diff --git a/bundle.json b/bundle.json index 413e9e50d25b513467ee540286c069f84d71cf47..793024c2fa9af1d673ca0cc41e530c3af0850ef9 100644 --- a/bundle.json +++ b/bundle.json @@ -55,7 +55,8 @@ "json", "zlib", "openssl", - "libfuse" + "libfuse", + "dlp_credential_service" ], "third_party": [] }, diff --git a/frameworks/common/include/cert_parcel.h b/frameworks/common/include/cert_parcel.h index 8057352cf8c60295b352d8886d4ee8ed47b5a3e0..861193707e4a086cfe712c9fb62da4e86cf29dbf 100644 --- a/frameworks/common/include/cert_parcel.h +++ b/frameworks/common/include/cert_parcel.h @@ -36,6 +36,8 @@ public: bool isNeedAdapter; std::string contactAccount; bool needCheckCustomProperty; + int32_t decryptType = 0; + std::string appId; }; } // namespace DlpPermission } // namespace Security diff --git a/frameworks/common/include/permission_policy.h b/frameworks/common/include/permission_policy.h index 7e808dda91a910caa21a52f59c0f691e8c07c7c3..02c14bf5bc47dfd2de86e07eb331dc27d310a53c 100644 --- a/frameworks/common/include/permission_policy.h +++ b/frameworks/common/include/permission_policy.h @@ -34,6 +34,7 @@ enum DlpAccountType : uint32_t { CLOUD_ACCOUNT = 1, DOMAIN_ACCOUNT = 2, APPLICATION_ACCOUNT = 3, + ENTERPRISE_ACCOUNT = 4, }; enum GatheringPolicyType : uint32_t { @@ -102,6 +103,7 @@ struct DlpProperty { uint64_t expireTime = 0; ActionType actionUponExpiry = ActionType::NOTOPEN; CustomProperty customProperty; + std::string fileId; }; class PermissionPolicy final { @@ -142,6 +144,8 @@ public: bool debug_ = false; uint32_t actionUponExpiry_ = 0; std::string customProperty_ = ""; + std::string fileId = ""; + std::string appId = ""; private: uint8_t* aeskey_; diff --git a/frameworks/common/src/cert_parcel.cpp b/frameworks/common/src/cert_parcel.cpp index 8714b4b69ca174e12965a2a0d9f18be908ebce5f..292e0c6318d4a056c8e62bc622c74135f5eb1707 100644 --- a/frameworks/common/src/cert_parcel.cpp +++ b/frameworks/common/src/cert_parcel.cpp @@ -52,6 +52,14 @@ bool CertParcel::Marshalling(Parcel& data) const DLP_LOG_ERROR(LABEL, "Write bool needCheckCustomProperty fail"); return false; } + if (!data.WriteInt32(this->decryptType)) { + DLP_LOG_ERROR(LABEL, "Write decryptType fail"); + return false; + } + if (!data.WriteString(this->appId)) { + DLP_LOG_ERROR(LABEL, "Write appId fail"); + return false; + } return true; } @@ -88,6 +96,14 @@ CertParcel* CertParcel::Unmarshalling(Parcel& data) DLP_LOG_ERROR(LABEL, "Read needCheckCustomProperty fail"); return FreeCertParcel(parcel); } + if (!data.ReadInt32(parcel->decryptType)) { + DLP_LOG_ERROR(LABEL, "Read decryptType fail"); + return FreeCertParcel(parcel); + } + if (!data.ReadString(parcel->appId)) { + DLP_LOG_ERROR(LABEL, "Read appId fail"); + return FreeCertParcel(parcel); + } return parcel; } } // namespace DlpPermission diff --git a/frameworks/common/src/permission_policy.cpp b/frameworks/common/src/permission_policy.cpp index 97b4af551546ad3e433c3204dec57400c797b23f..f417be630174802754dc3dde0edfbc1b4cb25c1e 100644 --- a/frameworks/common/src/permission_policy.cpp +++ b/frameworks/common/src/permission_policy.cpp @@ -163,6 +163,7 @@ PermissionPolicy::PermissionPolicy(const