From 64ddbb90f202c0d93b0e0c14897af1c06782c2e8 Mon Sep 17 00:00:00 2001 From: yangliu Date: Sat, 2 Nov 2024 18:44:58 +0800 Subject: [PATCH 01/17] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E5=90=8C=E6=AD=A5?= =?UTF-8?q?=E8=AE=A4=E8=AF=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: yangliu --- .../src/device_manager_adapter.cpp | 9 +++ .../include/communicator/commu_types.h | 20 +++++ .../communicator/device_manager_adapter.h | 3 + .../src/session_manager/session_manager.cpp | 76 +++++++++++++------ .../app/src/session_manager/session_manager.h | 6 +- .../service/kvdb/auth_delegate.cpp | 37 +++++++-- .../service/kvdb/auth_delegate.h | 5 +- 7 files changed, 124 insertions(+), 32 deletions(-) diff --git a/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp b/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp index cd9f85c72..6dd873b0e 100644 --- a/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp +++ b/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp @@ -757,4 +757,13 @@ bool DeviceManagerAdapter::IsSameAccount(const std::string &id) auto networkId = DeviceManagerAdapter::GetInstance().ToNetworkID(id); return DeviceManager::GetInstance().IsSameAccount(networkId); } + +bool DeviceManagerAdapter::CheckAccessControl(const AccessCaller &accCaller, const AccessCallee &accCallee) +{ + DmAccessCaller dmAccessCaller = { .accountId = accCaller.accountId, .pkgName = accCaller.bundleName, + .networkId = accCaller.networkId, .userId = accCaller.userId }; + DmAccessCallee dmAccessCallee = { .userId = accCallee.userId, .accountId = accCallee.accountId, + .networkId = accCallee.networkId }; + return DeviceManager::GetInstance().CheckAccessControl(dmAccessCaller, dmAccessCallee); +} } // namespace OHOS::DistributedData diff --git a/services/distributeddataservice/adapter/include/communicator/commu_types.h b/services/distributeddataservice/adapter/include/communicator/commu_types.h index afe722867..9625f7db5 100644 --- a/services/distributeddataservice/adapter/include/communicator/commu_types.h +++ b/services/distributeddataservice/adapter/include/communicator/commu_types.h @@ -30,6 +30,26 @@ struct API_EXPORT DeviceInfo { int32_t authForm; }; +struct API_EXPORT AccessCaller { + std::string accountId; + std::string bundleName; + std::string networkId; + int32_t userId; +}; + +struct API_EXPORT AccessCallee { + std::string accountId; + std::string networkId; + int32_t userId; +}; + +struct API_EXPORT AclParams { + AccessCaller accCaller; + AccessCallee accCallee; + bool isSendStatus = true; + int32_t authType = 0; +}; + enum RouteType : int32_t { INVALID_ROUTE_TYPE = -1, ROUTE_TYPE_ALL = 0, diff --git a/services/distributeddataservice/adapter/include/communicator/device_manager_adapter.h b/services/distributeddataservice/adapter/include/communicator/device_manager_adapter.h index 7c99f1fb9..ad6421c41 100644 --- a/services/distributeddataservice/adapter/include/communicator/device_manager_adapter.h +++ b/services/distributeddataservice/adapter/include/communicator/device_manager_adapter.h @@ -50,6 +50,8 @@ public: using AppDeviceChangeListener = OHOS::AppDistributedKv::AppDeviceChangeListener; using Status = OHOS::DistributedKv::Status; using Time = std::chrono::steady_clock::time_point; + using AccessCaller = OHOS::AppDistributedKv::AccessCaller; + using AccessCallee = OHOS::AppDistributedKv::AccessCallee; static DeviceManagerAdapter &GetInstance(); static constexpr const char *CLOUD_DEVICE_UUID = "cloudDeviceUuid"; static constexpr const char *CLOUD_DEVICE_UDID = "cloudDeviceUdid"; @@ -78,6 +80,7 @@ public: NetworkType GetNetworkType(bool retrieve = false); int32_t GetAuthType(const std::string& id); bool IsSameAccount(const std::string &id); + bool CheckAccessControl(const AccessCaller &accCaller, const AccessCallee &accCallee); friend class DataMgrDmStateCall; friend class NetConnCallbackObserver; diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.cpp b/services/distributeddataservice/app/src/session_manager/session_manager.cpp index d46217a47..c613182b5 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.cpp +++ b/services/distributeddataservice/app/src/session_manager/session_manager.cpp @@ -28,8 +28,10 @@ #include "utils/anonymous.h" #include "utils/converter.h" #include "types.h" +#include "device_manager_adapter.h" namespace OHOS::DistributedData { using namespace OHOS::DistributedKv; +using DmAdapter = OHOS::DistributedData::DeviceManagerAdapter; SessionManager &SessionManager::GetInstance() { static SessionManager instance; @@ -58,17 +60,15 @@ Session SessionManager::GetSession(const SessionPoint &from, const std::string & } } - std::string bundleName = ""; - int32_t authType = static_cast(AuthType::DEFAULT); - if (!GetAuthParams(from, bundleName, authType)) { - ZLOGE("GetAuthParams failed"); + AclParams aclParams; + if (!GetAuthParams(from, targetDeviceId, aclParams)) { return session; } for (const auto &user : users) { bool isPermitted = AuthDelegate::GetInstance()->CheckAccess(from.userId, user.id, - targetDeviceId, authType); - ZLOGD("access to peer user %{public}d is %{public}d", user.id, isPermitted); + targetDeviceId, aclParams); + ZLOGI("access to peer user %{public}d is %{public}d", user.id, isPermitted); if (isPermitted) { auto it = std::find(session.targetUserIds.begin(), session.targetUserIds.end(), user.id); if (it == session.targetUserIds.end()) { @@ -80,36 +80,64 @@ Session SessionManager::GetSession(const SessionPoint &from, const std::string & return session; } -bool SessionManager::GetAuthParams(const SessionPoint &from, std::string &bundleName, int32_t &auth) const +bool SessionManager::GetAuthParams(const SessionPoint &from, const std::string &targetDeviceId, + AclParams &aclParams, int32_t peerUser) const { std::vector metaData; - if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ from.deviceId }), metaData)) { - ZLOGW("load meta failed, deviceId:%{public}s", Anonymous::Change(from.deviceId).c_str()); - return false; - } - for (const auto &storeMeta : metaData) { - if (storeMeta.appId == from.appId) { - bundleName = storeMeta.bundleName; - auth = storeMeta.authType; - break; + if (aclParams.isSendStatus) { + if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ from.deviceId }), metaData)) { + ZLOGW("load meta failed, deviceId:%{public}s", Anonymous::Change(from.deviceId).c_str()); + return false; + } + for (const auto &storeMeta : metaData) { + if (storeMeta.appId == from.appId && storeMeta.storeId == from.storeId) { + aclParams.accCaller.bundleName = storeMeta.bundleName; + aclParams.accCaller.accountId = AccountDelegate::GetInstance()->GetCurrentAccountId(); + aclParams.accCaller.userId = from.userId; + aclParams.accCaller.networkId = DmAdapter::GetInstance().ToNetworkID(from.deviceId); + + aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId); + aclParams.authType = storeMeta.authType; + break; + } + } + } else { + if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ targetDeviceId }), metaData)) { + ZLOGW("load meta failed, deviceId:%{public}s", Anonymous::Change(ftargetDeviceId).c_str()); + return false; + } + for (const auto &storeMeta : metaData) { + if (storeMeta.appId == from.appId) { + auto accountId = AccountDelegate::GetInstance()->GetCurrentAccountId(); + aclParams.accCaller.bundleName = storeMeta.bundleName; + aclParams.accCaller.accountId = accountId; + aclParams.accCaller.userId = from.userId; + aclParams.accCaller.networkId = DmAdapter::GetInstance().ToNetworkID(from.deviceId); + + aclParams.accCallee.accountId = accountId; + aclParams.accCallee.userId = peerUser; + aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(ftargetDeviceId); + aclParams.authType = storeMeta.authType; + break; + } } } - if (bundleName.empty()) { - ZLOGE("not find bundleName"); - return false; + + if (aclParams.accCaller.bundleName.empty() || metaData.empty()) { + ZLOGE("none bundleName or metadata, appId:%{public}s, isSendStatus:%{public}d, metaData size:%{public}zu", + from.appId.c_str, aclParams.isSendStatus, metaData.size()); } return true; } bool SessionManager::CheckSession(const SessionPoint &from, const SessionPoint &to) const { - std::string bundleName = ""; - int32_t authType = static_cast(AuthType::DEFAULT); - if (!GetAuthParams(from, bundleName, authType)) { - ZLOGE("GetAuthParams failed"); + AclParams aclParams; + aclParams.isSendStatus = false + if (!GetAuthParams(from, to.deviceId, aclParams, to.userId)) { return false; } - return AuthDelegate::GetInstance()->CheckAccess(from.userId, to.userId, to.deviceId, authType, false); + return AuthDelegate::GetInstance()->CheckAccess(from.userId, to.userId, to.deviceId, aclParams); } bool Session::Marshal(json &node) const diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.h b/services/distributeddataservice/app/src/session_manager/session_manager.h index 43c6312f7..5933cd51f 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.h +++ b/services/distributeddataservice/app/src/session_manager/session_manager.h @@ -20,8 +20,9 @@ #include #include "serializable/serializable.h" - +#include "commu_types.h" namespace OHOS::DistributedData { +using AclParams = OHOS::AppDistributedKv::AclParams; struct SessionPoint { std::string deviceId; uint32_t userId; @@ -50,7 +51,8 @@ public: Session GetSession(const SessionPoint &from, const std::string &targetDeviceId) const; bool CheckSession(const SessionPoint &from, const SessionPoint &to) const; private: - bool GetAuthParams(const SessionPoint &from, std::string &bundleName, int32_t &auth) const; + bool GetAuthParams(const SessionPoint &from, std::string &targetDeviceId, + AclParams &aclParams, int peerUser = 0) const; }; } // namespace OHOS::DistributedData diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.cpp b/services/distributeddataservice/service/kvdb/auth_delegate.cpp index fc72e1cfc..b28128b15 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.cpp +++ b/services/distributeddataservice/service/kvdb/auth_delegate.cpp @@ -32,14 +32,20 @@ public: // override for mock auth in current version, need remove in the future bool CheckAccess( int localUserId, int peerUserId, const std::string &peerDeviceId, - int32_t authType, bool isSend = true) override; + const AclParams &aclParams) override; private: bool IsUserActive(const std::vector &users, int32_t userId); bool CheckUsers(int localUserId, int peerUserId, const std::string &peerDeviceId); + bool IsSystemUser(int localUserId, int peerUserId); static constexpr pid_t UID_CAPACITY = 10000; static constexpr int SYSTEM_USER = 0; }; +bool AuthHandlerStub::IsSystemUser(int localUserId, int peerUserId) +{ + return localUserId == SYSTEM_USER && peerUserId == SYSTEM_USER; +} + bool AuthHandlerStub::CheckUsers(int localUserId, int peerUserId, const std::string &peerDeviceId) { if (localUserId == SYSTEM_USER) { @@ -51,12 +57,33 @@ bool AuthHandlerStub::CheckUsers(int localUserId, int peerUserId, const std::str return peerUserId != SYSTEM_USER && IsUserActive(localUsers, localUserId) && IsUserActive(peerUsers, peerUserId); } -bool AuthHandlerStub::CheckAccess( - int localUserId, int peerUserId, const std::string &peerDeviceId, int32_t authType, bool isSend) +bool AuthHandlerStub::CheckAccess(int localUserId, int peerUserId, const std::string &peerDeviceId, + const AclParams &aclParams) { - if (authType == static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT) && + if (!DmAdapter::GetInstance().IsOHOSType(peerDeviceId)) { + return CheckUsers(localUserId, peerUserId, peerDeviceId); + } + if (aclParams.authType == static_cast(DistributedKv::AuthType::DEFAULT)) { + if (IsSystemUser(localUserId, peerUserId)) { + return true; + } + if (!CheckUsers(localUserId, peerUserId, peerDeviceId)) { + return false; + } + if (DmAdapter::GetInstance().IsSameAccount(peerDeviceId)) { + return true; + } + if (DmAdapter::GetInstance().CheckAccessControl(aclParams.accCaller, aclParams.accCallee)) { + return true; + } + ZLOGE("CheckAccess failed. bundleName:%{public}s, localUser:%{public}d, peerUser:%{public}d", + aclParams.accCaller.bundleName.c_str(), localUserId, peerUserId); + return false; + } + + if (aclParams.authType == static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT) && !DmAdapter::GetInstance().IsSameAccount(peerDeviceId)) { - ZLOGE("CheckAccess failed."); + ZLOGE("CheckAccess failed. not same"); return false; } return CheckUsers(localUserId, peerUserId, peerDeviceId); diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.h b/services/distributeddataservice/service/kvdb/auth_delegate.h index 11a931993..434389831 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.h +++ b/services/distributeddataservice/service/kvdb/auth_delegate.h @@ -20,7 +20,9 @@ #include "metadata/user_meta_data.h" #include "serializable/serializable.h" +#include "commu_types.h" namespace OHOS::DistributedData { +using AclParams = OHOS::AppDistributedKv::AclParams; enum AUTH_GROUP_TYPE { ALL_GROUP = 0, IDENTICAL_ACCOUNT_GROUP = 1, @@ -32,7 +34,8 @@ enum AUTH_GROUP_TYPE { class AuthHandler { public: virtual bool CheckAccess( - int localUserId, int peerUserId, const std::string &peerDeviceId, int32_t authType, bool isSend = true); + int localUserId, int peerUserId, const std::string &peerDeviceId, + const std::string &peerDeviceId, const AclParams &aclParams); }; class AuthDelegate { -- Gitee From 153dbae767061f19525fb50f8dfd23b5b382e25d Mon Sep 17 00:00:00 2001 From: yangliu Date: Sat, 2 Nov 2024 19:11:27 +0800 Subject: [PATCH 02/17] update Signed-off-by: yangliu --- services/distributeddataservice/service/kvdb/auth_delegate.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.h b/services/distributeddataservice/service/kvdb/auth_delegate.h index 434389831..2e796c31a 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.h +++ b/services/distributeddataservice/service/kvdb/auth_delegate.h @@ -34,8 +34,7 @@ enum AUTH_GROUP_TYPE { class AuthHandler { public: virtual bool CheckAccess( - int localUserId, int peerUserId, const std::string &peerDeviceId, - const std::string &peerDeviceId, const AclParams &aclParams); + int localUserId, int peerUserId, const std::string &peerDeviceId, const AclParams &aclParams); }; class AuthDelegate { -- Gitee From f2b41aa9c7168c6c3777f9facf24629627b6195b Mon Sep 17 00:00:00 2001 From: yangliu Date: Sat, 2 Nov 2024 19:35:44 +0800 Subject: [PATCH 03/17] update Signed-off-by: yangliu --- .../app/src/session_manager/session_manager.cpp | 6 +++--- .../app/src/session_manager/session_manager.h | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.cpp b/services/distributeddataservice/app/src/session_manager/session_manager.cpp index c613182b5..8e869217d 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.cpp +++ b/services/distributeddataservice/app/src/session_manager/session_manager.cpp @@ -103,7 +103,7 @@ bool SessionManager::GetAuthParams(const SessionPoint &from, const std::string & } } else { if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ targetDeviceId }), metaData)) { - ZLOGW("load meta failed, deviceId:%{public}s", Anonymous::Change(ftargetDeviceId).c_str()); + ZLOGW("load meta failed, deviceId:%{public}s", Anonymous::Change(targetDeviceId).c_str()); return false; } for (const auto &storeMeta : metaData) { @@ -125,7 +125,7 @@ bool SessionManager::GetAuthParams(const SessionPoint &from, const std::string & if (aclParams.accCaller.bundleName.empty() || metaData.empty()) { ZLOGE("none bundleName or metadata, appId:%{public}s, isSendStatus:%{public}d, metaData size:%{public}zu", - from.appId.c_str, aclParams.isSendStatus, metaData.size()); + from.appId.c_str(), aclParams.isSendStatus, metaData.size()); } return true; } @@ -133,7 +133,7 @@ bool SessionManager::GetAuthParams(const SessionPoint &from, const std::string & bool SessionManager::CheckSession(const SessionPoint &from, const SessionPoint &to) const { AclParams aclParams; - aclParams.isSendStatus = false + aclParams.isSendStatus = false; if (!GetAuthParams(from, to.deviceId, aclParams, to.userId)) { return false; } diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.h b/services/distributeddataservice/app/src/session_manager/session_manager.h index 5933cd51f..bd7fb2300 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.h +++ b/services/distributeddataservice/app/src/session_manager/session_manager.h @@ -51,7 +51,7 @@ public: Session GetSession(const SessionPoint &from, const std::string &targetDeviceId) const; bool CheckSession(const SessionPoint &from, const SessionPoint &to) const; private: - bool GetAuthParams(const SessionPoint &from, std::string &targetDeviceId, + bool GetAuthParams(const SessionPoint &from, const std::string &targetDeviceId, AclParams &aclParams, int peerUser = 0) const; }; } // namespace OHOS::DistributedData -- Gitee From 2d8c0b4206a3102a1326a132c8558f68736dea5d Mon Sep 17 00:00:00 2001 From: yangliu Date: Sat, 2 Nov 2024 21:23:10 +0800 Subject: [PATCH 04/17] update Signed-off-by: yangliu --- .../app/src/session_manager/session_manager.