSet->GetRowCount(rowCount);
1696 if (rowCount != 0) {
1697 accesserResultSet = GetResultSet(SELECT_ACCESSER_TABLE_WHERE_ACCESSERID,
1698 std::vector<ValueObject>{ ValueObject(accesserId) });
1699 if (accesserResultSet == nullptr) {
1700 HILOGE("accesserResultSet is nullptr");
1701 return DP_GET_RESULTSET_FAIL;
1702 }
1703 ProfileUtils::ConvertToAccessControlProfiles(resultSet, accesserResultSet, accesseeResultSet, profile);
1704 accesserResultSet->Close();
1705 }
1706 accesseeResultSet->Close();
1707 return DP_SUCCESS;
1708 }
1709
GetAccessControlProfiles(std::shared_ptr<ResultSet> resultSet,int64_t accesserId,int64_t accesseeId,const std::string & bundleName,std::vector<AccessControlProfile> & profile)1710 int32_t TrustProfileManager::GetAccessControlProfiles(std::shared_ptr<ResultSet> resultSet, int64_t accesserId,
1711 int64_t accesseeId, const std::string& bundleName, std::vector<AccessControlProfile>& profile)
1712 {
1713 std::shared_ptr<ResultSet> accesserResultSet =
1714 GetResultSet(SELECT_ACCESSER_TABLE_WHERE_ACCESSERID_AND_ACCESSERBUNDLENAME,
1715 std::vector<ValueObject>{ ValueObject(accesserId), ValueObject(bundleName) });
1716 if (accesserResultSet == nullptr) {
1717 HILOGE("accesserResultSet is nullptr");
1718 return DP_GET_RESULTSET_FAIL;
1719 }
1720 int32_t rowCount = ROWCOUNT_INIT;
1721 accesserResultSet->GetRowCount(rowCount);
1722 if (rowCount != 0) {
1723 std::shared_ptr<ResultSet> accesseeResultSet = GetResultSet(SELECT_ACCESSEE_TABLE_WHERE_ACCESSEEID,
1724 std::vector<ValueObject>{ ValueObject(accesseeId) });
1725 if (accesseeResultSet == nullptr) {
1726 HILOGE("accesseeResultSet is nullptr");
1727 return DP_GET_RESULTSET_FAIL;
1728 }
1729 ProfileUtils::ConvertToAccessControlProfiles(resultSet, accesserResultSet, accesseeResultSet, profile);
1730 accesserResultSet->Close();
1731 accesseeResultSet->Close();
1732 return DP_SUCCESS;
1733 }
1734 accesserResultSet->Close();
1735
1736 std::shared_ptr<ResultSet> accesseeResultSet =
1737 GetResultSet(SELECT_ACCESSEE_TABLE_WHERE_ACCESSEEID_AND_ACCESSEEBUNDLENAME,
1738 std::vector<ValueObject>{ ValueObject(accesseeId), ValueObject(bundleName) });
1739 if (accesseeResultSet == nullptr) {
1740 HILOGE("accesseeResultSet is nullptr");
1741 return DP_GET_RESULTSET_FAIL;
1742 }
1743 accesseeResultSet->GetRowCount(rowCount);
1744 if (rowCount != 0) {
1745 accesserResultSet = GetResultSet(SELECT_ACCESSER_TABLE_WHERE_ACCESSERID,
1746 std::vector<ValueObject>{ ValueObject(accesserId) });
1747 if (accesserResultSet == nullptr) {
1748 HILOGE("accesserResultSet is nullptr");
1749 return DP_GET_RESULTSET_FAIL;
1750 }
1751 ProfileUtils::ConvertToAccessControlProfiles(resultSet, accesserResultSet, accesseeResultSet, profile);
1752 accesserResultSet->Close();
1753 }
1754 accesseeResultSet->Close();
1755 return DP_SUCCESS;
1756 }
1757
GetAccessControlProfilesByTokenId(std::shared_ptr<ResultSet> resultSet,int64_t accesserId,int64_t accesseeId,const std::string & trustDeviceId,int64_t tokenId,std::vector<AccessControlProfile> & profile)1758 int32_t TrustProfileManager::GetAccessControlProfilesByTokenId(std::shared_ptr<ResultSet> resultSet,
