1 /*
2 * Copyright (c) 2023-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <cstdio>
17
18 #include "deviceprofile_connector.h"
19 #include "crypto_mgr.h"
20 #include "dm_anonymous.h"
21 #include "dm_constants.h"
22 #include "dm_crypto.h"
23 #include "dm_log.h"
24 #include "multiple_user_connector.h"
25 #include "distributed_device_profile_client.h"
26 #include "system_ability_definition.h"
27 #include "ipc_skeleton.h"
28 #include "dm_jsonstr_handle.h"
29 #include "app_manager.h"
30
31 using namespace OHOS::DistributedDeviceProfile;
32
33 const uint32_t INVALIED_TYPE = 0;
34 const uint32_t APP_PEER_TO_PEER_TYPE = 1;
35 const uint32_t APP_ACROSS_ACCOUNT_TYPE = 2;
36 const uint32_t SERVICE_PEER_TO_PEER_TYPE = 3;
37 const uint32_t SERVICE_ACROSS_ACCOUNT_TYPE = 4;
38 const uint32_t SHARE_TYPE = 5;
39 const uint32_t DEVICE_PEER_TO_PEER_TYPE = 6;
40 const uint32_t DEVICE_ACROSS_ACCOUNT_TYPE = 7;
41 const uint32_t IDENTICAL_ACCOUNT_TYPE = 8;
42
43 const uint32_t DM_INVALIED_TYPE = 2048;
44 const uint32_t SERVICE = 2;
45 const uint32_t APP = 3;
46 const uint32_t USER = 1;
47 constexpr uint32_t MAX_SESSION_KEY_LENGTH = 512;
48
49 const char* TAG_PEER_BUNDLE_NAME = "peerBundleName";
50 const char* TAG_PEER_TOKENID = "peerTokenId";
51 const char* TAG_ACL = "accessControlTable";
52 const char* TAG_DMVERSION = "dmVersion";
53 const char* TAG_ACL_HASH_KEY_VERSION = "aclVersion";
54 const char* TAG_ACL_HASH_KEY_ACLHASHLIST = "aclHashList";
55
56 namespace OHOS {
57 namespace DistributedHardware {
58 namespace {
59 const int32_t DM_SUPPORT_ACL_AGING_VERSION_NUM = 1;
60 const std::string DM_VERSION_STR_5_1_0 = DM_VERSION_5_1_0;
61 const std::vector<std::string> DM_SUPPORT_ACL_AGING_VERSIONS = {DM_VERSION_STR_5_1_0};
62 constexpr uint32_t AUTH_EXT_WHITE_LIST_NUM = 1;
63 constexpr const static char* g_extWhiteList[AUTH_EXT_WHITE_LIST_NUM] = {
64 "CastEngineService",
65 };
66 }
67 DM_IMPLEMENT_SINGLE_INSTANCE(DeviceProfileConnector);
PrintProfile(const AccessControlProfile & profile)68 void PrintProfile(const AccessControlProfile &profile)
69 {
70 uint32_t bindType = profile.GetBindType();
71 uint32_t bindLevel = profile.GetBindLevel();
72
73 std::string acerDeviceId = profile.GetAccesser().GetAccesserDeviceId();
74 int32_t acerUserId = profile.GetAccesser().GetAccesserUserId();
75 std::string acerAccountId = profile.GetAccesser().GetAccesserAccountId();
76 std::string acerPkgName = profile.GetAccesser().GetAccesserBundleName();
77 std::string acerCredId = profile.GetAccesser().GetAccesserCredentialIdStr();
78 int32_t acerSkId = profile.GetAccesser().GetAccesserSessionKeyId();
79
80 std::string aceeDeviceId = profile.GetAccessee().GetAccesseeDeviceId();
81 int32_t aceeUserId = profile.GetAccessee().GetAccesseeUserId();
82 std::string aceeAccountId = profile.GetAccessee().GetAccesseeAccountId();
83 std::string aceePkgName = profile.GetAccessee().GetAccesseeBundleName();
84 std::string aceeCredId = profile.GetAccessee().GetAccesseeCredentialIdStr();
85 int32_t aceeSkId = profile.GetAccessee().GetAccesseeSessionKeyId();
86
87 LOGI("bindType %{public}d, bindLevel %{public}d, acerDeviceId %{public}s, acerUserId %{public}d,"
88 "acerAccountId %{public}s, acerPkgName %{public}s, acerCredId %{public}s,"
89 "acerSkId %{public}d, aceeDeviceId %{public}s, aceeUserId %{public}d, aceeAccountId %{public}s,"
90 "aceePkgName %{public}s, aceeCredId %{public}s, aceeSkId %{public}d.",
91 bindType, bindLevel, GetAnonyString(acerDeviceId).c_str(), acerUserId, GetAnonyString(acerAccountId).c_str(),
92 acerPkgName.c_str(), GetAnonyString(acerCredId).c_str(), acerSkId,
93 GetAnonyString(aceeDeviceId).c_str(), aceeUserId, GetAnonyString(aceeAccountId).c_str(),
94 aceePkgName.c_str(), GetAnonyString(aceeCredId).c_str(), aceeSkId);
95 }
96
GetLocalDeviceId()97 std::string GetLocalDeviceId()
98 {
99 char localDeviceId[DEVICE_UUID_LENGTH] = {0};
100 GetDevUdid(localDeviceId, DEVICE_UUID_LENGTH);
101 return std::string(localDeviceId);
102 }
103
GetVersionByExtra(std::string & extraInfo,std::string & dmVersion)104 DM_EXPORT int32_t DeviceProfileConnector::GetVersionByExtra(std::string &extraInfo, std::string &dmVersion)
105 {
106 JsonObject extraInfoJson(extraInfo);
107 if (extraInfoJson.IsDiscarded()) {
108 LOGE("GetVersionByExtra extraInfoJson error");
109 return ERR_DM_FAILED;
110 }
111 if (!extraInfoJson[TAG_DMVERSION].IsString()) {
112 LOGE("GetVersionByExtra PARAM_KEY_OS_VERSION error");
113 return ERR_DM_FAILED;
114 }
115 dmVersion = extraInfoJson[TAG_DMVERSION].Get<std::string>();
116 return DM_OK;
117 }
118
GetAllVerionAclMap(DistributedDeviceProfile::AccessControlProfile & acl,std::map<std::string,std::vector<std::string>> & aclMap,std::string dmVersion)119 DM_EXPORT void DeviceProfileConnector::GetAllVerionAclMap(DistributedDeviceProfile::AccessControlProfile &acl,
120 std::map<std::string, std::vector<std::string>> &aclMap, std::string dmVersion)
121 {
122 std::vector<std::string> needGenVersions = {};
123 // if not set version, send all support version acl hash
124 if (dmVersion.empty()) {
125 for (int32_t idx = 0; idx < DM_SUPPORT_ACL_AGING_VERSION_NUM; idx++) {
126 needGenVersions.push_back(DM_SUPPORT_ACL_AGING_VERSIONS[idx]);
127 }
128 } else if (std::find(DM_SUPPORT_ACL_AGING_VERSIONS.begin(), DM_SUPPORT_ACL_AGING_VERSIONS.end(), dmVersion) !=
129 DM_SUPPORT_ACL_AGING_VERSIONS.end()) {
130 needGenVersions.push_back(dmVersion);
131 } else {
132 LOGE("dmVersion invalid, %{public}s", dmVersion.c_str());
133 return;
134 }
135
136 for (auto const &version : needGenVersions) {
137 GenerateAclHash(acl, aclMap, version);
138 }
139 }
140
GenerateAclHash(DistributedDeviceProfile::AccessControlProfile & acl,std::map<std::string,std::vector<std::string>> & aclMap,const std::string & dmVersion)141 void DeviceProfileConnector::GenerateAclHash(DistributedDeviceProfile::AccessControlProfile &acl,
142 std::map<std::string, std::vector<std::string>> &aclMap, const std::string &dmVersion)
143 {
144 int32_t versionNum = 0;
145 if (!GetVersionNumber(dmVersion, versionNum)) {
146 LOGE("GetAllVerionAclMap GetVersionNumber error");
147 return;
148 }
149 std::string aclStr;
150 switch (versionNum) {
151 case DM_VERSION_INT_5_1_0:
152 aclStr = AccessToStr(acl);
153 break;
154 default:
155 LOGE("versionNum is invaild, ver: %{public}d", versionNum);
156 break;
157 }
158 if (aclStr.empty()) {
159 return;
160 }
161 auto iter = aclMap.find(dmVersion);
162 if (iter != aclMap.end()) {
163 aclMap[dmVersion].push_back(Crypto::Sha256(aclStr));
164 } else {
165 std::vector<std::string> aclStrVec;
166 aclStrVec.push_back(Crypto::Sha256(aclStr));
167 aclMap[dmVersion] = aclStrVec;
168 }
169 }
170
GetAclListHashStr(const DevUserInfo & localDevUserInfo,const DevUserInfo & remoteDevUserInfo,std::string & aclListHash,std::string dmVersion)171 DM_EXPORT int32_t DeviceProfileConnector::GetAclListHashStr(const DevUserInfo &localDevUserInfo,
172 const DevUserInfo &remoteDevUserInfo, std::string &aclListHash, std::string dmVersion)
173 {
174 std::map<std::string, std::vector<std::string>> aclMap;
175 std::vector<DistributedDeviceProfile::AccessControlProfile> profiles =
176 DeviceProfileConnector::GetInstance().GetAllAclIncludeLnnAcl();
177 for (auto &item : profiles) {
178 if (item.GetAccesser().GetAccesserDeviceId() == localDevUserInfo.deviceId &&
179 item.GetAccesser().GetAccesserUserId() == localDevUserInfo.userId &&
180 item.GetAccessee().GetAccesseeDeviceId() == remoteDevUserInfo.deviceId &&
181 item.GetAccessee().GetAccesseeUserId() == remoteDevUserInfo.userId) {
182 GetAllVerionAclMap(item, aclMap, dmVersion);
183 continue;
184 }
185 if (item.GetAccesser().GetAccesserDeviceId() == remoteDevUserInfo.deviceId &&
186 item.GetAccesser().GetAccesserUserId() == remoteDevUserInfo.userId &&
187 item.GetAccessee().GetAccesseeDeviceId() == localDevUserInfo.deviceId &&
188 item.GetAccessee().GetAccesseeUserId() == localDevUserInfo.userId) {
189 GetAllVerionAclMap(item, aclMap, dmVersion);
190 continue;
191 }
192 }
193 if (aclMap.empty()) {
194 LOGI("DeviceProfileConnector:: acl list is empty");
195 }
196 std::vector<AclHashItem> aclStrVec;
197 for (auto &item : aclMap) {
198 aclStrVec.push_back({item.first, item.second});
199 }
200 JsonObject allAclObj(JsonCreateType::JSON_CREATE_TYPE_ARRAY);
201 AclHashVecToJson(allAclObj, aclStrVec);
202 aclListHash = allAclObj.Dump();
203 return DM_OK;
204 }
205
AclHashItemToJson(JsonItemObject & itemObject,const AclHashItem & value)206 DM_EXPORT void DeviceProfileConnector::AclHashItemToJson(JsonItemObject &itemObject, const AclHashItem &value)
207 {
208 itemObject[TAG_ACL_HASH_KEY_VERSION] = value.version;
209 JsonObject hashList(JsonCreateType::JSON_CREATE_TYPE_ARRAY);
210 for (const auto &val : value.aclHashList) {
211 hashList.PushBack(val);
212 }
213 itemObject[TAG_ACL_HASH_KEY_ACLHASHLIST] = hashList.Dump();
214 }
215
AclHashVecToJson(JsonItemObject & itemObject,const std::vector<AclHashItem> & values)216 DM_EXPORT void DeviceProfileConnector::AclHashVecToJson(
217 JsonItemObject &itemObject, const std::vector<AclHashItem> &values)
218 {
219 for (const auto &val : values) {
220 JsonObject object;
221 AclHashItemToJson(object, val);
222 itemObject.PushBack(object.Dump());
223 }
224 }
225
AclHashItemFromJson(const JsonItemObject & itemObject,AclHashItem & value)226 DM_EXPORT void DeviceProfileConnector::AclHashItemFromJson(const JsonItemObject &itemObject, AclHashItem &value)
227 {
228 value.version = itemObject[TAG_ACL_HASH_KEY_VERSION].Get<std::string>();
229 std::string hashListStr = itemObject[TAG_ACL_HASH_KEY_ACLHASHLIST].Get<std::string>();
230 JsonObject hashList;
231 hashList.Parse(hashListStr);
232 for (auto const &item : hashList.Items()) {
233 value.aclHashList.push_back(item.Get<std::string>());
234 }
235 }
236
AclHashVecFromJson(const JsonItemObject & itemObject,std::vector<AclHashItem> & values)237 DM_EXPORT void DeviceProfileConnector::AclHashVecFromJson(const JsonItemObject &itemObject,
238 std::vector<AclHashItem> &values)
239 {
240 for (auto const &item : itemObject.Items()) {
241 JsonObject object;
242 AclHashItem aclItem;
243 object.Parse(item.Get<std::string>());
244 AclHashItemFromJson(object, aclItem);
245 values.push_back(aclItem);
246 }
247 }
248
ChecksumAcl(DistributedDeviceProfile::AccessControlProfile & acl,std::vector<std::string> & acLStrList)249 DM_EXPORT bool DeviceProfileConnector::ChecksumAcl(DistributedDeviceProfile::AccessControlProfile &acl,
250 std::vector<std::string> &acLStrList)
251 {
252 std::string aclStr = AccessToStr(acl);
253 auto aclIter = find(acLStrList.begin(), acLStrList.end(), Crypto::Sha256(aclStr));
254 return (aclIter != acLStrList.end());
255 }
256
AccessToStr(DistributedDeviceProfile::AccessControlProfile acl)257 DM_EXPORT std::string DeviceProfileConnector::AccessToStr(DistributedDeviceProfile::AccessControlProfile acl)
258 {
259 std::string aclStr = "";
260 DistributedDeviceProfile::Accesser accesser = acl.GetAccesser();
261 aclStr += accesser.GetAccesserDeviceId();
262 aclStr += std::to_string(accesser.GetAccesserUserId());
263 aclStr += accesser.GetAccesserAccountId();
264 aclStr += std::to_string(accesser.GetAccesserTokenId());
265 aclStr += accesser.GetAccesserBundleName();
266 aclStr += accesser.GetAccesserHapSignature();
267 aclStr += std::to_string(accesser.GetAccesserBindLevel());
268 aclStr += accesser.GetAccesserCredentialIdStr();
269 aclStr += std::to_string(accesser.GetAccesserStatus());
270 aclStr += std::to_string(accesser.GetAccesserSKTimeStamp());
271
272 DistributedDeviceProfile::Accessee accessee = acl.GetAccessee();
273 aclStr += accessee.GetAccesseeDeviceId();
274 aclStr += std::to_string(accessee.GetAccesseeUserId());
275 aclStr += accessee.GetAccesseeAccountId();
276 aclStr += std::to_string(accessee.GetAccesseeTokenId());
277 aclStr += accessee.GetAccesseeBundleName();
278 aclStr += accessee.GetAccesseeHapSignature();
279 aclStr += std::to_string(accessee.GetAccesseeBindLevel());
280 aclStr += accessee.GetAccesseeCredentialIdStr();
281 aclStr += std::to_string(accessee.GetAccesseeStatus());
282 aclStr += std::to_string(accessee.GetAccesseeSKTimeStamp());
283 return aclStr;
284 }
285
GetAclList(const std::string localUdid,int32_t localUserId,const std::string remoteUdid,int32_t remoteUserId)286 DM_EXPORT std::vector<DistributedDeviceProfile::AccessControlProfile> DeviceProfileConnector::GetAclList(
287 const std::string localUdid, int32_t localUserId, const std::string remoteUdid, int32_t remoteUserId)
288 {
289 std::vector<DistributedDeviceProfile::AccessControlProfile> profiles =
290 DeviceProfileConnector::GetInstance().GetAllAclIncludeLnnAcl();
291 std::vector<DistributedDeviceProfile::AccessControlProfile> aclList;
292 for (auto &item : profiles) {
293 if (item.GetAccesser().GetAccesserDeviceId() == localUdid &&
294 item.GetAccesser().GetAccesserUserId() == localUserId &&
295 item.GetAccessee().GetAccesseeDeviceId() == remoteUdid &&
296 item.GetAccessee().GetAccesseeUserId() == remoteUserId) {
297 aclList.push_back(item);
298 continue;
299 }
300 if (item.GetAccesser().GetAccesserDeviceId() == remoteUdid &&
301 item.GetAccesser().GetAccesserUserId() == remoteUserId &&
302 item.GetAccessee().GetAccesseeDeviceId() == localUdid &&
303 item.GetAccessee().GetAccesseeUserId() == localUserId) {
304 aclList.push_back(item);
305 continue;
306 }
307 }
308 if (aclList.empty()) {
309 LOGI("DeviceProfileConnector::GetAclList acl is empty");
310 }
311 return aclList;
312 }
313
IsAuthNewVersion(int32_t bindLevel,std::string localUdid,std::string remoteUdid,int32_t tokenId,int32_t userId)314 DM_EXPORT std::string DeviceProfileConnector::IsAuthNewVersion(int32_t bindLevel, std::string localUdid,
315 std::string remoteUdid, int32_t tokenId, int32_t userId)
316 {
317 LOGI("localUdid %{public}s, remoteUdid %{public}s, bindLevel %{public}d.",
318 GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str(), bindLevel);
319 if (static_cast<uint32_t>(bindLevel) > APP || static_cast<uint32_t>(bindLevel) < USER) {
320 LOGE("Invalied bindlevel bindLevel=%{public}u.", bindLevel);
321 return "";
322 }
323 std::vector<AccessControlProfile> profiles = GetAclProfileByDeviceIdAndUserId(localUdid, userId);
324 if (profiles.empty()) {
325 LOGE("Acl is empty.");
326 return "";
327 }
328 switch (bindLevel) {
329 case APP:
330 case SERVICE:
331 return GetAppServiceAuthVersionInfo(localUdid, remoteUdid, tokenId, userId, profiles);
332 case USER:
333 return GetDeviceAuthVersionInfo(localUdid, remoteUdid, profiles);
334 default:
335 break;
336 }
337 return "";
338 }
339
GetAppServiceAuthVersionInfo(std::string localUdid,std::string remoteUdid,int32_t tokenId,int32_t userId,std::vector<DistributedDeviceProfile::AccessControlProfile> profiles)340 std::string DeviceProfileConnector::GetAppServiceAuthVersionInfo(std::string localUdid, std::string remoteUdid,
341 int32_t tokenId, int32_t userId, std::vector<DistributedDeviceProfile::AccessControlProfile> profiles)
342 {
343 for (auto &item : profiles) {
344 if (item.GetBindType() == DM_IDENTICAL_ACCOUNT ||
345 (item.GetBindLevel() != APP && item.GetBindLevel() != SERVICE)) {
346 continue;
347 }
348 int32_t acerUserId = item.GetAccesser().GetAccesserUserId();
349 int32_t aceeUserId = item.GetAccessee().GetAccesseeUserId();
350 std::string acerDeviceId = item.GetAccesser().GetAccesserDeviceId();
351 std::string aceeDeviceId = item.GetAccessee().GetAccesseeDeviceId();
352 int32_t acerTokenId = static_cast<int32_t>(item.GetAccesser().GetAccesserTokenId());
353 int32_t aceeTokenId = static_cast<int32_t>(item.GetAccessee().GetAccesseeTokenId());
354 if (acerUserId == userId && acerTokenId == tokenId &&
355 acerDeviceId == localUdid && aceeDeviceId == remoteUdid) {
356 return item.GetAccesser().GetAccesserExtraData();
357 }
358 if (aceeUserId == userId && aceeTokenId == tokenId &&
359 aceeDeviceId == localUdid && acerDeviceId == remoteUdid) {
360 return item.GetAccessee().GetAccesseeExtraData();
361 }
362 }
363 return "";
364 }
365
GetDeviceAuthVersionInfo(std::string localUdid,std::string remoteUdid,std::vector<DistributedDeviceProfile::AccessControlProfile> profiles)366 std::string DeviceProfileConnector::GetDeviceAuthVersionInfo(std::string localUdid, std::string remoteUdid,
367 std::vector<DistributedDeviceProfile::AccessControlProfile> profiles)
368 {
369 for (auto &item : profiles) {
370 if (item.GetBindType() == DM_IDENTICAL_ACCOUNT || item.GetBindLevel() != USER || IsLnnAcl(item)) {
371 continue;
372 }
373 std::string acerDeviceId = item.GetAccesser().GetAccesserDeviceId();
374 std::string aceeDeviceId = item.GetAccessee().GetAccesseeDeviceId();
375 if (acerDeviceId == localUdid && aceeDeviceId == remoteUdid) {
376 return item.GetAccesser().GetAccesserExtraData();
377 }
378 if (aceeDeviceId == localUdid && acerDeviceId == remoteUdid) {
379 return item.GetAccessee().GetAccesseeExtraData();
380 }
381 }
382 return "";
383 }
FilterNeedDeleteACL(const std::string & localDeviceId,uint32_t localTokenId,const std::string & remoteDeviceId,const std::string & extra)384 DM_EXPORT DmOfflineParam DeviceProfileConnector::FilterNeedDeleteACL(const std::string &localDeviceId,
385 uint32_t localTokenId, const std::string &remoteDeviceId, const std::string &extra)
386 {
387 LOGI("localDeviceId %{public}s, remoteDeviceId %{public}s",
388 GetAnonyString(localDeviceId).c_str(), GetAnonyString(remoteDeviceId).c_str());
389 DmOfflineParam offlineParam;
390 int32_t userId = MultipleUserConnector::GetCurrentAccountUserID();
391 std::vector<AccessControlProfile> profiles = GetAclProfileByDeviceIdAndUserId(localDeviceId, userId,
392 remoteDeviceId);
393 if (profiles.empty()) {
394 LOGE("Acl is empty.");
395 return offlineParam;
396 }
397
398 FilterNeedDeleteACLInfos(profiles, localDeviceId, localTokenId, remoteDeviceId, extra, offlineParam);
399 return offlineParam;
400 }
401
CheckLastLnnAcl(const std::string & localDeviceId,int32_t localUserId,const std::string & remoteDeviceId,DmOfflineParam & offlineParam,std::vector<DistributedDeviceProfile::AccessControlProfile> & profiles)402 void DeviceProfileConnector::CheckLastLnnAcl(const std::string &localDeviceId, int32_t localUserId,
403 const std::string &remoteDeviceId, DmOfflineParam &offlineParam,
404 std::vector<DistributedDeviceProfile::AccessControlProfile> &profiles)
405 {
406 LOGI("profiles size: %{public}zu", profiles.size());
407 if (profiles.size() == 1 && IsLnnAcl(profiles[0])) {
408 if (profiles[0].GetAccesser().GetAccesserDeviceId() == localDeviceId) {
409 CacheAcerAclId(profiles[0], offlineParam.needDelAclInfos);
410 }
411 if (profiles[0].GetAccessee().GetAccesseeDeviceId() == localDeviceId) {
412 CacheAceeAclId(profiles[0], offlineParam.needDelAclInfos);
413 }
414 offlineParam.hasLnnAcl = true;
415 }
416 }
417
DeleteCacheAcl(std::vector<int64_t> delAclIdVec,std::vector<DistributedDeviceProfile::AccessControlProfile> & profiles)418 void DeviceProfileConnector::DeleteCacheAcl(std::vector<int64_t> delAclIdVec,
419 std::vector<DistributedDeviceProfile::AccessControlProfile> &profiles)
420 {
421 for (auto delAclId : delAclIdVec) {
422 for (auto item = profiles.begin(); item != profiles.end();) {
423 if (delAclId == item->GetAccessControlId()) {
424 item = profiles.erase(item);
425 } else {
426 item++;
427 }
428 }
429 }
430 }
431
FindTargetAcl(const DistributedDeviceProfile::AccessControlProfile & acl,const std::string & localUdid,const uint32_t localTokenId,const std::string & remoteUdid,const uint32_t peerTokenId,DmOfflineParam & offlineParam)432 bool DeviceProfileConnector::FindTargetAcl(const DistributedDeviceProfile::AccessControlProfile &acl,
433 const std::string &localUdid, const uint32_t localTokenId,
434 const std::string &remoteUdid, const uint32_t peerTokenId,
435 DmOfflineParam &offlineParam)
436 {
437 bool isMatch = false;
438 int64_t acerTokenId = acl.GetAccesser().GetAccesserTokenId();
439 int64_t aceeTokenId = acl.GetAccessee().GetAccesseeTokenId();
440 std::string acerDeviceId = acl.GetAccesser().GetAccesserDeviceId();
441 std::string aceeDeviceId = acl.GetAccessee().GetAccesseeDeviceId();
442 // Process target match acl which need delete
443 if ((acerTokenId == static_cast<int64_t>(localTokenId)) &&
444 (acerDeviceId == localUdid) && (aceeDeviceId == remoteUdid) &&
445 (peerTokenId == 0 || (peerTokenId != 0 && aceeTokenId == static_cast<int64_t>(peerTokenId)))) {
446 ProcessInfo processInfo;
447 processInfo.pkgName = acl.GetAccesser().GetAccesserBundleName();