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.cpp b/services/distributeddataservice/app/src/session_manager/session_manager.cpp index 8e869217d..0fad09c7d 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.cpp +++ b/services/distributeddataservice/app/src/session_manager/session_manager.cpp @@ -116,7 +116,7 @@ bool SessionManager::GetAuthParams(const SessionPoint &from, const std::string & aclParams.accCallee.accountId = accountId; aclParams.accCallee.userId = peerUser; - aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(ftargetDeviceId); + aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId); aclParams.authType = storeMeta.authType; break; } -- Gitee From a0686f9dbcf1d80ec608e3da2b68741b706cac7d Mon Sep 17 00:00:00 2001 From: yangliu Date: Thu, 7 Nov 2024 16:04:50 +0800 Subject: [PATCH 05/17] update Signed-off-by: yangliu --- .../service/test/kvdb_service_test.cpp | 27 ++++++++++--------- 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/services/distributeddataservice/service/test/kvdb_service_test.cpp b/services/distributeddataservice/service/test/kvdb_service_test.cpp index 29eca7560..c060e02a6 100644 --- a/services/distributeddataservice/service/test/kvdb_service_test.cpp +++ b/services/distributeddataservice/service/test/kvdb_service_test.cpp @@ -657,29 +657,32 @@ HWTEST_F(AuthHandlerTest, AuthHandler, TestSize.Level0) int localUserId = 0; int peerUserId = 0; std::string peerDeviceId = ""; - int32_t authType = static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT); + AclParams aclParams; + aclParams.isSendStatus = false; + aclParams.authType = static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT); bool isSend = false; - auto result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, authType, isSend); - EXPECT_FALSE(result); - authType = static_cast(DistributedKv::AuthType::DEFAULT); - result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, authType, isSend); + auto result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, aclParams); + EXPECT_TRUE(result); + + aclParams.authType = static_cast(DistributedKv::AuthType::DEFAULT); + result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, aclParams); EXPECT_TRUE(result); - authType = static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT); + aclParams.authType = static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT); peerDeviceId = "peerDeviceId"; - result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, authType, isSend); - EXPECT_FALSE(result); + result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, aclParams); + EXPECT_TRUE(result); - authType = static_cast(DistributedKv::AuthType::DEFAULT); - result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, authType, isSend); + aclParams.authType = static_cast(DistributedKv::AuthType::DEFAULT); + result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, aclParams); EXPECT_TRUE(result); localUserId = 1; - result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, authType, isSend); + result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, aclParams); EXPECT_FALSE(result); peerUserId = 1; - result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, authType, isSend); + result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, aclParams); EXPECT_FALSE(result); } } // namespace DistributedDataTest -- Gitee From 8f0f8ad0fe364ce2882d2d90e8e8b735bda272ab Mon Sep 17 00:00:00 2001 From: yangliu Date: Thu, 7 Nov 2024 16:22:53 +0800 Subject: [PATCH 06/17] update Signed-off-by: yangliu --- .../distributeddataservice/service/test/kvdb_service_test.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/services/distributeddataservice/service/test/kvdb_service_test.cpp b/services/distributeddataservice/service/test/kvdb_service_test.cpp index c060e02a6..31960b3b1 100644 --- a/services/distributeddataservice/service/test/kvdb_service_test.cpp +++ b/services/distributeddataservice/service/test/kvdb_service_test.cpp @@ -660,7 +660,6 @@ HWTEST_F(AuthHandlerTest, AuthHandler, TestSize.Level0) AclParams aclParams; aclParams.isSendStatus = false; aclParams.authType = static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT); - bool isSend = false; auto result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, aclParams); EXPECT_TRUE(result); -- Gitee From 35a1d269ff9faebf77d745c3606a3dc1233fd32c Mon Sep 17 00:00:00 2001 From: yangliu Date: Thu, 7 Nov 2024 20:25:19 +0800 Subject: [PATCH 07/17] update Signed-off-by: yangliu --- .../app/src/session_manager/session_manager.cpp | 7 ++++--- .../service/kvdb/auth_delegate.cpp | 9 +++++---- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.cpp b/services/distributeddataservice/app/src/session_manager/session_manager.cpp index 0fad09c7d..3256ae328 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.cpp +++ b/services/distributeddataservice/app/src/session_manager/session_manager.cpp @@ -123,9 +123,10 @@ bool SessionManager::GetAuthParams(const SessionPoint &from, const std::string & } } - if (aclParams.accCaller.bundleName.empty() || metaData.empty()) { - ZLOGE("none bundleName or metadata, appId:%{public}s, isSendStatus:%{public}d, metaData size:%{public}zu", - from.appId.c_str(), aclParams.isSendStatus, metaData.size()); + if (metaData.empty()) { + ZLOGE("not find metadata,appId:%{public}s,isSendStatus:%{public}d,localDevId:%{public}d,tarDevid:%{public}d", + from.appId.c_str(), aclParams.isSendStatus, Anonymous::Change(from.deviceId).c_str(), + Anonymous::Change(targetDeviceId).c_str()); } return true; } diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.cpp b/services/distributeddataservice/service/kvdb/auth_delegate.cpp index b28128b15..792d85200 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.cpp +++ b/services/distributeddataservice/service/kvdb/auth_delegate.cpp @@ -82,11 +82,12 @@ bool AuthHandlerStub::CheckAccess(int localUserId, int peerUserId, const std::st } if (aclParams.authType == static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT) && - !DmAdapter::GetInstance().IsSameAccount(peerDeviceId)) { - ZLOGE("CheckAccess failed. not same"); - return false; + DmAdapter::GetInstance().IsSameAccount(peerDeviceId)) { + return CheckUsers(localUserId, peerDeviceId, peerDeviceId); } - return CheckUsers(localUserId, peerUserId, peerDeviceId); + ZLOGE("CheckAccess failed.bundleName:%{public}s,peerDeviceId:%{public}s,authtype:%{public}d", + aclParams.accCaller.bundleName.c_str(), Anonymous::Change(peerDeviceId).c_str(), aclParams.authType); + return false; } bool AuthHandlerStub::IsUserActive(const std::vector &users, int32_t userId) -- Gitee From 3411eff93b514c89a7188243f30f141d6b262d4a Mon Sep 17 00:00:00 2001 From: yangliu Date: Sat, 9 Nov 2024 17:55:17 +0800 Subject: [PATCH 08/17] update Signed-off-by: yangliu --- .../src/device_manager_adapter.cpp | 9 ++++++ .../communicator/device_manager_adapter.h | 1 + .../src/session_manager/session_manager.cpp | 28 +++++++++++++++---- .../app/src/session_manager/session_manager.h | 4 +++ .../service/kvdb/auth_delegate.cpp | 7 +++-- .../service/kvdb/auth_delegate.h | 3 +- 6 files changed, 43 insertions(+), 9 deletions(-) diff --git a/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp b/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp index 6dd873b0e..c938f8871 100644 --- a/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp +++ b/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp @@ -766,4 +766,13 @@ bool DeviceManagerAdapter::CheckAccessControl(const AccessCaller &accCaller, con .networkId = accCallee.networkId }; return DeviceManager::GetInstance().CheckAccessControl(dmAccessCaller, dmAccessCallee); } + +bool DeviceManagerAdapter::CheckIsSameAccount(const AccessCaller &accCaller, const AccessCallee &accCallee) +{ + DmAccessCaller dmAccessCaller = { .accountId = accCaller.accountId, .networkId = accCaller.networkId, + .userId = accCaller.userId }; + DmAccessCallee dmAccessCallee = { .userId = accCallee.userId, .accountId = accCallee.accountId, + .networkId = accCallee.networkId }; + return DeviceManager::GetInstance().CheckIsSameAccount(dmAccessCaller, dmAccessCallee); +} } // namespace