1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dlp_feature_info.h"
17
18 #include "account_adapt.h"
19 #include "alg_common_type.h"
20 #include "alg_manager.h"
21 #include "alg_utils.h"
22 #include "dlp_common_func.h"
23 #include "dlp_permission.h"
24 #include "dlp_permission_log.h"
25 #include "securec.h"
26
27 namespace OHOS {
28 namespace Security {
29 namespace DlpPermission {
30 namespace {
31 constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { LOG_CORE, SECURITY_DOMAIN_DLP_PERMISSION, "DlpFeatureInfo" };
32 static const char *DLP_FEATURE_INFO_FILE_KEY_ALIAS = "DLP_FEATURE_INFO_FILE_KEY_ALIAS";
33 static const std::string MDM_ENABLE_VALUE = "status";
34 static const uint32_t ENABLE_VALUE_FALSE = 0;
35 static const uint32_t ENABLE_VALUE_TRUE = 1;
36 static const char *FEATURE_INFO_DATA_FILE_PATH = "/data/service/el1/public/dlp_permission_service/dlp_feature_info.txt";
37 }
DlpFeatureInfo()38 DlpFeatureInfo::DlpFeatureInfo() {}
39
~DlpFeatureInfo()40 DlpFeatureInfo::~DlpFeatureInfo() {}
41
AssembleFeatureInfoPath(char ** filePath)42 static int32_t AssembleFeatureInfoPath(char** filePath)
43 {
44 uint32_t filePathSize = HcStrlen(FEATURE_INFO_DATA_FILE_PATH);
45 *filePath = (char*)HcMalloc(filePathSize + 1, 0);
46 if (*filePath == nullptr) {
47 DLP_LOG_ERROR(LABEL, "Allocate memory for feature info file path failed");
48 return DLP_SERVICE_ERROR_MEMORY_OPERATE_FAIL;
49 }
50 if (memcpy_s(*filePath, filePathSize + 1, FEATURE_INFO_DATA_FILE_PATH, filePathSize) != EOK) {
51 DLP_LOG_ERROR(LABEL, "memcpy_s error");
52 DLP_FREE_PTR(filePath);
53 return DLP_PARSE_ERROR_MEMORY_OPERATE_FAIL;
54 }
55 return DLP_OK;
56 }
57
SaveDlpFeatureInfoToFile(const unordered_json & dlpFeatureJson)58 int32_t DlpFeatureInfo::SaveDlpFeatureInfoToFile(const unordered_json& dlpFeatureJson)
59 {
60 auto result = dlpFeatureJson.find(MDM_ENABLE_VALUE);
61 if (result == dlpFeatureJson.end() || !result->is_number()) {
62 DLP_LOG_ERROR(LABEL, "status not found or not number type");
63 return DLP_SERVICE_ERROR_VALUE_INVALID;
64 }
65 uint32_t status = result->get<uint32_t>();
66 if (status != ENABLE_VALUE_FALSE && status != ENABLE_VALUE_TRUE) {
67 DLP_LOG_ERROR(LABEL, "status is neither 0 nor 1");
68 return DLP_SERVICE_ERROR_VALUE_INVALID;
69 }
70 int32_t userId;
71 if (!GetUserIdByForegroundAccount(&userId)) {
72 DLP_LOG_ERROR(LABEL, "get userID failed");
73 return DLP_SERVICE_ERROR_VALUE_INVALID;
74 }
75 BlobData keyAliasBlob = { HcStrlen(DLP_FEATURE_INFO_FILE_KEY_ALIAS), (uint8_t *)DLP_FEATURE_INFO_FILE_KEY_ALIAS };
76 HuksKeyInfo keyInfo = { .protectionLevel = PROTECT_LEVEL_DE, .osAccountId = userId, .keyAlias = keyAliasBlob };
77 int32_t res = DLP_SERVICE_ERROR_VALUE_INVALID;
78 if (!AlgIsKeyExist(&keyInfo)) {
79 res = AlgGenerateMacKey(&keyInfo);
80 if (res != DLP_OK) {
81 DLP_LOG_ERROR(LABEL, "Generate HMAC key failed!");
