diff --git a/bundle.json b/bundle.json index 9b733e5fd82ad63250397b738b6c6b2cfc88763d..c2bfb3b6f49c6cfb9d23e1916de933f4eab3054e 100644 --- a/bundle.json +++ b/bundle.json @@ -112,7 +112,8 @@ "disk.h", "volume_core.h", "volume_external.h", - "storage_service_errno.h" + "storage_service_errno.h", + "storage_service_constants.h" ], "header_base": "//foundation/filemanagement/storage_service/interfaces/innerkits/storage_manager/native" } diff --git a/interfaces/innerkits/storage_manager/native/storage_service_constants.h b/interfaces/innerkits/storage_manager/native/storage_service_constants.h new file mode 100644 index 0000000000000000000000000000000000000000..8c4d43c68237cab0510ed63b8ad681119d328bc3 --- /dev/null +++ b/interfaces/innerkits/storage_manager/native/storage_service_constants.h @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OHOS_STORAGE_SERVICE_CONSTANTS_H +#define OHOS_STORAGE_SERVICE_CONSTANTS_H + +namespace OHOS { +namespace StorageService { +enum EncryptionLevel { + EL1_SYS_KEY = 0, + EL1_USER_KEY = 1, + EL2_USER_KEY = 2, + EL3_USER_KEY = 3, + EL4_USER_KEY = 4, +}; +} +} // OHOS + +#endif // OHOS_STORAGE_POLICE_CONSTANT_H \ No newline at end of file diff --git a/interfaces/innerkits/storage_manager/native/storage_service_errno.h b/interfaces/innerkits/storage_manager/native/storage_service_errno.h index f65d67bd9b439cd89317fbc87e09a1512815caf1..359a10797e781dfb120ffe3ca7a39a02f930244e 100644 --- a/interfaces/innerkits/storage_manager/native/storage_service_errno.h +++ b/interfaces/innerkits/storage_manager/native/storage_service_errno.h @@ -48,9 +48,11 @@ enum ErrNo { E_FORK = STORAGE_SERVICE_SYS_CAP_TAG + 18, E_WIFEXITED = STORAGE_SERVICE_SYS_CAP_TAG + 19, E_WEXITSTATUS = STORAGE_SERVICE_SYS_CAP_TAG + 20, - E_DURATION_EXCEED_THRESH = STORAGE_SERVICE_SYS_CAP_TAG + 21, - E_CALCULATE_OVERFLOW_UP = STORAGE_SERVICE_SYS_CAP_TAG + 22, - + E_NOT_DIR_PATH = STORAGE_SERVICE_SYS_CAP_TAG + 21, + E_NON_ACCESS = STORAGE_SERVICE_SYS_CAP_TAG + 22, + E_DURATION_EXCEED_THRESH = STORAGE_SERVICE_SYS_CAP_TAG + 23, + E_CALCULATE_OVERFLOW_UP = STORAGE_SERVICE_SYS_CAP_TAG + 24, + // 密钥管理 13600201 ~ 13600700 E_SET_POLICY = STORAGE_SERVICE_SYS_CAP_TAG + 201, E_USERID_RANGE = STORAGE_SERVICE_SYS_CAP_TAG + 202, diff --git a/services/common/include/storage_service_constant.h b/services/common/include/storage_service_constant.h index 06187811276b9c116e13c855e4c2ca74929e155a..889ead8a7fa48dcf02b3da1f5fe2ec863953e250 100644 --- a/services/common/include/storage_service_constant.h +++ b/services/common/include/storage_service_constant.h @@ -32,6 +32,7 @@ const int32_t ZERO_USER_MIN_UID = 20000; const int32_t ZERO_USER_MAX_UID = 65535; const int MAX_APP_INDEX = 5; const int PRIORITY_LEVEL = -20; +const int ANCO_SA_UID = 7558; } namespace StorageDaemon { @@ -63,6 +64,9 @@ static const std::string FILE_AUTHORITY = "docs"; static const std::string MEDIALIBRARY_NAME = "com.ohos.medialibrary.medialibrarydata"; static const std::string MEDIA_FUSE_EL2 = "/data/storage/el2/media/"; +constexpr const char *ANCO_DIR = "/data/virt_service/rgm_hmos/anco_hmos_data/"; +constexpr const char *ANCO_MEDIA_PATH = "/data/virt_service/rgm_hmos/anco_hmos_data/media/0"; +constexpr const char *SERVICE_DIR_PATH = "/data/service/"; // backup stat file version static const std::string VER_10_LINE1 = "version=1.0&attrNum=8"; static const std::string VER_10_LINE2 = "path;mode;dir;size;mtime;hash;isIncremental;encodeFlag"; @@ -87,6 +91,7 @@ enum KeyType { EL4_KEY = 4, EL5_KEY = 5, }; + static std::map EL_DIR_MAP = { {EL1, EL1_KEY}, {EL2, EL2_KEY}, diff --git a/services/storage_daemon/IStorageDaemon.idl b/services/storage_daemon/IStorageDaemon.idl index fd61e2b891228916ce4f2ba73b41c7ad02ee673e..4b1b9932f517780734cb585105b68c1a5eeddfb7 100644 --- a/services/storage_daemon/IStorageDaemon.idl +++ b/services/storage_daemon/IStorageDaemon.idl @@ -87,4 +87,5 @@ interface OHOS.StorageDaemon.IStorageDaemon{ [ipccode 57] void CreateUserDir([in] String path, [in] unsigned int mode, [in] unsigned int uid, [in] unsigned int gid); [ipccode 58] void DeleteUserDir([in] String path); + [ipccode 59] void SetDirEncryptionPolicy([in] unsigned int userId, [in] String dirPath, [in] unsigned int level); } \ No newline at end of file diff --git a/services/storage_daemon/client/include/storage_daemon_client.h b/services/storage_daemon/client/include/storage_daemon_client.h index dfc5d928453c5a715e1f4b064da62427b7c8a794..60a6a4776c9dc007fa79e8915d9f1953139c2a4c 100644 --- a/services/storage_daemon/client/include/storage_daemon_client.h +++ b/services/storage_daemon/client/include/storage_daemon_client.h @@ -72,6 +72,7 @@ public: // file lock static int32_t IsFileOccupied(const std::string &path, const std::vector &inputList, std::vector &outputList, bool &isOccupy); + static int32_t SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, uint32_t level); private: static sptr GetStorageDaemonProxy(void); diff --git a/services/storage_daemon/client/storage_daemon_client.cpp b/services/storage_daemon/client/storage_daemon_client.cpp index f1808378b2e6ded3da2a96353816382eec7931b1..155f5667020787fb6e285ae75ad1c43815acc547 100644 --- a/services/storage_daemon/client/storage_daemon_client.cpp +++ b/services/storage_daemon/client/storage_daemon_client.cpp @@ -98,6 +98,22 @@ int32_t StorageDaemonClient::CheckServiceStatus(uint32_t serviceFlags) return E_OK; } +int32_t StorageDaemonClient::SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, uint32_t level) +{ + LOGI("Enter SetDirEncryptionPolicy!"); + auto status = CheckServiceStatus(STORAGE_SERVICE_FLAG); + if (status != E_OK) { + LOGE("service check failed"); + return status; + } + sptr client = GetStorageDaemonProxy(); + if (client == nullptr) { + LOGE("Get StorageDaemon service failed!"); + return E_SA_IS_NULLPTR; + } + return client->SetDirEncryptionPolicy(userId, dirPath, level); +} + int32_t StorageDaemonClient::PrepareUserDirs(int32_t userId, uint32_t flags) { LOGI("StorageDaemonClient::PrepareUserDirs, userId:%{public}d, flags:%{public}u", userId, flags); diff --git a/services/storage_daemon/client/test/storage_daemon_client_sub_test.cpp b/services/storage_daemon/client/test/storage_daemon_client_sub_test.cpp index 020a9c179fccac2bbcedfad6193b201ba76d6207..9ee3560f877bb294b24682e474030cbe2b5370f2 100644 --- a/services/storage_daemon/client/test/storage_daemon_client_sub_test.cpp +++ b/services/storage_daemon/client/test/storage_daemon_client_sub_test.cpp @@ -891,6 +891,40 @@ HWTEST_F(StorageDaemonClientTest, Storage_Service_StorageDaemonClientTest_UMount GTEST_LOG_(INFO) << "Storage_Service_StorageDaemonClientTest_UMountDfsDocs_001 end"; } + +/** +* @tc.name: Storage_Service_StorageDaemonClientTest_SetDirEncryptionPolicy_001 +* @tc.desc: Verify the SetDirEncryptionPolicy function. +* @tc.type: FUNC +* @tc.require: AR000GK4HB +*/ +HWTEST_F(StorageDaemonClientTest, Storage_Service_StorageDaemonClientTest_SetDirEncryptionPolicy_001, TestSize.Level1) +{ + GTEST_LOG_(INFO) << "Storage_Service_StorageDaemonClientTest_UMountFileMgrFuse_001 start"; + std::string dirPath = "/data/service/test"; + uint32_t userId = 100; + uint32_t type = 2; + EXPECT_CALL(*sa, GetSystemAbilityManager()).WillOnce(Return(sam)); + EXPECT_CALL(*sam, CheckSystemAbility(An(), An())).WillOnce(Return(sd)); + auto ret = StorageDaemonClient::SetDirEncryptionPolicy(userId, dirPath, type); + EXPECT_EQ(ret, E_SERVICE_IS_NULLPTR); + + EXPECT_CALL(*sa, GetSystemAbilityManager()).WillOnce(Return(sam)).WillOnce(Return(nullptr)); + EXPECT_CALL(*sam, CheckSystemAbility(An(), An())) + .WillOnce(DoAll(SetArgReferee<1>(true), Return(sd))); + ret = StorageDaemonClient::SetDirEncryptionPolicy(userId, dirPath, type); + EXPECT_EQ(ret, E_SA_IS_NULLPTR); + + EXPECT_CALL(*sa, GetSystemAbilityManager()).WillOnce(Return(sam)).WillOnce(Return(sam)); + EXPECT_CALL(*sam, CheckSystemAbility(An(), An())) + .WillOnce(DoAll(SetArgReferee<1>(true), Return(sd))); + EXPECT_CALL(*sam, GetSystemAbility(_)).WillOnce(Return(sd)); + EXPECT_CALL(*sd, SetDirEncryptionPolicy(_, _, _)).WillOnce(Return(E_OK)); + ret = StorageDaemonClient::SetDirEncryptionPolicy(userId, dirPath, type); + EXPECT_EQ(ret, E_OK); + GTEST_LOG_(INFO) << "Storage_Service_StorageDaemonClientTest_SetDirEncryptionPolicy_001 end"; +} + /** * @tc.name: Storage_Service_StorageDaemonClientTest_GetFileEncryptStatus_001 * @tc.desc: Verify the GetFileEncryptStatus function. diff --git a/services/storage_daemon/client/test/storage_daemon_client_test.cpp b/services/storage_daemon/client/test/storage_daemon_client_test.cpp index 