OHOS::DistributedData diff --git a/services/distributeddataservice/adapter/include/communicator/device_manager_adapter.h b/services/distributeddataservice/adapter/include/communicator/device_manager_adapter.h index ad6421c41..fc2528ebf 100644 --- a/services/distributeddataservice/adapter/include/communicator/device_manager_adapter.h +++ b/services/distributeddataservice/adapter/include/communicator/device_manager_adapter.h @@ -81,6 +81,7 @@ public: int32_t GetAuthType(const std::string& id); bool IsSameAccount(const std::string &id); bool CheckAccessControl(const AccessCaller &accCaller, const AccessCallee &accCallee); + bool CheckIsSameAccount(const AccessCaller &accCaller, const AccessCallee &accCallee); friend class DataMgrDmStateCall; friend class NetConnCallbackObserver; diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.cpp b/services/distributeddataservice/app/src/session_manager/session_manager.cpp index 3256ae328..f8e1566f9 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.cpp +++ b/services/distributeddataservice/app/src/session_manager/session_manager.cpp @@ -64,15 +64,32 @@ Session SessionManager::GetSession(const SessionPoint &from, const std::string & if (!GetAuthParams(from, targetDeviceId, aclParams)) { return session; } + return GetTrustUsers(from, targetDeviceId, users, session, aclParams); +} +Session SessionManager::GetTrustUsers(const SessionPoint &from, const std::string &targetDeviceId, + const std::vector &users, const AclParams) const +{ + std::vector noAccountUsers {}; for (const auto &user : users) { + bool isSameAccountUser = true; bool isPermitted = AuthDelegate::GetInstance()->CheckAccess(from.userId, user.id, - targetDeviceId, aclParams); + targetDeviceId, aclParams, isSameAccountUser); ZLOGI("access to peer user %{public}d is %{public}d", user.id, isPermitted); if (isPermitted) { - auto it = std::find(session.targetUserIds.begin(), session.targetUserIds.end(), user.id); - if (it == session.targetUserIds.end()) { - session.targetUserIds.push_back(user.id); + if (!isSameAccountUser) { + auto it = std::find(noAccountUsers.begin(), noAccountUsers.end(), user.id); + if (it == noAccountUsers.end()) { + noAccountUsers.push_back(user.id); + } + } else { + auto it = std::find(session.targetUserIds.begin(), session.targetUserIds.end(), user.id); + if (it == session.targetUserIds.end()) { + session.targetUserIds.push_back(user.id); + } + } + if (!noAccountUsers.empty()) { + session.targetUserIds.insert(session.targetUserIds.end(), noAccountUsers.begin(), noAccountUsers.end()); } } } @@ -138,7 +155,8 @@ bool SessionManager::CheckSession(const SessionPoint &from, const SessionPoint & if (!GetAuthParams(from, to.deviceId, aclParams, to.userId)) { return false; } - return AuthDelegate::GetInstance()->CheckAccess(from.userId, to.userId, to.deviceId, aclParams); + bool isSameAccountUser = true; + return AuthDelegate::GetInstance()->CheckAccess(from.userId, to.userId, to.deviceId, aclParams, isSameAccountUser); } bool Session::Marshal(json &node) const diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.h b/services/distributeddataservice/app/src/session_manager/session_manager.h index bd7fb2300..0c7e30450 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.h +++ b/services/distributeddataservice/app/src/session_manager/session_manager.h @@ -21,8 +21,10 @@ #include "serializable/serializable.h" #include "commu_types.h" +#include "metadata/user_meta_data.h" namespace OHOS::DistributedData { using AclParams = OHOS::AppDistributedKv::AclParams; +using DistributedData::UserStatus; struct SessionPoint { std::string deviceId; uint32_t userId; @@ -53,6 +55,8 @@ public: private: bool GetAuthParams(const SessionPoint &from, const std::string &targetDeviceId, AclParams &aclParams, int peerUser = 0) const; + Session SessionManager::GetTrustUsers(const SessionPoint &from, const std::string &targetDeviceId, + const std::vector &users, const AclParams) const; }; } // namespace OHOS::DistributedData diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.cpp b/services/distributeddataservice/service/kvdb/auth_delegate.cpp index 792d85200..57a8acef2 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.cpp +++ b/services/distributeddataservice/service/kvdb/auth_delegate.cpp @@ -32,7 +32,7 @@ public: // override for mock auth in current version, need remove in the future bool CheckAccess( int localUserId, int peerUserId, const std::string &peerDeviceId, - const AclParams &aclParams) override; + const AclParams &aclParams, bool &isSameAccountUser) override; private: bool IsUserActive(const std::vector &users, int32_t userId); bool CheckUsers(int localUserId, int peerUserId, const std::string &peerDeviceId); @@ -58,7 +58,7 @@ bool AuthHandlerStub::CheckUsers(int localUserId, int peerUserId, const std::str } bool AuthHandlerStub::CheckAccess(int localUserId, int peerUserId, const std::string &peerDeviceId, - const AclParams &aclParams) + const AclParams &aclParams, bool &isSameAccountUser) { if (!DmAdapter::GetInstance().IsOHOSType(peerDeviceId)) { return CheckUsers(localUserId, peerUserId, peerDeviceId); @@ -70,10 +70,11 @@ bool AuthHandlerStub::CheckAccess(int localUserId, int peerUserId, const std::st if (!CheckUsers(localUserId, peerUserId, peerDeviceId)) { return false; } - if (DmAdapter::GetInstance().IsSameAccount(peerDeviceId)) { + if (DmAdapter::GetInstance().CheckIsSameAccount(aclParams.accCaller, aclParams.accCallee)) { return true; } if (DmAdapter::GetInstance().CheckAccessControl(aclParams.accCaller, aclParams.accCallee)) { + isSameAccountUser = false; return true; } ZLOGE("CheckAccess failed. bundleName:%{public}s, localUser:%{public}d, peerUser:%{public}d", diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.h b/services/distributeddataservice/service/kvdb/auth_delegate.h index 2e796c31a..7d32fe5b7 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.h +++ b/services/distributeddataservice/service/kvdb/auth_delegate.h @@ -34,7 +34,8 @@ enum AUTH_GROUP_TYPE { class AuthHandler { public: virtual bool CheckAccess( - int localUserId, int peerUserId, const std::string &peerDeviceId, const AclParams &aclParams); + int localUserId, int peerUserId, const std::string &peerDeviceId, + const AclParams &aclParams, bool &isSameAccountUser); }; class AuthDelegate { -- Gitee From 786a5747e3c3fb76119906e715349a61fc632e69 Mon Sep 17 00:00:00 2001 From: yangliu Date: Sat, 9 Nov 2024 21:17:46 +0800 Subject: [PATCH 09/17] update Signed-off-by: yangliu --- .../include/communicator/commu_types.h | 1 - .../src/session_manager/session_manager.cpp | 128 +++++++++--------- .../app/src/session_manager/session_manager.h | 8 +- .../service/kvdb/auth_delegate.cpp | 36 +++-- .../service/kvdb/auth_delegate.h | 5 +- .../service/test/kvdb_service_test.cpp | 13 +- 6 files changed, 90 insertions(+), 101 deletions(-) diff --git a/services/distributeddataservice/adapter/include/communicator/commu_types.h b/services/distributeddataservice/adapter/include/communicator/commu_types.h index 9625f7db5..6b1f1af69 100644 --- a/services/distributeddataservice/adapter/include/communicator/commu_types.h +++ b/services/distributeddataservice/adapter/include/communicator/commu_types.h @@ -46,7 +46,6 @@ struct API_EXPORT AccessCallee { struct API_EXPORT AclParams { AccessCaller accCaller; AccessCallee accCallee; - bool isSendStatus = true; int32_t authType = 0; }; diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.cpp b/services/distributeddataservice/app/src/session_manager/session_manager.cpp index f8e1566f9..66c9e9ab7 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.cpp +++ b/services/distributeddataservice/app/src/session_manager/session_manager.cpp @@ -61,89 +61,83 @@ Session SessionManager::GetSession(const SessionPoint &from, const std::string & } AclParams aclParams; - if (!GetAuthParams(from, targetDeviceId, aclParams)) { + if (!GetSendAuthParams(from, targetDeviceId, aclParams)) { return session; } - return GetTrustUsers(from, targetDeviceId, users, session, aclParams); -} - -Session SessionManager::GetTrustUsers(const SessionPoint &from, const std::string &targetDeviceId, - const std::vector &users, const AclParams) const -{ - std::vector noAccountUsers {}; for (const auto &user : users) { - bool isSameAccountUser = true; - bool isPermitted = AuthDelegate::GetInstance()->CheckAccess(from.userId, user.id, - targetDeviceId, aclParams, isSameAccountUser); - ZLOGI("access