From 76bf06c157d2dc81fe872db929c97d1f5f2c344b Mon Sep 17 00:00:00 2001 From: yang1946 Date: Wed, 29 Nov 2023 17:09:27 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BB=A3=E7=A0=81=E7=AD=BE=E5=90=8D=E6=80=A7?= =?UTF-8?q?=E8=83=BD=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: yang1946 --- interfaces/innerkits/code_sign_utils/BUILD.gn | 1 + .../include/code_sign_enable_multi_task.h | 71 ++++++++++ .../code_sign_utils/include/code_sign_utils.h | 16 ++- .../src/code_sign_enable_multi_task.cpp | 131 ++++++++++++++++++ .../code_sign_utils/src/code_sign_utils.cpp | 74 +++++----- interfaces/innerkits/common/include/errcode.h | 1 + test/unittest/code_sign_utils_test.cpp | 55 ++++++-- 7 files changed, 291 insertions(+), 58 deletions(-) create mode 100644 interfaces/innerkits/code_sign_utils/include/code_sign_enable_multi_task.h create mode 100644 interfaces/innerkits/code_sign_utils/src/code_sign_enable_multi_task.cpp diff --git a/interfaces/innerkits/code_sign_utils/BUILD.gn b/interfaces/innerkits/code_sign_utils/BUILD.gn index 88817b0..299823d 100644 --- a/interfaces/innerkits/code_sign_utils/BUILD.gn +++ b/interfaces/innerkits/code_sign_utils/BUILD.gn @@ -22,6 +22,7 @@ ohos_shared_library("libcode_sign_utils") { sources = [ "${code_signature_root_dir}/utils/src/code_sign_block.cpp", "${code_signature_root_dir}/utils/src/file_helper.cpp", + "src/code_sign_enable_multi_task.cpp", "src/code_sign_utils.cpp", "src/stat_utils.cpp", ] diff --git a/interfaces/innerkits/code_sign_utils/include/code_sign_enable_multi_task.h b/interfaces/innerkits/code_sign_utils/include/code_sign_enable_multi_task.h new file mode 100644 index 0000000..64ef9b0 --- /dev/null +++ b/interfaces/innerkits/code_sign_utils/include/code_sign_enable_multi_task.h @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CODE_SIGN_ENABLE_MULTI_TASK_H +#define CODE_SIGN_ENABLE_MULTI_TASK_H + +#include +#include +#include +#include +#include +#include +#include + +#include "thread_pool.h" + +namespace OHOS { +namespace Security { +namespace CodeSign { +typedef int32_t CallbackFunc(const std::string &path, const struct code_sign_enable_arg &arg); + +class CodeSignEnableMultiTask { +public: + CodeSignEnableMultiTask(); + ~CodeSignEnableMultiTask(); + /** + * @brief Add task data for code signing + * @param targetFile hap or so real path on disk + * @param code_sign_enable_arg arg + */ + void AddTaskData(const std::string &targetFile, const struct code_sign_enable_arg &arg); + /** + * @brief Execute code signature addition task + * @param taskRet Returned execution results + * @param ownerId app-identifier of the signature + * @param path hap real path on disk + * @param func Callback enable function + * @return Timed out or not + */ + bool ExecuteEnableCodeSignTask(int32_t &taskRet, const std::string &ownerId, + const std::string &path, CallbackFunc &func); +private: + void SortTaskData(); + void ExecuteEnableCodeSignTask(uint32_t &index, int32_t &taskRet, const std::string &ownerId, + const std::string &path, CallbackFunc &func); + int32_t CheckOwnerId(const std::string &path, const std::string &ownerId, + const