448 processInfo.userId = acl.GetAccesser().GetAccesserUserId();
449 offlineParam.processVec.push_back(processInfo);
450 CacheAcerAclId(acl, offlineParam.needDelAclInfos);
451 LOGI("Src del acl aclId: %{public}" PRId64 ", localUdid %{public}s, remoteUdid %{public}s"
452 ", bindType %{public}d, bindLevel: %{public}d", acl.GetAccessControlId(),
453 GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str(), acl.GetBindType(),
454 acl.GetBindLevel());
455 isMatch = true;
456 }
457
458 if ((aceeTokenId == static_cast<int64_t>(localTokenId)) &&
459 (aceeDeviceId == localUdid) && (acerDeviceId == remoteUdid) &&
460 (peerTokenId == 0 || (peerTokenId != 0 && acerTokenId == static_cast<int64_t>(peerTokenId)))) {
461 ProcessInfo processInfo;
462 processInfo.pkgName = acl.GetAccessee().GetAccesseeBundleName();
463 processInfo.userId = acl.GetAccessee().GetAccesseeUserId();
464 offlineParam.processVec.push_back(processInfo);
465 CacheAceeAclId(acl, offlineParam.needDelAclInfos);
466 LOGI("Sink del acl aclId: %{public}" PRId64 ", localUdid %{public}s, remoteUdid %{public}s"
467 ", bindType %{public}d, bindLevel: %{public}d", acl.GetAccessControlId(),
468 GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str(), acl.GetBindType(),
469 acl.GetBindLevel());
470 isMatch = true;
471 }
472 return isMatch;
473 }
474
FindLnnAcl(const DistributedDeviceProfile::AccessControlProfile & acl,const std::string & localUdid,const std::string & remoteUdid,DmOfflineParam & offlineParam)475 bool DeviceProfileConnector::FindLnnAcl(const DistributedDeviceProfile::AccessControlProfile &acl,
476 const std::string &localUdid, const std::string &remoteUdid, DmOfflineParam &offlineParam)
477 {
478 bool isMatch = false;
479 std::string acerDeviceId = acl.GetAccesser().GetAccesserDeviceId();
480 std::string aceeDeviceId = acl.GetAccessee().GetAccesseeDeviceId();
481 if (IsLnnAcl(acl) && acl.GetTrustDeviceId() == remoteUdid) {
482 if (acerDeviceId == localUdid && aceeDeviceId == remoteUdid) {
483 LOGI("Src lnn acl aclId: %{public}" PRId64 ", localUdid %{public}s, remoteUdid %{public}s"
484 ", bindType %{public}d, bindLevel: %{public}d", acl.GetAccessControlId(),
485 GetAnonyString(localUdid).c_str(),
486 GetAnonyString(remoteUdid).c_str(), acl.GetBindType(), acl.GetBindLevel());
487 CacheAcerAclId(acl, offlineParam.allLnnAclInfos);
488 }
489
490 if (aceeDeviceId == localUdid && acerDeviceId == remoteUdid) {
491 LOGI("Sink lnn acl aclId: %{public}" PRId64 ", localUdid %{public}s, remoteUdid %{public}s"
492 ", bindType %{public}d, bindLevel: %{public}d", acl.GetAccessControlId(),
493 GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str(), acl.GetBindType(),
494 acl.GetBindLevel());
495 CacheAceeAclId(acl, offlineParam.allLnnAclInfos);
496 }
497 isMatch = true;
498 }
499 return isMatch;
500 }
501
FindUserAcl(const DistributedDeviceProfile::AccessControlProfile & acl,const std::string & localUdid,const std::string & remoteUdid,DmOfflineParam & offlineParam)502 bool DeviceProfileConnector::FindUserAcl(const DistributedDeviceProfile::AccessControlProfile &acl,
503 const std::string &localUdid, const std::string &remoteUdid, DmOfflineParam &offlineParam)
504 {
505 bool isMatch = false;
506 std::string acerDeviceId = acl.GetAccesser().GetAccesserDeviceId();
507 std::string aceeDeviceId = acl.GetAccessee().GetAccesseeDeviceId();
508 // process User Or SameAccount acl
509 if (acl.GetBindLevel() == USER || acl.GetBindType() == DM_IDENTICAL_ACCOUNT) {
510 if (acerDeviceId == localUdid && aceeDeviceId == remoteUdid) {
511 LOGI("Src User acl aclId: %{public}" PRId64 ", localUdid %{public}s, remoteUdid %{public}s"
512 ", bindType %{public}d, bindLevel: %{public}d", acl.GetAccessControlId(),
513 GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str(), acl.GetBindType(),
514 acl.GetBindLevel());
515 CacheAcerAclId(acl, offlineParam.allUserAclInfos);
516 }
517
518 if (aceeDeviceId == localUdid && acerDeviceId == remoteUdid) {
519 LOGI("Sink User acl aclId: %{public}" PRId64 ", localUdid %{public}s, remoteUdid %{public}s"
520 ", bindType %{public}d, bindLevel: %{public}d", acl.GetAccessControlId(),
521 GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str(), acl.GetBindType(),
522 acl.GetBindLevel());
523 CacheAceeAclId(acl, offlineParam.allUserAclInfos);
524 }
525 isMatch = true;
526 }
527 return isMatch;
528 }
529
FindLeftAcl(const DistributedDeviceProfile::AccessControlProfile & acl,const std::string & localUdid,const std::string & remoteUdid,DmOfflineParam & offlineParam)530 bool DeviceProfileConnector::FindLeftAcl(const DistributedDeviceProfile::AccessControlProfile &acl,
531 const std::string &localUdid, const std::string &remoteUdid, DmOfflineParam &offlineParam)
532 {
533 bool isMatch = false;
534 std::string acerDeviceId = acl.GetAccesser().GetAccesserDeviceId();
535 std::string aceeDeviceId = acl.GetAccessee().GetAccesseeDeviceId();
536 // process left service/app acl
537 if (acl.GetBindLevel() == SERVICE || acl.GetBindLevel() == APP) {
538 if (acerDeviceId == localUdid && aceeDeviceId == remoteUdid) {
539 LOGI("Src Left acl aclId: %{public}" PRId64 ", localUdid %{public}s, remoteUdid %{public}s"
540 ", bindType %{public}d, bindLevel: %{public}d", acl.GetAccessControlId(),
541 GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str(), acl.GetBindType(),
542 acl.GetBindLevel());
543 CacheAcerAclId(acl, offlineParam.allLeftAppOrSvrAclInfos);
544 }
545
546 if (aceeDeviceId == localUdid && acerDeviceId == remoteUdid) {
547 LOGI("Sink Left acl aclId: %{public}" PRId64 ", localUdid %{public}s, remoteUdid %{public}s"
548 ", bindType %{public}d, bindLevel: %{public}d", acl.GetAccessControlId(),
549 GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str(), acl.GetBindType(),
550 acl.GetBindLevel());
551 CacheAceeAclId(acl, offlineParam.allLeftAppOrSvrAclInfos);
552 }
553 isMatch = true;
554 }
555 return isMatch;
556 }
557
FilterNeedDeleteACLInfos(std::vector<DistributedDeviceProfile::AccessControlProfile> & profiles,const std::string & localUdid,const uint32_t localTokenId,const std::string & remoteUdid,const std::string & extra,DmOfflineParam & offlineParam)558 void DeviceProfileConnector::FilterNeedDeleteACLInfos(
559 std::vector<DistributedDeviceProfile::AccessControlProfile> &profiles,
560 const std::string &localUdid, const uint32_t localTokenId,
561 const std::string &remoteUdid, const std::string &extra, DmOfflineParam &offlineParam)
562 {
563 uint64_t peerTokenId = 0;
564 std::string peerBundleName = "";
565 JsonStrHandle::GetInstance().GetPeerAppInfoParseExtra(extra, peerTokenId, peerBundleName);
566 for (auto &item : profiles) {
567 if (item.GetTrustDeviceId() != remoteUdid) {
568 continue;
569 }
570
571 // First, find need delete acl
572 if (FindTargetAcl(item, localUdid, localTokenId, remoteUdid, peerTokenId, offlineParam)) {
573 continue;
574 }
575
576 // Second, find the LNN acl
577 if (FindLnnAcl(item, localUdid, remoteUdid, offlineParam)) {
578 continue;
579 }
580
581 // Third, find the user or sameaccount acl, dertermine if report offline
582 if (FindUserAcl(item, localUdid, remoteUdid, offlineParam)) {
583 continue;
584 }
585
586 // Fourth, find the left service/app acl, determine if del lnn acl
587 if (FindLeftAcl(item, localUdid, remoteUdid, offlineParam)) {
588 continue;
589 }
590 }
591 }
592
GetAccessControlProfile()593 DM_EXPORT std::vector<AccessControlProfile> DeviceProfileConnector::GetAccessControlProfile()
594 {
595 std::vector<AccessControlProfile> profiles;
596 std::map<std::string, std::string> queryParams;
597 int32_t userId = MultipleUserConnector::GetCurrentAccountUserID();
598 queryParams[USERID] = std::to_string(userId);
599 if (DistributedDeviceProfileClient::GetInstance().GetAccessControlProfile(queryParams, profiles) != DM_OK) {
600 LOGE("DP GetAccessControlProfile failed.");
601 }
602 return profiles;
603 }
604
GetAccessControlProfileByUserId(int32_t userId)605 std::vector<AccessControlProfile> DeviceProfileConnector::GetAccessControlProfileByUserId(int32_t userId)
606 {
607 std::vector<AccessControlProfile> profiles;
608 std::map<std::string, std::string> queryParams;
609 queryParams[USERID] = std::to_string(userId);
610 if (DistributedDeviceProfileClient::GetInstance().GetAccessControlProfile(queryParams, profiles) != DM_OK) {
611 LOGE("DP GetAccessControlProfileByUserId failed.");
612 }
613 return profiles;
614 }
615
GetAclProfileByDeviceIdAndUserId(const std::string & deviceId,int32_t userId)616 std::vector<AccessControlProfile> DeviceProfileConnector::GetAclProfileByDeviceIdAndUserId(const std::string &deviceId,
617 int32_t userId)
618 {
619 std::vector<AccessControlProfile> profiles;
620 std::vector<AccessControlProfile> aclProfileVec;
621 std::map<std::string, std::string> queryParams;
622 queryParams[USERID] = std::to_string(userId);
623 if (DistributedDeviceProfileClient::GetInstance().GetAccessControlProfile(queryParams, profiles) != DM_OK) {
624 LOGE("DP GetAccessControlProfile failed.");
625 return aclProfileVec;
626 }
627 for (auto &item : profiles) {
628 if ((item.GetAccesser().GetAccesserDeviceId() == deviceId &&
629 item.GetAccesser().GetAccesserUserId() == userId) ||
630 (item.GetAccessee().GetAccesseeDeviceId() == deviceId &&
631 item.GetAccessee().GetAccesseeUserId() == userId)) {
632 aclProfileVec.push_back(item);
633 }
634 }
635 return aclProfileVec;
636 }
637
GetAclProfileByDeviceIdAndUserId(const std::string & deviceId,int32_t userId,const std::string & remoteDeviceId)638 std::vector<AccessControlProfile> DeviceProfileConnector::GetAclProfileByDeviceIdAndUserId(const std::string &deviceId,
639 int32_t userId, const std::string &remoteDeviceId)
640 {
641 std::vector<AccessControlProfile> aclProfileVec;
642 std::vector<AccessControlProfile> profiles = GetAllAclIncludeLnnAcl();
643 for (auto &item : profiles) {
644 if ((item.GetAccesser().GetAccesserDeviceId() == deviceId &&
645 item.GetAccesser().GetAccesserUserId() == userId &&
646 item.GetAccessee().GetAccesseeDeviceId() == remoteDeviceId) ||
647 (item.GetAccessee().GetAccesseeDeviceId() == deviceId &&
648 item.GetAccessee().GetAccesseeUserId() == userId &&
649 item.GetAccesser().GetAccesserDeviceId() == remoteDeviceId)) {
650 aclProfileVec.push_back(item);
651 }
652 }
653 return aclProfileVec;
654 }
655
GetAppTrustDeviceList(const std::string & pkgName,const std::string & deviceId)656 DM_EXPORT std::unordered_map<std::string, DmAuthForm> DeviceProfileConnector::GetAppTrustDeviceList(
657 const std::string &pkgName, const std::string &deviceId)
658 {
659 int32_t userId = MultipleUserConnector::GetCurrentAccountUserID();
660 LOGI("localDeviceId: %{public}s, userId: %{public}d", GetAnonyString(deviceId).c_str(), userId);
661 std::vector<AccessControlProfile> profiles = GetAllAclIncludeLnnAcl();
662 std::vector<AccessControlProfile> profilesFilter = {};
663 for (auto &item : profiles) {
664 if (!IsLnnAcl(item) && ((item.GetAccesser().GetAccesserUserId() == userId &&
665 item.GetAccesser().GetAccesserDeviceId() == deviceId) ||
666 (item.GetAccessee().GetAccesseeUserId() == userId &&
667 item.GetAccessee().GetAccesseeDeviceId() == deviceId))) {
668 profilesFilter.push_back(item);
669 }
670 }
671 return GetAuthFormMap(pkgName, deviceId, profilesFilter, userId);
672 }
673
GetAuthFormMap(const std::string & pkgName,const std::string & deviceId,const std::vector<DistributedDeviceProfile::AccessControlProfile> & profilesFilter,const int32_t & userId)674 std::unordered_map<std::string, DmAuthForm> DeviceProfileConnector::GetAuthFormMap(const std::string &pkgName,
675 const std::string &deviceId, const std::vector<DistributedDeviceProfile::AccessControlProfile> &profilesFilter,
676 const int32_t &userId)
677 {
678 std::unordered_map<std::string, DmAuthForm> deviceIdMap;
679 for (auto &item : profilesFilter) {
680 std::string trustDeviceId = item.GetTrustDeviceId();
681 LOGI("trustDeviceId: %{public}s, status: %{public}d, acerUserId: %{public}d, aceeUserId: %{public}d",
682 GetAnonyString(trustDeviceId).c_str(), item.GetStatus(), item.GetAccesser().GetAccesserUserId(),
683 item.GetAccessee().GetAccesseeUserId());
684 if (trustDeviceId == deviceId || item.GetStatus() != ACTIVE) {
685 continue;
686 }
687 DmDiscoveryInfo discoveryInfo = {pkgName, deviceId};
688 int32_t bindType = HandleDmAuthForm(item, discoveryInfo);
689 LOGI("The udid %{public}s in ACL authForm is %{public}d.", GetAnonyString(trustDeviceId).c_str(), bindType);
690 if (bindType == DmAuthForm::INVALID_TYPE) {
691 continue;
692 }
693 if (deviceIdMap.find(trustDeviceId) == deviceIdMap.end()) {
694 if (CheckSinkShareType(item, userId, deviceId, trustDeviceId, bindType)) {
695 LOGI("GetAuthFormMap CheckSinkShareType true.");
696 continue;
697 }
698 deviceIdMap[trustDeviceId] = static_cast<DmAuthForm>(bindType);
699 continue;
700 }
701 DmAuthForm authForm = deviceIdMap.at(trustDeviceId);
702 if (bindType == authForm) {
703 continue;
704 }
705 uint32_t highestBindType = CheckBindType(trustDeviceId, deviceId);
706 if (highestBindType == IDENTICAL_ACCOUNT_TYPE) {
707 deviceIdMap[trustDeviceId] = DmAuthForm::IDENTICAL_ACCOUNT;
708 continue;
709 } else if (highestBindType == SHARE_TYPE) {
710 if (CheckSinkShareType(item, userId, deviceId, trustDeviceId, DmAuthForm::SHARE)) {
711 continue;
712 }
713 deviceIdMap[trustDeviceId] = DmAuthForm::SHARE;
714 continue;
715 } else if (highestBindType == DEVICE_PEER_TO_PEER_TYPE || highestBindType == APP_PEER_TO_PEER_TYPE ||
716 highestBindType == SERVICE_PEER_TO_PEER_TYPE) {
717 deviceIdMap[trustDeviceId] = DmAuthForm::PEER_TO_PEER;
718 continue;
719 } else if (highestBindType == APP_ACROSS_ACCOUNT_TYPE ||
720 highestBindType == DEVICE_ACROSS_ACCOUNT_TYPE || highestBindType == SERVICE_ACROSS_ACCOUNT_TYPE) {
721 deviceIdMap[trustDeviceId] = DmAuthForm::ACROSS_ACCOUNT;
722 continue;
723 } else {
724 LOGE("GetAuthFormMap highestBindType match failed.");
725 continue;
726 }
727 }
728 return deviceIdMap;
729 }
730
CheckSinkShareType(const DistributedDeviceProfile::AccessControlProfile & profile,const int32_t & userId,const std::string & deviceId,const std::string & trustDeviceId,const int32_t & bindType)731 bool DeviceProfileConnector::CheckSinkShareType(const DistributedDeviceProfile::AccessControlProfile &profile,
732 const int32_t &userId, const std::string &deviceId, const std::string &trustDeviceId, const int32_t &bindType)
733 {
734 if (profile.GetAccessee().GetAccesseeUserId() == userId &&
735 profile.GetAccessee().GetAccesseeDeviceId() == deviceId &&
736 profile.GetAccesser().GetAccesserDeviceId() == trustDeviceId &&
737 bindType == DmAuthForm::SHARE) {
738 return true;
739 }
740 return false;
741 }
742
GetDeviceAclParam(DmDiscoveryInfo discoveryInfo,bool & isOnline,int32_t & authForm)743 int32_t DeviceProfileConnector::GetDeviceAclParam(DmDiscoveryInfo discoveryInfo, bool &isOnline, int32_t &authForm)
744 {
745 std::vector<AccessControlProfile> profiles = GetAccessControlProfileByUserId(discoveryInfo.userId);
746 std::vector<int32_t> bindTypes;
747 for (auto &item : profiles) {
748 char deviceIdHash[DM_MAX_DEVICE_ID_LEN] = {0};
749 if (Crypto::GetUdidHash(item.GetTrustDeviceId(), reinterpret_cast<uint8_t *>(deviceIdHash)) != DM_OK) {
750 LOGE("get deviceIdHash by deviceId: %{public}s failed.", GetAnonyString(deviceIdHash).c_str());
751 continue;
752 }
753 if (IsLnnAcl(item) || static_cast<std::string>(deviceIdHash) != discoveryInfo.remoteDeviceIdHash ||
754 (discoveryInfo.localDeviceId == item.GetAccesser().GetAccesserDeviceId() &&
755 discoveryInfo.userId != item.GetAccesser().GetAccesserUserId()) ||
756 (discoveryInfo.localDeviceId == item.GetAccessee().GetAccesseeDeviceId() &&
757 discoveryInfo.userId != item.GetAccessee().GetAccesseeUserId())) {
758 continue;
759 }
760 int32_t bindType = HandleDmAuthForm(item, discoveryInfo);
761 if (bindType == DmAuthForm::INVALID_TYPE) {
762 continue;
763 }
764 bindTypes.push_back(bindType);
765 }
766 if (std::count(bindTypes.begin(), bindTypes.end(), DmAuthForm::IDENTICAL_ACCOUNT) > 0) {
767 isOnline = true;
768 authForm = DmAuthForm::IDENTICAL_ACCOUNT;
769 LOGI("The found device is identical account device bind type.");
770 return DM_OK;
771 }
772 if (std::count(bindTypes.begin(), bindTypes.end(), DmAuthForm::PEER_TO_PEER) > 0) {
773 isOnline = true;
774 authForm = DmAuthForm::PEER_TO_PEER;
775 LOGI("The found device is peer-to-peer device bind-level.");
776 return DM_OK;
777 }
778 if (std::count(bindTypes.begin(), bindTypes.end(), DmAuthForm::ACROSS_ACCOUNT) > 0) {
779 isOnline = true;
780 authForm = DmAuthForm::ACROSS_ACCOUNT;
781 LOGI("The found device is across-account device bind-level.");
782 return DM_OK;
783 }
784 authForm = DmAuthForm::INVALID_TYPE;
785 return DM_OK;
786 }
787
CheckAuthFormProxyTokenId(const std::string pkgName,const std::string & extraStr)788 bool DeviceProfileConnector::CheckAuthFormProxyTokenId(const std::string pkgName, const std::string &extraStr)
789 {
790 std::vector<int64_t> proxyTokenIdVec = JsonStrHandle::GetInstance().GetProxyTokenIdByExtra(extraStr);
791 int64_t callingTokenId = static_cast<int64_t>(IPCSkeleton::GetCallingTokenID());
792 for (auto &proxyTokenId : proxyTokenIdVec) {
793 std::string proxyBundleName;
794 if (AppManager::GetInstance().GetBundleNameByTokenId(proxyTokenId, proxyBundleName) != DM_OK) {
795 continue;
796 }
797 if (callingTokenId == proxyTokenId && pkgName == proxyBundleName) {
798 return true;
799 }
800 }
801 return false;
802 }
803
CheckAuthForm(DmAuthForm form,AccessControlProfile profiles,DmDiscoveryInfo discoveryInfo)804 int32_t DeviceProfileConnector::CheckAuthForm(DmAuthForm form, AccessControlProfile profiles,
805 DmDiscoveryInfo discoveryInfo)
806 {
807 if (IsLnnAcl(profiles)) {
808 return DmAuthForm::INVALID_TYPE;
809 }
810 if (profiles.GetBindLevel() == USER || ((profiles.GetBindLevel() == APP || profiles.GetBindLevel() == SERVICE) &&
811 discoveryInfo.pkgname == "")) {
812 return form;
813 }
814 if (profiles.GetBindLevel() == APP || profiles.GetBindLevel() == SERVICE) {
815 if ((discoveryInfo.pkgname == profiles.GetAccesser().GetAccesserBundleName() ||
816 CheckAuthFormProxyTokenId(discoveryInfo.pkgname, profiles.GetAccesser().GetAccesserExtraData())) &&
817 discoveryInfo.localDeviceId == profiles.GetAccesser().GetAccesserDeviceId()) {
818 return form;
819 }
820 if ((discoveryInfo.pkgname == profiles.GetAccessee().GetAccesseeBundleName() ||
821 CheckAuthFormProxyTokenId(discoveryInfo.pkgname, profiles.GetAccessee().GetAccesseeExtraData())) &&
822 discoveryInfo.localDeviceId == profiles.GetAccessee().GetAccesseeDeviceId()) {
823 return form;
824 }
825 }
826 return DmAuthForm::INVALID_TYPE;
827 }
828
HandleDmAuthForm(AccessControlProfile profiles,DmDiscoveryInfo discoveryInfo)829 int32_t DeviceProfileConnector::HandleDmAuthForm(AccessControlProfile profiles, DmDiscoveryInfo discoveryInfo)
830 {
831 if (profiles.GetBindType() == DM_IDENTICAL_ACCOUNT) {
832 return DmAuthForm::IDENTICAL_ACCOUNT;
833 }
834 if (profiles.GetBindType() == DM_POINT_TO_POINT) {
835 return CheckAuthForm(DmAuthForm::PEER_TO_PEER, profiles, discoveryInfo);
836 }
837 if (profiles.GetBindType() == DM_ACROSS_ACCOUNT) {
838 return CheckAuthForm(DmAuthForm::PEER_TO_PEER, profiles, discoveryInfo);
839 }
840 if (profiles.GetBindType() == DM_SHARE) {
841 return CheckAuthForm(DmAuthForm::SHARE, profiles, discoveryInfo);
842 }
843 return DmAuthForm::INVALID_TYPE;
844 }
845
CheckBindType(std::string peerUdid,std::string localUdid)846 DM_EXPORT uint32_t DeviceProfileConnector::CheckBindType(std::string peerUdid,
847 std::string localUdid)
848 {
849 std::vector<AccessControlProfile> filterProfiles = GetAclProfileByUserId(localUdid,
850 MultipleUserConnector::GetFirstForegroundUserId(), peerUdid);
851 LOGI("filterProfiles size is %{public}zu", filterProfiles.size());
852 uint32_t highestPriority = INVALIED_TYPE;
853 for (auto &item : filterProfiles) {
854 if (IsLnnAcl(item) || peerUdid != item.GetTrustDeviceId()) {
855 continue;
856 }
857 uint32_t priority = static_cast<uint32_t>(GetAuthForm(item, peerUdid, localUdid));
858 if (priority > highestPriority) {
859 highestPriority = priority;
860 }
861 }
862 return highestPriority;
863 }
864
GetAuthForm(DistributedDeviceProfile::AccessControlProfile profiles,const std::string & trustDev,const std::string & reqDev)865 int32_t DeviceProfileConnector::GetAuthForm(DistributedDeviceProfile::AccessControlProfile profiles,
866 const std::string &trustDev, const std::string &reqDev)
867 {
868 LOGI("BindType %{public}d, bindLevel %{public}d",