to peer user %{public}d is %{public}d", user.id, isPermitted); - if (isPermitted) { - if (!isSameAccountUser) { - auto it = std::find(noAccountUsers.begin(), noAccountUsers.end(), user.id); - if (it == noAccountUsers.end()) { - noAccountUsers.push_back(user.id); - } - } else { - auto it = std::find(session.targetUserIds.begin(), session.targetUserIds.end(), user.id); - if (it == session.targetUserIds.end()) { - session.targetUserIds.push_back(user.id); - } + auto permittedPair = AuthDelegate::GetInstance()->CheckAccess(from.userId, user.id, targetDeviceId, aclParams); + if (permittedPair.first) { + auto it = std::find(session.targetUserIds.begin(), session.targetUserIds.end(), user.id); + if (it == session.targetUserIds.end() && permittedPair.second) { + session.targetUserIds.insert(session.targetUserIds.begin(), user.id); } - if (!noAccountUsers.empty()) { - session.targetUserIds.insert(session.targetUserIds.end(), noAccountUsers.begin(), noAccountUsers.end()); + if (it == session.targetUserIds.end() && !permittedPair.second) { + session.targetUserIds.push_back(user.id); } } } - ZLOGD("end"); + ZLOGI("access to peer user:%{public}d", session.targetUserIds[0]); return session; } -bool SessionManager::GetAuthParams(const SessionPoint &from, const std::string &targetDeviceId, - AclParams &aclParams, int32_t peerUser) const +bool SessionManager::GetSendAuthParams(const SessionPoint &from, const std::string &targetDeviceId, + AclParams &aclParams) const { std::vector metaData; - if (aclParams.isSendStatus) { - if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ from.deviceId }), metaData)) { - ZLOGW("load meta failed, deviceId:%{public}s", Anonymous::Change(from.deviceId).c_str()); - return false; - } - for (const auto &storeMeta : metaData) { - if (storeMeta.appId == from.appId && storeMeta.storeId == from.storeId) { - aclParams.accCaller.bundleName = storeMeta.bundleName; - aclParams.accCaller.accountId = AccountDelegate::GetInstance()->GetCurrentAccountId(); - aclParams.accCaller.userId = from.userId; - aclParams.accCaller.networkId = DmAdapter::GetInstance().ToNetworkID(from.deviceId); + if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ from.deviceId, + std::to_string(from.userId) }), metaData)) { + ZLOGE("load meta failed, deviceId:%{public}s, user:%{public}d", + Anonymous::Change(from.deviceId).c_str(),from.userId); + return false; + } + for (const auto &storeMeta : metaData) { + if (storeMeta.appId == from.appId && storeMeta.storeId == from.storeId) { + aclParams.accCaller.bundleName = storeMeta.bundleName; + aclParams.accCaller.accountId = AccountDelegate::GetInstance()->GetCurrentAccountId(); + aclParams.accCaller.userId = from.userId; + aclParams.accCaller.networkId = DmAdapter::GetInstance().ToNetworkID(from.deviceId); - aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId); - aclParams.authType = storeMeta.authType; - break; - } - } - } else { - if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ targetDeviceId }), metaData)) { - ZLOGW("load meta failed, deviceId:%{public}s", Anonymous::Change(targetDeviceId).c_str()); - return false; + aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId); + aclParams.authType = storeMeta.authType; + break; } - for (const auto &storeMeta : metaData) { - if (storeMeta.appId == from.appId) { - auto accountId = AccountDelegate::GetInstance()->GetCurrentAccountId(); - aclParams.accCaller.bundleName = storeMeta.bundleName; - aclParams.accCaller.accountId = accountId; - aclParams.accCaller.userId = from.userId; - aclParams.accCaller.networkId = DmAdapter::GetInstance().ToNetworkID(from.deviceId); + } + if (metaData.empty()) { + ZLOGE("not find metadata,appId:%{public}s,localDevId:%{public}d,tarDevid:%{public}d", from.appId.c_str(), + Anonymous::Change(from.deviceId).c_str(), Anonymous::Change(targetDeviceId).c_str()); + } + return true; +} - aclParams.accCallee.accountId = accountId; - aclParams.accCallee.userId = peerUser; - aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId); - aclParams.authType = storeMeta.authType; - break; - } +bool SessionManager::GetRecvAuthParams(const SessionPoint &from, const std::string &targetDeviceId, + AclParams &aclParams, int32_t peerUser) const +{ + std::vector metaData; + if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ targetDeviceId, + std::to_string(peerUser) }), metaData)) { + ZLOGE("load meta failed, deviceId:%{public}s, user:%{public}d", + Anonymous::Change(targetDeviceId).c_str(), peerUser); + return false; + } + for (const auto &storeMeta : metaData) { + if (storeMeta.appId == from.appId) { + auto accountId = AccountDelegate::GetInstance()->GetCurrentAccountId(); + aclParams.accCaller.bundleName = storeMeta.bundleName; + aclParams.accCaller.accountId = accountId; + aclParams.accCaller.userId = from.userId; + aclParams.accCaller.networkId = DmAdapter::GetInstance().ToNetworkID(from.deviceId); + + aclParams.accCallee.accountId = accountId; + aclParams.accCallee.userId = peerUser; + aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId); + aclParams.authType = storeMeta.authType; + break; } } if (metaData.empty()) { - ZLOGE("not find metadata,appId:%{public}s,isSendStatus:%{public}d,localDevId:%{public}d,tarDevid:%{public}d", - from.appId.c_str(), aclParams.isSendStatus, Anonymous::Change(from.deviceId).c_str(), - Anonymous::Change(targetDeviceId).c_str()); + ZLOGE("not find metadata,appId:%{public}s,localDevId:%{public}d,tarDevid:%{public}d", from.appId.c_str(), + Anonymous::Change(from.deviceId).c_str(), Anonymous::Change(targetDeviceId).c_str()); } return true; } @@ -152,11 +146,11 @@ bool SessionManager::CheckSession(const SessionPoint &from, const SessionPoint & { AclParams aclParams; aclParams.isSendStatus = false; - if (!GetAuthParams(from, to.deviceId, aclParams, to.userId)) { + if (!GetRecvAuthParams(from, to.deviceId, aclParams, to.userId)) { return false; } - bool isSameAccountUser = true; - return AuthDelegate::GetInstance()->CheckAccess(from.userId, to.userId, to.deviceId, aclParams, isSameAccountUser); + auto permittedPair = AuthDelegate::GetInstance()->CheckAccess(from.userId, to.userId, to.deviceId, aclParams); + return permittedPair.first; } bool Session::Marshal(json &node) const diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.h b/services/distributeddataservice/app/src/session_manager/session_manager.h index 0c7e30450..df16d8598 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.h +++ b/services/distributeddataservice/app/src/session_manager/session_manager.h @@ -53,10 +53,10 @@ public: Session GetSession(const SessionPoint &from, const std::string &targetDeviceId) const; bool CheckSession(const SessionPoint &from, const SessionPoint &to) const; private: - bool GetAuthParams(const SessionPoint &from, const std::string &targetDeviceId, - AclParams &aclParams, int peerUser = 0) const; - Session SessionManager::GetTrustUsers(const SessionPoint &from, const std::string &targetDeviceId, - const std::vector &users, const AclParams) const; + bool GetSendAuthParams(const SessionPoint &from, const std::string &targetDeviceId, + AclParams &aclParams) const; + bool GetRecvAuthParams(const SessionPoint &from, const std::string &targetDeviceId, + AclParams &aclParams, int peerUser) const; }; } // namespace OHOS::DistributedData diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.cpp b/services/distributeddataservice/service/kvdb/auth_delegate.cpp index 57a8acef2..21a5893ee 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.cpp +++ b/services/distributeddataservice/service/kvdb/auth_delegate.cpp @@ -30,9 +30,8 @@ using DmAdapter = OHOS::DistributedData::DeviceManagerAdapter; class AuthHandlerStub : public AuthHandler { public: // override for mock auth in current version, need remove in the future - bool CheckAccess( - int localUserId, int peerUserId, const std::string &peerDeviceId, - const AclParams &aclParams, bool &isSameAccountUser) override; + std::pair CheckAccess(int localUserId, int peerUserId, const std::string &peerDeviceId, + const AclParams &aclParams) override; private: bool IsUserActive(const std::vector &users, int32_t userId); bool CheckUsers(int localUserId, int peerUserId, const std::string &peerDeviceId); @@ -57,38 +56,37 @@ bool AuthHandlerStub::CheckUsers(int localUserId, int peerUserId, const std::str return