1759 int64_t accesserId, int64_t accesseeId, const std::string& trustDeviceId,
1760 int64_t tokenId, std::vector<AccessControlProfile> &profile)
1761 {
1762 std::shared_ptr<ResultSet> accesserResultSet =
1763 GetResultSet(SELECT_ACCESSER_TABLE_WHERE_ACCESSERID_AND_ACCESSERDEVICEID,
1764 std::vector<ValueObject>{ ValueObject(accesserId), ValueObject(trustDeviceId) });
1765 if (accesserResultSet == nullptr) {
1766 HILOGE("accesserResultSet is nullptr");
1767 return DP_GET_RESULTSET_FAIL;
1768 }
1769 int32_t rowCount = ROWCOUNT_INIT;
1770 accesserResultSet->GetRowCount(rowCount);
1771 if (rowCount != 0) {
1772 std::shared_ptr<ResultSet> accesseeResultSet =
1773 GetResultSet(SELECT_ACCESSEE_TABLE_WHERE_ACCESSEEID_AND_ACCESSEETOKENID,
1774 std::vector<ValueObject>{ ValueObject(accesseeId), ValueObject(tokenId) });
1775 if (accesseeResultSet == nullptr) {
1776 HILOGE("accesseeResultSet is nullptr");
1777 return DP_GET_RESULTSET_FAIL;
1778 }
1779 ProfileUtils::ConvertToAccessControlProfiles(resultSet, accesserResultSet, accesseeResultSet, profile);
1780 accesserResultSet->Close();
1781 accesseeResultSet->Close();
1782 return DP_SUCCESS;
1783 }
1784 accesserResultSet->Close();
1785
1786 std::shared_ptr<ResultSet> accesseeResultSet =
1787 GetResultSet(SELECT_ACCESSEE_TABLE_WHERE_ACCESSEEID_AND_ACCESSEEDEVICEID,
1788 std::vector<ValueObject>{ ValueObject(accesseeId), ValueObject(trustDeviceId) });
1789 if (accesseeResultSet == nullptr) {
1790 HILOGE("accesseeResultSet is nullptr");
1791 return DP_GET_RESULTSET_FAIL;
1792 }
1793 accesseeResultSet->GetRowCount(rowCount);
1794 if (rowCount != 0) {
1795 accesserResultSet = GetResultSet(SELECT_ACCESSER_TABLE_WHERE_ACCESSERID_AND_ACCESSERTOKENID,
1796 std::vector<ValueObject>{ ValueObject(accesserId), ValueObject(tokenId) });
1797 if (accesserResultSet == nullptr) {
1798 HILOGE("accesserResultSet is nullptr");
1799 return DP_GET_RESULTSET_FAIL;
1800 }
1801 ProfileUtils::ConvertToAccessControlProfiles(resultSet, accesserResultSet, accesseeResultSet, profile);
1802 accesserResultSet->Close();
1803 }
1804 accesseeResultSet->Close();
1805 return DP_SUCCESS;
1806 }
1807
DeleteAccesserCheck(int64_t accesserId,Accesser & accesser)1808 int32_t TrustProfileManager::DeleteAccesserCheck(int64_t accesserId, Accesser& accesser)
1809 {
1810 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_ACCESS_CONTROL_TABLE_WHERE_ACCESSERID,
1811 std::vector<ValueObject>{ ValueObject(accesserId) });
1812 if (resultSet == nullptr) {
1813 HILOGE("resultSet is nullptr");
1814 return DP_GET_RESULTSET_FAIL;
1815 }
1816 int32_t rowCount = ROWCOUNT_INIT;
1817 resultSet->GetRowCount(rowCount);
1818 resultSet->Close();
1819 resultSet = GetResultSet(SELECT_ACCESSER_TABLE_WHERE_ACCESSERID,
1820 std::vector<ValueObject>{ ValueObject(accesserId) });
1821 if (resultSet == nullptr) {
1822 HILOGE("resultSet is nullptr");
1823 return DP_GET_RESULTSET_FAIL;
1824 }
1825 resultSet->GoToNextRow();
1826 ProfileUtils::ConvertToAccesser(resultSet, accesser);
1827 resultSet->Close();