869 profiles.GetBindType(), profiles.GetBindLevel());
870 uint32_t priority = INVALIED_TYPE;
871 uint32_t bindType = profiles.GetBindType();
872
873 switch (bindType) {
874 case DM_IDENTICAL_ACCOUNT:
875 priority = IDENTICAL_ACCOUNT_TYPE;
876 break;
877 case DM_SHARE:
878 priority = SHARE_TYPE;
879 break;
880 case DM_POINT_TO_POINT:
881 if (profiles.GetBindLevel() == USER) {
882 priority = DEVICE_PEER_TO_PEER_TYPE;
883 }
884 if (profiles.GetBindLevel() == SERVICE) {
885 priority = SERVICE_PEER_TO_PEER_TYPE;
886 }
887 if (profiles.GetBindLevel() == APP) {
888 priority = APP_PEER_TO_PEER_TYPE;
889 }
890 break;
891 case DM_ACROSS_ACCOUNT:
892 if (profiles.GetBindLevel() == USER) {
893 priority = DEVICE_ACROSS_ACCOUNT_TYPE;
894 }
895 if (profiles.GetBindLevel() == SERVICE) {
896 priority = SERVICE_ACROSS_ACCOUNT_TYPE;
897 }
898 if (profiles.GetBindLevel() == APP) {
899 priority = APP_ACROSS_ACCOUNT_TYPE;
900 }
901 break;
902 default:
903 LOGE("unknown bind type %{public}d.", bindType);
904 break;
905 }
906 return priority;
907 }
908
GetBindTypeByPkgName(std::string pkgName,std::string requestDeviceId,std::string trustUdid)909 DM_EXPORT std::vector<int32_t> DeviceProfileConnector::GetBindTypeByPkgName(
910 std::string pkgName, std::string requestDeviceId, std::string trustUdid)
911 {
912 LOGI("Start requestDeviceId %{public}s, trustUdid %{public}s.", GetAnonyString(requestDeviceId).c_str(),
913 GetAnonyString(trustUdid).c_str());
914 std::vector<int32_t> bindTypeVec;
915 if (requestDeviceId.empty() || trustUdid.empty() || requestDeviceId == trustUdid) {
916 LOGE("Input udid param invalied.");
917 return bindTypeVec;
918 }
919 std::vector<AccessControlProfile> profiles =
920 GetAccessControlProfileByUserId(MultipleUserConnector::GetFirstForegroundUserId());
921 LOGI("AccessControlProfile size is %{public}zu", profiles.size());
922 for (auto &item : profiles) {
923 if (IsLnnAcl(item) || trustUdid != item.GetTrustDeviceId() || item.GetStatus() != ACTIVE) {
924 continue;
925 }
926 GetParamBindTypeVec(item, requestDeviceId, bindTypeVec, trustUdid);
927 }
928 return bindTypeVec;
929 }
930
GetTokenIdByNameAndDeviceId(std::string extra,std::string requestDeviceId)931 DM_EXPORT uint64_t DeviceProfileConnector::GetTokenIdByNameAndDeviceId(std::string extra, std::string requestDeviceId)
932 {
933 uint64_t peerTokenId = 0;
934 std::string pkgName = "";
935 JsonStrHandle::GetInstance().GetPeerAppInfoParseExtra(extra, peerTokenId, pkgName);
936 std::vector<AccessControlProfile> profiles = GetAccessControlProfile();
937 for (auto &item : profiles) {
938 if (item.GetAccesser().GetAccesserBundleName() == pkgName &&
939 item.GetAccesser().GetAccesserDeviceId() == requestDeviceId) {
940 peerTokenId = static_cast<uint64_t>(item.GetAccesser().GetAccesserTokenId());
941 break;
942 }
943 if (item.GetAccessee().GetAccesseeBundleName() == pkgName &&
944 item.GetAccessee().GetAccesseeDeviceId() == requestDeviceId) {
945 peerTokenId = static_cast<uint64_t>(item.GetAccessee().GetAccesseeTokenId());
946 break;
947 }
948 }
949 return peerTokenId;
950 }
951
GetParamBindTypeVec(AccessControlProfile profile,std::string requestDeviceId,std::vector<int32_t> & bindTypeVec,std::string trustUdid)952 void DeviceProfileConnector::GetParamBindTypeVec(AccessControlProfile profile, std::string requestDeviceId,
953 std::vector<int32_t> &bindTypeVec, std::string trustUdid)
954 {
955 if (!(profile.GetAccesser().GetAccesserDeviceId() == trustUdid &&
956 profile.GetAccessee().GetAccesseeDeviceId() == requestDeviceId) &&
957 !(profile.GetAccessee().GetAccesseeDeviceId() == trustUdid &&
958 profile.GetAccesser().GetAccesserDeviceId() == requestDeviceId)) {
959 LOGE("input udid param invalied.");
960 return;
961 }
962 uint32_t bindType = profile.GetBindType();
963 switch (bindType) {
964 case DM_IDENTICAL_ACCOUNT:
965 bindTypeVec.push_back(IDENTICAL_ACCOUNT_TYPE);
966 break;
967 case DM_POINT_TO_POINT:
968 if (profile.GetBindLevel() == USER) {
969 bindTypeVec.push_back(DEVICE_PEER_TO_PEER_TYPE);
970 }
971 if (profile.GetBindLevel() == APP) {
972 bindTypeVec.push_back(APP_PEER_TO_PEER_TYPE);
973 }
974 break;
975 case DM_ACROSS_ACCOUNT:
976 if (profile.GetBindLevel() == USER) {
977 bindTypeVec.push_back(DEVICE_ACROSS_ACCOUNT_TYPE);
978 }
979 if (profile.GetBindLevel() == APP) {
980 bindTypeVec.push_back(APP_ACROSS_ACCOUNT_TYPE);
981 }
982 break;
983 default:
984 LOGE("unknown bind type %{public}d.", bindType);
985 break;
986 }
987 }
988
CompareBindType(std::vector<AccessControlProfile> profiles,std::string pkgName,std::vector<int32_t> & sinkBindType,std::string localDeviceId,std::string targetDeviceId)989 std::vector<int32_t> DeviceProfileConnector::CompareBindType(std::vector<AccessControlProfile> profiles,
990 std::string pkgName, std::vector<int32_t> &sinkBindType, std::string localDeviceId, std::string targetDeviceId)
991 {
992 std::vector<int32_t> bindTypeIndex;
993 for (uint32_t index = 0; index < profiles.size(); index++) {
994 if (IsLnnAcl(profiles[index]) || profiles[index].GetTrustDeviceId() != targetDeviceId ||
995 profiles[index].GetStatus() != ACTIVE) {
996 continue;
997 }
998 DmDiscoveryInfo paramInfo = {
999 .pkgname = pkgName,
1000 .localDeviceId = localDeviceId,
1001 };
1002 ProcessBindType(profiles[index], localDeviceId, sinkBindType, bindTypeIndex, index, targetDeviceId);
1003 }
1004 return bindTypeIndex;
1005 }
1006
ProcessBindType(AccessControlProfile profiles,std::string localDeviceId,std::vector<int32_t> & sinkBindType,std::vector<int32_t> & bindTypeIndex,uint32_t index,std::string targetDeviceId)1007 void DeviceProfileConnector::ProcessBindType(AccessControlProfile profiles, std::string localDeviceId,
1008 std::vector<int32_t> &sinkBindType, std::vector<int32_t> &bindTypeIndex, uint32_t index, std::string targetDeviceId)
1009 {
1010 if (profiles.GetBindType() == DM_IDENTICAL_ACCOUNT) {
1011 sinkBindType.push_back(IDENTICAL_ACCOUNT_TYPE);
1012 bindTypeIndex.push_back(index);
1013 }
1014 if (profiles.GetBindType() == DM_POINT_TO_POINT) {
1015 if (profiles.GetBindLevel() == USER) {
1016 sinkBindType.push_back(DEVICE_PEER_TO_PEER_TYPE);
1017 bindTypeIndex.push_back(index);
1018 }
1019 if (profiles.GetBindLevel() == APP) {
1020 if (profiles.GetAccesser().GetAccesserDeviceId() == targetDeviceId &&
1021 profiles.GetAccessee().GetAccesseeDeviceId() == localDeviceId) {
1022 sinkBindType.push_back(APP_PEER_TO_PEER_TYPE);
1023 bindTypeIndex.push_back(index);
1024 }
1025 if (profiles.GetAccessee().GetAccesseeDeviceId() == targetDeviceId &&
1026 profiles.GetAccesser().GetAccesserDeviceId() == localDeviceId) {
1027 sinkBindType.push_back(APP_PEER_TO_PEER_TYPE);
1028 bindTypeIndex.push_back(index);
1029 }
1030 }
1031 }
1032 if (profiles.GetBindType() == DM_ACROSS_ACCOUNT) {
1033 if (profiles.GetBindLevel() == USER) {
1034 sinkBindType.push_back(DEVICE_ACROSS_ACCOUNT_TYPE);
1035 bindTypeIndex.push_back(index);
1036 }
1037 if (profiles.GetBindLevel() == APP) {
1038 if (profiles.GetAccesser().GetAccesserDeviceId() == targetDeviceId &&
1039 profiles.GetAccessee().GetAccesseeDeviceId() == localDeviceId) {
1040 sinkBindType.push_back(APP_ACROSS_ACCOUNT_TYPE);
1041 bindTypeIndex.push_back(index);
1042 }
1043 if (profiles.GetAccessee().GetAccesseeDeviceId() == targetDeviceId &&
1044 profiles.GetAccesser().GetAccesserDeviceId() == localDeviceId) {
1045 sinkBindType.push_back(APP_ACROSS_ACCOUNT_TYPE);
1046 bindTypeIndex.push_back(index);
1047 }
1048 }
1049 }
1050 }
1051
SyncAclByBindType(std::string pkgName,std::vector<int32_t> bindTypeVec,std::string localDeviceId,std::string targetDeviceId)1052 DM_EXPORT std::vector<int32_t> DeviceProfileConnector::SyncAclByBindType(
1053 std::string pkgName, std::vector<int32_t> bindTypeVec, std::string localDeviceId, std::string targetDeviceId)
1054 {
1055 std::vector<AccessControlProfile> profiles =
1056 GetAccessControlProfileByUserId(MultipleUserConnector::GetFirstForegroundUserId());
1057 LOGI("AccessControlProfile size is %{public}zu", profiles.size());
1058 std::vector<int32_t> sinkBindType;
1059 std::vector<int32_t> bindType;
1060 std::vector<int32_t> bindTypeIndex =
1061 CompareBindType(profiles, pkgName, sinkBindType, localDeviceId, targetDeviceId);
1062 LOGI("SyncAclByBindType sinkBindType size is %{public}zu", sinkBindType.size());
1063 for (uint32_t sinkIndex = 0; sinkIndex < sinkBindType.size(); sinkIndex++) {
1064 bool deleteAclFlag = true;
1065 for (uint32_t srcIndex = 0; srcIndex < bindTypeVec.size(); srcIndex++) {
1066 if (sinkBindType[sinkIndex] == bindTypeVec[srcIndex]) {
1067 deleteAclFlag = false;
1068 bindType.push_back(bindTypeVec[sinkIndex]);
1069 }
1070 }
1071 if (deleteAclFlag) {
1072 int32_t deleteIndex = profiles[bindTypeIndex[sinkIndex]].GetAccessControlId();
1073 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(deleteIndex);
1074 LOGI("SyncAclByBindType deleteAcl index is %{public}d", deleteIndex);
1075 }
1076 }
1077 return bindType;
1078 }
1079
1080
1081 DM_EXPORT
GetProcessInfoFromAclByUserId(const std::string & localDeviceId,const std::string & targetDeviceId,int32_t userId)1082 std::vector<OHOS::DistributedHardware::ProcessInfo> DeviceProfileConnector::GetProcessInfoFromAclByUserId(
1083 const std::string &localDeviceId, const std::string &targetDeviceId, int32_t userId)
1084 {
1085 std::vector<AccessControlProfile> filterProfiles = GetAclProfileByUserId(localDeviceId,
1086 userId, targetDeviceId);
1087 LOGI("filterProfiles size is %{public}zu", filterProfiles.size());
1088 std::vector<OHOS::DistributedHardware::ProcessInfo> processInfoVec;
1089 for (auto &item : filterProfiles) {
1090 if (IsLnnAcl(item) || item.GetTrustDeviceId() != targetDeviceId) {
1091 continue;
1092 }
1093 std::string accesserUdid = item.GetAccesser().GetAccesserDeviceId();
1094 std::string accesseeUdid = item.GetAccessee().GetAccesseeDeviceId();
1095 OHOS::DistributedHardware::ProcessInfo processInfo;
1096 std::string extraStr;
1097 if (accesserUdid == localDeviceId) {
1098 processInfo.pkgName = item.GetAccesser().GetAccesserBundleName();
1099 processInfo.userId = item.GetAccesser().GetAccesserUserId();
1100 processInfoVec.push_back(processInfo);
1101 extraStr = item.GetAccesser().GetAccesserExtraData();
1102 } else if (accesseeUdid == localDeviceId) {
1103 processInfo.pkgName = item.GetAccessee().GetAccesseeBundleName();
1104 processInfo.userId = item.GetAccessee().GetAccesseeUserId();
1105 processInfoVec.push_back(processInfo);
1106 extraStr = item.GetAccessee().GetAccesseeExtraData();
1107 } else {
1108 continue;
1109 }
1110 std::vector<int64_t> proxyTokenIdVec = JsonStrHandle::GetInstance().GetProxyTokenIdByExtra(extraStr);
1111 for (auto &proxyTokenId : proxyTokenIdVec) {
1112 std::string proxyBundleName;
1113 if (AppManager::GetInstance().GetBundleNameByTokenId(proxyTokenId, proxyBundleName) != DM_OK) {
1114 continue;
1115 }
1116 processInfo.pkgName = proxyBundleName;
1117 processInfoVec.push_back(processInfo);
1118 }
1119 }
1120 return processInfoVec;
1121 }
1122
GetAccessControlProfileByAccessControlId(int64_t accessControlId)1123 DM_EXPORT AccessControlProfile DeviceProfileConnector::GetAccessControlProfileByAccessControlId(
1124 int64_t accessControlId)
1125 {
1126 AccessControlProfile profile;
1127 profile.SetAccessControlId(0);
1128 std::vector<AccessControlProfile> profiles = GetAllAclIncludeLnnAcl();
1129 for (auto &item : profiles) {
1130 if (item.GetAccessControlId() == accessControlId) {
1131 return item;
1132 }
1133 }
1134 return profile;
1135 }
1136
GetAgentToProxyVecFromAclByUserId(const std::string & localDeviceId,const std::string & targetDeviceId,int32_t userId)1137 DM_EXPORT std::vector<std::pair<int64_t, int64_t>> DeviceProfileConnector::GetAgentToProxyVecFromAclByUserId(
1138 const std::string &localDeviceId, const std::string &targetDeviceId, int32_t userId)
1139 {
1140 std::vector<AccessControlProfile> filterProfiles = GetAclProfileByUserId(localDeviceId,
1141 userId, targetDeviceId);
1142 LOGI("filterProfiles size is %{public}zu", filterProfiles.size());
1143 std::vector<std::pair<int64_t, int64_t>> agentToProxyVec;
1144 for (auto &item : filterProfiles) {
1145 if (IsLnnAcl(item) || item.GetTrustDeviceId() != targetDeviceId) {
1146 continue;
1147 }
1148 std::string accesserUdid = item.GetAccesser().GetAccesserDeviceId();
1149 std::string accesseeUdid = item.GetAccessee().GetAccesseeDeviceId();
1150 int64_t agentTokenId;
1151 std::string extraStr;
1152 if (accesserUdid == localDeviceId) {
1153 agentTokenId = item.GetAccesser().GetAccesserTokenId();
1154 extraStr = item.GetAccesser().GetAccesserExtraData();
1155 } else if (accesseeUdid == localDeviceId) {
1156 agentTokenId = item.GetAccessee().GetAccesseeTokenId();
1157 extraStr = item.GetAccessee().GetAccesseeExtraData();
1158 } else {
1159 continue;
1160 }
1161 std::vector<int64_t> proxyTokenIdVec = JsonStrHandle::GetInstance().GetProxyTokenIdByExtra(extraStr);
1162 for (auto &proxyTokenId : proxyTokenIdVec) {
1163 agentToProxyVec.push_back(std::pair<int64_t, int64_t>(agentTokenId, proxyTokenId));
1164 }
1165 }
1166 return agentToProxyVec;
1167 }
1168
PutAccessControlList(DmAclInfo aclInfo,DmAccesser dmAccesser,DmAccessee dmAccessee)1169 int32_t DeviceProfileConnector::PutAccessControlList(DmAclInfo aclInfo, DmAccesser dmAccesser, DmAccessee dmAccessee)
1170 {
1171 LOGI("Start.");
1172 Accesser accesser;
1173 accesser.SetAccesserDeviceId(dmAccesser.requestDeviceId);
1174 accesser.SetAccesserUserId(dmAccesser.requestUserId);
1175 accesser.SetAccesserAccountId(dmAccesser.requestAccountId);
1176 accesser.SetAccesserTokenId(dmAccesser.requestTokenId);
1177 accesser.SetAccesserBundleName(dmAccesser.requestBundleName);
1178 accesser.SetAccesserDeviceName(dmAccesser.requestDeviceName);
1179 Accessee accessee;
1180 accessee.SetAccesseeDeviceId(dmAccessee.trustDeviceId);
1181 accessee.SetAccesseeUserId(dmAccessee.trustUserId);
1182 accessee.SetAccesseeAccountId(dmAccessee.trustAccountId);
1183 accessee.SetAccesseeTokenId(dmAccessee.trustTokenId);
1184 accessee.SetAccesseeBundleName(dmAccessee.trustBundleName);
1185 accessee.SetAccesseeDeviceName(dmAccessee.trustDeviceName);
1186 AccessControlProfile profile;
1187 profile.SetBindType(aclInfo.bindType);
1188 profile.SetBindLevel(aclInfo.bindLevel);
1189 profile.SetStatus(ACTIVE);
1190 profile.SetTrustDeviceId(aclInfo.trustDeviceId);
1191 profile.SetDeviceIdType((int32_t)DeviceIdType::UDID);
1192 profile.SetDeviceIdHash(aclInfo.deviceIdHash);
1193 profile.SetAuthenticationType(aclInfo.authenticationType);
1194 profile.SetAccessee(accessee);
1195 profile.SetAccesser(accesser);
1196 int32_t ret = DistributedDeviceProfileClient::GetInstance().PutAccessControlProfile(profile);
1197 if (ret != DM_OK) {
1198 LOGE("PutAccessControlProfile failed.");
1199 }
1200 return ret;
1201 }
1202
DeleteAclForAccountLogOut(const DMAclQuadInfo & info,const std::string & accountId,DmOfflineParam & offlineParam)1203 DM_EXPORT bool DeviceProfileConnector::DeleteAclForAccountLogOut(
1204 const DMAclQuadInfo &info, const std::string &accountId, DmOfflineParam &offlineParam)
1205 {
1206 LOGI("localUdid %{public}s, localUserId %{public}d, peerUdid %{public}s, peerUserId %{public}d.",
1207 GetAnonyString(info.localUdid).c_str(), info.localUserId, GetAnonyString(info.peerUdid).c_str(),
1208 info.peerUserId);
1209 std::vector<AccessControlProfile> profiles = GetAllAclIncludeLnnAcl();
1210 bool notifyOffline = false;
1211 for (const auto &item : profiles) {
1212 if (item.GetTrustDeviceId() != info.peerUdid) {
1213 continue;
1214 }
1215 std::string accesserUdid = item.GetAccesser().GetAccesserDeviceId();
1216 std::string accesseeUdid = item.GetAccessee().GetAccesseeDeviceId();
1217 int32_t accesserUserId = item.GetAccesser().GetAccesserUserId();
1218 int32_t accesseeUserId = item.GetAccessee().GetAccesseeUserId();
1219 std::string accesserAccountId = item.GetAccesser().GetAccesserAccountId();
1220 std::string accesseeAccountId = item.GetAccessee().GetAccesseeAccountId();
1221 if (accesserUdid == info.localUdid && accesserUserId == info.localUserId &&
1222 accesseeUdid == info.peerUdid && accesseeUserId == info.peerUserId &&
1223 accesserAccountId == accountId) {
1224 offlineParam.bindType = item.GetBindType();
1225 ProcessInfo processInfo;
1226 SetProcessInfoPkgName(item, processInfo);
1227 processInfo.userId = item.GetAccesser().GetAccesserUserId();
1228 offlineParam.processVec.emplace_back(processInfo);
1229 notifyOffline = (item.GetStatus() == ACTIVE);
1230 CacheAcerAclId(item, offlineParam.needDelAclInfos);
1231 continue;
1232 }
1233 if (accesserUdid == info.peerUdid && accesserUserId == info.peerUserId &&
1234 accesseeUdid == info.localUdid && accesseeUserId == info.localUserId &&
1235 accesseeAccountId == accountId) {
1236 offlineParam.bindType = item.GetBindType();
1237 ProcessInfo processInfo;
1238 SetProcessInfoPkgName(item, processInfo);
1239 processInfo.userId = item.GetAccessee().GetAccesseeUserId();
1240 offlineParam.processVec.emplace_back(processInfo);
1241 notifyOffline = (item.GetStatus() == ACTIVE);
1242 CacheAceeAclId(item, offlineParam.needDelAclInfos);
1243 continue;
1244 }
1245 }
1246 return notifyOffline;
1247 }
1248
DeleteAclByActhash(const DMAclQuadInfo & info,const std::string & accountIdHash,DmOfflineParam & offlineParam)1249 DM_EXPORT bool DeviceProfileConnector::DeleteAclByActhash(
1250 const DMAclQuadInfo &info, const std::string &accountIdHash, DmOfflineParam &offlineParam)
1251 {
1252 LOGI("localUdid %{public}s, localUserId %{public}d, peerUdid %{public}s, peerUserId %{public}d.",
1253 GetAnonyString(info.localUdid).c_str(), info.localUserId, GetAnonyString(info.peerUdid).c_str(),
1254 info.peerUserId);
1255 std::vector<AccessControlProfile> profiles = GetAllAclIncludeLnnAcl();
1256 bool notifyOffline = false;
1257 for (const auto &item : profiles) {
1258 if (item.GetTrustDeviceId() != info.peerUdid) {
1259 continue;
1260 }
1261 CacheOfflineParam(item, info, accountIdHash, offlineParam, notifyOffline);
1262 }
1263 return notifyOffline;
1264 }
1265
CacheOfflineParam(const DistributedDeviceProfile::AccessControlProfile & profile,const DMAclQuadInfo & info,const std::string & accountIdHash,DmOfflineParam & offlineParam,bool & notifyOffline)1266 void DeviceProfileConnector::CacheOfflineParam(const DistributedDeviceProfile::AccessControlProfile &profile,
1267 const DMAclQuadInfo &info, const std::string &accountIdHash, DmOfflineParam &offlineParam, bool ¬ifyOffline)
1268 {
1269 std::string accesserUdid = profile.GetAccesser().GetAccesserDeviceId();
1270 std::string accesseeUdid = profile.GetAccessee().GetAccesseeDeviceId();
1271 int32_t accesserUserId = profile.GetAccesser().GetAccesserUserId();
1272 int32_t accesseeUserId = profile.GetAccessee().GetAccesseeUserId();
1273 std::string accesserAccountId = profile.GetAccesser().GetAccesserAccountId();
1274 std::string accesseeAccountId = profile.GetAccessee().GetAccesseeAccountId();
1275 char accesserAccountIdHash[DM_MAX_DEVICE_ID_LEN] = {0};
1276 if (Crypto::GetAccountIdHash(accesserAccountId, reinterpret_cast<uint8_t *>(accesserAccountIdHash)) != DM_OK) {
1277 LOGE("GetAccountHash failed.");
1278 return;
1279 }
1280 char accesseeAccountIdHash[DM_MAX_DEVICE_ID_LEN] = {0};
1281 if (Crypto::GetAccountIdHash(accesseeAccountId, reinterpret_cast<uint8_t *>(accesseeAccountIdHash)) != DM_OK) {
1282 LOGE("GetAccountHash failed.");
1283 return;
1284 }
1285 if (accesserUdid == info.localUdid && accesserUserId == info.localUserId &&
1286 accesseeUdid == info.peerUdid && accesseeUserId == info.peerUserId &&
1287 std::string(accesseeAccountIdHash) == accountIdHash) {
1288 offlineParam.bindType = profile.GetBindType();
1289 ProcessInfo processInfo;
1290 SetProcessInfoPkgName(profile, processInfo);
1291 processInfo.userId = profile.GetAccesser().GetAccesserUserId();
1292 offlineParam.processVec.emplace_back(processInfo);
1293 notifyOffline = (profile.GetStatus() == ACTIVE);
1294 CacheAcerAclId(profile, offlineParam.needDelAclInfos);
1295 return;
1296 }
1297 if (accesserUdid == info.peerUdid && accesserUserId == info.peerUserId &&
1298 accesseeUdid == info.localUdid && accesseeUserId == info.localUserId &&
1299 std::string(accesserAccountIdHash) == accountIdHash) {
1300 offlineParam.bindType = profile.GetBindType();
1301 ProcessInfo processInfo;
1302 SetProcessInfoPkgName(profile, processInfo);
1303 processInfo.userId = profile.GetAccessee().GetAccesseeUserId();
1304 offlineParam.processVec.emplace_back(processInfo);