peerUserId != SYSTEM_USER && IsUserActive(localUsers, localUserId) && IsUserActive(peerUsers, peerUserId); } -bool AuthHandlerStub::CheckAccess(int localUserId, int peerUserId, const std::string &peerDeviceId, - const AclParams &aclParams, bool &isSameAccountUser) +std::pair AuthHandlerStub::CheckAccess(int localUserId, int peerUserId, const std::string &peerDeviceId, + const AclParams &aclParams) { + if (IsSystemUser(localUserId, peerUserId)) { + return std::make_pair(true, false); + } + if (!CheckUsers(localUserId, peerUserId, peerDeviceId)) { + return std::make_pair(false, false); + } if (!DmAdapter::GetInstance().IsOHOSType(peerDeviceId)) { - return CheckUsers(localUserId, peerUserId, peerDeviceId); + return std::make_pair(true, false); } if (aclParams.authType == static_cast(DistributedKv::AuthType::DEFAULT)) { - if (IsSystemUser(localUserId, peerUserId)) { - return true; - } - if (!CheckUsers(localUserId, peerUserId, peerDeviceId)) { - return false; - } if (DmAdapter::GetInstance().CheckIsSameAccount(aclParams.accCaller, aclParams.accCallee)) { - return true; + return std::make_pair(true, true); } if (DmAdapter::GetInstance().CheckAccessControl(aclParams.accCaller, aclParams.accCallee)) { - isSameAccountUser = false; - return true; + return std::make_pair(true, false); } ZLOGE("CheckAccess failed. bundleName:%{public}s, localUser:%{public}d, peerUser:%{public}d", aclParams.accCaller.bundleName.c_str(), localUserId, peerUserId); - return false; + return std::make_pair(false, false); } if (aclParams.authType == static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT) && - DmAdapter::GetInstance().IsSameAccount(peerDeviceId)) { - return CheckUsers(localUserId, peerDeviceId, peerDeviceId); + auto isSameAccount = DmAdapter::GetInstance().CheckIsSameAccount(aclParams.accCaller, aclParams.accCallee)) { + return std::make_pair(isSameAccount, true); } ZLOGE("CheckAccess failed.bundleName:%{public}s,peerDeviceId:%{public}s,authtype:%{public}d", aclParams.accCaller.bundleName.c_str(), Anonymous::Change(peerDeviceId).c_str(), aclParams.authType); - return false; + return std::make_pair(false, false); } bool AuthHandlerStub::IsUserActive(const std::vector &users, int32_t userId) diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.h b/services/distributeddataservice/service/kvdb/auth_delegate.h index 7d32fe5b7..170623ebd 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.h +++ b/services/distributeddataservice/service/kvdb/auth_delegate.h @@ -33,9 +33,8 @@ enum AUTH_GROUP_TYPE { class AuthHandler { public: - virtual bool CheckAccess( - int localUserId, int peerUserId, const std::string &peerDeviceId, - const AclParams &aclParams, bool &isSameAccountUser); + virtual std::pair CheckAccess(int localUserId, int peerUserId, + const std::string &peerDeviceId, const AclParams &aclParams, bool &isSameAccountUser); }; class AuthDelegate { diff --git a/services/distributeddataservice/service/test/kvdb_service_test.cpp b/services/distributeddataservice/service/test/kvdb_service_test.cpp index 31960b3b1..edac1475e 100644 --- a/services/distributeddataservice/service/test/kvdb_service_test.cpp +++ b/services/distributeddataservice/service/test/kvdb_service_test.cpp @@ -658,31 +658,30 @@ HWTEST_F(AuthHandlerTest, AuthHandler, TestSize.Level0) int peerUserId = 0; std::string peerDeviceId = ""; AclParams aclParams; - aclParams.isSendStatus = false; aclParams.authType = static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT); auto result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, aclParams); - EXPECT_TRUE(result); + EXPECT_TRUE(result.first); aclParams.authType = static_cast(DistributedKv::AuthType::DEFAULT); result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, aclParams); - EXPECT_TRUE(result); + EXPECT_TRUE(result.first); aclParams.authType = static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT); peerDeviceId = "peerDeviceId"; result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, aclParams); - EXPECT_TRUE(result); + EXPECT_TRUE(result.first); aclParams.authType = static_cast(DistributedKv::AuthType::DEFAULT); result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, aclParams); - EXPECT_TRUE(result); + EXPECT_TRUE(result.first); localUserId = 1; result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, aclParams); - EXPECT_FALSE(result); + EXPECT_FALSE(result.first); peerUserId = 1; result = AuthDelegate::GetInstance()->CheckAccess(localUserId, peerUserId, peerDeviceId, aclParams); - EXPECT_FALSE(result); + EXPECT_FALSE(result.first); } } // namespace DistributedDataTest } // namespace OHOS::Test \ No newline at end of file -- Gitee From cf952ee7f680663866aa152e597e2309fa294044 Mon Sep 17 00:00:00 2001 From: yangliu Date: Sat, 9 Nov 2024 21:27:14 +0800 Subject: [PATCH 10/17] update Signed-off-by: yangliu --- .../app/src/session_manager/session_manager.cpp | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.cpp b/services/distributeddataservice/app/src/session_manager/session_manager.cpp index 66c9e9ab7..a869e0bbe 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.cpp +++ b/services/distributeddataservice/app/src/session_manager/session_manager.cpp @@ -87,7 +87,7 @@ bool SessionManager::GetSendAuthParams(const SessionPoint &from, const std::stri if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ from.deviceId, std::to_string(from.userId) }), metaData)) { ZLOGE("load meta failed, deviceId:%{public}s, user:%{public}d", - Anonymous::Change(from.deviceId).c_str(),from.userId); + Anonymous::Change(from.deviceId).c_str(), from.userId); return false; } for (const auto &storeMeta : metaData) { @@ -103,8 +103,9 @@ bool SessionManager::GetSendAuthParams(const SessionPoint &from, const std::stri } } if (metaData.empty()) { - ZLOGE("not find metadata,appId:%{public}s,localDevId:%{public}d,tarDevid:%{public}d", from.appId.c_str(), - Anonymous::Change(from.deviceId).c_str(), Anonymous::Change(targetDeviceId).c_str()); + ZLOGE("not find metadata,appId:%{public}s,localDevId:%{public}d,tarDevid:%{public}d,user:%{public}d,", + from.appId.c_str(), Anonymous::Change(from.deviceId).c_str(), + Anonymous::Change(targetDeviceId).c_str(), from.userId); } return true; } @@ -136,8 +137,9 @@ bool SessionManager::GetRecvAuthParams(const SessionPoint &from, const std::stri } if (metaData.empty()) { - ZLOGE("not find metadata,appId:%{public}s,localDevId:%{public}d,tarDevid:%{public}d", from.appId.c_str(), - Anonymous::Change(from.deviceId).c_str(), Anonymous::Change(targetDeviceId).c_str()); + ZLOGE("not find metadata,appId:%{public}s,tarDevid:%{public}d,user:%{public}d,peer:%{public}d", + from.appId.c_str(), Anonymous::Change(from.deviceId).c_str(), + Anonymous::Change(targetDeviceId).c_str(), from.userId, peerUser); } return true; } -- Gitee From c7a414e4785976cf687351d28ee950da1bf2946c Mon Sep 17 00:00:00 2001 From: yangliu Date: Sat, 9 Nov 2024 22:05:39 +0800 Subject: [PATCH 11/17] update Signed-off-by: yangliu --- .../src/session_manager/session_manager.cpp | 19 ++++++++----------- .../service/kvdb/auth_delegate.cpp | 2 +- .../service/kvdb/auth_delegate.h | 2 +- 3 files changed, 10 insertions(+), 13 deletions(-) diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.cpp b/services/distributeddataservice/app/src/session_manager/session_manager.cpp index a869e0bbe..295e47809 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.cpp +++ b/services/distributeddataservice/app/src/session_manager/session_manager.cpp @@ -84,10 +84,9 @@ bool SessionManager::GetSendAuthParams(const SessionPoint &from, const std::stri AclParams &aclParams) const { std::vector metaData; - if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ from.deviceId, - std::to_string(from.userId) }), metaData)) { - ZLOGE("load meta failed, deviceId:%{public}s, user:%{public}d", - Anonymous::Change(from.deviceId).c_str(), from.userId); + if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ from.deviceId }), metaData)) { + ZLOGE("load meta failed, deviceId:%{public}s, user:%{public}d", Anonymous::Change(from.deviceId).c_str(), + from.userId); return false; } for (const auto &storeMeta : metaData) { @@ -103,7 +102,7 @@ bool SessionManager::GetSendAuthParams(const SessionPoint &from, const std::stri } } if (metaData.empty()) { - ZLOGE("not find metadata,appId:%{public}s,localDevId:%{public}d,tarDevid:%{public}d,user:%{public}d,", + ZLOGE("not