1 /* 2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef INTERFACES_INNER_API_DLP_FILE_H 17 #define INTERFACES_INNER_API_DLP_FILE_H 18 19 #include <string> 20 #include "dlp_crypt.h" 21 #include "permission_policy.h" 22 23 namespace OHOS { 24 namespace Security { 25 namespace DlpPermission { 26 static constexpr uint64_t INVALID_FILE_SIZE = 0x0fffffffffffffff; 27 static constexpr uint32_t DLP_BUFF_LEN = 1024 * 1024; // 1M 28 static constexpr uint32_t IV_SIZE = 16; 29 static constexpr uint32_t DLP_FILE_MAGIC = 0x87f4922; 30 static constexpr uint32_t DLP_FUSE_MAX_BUFFLEN = (10 * 1024 * 1024); // 10M 31 static constexpr uint32_t DLP_BLOCK_SIZE = 16; 32 // dlp file only support 32bits size, apart from 10M max head size 33 static constexpr uint64_t DLP_MAX_CONTENT_SIZE = 0xffffffff - 0xA00000; 34 static constexpr uint64_t DLP_MAX_RAW_CONTENT_SIZE = 0xffffffff; 35 static constexpr uint32_t HOLE_BUFF_SIZE = 16 * 1024; 36 static constexpr uint32_t HOLE_BUFF_SMALL_SIZE = 1 * 1024; 37 static constexpr uint32_t MAX_HOLE_SIZE = 50 * 1024 * 1024; // 50M 38 static constexpr uint64_t DLP_MIN_HIAE_SIZE = 0xC0000000 - 0xA00000; 39 static constexpr uint32_t HIAE_BLOCK_SIZE = 4 * 1024; // 4k 40 41 struct DlpCipher { 42 struct DlpBlob encKey; 43 struct DlpCipherParam tagIv; 44 struct DlpUsageSpec usageSpec; 45 struct DlpBlob hmacKey; 46 }; 47 48 struct DlpHeader { 49 uint32_t magic; 50 uint32_t fileType; 51 uint32_t offlineAccess; 52 uint32_t algType; 53 uint32_t certSize; 54 uint32_t hmacSize; 55 uint32_t contactAccountOffset; 56 uint32_t contactAccountSize; 57 uint32_t offlineCertSize; 58 uint64_t txtOffset; 59 uint64_t txtSize; 60 uint64_t certOffset; 61 uint64_t hmacOffset; 62 uint64_t offlineCertOffset; 63 }; 64 65 enum VALID_KEY_SIZE { 66 DLP_KEY_LEN_128 = 16, 67 DLP_KEY_LEN_192 = 24, 68 DLP_KEY_LEN_256 = 32, 69 }; 70 71 #define CHECK_RET(ret, expect, retcode, TAG) \ 72 do { \ 73 if ((ret) != (expect)) { \ 74 DLP_LOG_ERROR(TAG, "check fail ret %{public}d, expect %{public}d, errno %{public}s", \ 75 ret, expect, strerror(errno)); \ 76 return retcode; \ 77 } \ 78 } while (0) \ 79 80 #define CHDIR_AND_CHECK(path, ret, TAG) \ 81 do { \ 82 if (chdir(path) != 0) { \ 83 DLP_LOG_ERROR(TAG, "chdir fail path %{public}s, errno %{public}s", \ 84 path, strerror(errno)); \ 85 return ret; \ 86 } \ 87 } while (0) \ 88 89 #define UNLINK_AND_CHECK(path, ret, TAG) \ 90 do { \ 91 if (unlink(path) != 0) { \ 92 DLP_LOG_ERROR(TAG, "unlink fail path %{public}s, errno %{public}s", \ 93 path, strerror(errno)); \ 94 return ret; \ 95 } \ 96 } while (0) \ 97 98 #define MKDIR_AND_CHECK(path, mode, ret, TAG) \ 99 do { \ 100 if (mkdir(path, mode) != 0) { \ 101 DLP_LOG_ERROR(TAG, "mkdir fail path %{public}s, errno %{public}s", \ 102 path, strerror(errno)); \ 103 return ret; \ 104 } \ 105 } while (0) \ 106 107 #define GETCWD_AND_CHECK(buf, size, ret, TAG) \ 108 do { \ 109 if (getcwd(buf, size) == nullptr) { \ 110 DLP_LOG_ERROR(TAG, "getcwd fail errno %{public}s", \ 111 strerror(errno)); \ 112 return ret; \ 113 } \ 114 } while (0) \ 115 116 #define LSEEK_AND_CHECK(fd, size, flag, ret, TAG) \ 117 do { \ 118 if (lseek(fd, size, flag) == -1) { \ 119 DLP_LOG_ERROR(TAG, "lseek failed, %{public}s", \ 120 strerror(errno)); \ 121 return ret; \ 122 } \ 123 } while (0) \ 124 125 #define OPEN_AND_CHECK(fd, path, flag, mode, ret, TAG) \ 126 do { \ 127 fd = open(path, flag, mode); \ 128 if ((fd) == -1) { \ 129 DLP_LOG_ERROR(TAG, "open failed, %{public}s", \ 130 strerror(errno)); \ 131 return ret; \ 132 } \ 133 } while (0) \ 134 135 #define FTRUNCATE_AND_CHECK(fd, size, ret, TAG) \ 136 do { \ 137 if (ftruncate(fd, size) == -1) { \ 138 DLP_LOG_ERROR(TAG, "ftruncate failed, %{public}s", \ 139 strerror(errno)); \ 140 