1305 notifyOffline = (profile.GetStatus() == ACTIVE);
1306 CacheAceeAclId(profile, offlineParam.needDelAclInfos);
1307 return;
1308 }
1309 }
1310
DeleteAclForUserRemoved(std::string localUdid,int32_t userId,std::vector<std::string> peerUdids,std::multimap<std::string,int32_t> & peerUserIdMap,DmOfflineParam & offlineParam)1311 DM_EXPORT void DeviceProfileConnector::DeleteAclForUserRemoved(std::string localUdid, int32_t userId,
1312 std::vector<std::string> peerUdids, std::multimap<std::string, int32_t> &peerUserIdMap,
1313 DmOfflineParam &offlineParam)
1314 {
1315 LOGI("localUdid %{public}s, userId %{public}d.", GetAnonyString(localUdid).c_str(), userId);
1316 std::vector<AccessControlProfile> profiles = GetAllAclIncludeLnnAcl();
1317 for (const auto &item : profiles) {
1318 if (find(peerUdids.begin(), peerUdids.end(), item.GetTrustDeviceId()) == peerUdids.end()) {
1319 continue;
1320 }
1321 std::string accesserUdid = item.GetAccesser().GetAccesserDeviceId();
1322 std::string accesseeUdid = item.GetAccessee().GetAccesseeDeviceId();
1323 int32_t accesserUserId = item.GetAccesser().GetAccesserUserId();
1324 int32_t accesseeUserId = item.GetAccessee().GetAccesseeUserId();
1325 if (accesserUdid == localUdid && accesserUserId == userId) {
1326 if (!IsValueExist(peerUserIdMap, accesseeUdid, accesseeUserId)) {
1327 peerUserIdMap.insert(std::pair<std::string, int32_t>(accesseeUdid, accesseeUserId));
1328 }
1329 CacheAcerAclId(item, offlineParam.needDelAclInfos);
1330 continue;
1331 }
1332 if (accesseeUdid == localUdid && accesseeUserId == userId) {
1333 if (!IsValueExist(peerUserIdMap, accesserUdid, accesserUserId)) {
1334 peerUserIdMap.insert(std::pair<std::string, int32_t>(accesserUdid, accesserUserId));
1335 }
1336 CacheAceeAclId(item, offlineParam.needDelAclInfos);
1337 continue;
1338 }
1339 }
1340 }
1341
1342
DeleteAclForRemoteUserRemoved(std::string peerUdid,int32_t peerUserId,std::vector<int32_t> & userIds,DmOfflineParam & offlineParam)1343 DM_EXPORT void DeviceProfileConnector::DeleteAclForRemoteUserRemoved(
1344 std::string peerUdid, int32_t peerUserId, std::vector<int32_t> &userIds, DmOfflineParam &offlineParam)
1345 {
1346 LOGI("peerUdid %{public}s, peerUserId %{public}d.", GetAnonyString(peerUdid).c_str(), peerUserId);
1347 std::vector<AccessControlProfile> profiles = GetAllAclIncludeLnnAcl();
1348 for (const auto &item : profiles) {
1349 std::string accesserUdid = item.GetAccesser().GetAccesserDeviceId();
1350 std::string accesseeUdid = item.GetAccessee().GetAccesseeDeviceId();
1351 int32_t accesserUserId = item.GetAccesser().GetAccesserUserId();
1352 int32_t accesseeUserId = item.GetAccessee().GetAccesseeUserId();
1353 if (accesserUdid == peerUdid && accesserUserId == peerUserId) {
1354 if (item.GetBindLevel() == USER) {
1355 userIds.push_back(accesseeUserId);
1356 }
1357 CacheAceeAclId(item, offlineParam.needDelAclInfos);
1358 }
1359 if (accesseeUdid == peerUdid && accesseeUserId == peerUserId) {
1360 if (item.GetBindLevel() == USER) {
1361 userIds.push_back(accesserUserId);
1362 }
1363 CacheAcerAclId(item, offlineParam.needDelAclInfos);
1364 }
1365 }
1366 }
1367
DeleteAccessControlList(const std::string & udid)1368 DM_EXPORT void DeviceProfileConnector::DeleteAccessControlList(const std::string &udid)
1369 {
1370 LOGI("Udid: %{public}s.", GetAnonyString(udid).c_str());
1371 if (udid.empty()) {
1372 LOGE("DeleteAccessControlList udid is empty.");
1373 return;
1374 }
1375 std::vector<AccessControlProfile> profiles = GetAccessControlProfile();
1376 LOGI("Size is %{public}zu", profiles.size());
1377 for (const auto &item : profiles) {
1378 if (item.GetTrustDeviceId() == udid) {
1379 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId());
1380 }
1381 }
1382 }
1383
DeleteAccessControlList(const std::string & pkgName,const std::string & localDeviceId,const std::string & remoteDeviceId,int32_t bindLevel,const std::string & extra)1384 DmOfflineParam DeviceProfileConnector::DeleteAccessControlList(const std::string &pkgName,
1385 const std::string &localDeviceId, const std::string &remoteDeviceId,
1386 int32_t bindLevel, const std::string &extra)
1387 {
1388 LOGI("pkgName %{public}s, localDeviceId %{public}s, remoteDeviceId %{public}s, bindLevel %{public}d.",
1389 pkgName.c_str(), GetAnonyString(localDeviceId).c_str(), GetAnonyString(remoteDeviceId).c_str(), bindLevel);
1390 DmOfflineParam offlineParam;
1391 offlineParam.bindType = INVALIED_TYPE;
1392 if (static_cast<uint32_t>(bindLevel) > APP || static_cast<uint32_t>(bindLevel) < USER) {
1393 LOGE("Invalied bindlevel.");
1394 return offlineParam;
1395 }
1396 std::vector<AccessControlProfile> profiles = GetAclProfileByDeviceIdAndUserId(localDeviceId,
1397 MultipleUserConnector::GetFirstForegroundUserId());
1398 if (profiles.empty()) {
1399 LOGE("Acl is empty.");
1400 return offlineParam;
1401 }
1402 switch (bindLevel) {
1403 case APP:
1404 if (extra == "") {
1405 DeleteAppBindLevel(offlineParam, pkgName, profiles, localDeviceId, remoteDeviceId);
1406 } else {
1407 DeleteAppBindLevel(offlineParam, pkgName, profiles, localDeviceId, remoteDeviceId, extra);
1408 }
1409 break;
1410 case SERVICE:
1411 DeleteServiceBindLevel(offlineParam, pkgName, profiles, localDeviceId, remoteDeviceId);
1412 break;
1413 case USER:
1414 DeleteDeviceBindLevel(offlineParam, profiles, localDeviceId, remoteDeviceId);
1415 break;
1416 default:
1417 break;
1418 }
1419 return offlineParam;
1420 }
1421
DeleteAppBindLevel(DmOfflineParam & offlineParam,const std::string & pkgName,const std::vector<AccessControlProfile> & profiles,const std::string & localUdid,const std::string & remoteUdid)1422 void DeviceProfileConnector::DeleteAppBindLevel(DmOfflineParam &offlineParam, const std::string &pkgName,
1423 const std::vector<AccessControlProfile> &profiles, const std::string &localUdid, const std::string &remoteUdid)
1424 {
1425 int32_t bindNums = 0;
1426 int32_t deleteNums = 0;
1427 for (auto &item : profiles) {
1428 if (item.GetTrustDeviceId() != remoteUdid || item.GetBindType() == DM_IDENTICAL_ACCOUNT ||
1429 item.GetBindLevel() != APP) {
1430 continue;
1431 }
1432 bindNums++;
1433 if (item.GetAccesser().GetAccesserBundleName() == pkgName &&
1434 item.GetAccesser().GetAccesserDeviceId() == localUdid &&
1435 item.GetAccessee().GetAccesseeDeviceId() == remoteUdid) {
1436 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId());
1437 deleteNums++;
1438 offlineParam.bindType = APP;
1439 ProcessInfo processInfo;
1440 processInfo.pkgName = item.GetAccesser().GetAccesserBundleName();
1441 processInfo.userId = item.GetAccesser().GetAccesserUserId();
1442 offlineParam.processVec.push_back(processInfo);
1443 offlineParam.peerUserId = item.GetAccessee().GetAccesseeUserId();
1444 LOGI("Src delete acl pkgName %{public}s, bindType %{public}d, localUdid %{public}s, remoteUdid %{public}s",
1445 pkgName.c_str(), item.GetBindType(), GetAnonyString(localUdid).c_str(),
1446 GetAnonyString(remoteUdid).c_str());
1447 continue;
1448 }
1449 if (item.GetAccessee().GetAccesseeBundleName() == pkgName &&
1450 item.GetAccessee().GetAccesseeDeviceId() == localUdid &&
1451 item.GetAccesser().GetAccesserDeviceId() == remoteUdid) {
1452 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId());
1453 deleteNums++;
1454 offlineParam.bindType = APP;
1455 ProcessInfo processInfo;
1456 processInfo.pkgName = item.GetAccessee().GetAccesseeBundleName();
1457 processInfo.userId = item.GetAccessee().GetAccesseeUserId();
1458 offlineParam.processVec.push_back(processInfo);
1459 offlineParam.peerUserId = item.GetAccesser().GetAccesserUserId();
1460 LOGI("Sink delete acl pkgName %{public}s, bindType %{public}u, localUdid %{public}s, remoteUdid %{public}s",
1461 pkgName.c_str(), item.GetBindType(), GetAnonyString(localUdid).c_str(),
1462 GetAnonyString(remoteUdid).c_str());
1463 continue;
1464 }
1465 }
1466 offlineParam.leftAclNumber = bindNums - deleteNums;
1467 }
1468
DeleteAppBindLevel(DmOfflineParam & offlineParam,const std::string & pkgName,const std::vector<AccessControlProfile> & profiles,const std::string & localUdid,const std::string & remoteUdid,const std::string & extra)1469 void DeviceProfileConnector::DeleteAppBindLevel(DmOfflineParam &offlineParam, const std::string &pkgName,
1470 const std::vector<AccessControlProfile> &profiles, const std::string &localUdid,
1471 const std::string &remoteUdid, const std::string &extra)
1472 {
1473 int32_t bindNums = 0;
1474 int32_t deleteNums = 0;
1475 uint64_t peerTokenId = 0;
1476 std::string peerBundleName;
1477 JsonStrHandle::GetInstance().GetPeerAppInfoParseExtra(extra, peerTokenId, peerBundleName);
1478 LOGI("DeviceProfileConnector::DeleteAppBindLevel peerBundleName %{public}s", peerBundleName.c_str());
1479 for (auto &item : profiles) {
1480 if (item.GetTrustDeviceId() != remoteUdid || item.GetBindType() == DM_IDENTICAL_ACCOUNT ||
1481 item.GetBindLevel() != APP) {
1482 continue;
1483 }
1484 bindNums++;
1485 if (item.GetAccesser().GetAccesserBundleName() == pkgName &&
1486 item.GetAccessee().GetAccesseeBundleName() == peerBundleName &&
1487 item.GetAccesser().GetAccesserDeviceId() == localUdid &&
1488 item.GetAccessee().GetAccesseeDeviceId() == remoteUdid) {
1489 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId());
1490 deleteNums++;
1491 offlineParam.bindType = APP;
1492 ProcessInfo processInfo;
1493 processInfo.pkgName = item.GetAccesser().GetAccesserBundleName();
1494 processInfo.userId = item.GetAccesser().GetAccesserUserId();
1495 offlineParam.processVec.push_back(processInfo);
1496 offlineParam.peerUserId = item.GetAccessee().GetAccesseeUserId();
1497 LOGI("Src delete acl pkgName %{public}s, bindType %{public}d, localUdid %{public}s, remoteUdid %{public}s",
1498 pkgName.c_str(), item.GetBindType(), GetAnonyString(localUdid).c_str(),
1499 GetAnonyString(remoteUdid).c_str());
1500 continue;
1501 }
1502 if (item.GetAccessee().GetAccesseeBundleName() == pkgName &&
1503 item.GetAccesser().GetAccesserBundleName() == peerBundleName &&
1504 item.GetAccessee().GetAccesseeDeviceId() == localUdid &&
1505 item.GetAccesser().GetAccesserDeviceId() == remoteUdid) {
1506 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId());
1507 deleteNums++;
1508 offlineParam.bindType = APP;
1509 ProcessInfo processInfo;
1510 processInfo.pkgName = item.GetAccessee().GetAccesseeBundleName();
1511 processInfo.userId = item.GetAccessee().GetAccesseeUserId();
1512 offlineParam.processVec.push_back(processInfo);
1513 offlineParam.peerUserId = item.GetAccesser().GetAccesserUserId();
1514 LOGI("Sink delete acl pkgName %{public}s, bindType %{public}u, localUdid %{public}s, remoteUdid %{public}s",
1515 pkgName.c_str(), item.GetBindType(), GetAnonyString(localUdid).c_str(),
1516 GetAnonyString(remoteUdid).c_str());
1517 continue;
1518 }
1519 }
1520 offlineParam.leftAclNumber = bindNums - deleteNums;
1521 }
1522
DeleteDeviceBindLevel(DmOfflineParam & offlineParam,const std::vector<AccessControlProfile> & profiles,const std::string & localUdid,const std::string & remoteUdid)1523 void DeviceProfileConnector::DeleteDeviceBindLevel(DmOfflineParam &offlineParam,
1524 const std::vector<AccessControlProfile> &profiles, const std::string &localUdid, const std::string &remoteUdid)
1525 {
1526 int32_t bindNums = 0;
1527 int32_t deleteNums = 0;
1528 for (auto &item : profiles) {
1529 if (item.GetTrustDeviceId() != remoteUdid || item.GetBindType() == DM_IDENTICAL_ACCOUNT) {
1530 continue;
1531 }
1532 bindNums++;
1533 if (item.GetAccesser().GetAccesserDeviceId() == localUdid &&
1534 item.GetAccessee().GetAccesseeDeviceId() == remoteUdid) {
1535 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId());
1536 deleteNums++;
1537 offlineParam.bindType = USER;
1538 LOGI("Src delete acl bindType %{public}d, localUdid %{public}s, remoteUdid %{public}s", item.GetBindType(),
1539 GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str());
1540 continue;
1541 }
1542 if (item.GetAccessee().GetAccesseeDeviceId() == localUdid &&
1543 item.GetAccesser().GetAccesserDeviceId() == remoteUdid) {
1544 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId());
1545 deleteNums++;
1546 offlineParam.bindType = USER;
1547 LOGI("Sink delete acl bindType %{public}u, localUdid %{public}s, remoteUdid %{public}s", item.GetBindType(),
1548 GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str());
1549 continue;
1550 }
1551 }
1552 offlineParam.leftAclNumber = bindNums - deleteNums;
1553 }
1554
DeleteServiceBindLevel(DmOfflineParam & offlineParam,const std::string & pkgName,const std::vector<AccessControlProfile> & profiles,const std::string & localUdid,const std::string & remoteUdid)1555 void DeviceProfileConnector::DeleteServiceBindLevel(DmOfflineParam &offlineParam, const std::string &pkgName,
1556 const std::vector<AccessControlProfile> &profiles, const std::string &localUdid, const std::string &remoteUdid)
1557 {
1558 int32_t bindNums = 0;
1559 int32_t deleteNums = 0;
1560 for (auto &item : profiles) {
1561 if (item.GetTrustDeviceId() != remoteUdid || item.GetBindType() == DM_IDENTICAL_ACCOUNT ||
1562 item.GetBindLevel() != SERVICE) {
1563 continue;
1564 }
1565 bindNums++;
1566 if (item.GetAccesser().GetAccesserBundleName() == pkgName &&
1567 item.GetAccesser().GetAccesserDeviceId() == localUdid &&
1568 item.GetAccessee().GetAccesseeDeviceId() == remoteUdid) {
1569 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId());
1570 deleteNums++;
1571 offlineParam.bindType = SERVICE;
1572 LOGI("Src delete acl pkgName %{public}s, bindType %{public}d, localUdid %{public}s, remoteUdid %{public}s",
1573 pkgName.c_str(), item.GetBindType(), GetAnonyString(localUdid).c_str(),
1574 GetAnonyString(remoteUdid).c_str());
1575 continue;
1576 }
1577 if (item.GetAccessee().GetAccesseeBundleName() == pkgName &&
1578 item.GetAccessee().GetAccesseeDeviceId() == localUdid &&
1579 item.GetAccesser().GetAccesserDeviceId() == remoteUdid) {
1580 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId());
1581 deleteNums++;
1582 offlineParam.bindType = SERVICE;
1583 LOGI("Sink delete acl pkgName %{public}s, bindType %{public}u, localUdid %{public}s, remoteUdid %{public}s",
1584 pkgName.c_str(), item.GetBindType(), GetAnonyString(localUdid).c_str(),
1585 GetAnonyString(remoteUdid).c_str());
1586 continue;
1587 }
1588 }
1589 offlineParam.leftAclNumber = bindNums - deleteNums;
1590 }
1591
UpdateAccessControlList(int32_t userId,std::string & oldAccountId,std::string & newAccountId)1592 int32_t DeviceProfileConnector::UpdateAccessControlList(int32_t userId, std::string &oldAccountId,
1593 std::string &newAccountId)
1594 {
1595 std::vector<AccessControlProfile> profiles = GetAccessControlProfile();
1596 LOGI("AccessControlProfile size is %{public}zu", profiles.size());
1597 for (auto &item : profiles) {
1598 if ((item.GetAccesser().GetAccesserUserId() == userId &&
1599 item.GetAccesser().GetAccesserAccountId() == oldAccountId) ||
1600 (item.GetAccessee().GetAccesseeUserId() == userId &&
1601 item.GetAccessee().GetAccesseeAccountId() == oldAccountId)) {
1602 item.SetStatus(INACTIVE);
1603 DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(item);
1604 }
1605 if ((item.GetAccesser().GetAccesserUserId() == userId &&
1606 item.GetAccesser().GetAccesserAccountId() == newAccountId) ||
1607 (item.GetAccessee().GetAccesseeUserId() == userId &&
1608 item.GetAccessee().GetAccesseeAccountId() == newAccountId)) {
1609 item.SetStatus(ACTIVE);
1610 DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(item);
1611 }
1612 }
1613 return DM_OK;
1614 }
1615
CheckSrcDevIdInAclForDevBind(const std::string & pkgName,const std::string & deviceId)1616 DM_EXPORT bool DeviceProfileConnector::CheckSrcDevIdInAclForDevBind(
1617 const std::string &pkgName, const std::string &deviceId)
1618 {
1619 std::vector<AccessControlProfile> profiles = GetAccessControlProfile();
1620 LOGI("AccessControlProfile size is %{public}zu", profiles.size());
1621 for (auto &item : profiles) {
1622 if (item.GetTrustDeviceId() == deviceId && item.GetStatus() == ACTIVE &&
1623 item.GetBindLevel() == USER && (item.GetAccessee().GetAccesseeBundleName() == pkgName ||
1624 item.GetAccesser().GetAccesserBundleName() == "") && item.GetAccessee().GetAccesseeUserId() == 0 &&
1625 item.GetAccessee().GetAccesseeAccountId() == "") {
1626 return true;
1627 }
1628 }
1629 return false;
1630 }
1631
CheckSinkDevIdInAclForDevBind(const std::string & pkgName,const std::string & deviceId)1632 bool DeviceProfileConnector::CheckSinkDevIdInAclForDevBind(const std::string &pkgName, const std::string &deviceId)
1633 {
1634 std::vector<AccessControlProfile> profiles = GetAccessControlProfile();
1635 LOGI("AccessControlProfile size is %{public}zu", profiles.size());
1636 for (auto &item : profiles) {
1637 if (item.GetTrustDeviceId() == deviceId && item.GetStatus() == ACTIVE &&
1638 item.GetBindLevel() == USER && (item.GetAccesser().GetAccesserBundleName() == pkgName ||
1639 item.GetAccesser().GetAccesserBundleName() == "") && item.GetAccesser().GetAccesserUserId() == 0 &&
1640 item.GetAccesser().GetAccesserAccountId() == "") {
1641 return true;
1642 }
1643 }
1644 return false;
1645 }
1646
CheckDevIdInAclForDevBind(const std::string & pkgName,const std::string & deviceId)1647 bool DeviceProfileConnector::CheckDevIdInAclForDevBind(const std::string &pkgName, const std::string &deviceId)
1648 {
1649 return (CheckSinkDevIdInAclForDevBind(pkgName, deviceId) || CheckSrcDevIdInAclForDevBind(pkgName, deviceId));
1650 }
1651
1652
DeleteTimeOutAcl(const std::string & deviceId,DmOfflineParam & offlineParam)1653 DM_EXPORT uint32_t DeviceProfileConnector::DeleteTimeOutAcl(const std::string &deviceId, DmOfflineParam &offlineParam)
1654 {
1655 std::vector<AccessControlProfile> profiles = GetAllAclIncludeLnnAcl();
1656 LOGI("AccessControlProfile size is %{public}zu", profiles.size());
1657 uint32_t res = 0;
1658 int32_t currentUserId = MultipleUserConnector::GetCurrentAccountUserID();
1659 std::string localUdid = GetLocalDeviceId();
1660 DmAclIdParam dmAclIdParam;
1661 for (auto &item : profiles) {
1662 if (item.GetTrustDeviceId() != deviceId || item.GetStatus() != ACTIVE) {
1663 continue;
1664 }
1665 if (CacheLnnAcl(item, localUdid, dmAclIdParam)) {
1666 continue;
1667 }
1668 res++;
1669 std::string accesserUdid = item.GetAccesser().GetAccesserDeviceId();
1670 std::string accesseeUdid = item.GetAccessee().GetAccesseeDeviceId();
1671 int32_t accesserUserId = item.GetAccesser().GetAccesserUserId();
1672 int32_t accesseeUserId = item.GetAccessee().GetAccesseeUserId();
1673 if (item.GetAuthenticationType() == ALLOW_AUTH_ONCE) {
1674 res--;
1675 if (accesserUserId == currentUserId && accesserUdid == localUdid && accesseeUdid == deviceId) {
1676 CacheAcerAclId(item, offlineParam.needDelAclInfos);
1677 offlineParam.peerUserId = item.GetAccessee().GetAccesseeUserId();
1678 }
1679 if (accesseeUserId == currentUserId && accesseeUdid == localUdid && accesserUdid == deviceId) {
1680 CacheAceeAclId(item, offlineParam.needDelAclInfos);
1681 offlineParam.peerUserId = item.GetAccesser().GetAccesserUserId();
1682 }
1683 }
1684 }
1685 if (res == 0) {
1686 offlineParam.needDelAclInfos.push_back(dmAclIdParam);
1687 }
1688 return res;
1689 }
1690
1691
CacheLnnAcl(AccessControlProfile profile,const std::string & localUdid,DmAclIdParam & dmAclIdParam)1692 bool DeviceProfileConnector::CacheLnnAcl(AccessControlProfile profile, const std::string &localUdid,
1693 DmAclIdParam &dmAclIdParam)
1694 {
1695 if (IsLnnAcl(profile)) {
1696 if (profile.GetAccesser().GetAccesserDeviceId() == localUdid) {
1697 dmAclIdParam.udid = profile.GetAccesser().GetAccesserDeviceId();
1698 dmAclIdParam.userId = profile.GetAccesser().GetAccesserUserId();
1699 dmAclIdParam.skId = profile.GetAccesser().GetAccesserSessionKeyId();
1700 dmAclIdParam.credId = profile.GetAccesser().GetAccesserCredentialIdStr();
1701 dmAclIdParam.accessControlId = profile.GetAccessControlId();
1702 }
1703 if (profile.GetAccessee().GetAccesseeDeviceId() == localUdid) {
1704 dmAclIdParam.udid = profile.GetAccessee().GetAccesseeDeviceId();
1705 dmAclIdParam.userId = profile.GetAccessee().GetAccesseeUserId();
1706 dmAclIdParam.skId = profile.GetAccessee().GetAccesseeSessionKeyId();
1707 dmAclIdParam.credId = profile.GetAccessee().GetAccesseeCredentialIdStr();
1708 dmAclIdParam.accessControlId = profile.GetAccessControlId();
1709 }
1710 return true;
1711 }
1712 return false;
1713 }
1714
GetTrustNumber(const std::string & deviceId)1715 DM_EXPORT int32_t DeviceProfileConnector::GetTrustNumber(const std::string &deviceId)