1828 if (rowCount == DELETE_ACCESSER_CONDITION) {
1829 std::lock_guard<std::mutex> lock(rdbMutex_);
1830 if (rdbStore_ == nullptr) {
1831 HILOGE("rdbStore_ is nullptr");
1832 return DP_GET_RDBSTORE_FAIL;
1833 }
1834 int32_t deleteRows = DELETEROWS_INIT;
1835 int32_t ret = rdbStore_->Delete(deleteRows, ACCESSER_TABLE, ACCESSERID_EQUAL_CONDITION,
1836 std::vector<ValueObject>{ ValueObject(accesserId) });
1837 if (ret != DP_SUCCESS) {
1838 HILOGE("delete accesser_table accesserId failed");
1839 return DP_DELETE_ACCESSER_PROFILE_FAIL;
1840 }
1841 HILOGI("DeleteAccesser : %{public}s", accesser.dump().c_str());
1842 }
1843 return DP_SUCCESS;
1844 }
1845
UpdateAclCheck(const AccessControlProfile & profile,AccessControlProfile & oldProfile)1846 int32_t TrustProfileManager::UpdateAclCheck(const AccessControlProfile& profile, AccessControlProfile& oldProfile)
1847 {
1848 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_ACCESS_CONTROL_TABLE_WHERE_ACCESSCONTROLID,
1849 std::vector<ValueObject>{ ValueObject(profile.GetAccessControlId()) });
1850 if (resultSet == nullptr) {
1851 HILOGE("resultSet is nullptr");
1852 return DP_GET_RESULTSET_FAIL;
1853 }
1854 int32_t rowCount = ROWCOUNT_INIT;
1855 resultSet->GetRowCount(rowCount);
1856 if (rowCount == 0) {
1857 HILOGE("accessControlId not find");
1858 resultSet->Close();
1859 return DP_NOT_FIND_DATA;
1860 }
1861 resultSet->GoToNextRow();
1862 ProfileUtils::ConvertToAccessControlProfile(resultSet, oldProfile);
1863 resultSet->Close();
1864 if (oldProfile.GetAccesseeId() != profile.GetAccessee().GetAccesseeId() ||
1865 oldProfile.GetAccesserId() != profile.GetAccesser().GetAccesserId() ||
1866 oldProfile.GetAccesserId() != profile.GetAccesserId() ||
1867 oldProfile.GetAccesseeId() != profile.GetAccesseeId()) {
1868 HILOGE("UpdateAclCheck:Can't Update not allowed attribute");
1869 return DP_UPDATE_ACL_NOT_ALLOW;
1870 }
1871 return DP_SUCCESS;
1872 }
1873
PutAclCheck(const AccessControlProfile & profile,bool peerDevInfoExists)1874 int32_t TrustProfileManager::PutAclCheck(const AccessControlProfile& profile, bool peerDevInfoExists)
1875 {
1876 TrustDeviceProfile trustProfile;
1877 ProfileUtils::ConvertToTrustDeviceProfile(profile, trustProfile);
1878 if (!peerDevInfoExists) {
1879 int32_t ret = SubscribeProfileManager::GetInstance().NotifyTrustDeviceProfileAdd(trustProfile);
1880 if (ret != DP_SUCCESS) {
1881 HILOGE("NotifyTrustDeviceProfileAdd failed");
1882 return DP_NOTIFY_TRUST_DEVICE_FAIL;
1883 }
1884 }
1885 std::string trustDeviceId = profile.GetTrustDeviceId();
1886 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_TRUST_DEVICE_TABLE_WHERE_DEVICEID,
1887 std::vector<ValueObject>{ ValueObject(trustDeviceId) });
1888 if (resultSet == nullptr) {
1889 HILOGE("resultSet is nullptr");
1890 return DP_GET_RESULTSET_FAIL;
1891 }
1892 int32_t rowCount = ROWCOUNT_INIT;
1893 resultSet->GetRowCount(rowCount);
1894 resultSet->Close();
1895 if (rowCount == 0) {
1896 this->PutTrustDeviceProfile(trustProfile);
1897 return DP_SUCCESS;
1898 }
1899 int32_t status = STATUS_INIT;