uint8_t *sigPtr, uint32_t sigSize); +private: + std::mutex cvLock_; + std::condition_variable taskfinish_; + std::vector> enableData_; + OHOS::ThreadPool enableCodeSignTaskWorker_; + uint32_t taskCallBack_; +}; +} +} +} + +#endif \ No newline at end of file diff --git a/interfaces/innerkits/code_sign_utils/include/code_sign_utils.h b/interfaces/innerkits/code_sign_utils/include/code_sign_utils.h index 627d173..b6028b0 100644 --- a/interfaces/innerkits/code_sign_utils/include/code_sign_utils.h +++ b/interfaces/innerkits/code_sign_utils/include/code_sign_utils.h @@ -31,9 +31,10 @@ namespace CodeSign { using EntryMap = std::unordered_map; typedef enum { - FILE_ALL, - FILE_SELF, - FILE_ENTRY_ONLY, + FILE_ALL, // Enable hap and so(new and historical records) + FILE_SELF, // Only enable hap + FILE_ENTRY_ONLY, // Only enable so(new and historical records) + FILE_ENTRY_ADD, // Only record, not enable FILE_TYPE_MAX, } FileType; @@ -54,7 +55,7 @@ public: * @param type signature file type * @return err code, see err_code.h */ - static int32_t EnforceCodeSignForApp(const std::string &path, const EntryMap &entryPathMap, FileType type); + int32_t EnforceCodeSignForApp(const std::string &path, const EntryMap &entryPathMap, FileType type); /** * @brief Enforce code signature for app with ownerID @@ -64,7 +65,7 @@ public: * @param type signature file type * @return err code, see err_code.h */ - static int32_t EnforceCodeSignForAppWithOwnerId(std::string ownerId, const std::string &path, + int32_t EnforceCodeSignForAppWithOwnerId(const std::string &ownerId, const std::string &path, const EntryMap &entryPathMap, FileType type); /** @@ -108,8 +109,9 @@ private: static int32_t IsFsVerityEnabled(int fd); static int32_t EnableCodeSignForFile(const std::string &path, const struct code_sign_enable_arg &arg); static void ShowCodeSignInfo(const std::string &path, const struct code_sign_enable_arg &arg); - static int32_t CheckOwnerId(const std::string &path, const std::string &ownerId, - const uint8_t *sigPtr, uint32_t sigSize); + static int32_t IsValidPathAndFileType(const std::string &path, std::string &realPath, FileType type); +private: + EntryMap storedEntryMap_; }; } } diff --git a/interfaces/innerkits/code_sign_utils/src/code_sign_enable_multi_task.cpp b/interfaces/innerkits/code_sign_utils/src/code_sign_enable_multi_task.cpp new file mode 100644 index 0000000..dd828fd --- /dev/null +++ b/interfaces/innerkits/code_sign_utils/src/code_sign_enable_multi_task.cpp @@ -0,0 +1,131 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "code_sign_enable_multi_task.h" + +#include "byte_buffer.h" +#include "cs_hisysevent.h" +#include "errcode.h" +#include "log.h" +#include "signer_info.h" + +namespace OHOS { +namespace Security { +namespace CodeSign { +constexpr uint32_t CODE_SIGN_TASK_TIMEOUT_MS = 300000; +constexpr uint32_t DEFAULT_THREADS_NUM = 8; + +CodeSignEnableMultiTask::CodeSignEnableMultiTask(): enableCodeSignTaskWorker_("EnableCodeSign"), taskCallBack_(0) +{ + enableCodeSignTaskWorker_.Start(DEFAULT_THREADS_NUM); +} + +CodeSignEnableMultiTask::~CodeSignEnableMultiTask() +{ + enableCodeSignTaskWorker_.Stop(); +} + +void CodeSignEnableMultiTask::AddTaskData(const std::string &targetFile, const struct code_sign_enable_arg &arg) +{ + enableData_.push_back(std::pair(targetFile, arg)); +} + +bool CodeSignEnableMultiTask::ExecuteEnableCodeSignTask(int32_t &taskRet, const std::string &ownerId, + const std::string &path, CallbackFunc &func) +{ + SortTaskData(); + + for (uint32_t i = 0; i < enableData_.size(); i++) { + LOG_DEBUG(LABEL, "index: %{public}d, name:%{public}s, %{public}lld", + i, enableData_[i].first.c_str(), enableData_[i].second.data_size); + ExecuteEnableCodeSignTask(i, taskRet, ownerId, path, func); + } + + std::unique_lock lock(cvLock_); + auto waitStatus = taskfinish_.wait_for(lock, std::chrono::milliseconds(CODE_SIGN_TASK_TIMEOUT_MS), + [this]() { return this->enableData_.size() == this->taskCallBack_; }); + return waitStatus; +} + +void CodeSignEnableMultiTask::SortTaskData() +{ + auto compareFileDataSize = [](const std::pair &a, + const std::pair &b) { + return a.second.data_size > b.second.data_size; + }; + sort(enableData_.begin(), enableData_.end(), compareFileDataSize); +} + +void CodeSignEnableMultiTask::ExecuteEnableCodeSignTask(uint32_t &index, int32_t &taskRet, + const std::string &ownerId, const std::string &path, CallbackFunc &func) +{ + auto enableCodeSignTask = [this, index, &ownerId, &path, &func, &taskRet]() { + LOG_DEBUG(LABEL, "ExecuteEnableCodeSignTask task called"); + { + std::unique_lock lock(cvLock_); + if (taskRet != CS_SUCCESS) { + this->taskCallBack_++; + if (this->taskCallBack_ == this->enableData_.size()) { + this->taskfinish_.notify_one(); + } + return; + } + } + + int32_t ret = CheckOwnerId(path, ownerId, + reinterpret_cast(this->enableData_[index].second.sig_ptr), + this->enableData_[index].second.sig_size); + if (ret == CS_SUCCESS) { + ret = func(this->enableData_[index].first, this->enableData_[index].second); + } + LOG_DEBUG(LABEL, "Task return info index: %{public}d, ret: %{public}d", index, ret); + + std::unique_lock lock(cvLock_); + if (taskRet == CS_SUCCESS) { + taskRet = ret; + } + this->taskCallBack_++; + if (this->taskCallBack_ == this->enableData_.size()) { + this->taskfinish_.notify_one(); + } + }; + enableCodeSignTaskWorker_.AddTask(enableCodeSignTask); +} + +int32_t CodeSignEnableMultiTask::CheckOwnerId(const std::string &path, const std::string &ownerId, + const uint8_t *sigPtr, uint32_t sigSize) +{ + if (ownerId.empty()) { + return CS_SUCCESS; + } + + int32_t ret; + ByteBuffer sigBuffer; + sigBuffer.CopyFrom(sigPtr, sigSize); + std::string retId; + ret = SignerInfo::ParseOwnerIdFromSignature(sigBuffer, retId); + if (ret != CS_SUCCESS) { + ReportInvalidOwner(path, ownerId, "invalid"); + LOG_ERROR(LABEL, "get ownerId from signature failed, ret %{public}d", ret); + } else if (retId != ownerId) { + ret = CS_ERR_INVALID_OWNER_ID; + ReportInvalidOwner(path, ownerId, retId); + LOG_ERROR(LABEL, "invalid ownerId retId %{public}s ownerId %{public}s", retId.c_str(), ownerId.c_str()); + } + return ret; +} +} +} +} \ No newline at end of file diff --git a/interfaces/innerkits/code_sign_utils/src/code_sign_utils.cpp