82 return DLP_SERVICE_ERROR_VALUE_INVALID;
83 }
84 }
85
86 char* filePath = nullptr;
87 res = AssembleFeatureInfoPath(&filePath);
88 if (res != DLP_OK) {
89 DLP_LOG_ERROR(LABEL, "Failed to assemble FeatureInfoPath! res is %{public}d", res);
90 return res;
91 }
92
93 std::string jsonString = dlpFeatureJson.dump();
94 BlobData fileDataBlob = { HcStrlen(jsonString.c_str()), (uint8_t *)jsonString.c_str() };
95 HMACSrcParams hmacSrcParams = { .osAccountId = keyInfo.osAccountId, .protectionLevel = PROTECT_LEVEL_DE,
96 .SrcDataBlob = &fileDataBlob };
97 res = WriteHMACAndBufToFile(&hmacSrcParams, DLP_FEATURE_INFO_FILE_KEY_ALIAS, filePath);
98 if (res != DLP_OK) {
99 DLP_LOG_ERROR(LABEL, "WriteHMACAndBufToFile failed");
100 DLP_FREE_PTR(filePath);
101 return res;
102 }
103
104 DLP_LOG_INFO(LABEL, "DlpFeatureInfo saved!");
105 DLP_FREE_PTR(filePath);
106 return res;
107 }
108
GetDlpFeatureInfoFromFile(const char * filePath,uint32_t & dlpFeature)109 int32_t DlpFeatureInfo::GetDlpFeatureInfoFromFile(const char *filePath, uint32_t& dlpFeature)
110 {
111 if (filePath == nullptr) {
112 DLP_LOG_ERROR(LABEL, "GetDlpFeatureInfoFromFile filePath Invalid input params");
113 return DLP_SERVICE_ERROR_VALUE_INVALID;
114 }
115 int32_t userId;
116 if (!GetUserIdByForegroundAccount(&userId)) {
117 DLP_LOG_ERROR(LABEL, "get userID failed");
118 return DLP_SERVICE_ERROR_VALUE_INVALID;
119 }
120 uint8_t *fileBuffer = nullptr;
121 uint32_t fileSize = 0;
122 int32_t ret = ReadBufFromFile(&fileBuffer, &fileSize, filePath);
123 if (ret != DLP_OK) {
124 DLP_LOG_ERROR(LABEL, "ReadBufFromFile fail, ret is %{public}d!", ret);
125 return ret;
126 }
127 uint8_t *featureInfoStrBuf = nullptr;
128 uint32_t featureInfoStrBufLen = 0;
129
130 BlobData fileBlob = { fileSize, (uint8_t *)fileBuffer };
131 HMACSrcParams hmacSrcParams = { .osAccountId = userId, .protectionLevel = PROTECT_LEVEL_DE,
132 .SrcDataBlob = &fileBlob };
133 ret = CompareHMACValue(&hmacSrcParams, &featureInfoStrBuf, &featureInfoStrBufLen, DLP_FEATURE_INFO_FILE_KEY_ALIAS);
134 DLP_FREE_PTR(fileBuffer);
135 if (ret != DLP_OK) {
136 DLP_LOG_ERROR(LABEL, "Compare feature info file HmacValue failed, ret is %{public}d!", ret);
137 return ret;
138 }
139 std::string jsonString(reinterpret_cast<const char *>(featureInfoStrBuf));
140 auto jsonObj = nlohmann::json::parse(jsonString, nullptr, false);
141 if (jsonObj.is_discarded() || (!jsonObj.is_object())) {
142 DLP_LOG_WARN(LABEL, "JsonObj is discarded");
143 DLP_FREE_PTR(featureInfoStrBuf);
144 return DLP_SERVICE_ERROR_JSON_OPERATE_FAIL;
145 }
146 auto result = jsonObj.find(MDM_ENABLE_VALUE);
147 if (result != jsonObj.end() && result->is_number()) {
148 dlpFeature = result->get<uint32_t>();
149 }
150 DLP_FREE_PTR(featureInfoStrBuf);
151 return DLP_OK;
152 }
153
154 } // namespace DlpPermission
155 } // namespace Security
156 } // namespace OHOS