DlpProperty& property) dlpVersion_ = CURRENT_VERSION; debug_ = false; customProperty_ = property.customProperty.enterprise; + fileId = property.fileId; } PermissionPolicy::~PermissionPolicy() @@ -172,6 +173,11 @@ PermissionPolicy::~PermissionPolicy() bool PermissionPolicy::IsValid() const { + if (this->ownerAccount_ == ENTERPRISE_ACCOUNT) { + return (CheckAesParam(this->aeskey_, this->aeskeyLen_) && + CheckAesParam(this->iv_, this->ivLen_) && CheckAuthUserInfoList(this->authUsers_) && + (this->hmacKeyLen_ == 0 || CheckAesParam(this->hmacKey_, this->hmacKeyLen_))); + } return (CheckAccount(this->ownerAccount_) && CheckAccount(this->ownerAccountId_) && CheckAccountType(this->ownerAccountType_) && CheckAesParam(this->aeskey_, this->aeskeyLen_) && CheckAesParam(this->iv_, this->ivLen_) && CheckAuthUserInfoList(this->authUsers_) && @@ -289,6 +295,10 @@ void PermissionPolicy::CopyPermissionPolicy(const PermissionPolicy& srcPolicy) SetIv(srcPolicy.iv_, srcPolicy.ivLen_); CopyPolicyHmac(srcPolicy); dlpVersion_ = srcPolicy.dlpVersion_; + if (srcPolicy.ownerAccountType_ == ENTERPRISE_ACCOUNT) { + appId = srcPolicy.appId; + fileId = srcPolicy.fileId; + } } int32_t PermissionPolicy::CheckActionUponExpiry() @@ -306,7 +316,8 @@ int32_t PermissionPolicy::CheckActionUponExpiry() bool CheckAccountType(DlpAccountType accountType) { - if (accountType != CLOUD_ACCOUNT && accountType != DOMAIN_ACCOUNT && accountType != APPLICATION_ACCOUNT) { + if (accountType != CLOUD_ACCOUNT && accountType != DOMAIN_ACCOUNT && accountType != APPLICATION_ACCOUNT + && accountType != ENTERPRISE_ACCOUNT) { DLP_LOG_ERROR(LABEL, "Account type is invalid, type=%{public}d", accountType); return false; } diff --git a/frameworks/dlp_permission/src/dlp_policy_parcel.cpp b/frameworks/dlp_permission/src/dlp_policy_parcel.cpp index 0b14f3cd58c762f04f1bf4ba6dfae6cdee282e0a..e635b12cc6a6f90a5175a851b9ed6c0bafe4a074 100644 --- a/frameworks/dlp_permission/src/dlp_policy_parcel.cpp +++ b/frameworks/dlp_permission/src/dlp_policy_parcel.cpp @@ -65,6 +65,14 @@ bool DlpPolicyParcel::Marshalling(Parcel& out) const DLP_LOG_ERROR(LABEL, "Write debug_ fail"); return false; } + if (!(out.WriteString(this->policyParams_.appId))) { + DLP_LOG_ERROR(LABEL, "Write owner appId fail"); + return false; + } + if (!(out.WriteString(this->policyParams_.fileId))) { + DLP_LOG_ERROR(LABEL, "Write owner fileId fail"); + return false; + } return true; } @@ -330,7 +338,19 @@ static bool ReadParcel(Parcel& in, DlpPolicyParcel* policyParcel) return false; } policyParcel->policyParams_.perm_ = static_cast(perm); - return ReadAesParam(policyParcel->policyParams_, in); + if (!(ReadAesParam(policyParcel->policyParams_, in))) { + DLP_LOG_ERROR(LABEL, "Read aesparam type fail"); + return false; + } + if (!(in.ReadString(policyParcel->policyParams_.appId))) { + DLP_LOG_ERROR(LABEL, "Read appId fail"); + return false; + } + if (!