1716 {
1717 std::vector<AccessControlProfile> profiles = GetAccessControlProfile();
1718 LOGI("AccessControlProfile size is %{public}zu", profiles.size());
1719 int32_t trustNumber = 0;
1720 for (auto &item : profiles) {
1721 if (item.GetTrustDeviceId() == deviceId && item.GetStatus() == ACTIVE) {
1722 trustNumber++;
1723 }
1724 }
1725 return trustNumber;
1726 }
1727
IsSameAccount(const std::string & udid)1728 DM_EXPORT int32_t DeviceProfileConnector::IsSameAccount(const std::string &udid)
1729 {
1730 std::vector<AccessControlProfile> profiles = GetAccessControlProfile();
1731 for (auto &item : profiles) {
1732 if (item.GetTrustDeviceId() == udid && item.GetStatus() == ACTIVE) {
1733 if (item.GetBindType() == DM_IDENTICAL_ACCOUNT) {
1734 LOGI("The udid %{public}s is identical bind.", GetAnonyString(udid).c_str());
1735 return DM_OK;
1736 }
1737 }
1738 }
1739 return ERR_DM_FAILED;
1740 }
1741
CheckIsSameAccountByUdidHash(const std::string & udidHash)1742 DM_EXPORT int32_t DeviceProfileConnector::CheckIsSameAccountByUdidHash(const std::string &udidHash)
1743 {
1744 if (udidHash.empty()) {
1745 LOGE("udidHash is empty!");
1746 return ERR_DM_INPUT_PARA_INVALID;
1747 }
1748 std::vector<AccessControlProfile> profiles = GetAccessControlProfile();
1749 for (auto &item : profiles) {
1750 if (Crypto::GetUdidHash(item.GetTrustDeviceId()) == udidHash) {
1751 if (item.GetBindType() == DM_IDENTICAL_ACCOUNT) {
1752 LOGI("The udidHash %{public}s is identical bind.", GetAnonyString(udidHash).c_str());
1753 return DM_OK;
1754 }
1755 }
1756 }
1757 return ERR_DM_VERIFY_SAME_ACCOUNT_FAILED;
1758 }
1759
checkAccesserACL(AccessControlProfile & profile,const DmAccessCaller & caller,const std::string & srcUdid,const DmAccessCallee & callee,const std::string & sinkUdid)1760 bool checkAccesserACL(AccessControlProfile& profile, const DmAccessCaller &caller,
1761 const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid)
1762 {
1763 if ((profile.GetAccesser().GetAccesserUserId() == caller.userId ||
1764 profile.GetAccesser().GetAccesserUserId() == 0 ||
1765 profile.GetAccesser().GetAccesserUserId() == -1) &&
1766 profile.GetAccesser().GetAccesserDeviceId() == srcUdid &&
1767 profile.GetAccessee().GetAccesseeDeviceId() == sinkUdid) {
1768 if (callee.userId != 0 && callee.userId == profile.GetAccessee().GetAccesseeUserId()) {
1769 LOGI("accesser success add, callee userId not null!");
1770 return true;
1771 } else if (callee.userId == 0 ||
1772 profile.GetAccessee().GetAccesseeUserId() == -1 ||
1773 profile.GetAccessee().GetAccesseeUserId() == 0) {
1774 LOGI("accesser success add!");
1775 return true;
1776 }
1777 }
1778 return false;
1779 }
1780
checkAccesseeACL(AccessControlProfile & profile,const DmAccessCaller & caller,const std::string & srcUdid,const DmAccessCallee & callee,const std::string & sinkUdid)1781 bool checkAccesseeACL(AccessControlProfile& profile, const DmAccessCaller &caller,
1782 const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid)
1783 {
1784 if ((profile.GetAccessee().GetAccesseeUserId() == caller.userId ||
1785 profile.GetAccessee().GetAccesseeUserId() == 0 ||
1786 profile.GetAccessee().GetAccesseeUserId() == -1) &&
1787 profile.GetAccessee().GetAccesseeDeviceId() == srcUdid &&
1788 profile.GetAccesser().GetAccesserDeviceId() == sinkUdid) {
1789 if (callee.userId != 0 && callee.userId == profile.GetAccesser().GetAccesserUserId()) {
1790 LOGI("accessee success add, callee userId not null!");
1791 return true;
1792 } else if (callee.userId == 0 ||
1793 profile.GetAccesser().GetAccesserUserId() == -1 ||
1794 profile.GetAccesser().GetAccesserUserId() == 0) {
1795 LOGI("accessee success add!");
1796 return true;
1797 }
1798 }
1799 return false;
1800 }
1801
GetACLByDeviceIdAndUserId(std::vector<AccessControlProfile> profiles,const DmAccessCaller & caller,const std::string & srcUdid,const DmAccessCallee & callee,const std::string & sinkUdid)1802 std::vector<AccessControlProfile> GetACLByDeviceIdAndUserId(std::vector<AccessControlProfile> profiles,
1803 const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid)
1804 {
1805 LOGI("srcUdid = %{public}s, caller.userId = %{public}s, sinkUdid = %{public}s, callee.userId = %{public}s",
1806 GetAnonyString(srcUdid).c_str(), GetAnonyInt32(caller.userId).c_str(),
1807 GetAnonyString(sinkUdid).c_str(), GetAnonyInt32(callee.userId).c_str());
1808 std::vector<AccessControlProfile> profilesFilter;
1809 for (auto &item : profiles) {
1810 if (checkAccesserACL(item, caller, srcUdid, callee, sinkUdid) ||
1811 checkAccesseeACL(item, caller, srcUdid, callee, sinkUdid)) {
1812 profilesFilter.push_back(item);
1813 }
1814 }
1815 return profilesFilter;
1816 }
1817
CheckAccessControl(const DmAccessCaller & caller,const std::string & srcUdid,const DmAccessCallee & callee,const std::string & sinkUdid)1818 DM_EXPORT bool DeviceProfileConnector::CheckAccessControl(
1819 const DmAccessCaller &caller, const std::string &srcUdid,
1820 const DmAccessCallee &callee, const std::string &sinkUdid)
1821 {
1822 LOGI("srcUdid %{public}s, srcUserId %{public}d, srcPkgName %{public}s"
1823 "srcAccountId %{public}s, sinkUdid %{public}s, sinkUserId %{public}d, sinkPkgName %{public}s,"
1824 "sinkAccountId %{public}s.", GetAnonyString(srcUdid).c_str(), caller.userId,
1825 caller.pkgName.c_str(), GetAnonyString(caller.accountId).c_str(),
1826 GetAnonyString(sinkUdid).c_str(), callee.userId, callee.pkgName.c_str(),
1827 GetAnonyString(callee.accountId).c_str());
1828 std::vector<AccessControlProfile> profiles = GetAllAccessControlProfile();
1829 std::vector<AccessControlProfile> profilesFilter =
1830 GetACLByDeviceIdAndUserId(profiles, caller, srcUdid, callee, sinkUdid);
1831 for (auto &item : profilesFilter) {
1832 if (item.GetStatus() != ACTIVE || (item.GetTrustDeviceId() != sinkUdid &&
1833 item.GetTrustDeviceId() != srcUdid)) {
1834 continue;
1835 }
1836 if (SingleUserProcess(item, caller, callee)) {
1837 return true;
1838 }
1839 }
1840 return false;
1841 }
1842
SingleUserProcess(const DistributedDeviceProfile::AccessControlProfile & profile,const DmAccessCaller & caller,const DmAccessCallee & callee)1843 bool DeviceProfileConnector::SingleUserProcess(const DistributedDeviceProfile::AccessControlProfile &profile,
1844 const DmAccessCaller &caller, const DmAccessCallee &callee)
1845 {
1846 LOGI("BindType %{public}d, bindLevel %{public}d.",
1847 profile.GetBindType(), profile.GetBindLevel());
1848 uint32_t bindType = profile.GetBindType();
1849 bool ret = false;
1850 switch (bindType) {
1851 case DM_IDENTICAL_ACCOUNT:
1852 ret = true;
1853 break;
1854 case DM_POINT_TO_POINT:
1855 if (profile.GetBindLevel() == USER && !IsLnnAcl(profile)) {
1856 ret = true;
1857 } else if ((profile.GetBindLevel() == APP || profile.GetBindLevel() == SERVICE) &&
1858 (profile.GetAccesser().GetAccesserBundleName() == caller.pkgName ||
1859 profile.GetAccessee().GetAccesseeBundleName() == caller.pkgName)) {
1860 ret = CheckAppLevelAccess(profile, caller, callee);
1861 }
1862 break;
1863 case DM_ACROSS_ACCOUNT:
1864 if (profile.GetBindLevel() == USER && !IsLnnAcl(profile)) {
1865 ret = true;
1866 } else if ((profile.GetBindLevel() == APP || profile.GetBindLevel() == SERVICE) &&
1867 (profile.GetAccesser().GetAccesserBundleName() == caller.pkgName ||
1868 profile.GetAccessee().GetAccesseeBundleName() == caller.pkgName)) {
1869 ret = CheckAppLevelAccess(profile, caller, callee);
1870 }
1871 break;
1872 default:
1873 LOGE("unknown bind type %{public}d.", bindType);
1874 break;
1875 }
1876 return ret;
1877 }
1878
CheckAppLevelAccess(const DistributedDeviceProfile::AccessControlProfile & profile,const DmAccessCaller & caller,const DmAccessCallee & callee)1879 bool DeviceProfileConnector::CheckAppLevelAccess(const DistributedDeviceProfile::AccessControlProfile &profile,
1880 const DmAccessCaller &caller, const DmAccessCallee &callee)
1881 {
1882 if (caller.tokenId == 0 || callee.tokenId == 0) {
1883 return true;
1884 } else {
1885 if ((static_cast<uint64_t>(profile.GetAccesser().GetAccesserTokenId()) == caller.tokenId &&
1886 static_cast<uint64_t>(profile.GetAccessee().GetAccesseeTokenId()) == callee.tokenId) ||
1887 (static_cast<uint64_t>(profile.GetAccesser().GetAccesserTokenId()) == callee.tokenId &&
1888 static_cast<uint64_t>(profile.GetAccessee().GetAccesseeTokenId()) == caller.tokenId)) {
1889 return true;
1890 } else {
1891 return false;
1892 }
1893 }
1894 }
1895
CheckIsSameAccount(const DmAccessCaller & caller,const std::string & srcUdid,const DmAccessCallee & callee,const std::string & sinkUdid)1896 DM_EXPORT bool DeviceProfileConnector::CheckIsSameAccount(
1897 const DmAccessCaller &caller, const std::string &srcUdid,
1898 const DmAccessCallee &callee, const std::string &sinkUdid)
1899 {
1900 LOGI("srcUdid %{public}s, srcUserId %{public}d, srcPkgName %{public}s,"
1901 "srcAccountId %{public}s, sinkUdid %{public}s, sinkUserId %{public}d, sinkPkgName %{public}s,"
1902 "sinkAccountId %{public}s.", GetAnonyString(srcUdid).c_str(), caller.userId,
1903 caller.pkgName.c_str(), GetAnonyString(caller.accountId).c_str(),
1904 GetAnonyString(sinkUdid).c_str(), callee.userId, callee.pkgName.c_str(),
1905 GetAnonyString(callee.accountId).c_str());
1906 std::vector<AccessControlProfile> profiles = GetAllAccessControlProfile();
1907 std::vector<AccessControlProfile> profilesFilter
1908 = GetACLByDeviceIdAndUserId(profiles, caller, srcUdid, callee, sinkUdid);
1909 for (auto &item : profilesFilter) {
1910 if (item.GetStatus() != ACTIVE || (item.GetTrustDeviceId() != sinkUdid &&
1911 item.GetTrustDeviceId() != srcUdid)) {
1912 continue;
1913 }
1914 if (item.GetBindType() == DM_IDENTICAL_ACCOUNT) {
1915 LOGI("The udid %{public}s is identical bind.", GetAnonyString(item.GetTrustDeviceId()).c_str());
1916 return true;
1917 }
1918 }
1919 return false;
1920 }
1921
GetBindLevel(const std::string & pkgName,const std::string & localUdid,const std::string & udid,uint64_t & tokenId)1922 DM_EXPORT int32_t DeviceProfileConnector::GetBindLevel(const std::string &pkgName,
1923 const std::string &localUdid, const std::string &udid, uint64_t &tokenId)
1924 {
1925 LOGI("pkgName %{public}s, udid %{public}s.", pkgName.c_str(), GetAnonyString(udid).c_str());
1926 std::vector<AccessControlProfile> profiles = GetAclProfileByDeviceIdAndUserId(localUdid,
1927 MultipleUserConnector::GetFirstForegroundUserId());
1928 int32_t bindLevel = INVALIED_TYPE;
1929 for (auto &item : profiles) {
1930 if (item.GetTrustDeviceId() != udid) {
1931 continue;
1932 }
1933 if (item.GetAccesser().GetAccesserBundleName() == pkgName &&
1934 item.GetAccesser().GetAccesserDeviceId() == localUdid &&
1935 item.GetAccessee().GetAccesseeDeviceId() == udid) {
1936 tokenId = static_cast<uint64_t>(item.GetAccesser().GetAccesserTokenId());
1937 bindLevel = static_cast<int32_t>(item.GetBindLevel());
1938 LOGI("Src get bindLevel %{public}d.", bindLevel);
1939 continue;
1940 }
1941 if (item.GetAccessee().GetAccesseeBundleName() == pkgName &&
1942 item.GetAccessee().GetAccesseeDeviceId() == localUdid &&
1943 item.GetAccesser().GetAccesserDeviceId() == udid) {
1944 tokenId = static_cast<uint64_t>(item.GetAccessee().GetAccesseeTokenId());
1945 bindLevel = static_cast<int32_t>(item.GetBindLevel());
1946 LOGI("Sink get bindLevel %{public}d.", bindLevel);
1947 continue;
1948 }
1949 }
1950 return bindLevel;
1951 }
1952
GetDeviceIdAndBindLevel(std::vector<int32_t> userIds,const std::string & localUdid)1953 std::map<std::string, int32_t> DeviceProfileConnector::GetDeviceIdAndBindLevel(std::vector<int32_t> userIds,
1954 const std::string &localUdid)
1955 {
1956 std::vector<AccessControlProfile> profiles = GetAllAccessControlProfile();
1957 std::map<std::string, int32_t> deviceIdMap;
1958 for (const auto &item : profiles) {
1959 if (IsLnnAcl(item)) {
1960 continue;
1961 }
1962 if (find(userIds.begin(), userIds.end(), item.GetAccesser().GetAccesserUserId()) != userIds.end() &&
1963 item.GetAccesser().GetAccesserDeviceId() == localUdid) {
1964 LOGI("Get Device Bind type localUdid %{public}s is src.", GetAnonyString(localUdid).c_str());
1965 UpdateBindType(item.GetTrustDeviceId(), item.GetBindLevel(), deviceIdMap);
1966 continue;
1967 }
1968 if (find(userIds.begin(), userIds.end(), item.GetAccessee().GetAccesseeUserId()) != userIds.end() &&
1969 item.GetAccessee().GetAccesseeDeviceId() == localUdid) {
1970 LOGI("Get Device Bind type localUdid %{public}s is sink.", GetAnonyString(localUdid).c_str());
1971 UpdateBindType(item.GetTrustDeviceId(), item.GetBindLevel(), deviceIdMap);
1972 continue;
1973 }
1974 }
1975 return deviceIdMap;
1976 }
1977
GetDeviceIdAndUdidListByTokenId(const std::vector<int32_t> & userIds,const std::string & localUdid,int32_t tokenId)1978 std::vector<std::string> DeviceProfileConnector::GetDeviceIdAndUdidListByTokenId(const std::vector<int32_t> &userIds,
1979 const std::string &localUdid, int32_t tokenId)
1980 {
1981 if (userIds.empty() || localUdid.empty()) {
1982 LOGE("userIds or localUdid is empty.");
1983 return {};
1984 }
1985 std::vector<AccessControlProfile> profiles = GetAllAccessControlProfile();
1986 std::map<std::string, int32_t> deviceIdMap;
1987 std::vector<std::string> udidList;
1988
1989 for (const auto &item : profiles) {
1990 if (IsLnnAcl(item)) {
1991 continue;
1992 }
1993
1994 if (find(userIds.begin(), userIds.end(), item.GetAccesser().GetAccesserUserId()) != userIds.end() &&
1995 item.GetAccesser().GetAccesserDeviceId() == localUdid &&
1996 static_cast<int32_t>(item.GetAccesser().GetAccesserTokenId()) == tokenId) {
1997 LOGI("Get Device Bind type localUdid %{public}s is src, tokenId %{public}s.",
1998 GetAnonyString(localUdid).c_str(), GetAnonyInt32(tokenId).c_str());
1999 UpdateBindType(item.GetTrustDeviceId(), item.GetBindLevel(), deviceIdMap);
2000 continue;
2001 }
2002
2003 if (find(userIds.begin(), userIds.end(), item.GetAccessee().GetAccesseeUserId()) != userIds.end() &&
2004 item.GetAccessee().GetAccesseeDeviceId() == localUdid &&
2005 static_cast<int32_t>(item.GetAccessee().GetAccesseeTokenId()) == tokenId) {
2006 LOGI("Get Device Bind type localUdid %{public}s is sink, tokenId %{public}s.",
2007 GetAnonyString(localUdid).c_str(), GetAnonyInt32(tokenId).c_str());
2008 UpdateBindType(item.GetTrustDeviceId(), item.GetBindLevel(), deviceIdMap);
2009 continue;
2010 }
2011 }
2012
2013 for (const auto &item : deviceIdMap) {
2014 udidList.push_back(item.first);
2015 }
2016 return udidList;
2017 }
2018
GetDeviceIdAndUserId(int32_t userId,const std::string & accountId,const std::string & localUdid)2019 DM_EXPORT std::multimap<std::string, int32_t> DeviceProfileConnector::GetDeviceIdAndUserId(
2020 int32_t userId, const std::string &accountId, const std::string &localUdid)
2021 {
2022 LOGI("localUdid %{public}s, userId %{public}d, accountId %{public}s.", GetAnonyString(localUdid).c_str(),
2023 userId, GetAnonyString(accountId).c_str());
2024 std::vector<AccessControlProfile> profiles = GetAllAclIncludeLnnAcl();
2025 std::multimap<std::string, int32_t> deviceIdMap;
2026 for (const auto &item : profiles) {
2027 std::string accesserUdid = item.GetAccesser().GetAccesserDeviceId();
2028 std::string accesseeUdid = item.GetAccessee().GetAccesseeDeviceId();
2029 int32_t accesserUserId = item.GetAccesser().GetAccesserUserId();
2030 int32_t accesseeUserId = item.GetAccessee().GetAccesseeUserId();
2031 std::string accesserAccountId = item.GetAccesser().GetAccesserAccountId();
2032 std::string accesseeAccountId = item.GetAccessee().GetAccesseeAccountId();
2033 if (accesserUdid == localUdid && accesserUserId == userId && accesserAccountId == accountId) {
2034 LOGI("Account logout trust udid %{public}s userid %{public}d is src.",
2035 GetAnonyString(accesseeUdid).c_str(), accesseeUserId);
2036 deviceIdMap.insert(std::pair<std::string, int32_t>(accesseeUdid, accesseeUserId));
2037 continue;
2038 }
2039 if (accesseeUdid == localUdid && accesseeUserId == userId && accesseeAccountId == accountId) {
2040 LOGI("Account logout trust udid %{public}s userid %{public}d is sink.",
2041 GetAnonyString(accesserUdid).c_str(), accesserUserId);
2042 deviceIdMap.insert(std::pair<std::string, int32_t>(accesserUdid, accesserUserId));
2043 continue;
2044 }
2045 }
2046 return deviceIdMap;
2047 }
2048
UpdateBindType(const std::string & udid,int32_t compareParam,std::map<std::string,int32_t> & deviceMap)2049 void DeviceProfileConnector::UpdateBindType(const std::string &udid, int32_t compareParam,
2050 std::map<std::string, int32_t> &deviceMap)
2051 {
2052 LOGI("BindType %{public}d.", compareParam);
2053 if (deviceMap.find(udid) == deviceMap.end()) {
2054 deviceMap[udid] = compareParam;
2055 } else {
2056 deviceMap[udid] = std::min(deviceMap[udid], compareParam);
2057 }
2058 }
2059
HandleAccountLogoutEvent(int32_t remoteUserId,const std::string & remoteAccountHash,const std::string & remoteUdid,const std::string & localUdid)2060 int32_t DeviceProfileConnector::HandleAccountLogoutEvent(int32_t remoteUserId,
2061 const std::string &remoteAccountHash, const std::string &remoteUdid, const std::string &localUdid)
2062 {
2063 LOGI("RemoteUserId %{public}d, remoteAccountHash %{public}s, remoteUdid %{public}s, localUdid %{public}s.",
2064 remoteUserId, GetAnonyString(remoteAccountHash).c_str(), GetAnonyString(remoteUdid).c_str(),
2065 GetAnonyString(localUdid).c_str());
2066 std::vector<AccessControlProfile> profiles = GetAccessControlProfileByUserId(remoteUserId);
2067 int32_t bindType = DM_INVALIED_TYPE;
2068 for (const auto &item : profiles) {
2069 if (item.GetTrustDeviceId() != remoteUdid) {
2070 continue;
2071 }
2072 std::string accesserUdid = item.GetAccesser().GetAccesserDeviceId();
2073 std::string accesseeUdid = item.GetAccessee().GetAccesseeDeviceId();
2074 int32_t accesserUserId = item.GetAccesser().GetAccesserUserId();
2075 int32_t accesseeUserId = item.GetAccessee().GetAccesseeUserId();
2076 if (accesserUdid == localUdid && accesseeUdid == remoteUdid && accesseeUserId == remoteUserId) {
2077 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId());
2078 bindType = DM_IDENTICAL_ACCOUNT;
2079 continue;
2080 }
2081 if (accesseeUdid == localUdid && accesserUdid == remoteUdid && accesserUserId == remoteUserId) {
2082 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId());
2083 bindType = DM_IDENTICAL_ACCOUNT;
2084 continue;
2085 }
2086 }
2087 return bindType;
2088 }
2089
2090
HandleDevUnBindEvent(int32_t remoteUserId,const std::string & remoteUdid,const std::string & localUdid,DmOfflineParam & offlineParam)2091 DM_EXPORT int32_t DeviceProfileConnector::HandleDevUnBindEvent(int32_t remoteUserId, const std::string &remoteUdid,
2092 const std::string &localUdid, DmOfflineParam &offlineParam)
2093 {
2094 LOGI("RemoteUserId %{public}d, remoteUdid %{public}s, localUdid %{public}s.", remoteUserId,
2095 GetAnonyString(remoteUdid).c_str(), GetAnonyString(localUdid).c_str());
2096 std::vector<AccessControlProfile> profiles = GetAclProfileByDeviceIdAndUserId(remoteUdid, remoteUserId, localUdid);
2097 int32_t bindType = DM_INVALIED_TYPE;
2098 for (const auto &item : profiles) {
2099 if (item.GetTrustDeviceId() != remoteUdid) {
2100 continue;
2101 }
2102 if (item.GetBindType() == DM_IDENTICAL_ACCOUNT) {
2103 bindType = DM_IDENTICAL_ACCOUNT;
2104 continue;
2105 }
2106 if (item.GetAccesser().GetAccesserDeviceId() == localUdid &&
2107 item.GetAccessee().GetAccesseeDeviceId() == remoteUdid) {
2108 offlineParam.bindType = USER;
2109 CacheAcerAclId(item, offlineParam.needDelAclInfos);
2110 LOGI("Src delete acl bindType %{public}d, localUdid %{public}s, remoteUdid %{public}s", item.GetBindType(),
2111 GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str());
2112 bindType = std::min(bindType, static_cast<int32_t>(item.GetBindType()));
2113 continue;
2114 }
2115 if (item.GetAccessee().GetAccesseeDeviceId() == localUdid &&
2116 item.GetAccesser().GetAccesserDeviceId() == remoteUdid) {
2117 offlineParam.bindType = USER;
2118 CacheAceeAclId(item, offlineParam.needDelAclInfos);
2119 LOGI("Sink delete acl bindType %{public}u, localUdid %{public}s, remoteUdid %{public}s", item.GetBindType(),
2120 GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str());
2121 bindType = std::min(bindType, static_cast<int32_t>(item.GetBindType()));
2122 continue;
2123 }
2124 }
2125 return bindType;
2126 }
2127
2128
HandleAppUnBindEvent(int32_t remoteUserId,const std::string & remoteUdid,int32_t tokenId,const std::string & localUdid)2129 DM_EXPORT DmOfflineParam DeviceProfileConnector::HandleAppUnBindEvent(int32_t remoteUserId,
