1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #define LOG_TAG "PreProcessUtils"
16
17 #include "preprocess_utils.h"
18
19 #include <random>
20 #include <sstream>
21
22 #include "accesstoken_kit.h"
23 #include "bundlemgr/bundle_mgr_client_impl.h"
24 #include "device_manager_adapter.h"
25 #include "error_code.h"
26 #include "file.h"
27 #include "ipc_skeleton.h"
28 #include "log_print.h"
29 #include "remote_file_share.h"
30 #include "uri.h"
31 #include "utils/crypto.h"
32 namespace OHOS {
33 namespace UDMF {
34 static constexpr int ID_LEN = 32;
35 static constexpr int MINIMUM = 48;
36 static constexpr int MAXIMUM = 121;
37 const char SPECIAL = '^';
38 const std::string PERMISSION_PROXY_AUTHORIZATION_URI = "ohos.permission.PROXY_AUTHORIZATION_URI";
39 using namespace Security::AccessToken;
40 using namespace OHOS::AppFileService::ModuleRemoteFileShare;
41
RuntimeDataImputation(UnifiedData & data,CustomOption & option)42 int32_t PreProcessUtils::RuntimeDataImputation(UnifiedData &data, CustomOption &option)
43 {
44 auto it = UD_INTENTION_MAP.find(option.intention);
45 if (it == UD_INTENTION_MAP.end()) {
46 return E_ERROR;
47 }
48 std::string bundleName;
49 GetHapBundleNameByToken(option.tokenId, bundleName);
50 std::string intention = it->second;
51 UnifiedKey key(intention, bundleName, GenerateId());
52 Privilege privilege;
53 privilege.tokenId = option.tokenId;
54 Runtime runtime;
55 runtime.key = key;
56 runtime.privileges.emplace_back(privilege);
57 runtime.createTime = GetTimestamp();
58 runtime.sourcePackage = bundleName;
59 runtime.createPackage = bundleName;
60 runtime.deviceId = GetLocalDeviceId();
61 runtime.recordTotalNum = static_cast<uint32_t>(data.GetRecords().size());
62 data.SetRuntime(runtime);
63 return E_OK;
64 }
65
GenerateId()66 std::string PreProcessUtils::GenerateId()
67 {
68 std::vector<uint8_t> randomDevices = DistributedData::Crypto::Random(ID_LEN, MINIMUM, MAXIMUM);
69 std::stringstream idStr;
70 for (auto &randomDevice : randomDevices) {
71 auto asc = randomDevice;
72 asc = asc >= SPECIAL ? asc + 1 : asc;
73 idStr << static_cast<uint8_t>(asc);
74 }
75 return idStr.str();
76 }
77
GetTimestamp()78 time_t PreProcessUtils::GetTimestamp()
79 {
80 std::chrono::time_point<std::chrono::system_clock, std::chrono::milliseconds> tp =
81 std::chrono::time_point_cast<std::chrono::milliseconds>(std::chrono::system_clock::now());
82 time_t timestamp = tp.time_since_epoch().count();
83 return timestamp;
84 }
85
GetHapUidByToken(uint32_t tokenId)86 int32_t PreProcessUtils::GetHapUidByToken(uint32_t tokenId)
87 {
88 Security::AccessToken::HapTokenInfo tokenInfo;
89 auto result = Security::AccessToken::AccessTokenKit::GetHapTokenInfo(tokenId, tokenInfo);
90 if (result != Security::AccessToken::AccessTokenKitRet::RET_SUCCESS) {
91 ZLOGE("GetHapUidByToken failed, result = %{public}d.", result);
92 return E_ERROR;
93 }
94 return tokenInfo.userID;
95 }
96
GetHapBundleNameByToken(int tokenId,std::string & bundleName)97 bool PreProcessUtils::GetHapBundleNameByToken(int tokenId, std::string &bundleName)
98 {
99 Security::AccessToken::HapTokenInfo hapInfo;
100 if (Security::AccessToken::AccessTokenKit::GetHapTokenInfo(tokenId, hapInfo)
101 != Security::AccessToken::AccessTokenKitRet::RET_SUCCESS) {
102 return false;
103 }
104 bundleName = hapInfo.bundleName;
105 return true;
106 }
107
GetNativeProcessNameByToken(int tokenId,std::string & processName)108 bool PreProcessUtils::GetNativeProcessNameByToken(int tokenId, std::string &processName)