38f979485f3e875bb06a46192b8212e3e08af23a..23428af9730344f56f1b789c602a1e6b402c694f 100644 --- a/services/storage_daemon/client/test/storage_daemon_client_test.cpp +++ b/services/storage_daemon/client/test/storage_daemon_client_test.cpp @@ -72,6 +72,25 @@ HWTEST_F(StorageDaemonClientTest, Storage_Service_StorageDaemonClientTest_Prepar GTEST_LOG_(INFO) << "Storage_Service_StorageDaemonClientTest_PrepareUserDirs_001 end"; } +/** + * @tc.name: Storage_Service_StorageDaemonClientTest_SetDirEncryptionPolicy_001 + * @tc.desc: Verify the SetDirEncryptionPolicy function when args are normal. + * @tc.type: FUNC + * @tc.require: AR000GK4HB + */ +HWTEST_F(StorageDaemonClientTest, Storage_Service_StorageDaemonClientTest_SetDirEncryptionPolicy_001, TestSize.Level1) +{ + GTEST_LOG_(INFO) << "Storage_Service_StorageDaemonClientTest_SetDirEncryptionPolicy_001 start"; + + ASSERT_TRUE(storageDaemonClient_ != nullptr); + uint32_t userId = 100; + std::string path = "1.txt"; + uint32_t type = 2; + int32_t ret = storageDaemonClient_->SetDirEncryptionPolicy(userId, path, type); + EXPECT_TRUE(ret == E_OK); + GTEST_LOG_(INFO) << "Storage_Service_StorageDaemonClientTest_SetDirEncryptionPolicy_001 end"; +} + /** * @tc.name: Storage_Service_StorageDaemonClientTest_StartUser_001 * @tc.desc: check the StartUser function when args are normal diff --git a/services/storage_daemon/crypto/src/fscrypt_key_v2.cpp b/services/storage_daemon/crypto/src/fscrypt_key_v2.cpp index f67cddcb1429d0e1f97a924e1056087f5c330e8b..d596262dc95b2d8661cc4345d46d728e814b8f06 100644 --- a/services/storage_daemon/crypto/src/fscrypt_key_v2.cpp +++ b/services/storage_daemon/crypto/src/fscrypt_key_v2.cpp @@ -41,7 +41,7 @@ int32_t FscryptKeyV2::ActiveKey(const KeyBlob &authToken, uint32_t flag, const s return err; } - if (!KeyCtrlInstallKey(mnt.c_str(), arg)) { + if (KeyCtrlInstallKey(mnt.c_str(), arg) != 0) { LOGE("InstallKey failed"); return E_KEY_CTRL_INSTALL_ERROR; } @@ -87,7 +87,7 @@ int32_t FscryptKeyV2::InactiveKey(uint32_t flag, const std::string &mnt) return ret; } - if (!KeyCtrlRemoveKey(mnt.c_str(), &arg)) { + if (KeyCtrlRemoveKey(mnt.c_str(), &arg) != 0) { return E_REMOVE_KEY_ERROR; } if (arg.removal_status_flags & FSCRYPT_KEY_REMOVAL_STATUS_FLAG_OTHER_USERS) { diff --git a/services/storage_daemon/crypto/src/key_manager.cpp b/services/storage_daemon/crypto/src/key_manager.cpp index 62fa8aac9ab4c9eefcdc1eb54a70c2eba6098b06..374b3e53b427cb2e5312c619a4f06dfc3179f9a4 100644 --- a/services/storage_daemon/crypto/src/key_manager.cpp +++ b/services/storage_daemon/crypto/src/key_manager.cpp @@ -1949,6 +1949,54 @@ int KeyManager::SetDirectoryElPolicy(unsigned int user, KeyType type, const std: return 0; } +int32_t KeyManager::SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, + StorageService::EncryptionLevel level) +{ + LOGI("KeyManager::SetDirEncryptionPolicy begin!"); + if (!KeyCtrlHasFscryptSyspara() || !IsEncryption()) { + LOGW("FscryptSyspara has not or encryption not enabled"); + return E_NOT_SUPPORT; + } + + bool isCeEncrypt = false; + auto ret = GetFileEncryptStatus(userId, isCeEncrypt); + if (ret != E_OK || isCeEncrypt) { + LOGE("User el2 has not decrypt, userId is %{public}u", userId); + return E_KEY_NOT_ACTIVED; + } + + std::string keyPath; + ret = ((level == EL1_SYS_KEY) || (level == EL1_USER_KEY)) ? getElxKeyPath(userId, EL1_KEY, keyPath) + : getElxKeyPath(userId, EL2_KEY, keyPath); + if (ret != E_OK) { + LOGE("GetkeyPath fail, userId is %{public}u, level is %{public}u", userId, level); + return ret; + } + + ret = LoadAndSetPolicy(keyPath.c_str(), dirPath.c_str()); + if (ret != E_OK) { + LOGE("SetDirEncryptionPolicy failed, userId is %{public}u, level is %{public}u", userId, level); + return ret; + } + + if (level == EL3_USER_KEY || level == EL4_USER_KEY) { + std::string eceSeceKeyPath; + KeyType tempType = level == EL3_USER_KEY ? EL3_KEY : EL4_KEY; + ret = getElxKeyPath(userId, tempType, eceSeceKeyPath); + if (ret != E_OK) { + LOGE("getkeyPath fail, userId is %{public}u, level is %{public}u", userId, level); + return ret; + } + ret = LoadAndSetEceAndSecePolicy(eceSeceKeyPath.c_str(), dirPath.c_str(), static_cast(level)); + if (ret != E_OK) { + LOGE("Set directory EceAndSece policy error!, userId is %{public}u, level is %{public}u", userId, level); + return ret; + } + } + LOGI("KeyManager::SetDirEncryptionPolicy success!"); + return E_OK; +} + int KeyManager::getElxKeyPath(unsigned int user, KeyType type, std::string &elxKeyPath) { std::string natoPath = GetNatoNeedRestorePath(user, type); diff --git a/services/storage_daemon/crypto/test/key_manager_mock.cpp b/services/storage_daemon/crypto/test/key_manager_mock.cpp index 08e3510897742ad5e605987c3582e5d9ed31b804..cddbcfc5d0cef917b0dce57d4f620d2014211698 100644 --- a/services/storage_daemon/crypto/test/key_manager_mock.cpp +++ b/services/storage_daemon/crypto/test/key_manager_mock.cpp @@ -42,10 +42,6 @@ int32_t KeyManager::DeleteUserKeys(unsigned int user) { return E_OK; } -int32_t KeyManager::UpdateUserAuth(unsigned int user, struct UserTokenSecret &userTokenSecret) -{ - return E_OK; -} int32_t KeyManager::UpdateUseAuthWithRecoveryKey(const std::vector &authToken, const std::vector &newSecret, uint64_t secureUid, uint32_t userId, @@ -54,6 +50,75 @@ int32_t KeyManager::UpdateUseAuthWithRecoveryKey(const std::vector &aut return E_OK; } + +#ifdef USER_CRYPTO_MIGRATE_KEY + +int KeyManager::RestoreUserKey(uint32_t userId, KeyType type) +{ + return E_OK; +} + +int KeyManager::UpdateUserAuth(unsigned int user, struct UserTokenSecret &userTokenSecret, + bool needGenerateShield) +{ + return E_OK; +} +#else +int KeyManager::UpdateUserAuth(unsigned int user, struct UserTokenSecret &userTokenSecret) +{ + return E_OK; +} +#endif + +std::string KeyManager::GetNatoNeedRestorePath(uint32_t userId, KeyType type) +{ + return ""; +} + +std::string KeyManager::GetKeyDirByUserAndType(unsigned int user, KeyType type) +{ + return ""; +} +std::string KeyManager::GetKeyDirByType(KeyType type) +{ + return ""; +} + +int KeyManager::TryToFixUserCeEceSeceKey(unsigned int userId, KeyType type, + const std::vector &token, + const std::vector &secret) +{ + return E_OK; +} +int KeyManager::TryToFixUeceKey(unsigned int userId, + const std::vector &token, + const std::vector &secret) +{ + return E_OK; +} +int KeyManager::ActiveElxUserKey4Nato(unsigned int user, KeyType type, const KeyBlob &authToken) +{ + return E_OK; +} + +#ifdef USER_CRYPTO_MIGRATE_KEY +int KeyManager::UpdateCeEceSeceUserAuth(unsigned int user, + struct UserTokenSecret &userTokenSecret, + KeyType type, bool needGenerateShield) +#else +int KeyManager::UpdateCeEceSeceUserAuth(unsigned int user, + struct UserTokenSecret &userTokenSecret, + KeyType type) +#endif +{ + return E_OK; +} + +int KeyManager::UpdateCeEceSeceKeyContext(uint32_t userId, KeyType type) +{ + return E_OK; +} + int32_t KeyManager::InActiveUserKey(unsigned int user) { return E_OK; @@ -123,6 +188,12 @@ int32_t KeyManager::SetDirectoryElPolicy(unsigned int user, KeyType type, return E_OK; } +int32_t KeyManager::SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, + StorageService::EncryptionLevel level) +{ + return E_OK; +} + int32_t KeyManager::UpdateKeyContext(uint32_t userId, bool needRemoveTmpKey) { return E_OK; diff --git a/services/storage_daemon/crypto/test/key_manager_test/key_manager_test.cpp b/services/storage_daemon/crypto/test/key_manager_test/key_manager_test.cpp index 6e5caa2dfdd600ed52213f2dbe641a97e675d323..41a1ba527a5aaaa7f4611edf819fa26aad033c17 100644 --- a/services/storage_daemon/crypto/test/key_manager_test/key_manager_test.cpp +++ b/services/storage_daemon/crypto/test/key_manager_test/key_manager_test.cpp @@ -28,6 +28,7 @@ #include "fscrypt_key_v2_mock.h" #include "fscrypt_key_v2.h" #include "key_control_mock.h" +#include "storage_service_constants.h" #include "storage_service_errno.h" #include "utils/file_utils.h" #include "mock/uece_activation_callback_mock.h" @@ -89,6 +90,63 @@ void KeyManagerTest::TearDown(void) GTEST_LOG_(INFO) << "TearDown Start"; } +/** + * @tc.name: KeyManager_SetDirEncryptionPolicy_001 + * @tc.desc: Verify the SetDirEncryptionPolicy function. + * @tc.type: FUNC + * @tc.require: IAHHWW + */ +HWTEST_F(KeyManagerTest, KeyManager_SetDirEncryptionPolicy_001, TestSize.Level1) +{ + GTEST_LOG_(INFO) << "KeyManager_SetDirEncryptionPolicy_001 Start"; + std::string dirPath = "/data/service/test"; + uint32_t userId = 100; + StorageService::EncryptionLevel type = StorageService::EL2_USER_KEY; + + EXPECT_CALL(*fscryptControlMock_, KeyCtrlHasFscryptSyspara()).WillOnce(Return(false)); + EXPECT_EQ(KeyManager::GetInstance().SetDirEncryptionPolicy(userId, dirPath, type), E_NOT_SUPPORT); + unsigned