find metadata,appId:%{public}s,localDevId:%{public}s,tarDevid:%{public}s,user:%{public}d,", from.appId.c_str(), Anonymous::Change(from.deviceId).c_str(), Anonymous::Change(targetDeviceId).c_str(), from.userId); } @@ -114,10 +113,9 @@ bool SessionManager::GetRecvAuthParams(const SessionPoint &from, const std::stri AclParams &aclParams, int32_t peerUser) const { std::vector metaData; - if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ targetDeviceId, - std::to_string(peerUser) }), metaData)) { - ZLOGE("load meta failed, deviceId:%{public}s, user:%{public}d", - Anonymous::Change(targetDeviceId).c_str(), peerUser); + if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ targetDeviceId }), metaData)) { + ZLOGE("load meta failed, deviceId:%{public}s, user:%{public}d", Anonymous::Change(targetDeviceId).c_str(), + peerUser); return false; } for (const auto &storeMeta : metaData) { @@ -137,7 +135,7 @@ bool SessionManager::GetRecvAuthParams(const SessionPoint &from, const std::stri } if (metaData.empty()) { - ZLOGE("not find metadata,appId:%{public}s,tarDevid:%{public}d,user:%{public}d,peer:%{public}d", + ZLOGE("not find metadata,appId:%{public}s,tarDevid:%{public}s,user:%{public}s,peer:%{public}d", from.appId.c_str(), Anonymous::Change(from.deviceId).c_str(), Anonymous::Change(targetDeviceId).c_str(), from.userId, peerUser); } @@ -147,7 +145,6 @@ bool SessionManager::GetRecvAuthParams(const SessionPoint &from, const std::stri bool SessionManager::CheckSession(const SessionPoint &from, const SessionPoint &to) const { AclParams aclParams; - aclParams.isSendStatus = false; if (!GetRecvAuthParams(from, to.deviceId, aclParams, to.userId)) { return false; } diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.cpp b/services/distributeddataservice/service/kvdb/auth_delegate.cpp index 21a5893ee..f8cec4ecf 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.cpp +++ b/services/distributeddataservice/service/kvdb/auth_delegate.cpp @@ -82,7 +82,7 @@ std::pair AuthHandlerStub::CheckAccess(int localUserId, int peerUser if (aclParams.authType == static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT) && auto isSameAccount = DmAdapter::GetInstance().CheckIsSameAccount(aclParams.accCaller, aclParams.accCallee)) { - return std::make_pair(isSameAccount, true); + return std::make_pair(isSameAccount, true); } ZLOGE("CheckAccess failed.bundleName:%{public}s,peerDeviceId:%{public}s,authtype:%{public}d", aclParams.accCaller.bundleName.c_str(), Anonymous::Change(peerDeviceId).c_str(), aclParams.authType); diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.h b/services/distributeddataservice/service/kvdb/auth_delegate.h index 170623ebd..199b7e745 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.h +++ b/services/distributeddataservice/service/kvdb/auth_delegate.h @@ -34,7 +34,7 @@ enum AUTH_GROUP_TYPE { class AuthHandler { public: virtual std::pair CheckAccess(int localUserId, int peerUserId, - const std::string &peerDeviceId, const AclParams &aclParams, bool &isSameAccountUser); + const std::string &peerDeviceId, const AclParams &aclParams); }; class AuthDelegate { -- Gitee From a79976fbc50cf2b79637c3e482b47f7410044f12 Mon Sep 17 00:00:00 2001 From: yangliu Date: Sat, 9 Nov 2024 22:22:38 +0800 Subject: [PATCH 12/17] update Signed-off-by: yangliu --- .../app/src/session_manager/session_manager.cpp | 5 ++--- .../distributeddataservice/service/kvdb/auth_delegate.cpp | 4 ++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.cpp b/services/distributeddataservice/app/src/session_manager/session_manager.cpp index 295e47809..015988a30 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.cpp +++ b/services/distributeddataservice/app/src/session_manager/session_manager.cpp @@ -135,9 +135,8 @@ bool SessionManager::GetRecvAuthParams(const SessionPoint &from, const std::stri } if (metaData.empty()) { - ZLOGE("not find metadata,appId:%{public}s,tarDevid:%{public}s,user:%{public}s,peer:%{public}d", - from.appId.c_str(), Anonymous::Change(from.deviceId).c_str(), - Anonymous::Change(targetDeviceId).c_str(), from.userId, peerUser); + ZLOGE("not find metadata,appId:%{public}s,tarDevid:%{public}s,user:%{public}d,peer:%{public}d", + from.appId.c_str(), Anonymous::Change(targetDeviceId).c_str(), from.userId, peerUser); } return true; } diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.cpp b/services/distributeddataservice/service/kvdb/auth_delegate.cpp index f8cec4ecf..2b54d4e96 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.cpp +++ b/services/distributeddataservice/service/kvdb/auth_delegate.cpp @@ -80,8 +80,8 @@ std::pair AuthHandlerStub::CheckAccess(int localUserId, int peerUser return std::make_pair(false, false); } - if (aclParams.authType == static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT) && - auto isSameAccount = DmAdapter::GetInstance().CheckIsSameAccount(aclParams.accCaller, aclParams.accCallee)) { + if (aclParams.authType == static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT)) { + auto isSameAccount = DmAdapter::GetInstance().CheckIsSameAccount(aclParams.accCaller, aclParams.accCallee); return std::make_pair(isSameAccount, true); } ZLOGE("CheckAccess failed.bundleName:%{public}s,peerDeviceId:%{public}s,authtype:%{public}d", -- Gitee From 78722a5abc6dfe0ea76fd0ed24bab691747b09f2 Mon Sep 17 00:00:00 2001 From: yangliu Date: Sat, 9 Nov 2024 22:55:52 +0800 Subject: [PATCH 13/17] update Signed-off-by: yangliu --- .../src/session_manager/session_manager.cpp | 38 +++++++++---------- .../service/kvdb/auth_delegate.cpp | 2 +- 2 files changed, 19 insertions(+), 21 deletions(-) diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.cpp b/services/distributeddataservice/app/src/session_manager/session_manager.cpp index 015988a30..c6bf27624 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.cpp +++ b/services/distributeddataservice/app/src/session_manager/session_manager.cpp @@ -62,21 +62,22 @@ Session SessionManager::GetSession(const SessionPoint &from, const std::string & AclParams aclParams; if (!GetSendAuthParams(from, targetDeviceId, aclParams)) { + ZLOGE("get send auth params failed:%{public}s", Anonymous::Change(targetDeviceId).c_str()); return session; } for (const auto &user : users) { - auto permittedPair = AuthDelegate::GetInstance()->CheckAccess(from.userId, user.id, targetDeviceId, aclParams); - if (permittedPair.first) { + auto [isPermitted, isSameAccount] = AuthDelegate::GetInstance()->CheckAccess(from.userId, user.id, targetDeviceId, aclParams); + if (isPermitted) { auto it = std::find(session.targetUserIds.begin(), session.targetUserIds.end(), user.id); - if (it == session.targetUserIds.end() && permittedPair.second) { + if (it == session.targetUserIds.end() && isSameAccount) { session.targetUserIds.insert(session.targetUserIds.begin(), user.id); } - if (it == session.targetUserIds.end() && !permittedPair.second) { + if (it == session.targetUserIds.end() && !isSameAccount) { session.targetUserIds.push_back(user.id); } } } - ZLOGI("access to peer user:%{public}d", session.targetUserIds[0]); + ZLOGD("access to peer user:%{public}d", session.targetUserIds[0]); return session; } @@ -98,15 +99,13 @@ bool SessionManager::GetSendAuthParams(const SessionPoint &from, const std::stri aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId); aclParams.authType = storeMeta.authType; - break; + return true; } } - if (metaData.empty()) { - ZLOGE("not find metadata,appId:%{public}s,localDevId:%{public}s,tarDevid:%{public}s,user:%{public}d,", - from.appId.c_str(), Anonymous::Change(from.deviceId).c_str(), - Anonymous::Change(targetDeviceId).c_str(), from.userId); - } - return true; + ZLOGE("get params failed,appId:%{public}s,localDevId:%{public}s,tarDevid:%{public}s,user:%{public}d,", + from.appId.c_str(), Anonymous::Change(from.deviceId).c_str(), + Anonymous::Change(targetDeviceId).c_str(), from.userId); + return false; } bool SessionManager::GetRecvAuthParams(const SessionPoint &from, const std::string &targetDeviceId, @@ -130,15 +129,13 @@ bool SessionManager::GetRecvAuthParams(const SessionPoint &from, const std::stri aclParams.accCallee.userId = peerUser; aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId); aclParams.authType = storeMeta.authType; - break; + return true; } } - if (metaData.empty()) { - ZLOGE("not find