2130 const std::string &remoteUdid, int32_t tokenId, const std::string &localUdid)
2131 {
2132 LOGI("RemoteUserId %{public}d, remoteUdid %{public}s, localUdid %{public}s.",
2133 remoteUserId, GetAnonyString(remoteUdid).c_str(), GetAnonyString(localUdid).c_str());
2134 std::vector<AccessControlProfile> profiles = GetAclProfileByDeviceIdAndUserId(remoteUdid, remoteUserId, localUdid);
2135 DmOfflineParam offlineParam;
2136 if (profiles.empty()) {
2137 LOGE("Acl is empty.");
2138 return offlineParam;
2139 }
2140 for (auto &item : profiles) {
2141 if (item.GetTrustDeviceId() != remoteUdid) {
2142 continue;
2143 }
2144
2145 // First, find need delete acl
2146 if (FindTargetAcl(item, localUdid, remoteUserId, remoteUdid, tokenId, offlineParam)) {
2147 continue;
2148 }
2149
2150 // Second, find the LNN acl
2151 if (FindLnnAcl(item, localUdid, remoteUdid, offlineParam)) {
2152 continue;
2153 }
2154
2155 // Third, find the user or sameaccount acl, dertermine if report offline
2156 if (FindUserAcl(item, localUdid, remoteUdid, offlineParam)) {
2157 continue;
2158 }
2159
2160 // Fourth, find the left service/app acl, determine if del lnn acl
2161 if (FindLeftAcl(item, localUdid, remoteUdid, offlineParam)) {
2162 continue;
2163 }
2164 }
2165 return offlineParam;
2166 }
2167
FindTargetAcl(const DistributedDeviceProfile::AccessControlProfile & acl,const std::string & localUdid,const int32_t remoteUserId,const std::string & remoteUdid,const int32_t tokenId,const int32_t peerTokenId,DmOfflineParam & offlineParam)2168 bool DeviceProfileConnector::FindTargetAcl(const DistributedDeviceProfile::AccessControlProfile &acl,
2169 const std::string &localUdid, const int32_t remoteUserId, const std::string &remoteUdid,
2170 const int32_t tokenId, const int32_t peerTokenId, DmOfflineParam &offlineParam)
2171 {
2172 bool isMatch = false;
2173 std::string acerDeviceId = acl.GetAccesser().GetAccesserDeviceId();
2174 std::string aceeDeviceId = acl.GetAccessee().GetAccesseeDeviceId();
2175 int32_t acerTokenId = static_cast<int32_t>(acl.GetAccesser().GetAccesserTokenId());
2176 int32_t aceeTokenId = static_cast<int32_t>(acl.GetAccessee().GetAccesseeTokenId());
2177 if (acl.GetAccesser().GetAccesserUserId() == remoteUserId && acerDeviceId == remoteUdid &&
2178 aceeDeviceId == localUdid && (acerTokenId == peerTokenId) && (aceeTokenId == tokenId)) {
2179 ProcessInfo processInfo;
2180 processInfo.pkgName = acl.GetAccessee().GetAccesseeBundleName();
2181 processInfo.userId = acl.GetAccessee().GetAccesseeUserId();
2182 offlineParam.processVec.push_back(processInfo);
2183 CacheAceeAclId(acl, offlineParam.needDelAclInfos);
2184 LOGI("Src del acl aclId: %{public}" PRId64 ", localUdid %{public}s, remoteUdid %{public}s"
2185 ", bindType %{public}d, bindLevel: %{public}d", acl.GetAccessControlId(),
2186 GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str(), acl.GetBindType(),
2187 acl.GetBindLevel());
2188 isMatch = true;
2189 }
2190 if (acl.GetAccessee().GetAccesseeUserId() == remoteUserId && aceeDeviceId == remoteUdid &&
2191 acerDeviceId == localUdid && (aceeTokenId == peerTokenId) && (acerTokenId == tokenId)) {
2192 ProcessInfo processInfo;
2193 processInfo.pkgName = acl.GetAccesser().GetAccesserBundleName();
2194 processInfo.userId = acl.GetAccesser().GetAccesserUserId();
2195 offlineParam.processVec.push_back(processInfo);
2196 CacheAcerAclId(acl, offlineParam.needDelAclInfos);
2197 LOGI("Sink del acl aclId: %{public}" PRId64 ", localUdid %{public}s, remoteUdid %{public}s"
2198 ", bindType %{public}d, bindLevel: %{public}d", acl.GetAccessControlId(),
2199 GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str(), acl.GetBindType(),
2200 acl.GetBindLevel());
2201 isMatch = true;
2202 }
2203 return isMatch;
2204 }
2205
HandleAppUnBindEvent(int32_t remoteUserId,const std::string & remoteUdid,int32_t tokenId,const std::string & localUdid,int32_t peerTokenId)2206 DM_EXPORT DmOfflineParam DeviceProfileConnector::HandleAppUnBindEvent(int32_t remoteUserId,
2207 const std::string &remoteUdid, int32_t tokenId, const std::string &localUdid, int32_t peerTokenId)
2208 {
2209 LOGI("RemoteUserId %{public}d, remoteUdid %{public}s, localUdid %{public}s.",
2210 remoteUserId, GetAnonyString(remoteUdid).c_str(), GetAnonyString(localUdid).c_str());
2211 std::vector<AccessControlProfile> profiles = GetAclProfileByDeviceIdAndUserId(remoteUdid, remoteUserId, localUdid);
2212 DmOfflineParam offlineParam;
2213 if (profiles.empty()) {
2214 LOGE("Acl is empty.");
2215 return offlineParam;
2216 }
2217 for (auto &item : profiles) {
2218 if (item.GetTrustDeviceId() != remoteUdid) {
2219 continue;
2220 }
2221
2222 // First, find need delete acl
2223 if (FindTargetAcl(item, localUdid, remoteUserId, remoteUdid, tokenId, peerTokenId, offlineParam)) {
2224 continue;
2225 }
2226
2227 // Second, find the LNN acl
2228 if (FindLnnAcl(item, localUdid, remoteUdid, offlineParam)) {
2229 continue;
2230 }
2231
2232 // Third, find the user or sameaccount acl, dertermine if report offline
2233 if (FindUserAcl(item, localUdid, remoteUdid, offlineParam)) {
2234 continue;
2235 }
2236
2237 // Fourth, find the left service/app acl, determine if del lnn acl
2238 if (FindLeftAcl(item, localUdid, remoteUdid, offlineParam)) {
2239 continue;
2240 }
2241 }
2242 return offlineParam;
2243 }
2244
FindTargetAcl(const DistributedDeviceProfile::AccessControlProfile & acl,const std::string & localUdid,const int32_t remoteUserId,const std::string & remoteUdid,const int32_t remoteTokenId,DmOfflineParam & offlineParam)2245 bool DeviceProfileConnector::FindTargetAcl(const DistributedDeviceProfile::AccessControlProfile &acl,
2246 const std::string &localUdid, const int32_t remoteUserId, const std::string &remoteUdid,
2247 const int32_t remoteTokenId, DmOfflineParam &offlineParam)
2248 {
2249 bool isMatch = false;
2250 if (acl.GetAccesser().GetAccesserUserId() == remoteUserId &&
2251 acl.GetAccesser().GetAccesserDeviceId() == remoteUdid &&
2252 (static_cast<int32_t>(acl.GetAccesser().GetAccesserTokenId()) == remoteTokenId) &&
2253 acl.GetAccessee().GetAccesseeDeviceId() == localUdid) {
2254 ProcessInfo processInfo;
2255 processInfo.pkgName = acl.GetAccessee().GetAccesseeBundleName();
2256 processInfo.userId = acl.GetAccessee().GetAccesseeUserId();
2257 offlineParam.processVec.push_back(processInfo);
2258 CacheAceeAclId(acl, offlineParam.needDelAclInfos);
2259 LOGI("Src del acl aclId: %{public}" PRId64 ", localUdid %{public}s, remoteUdid %{public}s"
2260 ", bindType %{public}d, bindLevel: %{public}d", acl.GetAccessControlId(),
2261 GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str(), acl.GetBindType(),
2262 acl.GetBindLevel());
2263 isMatch = true;
2264 }
2265
2266 if (acl.GetAccessee().GetAccesseeUserId() == remoteUserId &&
2267 acl.GetAccessee().GetAccesseeDeviceId() == remoteUdid &&
2268 (static_cast<int32_t>(acl.GetAccessee().GetAccesseeTokenId()) == remoteTokenId) &&
2269 acl.GetAccesser().GetAccesserDeviceId() == localUdid) {
2270 ProcessInfo processInfo;
2271 processInfo.pkgName = acl.GetAccesser().GetAccesserBundleName();
2272 processInfo.userId = acl.GetAccesser().GetAccesserUserId();
2273 offlineParam.processVec.push_back(processInfo);
2274 CacheAcerAclId(acl, offlineParam.needDelAclInfos);
2275 LOGI("Sink del acl aclId: %{public}" PRId64 ", localUdid %{public}s, remoteUdid %{public}s"
2276 ", bindType %{public}d, bindLevel: %{public}d", acl.GetAccessControlId(),
2277 GetAnonyString(localUdid).c_str(), GetAnonyString(remoteUdid).c_str(), acl.GetBindType(),
2278 acl.GetBindLevel());
2279 isMatch = true;
2280 }
2281 return isMatch;
2282 }
2283
HandleServiceUnBindEvent(int32_t remoteUserId,const std::string & remoteUdid,const std::string & localUdid,int32_t tokenId)2284 DmOfflineParam DeviceProfileConnector::HandleServiceUnBindEvent(int32_t remoteUserId,
2285 const std::string &remoteUdid, const std::string &localUdid, int32_t tokenId)
2286 {
2287 LOGI("RemoteUserId %{public}d, remoteUdid %{public}s, localUdid %{public}s.",
2288 remoteUserId, GetAnonyString(remoteUdid).c_str(), GetAnonyString(localUdid).c_str());
2289 std::vector<AccessControlProfile> profiles = GetAclProfileByDeviceIdAndUserId(remoteUdid, remoteUserId, localUdid);
2290 DmOfflineParam offlineParam;
2291 if (profiles.empty()) {
2292 LOGE("Acl is empty.");
2293 return offlineParam;
2294 }
2295 for (auto &item : profiles) {
2296 if (item.GetTrustDeviceId() != remoteUdid) {
2297 continue;
2298 }
2299
2300 // First, find need delete acl
2301 if (FindTargetAcl(item, localUdid, remoteUserId, remoteUdid, tokenId, offlineParam)) {
2302 continue;
2303 }
2304
2305 // Second, find the LNN acl
2306 if (FindLnnAcl(item, localUdid, remoteUdid, offlineParam)) {
2307 continue;
2308 }
2309
2310 // Third, find the user or sameaccount acl, dertermine if report offline
2311 if (FindUserAcl(item, localUdid, remoteUdid, offlineParam)) {
2312 continue;
2313 }
2314
2315 // Fourth, find the left service/app acl, determine if del lnn acl
2316 if (FindLeftAcl(item, localUdid, remoteUdid, offlineParam)) {
2317 continue;
2318 }
2319 }
2320 return offlineParam;
2321 }
2322
GetAllAccessControlProfile()2323 DM_EXPORT std::vector<AccessControlProfile> DeviceProfileConnector::GetAllAccessControlProfile()
2324 {
2325 std::vector<AccessControlProfile> profiles;
2326 int32_t ret = DistributedDeviceProfileClient::GetInstance().GetAllAccessControlProfile(profiles);
2327 if (ret != DM_OK) {
2328 LOGE("DP failed, ret = %{public}d", ret);
2329 }
2330 return profiles;
2331 }
2332
GetAllAclIncludeLnnAcl()2333 DM_EXPORT std::vector<AccessControlProfile> DeviceProfileConnector::GetAllAclIncludeLnnAcl()
2334 {
2335 std::vector<AccessControlProfile> profiles;
2336 int32_t ret = DistributedDeviceProfileClient::GetInstance().GetAllAclIncludeLnnAcl(profiles);
2337 if (ret != DM_OK) {
2338 LOGE("DP failed, ret = %{public}d", ret);
2339 }
2340 return profiles;
2341 }
2342
DeleteAccessControlById(int64_t accessControlId)2343 DM_EXPORT void DeviceProfileConnector::DeleteAccessControlById(
2344 int64_t accessControlId)
2345 {
2346 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(accessControlId);
2347 }
2348
HandleUserSwitched(const std::string & localUdid,const std::vector<std::string> & deviceVec,int32_t currentUserId,int32_t beforeUserId)2349 DM_EXPORT int32_t DeviceProfileConnector::HandleUserSwitched(
2350 const std::string &localUdid, const std::vector<std::string> &deviceVec, int32_t currentUserId,
2351 int32_t beforeUserId)
2352 {
2353 if (deviceVec.empty()) {
2354 LOGI("no remote device.");
2355 return DM_OK;
2356 }
2357 std::vector<AccessControlProfile> profiles = GetAllAclIncludeLnnAcl();
2358 std::vector<AccessControlProfile> activeProfiles;
2359 std::vector<AccessControlProfile> inActiveProfiles;
2360 for (auto &item : profiles) {
2361 if (std::find(deviceVec.begin(), deviceVec.end(), item.GetTrustDeviceId()) == deviceVec.end()) {
2362 continue;
2363 }
2364 if ((item.GetAccesser().GetAccesserDeviceId() == localUdid &&
2365 item.GetAccesser().GetAccesserUserId() == beforeUserId) ||
2366 (item.GetAccessee().GetAccesseeDeviceId() == localUdid &&
2367 item.GetAccessee().GetAccesseeUserId() == beforeUserId)) {
2368 if (item.GetStatus() == ACTIVE) {
2369 item.SetStatus(INACTIVE);
2370 inActiveProfiles.push_back(item);
2371 }
2372 continue;
2373 }
2374 if ((item.GetAccesser().GetAccesserDeviceId() == localUdid &&
2375 item.GetAccesser().GetAccesserUserId() == currentUserId && item.GetStatus() == INACTIVE) || (
2376 item.GetAccessee().GetAccesseeDeviceId() == localUdid &&
2377 item.GetAccessee().GetAccesseeUserId() == currentUserId && item.GetStatus() == INACTIVE)) {
2378 item.SetStatus(ACTIVE);
2379 activeProfiles.push_back(item);
2380 continue;
2381 }
2382 }
2383 HandleUserSwitched(activeProfiles, inActiveProfiles);
2384 return DM_OK;
2385 }
2386
HandleUserSwitched(const std::vector<AccessControlProfile> & activeProfiles,const std::vector<AccessControlProfile> & inActiveProfiles)2387 DM_EXPORT void DeviceProfileConnector::HandleUserSwitched(
2388 const std::vector<AccessControlProfile> &activeProfiles,
2389 const std::vector<AccessControlProfile> &inActiveProfiles)
2390 {
2391 for (auto &item : inActiveProfiles) {
2392 DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(item);
2393 }
2394
2395 for (auto &item : activeProfiles) {
2396 DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(item);
2397 }
2398 }
2399
GetAclProfileByUserId(const std::string & localUdid,int32_t userId,const std::string & remoteUdid)2400 std::vector<AccessControlProfile> DeviceProfileConnector::GetAclProfileByUserId(const std::string &localUdid,
2401 int32_t userId, const std::string &remoteUdid)
2402 {
2403 LOGI("localUdid %{public}s, localUserId %{public}d, remoteUdid %{public}s.", GetAnonyString(localUdid).c_str(),
2404 userId, GetAnonyString(remoteUdid).c_str());
2405 std::vector<AccessControlProfile> profiles = GetAllAccessControlProfile();
2406 std::vector<AccessControlProfile> profilesTemp;
2407 for (const auto &item : profiles) {
2408 if (item.GetAccesser().GetAccesserDeviceId() == localUdid &&
2409 item.GetAccesser().GetAccesserUserId() == userId &&
2410 item.GetAccessee().GetAccesseeDeviceId() == remoteUdid) {
2411 profilesTemp.push_back(item);
2412 } else if (item.GetAccessee().GetAccesseeDeviceId() == localUdid &&
2413 item.GetAccessee().GetAccesseeUserId() == userId &&
2414 item.GetAccesser().GetAccesserDeviceId() == remoteUdid) {
2415 profilesTemp.push_back(item);
2416 }
2417 }
2418 return profilesTemp;
2419 }
2420
HandleSyncForegroundUserIdEvent(const std::vector<int32_t> & remoteUserIds,const std::string & remoteUdid,const std::vector<int32_t> & localUserIds,std::string & localUdid)2421 DM_EXPORT void DeviceProfileConnector::HandleSyncForegroundUserIdEvent(
2422 const std::vector<int32_t> &remoteUserIds, const std::string &remoteUdid,
2423 const std::vector<int32_t> &localUserIds, std::string &localUdid)
2424 {
2425 LOGI("localUdid %{public}s, remoteUdid %{public}s.", GetAnonyString(localUdid).c_str(),
2426 GetAnonyString(remoteUdid).c_str());
2427 std::vector<AccessControlProfile> profiles = GetAllAclIncludeLnnAcl();
2428 for (auto &item : profiles) {
2429 if (item.GetAccesser().GetAccesserDeviceId() == localUdid &&
2430 item.GetAccessee().GetAccesseeDeviceId() == remoteUdid &&
2431 find(localUserIds.begin(), localUserIds.end(),
2432 item.GetAccesser().GetAccesserUserId()) != localUserIds.end() &&
2433 find(remoteUserIds.begin(), remoteUserIds.end(),
2434 item.GetAccessee().GetAccesseeUserId()) != remoteUserIds.end() && item.GetStatus() == INACTIVE) {
2435 item.SetStatus(ACTIVE);
2436 DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(item);
2437 } else if (item.GetAccessee().GetAccesseeDeviceId() == localUdid &&
2438 item.GetAccesser().GetAccesserDeviceId() == remoteUdid &&
2439 find(localUserIds.begin(), localUserIds.end(),
2440 item.GetAccessee().GetAccesseeUserId()) != localUserIds.end() &&
2441 find(remoteUserIds.begin(), remoteUserIds.end(),
2442 item.GetAccesser().GetAccesserUserId()) != remoteUserIds.end() && item.GetStatus() == INACTIVE) {
2443 item.SetStatus(ACTIVE);
2444 DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(item);
2445 }
2446 }
2447 }
2448
GetOfflineProcessInfo(std::string & localUdid,const std::vector<int32_t> & localUserIds,const std::string & remoteUdid,const std::vector<int32_t> & remoteUserIds)2449 std::vector<ProcessInfo> DeviceProfileConnector::GetOfflineProcessInfo(std::string &localUdid,
2450 const std::vector<int32_t> &localUserIds, const std::string &remoteUdid, const std::vector<int32_t> &remoteUserIds)
2451 {
2452 LOGI("localUdid %{public}s, remoteUdid %{public}s.", GetAnonyString(localUdid).c_str(),
2453 GetAnonyString(remoteUdid).c_str());
2454 std::vector<AccessControlProfile> profiles = GetAllAccessControlProfile();
2455 std::vector<ProcessInfo> processInfos;
2456 int32_t bindLevel = 100;
2457 for (const auto &item : profiles) {
2458 if (IsLnnAcl(item)) {
2459 continue;
2460 }
2461 ProcessInfo processInfo;
2462 std::string accesserUdid = item.GetAccesser().GetAccesserDeviceId();
2463 std::string accesseeUdid = item.GetAccessee().GetAccesseeDeviceId();
2464 int32_t accesserUserId = item.GetAccesser().GetAccesserUserId();
2465 int32_t accesseeUserId = item.GetAccessee().GetAccesseeUserId();
2466 if (accesserUdid == localUdid && accesseeUdid == remoteUdid &&
2467 find(localUserIds.begin(), localUserIds.end(), accesserUserId) != localUserIds.end() &&
2468 find(remoteUserIds.begin(), remoteUserIds.end(), accesseeUserId) != remoteUserIds.end() &&
2469 item.GetStatus() == ACTIVE) {
2470 processInfo.pkgName = item.GetAccesser().GetAccesserBundleName();
2471 processInfo.userId = item.GetAccesser().GetAccesserUserId();
2472 bindLevel = std::min(bindLevel, static_cast<int32_t>(item.GetBindLevel()));
2473 processInfos.push_back(processInfo);
2474 } else if (accesseeUdid == localUdid && accesserUdid == remoteUdid &&
2475 find(localUserIds.begin(), localUserIds.end(), accesseeUserId) != localUserIds.end() &&
2476 find(remoteUserIds.begin(), remoteUserIds.end(), accesserUserId) != remoteUserIds.end() &&
2477 item.GetStatus() == ACTIVE) {
2478 processInfo.pkgName = item.GetAccessee().GetAccesseeBundleName();
2479 processInfo.userId = item.GetAccessee().GetAccesseeUserId();
2480 bindLevel = std::min(bindLevel, static_cast<int32_t>(item.GetBindLevel()));
2481 processInfos.push_back(processInfo);
2482 }
2483 }
2484 if (bindLevel == INVALIED_TYPE || bindLevel == USER) {
2485 processInfos.clear();
2486 for (const auto &item : localUserIds) {
2487 ProcessInfo processInfo;
2488 processInfo.pkgName = std::string(DM_PKG_NAME);
2489 processInfo.userId = item;
2490 processInfos.push_back(processInfo);
2491 }
2492 }
2493 return processInfos;
2494 }
2495
GetUserIdAndBindLevel(const std::string & localUdid,const std::string & peerUdid)2496 DM_EXPORT std::map<int32_t, int32_t> DeviceProfileConnector::GetUserIdAndBindLevel(
2497 const std::string &localUdid, const std::string &peerUdid)
2498 {
2499 LOGI("localUdid %{public}s, peerUdid %{public}s.", GetAnonyString(localUdid).c_str(),
2500 GetAnonyString(peerUdid).c_str());
2501 std::vector<AccessControlProfile> profiles = GetAllAccessControlProfile();
2502 std::map<int32_t, int32_t> userIdAndBindLevel;
2503 for (const auto &item : profiles) {
2504 if (IsLnnAcl(item)) {
2505 continue;
2506 }
2507 std::string accesserUdid = item.GetAccesser().GetAccesserDeviceId();
2508 std::string accesseeUdid = item.GetAccessee().GetAccesseeDeviceId();
2509 int32_t accesserUserid = item.GetAccesser().GetAccesserUserId();
2510 int32_t accesseeUserid = item.GetAccessee().GetAccesseeUserId();
2511 if (accesserUdid == localUdid && accesseeUdid == peerUdid) {
2512 if (userIdAndBindLevel.find(accesserUserid) == userIdAndBindLevel.end()) {
2513 userIdAndBindLevel[accesserUserid] = static_cast<int32_t>(item.GetBindLevel());
2514 } else {
2515 userIdAndBindLevel[accesserUserid] =
2516 std::min(static_cast<int32_t>(item.GetBindLevel()), userIdAndBindLevel[accesserUserid]);
2517 }
2518 } else if (accesseeUdid == localUdid && accesserUdid == peerUdid) {
2519 if (userIdAndBindLevel.find(accesseeUserid) == userIdAndBindLevel.end()) {
2520 userIdAndBindLevel[accesseeUserid] = static_cast<int32_t>(item.GetBindLevel());
2521 } else {
2522 userIdAndBindLevel[accesseeUserid] =
2523 std::min(static_cast<int32_t>(item.GetBindLevel()), userIdAndBindLevel[accesseeUserid]);
2524 }
2525 }
2526 }
2527 return userIdAndBindLevel;
2528 }
2529
UpdateACL(std::string & localUdid,const std::vector<int32_t> & localUserIds,const std::string & remoteUdid,const std::vector<int32_t> & remoteFrontUserIds,const std::vector<int32_t> & remoteBackUserIds,DmOfflineParam & offlineParam)2530 DM_EXPORT void DeviceProfileConnector::UpdateACL(std::string &localUdid,
2531 const std::vector<int32_t> &localUserIds, const std::string &remoteUdid,
2532 const std::vector<int32_t> &remoteFrontUserIds, const std::vector<int32_t> &remoteBackUserIds,
2533 DmOfflineParam &offlineParam)
2534 {
2535 LOGI("localUdid %{public}s, remoteUdid %{public}s.", GetAnonyString(localUdid).c_str(),
2536 GetAnonyString(remoteUdid).c_str());
2537 std::vector<AccessControlProfile> profiles = GetAllAclIncludeLnnAcl();
2538 for (auto item : profiles) {
2539 // deleta signal trust acl.
2540 DeleteSigTrustACL(item, remoteUdid, remoteFrontUserIds, remoteBackUserIds, offlineParam);
2541 // update identical account userId.