1900 if (this->GetResultStatus(trustDeviceId, status) != DP_SUCCESS) {
1901 HILOGE("GetResultStatus failed");
1902 return DP_GET_RESULTSET_FAIL;
1903 }
1904 trustProfile.SetStatus(status);
1905 if (this->UpdateTrustDeviceProfile(trustProfile) != DP_SUCCESS) {
1906 HILOGE("UpdateTrustDeviceProfile failed");
1907 return DP_UPDATE_TRUST_DEVICE_PROFILE_FAIL;
1908 }
1909 return DP_SUCCESS;
1910 }
1911
IsAclExists(const AccessControlProfile & profile)1912 int32_t TrustProfileManager::IsAclExists(const AccessControlProfile &profile)
1913 {
1914 std::shared_ptr<ResultSet> resultSet =
1915 GetResultSet(SELECT_ACCESS_CONTROL_TABLE_WHERE_ALL_EXCEPT_STATUS, std::vector<ValueObject>{
1916 ValueObject(profile.GetAccesserId()), ValueObject(profile.GetAccesseeId()),
1917 ValueObject(profile.GetTrustDeviceId()), ValueObject(profile.GetSessionKey()),
1918 ValueObject(static_cast<int32_t>(profile.GetBindType())),
1919 ValueObject(static_cast<int32_t>(profile.GetAuthenticationType())),
1920 ValueObject(static_cast<int32_t>(profile.GetDeviceIdType())),
1921 ValueObject(profile.GetDeviceIdHash()), ValueObject(profile.GetValidPeriod()),
1922 ValueObject(profile.GetLastAuthTime()), ValueObject(static_cast<int32_t>(profile.GetBindLevel()))});
1923 if (resultSet == nullptr) {
1924 HILOGE("resultSet is nullptr");
1925 return DP_GET_RESULTSET_FAIL;
1926 }
1927 int32_t rowCount = ROWCOUNT_INIT;
1928 resultSet->GetRowCount(rowCount);
1929 resultSet->Close();
1930 if (rowCount != 0) {
1931 HILOGI("accessControlProfile is exists");
1932 return DP_DATA_EXISTS;
1933 }
1934 return DP_SUCCESS;
1935 }
1936
CheckDeviceIdAndUserIdActive(const AccessControlProfile & profile,int32_t & resultCount)1937 int32_t TrustProfileManager::CheckDeviceIdAndUserIdActive(const AccessControlProfile& profile, int32_t& resultCount)
1938 {
1939 std::string peerDeviceId = profile.GetTrustDeviceId();
1940 std::string localDeviceId = profile.GetAccessee().GetAccesseeDeviceId();
1941 int32_t peerUserId = profile.GetAccesser().GetAccesserUserId();
1942 int32_t localUserId = profile.GetAccessee().GetAccesseeUserId();
1943 if (profile.GetAccessee().GetAccesseeDeviceId() == peerDeviceId) {
1944 peerUserId = profile.GetAccessee().GetAccesseeUserId();
1945 localUserId = profile.GetAccesser().GetAccesserUserId();
1946 localDeviceId = profile.GetAccesser().GetAccesserDeviceId();
1947 }
1948 std::shared_ptr<ResultSet> resultSet =
1949 GetResultSet(SELECT_ACCESS_CONTROL_TABLE_WHERE_TRUSTDEVICEID_AND_STATUS,
1950 std::vector<ValueObject>{ ValueObject(peerDeviceId), ValueObject(STATUS_ACTIVE) });
1951 if (resultSet == nullptr) {
1952 HILOGE("resultSet is nullptr");
1953 return DP_GET_RESULTSET_FAIL;
1954 }
1955 int32_t rowCount = ROWCOUNT_INIT;
1956 resultSet->GetRowCount(rowCount);
1957 if (rowCount == 0) {
1958 HILOGE("peerDeviceId : %{public}s not have acl status active",
1959 ProfileUtils::GetAnonyString(peerDeviceId).c_str());
1960 return DP_SUCCESS;
1961 }
1962 bool acerExists = false;
1963 bool aceeExists = false;
1964 while (resultSet->GoToNextRow() == DP_SUCCESS) {
1965 int32_t columnIndex = COLUMNINDEX_INIT;