metadata,appId:%{public}s,tarDevid:%{public}s,user:%{public}d,peer:%{public}d", - from.appId.c_str(), Anonymous::Change(targetDeviceId).c_str(), from.userId, peerUser); - } - return true; + ZLOGE("get params failed,appId:%{public}s,tarDevid:%{public}s,user:%{public}d,peer:%{public}d", + from.appId.c_str(), Anonymous::Change(targetDeviceId).c_str(), from.userId, peerUser); + return false; } bool SessionManager::CheckSession(const SessionPoint &from, const SessionPoint &to) const @@ -147,8 +144,9 @@ bool SessionManager::CheckSession(const SessionPoint &from, const SessionPoint & if (!GetRecvAuthParams(from, to.deviceId, aclParams, to.userId)) { return false; } - auto permittedPair = AuthDelegate::GetInstance()->CheckAccess(from.userId, to.userId, to.deviceId, aclParams); - return permittedPair.first; + auto [isPermitted, isSameAccount] = AuthDelegate::GetInstance()->CheckAccess(from.userId, + to.userId, to.deviceId, aclParams); + return isPermitted; } bool Session::Marshal(json &node) const diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.cpp b/services/distributeddataservice/service/kvdb/auth_delegate.cpp index 2b54d4e96..af3d931f9 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.cpp +++ b/services/distributeddataservice/service/kvdb/auth_delegate.cpp @@ -82,7 +82,7 @@ std::pair AuthHandlerStub::CheckAccess(int localUserId, int peerUser if (aclParams.authType == static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT)) { auto isSameAccount = DmAdapter::GetInstance().CheckIsSameAccount(aclParams.accCaller, aclParams.accCallee); - return std::make_pair(isSameAccount, true); + return std::make_pair(true, isSameAccount); } ZLOGE("CheckAccess failed.bundleName:%{public}s,peerDeviceId:%{public}s,authtype:%{public}d", aclParams.accCaller.bundleName.c_str(), Anonymous::Change(peerDeviceId).c_str(), aclParams.authType); -- Gitee From f5aa1fe343878b1c7a08ffa0231eb5c5f094e995 Mon Sep 17 00:00:00 2001 From: yangliu Date: Sat, 9 Nov 2024 22:59:42 +0800 Subject: [PATCH 14/17] update Signed-off-by: yangliu --- services/distributeddataservice/service/kvdb/auth_delegate.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.cpp b/services/distributeddataservice/service/kvdb/auth_delegate.cpp index af3d931f9..fedc0dc1a 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.cpp +++ b/services/distributeddataservice/service/kvdb/auth_delegate.cpp @@ -82,7 +82,7 @@ std::pair AuthHandlerStub::CheckAccess(int localUserId, int peerUser if (aclParams.authType == static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT)) { auto isSameAccount = DmAdapter::GetInstance().CheckIsSameAccount(aclParams.accCaller, aclParams.accCallee); - return std::make_pair(true, isSameAccount); + return std::make_pair(isSameAccount, isSameAccount); } ZLOGE("CheckAccess failed.bundleName:%{public}s,peerDeviceId:%{public}s,authtype:%{public}d", aclParams.accCaller.bundleName.c_str(), Anonymous::Change(peerDeviceId).c_str(), aclParams.authType); -- Gitee From 4717434dd334e6e54ca482a36561dee17b2ec868 Mon Sep 17 00:00:00 2001 From: yangliu Date: Sat, 9 Nov 2024 23:10:05 +0800 Subject: [PATCH 15/17] update Signed-off-by: yangliu --- .../adapter/communicator/src/device_manager_adapter.cpp | 2 +- .../adapter/include/communicator/device_manager_adapter.h | 2 +- .../distributeddataservice/service/kvdb/auth_delegate.cpp | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp b/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp index c938f8871..7fe1e98be 100644 --- a/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp +++ b/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp @@ -767,7 +767,7 @@ bool DeviceManagerAdapter::CheckAccessControl(const AccessCaller &accCaller, con return DeviceManager::GetInstance().CheckAccessControl(dmAccessCaller, dmAccessCallee); } -bool DeviceManagerAdapter::CheckIsSameAccount(const AccessCaller &accCaller, const AccessCallee &accCallee) +bool DeviceManagerAdapter::IsSameAccount(const AccessCaller &accCaller, const AccessCallee &accCallee) { DmAccessCaller dmAccessCaller = { .accountId = accCaller.accountId, .networkId = accCaller.networkId, .userId = accCaller.userId }; diff --git a/services/distributeddataservice/adapter/include/communicator/device_manager_adapter.h b/services/distributeddataservice/adapter/include/communicator/device_manager_adapter.h index fc2528ebf..7edbd0fd1 100644 --- a/services/distributeddataservice/adapter/include/communicator/device_manager_adapter.h +++ b/services/distributeddataservice/adapter/include/communicator/device_manager_adapter.h @@ -80,8 +80,8 @@ public: NetworkType GetNetworkType(bool retrieve = false); int32_t GetAuthType(const std::string& id); bool IsSameAccount(const std::string &id); + bool IsSameAccount(const AccessCaller &accCaller, const AccessCallee &accCallee); bool CheckAccessControl(const AccessCaller &accCaller, const AccessCallee &accCallee); - bool CheckIsSameAccount(const AccessCaller &accCaller, const AccessCallee &accCallee); friend class DataMgrDmStateCall; friend class NetConnCallbackObserver; diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.cpp b/services/distributeddataservice/service/kvdb/auth_delegate.cpp index fedc0dc1a..234a1698c 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.cpp +++ b/services/distributeddataservice/service/kvdb/auth_delegate.cpp @@ -69,7 +69,7 @@ std::pair AuthHandlerStub::CheckAccess(int localUserId, int peerUser return std::make_pair(true, false); } if (aclParams.authType == static_cast(DistributedKv::AuthType::DEFAULT)) { - if (DmAdapter::GetInstance().CheckIsSameAccount(aclParams.accCaller, aclParams.accCallee)) { + if (DmAdapter::GetInstance().IsSameAccount(aclParams.accCaller, aclParams.accCallee)) { return std::make_pair(true, true); } if (DmAdapter::GetInstance().CheckAccessControl(aclParams.accCaller, aclParams.accCallee)) { @@ -81,7 +81,7 @@ std::pair AuthHandlerStub::CheckAccess(int localUserId, int peerUser } if (aclParams.authType == static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT)) { - auto isSameAccount = DmAdapter::GetInstance().CheckIsSameAccount(aclParams.accCaller, aclParams.accCallee); + auto isSameAccount = DmAdapter::GetInstance().IsSameAccount(aclParams.accCaller, aclParams.accCallee); return std::make_pair(isSameAccount, isSameAccount); } ZLOGE("CheckAccess failed.bundleName:%{public}s,peerDeviceId:%{public}s,authtype:%{public}d", -- Gitee From d20f7603875cfb783093b72556a0506e73e78c0c Mon Sep 17 00:00:00 2001 From: yangliu Date: Sat, 9 Nov 2024 23:11:55 +0800 Subject: [PATCH 16/17] update Signed-off-by: yangliu --- .../app/src/session_manager/session_manager.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.cpp b/services/distributeddataservice/app/src/session_manager/session_manager.cpp index c6bf27624..2b74e4ba4 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.cpp +++ b/services/distributeddataservice/app/src/session_manager/session_manager.cpp @@ -142,6 +142,7 @@ bool SessionManager::CheckSession(const SessionPoint &from, const SessionPoint & { AclParams aclParams; if (!GetRecvAuthParams(from, to.deviceId, aclParams, to.userId)) { + ZLOGE("get recv auth params failed:%{public}s", Anonymous::Change(to.deviceId).c_str()); return false; } auto [isPermitted, isSameAccount] = AuthDelegate::GetInstance()->CheckAccess(from.userId, -- Gitee From 5a4b41a7ebc36c04657f8e1007855f13223977cd Mon Sep 17 00:00:00 2001 From: yangliu Date: Sat, 9 Nov 2024 23:25:58 +0800 Subject: [PATCH 17/17] update Signed-off-by: yangliu --- .../app/src/session_manager/session_manager.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.cpp b/services/distributeddataservice/app/src/session_manager/session_manager.cpp index 2b74e4ba4..cc3258017 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.cpp +++ b/services/distributeddataservice/app/src/session_manager/session_manager.cpp @@ -66,7 +66,8 @@ Session SessionManager::GetSession(const SessionPoint &from, const std::string & return session; } for (const auto &user : users) { - auto [isPermitted, isSameAccount] = AuthDelegate::GetInstance()->CheckAccess(from.userId, user.id, targetDeviceId, aclParams); + auto [isPermitted, isSameAccount] = AuthDelegate::GetInstance()->CheckAccess(from.userId, user.id, + targetDeviceId, aclParams); if (isPermitted) { auto it = std::find(session.targetUserIds.begin(), session.targetUserIds.end(), user.id); if (it == session.targetUserIds.end() && isSameAccount) { -- Gitee