return ret; \ 141 } \ 142 } while (0) \ 143 144 145 class DlpFile { 146 public: 147 DlpFile(int32_t dlpFd, const std::string &realType); 148 virtual ~DlpFile(); 149 150 int32_t SetCipher(const struct DlpBlob& key, const struct DlpUsageSpec& spec, const struct DlpBlob& hmacKey); 151 void GetEncryptCert(struct DlpBlob& cert) const; 152 void GetOfflineCert(struct DlpBlob& cert) const; 153 bool GetOfflineAccess(); 154 bool UpdateDlpFilePermission(); 155 bool NeedAdapter(); 156 int32_t SetPolicy(const PermissionPolicy& policy); 157 virtual int32_t UpdateCertAndText(const std::vector<uint8_t>& cert, struct DlpBlob certBlob) = 0; 158 virtual int32_t SetEncryptCert(const struct DlpBlob& cert) = 0; 159 virtual void SetOfflineAccess(bool flag) = 0; 160 virtual int32_t RemoveDlpPermission(int outPlainFileFd) = 0; 161 virtual int32_t DlpFileRead(uint64_t offset, void* buf, uint32_t size, bool& hasRead, int32_t uid) = 0; 162 virtual int32_t DlpFileWrite(uint64_t offset, void* buf, uint32_t size) = 0; 163 virtual uint64_t GetFsContentSize() const = 0; 164 virtual int32_t CheckDlpFile() = 0; 165 virtual int32_t HmacCheck() = 0; 166 virtual uint32_t GetOfflineCertSize(void) = 0; 167 virtual int32_t SetContactAccount(const std::string& contactAccount) = 0; 168 virtual int32_t Truncate(uint64_t size) = 0; 169 virtual int32_t UpdateDlpFileContentSize() = 0; 170 virtual int32_t GenFile(int32_t inPlainFileFd) = 0; 171 virtual int32_t ProcessDlpFile() = 0; 172 virtual int32_t DoDlpContentCryptyOperation(int32_t inFd, int32_t outFd, uint64_t inOffset, 173 uint64_t inFileLen, bool isEncrypt) = 0; 174 GetPolicy(PermissionPolicy & policy)175 void GetPolicy(PermissionPolicy& policy) const 176 { 177 policy.CopyPermissionPolicy(policy_); 178 }; 179 GetContactAccount(std::string & contactAccount)180 void GetContactAccount(std::string& contactAccount) const 181 { 182 contactAccount = contactAccount_; 183 }; 184 SetLinkStatus()185 void SetLinkStatus() 186 { 187 isFuseLink_ = true; 188 }; 189 RemoveLinkStatus()190 void RemoveLinkStatus() 191 { 192 isFuseLink_ = false; 193 }; 194 GetAuthPerm()195 DLPFileAccess GetAuthPerm() 196 { 197 return authPerm_; 198 }; 199 200 int32_t dlpFd_; 201 friend class DlpRawFile; 202 friend class DlpZipFile; 203 private: 204 virtual bool IsValidCipher(const struct DlpBlob& key, const struct DlpUsageSpec& spec, 205 const struct DlpBlob& hmacKey) const; 206 virtual int32_t CopyBlobParam(const struct DlpBlob& src, struct DlpBlob& dst) const; 207 virtual int32_t CleanBlobParam(struct DlpBlob& blob) const; 208 virtual int32_t PrepareBuff(struct DlpBlob& message1, struct DlpBlob& message2) const; 209 virtual int32_t GetLocalAccountName(std::string& account) const; 210 virtual int32_t GetDomainAccountName(std::string& account) const; 211 virtual int32_t DupUsageSpec(struct DlpUsageSpec& spec); 212 virtual int32_t DoDlpBlockCryptOperation(struct DlpBlob& message1, 213 struct DlpBlob& message2, uint64_t offset, bool isEncrypt); 214 virtual int32_t WriteFirstBlockData(uint64_t offset, void* buf, uint32_t size) = 0; 215 virtual int32_t FillHoleData(uint64_t holeStart, uint64_t holeSize); 216 virtual int32_t DoDlpFileWrite(uint64_t offset, void* buf, uint32_t size) = 0; 217 218 std::string realType_; 219 bool isFuseLink_; 220 DLPFileAccess authPerm_; 221 int32_t encDataFd_; 222 223 struct DlpBlob cert_; 224 struct DlpBlob offlineCert_; 225 struct DlpBlob hmac_; 226 struct DlpCipher cipher_; 227 // policy in certificate 228 PermissionPolicy policy_; 229 std::string contactAccount_; 230 uint32_t version_; 231 uint32_t offlineAccess_; 232 }; 233 } // namespace DlpPermission 234 } // namespace Security 235 } // namespace OHOS 236 #endif /* INTERFACES_INNER_API_DLP_FILE_H */ 237