1966 int64_t accesserId = ACCESSERID_INIT;
1967 resultSet->GetColumnIndex(ACCESSER_ID, columnIndex);
1968 resultSet->GetLong(columnIndex, accesserId);
1969 int64_t accesseeId = ACCESSEEID_INIT;
1970 resultSet->GetColumnIndex(ACCESSEE_ID, columnIndex);
1971 resultSet->GetLong(columnIndex, accesseeId);
1972 aceeExists = this->CheckUserIdExists(
1973 accesserId, accesseeId, localDeviceId, localUserId, peerDeviceId, peerUserId);
1974 acerExists = this->CheckUserIdExists(
1975 accesserId, accesseeId, peerDeviceId, peerUserId, localDeviceId, localUserId);
1976 if (acerExists || aceeExists) {
1977 resultCount++;
1978 HILOGE("localUserId and peerUserId have acl status is active");
1979 }
1980 }
1981 return DP_SUCCESS;
1982 }
1983
CheckDeviceIdAndUserIdExists(const AccessControlProfile & profile,bool & isExists)1984 int32_t TrustProfileManager::CheckDeviceIdAndUserIdExists(const AccessControlProfile& profile, bool& isExists)
1985 {
1986 std::string peerDeviceId = profile.GetTrustDeviceId();
1987 std::string localDeviceId = profile.GetAccessee().GetAccesseeDeviceId();
1988 int32_t peerUserId = profile.GetAccesser().GetAccesserUserId();
1989 int32_t localUserId = profile.GetAccessee().GetAccesseeUserId();
1990 if (profile.GetAccessee().GetAccesseeDeviceId() == peerDeviceId) {
1991 peerUserId = profile.GetAccessee().GetAccesseeUserId();
1992 localUserId = profile.GetAccesser().GetAccesserUserId();
1993 localDeviceId = profile.GetAccesser().GetAccesserDeviceId();
1994 }
1995 std::shared_ptr<ResultSet> resultSet =
1996 GetResultSet(SELECT_ACCESS_CONTROL_TABLE_WHERE_TRUSTDEVICEID,
1997 std::vector<ValueObject>{ ValueObject(peerDeviceId) });
1998 if (resultSet == nullptr) {
1999 HILOGE("resultSet is nullptr");
2000 return DP_GET_RESULTSET_FAIL;
2001 }
2002 int32_t rowCount = ROWCOUNT_INIT;
2003 resultSet->GetRowCount(rowCount);
2004 if (rowCount == 0) {
2005 HILOGE("peerDeviceId : %{public}s not have acl",
2006 ProfileUtils::GetAnonyString(peerDeviceId).c_str());
2007 return DP_SUCCESS;
2008 }
2009 bool acerExists = false;
2010 bool aceeExists = false;
2011 while (resultSet->GoToNextRow() == DP_SUCCESS) {
2012 int32_t columnIndex = COLUMNINDEX_INIT;
2013 int64_t accesserId = ACCESSERID_INIT;
2014 resultSet->GetColumnIndex(ACCESSER_ID, columnIndex);
2015 resultSet->GetLong(columnIndex, accesserId);
2016 int64_t accesseeId = ACCESSEEID_INIT;
2017 resultSet->GetColumnIndex(ACCESSEE_ID, columnIndex);
2018 resultSet->GetLong(columnIndex, accesseeId);
2019 aceeExists = this->CheckUserIdExists(
2020 accesserId, accesseeId, localDeviceId, localUserId, peerDeviceId, peerUserId);
2021 acerExists = this->CheckUserIdExists(
2022 accesserId, accesseeId, peerDeviceId, peerUserId, localDeviceId, localUserId);
2023 if (acerExists || aceeExists) {
2024 isExists = true;
2025 resultSet->Close();
2026 HILOGE("localUserId and peerUserId have acl status is active");
2027 return DP_SUCCESS;
2028 }
2029 }
2030 resultSet->Close();
2031 return DP_SUCCESS;
2032 }
2033
