From 6620f5d5a8320df2cd2892814b0f02f82375a9bc Mon Sep 17 00:00:00 2001 From: libaoshan1 Date: Tue, 22 Jul 2025 16:21:27 +0800 Subject: [PATCH 1/2] check user file path whether vlaid. Signed-off-by: libaoshan1 --- credential/credential_base.cpp | 26 +++++++++++++ credential/credential_base.h | 16 ++++++++ credential/hdc_subscriber.cpp | 63 ++++++++++++++++++++++--------- credential/hdc_subscriber.h | 2 +- credential/main.cpp | 4 ++ src/daemon/etc/hdc_credential.cfg | 5 ++- 6 files changed, 97 insertions(+), 19 deletions(-) diff --git a/credential/credential_base.cpp b/credential/credential_base.cpp index 7109c014..14d429b6 100644 --- a/credential/credential_base.cpp +++ b/credential/credential_base.cpp @@ -85,6 +85,7 @@ int RemovePath(const std::string& path) WRITE_LOG(LOG_INFO, "RemoveDir rc:%d path:%s", rc, path.c_str()); return rc; } + WRITE_LOG(LOG_DEBUG, "Directory removed successfully."); return 0; } @@ -107,4 +108,29 @@ const std::string StringFormat(const char* const formater, va_list& vaArgs) } else { return std::string(args.data(), retSize); } +} + +bool CreatePathWithMode(const char* path, mode_t mode) +{ + if (::mkdir(path, mode) != 0) { + WRITE_LOG(LOG_FATAL, "Failed to create directory ,error is :%s", strerror(errno)); + return false; + } + if (::chmod(path, mode) != 0) { + WRITE_LOG(LOG_FATAL, "Failed to set directory permissions, error is :%s", strerror(errno)); + return false; + } + WRITE_LOG(LOG_DEBUG, "Directory created successfully."); + return true; +} + +bool IsUserDir(const std::string& dir) +{ + int userId; + try { + userId = std::stoi(dir); + } catch (const std::invalid_argument&) { + userId = 0; + } + return userId >= MIN_USER_ID && userId <= MAX_USER_ID; } \ No newline at end of file diff --git a/credential/credential_base.h b/credential/credential_base.h index 75ffb6ea..2f9f1df2 100644 --- a/credential/credential_base.h +++ b/credential/credential_base.h @@ -18,6 +18,7 @@ #include #include #include +#include #include #include #include @@ -48,11 +49,26 @@ constexpr uint32_t MAX_SIZE_IOBUF_STABLE = 60 * 1024; // 60KB, compatible with p static const char* HDC_CREDENTIAL_SOCKET_REAL_PATH = "/data/service/el1/public/hdc_server/hdc_common/hdc_credential.socket"; constexpr uint8_t CMD_ARG1_COUNT = 2; +constexpr int MIN_USER_ID = 100; +constexpr int MAX_USER_ID = 10736; int RemoveDir(const std::string& dir); int RemovePath(const std::string& path); const std::string StringFormat(const char* const formater, ...); const std::string StringFormat(const char* const formater, va_list& vaArgs); char GetPathSep(); +bool CreatePathWithMode(const char* path, mode_t mode); +bool IsUserDir(const std::string& dir); + +/* calculate the difference of two vector, return the vector of a - b. */ +template +std::vector Minus(const std::vector& a, const std::vector& b) +{ + std::set aSet(a.begin(), a.end()); + std::set bSet(b.begin(), b.end()); + std::vector diff; + std::set_difference(aSet.begin(), aSet.end(), bSet.begin(), bSet.end(), std::back_inserter(diff)); + return diff; +} #endif // HDC_CREDENTIAL_BASE_H \ No newline at end of file diff --git a/credential/hdc_subscriber.cpp b/credential/hdc_subscriber.cpp index 97cc5444..ba0e67c1 100644 --- a/credential/hdc_subscriber.cpp +++ b/credential/hdc_subscriber.cpp @@ -12,36 +12,31 @@ * See the License for the specific language governing permissions and * limitations under the License. */ +#include #include "credential_base.h" #include "hdc_subscriber.h" using namespace Hdc; using namespace OHOS::AccountSA; +namespace fs = std::filesystem; + +namespace { + static const std::string g_prefixPath = "/data/service/el1/public/hdc_server/"; + static const mode_t g_mode = (S_IRWXU | S_IRWXG | S_IXOTH | S_ISGID); +} void HdcSubscriber::OnStateChanged(const OHOS::AccountSA::OsAccountStateData& data) { WRITE_LOG(LOG_INFO, "Recv data.state:%d, data.toId:%d", data.state, data.toId); - std::string strId = std::to_string(data.toId); - std::string path = std::string("/data/service/el1/public/hdc_server/") + - strId; - mode_t mode = (S_IRWXU | S_IRWXG | S_IXOTH | S_ISGID); - + std::string path = g_prefixPath + std::to_string(data.toId); switch (data.state) { case OsAccountState::CREATED: - if (::mkdir(path.c_str(), mode) != 0) { - WRITE_LOG(LOG_FATAL, "Failed to create directory ,error is :%s", strerror(errno)); - break; + if (CreatePathWithMode(path.c_str(), g_mode) != 0) { + WRITE_LOG(LOG_FATAL, "Failed to create directory, error is:%s", strerror(errno)); } - if (::chmod(path.c_str(), mode) != 0) { - WRITE_LOG(LOG_FATAL, "Failed to set directory permissions, error is :%s", strerror(errno)); - break; - } - WRITE_LOG(LOG_DEBUG, "Directory created successfully."); break; case OsAccountState::REMOVED: - if (RemovePath(path.c_str()) == 0) { - WRITE_LOG(LOG_DEBUG, "Directory removed successfully."); - } else { + if (RemovePath(path.c_str()) != 0) { WRITE_LOG(LOG_FATAL, "Failed to remove directory, error is:%s", strerror(errno)); } break; @@ -49,7 +44,6 @@ void HdcSubscriber::OnStateChanged(const OHOS::AccountSA::OsAccountStateData& da WRITE_LOG(LOG_FATAL, "This state is not support,state is:%d", data.state); break; } - return; } void HdcSubscriber::OnAccountsChanged(const int& id) @@ -81,4 +75,39 @@ int HdcAccountSubscriberMonitor() } return 0; +} + +void FreshAccountsPath() +{ + std::vector osAccountInfos; + OHOS::ErrCode err = OHOS::AccountSA::OsAccountManager::QueryActiveOsAccountIds(osAccountInfos); + if (err != 0) { + WHITE_LOG(LOG_FATAL, "QueryActiveOsAccountIds failed, error is:%d", err); + return; + } + std::vector existUserIds; + for (const auto& info : osAccountInfos) { + existUserIds.push_back(std::to_string(info.GetLocalId())); + } + std::vector existUserDirs; + for (const auto& entry : fs::directory_iterator(g_prefixPath)) { + std::string dir = entry.path().filename().string(); + if (IsUserDir(dir)) { + existUserDirs.push_back(dir); + } + } + std::vector needCreate = Minus(existUserIds, existUserDirs); + std::vector needRemove = Minus(existUserDirs, existUserIds); + for (const auto& item : needCreate) { + std::string path = g_prefixPath + item; + if (!CreatePathWithMode(path.c_str(), g_mode)) { + WRITE_LOG(LOG_FATAL, "Failed to create directory, error is:%s", strerror(errno)); + } + } + for (const auto& item : needRemove) { + std::string path = g_prefixPath + item; + if (RemovePath(path.c_str()) != 0) { + WRITE_LOG(LOG_FATAL, "Failed to remove directory, error is:%s", strerror(errno)); + } + } } \ No newline at end of file diff --git a/credential/hdc_subscriber.h b/credential/hdc_subscriber.h index 091db27a..2cef3b28 100644 --- a/credential/hdc_subscriber.h +++ b/credential/hdc_subscriber.h @@ -28,5 +28,5 @@ public: }; int HdcAccountSubscriberMonitor(); - +void FreshAccountsPath(); #endif // HDC_SUBSCRIBER_H \ No newline at end of file diff --git a/credential/main.cpp b/credential/main.cpp index 11cc4bde..3e18f3d3 100644 --- a/credential/main.cpp +++ b/credential/main.cpp @@ -228,6 +228,10 @@ int main(int argc, const char *argv[]) WRITE_LOG(LOG_FATAL, "HdcAccountSubscriberMonitor failed"); return 0; } + + // fresh all accounts path when process restart. + FreshAccountsPath(); + int sockfd = CreateAndBindSocket(HDC_CREDENTIAL_SOCKET_REAL_PATH); if (sockfd < 0) { WRITE_LOG(LOG_FATAL, "Failed to create and bind socket."); diff --git a/src/daemon/etc/hdc_credential.cfg b/src/daemon/etc/hdc_credential.cfg index 5bcc5a84..2a110830 100644 --- a/src/daemon/etc/hdc_credential.cfg +++ b/src/daemon/etc/hdc_credential.cfg @@ -25,7 +25,10 @@ "gid" : "hdc" }], "apl" : "normal", - "permission" : [ "ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS" ], + "permission" : [ + "ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS", + "ohos.permission.MANAGE_LOCAL_ACCOUNTS" + ], "sandbox" : 0, "start-mode" : "condition", "secon" : "u:r:hdc_credential:s0", -- Gitee From 6c87c2731d03dd5de3ad16e4960c1c18fb75a1fd Mon Sep 17 00:00:00 2001 From: libaoshan1 Date: Wed, 23 Jul 2025 14:13:22 +0800 Subject: [PATCH 2/2] change method name Signed-off-by: libaoshan1 --- credential/hdc_subscriber.cpp | 6 +++--- src/common/password.cpp | 6 ++++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/credential/hdc_subscriber.cpp b/credential/hdc_subscriber.cpp index 223328e7..a64d386b 100644 --- a/credential/hdc_subscriber.cpp +++ b/credential/hdc_subscriber.cpp @@ -80,9 +80,9 @@ int HdcAccountSubscriberMonitor() void FreshAccountsPath() { std::vector osAccountInfos; - OHOS::ErrCode err = OHOS::AccountSA::OsAccountManager::QueryActiveOsAccountIds(osAccountInfos); + OHOS::ErrCode err = OHOS::AccountSA::OsAccountManager::QueryAllCreatedOsAccounts(osAccountInfos); if (err != 0) { - WHITE_LOG(LOG_FATAL, "QueryActiveOsAccountIds failed, error is:%d", err); + WRITE_LOG(LOG_FATAL, "QueryAllCreatedOsAccounts failed, error is:%d", err); return; } std::vector existUserIds; @@ -92,7 +92,7 @@ void FreshAccountsPath() std::vector existUserDirs; for (const auto& entry : fs::directory_iterator(USER_DIR_PREFIX_PATH)) { std::string dir = entry.path().filename().string(); - if (IsUserDir(dir)) { + if (HdcCredentialBase::IsUserDir(dir)) { existUserDirs.push_back(dir); } } diff --git a/src/common/password.cpp b/src/common/password.cpp index e9c5457e..23cc0ac7 100644 --- a/src/common/password.cpp +++ b/src/common/password.cpp @@ -286,9 +286,11 @@ bool HdcPassword::DecryptPwd(std::vector& encryptData) bool HdcPassword::EncryptPwd(void) { - std::vector encryptData; ClearEncryptPwd(); - encryptData = EncryptGetPwdValue(pwd, PASSWORD_LENGTH); + std::vector encryptData = EncryptGetPwdValue(pwd, PASSWORD_LENGTH); + if (encryptData.size() == 0) { + return false; + } ByteToHex(encryptData); return true; } -- Gitee