int user = 100; + shared_ptr elKey = make_shared("/data/test"); + + KeyManager::GetInstance().SaveUserElKey(user, EL1_KEY, elKey); + KeyManager::GetInstance().DeleteElKey(user, EL1_KEY); + EXPECT_CALL(*fscryptControlMock_, KeyCtrlHasFscryptSyspara()).WillOnce(Return(true)); + type = StorageService::EL1_USER_KEY; + EXPECT_EQ(KeyManager::GetInstance().SetDirEncryptionPolicy(userId, dirPath, type), -ENOENT); + + KeyManager::GetInstance().SaveUserElKey(user, EL2_KEY, elKey); + EXPECT_CALL(*fscryptControlMock_, KeyCtrlHasFscryptSyspara()).WillOnce(Return(true)); + EXPECT_CALL(*fscryptControlMock_, LoadAndSetPolicy(_, _)).WillOnce(Return(-1)); + type = StorageService::EL2_USER_KEY; + EXPECT_EQ(KeyManager::GetInstance().SetDirEncryptionPolicy(userId, dirPath, type), -1); + + KeyManager::GetInstance().SaveUserElKey(user, EL3_KEY, elKey); + KeyManager::GetInstance().DeleteElKey(user, EL3_KEY); + KeyManager::GetInstance().SaveUserElKey(user, EL2_KEY, elKey); + EXPECT_CALL(*fscryptControlMock_, KeyCtrlHasFscryptSyspara()).WillOnce(Return(true)); + EXPECT_CALL(*fscryptControlMock_, LoadAndSetPolicy(_, _)).WillOnce(Return(-1)); + type = StorageService::EL3_USER_KEY; + EXPECT_EQ(KeyManager::GetInstance().SetDirEncryptionPolicy(userId, dirPath, type), -1); + + KeyManager::GetInstance().SaveUserElKey(user, EL3_KEY, elKey); + KeyManager::GetInstance().DeleteElKey(user, EL3_KEY); + KeyManager::GetInstance().SaveUserElKey(user, EL2_KEY, elKey); + EXPECT_CALL(*fscryptControlMock_, KeyCtrlHasFscryptSyspara()).WillOnce(Return(true)); + EXPECT_CALL(*fscryptControlMock_, LoadAndSetPolicy(_, _)).WillOnce(Return(0)); + type = StorageService::EL3_USER_KEY; + EXPECT_EQ(KeyManager::GetInstance().SetDirEncryptionPolicy(userId, dirPath, type), -2); + + + KeyManager::GetInstance().SaveUserElKey(user, EL4_KEY, elKey); + KeyManager::GetInstance().SaveUserElKey(user, EL2_KEY, elKey); + EXPECT_CALL(*fscryptControlMock_, KeyCtrlHasFscryptSyspara()).WillOnce(Return(true)); + EXPECT_CALL(*fscryptControlMock_, LoadAndSetPolicy(_, _)).WillOnce(Return(-1)); + type = StorageService::EL4_USER_KEY; + EXPECT_EQ(KeyManager::GetInstance().SetDirEncryptionPolicy(userId, dirPath, type), -1); + + GTEST_LOG_(INFO) << "KeyManager_SetDirEncryptionPolicy_001 end"; +} + /** * @tc.name: KeyManager_GetBaseKey_001 * @tc.desc: Verify the GetBaseKey function. diff --git a/services/storage_daemon/include/crypto/key_manager.h b/services/storage_daemon/include/crypto/key_manager.h index fc0c6195ffed4094e299a6f4b95aaa4829487338..0e01b016e0274588abee29d4e07654b2012af68c 100644 --- a/services/storage_daemon/include/crypto/key_manager.h +++ b/services/storage_daemon/include/crypto/key_manager.h @@ -121,6 +121,8 @@ public: void DeleteElKey(unsigned int user, KeyType type); bool HasElkey(uint32_t userId, KeyType type); friend class KeyManagerExt; + int32_t SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, StorageService::EncryptionLevel level); + private: KeyManager() { diff --git a/services/storage_daemon/include/ipc/storage_daemon.h b/services/storage_daemon/include/ipc/storage_daemon.h index 8f2e9947814c30d6e80da006abe6efc10cc2e683..633e3e4c9c05cc5520e376f5858c480bd271812f 100644 --- a/services/storage_daemon/include/ipc/storage_daemon.h +++ b/services/storage_daemon/include/ipc/storage_daemon.h @@ -18,6 +18,7 @@ #include "system_ability_status_change_stub.h" #include "storage_service_constant.h" +#include "storage_service_constants.h" #include "storage_daemon_provider.h" namespace OHOS { namespace StorageDaemon { @@ -71,6 +72,7 @@ public: const std::vector &secret); int32_t SetRecoverKey(const std::vector &key); int32_t ResetSecretWithRecoveryKey(uint32_t userId, uint32_t rkType, const std::vector &key); + int32_t SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, uint32_t level); // app file share api int32_t GetFileEncryptStatus(uint32_t userId, bool &isEncrypted, bool needCheckDirMount = false); @@ -114,6 +116,8 @@ private: bool IsNeedRestorePathExist(uint32_t userId, bool needCheckEl1); int32_t RestoreOneUserKey(int32_t userId, KeyType type); #endif + int32_t IsDirPathSupport(const std::string &dirPath); + StorageService::EncryptionLevel UintToKeyType(uint32_t type); int32_t GetCryptoFlag(KeyType type, uint32_t &flags); int32_t GenerateKeyAndPrepareUserDirs(uint32_t userId, KeyType type, const std::vector &token, diff --git a/services/storage_daemon/include/ipc/storage_daemon_provider.h b/services/storage_daemon/include/ipc/storage_daemon_provider.h index 03b989c6729c68ac731a2715b0118a7f8f9cf952..c2ebe3ed1bc502d4edeb5d39c8c2d5099ab7ac8d 100644 --- a/services/storage_daemon/include/ipc/storage_daemon_provider.h +++ b/services/storage_daemon/include/ipc/storage_daemon_provider.h @@ -126,6 +126,7 @@ public: virtual int32_t InactiveUserPublicDirKey(uint32_t userId) override; virtual int32_t QueryOccupiedSpaceForSa(const std::string &storageStatus) override; virtual int32_t MountUsbFuse(const std::string &volumeId, std::string &fsUuid, int &fuseFd) override; + virtual int32_t SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, uint32_t level) override; virtual int32_t CreateUserDir(const std::string &path, mode_t mode, uid_t uid, gid_t gid) override; virtual int32_t DeleteUserDir(const std::string &path) override; diff --git a/services/storage_daemon/include/libfscrypt/key_control.h b/services/storage_daemon/include/libfscrypt/key_control.h index 8b4a9359499966602930004d42e713519154b520..d1ee96c92bac650d30b265f5c61b7b8eacabf5bd 100644 --- a/services/storage_daemon/include/libfscrypt/key_control.h +++ b/services/storage_daemon/include/libfscrypt/key_control.h @@ -107,14 +107,15 @@ long KeyCtrlSearch(key_serial_t ringId, const char *type, const char *descriptio long KeyCtrlUnlink(key_serial_t key, key_serial_t keyring); #ifdef SUPPORT_FSCRYPT_V2 -bool KeyCtrlInstallKey(const char *mnt, struct fscrypt_add_key_arg *arg); -bool KeyCtrlRemoveKey(const char *mnt, struct fscrypt_remove_key_arg *arg); -bool KeyCtrlGetKeyStatus(const char *mnt, struct fscrypt_get_key_status_arg *arg); -bool KeyCtrlGetPolicyEx(const char *path, struct fscrypt_get_policy_ex_arg *policy); +int KeyCtrlInstallKey(const char *mnt, struct fscrypt_add_key_arg *arg); +int KeyCtrlRemoveKey(const char *mnt, struct fscrypt_remove_key_arg *arg); +int KeyCtrlGetKeyStatus(const char *mnt, struct fscrypt_get_key_status_arg *arg); +int KeyCtrlGetPolicyEx(const char *path, struct fscrypt_get_policy_ex_arg *policy); #endif -bool KeyCtrlSetPolicy(const char *path, union FscryptPolicy *policy); -bool KeyCtrlGetPolicy(const char *path, struct fscrypt_policy *policy); +int KeyCtrlSetPolicy(const char *path, union FscryptPolicy *policy); +int SetPolicyWithErrorCode(const char *path, union FscryptPolicy *policy); +int KeyCtrlGetPolicy(const char *path, struct fscrypt_policy *policy); uint8_t KeyCtrlGetFscryptVersion(const char *mnt); uint8_t KeyCtrlLoadVersion(const char *keyPath); diff --git a/services/storage_daemon/include/mock/key_control_mock.h b/services/storage_daemon/include/mock/key_control_mock.h index a04db9d9c75db837388e1629ac1b34cb26c9467d..8e763bd537914b83343b7ac41e543d07ec5b2d83 100644 --- a/services/storage_daemon/include/mock/key_control_mock.h +++ b/services/storage_daemon/include/mock/key_control_mock.h @@ -35,13 +35,13 @@ public: virtual long KeyCtrlUnlink(key_serial_t, key_serial_t) = 0; virtual key_serial_t KeyCtrlAddAppAsdpKey(const char*, const char*, struct EncryptAsdpKey*, const key_serial_t) = 0; #ifdef SUPPORT_FSCRYPT_V2 - virtual bool KeyCtrlInstallKey(const char*, struct fscrypt_add_key_arg*) = 0; - virtual bool KeyCtrlRemoveKey(const char*, struct fscrypt_remove_key_arg*) = 0; - virtual bool KeyCtrlGetKeyStatus(const char*, struct fscrypt_get_key_status_arg*) = 0; - virtual bool KeyCtrlGetPolicyEx(const char*, struct fscrypt_get_policy_ex_arg*) = 0; + virtual int KeyCtrlInstallKey(const char*, struct fscrypt_add_key_arg*) = 0; + virtual int KeyCtrlRemoveKey(const char*, struct fscrypt_remove_key_arg*) = 0; + virtual int KeyCtrlGetKeyStatus(const char*, struct fscrypt_get_key_status_arg*) = 0; + virtual int KeyCtrlGetPolicyEx(const char*, struct fscrypt_get_policy_ex_arg*) = 0; #endif - virtual bool KeyCtrlSetPolicy(const char*, union FscryptPolicy*) = 0; - virtual bool KeyCtrlGetPolicy(const char*, struct fscrypt_policy*) = 0; + virtual int KeyCtrlSetPolicy(const char*, union FscryptPolicy*) = 0; + virtual int KeyCtrlGetPolicy(const char*, struct fscrypt_policy*) = 0; virtual uint8_t KeyCtrlLoadVersion(const char*) = 