NotifyCheck(const AccessControlProfile & profile,const AccessControlProfile & oldProfile)2034 int32_t TrustProfileManager::NotifyCheck(const AccessControlProfile& profile, const AccessControlProfile& oldProfile)
2035 {
2036 int32_t resultCount = 0;
2037 int32_t ret = CheckDeviceIdAndUserIdActive(profile, resultCount);
2038 if (ret != DP_SUCCESS) {
2039 HILOGE("CheckDeviceIdAndUserIdActive failed");
2040 return DP_NOTIFY_TRUST_DEVICE_FAIL;
2041 }
2042 HILOGI("resultCount : %{public}d", resultCount);
2043 TrustDeviceProfile trustProfile;
2044 ProfileUtils::ConvertToTrustDeviceProfile(profile, trustProfile);
2045 if (resultCount == 1 && profile.GetStatus() == STATUS_ACTIVE && oldProfile.GetStatus() == STATUS_INACTIVE) {
2046 ret = SubscribeProfileManager::GetInstance().NotifyTrustDeviceProfileActive(trustProfile);
2047 if (ret != DP_SUCCESS) {
2048 HILOGE("NotifyTrustDeviceProfileActive failed");
2049 return DP_NOTIFY_TRUST_DEVICE_FAIL;
2050 }
2051 }
2052 if (resultCount == 0 && profile.GetStatus() == STATUS_INACTIVE && oldProfile.GetStatus() == STATUS_ACTIVE) {
2053 int32_t ret = SubscribeProfileManager::GetInstance().NotifyTrustDeviceProfileInactive(trustProfile);
2054 if (ret != DP_SUCCESS) {
2055 HILOGE("NotifyTrustDeviceProfileInactive failed");
2056 return DP_NOTIFY_TRUST_DEVICE_FAIL;
2057 }
2058 }
2059 return DP_SUCCESS;
2060 }
2061
DeleteAccesseeCheck(int64_t accesseeId,Accessee & accessee)2062 int32_t TrustProfileManager::DeleteAccesseeCheck(int64_t accesseeId, Accessee& accessee)
2063 {
2064 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_ACCESS_CONTROL_TABLE_WHERE_ACCESSEEID,
2065 std::vector<ValueObject>{ ValueObject(accesseeId) });
2066 if (resultSet == nullptr) {
2067 HILOGE("resultSet is nullptr");
2068 return DP_GET_RESULTSET_FAIL;
2069 }
2070 int32_t rowCount = ROWCOUNT_INIT;
2071 resultSet->GetRowCount(rowCount);
2072 resultSet->Close();
2073 resultSet = GetResultSet(SELECT_ACCESSEE_TABLE_WHERE_ACCESSEEID,
2074 std::vector<ValueObject>{ ValueObject(accesseeId) });
2075 if (resultSet == nullptr) {
2076 HILOGE("resultSet is nullptr");
2077 return DP_GET_RESULTSET_FAIL;
2078 }
2079 resultSet->GoToNextRow();
2080 ProfileUtils::ConvertToAccessee(resultSet, accessee);
2081 resultSet->Close();
2082 if (rowCount == DELETE_ACCESSEE_CONDITION) {
2083 std::lock_guard<std::mutex> lock(rdbMutex_);
2084 if (rdbStore_ == nullptr) {
2085 HILOGE("rdbStore_ is nullptr");
2086 return DP_GET_RDBSTORE_FAIL;
2087 }
2088 int32_t deleteRows = DELETEROWS_INIT;
2089 int32_t ret = rdbStore_->Delete(deleteRows, ACCESSEE_TABLE, ACCESSEEID_EQUAL_CONDITION,
2090 std::vector<ValueObject> {ValueObject(accesseeId)});
2091 if (ret != DP_SUCCESS) {
2092 HILOGE("delete accessee_table accesseeId failed");
2093 return DP_DELETE_ACCESSEE_PROFILE_FAIL;
2094 }
2095 HILOGI("DeleteAccessee : %{public}s", accessee.dump().c_str());
2096 }
2097 return DP_SUCCESS;
2098 }
2099
DeleteTrustDeviceCheck(const AccessControlProfile & profile)2100 int32_t TrustProfileManager::DeleteTrustDeviceCheck(const AccessControlProfile& profile)
2101 {
2102 TrustDeviceProfile trustProfile;
2103 ProfileUtils::ConvertToTrustDeviceProfile(profile, trustProfile);