(in.ReadString(policyParcel->policyParams_.fileId))) { + DLP_LOG_ERROR(LABEL, "Read fileId fail"); + return false; + } + return true; } DlpPolicyParcel* DlpPolicyParcel::Unmarshalling(Parcel& in) diff --git a/interfaces/inner_api/dlp_parse/include/dlp_file.h b/interfaces/inner_api/dlp_parse/include/dlp_file.h index 651d06c177df7695d3fb003bb60b5ee3472f251a..dbb1860617b8d8f7389ffe1d17a124bd77e1c3a5 100644 --- a/interfaces/inner_api/dlp_parse/include/dlp_file.h +++ b/interfaces/inner_api/dlp_parse/include/dlp_file.h @@ -197,6 +197,36 @@ public: return authPerm_; }; + void SetAppId(std::string appId) + { + appId_ = appId; + }; + + void SetFileId(std::string fileId) + { + fileId_ = fileId; + }; + + void SetAccountType(int32_t accountType) + { + accountType_ = accountType; + }; + + int32_t GetAccountType() + { + return accountType_; + }; + + std::string GetAppId() + { + return appId_; + }; + + std::string GetFileId() + { + return fileId_; + }; + int32_t dlpFd_; friend class DlpRawFile; friend class DlpZipFile; @@ -229,6 +259,9 @@ private: std::string contactAccount_; uint32_t version_; uint32_t offlineAccess_; + std::string appId_; + std::string fileId_; + int32_t accountType_; }; } // namespace DlpPermission } // namespace Security diff --git a/interfaces/inner_api/dlp_parse/include/dlp_file_manager.h b/interfaces/inner_api/dlp_parse/include/dlp_file_manager.h index 8f350870b0e2bf85f62b7b620ee2bef25f8c1460..48c3d4deec1f443855cbc975d38b96a5e2fe9869 100644 --- a/interfaces/inner_api/dlp_parse/include/dlp_file_manager.h +++ b/interfaces/inner_api/dlp_parse/include/dlp_file_manager.h @@ -52,7 +52,7 @@ public: const std::string& appId); int32_t CloseDlpFile(const std::shared_ptr& dlpFile); int32_t RecoverDlpFile(std::shared_ptr& file, int32_t plainFd) const; - int32_t SetDlpFileParams(std::shared_ptr& filePtr, const DlpProperty& property) const; + int32_t SetDlpFileParams(std::shared_ptr& filePtr, const DlpProperty& property) const;// todo appid int32_t DlpRawHmacCheckAndUpdata(std::shared_ptr& filePtr, const std::vector& offlineCert); int32_t OpenRawDlpFile(int32_t dlpFileFd, std::shared_ptr& filePtr, const std::string& appId, const std::string& realType); diff --git a/interfaces/inner_api/dlp_parse/include/dlp_file_operator.h b/interfaces/inner_api/dlp_parse/include/dlp_file_operator.h index 0a8ae2902378defaaa3954347cf9dafa559b152f..7c924adbf8aa3793d140c8120fd9a1828957cdfe 100644 --- a/interfaces/inner_api/dlp_parse/include/dlp_file_operator.h +++ b/interfaces/inner_api/dlp_parse/include/dlp_file_operator.h @@ -29,14 +29,18 @@ class EnterpriseSpaceDlpPermissionKit { private: DISALLOW_COPY_AND_MOVE(EnterpriseSpaceDlpPermissionKit); EnterpriseSpaceDlpPermissionKit(); - int32_t EnterpriseSpaceParseDlpFileFormat(std::shared_ptr& filePtr, bool needCheckCustomProperty); + int32_t EnterpriseSpaceParseDlpFileFormat(std::shared_ptr& filePtr, bool needCheckCustomProperty, int32_t decryptType = 0); int32_t EnterpriseSpacePrepareWorkDir(int32_t dlpFileFd, std::shared_ptr& filePtr, std::string& workDir); int32_t EnterpriseSpaceParseDlpFileProperty(std::shared_ptr& filePtr, PermissionPolicy& policy, - bool needCheckCustomProperty); + bool needCheckCustomProperty, int32_t decryptType = 0); public: static EnterpriseSpaceDlpPermissionKit* GetInstance(); ~EnterpriseSpaceDlpPermissionKit(); int32_t EncryptDlpFile(DlpProperty property, CustomProperty