b/interfaces/innerkits/code_sign_utils/src/code_sign_utils.cpp index ff847ce..37f09d1 100644 --- a/interfaces/innerkits/code_sign_utils/src/code_sign_utils.cpp +++ b/interfaces/innerkits/code_sign_utils/src/code_sign_utils.cpp @@ -30,6 +30,7 @@ #include "cs_hisysevent.h" #include "cs_hitrace.h" +#include "code_sign_enable_multi_task.h" #include "constants.h" #include "directory_ex.h" #include "extractor.h" @@ -227,56 +228,32 @@ void CodeSignUtils::ShowCodeSignInfo(const std::string &path, const struct code_ rootHashPtr[0], rootHashPtr[1], rootHashPtr[2], rootHashPtr[32], rootHashPtr[63]); // 2, 32, 63 data index } -int32_t CodeSignUtils::CheckOwnerId(const std::string &path, const std::string &ownerId, - const uint8_t *sigPtr, uint32_t sigSize) +int32_t CodeSignUtils::EnforceCodeSignForAppWithOwnerId(const std::string &ownerId, const std::string &path, + const EntryMap &entryPathMap, FileType type) { - if (ownerId.empty()) { + if (type == FILE_ENTRY_ADD || type == FILE_ALL) { + storedEntryMap_.insert(entryPathMap.begin(), entryPathMap.end()); + if (type == FILE_ENTRY_ADD) { + return CS_SUCCESS; + } + } else if (type == FILE_ENTRY_ONLY) { return CS_SUCCESS; } - - int32_t ret; - ByteBuffer sigBuffer; - sigBuffer.CopyFrom(reinterpret_cast(sigPtr), sigSize); - std::string retId; - ret = SignerInfo::ParseOwnerIdFromSignature(sigBuffer, retId); - if (ret != CS_SUCCESS) { - ReportInvalidOwner(path, ownerId, "invalid"); - LOG_ERROR(LABEL, "get ownerId from signature failed, ret %{public}d", ret); - } else if (retId != ownerId) { - ret = CS_ERR_INVALID_OWNER_ID; - ReportInvalidOwner(path, ownerId, retId); - LOG_ERROR(LABEL, "invalid ownerId retId %{public}s ownerId %{public}s", retId.c_str(), ownerId.c_str()); - } - return ret; -} - -int32_t CodeSignUtils::EnforceCodeSignForAppWithOwnerId(std::string ownerId, const std::string &path, - const EntryMap &entryPathMap, FileType type) -{ - int32_t ret; std::string realPath; - - if (!OHOS::PathToRealPath(path, realPath)) { - return CS_ERR_FILE_PATH; - } - - if (type >= FILE_TYPE_MAX) { - return CS_ERR_PARAM_INVALID; - } - - ret = IsSupportFsVerity(realPath); + int32_t ret = IsValidPathAndFileType(path, realPath, type); if (ret != CS_SUCCESS) { return ret; } - CodeSignBlock codeSignBlock; - ret = codeSignBlock.ParseCodeSignBlock(realPath, entryPathMap, type); + ret = codeSignBlock.ParseCodeSignBlock(realPath, storedEntryMap_, type); + storedEntryMap_.clear(); if (ret != CS_SUCCESS) { if (ret != CS_CODE_SIGN_NOT_EXISTS) { ReportParseCodeSig(realPath, ret); } return ret; } + CodeSignEnableMultiTask multiTask; do { std::string targetFile; struct code_sign_enable_arg arg = {0}; @@ -288,17 +265,17 @@ int32_t CodeSignUtils::EnforceCodeSignForAppWithOwnerId(std::string ownerId, con return ret; } - ret = CheckOwnerId(path, ownerId, reinterpret_cast(arg.sig_ptr), arg.sig_size); - if (ret != CS_SUCCESS) { - break; - } - ShowCodeSignInfo(targetFile, arg); if (!CheckFilePathValid(targetFile, Constants::ENABLE_APP_BASE_PATH)) { return CS_ERR_TARGET_FILE_PATH; } - ret = EnableCodeSignForFile(targetFile, arg); + multiTask.AddTaskData(targetFile, arg); } while (ret == CS_SUCCESS); + bool waitStatus = multiTask.ExecuteEnableCodeSignTask(ret, ownerId, path, EnableCodeSignForFile); + if (!waitStatus) { + LOG_ERROR(LABEL, "enable code sign timeout"); + return CS_ERR_ENABLE_TIMEOUT; + } return ret; } @@ -307,6 +284,19 @@ int32_t CodeSignUtils::EnforceCodeSignForApp(const std::string &path, const Entr return EnforceCodeSignForAppWithOwnerId("", path, entryPathMap, type); } +int32_t CodeSignUtils::IsValidPathAndFileType(const std::string &path, std::string &realPath, FileType type) +{ + if (!OHOS::PathToRealPath(path, realPath)) { + return CS_ERR_FILE_PATH; + } + + if (type >= FILE_TYPE_MAX) { + return CS_ERR_PARAM_INVALID; + } + + return IsSupportFsVerity(realPath); +} + int32_t CodeSignUtils::EnableKeyInProfile(const std::string &bundleName, const ByteBuffer &profileBuffer) { int ret = EnableKeyInProfileByRust(bundleName.c_str(), profileBuffer.GetBuffer(), profileBuffer.GetSize()); diff --git a/interfaces/innerkits/common/include/errcode.h b/interfaces/innerkits/common/include/errcode.h index 290090b..7f4298f 100644 --- a/interfaces/innerkits/common/include/errcode.h +++ b/interfaces/innerkits/common/include/errcode.h @@ -59,6 +59,7 @@ enum VerifyErrCode { CS_ERR_INVALID_OWNER_ID = -0x303, CS_CODE_SIGN_NOT_EXISTS = -0x304, CS_ERR_PROFILE = -0x305, + CS_ERR_ENABLE_TIMEOUT = -0x306 }; enum IPCErrCode { diff --git a/test/unittest/code_sign_utils_test.cpp b/test/unittest/code_sign_utils_test.cpp index 7075069..a6a8c17 100644 --- a/test/unittest/code_sign_utils_test.cpp +++ b/test/unittest/code_sign_utils_test.cpp @@ -451,7 +451,8 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0016, TestSize.Level0) int32_t ret = CodeSignUtils::EnableKeyInProfile(bundlName, buffer); EXPECT_EQ(ret, CS_SUCCESS); - ret = CodeSignUtils::EnforceCodeSignForApp(hapRealPath, entryMap, FILE_SELF); + CodeSignUtils utils; + ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_SELF); EXPECT_EQ(ret, CS_SUCCESS); ret = CodeSignUtils::RemoveKeyInProfile(bundlName); @@ -464,10 +465,10 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0016, TestSize.Level0) std::string targetPath2 = TEST_APP_DTAT_DIR + "libs/arm64/libentry.so"; entryMap.emplace(filePath2, targetPath2); - ret = CodeSignUtils::EnforceCodeSignForApp(hapRealPath, entryMap, FILE_ENTRY_ONLY); - EXPECT_EQ(ret, CS_ERR_TARGET_FILE_PATH); + ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_ENTRY_ONLY); + EXPECT_EQ(ret, CS_SUCCESS); - ret = CodeSignUtils::EnforceCodeSignForApp(hapRealPath, entryMap, FILE_ALL); + ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_ALL); EXPECT_EQ(ret, CS_ERR_TARGET_FILE_PATH); } @@ -481,7 +482,8 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0017, TestSize.Level0) { std::string hapRealPath = APP_BASE_PATH + "/demo_with_multi_lib/entry-default-signed-debug.hap"; EntryMap entryMap; - int32_t ret = CodeSignUtils::EnforceCodeSignForAppWithOwnerId("DEBUG_LIB_ID", hapRealPath, entryMap, FILE_SELF); + CodeSignUtils utils; + int32_t ret = utils.EnforceCodeSignForAppWithOwnerId("DEBUG_LIB_ID", hapRealPath, entryMap, FILE_SELF); EXPECT_EQ(ret, CS_SUCCESS); } @@ -495,7 +497,8 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0018, TestSize.Level0) { std::string hapRealPath = APP_BASE_PATH + "/demo_with_multi_lib/entry-default-signed-release.hap"; EntryMap entryMap; - int32_t ret = CodeSignUtils::EnforceCodeSignForAppWithOwnerId("test-app-identifier", + CodeSignUtils utils; + int32_t ret = utils.EnforceCodeSignForAppWithOwnerId("test-app-identifier", hapRealPath, entryMap, FILE_SELF); EXPECT_EQ(ret, CS_SUCCESS); } @@ -510,7 +513,8 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0019, TestSize.Level0) { std::string hapRealPath = APP_BASE_PATH + "/demo_with_multi_lib/entry-default-signed-debug.hap"; EntryMap entryMap; - int32_t ret = CodeSignUtils::EnforceCodeSignForAppWithOwnerId("INVALID_ID", hapRealPath, entryMap, FILE_SELF); + CodeSignUtils utils; + int32_t ret = utils.EnforceCodeSignForAppWithOwnerId("INVALID_ID", hapRealPath, entryMap, FILE_SELF); EXPECT_EQ(ret, CS_ERR_INVALID_OWNER_ID); } @@ -524,7 +528,8 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0020, TestSize.Level0) { std::string hapRealPath = APP_BASE_PATH + "/demo_with_multi_lib/entry-default-signed-release.hap"; EntryMap entryMap; - int32_t ret = CodeSignUtils::EnforceCodeSignForAppWithOwnerId("INVALID_ID", hapRealPath, entryMap, FILE_SELF); + CodeSignUtils utils; + int32_t ret = utils.EnforceCodeSignForAppWithOwnerId("INVALID_ID", hapRealPath, entryMap, FILE_SELF); EXPECT_EQ(ret, CS_ERR_INVALID_OWNER_ID); } @@ -547,7 +552,8 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0021, TestSize.Level0) EXPECT_EQ(ret, CS_SUCCESS); EntryMap entryMap; - ret = CodeSignUtils::EnforceCodeSignForApp(hapEnablePath, entryMap, FILE_SELF); + CodeSignUtils utils; + ret = utils.EnforceCodeSignForApp(hapEnablePath, entryMap, FILE_SELF); EXPECT_EQ(ret, CS_SUCCESS); } @@ -571,6 +577,37 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0022, TestSize.Level0) ret = CodeSignUtils::RemoveKeyInProfile(bundlName); EXPECT_EQ(ret, CS_SUCCESS); } + +/** + * @tc.name: CodeSignUtilsTest_0023 + * @tc.desc: enable code signature for app + * @tc.type: Func + * @tc.require: + */ +HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0023, TestSize.Level0) +{ + std::string hapRealPath = APP_BASE_PATH + "/demo_with_multi_lib/demo_with_code_sign_block.hap"; + EntryMap entryMap; + + std::string filePath1("libs/arm64-v8a/libc++_shared.so"); + std::string targetPath1 = APP_BASE_PATH + "/demo_with_multi_lib/libs/arm64-v8a/libc++_shared.so"; + entryMap.emplace(filePath1, targetPath1); + + CodeSignUtils utils; + int32_t ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_ENTRY_ONLY); + EXPECT_EQ(ret, CS_SUCCESS); + + std::string filePath2("libs/arm64-v8a/libentry.so"); + std::string targetPath2 = APP_BASE_PATH + "/demo_with_multi_lib/libs/arm64-v8a/libentry.so"; + entryMap.emplace(filePath2, targetPath2); + + ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_ENTRY_ADD); + EXPECT_EQ(ret, CS_SUCCESS); + + entryMap.clear(); + ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_ALL); + EXPECT_EQ(ret, CS_SUCCESS); +} } // namespace CodeSign } // namespace Security } // namespace OHOS -- Gitee