2542 UpdatePeerUserId(item, localUdid, localUserIds, remoteUdid, remoteFrontUserIds);
2543 }
2544 }
2545
DeleteSigTrustACL(AccessControlProfile profile,const std::string & remoteUdid,const std::vector<int32_t> & remoteFrontUserIds,const std::vector<int32_t> & remoteBackUserIds,DmOfflineParam & offlineParam)2546 void DeviceProfileConnector::DeleteSigTrustACL(AccessControlProfile profile, const std::string &remoteUdid,
2547 const std::vector<int32_t> &remoteFrontUserIds, const std::vector<int32_t> &remoteBackUserIds,
2548 DmOfflineParam &offlineParam)
2549 {
2550 LOGI("start.");
2551 std::string accesserUdid = profile.GetAccesser().GetAccesserDeviceId();
2552 std::string accesseeUdid = profile.GetAccessee().GetAccesseeDeviceId();
2553 int32_t accesserUserid = profile.GetAccesser().GetAccesserUserId();
2554 int32_t accesseeUserid = profile.GetAccessee().GetAccesseeUserId();
2555 if (accesserUdid == remoteUdid && accesserUserid != 0 && accesserUserid != -1 &&
2556 find(remoteFrontUserIds.begin(), remoteFrontUserIds.end(), accesserUserid) == remoteFrontUserIds.end() &&
2557 find(remoteBackUserIds.begin(), remoteBackUserIds.end(), accesserUserid) == remoteBackUserIds.end()) {
2558 CacheAcerAclId(profile, offlineParam.needDelAclInfos);
2559 return;
2560 }
2561 if (accesseeUdid == remoteUdid && accesseeUserid != 0 && accesseeUserid != -1 &&
2562 find(remoteFrontUserIds.begin(), remoteFrontUserIds.end(), accesseeUserid) == remoteFrontUserIds.end() &&
2563 find(remoteBackUserIds.begin(), remoteBackUserIds.end(), accesseeUserid) == remoteBackUserIds.end()) {
2564 CacheAceeAclId(profile, offlineParam.needDelAclInfos);
2565 return;
2566 }
2567 }
2568
UpdatePeerUserId(AccessControlProfile profile,std::string & localUdid,const std::vector<int32_t> & localUserIds,const std::string & remoteUdid,const std::vector<int32_t> & remoteFrontUserIds)2569 void DeviceProfileConnector::UpdatePeerUserId(AccessControlProfile profile, std::string &localUdid,
2570 const std::vector<int32_t> &localUserIds, const std::string &remoteUdid,
2571 const std::vector<int32_t> &remoteFrontUserIds)
2572 {
2573 LOGI("start.");
2574 if (remoteFrontUserIds.empty() || localUserIds.empty()) {
2575 LOGI("remoteFrontUserIds or localUserIds is empty.");
2576 return;
2577 }
2578 std::string accesserUdid = profile.GetAccesser().GetAccesserDeviceId();
2579 std::string accesseeUdid = profile.GetAccessee().GetAccesseeDeviceId();
2580 int32_t accesserUserid = profile.GetAccesser().GetAccesserUserId();
2581 int32_t accesseeUserid = profile.GetAccessee().GetAccesseeUserId();
2582 uint32_t bindType = profile.GetBindType();
2583 if (accesserUdid == localUdid && accesseeUdid == remoteUdid && bindType == DM_IDENTICAL_ACCOUNT &&
2584 find(localUserIds.begin(), localUserIds.end(), accesserUserid) != localUserIds.end() &&
2585 (accesseeUserid == 0 || accesseeUserid == -1)) {
2586 Accessee accessee = profile.GetAccessee();
2587 accessee.SetAccesseeUserId(remoteFrontUserIds[0]);
2588 profile.SetAccessee(accessee);
2589 DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(profile);
2590 return;
2591 }
2592 }
2593
SetProcessInfoPkgName(const DistributedDeviceProfile::AccessControlProfile & acl,ProcessInfo & processInfo)2594 void DeviceProfileConnector::SetProcessInfoPkgName(const DistributedDeviceProfile::AccessControlProfile &acl,
2595 ProcessInfo &processInfo)
2596 {
2597 if (acl.GetBindType() == DM_IDENTICAL_ACCOUNT || acl.GetBindLevel() == USER) {
2598 processInfo.pkgName = std::string(DM_PKG_NAME);
2599 } else {
2600 processInfo.pkgName = acl.GetAccesser().GetAccesserBundleName();
2601 }
2602 }
2603
GetDevIdAndUserIdByActHash(const std::string & localUdid,const std::string & peerUdid,int32_t peerUserId,const std::string & peerAccountHash)2604 DM_EXPORT std::multimap<std::string, int32_t> DeviceProfileConnector::GetDevIdAndUserIdByActHash(
2605 const std::string &localUdid, const std::string &peerUdid,
2606 int32_t peerUserId, const std::string &peerAccountHash)
2607 {
2608 LOGI("localUdid %{public}s, peerUdid %{public}s, peerUserId %{public}d, peerAccountHash %{public}s.",
2609 GetAnonyString(localUdid).c_str(), GetAnonyString(peerUdid).c_str(), peerUserId, peerAccountHash.c_str());
2610 std::vector<AccessControlProfile> profiles = GetAllAccessControlProfile();
2611 std::multimap<std::string, int32_t> deviceIdMap;
2612 for (const auto &item : profiles) {
2613 std::string accesserAccountId = item.GetAccesser().GetAccesserAccountId();
2614 std::string accesseeAccountId = item.GetAccessee().GetAccesseeAccountId();
2615 char accesserAccountIdHash[DM_MAX_DEVICE_ID_LEN] = {0};
2616 if (Crypto::GetAccountIdHash(accesserAccountId, reinterpret_cast<uint8_t *>(accesserAccountIdHash)) != DM_OK) {
2617 LOGE("GetAccountHash failed.");
2618 return deviceIdMap;
2619 }
2620 char accesseeAccountIdHash[DM_MAX_DEVICE_ID_LEN] = {0};
2621 if (Crypto::GetAccountIdHash(accesseeAccountId, reinterpret_cast<uint8_t *>(accesseeAccountIdHash)) != DM_OK) {
2622 LOGE("GetAccountHash failed.");
2623 return deviceIdMap;
2624 }
2625 LOGI("accesserAccountIdHash %{public}s, accesseeAccountIdHash %{public}s", accesserAccountIdHash,
2626 accesseeAccountIdHash);
2627 std::string accesserUdid = item.GetAccesser().GetAccesserDeviceId();
2628 std::string accesseeUdid = item.GetAccessee().GetAccesseeDeviceId();
2629 int32_t accesserUserid = item.GetAccesser().GetAccesserUserId();
2630 int32_t accesseeUserid = item.GetAccessee().GetAccesseeUserId();
2631 if (accesserUdid == localUdid && accesseeUdid == peerUdid && accesseeUserid == peerUserId &&
2632 std::string(accesseeAccountIdHash) == peerAccountHash) {
2633 deviceIdMap.insert(std::pair<std::string, int32_t>(accesserUdid, accesserUserid));
2634 continue;
2635 }
2636 if (accesseeUdid == localUdid && accesserUdid == peerUdid && accesserUserid == peerUserId &&
2637 std::string(accesserAccountIdHash) == peerAccountHash) {
2638 deviceIdMap.insert(std::pair<std::string, int32_t>(accesseeUdid, accesseeUserid));
2639 continue;
2640 }
2641 }
2642 return deviceIdMap;
2643 }
2644
GetDeviceIdAndUserId(const std::string & localUdid,int32_t localUserId)2645 DM_EXPORT std::multimap<std::string, int32_t> DeviceProfileConnector::GetDeviceIdAndUserId(
2646 const std::string &localUdid, int32_t localUserId)
2647 {
2648 LOGI("localUdid %{public}s, userId %{public}d.", GetAnonyString(localUdid).c_str(), localUserId);
2649 std::vector<AccessControlProfile> profiles = GetAllAccessControlProfile();
2650 std::multimap<std::string, int32_t> deviceIdMap;
2651 for (const auto &item : profiles) {
2652 std::string accesserDeviceId = item.GetAccesser().GetAccesserDeviceId();
2653 int32_t accesserUserId = item.GetAccesser().GetAccesserUserId();
2654 std::string accesseeDeviceId = item.GetAccessee().GetAccesseeDeviceId();
2655 int32_t accesseeUserId = item.GetAccessee().GetAccesseeUserId();
2656 if (accesserDeviceId == localUdid && accesserUserId == localUserId) {
2657 if (!IsValueExist(deviceIdMap, accesseeDeviceId, accesseeUserId)) {
2658 deviceIdMap.insert(std::pair<std::string, int32_t>(accesseeDeviceId, accesseeUserId));
2659 }
2660 continue;
2661 }
2662 if (accesseeDeviceId == localUdid && accesseeUserId == localUserId) {
2663 if (!IsValueExist(deviceIdMap, accesserDeviceId, accesserUserId)) {
2664 deviceIdMap.insert(std::pair<std::string, int32_t>(accesserDeviceId, accesserUserId));
2665 }
2666 continue;
2667 }
2668 }
2669 return deviceIdMap;
2670 }
2671
HandleSyncBackgroundUserIdEvent(const std::vector<int32_t> & remoteUserIds,const std::string & remoteUdid,const std::vector<int32_t> & localUserIds,std::string & localUdid)2672 DM_EXPORT void DeviceProfileConnector::HandleSyncBackgroundUserIdEvent(
2673 const std::vector<int32_t> &remoteUserIds, const std::string &remoteUdid,
2674 const std::vector<int32_t> &localUserIds, std::string &localUdid)
2675 {
2676 LOGI("localUdid %{public}s, remoteUdid %{public}s.", GetAnonyString(localUdid).c_str(),
2677 GetAnonyString(remoteUdid).c_str());
2678 std::vector<AccessControlProfile> profiles = GetAllAclIncludeLnnAcl();
2679 for (auto &item : profiles) {
2680 std::string accesserDeviceId = item.GetAccesser().GetAccesserDeviceId();
2681 std::string accesseeDeviceId = item.GetAccessee().GetAccesseeDeviceId();
2682 int32_t accesserUserId = item.GetAccesser().GetAccesserUserId();
2683 int32_t accesseeUserId = item.GetAccessee().GetAccesseeUserId();
2684 if (accesserDeviceId == localUdid && accesseeDeviceId == remoteUdid &&
2685 (find(remoteUserIds.begin(), remoteUserIds.end(), accesseeUserId) != remoteUserIds.end() ||
2686 find(localUserIds.begin(), localUserIds.end(), accesserUserId) == localUserIds.end())) {
2687 if (item.GetStatus() == ACTIVE) {
2688 item.SetStatus(INACTIVE);
2689 DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(item);
2690 }
2691 } else if ((accesseeDeviceId == localUdid && accesserDeviceId == remoteUdid) &&
2692 (find(remoteUserIds.begin(), remoteUserIds.end(), accesserUserId) != remoteUserIds.end() ||
2693 find(localUserIds.begin(), localUserIds.end(), accesseeUserId) == localUserIds.end())) {
2694 if (item.GetStatus() == ACTIVE) {
2695 item.SetStatus(INACTIVE);
2696 DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(item);
2697 }
2698 }
2699 }
2700 }
2701
HandleDeviceUnBind(int32_t bindType,const std::string & peerUdid,const std::string & localUdid,int32_t localUserId,const std::string & localAccountId)2702 DM_EXPORT void DeviceProfileConnector::HandleDeviceUnBind(int32_t bindType,
2703 const std::string &peerUdid, const std::string &localUdid, int32_t localUserId, const std::string &localAccountId)
2704 {
2705 std::vector<DistributedDeviceProfile::AccessControlProfile> profiles =
2706 DeviceProfileConnector::GetInstance().GetAllAccessControlProfile();
2707 if (profiles.empty()) {
2708 LOGI("profiles is empty");
2709 return;
2710 }
2711 for (auto &item : profiles) {
2712 if ((item.GetBindType() == static_cast<uint32_t>(bindType)) &&
2713 item.GetTrustDeviceId() == peerUdid &&
2714 item.GetAccesser().GetAccesserDeviceId() == localUdid &&
2715 item.GetAccesser().GetAccesserUserId() == localUserId &&
2716 item.GetAccesser().GetAccesserAccountId() == localAccountId) {
2717 DeviceProfileConnector::GetInstance().DeleteAccessControlById(item.GetAccessControlId());
2718 }
2719 }
2720 }
2721
SubscribeDeviceProfileInited(sptr<DistributedDeviceProfile::IDpInitedCallback> dpInitedCallback)2722 DM_EXPORT int32_t DeviceProfileConnector::SubscribeDeviceProfileInited(
2723 sptr<DistributedDeviceProfile::IDpInitedCallback> dpInitedCallback)
2724 {
2725 LOGI("In");
2726 if (dpInitedCallback == nullptr) {
2727 LOGE("dpInitedCallback is nullptr");
2728 return ERR_DM_INPUT_PARA_INVALID;
2729 }
2730 int32_t ret = DistributedDeviceProfileClient::GetInstance().SubscribeDeviceProfileInited(
2731 DISTRIBUTED_HARDWARE_DEVICEMANAGER_SA_ID, dpInitedCallback);
2732 if (ret != DM_OK) {
2733 LOGE("failed: %{public}d", ret);
2734 return ret;
2735 }
2736 return DM_OK;
2737 }
2738
UnSubscribeDeviceProfileInited()2739 DM_EXPORT int32_t DeviceProfileConnector::UnSubscribeDeviceProfileInited()
2740 {
2741 LOGI("In");
2742 int32_t ret = DistributedDeviceProfileClient::GetInstance().UnSubscribeDeviceProfileInited(
2743 DISTRIBUTED_HARDWARE_DEVICEMANAGER_SA_ID);
2744 if (ret != DM_OK) {
2745 LOGE("failed: %{public}d", ret);
2746 return ret;
2747 }
2748 return DM_OK;
2749 }
2750
PutAllTrustedDevices(const std::vector<DistributedDeviceProfile::TrustedDeviceInfo> & deviceInfos)2751 DM_EXPORT int32_t DeviceProfileConnector::PutAllTrustedDevices(
2752 const std::vector<DistributedDeviceProfile::TrustedDeviceInfo> &deviceInfos)
2753 {
2754 LOGI("In deviceInfos.size:%{public}zu", deviceInfos.size());
2755 int32_t ret = DistributedDeviceProfileClient::GetInstance().PutAllTrustedDevices(deviceInfos);
2756 if (ret != DM_OK) {
2757 LOGE("failed: %{public}d", ret);
2758 return ret;
2759 }
2760 return DM_OK;
2761 }
2762
CheckDeviceInfoPermission(const std::string & localUdid,const std::string & peerDeviceId)2763 DM_EXPORT int32_t DeviceProfileConnector::CheckDeviceInfoPermission(
2764 const std::string &localUdid, const std::string &peerDeviceId)
2765 {
2766 LOGI("CheckDeviceInfoPermission Start.");
2767 int32_t localUserId = 0;
2768 uint32_t tempLocalTokenId = 0;
2769 MultipleUserConnector::GetTokenIdAndForegroundUserId(tempLocalTokenId, localUserId);
2770 int64_t localTokenId = static_cast<int64_t>(tempLocalTokenId);
2771 std::string localAccountId = MultipleUserConnector::GetOhosAccountIdByUserId(localUserId);
2772 std::vector<AccessControlProfile> profiles = GetAccessControlProfileByUserId(localUserId);
2773 for (auto &item : profiles) {
2774 if (IsLnnAcl(item)) {
2775 continue;
2776 }
2777 if (item.GetTrustDeviceId() == peerDeviceId) {
2778 if (item.GetBindType() == DM_IDENTICAL_ACCOUNT || item.GetBindLevel() == USER) {
2779 return DM_OK;
2780 }
2781 }
2782 int32_t profileUserId = item.GetAccesser().GetAccesserUserId();
2783 if (item.GetAccesser().GetAccesserDeviceId() == localUdid &&
2784 (profileUserId == localUserId || profileUserId == -1 || profileUserId == 0) &&
2785 item.GetAccesser().GetAccesserTokenId() == localTokenId &&
2786 item.GetAccessee().GetAccesseeDeviceId() == peerDeviceId) {
2787 return DM_OK;
2788 }
2789 profileUserId = item.GetAccessee().GetAccesseeUserId();
2790 if (item.GetAccessee().GetAccesseeDeviceId() == localUdid &&
2791 (profileUserId == localUserId || profileUserId == -1 || profileUserId == 0) &&
2792 item.GetAccessee().GetAccesseeTokenId() == localTokenId &&
2793 item.GetAccesser().GetAccesserDeviceId() == peerDeviceId) {
2794 return DM_OK;
2795 }
2796 }
2797 return ERR_DM_NO_PERMISSION;
2798 }
2799
UpdateAclDeviceName(const std::string & udid,const std::string & newDeviceName)2800 int32_t DeviceProfileConnector::UpdateAclDeviceName(const std::string &udid, const std::string &newDeviceName)
2801 {
2802 std::vector<AccessControlProfile> allProfile =
2803 DeviceProfileConnector::GetInstance().GetAllAccessControlProfile();
2804 for (AccessControlProfile profile : allProfile) {
2805 Accessee acee = profile.GetAccessee();
2806 if (acee.GetAccesseeDeviceId() == udid) {
2807 acee.SetAccesseeDeviceName(newDeviceName);
2808 profile.SetAccessee(acee);
2809 DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(profile);
2810 return DM_OK;
2811 }
2812 Accesser acer = profile.GetAccesser();
2813 if (acer.GetAccesserDeviceId() == udid) {
2814 acer.SetAccesserDeviceName(newDeviceName);
2815 profile.SetAccesser(acer);
2816 DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(profile);
2817 return DM_OK;
2818 }
2819 }
2820 return ERR_DM_FAILED;
2821 }
2822
PutLocalServiceInfo(const DistributedDeviceProfile::LocalServiceInfo & localServiceInfo)2823 int32_t DeviceProfileConnector::PutLocalServiceInfo(
2824 const DistributedDeviceProfile::LocalServiceInfo &localServiceInfo)
2825 {
2826 int32_t ret = DistributedDeviceProfileClient::GetInstance().PutLocalServiceInfo(localServiceInfo);
2827 if (ret != DM_OK) {
2828 LOGE("failed: %{public}d", ret);
2829 return ret;
2830 }
2831 return DM_OK;
2832 }
2833
DeleteLocalServiceInfo(const std::string & bundleName,int32_t pinExchangeType)2834 int32_t DeviceProfileConnector::DeleteLocalServiceInfo(const std::string &bundleName, int32_t pinExchangeType)
2835 {
2836 int32_t ret = DistributedDeviceProfileClient::GetInstance().DeleteLocalServiceInfo(bundleName, pinExchangeType);
2837 if (ret != DM_OK) {
2838 LOGE("failed: %{public}d", ret);
2839 return ret;
2840 }
2841 return DM_OK;
2842 }
2843
UpdateLocalServiceInfo(const DistributedDeviceProfile::LocalServiceInfo & localServiceInfo)2844 int32_t DeviceProfileConnector::UpdateLocalServiceInfo(
2845 const DistributedDeviceProfile::LocalServiceInfo &localServiceInfo)
2846 {
2847 int32_t ret = DistributedDeviceProfileClient::GetInstance().UpdateLocalServiceInfo(localServiceInfo);
2848 if (ret != DM_OK) {
2849 LOGE("failed: %{public}d", ret);
2850 return ret;
2851 }
2852 return DM_OK;
2853 }
2854
GetLocalServiceInfoByBundleNameAndPinExchangeType(const std::string & bundleName,int32_t pinExchangeType,DistributedDeviceProfile::LocalServiceInfo & localServiceInfo)2855 int32_t DeviceProfileConnector::GetLocalServiceInfoByBundleNameAndPinExchangeType(const std::string &bundleName,
2856 int32_t pinExchangeType, DistributedDeviceProfile::LocalServiceInfo &localServiceInfo)
2857 {
2858 LOGI("getLocalServiceInfo bundleName = %{public}s, pinExchangeType = %{public}d",
2859 bundleName.c_str(), pinExchangeType);
2860 int32_t ret = DistributedDeviceProfileClient::GetInstance().GetLocalServiceInfoByBundleAndPinType(bundleName,
2861 pinExchangeType, localServiceInfo);
2862 if (ret != DM_OK) {
2863 LOGE("failed: %{public}d", ret);
2864 return ret;
2865 }
2866 return DM_OK;
2867 }
2868
PutSessionKey(int32_t userId,const std::vector<unsigned char> & sessionKeyArray,int32_t & sessionKeyId)2869 int32_t DeviceProfileConnector::PutSessionKey(int32_t userId, const std::vector<unsigned char> &sessionKeyArray,
2870 int32_t &sessionKeyId)
2871 {
2872 if (sessionKeyArray.empty() || sessionKeyArray.size() > MAX_SESSION_KEY_LENGTH) {
2873 LOGE("SessionKey size invalid");
2874 return ERR_DM_FAILED;
2875 }
2876 int32_t ret = DistributedDeviceProfileClient::GetInstance().PutSessionKey(static_cast<uint32_t>(userId),
2877 sessionKeyArray, sessionKeyId);
2878 if (ret != DM_OK) {
2879 LOGE("failed: %{public}d", ret);
2880 return ret;
2881 }
2882 return DM_OK;
2883 }
2884
DeleteSessionKey(int32_t userId,int32_t sessionKeyId)2885 int32_t DeviceProfileConnector::DeleteSessionKey(int32_t userId, int32_t sessionKeyId)
2886 {
2887 int32_t ret =
2888 DistributedDeviceProfileClient::GetInstance().DeleteSessionKey(static_cast<uint32_t>(userId), sessionKeyId);
2889 if (ret != DM_OK) {
2890 LOGE("failed: %{public}d", ret);
2891 return ret;
2892 }
2893 return DM_OK;
2894 }
2895
GetSessionKey(int32_t userId,int32_t sessionKeyId,std::vector<unsigned char> & sessionKeyArray)2896 int32_t DeviceProfileConnector::GetSessionKey(int32_t userId, int32_t sessionKeyId,
2897 std::vector<unsigned char> &sessionKeyArray)
2898 {
2899 int32_t ret = DistributedDeviceProfileClient::GetInstance().GetSessionKey(static_cast<uint32_t>(userId),
2900 sessionKeyId, sessionKeyArray);
2901 if (ret != DM_OK) {
2902 LOGE("failed: %{public}d", ret);
2903 return ret;
2904 }
2905 return DM_OK;
2906 }
2907
CheckAclStatusNotMatch(const DistributedDeviceProfile::AccessControlProfile & profile,const std::string & localUdid,const std::vector<int32_t> & foregroundUserIds,const std::vector<int32_t> & backgroundUserIds)2908 bool DeviceProfileConnector::CheckAclStatusNotMatch(const DistributedDeviceProfile::AccessControlProfile &profile,
2909 const std::string &localUdid, const std::vector<int32_t> &foregroundUserIds,
2910 const std::vector<int32_t> &backgroundUserIds)
2911 {
2912 if ((profile.GetAccesser().GetAccesserDeviceId() == localUdid &&
2913 (find(backgroundUserIds.begin(), backgroundUserIds.end(), profile.GetAccesser().GetAccesserUserId()) !=
2914 backgroundUserIds.end()) && (profile.GetStatus() == ACTIVE)) ||
2915 (profile.GetAccessee().GetAccesseeDeviceId() == localUdid &&
2916 (find(backgroundUserIds.begin(), backgroundUserIds.end(), profile.GetAccessee().GetAccesseeUserId()) !=
2917 backgroundUserIds.end()) && (profile.GetStatus() == ACTIVE))) {
2918 return true;
2919 }
2920 if ((profile.GetAccesser().GetAccesserDeviceId() == localUdid &&
2921 (find(foregroundUserIds.begin(), foregroundUserIds.end(), profile.GetAccesser().GetAccesserUserId()) !=
2922 foregroundUserIds.end()) && profile.GetStatus() == INACTIVE) ||
2923 (profile.GetAccessee().GetAccesseeDeviceId() == localUdid &&
2924 (find(foregroundUserIds.begin(), foregroundUserIds.end(), profile.GetAccessee().GetAccesseeUserId()) !=
2925 foregroundUserIds.end()) && profile.GetStatus() == INACTIVE)) {
2926 return true;
2927 }
2928 return false;
2929 }
2930
CheckAclStatusAndForegroundNotMatch(const std::string & localUdid,const std::vector<int32_t> & foregroundUserIds,const std::vector<int32_t> & backgroundUserIds)2931 bool DeviceProfileConnector::CheckAclStatusAndForegroundNotMatch(const std::string &localUdid,
2932 const std::vector<int32_t> &foregroundUserIds, const std::vector<int32_t> &backgroundUserIds)
2933 {
2934 std::vector<AccessControlProfile> profiles = GetAllAclIncludeLnnAcl();
2935 LOGI("CheckAclStatusAndForegroundNotMatch profiles size is %{public}zu", profiles.size());
2936 for (auto &item : profiles) {
2937 if (CheckAclStatusNotMatch(item, localUdid, foregroundUserIds, backgroundUserIds)) {
2938 return true;
2939 }
2940 }
2941 return false;
2942 }
2943
HandleUserSwitched(const std::string & localUdid,const std::vector<std::string> & deviceVec,const std::vector<int32_t> & foregroundUserIds,const std::vector<int32_t> & backgroundUserIds)2944 DM_EXPORT int32_t DeviceProfileConnector::HandleUserSwitched(
2945 const std::string &localUdid, const std::vector<std::string> &deviceVec,
2946 const std::vector<int32_t> &foregroundUserIds, const std::vector<int32_t> &backgroundUserIds)
2947 {
2948 LOGI("OnStart HandleUserSwitched");
2949 if (deviceVec.empty()) {
2950 LOGI("no remote device.");
2951 return DM_OK;
2952 }
2953 std::vector<AccessControlProfile> profiles = GetAllAclIncludeLnnAcl();
2954 std::vector<AccessControlProfile> activeProfiles;
2955 std::vector<AccessControlProfile> inActiveProfiles;
2956 for (auto &item : profiles) {
2957 if (std::find(deviceVec.begin(), deviceVec.end(), item.GetTrustDeviceId()) == deviceVec.end()) {
2958 continue;
2959 }
2960 if ((item.GetAccesser().GetAccesserDeviceId() == localUdid &&
2961 (find(backgroundUserIds.begin(), backgroundUserIds.end(),
2962 item.GetAccesser().GetAccesserUserId()) != backgroundUserIds.end())) ||
2963 (item.GetAccessee().GetAccesseeDeviceId() == localUdid &&
2964 (find(backgroundUserIds.begin(), backgroundUserIds.end(),
2965 item.GetAccessee().GetAccesseeUserId()) != backgroundUserIds.end()))) {
2966 if (item.GetStatus() == ACTIVE) {
2967 item.SetStatus(INACTIVE);
2968 inActiveProfiles.push_back(item);
2969 }
2970 continue;
2971 }
2972 if ((item.GetAccesser().GetAccesserDeviceId() == localUdid &&
2973 (find(foregroundUserIds.begin(), foregroundUserIds.end(),
2974 item.GetAccesser().GetAccesserUserId()) != foregroundUserIds.end()) && item.GetStatus() == INACTIVE) || (
2975 item.GetAccessee().GetAccesseeDeviceId() == localUdid &&
2976 (find(foregroundUserIds.begin(), foregroundUserIds.end(),
2977 item.GetAccessee().GetAccesseeUserId()) != foregroundUserIds.end()) && item.GetStatus() == INACTIVE)) {
2978 item.SetStatus(ACTIVE);
2979 activeProfiles.push_back(item);
2980 continue;
2981 }
2982 }
2983 HandleUserSwitched(activeProfiles, inActiveProfiles);
2984 return DM_OK;
2985 }
2986
HandleUserStop(int32_t stopUserId,const std::string & stopEventUdid)2987 int32_t DeviceProfileConnector::HandleUserStop(int32_t stopUserId, const std::string &stopEventUdid)
2988 {
2989 std::vector<AccessControlProfile> profiles = GetAllAclIncludeLnnAcl();
2990 for (auto &item : profiles) {
2991 if ((item.GetAccesser().GetAccesserDeviceId() == stopEventUdid &&
2992 item.GetAccesser().GetAccesserUserId() == stopUserId && item.GetStatus() == ACTIVE) ||
2993 (item.GetAccessee().GetAccesseeDeviceId() == stopEventUdid &&
2994 item.GetAccessee().GetAccesseeUserId() == stopUserId && item.GetStatus() == ACTIVE)) {
2995 item.SetStatus(INACTIVE);
2996 DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(item);
2997 }
2998 }
2999 return DM_OK;
3000 }
3001
HandleUserStop(int32_t stopUserId,const std::string & stopEventUdid,const std::vector<std::string> & acceptEventUdids)3002 int32_t DeviceProfileConnector::HandleUserStop(int32_t stopUserId, const std::string &stopEventUdid,
3003 const std::vector<std::string> &acceptEventUdids)
3004 {
3005 if (acceptEventUdids.empty()) {
3006 LOGI("no remote device.");
3007 return DM_OK;
3008 }
3009 std::vector<AccessControlProfile> profiles = GetAllAclIncludeLnnAcl();
3010 for (auto &item : profiles) {
3011 if (std::find(acceptEventUdids.begin(), acceptEventUdids.end(), item.GetTrustDeviceId()) ==
3012 acceptEventUdids.end()) {
3013 continue;
3014 }
3015 if ((item.GetAccesser().GetAccesserDeviceId() == stopEventUdid &&
3016 item.GetAccesser().GetAccesserUserId() == stopUserId && item.GetStatus() == ACTIVE) ||
3017 (item.GetAccessee().GetAccesseeDeviceId() == stopEventUdid &&
3018 item.GetAccessee().GetAccesseeUserId() == stopUserId && item.GetStatus() == ACTIVE)) {
3019 item.SetStatus(INACTIVE);
3020 DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(item);
3021 }
3022 }
3023 return DM_OK;
3024 }
3025
IsLnnAcl(const DistributedDeviceProfile::AccessControlProfile & profile)3026 DM_EXPORT bool DeviceProfileConnector::IsLnnAcl(const DistributedDeviceProfile::AccessControlProfile &profile)
3027 {