109 {
110 Security::AccessToken::NativeTokenInfo nativeInfo;
111 if (Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(tokenId, nativeInfo)
112 != Security::AccessToken::AccessTokenKitRet::RET_SUCCESS) {
113 return false;
114 }
115 processName = nativeInfo.processName;
116 return true;
117 }
118
GetLocalDeviceId()119 std::string PreProcessUtils::GetLocalDeviceId()
120 {
121 auto info = DistributedData::DeviceManagerAdapter::GetInstance().GetLocalDevice();
122 std::string encryptedUuid = DistributedData::DeviceManagerAdapter::GetInstance().CalcClientUuid(" ", info.uuid);
123 return encryptedUuid;
124 }
125
SetRemoteData(UnifiedData & data)126 void PreProcessUtils::SetRemoteData(UnifiedData &data)
127 {
128 if (data.IsEmpty()) {
129 ZLOGD("invalid data.");
130 return;
131 }
132 std::shared_ptr<Runtime> runtime = data.GetRuntime();
133 if (runtime->deviceId == GetLocalDeviceId()) {
134 ZLOGD("not remote data.");
135 return;
136 }
137 ZLOGD("is remote data.");
138 auto records = data.GetRecords();
139 for (auto record : records) {
140 auto type = record->GetType();
141 if (IsFileType(type)) {
142 auto file = static_cast<File *>(record.get());
143 UDDetails details = file->GetDetails();
144 details.insert({ "isRemote", "true" });
145 file->SetDetails(details);
146 }
147 }
148 }
149
IsFileType(UDType udType)150 bool PreProcessUtils::IsFileType(UDType udType)
151 {
152 return (udType == UDType::FILE || udType == UDType::IMAGE || udType == UDType::VIDEO || udType == UDType::AUDIO
153 || udType == UDType::FOLDER);
154 }
155
SetRemoteUri(uint32_t tokenId,UnifiedData & data)156 int32_t PreProcessUtils::SetRemoteUri(uint32_t tokenId, UnifiedData &data)
157 {
158 int32_t userId = GetHapUidByToken(tokenId);
159 std::string bundleName = data.GetRuntime()->createPackage;
160 for (const auto &record : data.GetRecords()) {
161 if (record != nullptr && IsFileType(record->GetType())) {
162 auto file = static_cast<File *>(record.get());
163 if (file->GetUri().empty()) {
164 ZLOGW("Get uri empty, plase check the uri.");
165 continue;
166 }
167 Uri uri(file->GetUri());
168 if (uri.GetAuthority().empty()) {
169 ZLOGW("Get uri authority empty.");
170 continue;
171 }
172 if (uri.GetAuthority() != bundleName
173 && !VerifyCallingPermission(tokenId, PERMISSION_PROXY_AUTHORIZATION_URI)) {
174 ZLOGE("No auth to handle this uri, authority=%{public}s, bundleName=%{public}s.",
175 uri.GetAuthority().c_str(), bundleName.c_str());
176 return E_NO_PERMISSION;
177 }
178 struct HmdfsUriInfo dfsUriInfo;
179 int ret = RemoteFileShare::GetDfsUriFromLocal(file->GetUri(), userId, dfsUriInfo);
180 if (ret != 0 || dfsUriInfo.uriStr.empty()) {
181 ZLOGE("Get remoteUri failed, ret = %{public}d, userId: %{public}d.", ret, userId);
182 return E_FS_ERROR;
183 }
184 file->SetRemoteUri(dfsUriInfo.uriStr);
185 }
186 }
187 return E_OK;
188 }
189
VerifyCallingPermission(uint32_t tokenId,const std::string & permissionName)190 bool PreProcessUtils::VerifyCallingPermission(uint32_t tokenId, const std::string &permissionName)
191 {
192 int32_t ret = Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenId, permissionName);
193 if (ret != Security::AccessToken::PermissionState::PERMISSION_GRANTED) {
194 ZLOGE("Permission %{public}s: PERMISSION_DENIED, ret=%{public}d ", permissionName.c_str(), ret);
195 return false;
196 }
197 ZLOGD("Verify AccessToken success, %{public}s", permissionName.c_str());
198 return true;
199 }
200 } // namespace UDMF
201 } // namespace OHOS