0; public: static inline std::shared_ptr keyControlMoc = nullptr; @@ -59,13 +59,13 @@ public: MOCK_METHOD(key_serial_t, KeyCtrlAddAppAsdpKey, (const char*, const char*, struct EncryptAsdpKey*, const key_serial_t)); #ifdef SUPPORT_FSCRYPT_V2 - MOCK_METHOD(bool, KeyCtrlInstallKey, (const char*, struct fscrypt_add_key_arg*)); - MOCK_METHOD(bool, KeyCtrlRemoveKey, (const char*, struct fscrypt_remove_key_arg*)); - MOCK_METHOD(bool, KeyCtrlGetKeyStatus, (const char*, struct fscrypt_get_key_status_arg*)); - MOCK_METHOD(bool, KeyCtrlGetPolicyEx, (const char*, struct fscrypt_get_policy_ex_arg*)); + MOCK_METHOD(int, KeyCtrlInstallKey, (const char*, struct fscrypt_add_key_arg*)); + MOCK_METHOD(int, KeyCtrlRemoveKey, (const char*, struct fscrypt_remove_key_arg*)); + MOCK_METHOD(int, KeyCtrlGetKeyStatus, (const char*, struct fscrypt_get_key_status_arg*)); + MOCK_METHOD(int, KeyCtrlGetPolicyEx, (const char*, struct fscrypt_get_policy_ex_arg*)); #endif - MOCK_METHOD(bool, KeyCtrlSetPolicy, (const char*, union FscryptPolicy*)); - MOCK_METHOD(bool, KeyCtrlGetPolicy, (const char*, struct fscrypt_policy*)); + MOCK_METHOD(int, KeyCtrlSetPolicy, (const char*, union FscryptPolicy*)); + MOCK_METHOD(int, KeyCtrlGetPolicy, (const char*, struct fscrypt_policy*)); MOCK_METHOD(uint8_t, KeyCtrlLoadVersion, (const char*)); }; } diff --git a/services/storage_daemon/include/utils/storage_radar.h b/services/storage_daemon/include/utils/storage_radar.h index b5b9bb4889ae1838e7abaa1f489c1e81c3fc74cf..2e528b6b55545b300d1bdae08ad9a11501fbc61d 100644 --- a/services/storage_daemon/include/utils/storage_radar.h +++ b/services/storage_daemon/include/utils/storage_radar.h @@ -92,6 +92,8 @@ enum class BizStage : int32_t { BIZ_STAGE_USER_MOUNT = 61, BIZ_STAGE_MTPFS_MTP_DEVICE = 71, + + BIZ_STAGE_NOT_PERMISSION = 81, }; struct RadarParameter { @@ -128,6 +130,8 @@ public: const std::string &extraData); static void ReportFbexResult(const std::string &funcName, uint32_t userId, int ret, const std::string &keyLevel, const std::string &extraData); + static void ReportCommonResult(const std::string &funcName, int32_t ret, unsigned int userId, + const std::string &extraData); static void ReportIamResult(const std::string &funcName, uint32_t userId, int ret); static void ReportHuksResult(const std::string &funcName, int ret); static void ReportMtpfsResult(const std::string &funcName, int ret); diff --git a/services/storage_daemon/ipc/src/storage_daemon.cpp b/services/storage_daemon/ipc/src/storage_daemon.cpp index 1a777f100f901c9f010c380dd00b9c3ea4a14ded..a03d8f7d98a628c24068dbdad64d692e239c1803 100644 --- a/services/storage_daemon/ipc/src/storage_daemon.cpp +++ b/services/storage_daemon/ipc/src/storage_daemon.cpp @@ -1321,5 +1321,82 @@ int StorageDaemon::UnregisterUeceActivationCallback() return E_OK; #endif } +int32_t StorageDaemon::SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, uint32_t level) +{ +#ifdef USER_CRYPTO_MIGRATE_KEY + LOGI("Enter StorageDaemon::SetDirEncryptionPolicy!"); + std::string extraData = "userId is:" + std::to_string(userId) + ", level is:" + std::to_string(level) + + ", path is:" + dirPath; + if (level < EL1_SYS_KEY || level > EL4_USER_KEY) { + StorageRadar::ReportCommonResult("SetDirEncryptionPolicy level is failed", userId, E_PARAMS_INVALID, extraData); + LOGE("level is wrong, level is %{public}u", level); + return E_PARAMS_INVALID; + } + + if (level == EL1_SYS_KEY && userId != GLOBAL_USER_ID) { + StorageRadar::ReportCommonResult("SetDirEncryptionPolicy setSysPolicy failed", userId, E_PARAMS_INVALID, + extraData); + LOGE("SysPolice must be root uid, level is %{public}u", level); + return E_PARAMS_INVALID; + } + StorageService::EncryptionLevel keyLevel = UintToKeyType(level); + LOGI("user id is : %{public}u, dir path is %{public}s, level is %{public}u", userId, dirPath.c_str(), level); + auto ret = IsDirPathSupport(dirPath); + if (ret != E_OK) { + StorageRadar::ReportCommonResult("SetDirEncryptionPolicy IsDirPathSupport file failed", userId, ret, extraData); + LOGE("IsDirPathSupport file failed, errNo %{public}d", ret); + return ret; + } + + ret = KeyManager::GetInstance().SetDirEncryptionPolicy(userId, dirPath, keyLevel); + if (ret != E_OK) { + StorageRadar::ReportCommonResult("StorageDaemon::SetDirEncryptionPolicy", userId, ret, extraData); + LOGE("VerifyAncoUserDirs file failed, errNo %{public}d", ret); + return ret; + } + + LOGI("StorageDaemon::SetDirEncryptionPolicy success."); + return ret; +#else + return E_NOT_SUPPORT; +#endif +} + +StorageService::EncryptionLevel StorageDaemon::UintToKeyType(uint32_t type) +{ + switch (type) { + case StorageService::EncryptionLevel::EL1_SYS_KEY: + return StorageService::EncryptionLevel::EL1_SYS_KEY; + case StorageService::EncryptionLevel::EL1_USER_KEY: + return StorageService::EncryptionLevel::EL1_USER_KEY; + case StorageService::EncryptionLevel::EL2_USER_KEY: + return StorageService::EncryptionLevel::EL2_USER_KEY; + case StorageService::EncryptionLevel::EL3_USER_KEY: + return StorageService::EncryptionLevel::EL3_USER_KEY; + case StorageService::EncryptionLevel::EL4_USER_KEY: + return StorageService::EncryptionLevel::EL4_USER_KEY; + default: + return StorageService::EncryptionLevel::EL1_SYS_KEY; + } +} + +int32_t StorageDaemon::IsDirPathSupport(const std::string &dirPath) +{ + LOGI("check path is %{public}s", dirPath.c_str()); + if (!IsDir(dirPath)) { + LOGE("dirPath is not dir, please create dir"); + return E_NOT_DIR_PATH; + } + if (access(dirPath.c_str(), F_OK) != 0) { + LOGE("dirPath is not exist, please create dir"); + return E_NON_ACCESS; + } + if (dirPath.find(ANCO_DIR) != 0) { + LOGE("dir is not permission."); + return E_PARAMS_INVALID; + } + + return E_OK; +} } // namespace StorageDaemon } // namespace OHOS diff --git a/services/storage_daemon/ipc/src/storage_daemon_provider.cpp b/services/storage_daemon/ipc/src/storage_daemon_provider.cpp index 38796faa577dd589fa3a9674981d4430b2f4281f..947d31a3e4f061ac6c4cea3473f0afad57796f3d 100644 --- a/services/storage_daemon/ipc/src/storage_daemon_provider.cpp +++ b/services/storage_daemon/ipc/src/storage_daemon_provider.cpp @@ -381,6 +381,15 @@ int32_t StorageDaemonProvider::DestroyUserDirs(int32_t userId, uint32_t flags) return err; } +int32_t StorageDaemonProvider::SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, uint32_t level) +{ + LOGI("SetDirEncryptionPolicy begin."); + int timerId = StorageXCollie::SetTimer("storage:SetDirEncryptionPolicy", LOCAL_TIME_OUT_SECONDS); + int32_t ret = StorageDaemon::GetInstance().SetDirEncryptionPolicy(userId, dirPath, level); + StorageXCollie::CancelTimer(timerId); + return ret; +} + int32_t StorageDaemonProvider::CompleteAddUser(int32_t userId) { int32_t err = StorageDaemon::GetInstance().CompleteAddUser(userId); diff --git a/services/storage_daemon/ipc/test/BUILD.gn b/services/storage_daemon/ipc/test/BUILD.gn index cc627f415be84f4fabb1937c87a1c29f94f49bf7..a4b9bee033fd296f8e12f34f326341eddba44539 100644 --- a/services/storage_daemon/ipc/test/BUILD.gn +++ b/services/storage_daemon/ipc/test/BUILD.gn @@ -30,6 +30,7 @@ ohos_unittest("storage_daemon_test") { "STORAGE_LOG_TAG = \"StorageDaemon\"", "LOG_DOMAIN = 0xD004301", "private = public", + "USER_CRYPTO_MIGRATE_KEY", ] if (storage_service_user_crypto_manager) { @@ -55,6 +56,8 @@ ohos_unittest("storage_daemon_test") { sources = [ "$ROOT_DIR/crypto/src/app_clone_key_manager.cpp", "$ROOT_DIR/crypto/src/key_backup.cpp", + "$ROOT_DIR/crypto/src/key_crypto_utils.cpp", + "$ROOT_DIR/crypto/src/iam_client.cpp", "$ROOT_DIR/crypto/test/key_manager_mock.cpp", "$ROOT_DIR/crypto/test/key_manager_ext_mock.cpp", "$ROOT_DIR/disk/src/disk_config.cpp", @@ -104,6 +107,7 @@ ohos_unittest("storage_daemon_test") { "init:libbegetutil", "ipc:ipc_single", "ipc:libdbinder", + "os_account:os_account_innerkits", "safwk:system_ability_fwk", "samgr:samgr_proxy", ] diff --git a/services/storage_daemon/ipc/test/storage_daemon_stub_mock.h b/services/storage_daemon/ipc/test/storage_daemon_stub_mock.h index 5d9d2250e1b2357058671a99aa7be6feee9df6d0..00ebaa5a5c379271bce4a82807f67c597ad656df 100644 --- a/services/storage_daemon/ipc/test/storage_daemon_stub_mock.h +++ b/services/storage_daemon/ipc/test/storage_daemon_stub_mock.h @@ -85,6 +85,7 @@ public: MOCK_METHOD3(MountUsbFuse, int32_t(const std::string &, std::string &, int &)); MOCK_METHOD1(RegisterUeceActivationCallback, int32_t(const sptr&)); MOCK_METHOD0(UnregisterUeceActivationCallback, int32_t(void)); + MOCK_METHOD3(SetDirEncryptionPolicy, int32_t(uint32_t, const std::string &, uint32_t)); MOCK_METHOD4(CreateUserDir, int32_t(const std::string &, mode_t, uid_t, gid_t)); MOCK_METHOD1(DeleteUserDir, int32_t(const std::string &)); }; diff --git a/services/storage_daemon/ipc/test/storage_daemon_test.cpp b/services/storage_daemon/ipc/test/storage_daemon_test.cpp index e49358a34797c9a87c3d8b3338c13f6f700dd0d1..3c1f34ce718b5d3e2928d07328821241b4e38353 100644 --- a/services/storage_daemon/ipc/test/storage_daemon_test.cpp +++ b/services/storage_daemon/ipc/test/storage_daemon_test.cpp @@ -43,6 +43,9 @@ public: void TearDown(); StorageDaemonProvider* storageDaemon_; + std::string virPath = "/data/virt_service/"; + std::string rgmPath = "/data/virt_service/rgm_hmos"; + std::string ancoDataPath = "/data/virt_service/rgm_hmos/anco_hmos_data/"; }; void StorageDaemonTest::SetUpTestCase(void) @@ -74,12 +77,17 @@ void StorageDaemonTest::SetUpTestCase(void) void StorageDaemonTest::SetUp() { + mode_t mode = 0771; + StorageTest::StorageTestUtils::MkDir(virPath, mode); + StorageTest::StorageTestUtils::MkDir(rgmPath, mode); + StorageTest::StorageTestUtils::MkDir(ancoDataPath, mode); storageDaemon_ = new StorageDaemonProvider(); StorageTest::StorageTestUtils::ClearTestResource(); } void StorageDaemonTest::TearDown(void) { + StorageTest::StorageTestUtils::RmDirRecurse(virPath); StorageTest::StorageTestUtils::ClearTestResource(); if (storageDaemon_ != nullptr) { delete storageDaemon_; @@ -598,5 +606,125 @@ HWTEST_F(StorageDaemonTest, Storage_Manager_StorageDaemonTest_InactiveUserPublic GTEST_LOG_(INFO) << "Storage_Manager_StorageDaemonTest_InactiveUserPublicDirKey_001 end"; } + +/** + * @tc.number: Storage_Manager_StorageDaemonTest_SetDirEncryptionPolicy_001 + * @tc.name: Storage_Manager_StorageDaemonTest_SetDirEncryptionPolicy_001 + * @tc.desc: Test function of VerifyAncoUserDirs interface for failed. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: SR000H0371 + */ +HWTEST_F(StorageDaemonTest, Storage_Manager_StorageDaemonTest_SetDirEncryptionPolicy_001, TestSize.Level1) +{ + GTEST_LOG_(INFO) << "Storage_Manager_StorageDaemonTest_SetDirEncryptionPolicy_001 start"; + ASSERT_TRUE(storageDaemon_ != nullptr); + mode_t mode = 0771; + std::string dirPath = "/data/virt_service/rgm_hmos/anco_hmos_data/test"; + auto ret_bool = StorageTest::StorageTestUtils::MkDir(dirPath, mode); + EXPECT_TRUE(ret_bool); + uint32_t userId = 100; + uint32_t type = 6; + auto ret = storageDaemon_->SetDirEncryptionPolicy(userId, dirPath, type); + EXPECT_TRUE(ret == E_PARAMS_INVALID); + userId = 2; + type = 0; + ret = storageDaemon_->SetDirEncryptionPolicy(userId, dirPath, type); + EXPECT_TRUE(ret == E_PARAMS_INVALID); + + + userId = 100; + type = 2; + ret = storageDaemon_->SetDirEncryptionPolicy(userId, dirPath, type); + EXPECT_TRUE(ret == E_OK); + + userId = 0; + type = 2; + ret = storageDaemon_->SetDirEncryptionPolicy(userId, dirPath, type); + EXPECT_TRUE(ret == E_OK); + userId = 0; + type = 0; + ret = storageDaemon_->SetDirEncryptionPolicy(userId, dirPath, type); + EXPECT_TRUE(ret == E_OK); + StorageTest::StorageTestUtils::RmDirRecurse(dirPath); + GTEST_LOG_(INFO) << "Storage_Manager_StorageDaemonTest_SetDirEncryptionPolicy_001 end"; +} + +/** + * @tc.name: Storage_Manager_StorageDaemonTest_UintToKeyType_001 + * @tc.desc: Verify the UintToKeyType function when args are normal. + * @tc.type: FUNC + * @tc.require: AR20250418146433 + */ +HWTEST_F(StorageDaemonTest, Storage_Manager_StorageDaemonTest_UintToKeyType_001, TestSize.Level1) +{ + GTEST_LOG_(INFO) << "Storage_Manager_StorageDaemonTest_UintToKeyType_001 start"; + + ASSERT_TRUE(storageDaemon_ != nullptr); + uint32_t type = 8; + StorageService::EncryptionLevel key = StorageDaemon::GetInstance().UintToKeyType(type); + EXPECT_EQ(key, 0); + + type = 0; + key = StorageDaemon::GetInstance().UintToKeyType(type); + EXPECT_EQ(key, 0); + + type = 1; + key = StorageDaemon::GetInstance().UintToKeyType(type); + EXPECT_EQ(key, 1); + + type = 2; + key = StorageDaemon::GetInstance().UintToKeyType(type); + EXPECT_EQ(key, 2); + + type = 3; + key = StorageDaemon::GetInstance().UintToKeyType(type); + EXPECT_EQ(key, 3); + + type = 4; + key = StorageDaemon::GetInstance().UintToKeyType(type); + EXPECT_EQ(key, 4); + GTEST_LOG_(INFO) << "Storage_Manager_StorageDaemonTest_UintToKeyType_001 end"; +} + +/** + * @tc.name: Storage_Manager_StorageDaemonTest_IsDirPathSupport_001 + * @tc.desc: Verify the UintToKeyType function when args are normal. + * @tc.type: FUNC + * @tc.require: AR20250418146433 + */ +HWTEST_F(StorageDaemonTest, Storage_Manager_StorageDaemonTest_IsDirPathSupport_001, TestSize.Level1) +{ + GTEST_LOG_(INFO) << "Storage_Manager_StorageDaemonTest_IsDirPathSupport_001 start"; + ASSERT_TRUE(storageDaemon_ != nullptr); + mode_t mode = 0771; + mode_t modeTemp = 0000; + std::string dirPathTemp = "/data/virt_service/rgm_hmos/anco_hmos_data/test1"; + std::string ancoPath = "/data/virt_service/rgm_hmos/anco_hmos_data/test"; + std::string nonePath = "/data/virt_service/rgm_hmos/test"; + auto ret_bool = StorageTest::StorageTestUtils::MkDir(ancoPath, mode); + EXPECT_TRUE(ret_bool); + auto ret = StorageDaemon::GetInstance().IsDirPathSupport(dirPathTemp); + EXPECT_EQ(ret, E_NOT_DIR_PATH); + + ret_bool = StorageTest::StorageTestUtils::MkDir(dirPathTemp, modeTemp); + EXPECT_TRUE(ret_bool); + ret = StorageDaemon::GetInstance().IsDirPathSupport(dirPathTemp); + EXPECT_EQ(ret, E_OK); + + ret_bool = StorageTest::StorageTestUtils::MkDir(nonePath, mode); + EXPECT_TRUE(ret_bool); + ret = StorageDaemon::GetInstance().IsDirPathSupport(nonePath); + EXPECT_EQ(ret, E_PARAMS_INVALID); + + ret_bool = StorageTest::StorageTestUtils::MkDir(ancoPath, mode); + EXPECT_TRUE(ret_bool); + ret = StorageDaemon::GetInstance().IsDirPathSupport(ancoPath); + EXPECT_EQ(ret, E_OK); + StorageTest::StorageTestUtils::RmDirRecurse(dirPathTemp); + StorageTest::StorageTestUtils::RmDirRecurse(nonePath); + GTEST_LOG_(INFO) << "Storage_Manager_StorageDaemonTest_IsDirPathSupport_001 end"; +} } // STORAGE_DAEMON } // OHOS diff --git a/services/storage_daemon/libfscrypt/src/fscrypt_control.c b/services/storage_daemon/libfscrypt/src/fscrypt_control.c index 98e19b8d46b417fe243d4b56225f66c10dd5a280..2587d2a60d3dc206ea55407b7961c710e7de1c1a 100644 --- a/services/storage_daemon/libfscrypt/src/fscrypt_control.c +++ b/services/storage_daemon/libfscrypt/src/fscrypt_control.c @@ -322,9 +322,10 @@ static int SetPolicyLegacy(const char *keyDescPath, LOGE("memcpy_s copy failed"); return ret; } - if (!KeyCtrlSetPolicy(toEncrypt, arg)) { + ret = KeyCtrlSetPolicy(toEncrypt, arg); + if (ret != 0) { LOGE("Set Policy v1 failed"); - return -EFAULT; + return ret; } return 0; } @@ -346,9 +347,10 @@ static int SetPolicyV2(const char *keyIdPath, LOGE("memcpy_s copy failed"); return ret; } - if (!KeyCtrlSetPolicy(toEncrypt, arg)) { + ret = KeyCtrlSetPolicy(toEncrypt, arg); + if (ret != 0) { LOGE("Set Policy v2 failed"); - return -EFAULT; + return ret; } return 0; } diff --git a/services/storage_daemon/libfscrypt/src/key_control.c b/services/storage_daemon/libfscrypt/src/key_control.c index 3e26da2e2c7da6f13aa37077bdc710959609a451..a3abd35b709602bda137238b7e278de76ec048f5 100644 --- a/services/storage_daemon/libfscrypt/src/key_control.c +++ b/services/storage_daemon/libfscrypt/src/key_control.c @@ -81,12 +81,12 @@ long KeyCtrlUnlink(key_serial_t key, key_serial_t keyring) return syscall(__NR_keyctl, KEYCTL_UNLINK, key, keyring); } -static bool FsIoctl(const char *mnt, unsigned long cmd, void *arg) +static int FsIoctl(const char *mnt, unsigned long cmd, void *arg) { char *realPath = realpath(mnt, NULL); if (realPath == NULL) { LOGE("realpath failed"); - return false; + return FSCRYPT_INVALID_REALPATH; } int fd = open(realPath, O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC); @@ -96,55 +96,57 @@ static bool FsIoctl(const char *mnt, unsigned long cmd, void *arg) } if (fd < 0) { LOGE("open %{public}s failed, errno:%{public}d", mnt, errno); - return false; + return FSCRYPT_INVALID_OPEN; } int ret = ioctl(fd, cmd, arg); - if (ret != 0 && cmd == FS_IOC_SET_ENCRYPTION_POLICY) { - RADAR_REPORT(mnt, "set policy failed! ", errno); - } if (ret != 0) { - LOGE("ioctl to %{public}s failed, errno:%{public}d", mnt, ret); + int errNo = errno; + if (cmd == FS_IOC_SET_ENCRYPTION_POLICY) { + RADAR_REPORT(mnt, "set policy failed! ", errno); + } + LOGE("FsIoctlWithError::ioctl to %{public}s failed, ret:%{public}d, errno:%{public}d, errNo:%{public}d", + mnt, ret, errno, errNo); (void)close(fd); - return false; + return errNo; } (void)close(fd); LOGI("success"); - return true; + return 0; } #ifdef SUPPORT_FSCRYPT_V2 -bool KeyCtrlInstallKey(const char *mnt, struct fscrypt_add_key_arg *arg) +int KeyCtrlInstallKey(const char *mnt, struct fscrypt_add_key_arg *arg) { LOGI("enter"); return FsIoctl(mnt, FS_IOC_ADD_ENCRYPTION_KEY, (void *)(arg)); } -bool KeyCtrlRemoveKey(const char *mnt, struct fscrypt_remove_key_arg *arg) +int KeyCtrlRemoveKey(const char *mnt, struct fscrypt_remove_key_arg *arg) { LOGI("enter"); return FsIoctl(mnt, FS_IOC_REMOVE_ENCRYPTION_KEY, (void *)arg); } -bool KeyCtrlGetKeyStatus(const char *mnt, struct fscrypt_get_key_status_arg *arg) +int KeyCtrlGetKeyStatus(const char *mnt, struct fscrypt_get_key_status_arg *arg) { LOGI("enter"); return FsIoctl(mnt, FS_IOC_GET_ENCRYPTION_KEY_STATUS, (void *)(arg)); } -bool KeyCtrlGetPolicyEx(const char *path, struct fscrypt_get_policy_ex_arg *policy) +int KeyCtrlGetPolicyEx(const char *path, struct fscrypt_get_policy_ex_arg *policy) { LOGI("enter"); return FsIoctl(path, FS_IOC_GET_ENCRYPTION_POLICY_EX, (void *)(policy)); } #endif -bool KeyCtrlSetPolicy(const char *path, union FscryptPolicy *policy) +int KeyCtrlSetPolicy(const char *path, union FscryptPolicy *policy) { LOGI("enter"); return FsIoctl(path, FS_IOC_SET_ENCRYPTION_POLICY, (void *)(policy)); } -bool KeyCtrlGetPolicy(const char *path, struct fscrypt_policy *policy) +int KeyCtrlGetPolicy(const char *path, struct fscrypt_policy *policy) { LOGI("enter"); return FsIoctl(path, FS_IOC_GET_ENCRYPTION_POLICY, (void *)(policy)); diff --git a/services/storage_daemon/mock/key_control_mock.cpp b/services/storage_daemon/mock/key_control_mock.cpp index 3b9607e932eaa115690344c4196547f66335b62a..9859689280ac16c2f3f234bf2cd3445d2ed2077d 100644 --- a/services/storage_daemon/mock/key_control_mock.cpp +++ b/services/storage_daemon/mock/key_control_mock.cpp @@ -89,28 +89,28 @@ key_serial_t KeyCtrlAddAppAsdpKey(const char *type, } #ifdef SUPPORT_FSCRYPT_V2 -bool KeyCtrlInstallKey(const char *mnt, struct fscrypt_add_key_arg *arg) +int KeyCtrlInstallKey(const char *mnt, struct fscrypt_add_key_arg *arg) { return IKeyControlMoc::keyControlMoc->KeyCtrlInstallKey(mnt, arg); } -bool KeyCtrlRemoveKey(const char *mnt, struct fscrypt_remove_key_arg *arg) +int KeyCtrlRemoveKey(const char *mnt, struct fscrypt_remove_key_arg *arg) { return IKeyControlMoc::keyControlMoc->KeyCtrlRemoveKey(mnt, arg); } -bool KeyCtrlGetKeyStatus(const char *mnt, struct fscrypt_get_key_status_arg *arg) +int KeyCtrlGetKeyStatus(const char *mnt, struct fscrypt_get_key_status_arg *arg) { return IKeyControlMoc::keyControlMoc->KeyCtrlGetKeyStatus(mnt, arg); } -bool KeyCtrlGetPolicyEx(const char *path, struct fscrypt_get_policy_ex_arg *policy) +int KeyCtrlGetPolicyEx(const char *path, struct fscrypt_get_policy_ex_arg *policy) { return IKeyControlMoc::keyControlMoc->KeyCtrlGetPolicyEx(path, policy); } #endif -bool KeyCtrlSetPolicy(const char *path, union FscryptPolicy *policy) +int KeyCtrlSetPolicy(const char *path, union FscryptPolicy *policy) { return IKeyControlMoc::keyControlMoc->KeyCtrlSetPolicy(path, policy); } diff --git a/services/storage_daemon/utils/storage_radar.cpp b/services/storage_daemon/utils/storage_radar.cpp index 1283d8bd474d3966564c139fda554ad932a98ad8..ff5271950683337e643c629f49c976d08bf345b7 100644 --- a/services/storage_daemon/utils/storage_radar.cpp +++ b/services/storage_daemon/utils/storage_radar.cpp @@ -263,6 +263,22 @@ void StorageRadar::ReportTEEClientResult(const std::string &funcName, int32_t re StorageRadar::GetInstance().RecordFuctionResult(param); } +void StorageRadar::ReportCommonResult(const std::string &funcName, int32_t ret, unsigned int userId, + const std::string &extraData) +{ + RadarParameter param = { + .orgPkg = DEFAULT_ORGPKGNAME, + .userId = userId, + .funcName = funcName, + .bizScene = BizScene::USER_KEY_ENCRYPTION, + .bizStage = BizStage::BIZ_STAGE_NOT_PERMISSION, + .keyElxLevel = "NA", + .errorCode = ret, + .extraData = extraData, + }; + StorageRadar::GetInstance().RecordFuctionResult(param); +} + void StorageRadar::ReportBundleMgrResult(const std::string &funcName, int32_t ret, unsigned int userId, const std::string &extraData) { diff --git a/services/storage_manager/IStorageManager.idl b/services/storage_manager/IStorageManager.idl index e4762bb88e3b683a52567dc8f2a53c5190c66cc7..456646fe968ff77cdb076c46dbd4914a4989488c 100644 --- a/services/storage_manager/IStorageManager.idl +++ b/services/storage_manager/IStorageManager.idl @@ -110,4 +110,5 @@ interface OHOS.StorageManager.IStorageManager { [ipccode 74] void CreateUserDir([in] String path, [in] unsigned int mode, [in] unsigned int uid, [in] unsigned int gid); [ipccode 75] void DeleteUserDir([in] String path); + [ipccode 76] void SetDirEncryptionPolicy([in] unsigned int userId, [in] String dirPath, [in] unsigned int type); } \ No newline at end of file diff --git a/services/storage_manager/crypto/filesystem_crypto.cpp b/services/storage_manager/crypto/filesystem_crypto.cpp index 13049f04e54b342e42451a4fb162780a8c4a8e86..acf3e9977cabe0624cb591655e9172d0aba0d24d 100644 --- a/services/storage_manager/crypto/filesystem_crypto.cpp +++ b/services/storage_manager/crypto/filesystem_crypto.cpp @@ -324,5 +324,19 @@ int32_t FileSystemCrypto::UnregisterUeceActivationCallback() sdCommunication = DelayedSingleton::GetInstance(); return sdCommunication->UnregisterUeceActivationCallback(); } + +int32_t FileSystemCrypto::SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, uint32_t level) +{ + LOGI("Enter SetDirEncryptionPolicy."); + int32_t err = CheckUserIdRange(userId); + if (err != E_OK || userId != StorageService::ZERO_USER) { + LOGE("User ID out of range"); + return err; + } + + std::shared_ptr sdCommunication; + sdCommunication = DelayedSingleton::GetInstance(); + return sdCommunication->SetDirEncryptionPolicy(userId, dirPath, level); +} } } diff --git a/services/storage_manager/crypto/test/filesystem_crypto_test.cpp b/services/storage_manager/crypto/test/filesystem_crypto_test.cpp index 337d5427def9cfb62469c9f3fd204d23eaa73e22..bf8a89d515ac7bbca16bd7b287916fbed47133ad 100644 --- a/services/storage_manager/crypto/test/filesystem_crypto_test.cpp +++ b/services/storage_manager/crypto/test/filesystem_crypto_test.cpp @@ -139,6 +139,32 @@ HWTEST_F(FileSystemCryptoTest, Storage_manager_crypto_ActiveUserKey_0000, testin GTEST_LOG_(INFO) << "FileSystemCryptoTest-end Storage_manager_crypto_ActiveUserKey_0000"; } +/** + * @tc.number: SUB_STORAGE_Storage_manager_crypto_SetDirEncryptionPolicy + * @tc.name: Storage_manager_crypto_SetDirEncryptionPolicy + * @tc.desc: Test function of SetDirEncryptionPolicy. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: AR20250418146433 + */ +HWTEST_F(FileSystemCryptoTest, Storage_manager_crypto_SetDirEncryptionPolicy, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "Storage_manager_crypto_SetDirEncryptionPolicy start"; + std::shared_ptr fileSystemCrypto_ = + DelayedSingleton::GetInstance(); + ASSERT_NE(fileSystemCrypto_, nullptr); + std::string dirPath = "/data/service/test"; + uint32_t type = 6; + uint32_t userId = 19999; + uint32_t ret = fileSystemCrypto_->SetDirEncryptionPolicy(userId, dirPath, type); + EXPECT_EQ(ret, E_USERID_RANGE); + userId = 100; + ret = fileSystemCrypto_->SetDirEncryptionPolicy(userId, dirPath, type); + EXPECT_EQ(ret, E_OK); + GTEST_LOG_(INFO) << "Storage_manager_crypto_SetDirEncryptionPolicy end"; +} + /** * @tc.number: SUB_STORAGE_Storage_manager_crypto_ActiveUserKey_0001 * @tc.name: Storage_manager_crypto_ActiveUserKey_0001 diff --git a/services/storage_manager/include/client/storage_manager_client.h b/services/storage_manager/include/client/storage_manager_client.h index a3195e364e2857d35f7baa62c6233ee3ee0b70af..a966f266d4670f122f2aa4299de84c08f1088e51 100644 --- a/services/storage_manager/include/client/storage_manager_client.h +++ b/services/storage_manager/include/client/storage_manager_client.h @@ -18,6 +18,7 @@ #include "storage_manager_proxy.h" #include "iuece_activation_callback.h" +#include "storage_service_constants.h" namespace OHOS { namespace StorageManager { @@ -47,6 +48,8 @@ public: static int32_t GetLockScreenStatus(uint32_t userId, bool &lockScreenStatus); static int32_t MountDfsDocs(int32_t userId, const std::string &relativePath, const std::string &networkId, const std::string &deviceId); + static int32_t SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, + StorageService::EncryptionLevel level); static int32_t UMountDfsDocs(int32_t userId, const std::string &relativePath, const std::string &networkId, const std::string &deviceId); static int32_t GetFileEncryptStatus(uint32_t userId, bool &isEncrypted, bool needCheckDirMount = false); diff --git a/services/storage_manager/include/crypto/filesystem_crypto.h