3028 std::string extraData = profile.GetExtraData();
3029 if (extraData.empty()) {
3030 return false;
3031 }
3032
3033 JsonObject extJson(extraData);
3034 if (extJson.IsDiscarded() || !IsString(extJson, ACL_IS_LNN_ACL_KEY)) {
3035 return false;
3036 }
3037
3038 std::string isLnnAclStr = extJson[ACL_IS_LNN_ACL_KEY].Get<std::string>();
3039 std::string isLnnAclTrue = std::string(ACL_IS_LNN_ACL_VAL_TRUE);
3040 return isLnnAclStr == isLnnAclTrue;
3041 }
3042
CacheAcerAclId(const DistributedDeviceProfile::AccessControlProfile & profile,std::vector<DmAclIdParam> & aclInfos)3043 DM_EXPORT void DeviceProfileConnector::CacheAcerAclId(const DistributedDeviceProfile::AccessControlProfile &profile,
3044 std::vector<DmAclIdParam> &aclInfos)
3045 {
3046 DmAclIdParam dmAclIdParam;
3047 dmAclIdParam.udid = profile.GetAccesser().GetAccesserDeviceId();
3048 dmAclIdParam.userId = profile.GetAccesser().GetAccesserUserId();
3049 dmAclIdParam.skId = profile.GetAccesser().GetAccesserSessionKeyId();
3050 dmAclIdParam.credId = profile.GetAccesser().GetAccesserCredentialIdStr();
3051 dmAclIdParam.accessControlId = profile.GetAccessControlId();
3052 aclInfos.push_back(dmAclIdParam);
3053 }
3054
CacheAceeAclId(const DistributedDeviceProfile::AccessControlProfile & profile,std::vector<DmAclIdParam> & aclInfos)3055 DM_EXPORT void DeviceProfileConnector::CacheAceeAclId(const DistributedDeviceProfile::AccessControlProfile &profile,
3056 std::vector<DmAclIdParam> &aclInfos)
3057 {
3058 DmAclIdParam dmAclIdParam;
3059 dmAclIdParam.udid = profile.GetAccessee().GetAccesseeDeviceId();
3060 dmAclIdParam.userId = profile.GetAccessee().GetAccesseeUserId();
3061 dmAclIdParam.skId = profile.GetAccessee().GetAccesseeSessionKeyId();
3062 dmAclIdParam.credId = profile.GetAccessee().GetAccesseeCredentialIdStr();
3063 dmAclIdParam.accessControlId = profile.GetAccessControlId();
3064 aclInfos.push_back(dmAclIdParam);
3065 }
3066
HandleAccountCommonEvent(const std::string & localUdid,const std::vector<std::string> & deviceVec,const std::vector<int32_t> & foregroundUserIds,const std::vector<int32_t> & backgroundUserIds)3067 DM_EXPORT int32_t DeviceProfileConnector::HandleAccountCommonEvent(
3068 const std::string &localUdid, const std::vector<std::string> &deviceVec,
3069 const std::vector<int32_t> &foregroundUserIds, const std::vector<int32_t> &backgroundUserIds)
3070 {
3071 LOGI("HandleAccountCommonEvent start");
3072 if (deviceVec.empty()) {
3073 LOGI("no remote device.");
3074 return DM_OK;
3075 }
3076 std::vector<AccessControlProfile> profiles = GetAllAclIncludeLnnAcl();
3077 std::vector<AccessControlProfile> activeProfiles;
3078 std::vector<AccessControlProfile> inActiveProfiles;
3079 for (auto &item : profiles) {
3080 if (std::find(deviceVec.begin(), deviceVec.end(), item.GetTrustDeviceId()) == deviceVec.end()) {
3081 continue;
3082 }
3083 if ((item.GetAccesser().GetAccesserDeviceId() == localUdid &&
3084 (find(foregroundUserIds.begin(), foregroundUserIds.end(),
3085 item.GetAccesser().GetAccesserUserId()) == foregroundUserIds.end()) && item.GetStatus() == ACTIVE) ||
3086 (item.GetAccessee().GetAccesseeDeviceId() == localUdid &&
3087 (find(foregroundUserIds.begin(), foregroundUserIds.end(),
3088 item.GetAccessee().GetAccesseeUserId()) == foregroundUserIds.end()) && item.GetStatus() == ACTIVE)) {
3089 item.SetStatus(INACTIVE);
3090 inActiveProfiles.push_back(item);
3091 continue;
3092 }
3093 if ((item.GetAccesser().GetAccesserDeviceId() == localUdid &&
3094 (find(foregroundUserIds.begin(), foregroundUserIds.end(),
3095 item.GetAccesser().GetAccesserUserId()) != foregroundUserIds.end()) && item.GetStatus() == INACTIVE) || (
3096 item.GetAccessee().GetAccesseeDeviceId() == localUdid &&
3097 (find(foregroundUserIds.begin(), foregroundUserIds.end(),
3098 item.GetAccessee().GetAccesseeUserId()) != foregroundUserIds.end()) && item.GetStatus() == INACTIVE)) {
3099 item.SetStatus(ACTIVE);
3100 activeProfiles.push_back(item);
3101 continue;
3102 }
3103 }
3104 for (auto &item : inActiveProfiles) {
3105 DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(item);
3106 }
3107 for (auto &item : activeProfiles) {
3108 DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(item);
3109 }
3110 return DM_OK;
3111 }
3112
CheckSrcAccessControl(const DmAccessCaller & caller,const std::string & srcUdid,const DmAccessCallee & callee,const std::string & sinkUdid)3113 DM_EXPORT bool DeviceProfileConnector::CheckSrcAccessControl(const DmAccessCaller &caller, const std::string &srcUdid,
3114 const DmAccessCallee &callee, const std::string &sinkUdid)
3115 {
3116 LOGI("srcUdid %{public}s, srcUserId %{public}d, srcPkgName %{public}s,"
3117 "srcAccountId %{public}s, sinkUdid %{public}s, sinkUserId %{public}d, sinkPkgName %{public}s,"
3118 "sinkAccountId %{public}s.", GetAnonyString(srcUdid).c_str(), caller.userId,
3119 caller.pkgName.c_str(), GetAnonyString(caller.accountId).c_str(),
3120 GetAnonyString(sinkUdid).c_str(), callee.userId, callee.pkgName.c_str(),
3121 GetAnonyString(callee.accountId).c_str());
3122 std::vector<AccessControlProfile> profiles = GetAllAccessControlProfile();
3123 std::string localUdid = GetLocalDeviceId();
3124 std::string trustUdid = (localUdid == srcUdid ? sinkUdid : srcUdid);
3125 for (const auto &item : profiles) {
3126 PrintProfile(item);
3127 if (item.GetTrustDeviceId() != trustUdid || item.GetStatus() != ACTIVE) {
3128 continue;
3129 }
3130 switch (item.GetBindType()) {
3131 case DM_IDENTICAL_ACCOUNT:
3132 if (CheckSrcAcuntAccessControl(item, caller, srcUdid, callee, sinkUdid)) {
3133 return true;
3134 }
3135 break;
3136 case DM_SHARE:
3137 if (CheckSrcShareAccessControl(item, caller, srcUdid, callee, sinkUdid)) {
3138 return true;
3139 }
3140 break;
3141 case DM_POINT_TO_POINT:
3142 case DM_ACROSS_ACCOUNT:
3143 if (CheckSrcP2PAccessControl(item, caller, srcUdid, callee, sinkUdid)) {
3144 return true;
3145 }
3146 break;
3147 default:
3148 break;
3149 }
3150 }
3151 return false;
3152 }
3153
CheckSrcAcuntAccessControl(const DistributedDeviceProfile::AccessControlProfile & profile,const DmAccessCaller & caller,const std::string & srcUdid,const DmAccessCallee & callee,const std::string & sinkUdid)3154 bool DeviceProfileConnector::CheckSrcAcuntAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile,
3155 const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid)
3156 {
3157 std::string acerDeviceId = profile.GetAccesser().GetAccesserDeviceId();
3158 int32_t acerUserId = profile.GetAccesser().GetAccesserUserId();
3159 std::string acerAccountId = profile.GetAccesser().GetAccesserAccountId();
3160
3161 std::string aceeDeviceId = profile.GetAccessee().GetAccesseeDeviceId();
3162 int32_t aceeUserId = profile.GetAccessee().GetAccesseeUserId();
3163 std::string aceeAccountId = profile.GetAccessee().GetAccesseeAccountId();
3164 //bind type is identical account, accesser is caller, accessee is callee
3165 if (srcUdid == acerDeviceId && caller.userId == acerUserId && caller.accountId == acerAccountId &&
3166 sinkUdid == aceeDeviceId && acerAccountId == aceeAccountId) {
3167 return true;
3168 }
3169 //bind type is identical account, accessee is caller, accesser is callee
3170 if (srcUdid == aceeDeviceId && caller.userId == aceeUserId && caller.accountId == aceeAccountId &&
3171 sinkUdid == acerDeviceId && acerAccountId == aceeAccountId) {
3172 return true;
3173 }
3174 return false;
3175 }
3176
CheckSrcShareAccessControl(const DistributedDeviceProfile::AccessControlProfile & profile,const DmAccessCaller & caller,const std::string & srcUdid,const DmAccessCallee & callee,const std::string & sinkUdid)3177 bool DeviceProfileConnector::CheckSrcShareAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile,
3178 const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid)
3179 {
3180 std::string acerDeviceId = profile.GetAccesser().GetAccesserDeviceId();
3181 int32_t acerUserId = profile.GetAccesser().GetAccesserUserId();
3182 std::string acerAccountId = profile.GetAccesser().GetAccesserAccountId();
3183
3184 std::string aceeDeviceId = profile.GetAccessee().GetAccesseeDeviceId();
3185
3186 if (srcUdid == acerDeviceId && caller.userId == acerUserId && caller.accountId == acerAccountId &&
3187 sinkUdid == aceeDeviceId) {
3188 return true;
3189 }
3190 return false;
3191 }
3192
CheckSrcP2PAccessControl(const DistributedDeviceProfile::AccessControlProfile & profile,const DmAccessCaller & caller,const std::string & srcUdid,const DmAccessCallee & callee,const std::string & sinkUdid)3193 bool DeviceProfileConnector::CheckSrcP2PAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile,
3194 const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid)
3195 {
3196 std::string acerDeviceId = profile.GetAccesser().GetAccesserDeviceId();
3197 int32_t acerUserId = profile.GetAccesser().GetAccesserUserId();
3198 int32_t acerTokenId = static_cast<int32_t>(profile.GetAccesser().GetAccesserTokenId());
3199 std::string acerPkgName = profile.GetAccesser().GetAccesserBundleName();
3200
3201 std::string aceeDeviceId = profile.GetAccessee().GetAccesseeDeviceId();
3202 int32_t aceeUserId = profile.GetAccessee().GetAccesseeUserId();
3203 int32_t aceeTokenId = static_cast<int32_t>(profile.GetAccessee().GetAccesseeTokenId());
3204 std::string aceePkgName = profile.GetAccessee().GetAccesseeBundleName();
3205
3206 uint32_t bindLevel = profile.GetBindLevel();
3207 switch (bindLevel) {
3208 case USER:
3209 //bind level is user, accesser is caller, accessee is callee
3210 if (srcUdid == acerDeviceId && caller.userId == acerUserId && sinkUdid == aceeDeviceId) {
3211 return true;
3212 }
3213 //bind level is user, accessee is caller, accesser is callee
3214 if (srcUdid == aceeDeviceId && caller.userId == aceeUserId && sinkUdid == acerDeviceId) {
3215 return true;
3216 }
3217 break;
3218 case SERVICE:
3219 case APP:
3220 //bind level is user, accesser is caller, accessee is callee
3221 if (srcUdid == acerDeviceId && caller.userId == acerUserId &&
3222 static_cast<int32_t>(caller.tokenId) == acerTokenId && sinkUdid == aceeDeviceId) {
3223 return true;
3224 }
3225 //bind level is user, accessee is caller, accesser is callee
3226 if (srcUdid == aceeDeviceId && caller.userId == aceeUserId &&
3227 static_cast<int32_t>(caller.tokenId) == aceeTokenId && sinkUdid == acerDeviceId) {
3228 return true;
3229 }
3230 break;
3231 default:
3232 LOGE("invalid bindLevel %{public}d.", bindLevel);
3233 break;
3234 }
3235 return false;
3236 }
3237
CheckSinkAccessControl(const DmAccessCaller & caller,const std::string & srcUdid,const DmAccessCallee & callee,const std::string & sinkUdid)3238 DM_EXPORT bool DeviceProfileConnector::CheckSinkAccessControl(const DmAccessCaller &caller, const std::string &srcUdid,
3239 const DmAccessCallee &callee, const std::string &sinkUdid)
3240 {
3241 LOGI("srcUdid %{public}s, srcUserId %{public}d, srcPkgName %{public}s,"
3242 "srcAccountId %{public}s, sinkUdid %{public}s, sinkUserId %{public}d, sinkPkgName %{public}s,"
3243 "sinkAccountId %{public}s.", GetAnonyString(srcUdid).c_str(), caller.userId,
3244 caller.pkgName.c_str(), GetAnonyString(caller.accountId).c_str(),
3245 GetAnonyString(sinkUdid).c_str(), callee.userId, callee.pkgName.c_str(),
3246 GetAnonyString(callee.accountId).c_str());
3247 std::vector<AccessControlProfile> profiles = GetAllAccessControlProfile();
3248 std::string localUdid = GetLocalDeviceId();
3249 std::string trustUdid = (localUdid == srcUdid ? sinkUdid : srcUdid);
3250 for (const auto &item : profiles) {
3251 PrintProfile(item);
3252 if (item.GetTrustDeviceId() != trustUdid || item.GetStatus() != ACTIVE) {
3253 continue;
3254 }
3255 switch (item.GetBindType()) {
3256 case DM_IDENTICAL_ACCOUNT:
3257 if (CheckSinkAcuntAccessControl(item, caller, srcUdid, callee, sinkUdid)) {
3258 return true;
3259 }
3260 break;
3261 case DM_SHARE:
3262 if (CheckSinkShareAccessControl(item, caller, srcUdid, callee, sinkUdid)) {
3263 return true;
3264 }
3265 break;
3266 case DM_POINT_TO_POINT:
3267 case DM_ACROSS_ACCOUNT:
3268 if (CheckSinkP2PAccessControl(item, caller, srcUdid, callee, sinkUdid)) {
3269 return true;
3270 }
3271 break;
3272 default:
3273 break;
3274 }
3275 }
3276 return false;
3277 }
3278
CheckSinkAcuntAccessControl(const DistributedDeviceProfile::AccessControlProfile & profile,const DmAccessCaller & caller,const std::string & srcUdid,const DmAccessCallee & callee,const std::string & sinkUdid)3279 bool DeviceProfileConnector::CheckSinkAcuntAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile,
3280 const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid)
3281 {
3282 std::string acerDeviceId = profile.GetAccesser().GetAccesserDeviceId();
3283 int32_t acerUserId = profile.GetAccesser().GetAccesserUserId();
3284 std::string acerAccountId = profile.GetAccesser().GetAccesserAccountId();
3285
3286 std::string aceeDeviceId = profile.GetAccessee().GetAccesseeDeviceId();
3287 int32_t aceeUserId = profile.GetAccessee().GetAccesseeUserId();
3288 std::string aceeAccountId = profile.GetAccessee().GetAccesseeAccountId();
3289
3290 //bind type is identical account, accesser is caller, accessee is callee
3291 if (srcUdid == acerDeviceId && caller.userId == acerUserId && caller.accountId == acerAccountId &&
3292 sinkUdid == aceeDeviceId && callee.userId == aceeUserId && callee.accountId == aceeAccountId &&
3293 caller.accountId == callee.accountId) {
3294 return true;
3295 }
3296
3297 //bind type is identical account, accessee is caller, accesser is callee
3298 if (srcUdid == aceeDeviceId && caller.userId == aceeUserId && caller.accountId == aceeAccountId &&
3299 sinkUdid == acerDeviceId && callee.userId == acerUserId && callee.accountId == acerAccountId &&
3300 caller.accountId == callee.accountId) {
3301 return true;
3302 }
3303 return false;
3304 }
3305
CheckSinkShareAccessControl(const DistributedDeviceProfile::AccessControlProfile & profile,const DmAccessCaller & caller,const std::string & srcUdid,const DmAccessCallee & callee,const std::string & sinkUdid)3306 bool DeviceProfileConnector::CheckSinkShareAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile,
3307 const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid)
3308 {
3309 std::string acerDeviceId = profile.GetAccesser().GetAccesserDeviceId();
3310 int32_t acerUserId = profile.GetAccesser().GetAccesserUserId();
3311 std::string acerAccountId = profile.GetAccesser().GetAccesserAccountId();
3312
3313 std::string aceeDeviceId = profile.GetAccessee().GetAccesseeDeviceId();
3314 int32_t aceeUserId = profile.GetAccessee().GetAccesseeUserId();
3315 std::string aceeAccountId = profile.GetAccessee().GetAccesseeAccountId();
3316
3317 if (srcUdid == acerDeviceId && caller.userId == acerUserId && caller.accountId == acerAccountId &&
3318 sinkUdid == aceeDeviceId && callee.userId == aceeUserId && callee.accountId == aceeAccountId) {
3319 return true;
3320 }
3321 return false;
3322 }
3323
CheckSinkP2PAccessControl(const DistributedDeviceProfile::AccessControlProfile & profile,const DmAccessCaller & caller,const std::string & srcUdid,const DmAccessCallee & callee,const std::string & sinkUdid)3324 bool DeviceProfileConnector::CheckSinkP2PAccessControl(const DistributedDeviceProfile::AccessControlProfile &profile,
3325 const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid)
3326 {
3327 uint32_t bindLevel = profile.GetBindLevel();
3328 switch (bindLevel) {
3329 case USER:
3330 if (CheckSinkUserP2PAcl(profile, caller, srcUdid, callee, sinkUdid)) {
3331 return true;
3332 }
3333 break;
3334 case SERVICE:
3335 case APP:
3336 if (CheckSinkAppOrServiceP2PAcl(profile, caller, srcUdid, callee, sinkUdid)) {
3337 return true;
3338 }
3339 break;
3340 default:
3341 LOGE("invalid bindLevel %{public}d.", bindLevel);
3342 break;
3343 }
3344 return false;
3345 }
3346
CheckSinkUserP2PAcl(const DistributedDeviceProfile::AccessControlProfile & profile,const DmAccessCaller & caller,const std::string & srcUdid,const DmAccessCallee & callee,const std::string & sinkUdid)3347 bool DeviceProfileConnector::CheckSinkUserP2PAcl(const DistributedDeviceProfile::AccessControlProfile &profile,
3348 const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee,
3349 const std::string &sinkUdid)
3350 {
3351 std::string acerDeviceId = profile.GetAccesser().GetAccesserDeviceId();
3352 int32_t acerUserId = profile.GetAccesser().GetAccesserUserId();
3353
3354 std::string aceeDeviceId = profile.GetAccessee().GetAccesseeDeviceId();
3355 int32_t aceeUserId = profile.GetAccessee().GetAccesseeUserId();
3356 //bind level is user, accesser is caller, accessee is callee
3357 if (srcUdid == acerDeviceId && caller.userId == acerUserId && sinkUdid == aceeDeviceId &&
3358 callee.userId == aceeUserId) {
3359 return true;
3360 }
3361 //bind level is user, accessee is caller, accesser is callee
3362 if (srcUdid == aceeDeviceId && caller.userId == aceeUserId && sinkUdid == acerDeviceId &&
3363 callee.userId == acerUserId) {
3364 return true;
3365 }
3366 return false;
3367 }
3368
CheckSinkAppOrServiceP2PAcl(const DistributedDeviceProfile::AccessControlProfile & profile,const DmAccessCaller & caller,const std::string & srcUdid,const DmAccessCallee & callee,const std::string & sinkUdid)3369 bool DeviceProfileConnector::CheckSinkAppOrServiceP2PAcl(const DistributedDeviceProfile::AccessControlProfile &profile,
3370 const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee,
3371 const std::string &sinkUdid)
3372 {
3373 std::string acerDeviceId = profile.GetAccesser().GetAccesserDeviceId();
3374 int32_t acerUserId = profile.GetAccesser().GetAccesserUserId();
3375 int32_t acerTokenId = static_cast<int32_t>(profile.GetAccesser().GetAccesserTokenId());
3376
3377 std::string aceeDeviceId = profile.GetAccessee().GetAccesseeDeviceId();
3378 int32_t aceeUserId = profile.GetAccessee().GetAccesseeUserId();
3379 int32_t aceeTokenId = static_cast<int32_t>(profile.GetAccessee().GetAccesseeTokenId());
3380 //bind level is app or service, accesser is caller, accessee is callee
3381 if (srcUdid == acerDeviceId && caller.userId == acerUserId &&
3382 static_cast<int32_t>(caller.tokenId) == acerTokenId && sinkUdid == aceeDeviceId &&
3383 callee.userId == aceeUserId && static_cast<int32_t>(callee.tokenId) == aceeTokenId) {
3384 return true;
3385 }
3386 //bind level is app or service, accessee is caller, accesser is callee
3387 if (srcUdid == aceeDeviceId && caller.userId == aceeUserId &&
3388 static_cast<int32_t>(caller.tokenId) == aceeTokenId && sinkUdid == acerDeviceId &&
3389 callee.userId == acerUserId && static_cast<int32_t>(callee.tokenId) == acerTokenId) {
3390 return true;
3391 }
3392 return false;
3393 }
3394
CheckSrcIsSameAccount(const DmAccessCaller & caller,const std::string & srcUdid,const DmAccessCallee & callee,const std::string & sinkUdid)3395 DM_EXPORT bool DeviceProfileConnector::CheckSrcIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid,
3396 const DmAccessCallee &callee, const std::string &sinkUdid)
3397 {
3398 LOGI("srcUdid %{public}s, srcUserId %{public}d, srcPkgName %{public}s, "
3399 "srcAccountId %{public}s, sinkUdid %{public}s, sinkUserId %{public}d, sinkPkgName %{public}s,"
3400 "sinkAccountId %{public}s.", GetAnonyString(srcUdid).c_str(), caller.userId,
3401 caller.pkgName.c_str(), GetAnonyString(caller.accountId).c_str(),
3402 GetAnonyString(sinkUdid).c_str(), callee.userId, callee.pkgName.c_str(),
3403 GetAnonyString(callee.accountId).c_str());
3404 std::vector<AccessControlProfile> profiles = GetAllAccessControlProfile();
3405 std::string localUdid = GetLocalDeviceId();
3406 std::string trustUdid = (localUdid == srcUdid ? sinkUdid : srcUdid);
3407 for (const auto &item : profiles) {
3408 PrintProfile(item);
3409 if (item.GetTrustDeviceId() != trustUdid || item.GetStatus() != ACTIVE ||
3410 item.GetBindType() != DM_IDENTICAL_ACCOUNT) {
3411 continue;
3412 }
3413 if (CheckSrcAcuntAccessControl(item, caller, srcUdid, callee, sinkUdid)) {
3414 return true;
3415 }
3416 }
3417 return false;
3418 }
3419
CheckSinkIsSameAccount(const DmAccessCaller & caller,const std::string & srcUdid,const DmAccessCallee & callee,const std::string & sinkUdid)3420 DM_EXPORT bool DeviceProfileConnector::CheckSinkIsSameAccount(const DmAccessCaller &caller, const std::string &srcUdid,
3421 const DmAccessCallee &callee, const std::string &sinkUdid)
3422 {
3423 LOGI("srcUdid %{public}s, srcUserId %{public}d, srcPkgName %{public}s,"
3424 "srcAccountId %{public}s, sinkUdid %{public}s, sinkUserId %{public}d, sinkPkgName %{public}s,"
3425 "sinkAccountId %{public}s.", GetAnonyString(srcUdid).c_str(), caller.userId,
3426 caller.pkgName.c_str(), GetAnonyString(caller.accountId).c_str(),
3427 GetAnonyString(sinkUdid).c_str(), callee.userId, callee.pkgName.c_str(),
3428 GetAnonyString(callee.accountId).c_str());
3429 std::vector<AccessControlProfile> profiles = GetAllAccessControlProfile();
3430 std::string localUdid = GetLocalDeviceId();
3431 std::string trustUdid = (localUdid == srcUdid ? sinkUdid : srcUdid);
3432 for (const auto &item : profiles) {
3433 PrintProfile(item);
3434 if (item.GetTrustDeviceId() != trustUdid || item.GetStatus() != ACTIVE ||
3435 item.GetBindType() != DM_IDENTICAL_ACCOUNT) {
3436 continue;
3437 }
3438 if (CheckSinkAcuntAccessControl(item, caller, srcUdid, callee, sinkUdid)) {
3439 return true;
3440 }
3441 }
3442 return false;
3443 }
3444
DeleteHoDevice(const std::string & peerUdid,const std::vector<int32_t> & foreGroundUserIds,const std::vector<int32_t> & backGroundUserIds)3445 DM_EXPORT void DeviceProfileConnector::DeleteHoDevice(const std::string &peerUdid,
3446 const std::vector<int32_t> &foreGroundUserIds, const std::vector<int32_t> &backGroundUserIds)
3447 {
3448 if (peerUdid.empty() || foreGroundUserIds.empty() || backGroundUserIds.empty()) {
3449 LOGE("invalid input param.");
3450 return;
3451 }
3452 std::vector<int32_t> localUserIds(foreGroundUserIds.begin(), foreGroundUserIds.end());
3453 std::copy(backGroundUserIds.begin(), backGroundUserIds.end(), std::back_inserter(localUserIds));
3454 std::vector<AccessControlProfile> profiles = GetAllAccessControlProfile();
3455 std::string localUdid = GetLocalDeviceId();
3456 for (const auto &item : profiles) {
3457 if (peerUdid != item.GetTrustDeviceId() || item.GetBindType() == DM_IDENTICAL_ACCOUNT) {
3458 continue;
3459 }
3460 std::string acerDeviceId = item.GetAccesser().GetAccesserDeviceId();
3461 int32_t acerUserId = item.GetAccesser().GetAccesserUserId();
3462 std::string acerPkgName = item.GetAccesser().GetAccesserBundleName();
3463 std::string aceeDeviceId = item.GetAccessee().GetAccesseeDeviceId();
3464 int32_t aceeUserId = item.GetAccessee().GetAccesseeUserId();
3465 std::string aceePkgName = item.GetAccessee().GetAccesseeBundleName();
3466
3467 if (localUdid == acerDeviceId && peerUdid == aceeDeviceId && !CheckExtWhiteList(acerPkgName) &&
3468 std::find(localUserIds.begin(), localUserIds.end(), acerUserId) != localUserIds.end()) {
3469 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId());
3470 continue;
3471 }
3472 if (peerUdid == acerDeviceId && localUdid == aceeDeviceId && !CheckExtWhiteList(aceePkgName) &&
3473 std::find(localUserIds.begin(), localUserIds.end(), aceeUserId) != localUserIds.end()) {
3474 DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(item.GetAccessControlId());
3475 continue;
3476 }
3477 }
3478 }
3479
CheckExtWhiteList(const std::string & pkgName)3480 bool DeviceProfileConnector::CheckExtWhiteList(const std::string &pkgName)
3481 {
3482 LOGI("start pkgName %{public}s.", pkgName.c_str());
3483 if (pkgName.empty()) {
3484 LOGE("bundleName empty.");
3485 return false;
3486 }
3487 for (uint32_t index = 0 ; index < AUTH_EXT_WHITE_LIST_NUM ; index++) {
3488 if (pkgName == g_extWhiteList[index]) {
3489 return true;
3490 }
3491 }
3492 return false;
3493 }
3494
IsAllowAuthAlways(const std::string & localUdid,int32_t userId,const std::string & peerUdid,const std::string & pkgName,int64_t tokenId)3495 bool DeviceProfileConnector::IsAllowAuthAlways(const std::string &localUdid, int32_t userId,
3496 const std::string &peerUdid, const std::string &pkgName, int64_t tokenId)
3497 {
3498 auto acls = GetAclProfileByDeviceIdAndUserId(localUdid, userId, peerUdid);
3499 for (const auto &item : acls) {
3500 auto accesser = item.GetAccesser();
3501 auto accessee = item.GetAccessee();
3502 if (item.GetAuthenticationType() == ALLOW_AUTH_ALWAYS &&
3503 ((accesser.GetAccesserBundleName() == pkgName && accesser.GetAccesserTokenId() == tokenId) ||
3504 (accessee.GetAccesseeBundleName() == pkgName && accessee.GetAccesseeTokenId() == tokenId))) {
3505 return true;
3506 }
3507 }
3508 return false;
3509 }
3510
CreateDpConnectorInstance()3511 IDeviceProfileConnector *CreateDpConnectorInstance()
3512 {
3513 return &DeviceProfileConnector::GetInstance();
3514 }
3515 } // namespace DistributedHardware
3516 } // namespace OHOS
3517