2104 bool isExists = false;
2105 CheckDeviceIdAndUserIdExists(profile, isExists);
2106 if (!isExists) {
2107 int32_t ret = SubscribeProfileManager::GetInstance().NotifyTrustDeviceProfileDelete(trustProfile);
2108 if (ret != DP_SUCCESS) {
2109 HILOGE("NotifyTrustDeviceProfileDelete failed");
2110 return DP_NOTIFY_TRUST_DEVICE_FAIL;
2111 }
2112 }
2113 std::shared_ptr<ResultSet> resultSet = GetResultSet(SELECT_ACCESS_CONTROL_TABLE_WHERE_TRUSTDEVICEID,
2114 std::vector<ValueObject>{ ValueObject(profile.GetTrustDeviceId()) });
2115 if (resultSet == nullptr) {
2116 HILOGE("resultSet is nullptr");
2117 return DP_GET_RESULTSET_FAIL;
2118 }
2119 int32_t rowCount = ROWCOUNT_INIT;
2120 resultSet->GetRowCount(rowCount);
2121 resultSet->Close();
2122 int32_t ret = RET_INIT;
2123 if (rowCount == DELETE_TRUST_CONDITION) {
2124 ret = this->DeleteTrustDeviceProfile(profile.GetTrustDeviceId());
2125 if (ret != DP_SUCCESS) {
2126 HILOGE("DeleteTrustDeviceProfile failed");
2127 return DP_DELETE_TRUST_DEVICE_PROFILE_FAIL;
2128 }
2129 } else {
2130 int32_t status = STATUS_INIT;
2131 this->GetResultStatus(profile.GetTrustDeviceId(), status);
2132 TrustDeviceProfile trustDeviceProfile(trustProfile);
2133 trustDeviceProfile.SetStatus(status);
2134 ret = this->UpdateTrustDeviceProfile(trustDeviceProfile);
2135 if (ret != DP_SUCCESS) {
2136 HILOGE("UpdateTrustDeviceProfile failed");
2137 return DP_UPDATE_TRUST_DEVICE_PROFILE_FAIL;
2138 }
2139 }
2140 return DP_SUCCESS;
2141 }
2142
CheckUserIdExists(int64_t accesserId,int64_t accesseeId,const std::string & peerDeviceId,int32_t peerUserId,const std::string & localDeviceId,int32_t localUserId)2143 bool TrustProfileManager::CheckUserIdExists(int64_t accesserId, int64_t accesseeId,
2144 const std::string& peerDeviceId, int32_t peerUserId, const std::string& localDeviceId, int32_t localUserId)
2145 {
2146 std::shared_ptr<ResultSet> accesserResultSet =
2147 GetResultSet(SELECT_ACCESSER_TABLE_WHERE_ACCESSERID_AND_DEVICEID_AND_USERID,
2148 std::vector<ValueObject>{ ValueObject(accesserId), ValueObject(peerDeviceId), ValueObject(peerUserId) });
2149 if (accesserResultSet == nullptr) {
2150 HILOGE("accesserResultSet is nullptr");
2151 return false;
2152 }
2153 int32_t acerRowCount = ROWCOUNT_INIT;
2154 accesserResultSet->GetRowCount(acerRowCount);
2155 accesserResultSet->Close();
2156 if (acerRowCount > 0) {
2157 std::shared_ptr<ResultSet> accesseeResultSet =
2158 GetResultSet(SELECT_ACCESSEE_TABLE_WHERE_ACCESSEEID_AND_DEVICEID_AND_USERID,
2159 std::vector<ValueObject>{ ValueObject(accesseeId),
2160 ValueObject(localDeviceId), ValueObject(localUserId) });
2161 if (accesseeResultSet == nullptr) {
2162 HILOGE("accesseeResultSet is nullptr");
2163 return false;
2164 }
2165 int32_t aceeRowCount = ROWCOUNT_INIT;
2166 accesseeResultSet->GetRowCount(aceeRowCount);
2167 accesseeResultSet->Close();
2168 if (aceeRowCount > 0) {
2169 HILOGE("localUserId and peerUserId status : 1");
2170 return true;
2171 }
2172 }
2173 return false;
2174 }
2175 } // namespace DistributedDeviceProfile
2176 } // namespace OHOS