b/services/storage_manager/include/crypto/filesystem_crypto.h index ecfeab73a3161a920dd475075ff03208ca1d35b3..6c13c80e3ab68dfb4b710395bdafc9abd401c6ef 100644 --- a/services/storage_manager/include/crypto/filesystem_crypto.h +++ b/services/storage_manager/include/crypto/filesystem_crypto.h @@ -18,6 +18,7 @@ #include #include "iuece_activation_callback.h" +#include "storage_service_constants.h" namespace OHOS { namespace StorageManager { @@ -61,6 +62,7 @@ public: int32_t InactiveUserPublicDirKey(uint32_t userId); int32_t RegisterUeceActivationCallback(const sptr &ueceCallback); int32_t UnregisterUeceActivationCallback(); + int32_t SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, uint32_t level); private: int32_t CheckUserIdRange(int32_t userId); FileSystemCrypto(); diff --git a/services/storage_manager/include/ipc/storage_manager.h b/services/storage_manager/include/ipc/storage_manager.h index a1b1cf39a44abb42eb519a5c9d89a7f4cf646cf1..73b48e7c04a75f2621bde8a752c7505f309394d2 100644 --- a/services/storage_manager/include/ipc/storage_manager.h +++ b/services/storage_manager/include/ipc/storage_manager.h @@ -139,6 +139,7 @@ public: int32_t UMountDisShareFile(int32_t userId, const std::string &networkId); int32_t RegisterUeceActivationCallback(const sptr &ueceCallback); int32_t UnregisterUeceActivationCallback(); + int32_t SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, uint32_t level); std::mutex mutex_; private: StorageManager() = default; diff --git a/services/storage_manager/include/ipc/storage_manager_provider.h b/services/storage_manager/include/ipc/storage_manager_provider.h index 7456015001f74461ac48306528cf7bfd7d573a0f..2b97868430a737c139ee59f3140f5bafa6e6efc7 100644 --- a/services/storage_manager/include/ipc/storage_manager_provider.h +++ b/services/storage_manager/include/ipc/storage_manager_provider.h @@ -116,6 +116,7 @@ public: int32_t UnlockUserScreen(uint32_t userId, const std::vector &token, const std::vector &secret) override; + int32_t SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, uint32_t level) override; int32_t GetLockScreenStatus(uint32_t userId, bool &lockScreenStatus) override; int32_t GenerateAppkey(uint32_t hashId, uint32_t userId, std::string &keyId, bool needReSet = false) override; int32_t DeleteAppkey(const std::string &keyId) override; diff --git a/services/storage_manager/include/mock/storage_daemon_proxy_mock.h b/services/storage_manager/include/mock/storage_daemon_proxy_mock.h index 15eb530edcfe4efe6a274f0f78834e263eafb329..cb7df9ee0eaf1402250784242e2ee7cdac565378 100644 --- a/services/storage_manager/include/mock/storage_daemon_proxy_mock.h +++ b/services/storage_manager/include/mock/storage_daemon_proxy_mock.h @@ -93,6 +93,7 @@ public: const std::string &networkId, const std::string &deviceId) override; virtual int32_t GetFileEncryptStatus(uint32_t userId, bool &isEncrypted, bool needCheckDirMount = false) override; virtual int32_t GetUserNeedActiveStatus(uint32_t userId, bool &needActive) override; + virtual int32_t SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, uint32_t type) override; virtual int32_t MountMediaFuse(int32_t userId, int32_t &devFd) override; virtual int32_t UMountMediaFuse(int32_t userId) override; diff --git a/services/storage_manager/include/mock/storage_manager_proxy_mock.h b/services/storage_manager/include/mock/storage_manager_proxy_mock.h index feb78412b3e98beee79441e7f79651b3d1a71c63..522bd09e4a7765a5f7eb24ffcc7a8308e26d426e 100644 --- a/services/storage_manager/include/mock/storage_manager_proxy_mock.h +++ b/services/storage_manager/include/mock/storage_manager_proxy_mock.h @@ -49,6 +49,7 @@ public: const std::string &fsUuid, const std::string &path, const std::string &description) override; + int32_t SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, uint32_t type) override; int32_t NotifyVolumeStateChanged(const std::string& volumeId, uint32_t state) override; int32_t NotifyVolumeDamaged(const std::string &volumeId, const std::string &fsTypeStr, diff --git a/services/storage_manager/include/storage_daemon_communication/storage_daemon_communication.h b/services/storage_manager/include/storage_daemon_communication/storage_daemon_communication.h index 421484e8e67a59627333cbaecacdec36e7448cdf..a13ea7ad94ecce574f0b921c258c187b50d7f067 100644 --- a/services/storage_manager/include/storage_daemon_communication/storage_daemon_communication.h +++ b/services/storage_manager/include/storage_daemon_communication/storage_daemon_communication.h @@ -112,7 +112,7 @@ public: // el5 filekey manager int32_t RegisterUeceActivationCallback(const sptr &ueceCallback); int32_t UnregisterUeceActivationCallback(); - + int32_t SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, uint32_t level); int32_t CreateUserDir(const std::string &path, mode_t mode, uid_t uid, gid_t gid); int32_t DeleteUserDir(const std::string &path); diff --git a/services/storage_manager/ipc/src/storage_manager.cpp b/services/storage_manager/ipc/src/storage_manager.cpp index 77e63765a30ebeaebc90d5615f0d39ea5d90744b..94ab8d2bece4c860d75b514be38da198ab377564 100644 --- a/services/storage_manager/ipc/src/storage_manager.cpp +++ b/services/storage_manager/ipc/src/storage_manager.cpp @@ -848,6 +848,16 @@ int32_t StorageManager::InactiveUserPublicDirKey(uint32_t userId) #endif } +int32_t StorageManager::SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, uint32_t level) +{ +#ifdef USER_CRYPTO_MANAGER + LOGI("StorageManger::SetDirEncryptionPolicy start"); + return FileSystemCrypto::GetInstance().SetDirEncryptionPolicy(userId, dirPath, level); +#else + return E_OK; +#endif +} + int32_t StorageManager::RegisterUeceActivationCallback(const sptr &ueceCallback) { return FileSystemCrypto::GetInstance().RegisterUeceActivationCallback(ueceCallback); diff --git a/services/storage_manager/ipc/src/storage_manager_provider.cpp b/services/storage_manager/ipc/src/storage_manager_provider.cpp index b31dfc2cff6dcd9d800653547dd900a31ab568e7..373acae32d7fead2ea3136d0e31d68880b81a89c 100644 --- a/services/storage_manager/ipc/src/storage_manager_provider.cpp +++ b/services/storage_manager/ipc/src/storage_manager_provider.cpp @@ -226,6 +226,14 @@ int32_t StorageManagerProvider::GetBundleStats(const std::string &pkgName, return StorageManager::GetInstance().GetBundleStats(pkgName, bundleStats, appIndex, statFlag); } +int32_t StorageManagerProvider::SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, uint32_t level) +{ + if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER_CRYPT)) { + return E_PERMISSION_DENIED; + } + return StorageManager::GetInstance().SetDirEncryptionPolicy(userId, dirPath, level); +} + int32_t StorageManagerProvider::GetSystemSize(int64_t &systemSize) { if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) { diff --git a/services/storage_manager/ipc/test/storage_manager_provider_permission_test.cpp b/services/storage_manager/ipc/test/storage_manager_provider_permission_test.cpp index 48d7d15af5910e203ace07a7c64d22084d1b32d9..8f17959fe79449f05f7d981516b759b568842bc7 100644 --- a/services/storage_manager/ipc/test/storage_manager_provider_permission_test.cpp +++ b/services/storage_manager/ipc/test/storage_manager_provider_permission_test.cpp @@ -299,6 +299,24 @@ HWTEST_F(StorageManagerProviderTest, StorageManagerProviderTest_GetSystemSize_00 GTEST_LOG_(INFO) << "StorageManagerProviderTest_GetSystemSize_002 end"; } +/** + * @tc.name: StorageManagerProviderTest_SetDirEncryptionPolicy_001 + * @tc.desc: Verify the SetDirEncryptionPolicy function. + * @tc.type: FUNC + * @tc.require: AR000H09L6 + */ +HWTEST_F(StorageManagerProviderTest, StorageManagerProviderTest_SetDirEncryptionPolicyk_001, TestSize.Level1) +{ + GTEST_LOG_(INFO) << "StorageManagerProviderTest_SetDirEncryptionPolicyk_001 start"; + ASSERT_TRUE(storageManagerProviderTest_ != nullptr); + uint32_t userId = 100; + std::string dirPath = "/test"; + uint32_t type = 2; + auto ret = storageManagerProviderTest_->SetDirEncryptionPolicy(userId, dirPath, type); + EXPECT_EQ(ret, E_OK); + GTEST_LOG_(INFO) << "StorageManagerProviderTest_SetDirEncryptionPolicyk_001 end"; +} + /** * @tc.name: StorageManagerProviderTest_GetUserStorageStats_002 * @tc.desc: Verify the GetUserStorageStats function. diff --git a/services/storage_manager/ipc/test/storage_manager_provider_test.cpp b/services/storage_manager/ipc/test/storage_manager_provider_test.cpp index ce1fe44b11db75e126b3de9e6983a6db89d1b642..9c86a3d843d3a981ffb736b79fb84f217997b0f0 100644 --- a/services/storage_manager/ipc/test/storage_manager_provider_test.cpp +++ b/services/storage_manager/ipc/test/storage_manager_provider_test.cpp @@ -134,6 +134,24 @@ HWTEST_F(StorageManagerProviderTest, StorageManagerProviderTest_StopUser_001, Te GTEST_LOG_(INFO) << "StorageManagerProviderTest_StopUser_001 end"; } +/** + * @tc.name: StorageManagerProviderTest_SetDirEncryptionPolicy_001 + * @tc.desc: Verify the SetDirEncryptionPolicy function. + * @tc.type: FUNC + * @tc.require: AR20250418146433 + */ +HWTEST_F(StorageManagerProviderTest, StorageManagerProviderTest_SetDirEncryptionPolicy_001, TestSize.Level1) +{ + GTEST_LOG_(INFO) << "StorageManagerProviderTest_SetDirEncryptionPolicy_001 start"; + ASSERT_TRUE(storageManagerProviderTest_ != nullptr); + uint32_t userId = 100; + std::string dirPath = "/test"; + uint32_t type = 2; + auto ret = storageManagerProviderTest_->SetDirEncryptionPolicy(userId, dirPath, type); + EXPECT_EQ(ret, E_PERMISSION_DENIED); + GTEST_LOG_(INFO) << "StorageManagerProviderTest_SetDirEncryptionPolicy_001 end"; +} + /** * @tc.name: StorageManagerProviderTest_CompleteAddUser_001 * @tc.desc: Verify the CompleteAddUser function. diff --git a/services/storage_manager/mock/storage_daemon_proxy_mock.cpp b/services/storage_manager/mock/storage_daemon_proxy_mock.cpp index ced7001d6ea64514c0e871a2fa5f435d4a637239..69982fdf49dcb4de34fd12a1ea0b77da1e549cc4 100644 --- a/services/storage_manager/mock/storage_daemon_proxy_mock.cpp +++ b/services/storage_manager/mock/storage_daemon_proxy_mock.cpp @@ -101,6 +101,11 @@ int32_t StorageDaemonProxy::InitGlobalUserKeys(void) return E_OK; } +int32_t StorageDaemonProxy::SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, uint32_t type) +{ + return E_OK; +} + int32_t StorageDaemonProxy::DeleteUserKeys(uint32_t userId) { return E_OK; diff --git a/services/storage_manager/mock/storage_manager_proxy_mock.cpp b/services/storage_manager/mock/storage_manager_proxy_mock.cpp index 031a6376c3359ff3e40bfe093020f1e3208fac2e..d2007dd3c1059124aa5067fa8dcf1ad75e0435d0 100644 --- a/services/storage_manager/mock/storage_manager_proxy_mock.cpp +++ b/services/storage_manager/mock/storage_manager_proxy_mock.cpp @@ -43,6 +43,11 @@ int32_t StorageManagerProxy::CompleteAddUser(int32_t userId) return E_OK; } +int32_t StorageManagerProxy::SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, uint32_t type) +{ + return E_OK; +} + int32_t StorageManagerProxy::DeleteUserKeys(uint32_t userId) { return E_OK; diff --git a/services/storage_manager/storage_daemon_communication/src/storage_daemon_communication.cpp b/services/storage_manager/storage_daemon_communication/src/storage_daemon_communication.cpp index 11a8ee347f99fe132784cbee292bd0ad52286a06..204aa8b1c621b401bc4f0c53ca7c064f5a95ffef 100644 --- a/services/storage_manager/storage_daemon_communication/src/storage_daemon_communication.cpp +++ b/services/storage_manager/storage_daemon_communication/src/storage_daemon_communication.cpp @@ -932,5 +932,20 @@ int32_t StorageDaemonCommunication::DeleteUserDir(const std::string &path) } return storageDaemon_->DeleteUserDir(path); } + +int32_t StorageDaemonCommunication::SetDirEncryptionPolicy(uint32_t userId, + const std::string &dirPath, uint32_t level) +{ + int32_t err = Connect(); + if (err != E_OK) { + LOGE("Connect failed"); + return err; + } + if (storageDaemon_ == nullptr) { + LOGE("StorageDaemonCommunication::Connect service nullptr"); + return E_SERVICE_IS_NULLPTR; + } + return storageDaemon_->SetDirEncryptionPolicy(userId, dirPath, level); +} } // namespace StorageManager } // namespace OHOS diff --git a/services/storage_manager/storage_daemon_communication/test/storage_daemon_communication_sub_test.cpp b/services/storage_manager/storage_daemon_communication/test/storage_daemon_communication_sub_test.cpp index f06acf3d3f49042d891a479e596d41d11a4acfd6..f994afe7e22aa3a2b35e43cf8cd6cd555f54335e 100644 --- a/services/storage_manager/storage_daemon_communication/test/storage_daemon_communication_sub_test.cpp +++ b/services/storage_manager/storage_daemon_communication/test/storage_daemon_communication_sub_test.cpp @@ -150,6 +150,43 @@ HWTEST_F(StorageDaemonCommunicationTest, Daemon_communication_Connect_0000, Test GTEST_LOG_(INFO) << "StorageDaemonCommunicationTest-end Daemon_communication_Connect_0000"; } +/** + * @tc.number: SUB_STORAGE_Daemon_communication_SetDirEncryptionPolicy_0000 + * @tc.name: Daemon_communication_MountDisShareFile_0000 + * @tc.desc: Test function of SetDirEncryptionPolicy interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: AR000H0FG3 + */ +HWTEST_F(StorageDaemonCommunicationTest, SUB_STORAGE_Daemon_communication_SetDirEncryptionPolicy_0000, + testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "StorageDaemonCommunicationTest-begin SetDirEncryptionPolicy_0000"; + ASSERT_TRUE(sdCommunication != nullptr); + std::string dirPath = "/data/service/test"; + uint32_t userId = 100; + uint32_t type = 2; + std::map shareFiles; + sdCommunication->storageDaemon_ = nullptr; + EXPECT_CALL(*sa, GetSystemAbilityManager()).WillOnce(Return(nullptr)); + EXPECT_EQ(sdCommunication->SetDirEncryptionPolicy(userId, dirPath, type), E_SA_IS_NULLPTR); + + EXPECT_CALL(*sa, GetSystemAbilityManager()).WillOnce(Return(sam)); + EXPECT_CALL(*sam, GetSystemAbility(_)).WillOnce(Return(sd)); + EXPECT_CALL(*sd, AddDeathRecipient(_)).WillOnce(DoAll(Invoke([sdCommunication {sdCommunication}] () { + sdCommunication->storageDaemon_ = nullptr; + }), Return(true))); + EXPECT_EQ(sdCommunication->SetDirEncryptionPolicy(userId, dirPath, type), E_SERVICE_IS_NULLPTR); + + EXPECT_CALL(*sa, GetSystemAbilityManager()).WillOnce(Return(sam)); + EXPECT_CALL(*sam, GetSystemAbility(_)).WillOnce(Return(sd)); + EXPECT_CALL(*sd, AddDeathRecipient(_)).WillOnce(Return(true)); + EXPECT_CALL(*sd, SetDirEncryptionPolicy(_, _, _)).WillOnce(Return(E_OK)); + EXPECT_EQ(sdCommunication->SetDirEncryptionPolicy(userId, dirPath, type), E_OK); + GTEST_LOG_(INFO) << "StorageDaemonCommunicationTest-end SetDirEncryptionPolicy_0000_SUCCESS"; +} + /** * @tc.number: SUB_STORAGE_Daemon_communication_PrepareAddUser_0000 * @tc.name: Daemon_communication_PrepareAddUser_0000 diff --git a/services/storage_manager/storage_daemon_communication/test/storage_daemon_communication_test.cpp b/services/storage_manager/storage_daemon_communication/test/storage_daemon_communication_test.cpp index 72fffeb811358ea7ef5fe91632ca1740aa5e2365..23b0cee0ab05d70fc3ab421b08424b3fd4635c27 100644 --- a/services/storage_manager/storage_daemon_communication/test/storage_daemon_communication_test.cpp +++ b/services/storage_manager/storage_daemon_communication/test/storage_daemon_communication_test.cpp @@ -63,6 +63,29 @@ HWTEST_F(StorageDaemonCommunicationTest, Daemon_communication_Connect_0000, test GTEST_LOG_(INFO) << "StorageDaemonCommunicationTest-end Daemon_communication_Connect_0000"; } +/** + * @tc.number: SUB_STORAGE_Daemon_communication_SetDirEncryptionPolicy_0000 + * @tc.name: Daemon_communication_SetDirEncryptionPolicy_0000 + * @tc.desc: Test function of SetDirEncryptionPolicy interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: AR000H0FG3 + */ +HWTEST_F(StorageDaemonCommunicationTest, Daemon_communication_SetDirEncryptionPolicy_0000, + testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "StorageDaemonCommunicationTest-begin Daemon_communication_SetDirEncryptionPolicy_0000 SUCCESS"; + std::shared_ptr sdCommunication = + DelayedSingleton::GetInstance(); + std::string dirPath = "/data/service/test"; + uint32_t userId = 100; + uint32_t type = 2; + int32_t result = sdCommunication->SetDirEncryptionPolicy(userId, dirPath, type); + EXPECT_EQ(result, E_OK); + GTEST_LOG_(INFO) << "StorageDaemonCommunicationTest-end Daemon_communication_SetDirEncryptionPolicy_0000 SUCCESS"; +} + /** * @tc.number: SUB_STORAGE_Daemon_communication_PrepareAddUser_0000 * @tc.name: Daemon_communication_PrepareAddUser_0000 diff --git a/test/fuzztest/storagemanagerproxy_fuzzer/storagemanagerproxymock.h b/test/fuzztest/storagemanagerproxy_fuzzer/storagemanagerproxymock.h index e825077f69a0fb6de7a8c9b7b42c6d1f20222448..087a1c8b686f916f1c09b962d96bf9bf28bad9bf 100644 --- a/test/fuzztest/storagemanagerproxy_fuzzer/storagemanagerproxymock.h +++ b/test/fuzztest/storagemanagerproxy_fuzzer/storagemanagerproxymock.h @@ -188,6 +188,17 @@ public: return E_OK; } + int32_t SetDirEncryptionPolicy(uint32_t userId, const std::string &dirPath, + StorageService::EncryptionLevel level) override + { + return E_OK; + } + + int32_t GenerateUserKeys(uint32_t userId, uint32_t flags) override + { + return E_OK; + } + int32_t DeleteUserKeys(uint32_t userId) override { return E_OK;