customProperty, int32_t plainFileFd, int32_t dlpFileFd); + uint32_t DecryptRawDlpFileAndGetAccountType(int32_t dlpFileFd); + int32_t DecryptEnterpriseDlpFile(int32_t plainFileFd, int32_t dlpFileFd, int32_t decryptType); + int32_t EncryptEnterpriseDlpFile(DlpProperty property, CustomProperty customProperty, + int32_t plainFileFd, int32_t dlpFileFd); int32_t DecryptDlpFile(int32_t plainFileFd, int32_t dlpFileFd); int32_t QueryDlpFileProperty(int32_t dlpFileFd, std::string &policyJsonString); }; diff --git a/interfaces/inner_api/dlp_parse/include/dlp_raw_file.h b/interfaces/inner_api/dlp_parse/include/dlp_raw_file.h index 508b4641a0fe75c525a102324d6e096f4e2f4e45..cff1a51c63f6166604422b7c8dd841e2ca8d8835 100644 --- a/interfaces/inner_api/dlp_parse/include/dlp_raw_file.h +++ b/interfaces/inner_api/dlp_parse/include/dlp_raw_file.h @@ -36,6 +36,8 @@ public: uint64_t GetFsContentSize() const; void SetOfflineAccess(bool flag); int32_t ParseRawDlpHeader(uint64_t fileLen, uint32_t dlpHeaderSize); + int32_t ParseEnterpriseFileId(uint64_t fileLen, uint32_t fileIdSize); + int32_t ParseEnterpriseRawDlpHeader(uint64_t fileLen, uint32_t dlpHeaderSize); int32_t CheckDlpFile(); int32_t HmacCheck(); uint32_t GetOfflineCertSize(void); @@ -50,6 +52,7 @@ public: uint64_t inFileLen, bool isEncrypt); private: + bool IsValidEnterpriseDlpHeader(const struct DlpHeader& head, uint32_t dlpHeaderSize) const; bool IsValidDlpHeader(const struct DlpHeader& head) const; int32_t UpdateDlpFileContentSize(); int32_t GetRawDlpHmac(void); diff --git a/interfaces/inner_api/dlp_parse/include/dlp_utils.h b/interfaces/inner_api/dlp_parse/include/dlp_utils.h index 63331d753f9aa81dad5f8a64f361519fb23fbc72..b818db3a317c791578939a6f87e4ce83097be988 100644 --- a/interfaces/inner_api/dlp_parse/include/dlp_utils.h +++ b/interfaces/inner_api/dlp_parse/include/dlp_utils.h @@ -253,6 +253,7 @@ public: static bool GetBundleInfoWithBundleName(const std::string &bundleName, int32_t flag, AppExecFwk::BundleInfo &bundleInfo, int32_t userId); static bool GetFileType(const std::string& realFileType); + static bool GetAppIdFromToken(std::string& appId); static bool GetUserIdByForegroundAccount(int32_t &userId); static std::string GetRealTypeForEnterpriseWithFd(const int32_t& fd, bool& isFromUriName); }; diff --git a/interfaces/inner_api/dlp_parse/src/dlp_file.cpp b/interfaces/inner_api/dlp_parse/src/dlp_file.cpp index 3e0edaea49a772c159c722cf0f5a7981da52d3da..b880d51fbb72200cf4354f1b3684ca41bb5f1d99 100644 --- a/interfaces/inner_api/dlp_parse/src/dlp_file.cpp +++ b/interfaces/inner_api/dlp_parse/src/dlp_file.cpp @@ -68,6 +68,7 @@ DlpFile::DlpFile(int32_t dlpFd, const std::string &realType) encDataFd_ = -1; offlineAccess_ = 0; version_ = CURRENT_VERSION; + accountType_ = 0; } DlpFile::~DlpFile() = default; @@ -185,7 +186,14 @@ bool DlpFile::UpdateDlpFilePermission() return true; } std::string accountName; - if (policy_.ownerAccountType_ == DOMAIN_ACCOUNT) { + if (policy_.ownerAccountType_ == ENTERPRISE_ACCOUNT) { + if (policy_.authUsers_.size() < 1) { + DLP_LOG_ERROR(LABEL, "enterprise account authUsers failed"); + return false; + } + authPerm_ = policy_.authUsers_[0].authPerm; + return true; + } else if (policy_.ownerAccountType_ == DOMAIN_ACCOUNT) { if (GetDomainAccountName(accountName) != DLP_OK) { DLP_LOG_ERROR(LABEL, "query GetDomainAccountName failed"); return false; diff --git a/interfaces/inner_api/dlp_parse/src/dlp_file_kits.cpp b/interfaces/inner_api/dlp_parse/src/dlp_file_kits.cpp index f1170fd9f28afd91264f7cf7e4b37833fef22499..e4547ff6331b9f6b70952e21467b79f1f9560670 100644 --- a/interfaces/inner_api/dlp_parse/src/dlp_file_kits.cpp +++ b/interfaces/inner_api/dlp_parse/src/dlp_file_kits.cpp @@ -41,6 +41,8 @@ namespace { static const uint32_t CURRENT_VERSION = 3; static const uint32_t FILE_HEAD = 8; static const uint32_t HMAC_SIZE = 32; + static const uint32_t ENTERPRISE_HEAD_MAX = 1024; + } // namespace using Want = OHOS::AAFwk::Want; using WantParams = OHOS::AAFwk::WantParams; @@ -159,6 +161,21 @@ static bool IsValidDlpHeader(const struct DlpHeader& head) return true; } +static bool IsValidEnterpriseDlpHeader(const struct DlpHeader& head, uint32_t dlpHeaderSize) +{ + if (head.magic != DLP_FILE_MAGIC || head.certSize == 0 || head.certSize > DLP_MAX_CERT_SIZE || + head.contactAccountSize != 0 || + head.contactAccountOffset != dlpHeaderSize + FILE_HEAD || + head.txtOffset != head.contactAccountOffset + head.contactAccountSize || + head.txtSize > DLP_MAX_CONTENT_SIZE || head.hmacOffset != head.txtOffset + head.txtSize || + head.hmacSize != HMAC_SIZE * BYTE_TO_HEX_OPER_LENGTH || head.offlineCertSize > DLP_MAX_CERT_SIZE || + !(head.certOffset == head.txtOffset || head.certOffset == head.hmacOffset + head.hmacSize)) { + DLP_LOG_ERROR(LABEL, "IsValidEnterpriseDlpHeader error."); + return false; + } + return true; +} + bool DlpFileKits::IsDlpFile(int32_t dlpFd) { if (dlpFd < 0) { @@ -192,7 +209,8 @@ bool DlpFileKits::IsDlpFile(int32_t dlpFd) DLP_LOG_ERROR(LABEL, "can not read dlpHeaderSize, %{public}s", strerror(errno)); return false; } - if (version != CURRENT_VERSION || dlpHeaderSize != sizeof(struct DlpHeader)) { + if (version != CURRENT_VERSION || dlpHeaderSize < sizeof(struct DlpHeader) || + dlpHeaderSize > ENTERPRISE_HEAD_MAX) { DLP_LOG_ERROR(LABEL, "version or dlpHeaderSize is error"); return false; } @@ -208,7 +226,8 @@ bool DlpFileKits::IsDlpFile(int32_t dlpFd) return false; } - return IsValidDlpHeader(head); + return dlpHeaderSize == sizeof(struct DlpHeader) ? IsValidDlpHeader(head) : + IsValidEnterpriseDlpHeader(head, dlpHeaderSize); } bool DlpFileKits::GetSandboxFlag(Want& want) diff --git a/interfaces/inner_api/dlp_parse/src/dlp_file_manager.cpp b/interfaces/inner_api/dlp_parse/src/dlp_file_manager.cpp index 47a9f40f6532af368f274cc1f020f17bfdccd1fb..9a5898408fc1f021174880e8c0823def659440e9 100755 --- a/interfaces/inner_api/dlp_parse/src/dlp_file_manager.cpp +++ b/interfaces/inner_api/dlp_parse/src/dlp_file_manager.cpp @@ -39,6 +39,7 @@ namespace DlpPermission { namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_DLP_PERMISSION, "DlpFileManager"}; static constexpr uint32_t MAX_DLP_FILE_SIZE = 1000; // max open dlp file +static constexpr uint32_t DECRYPTTYPEFORUSER = 2; const std::string PATH_CACHE = "/cache"; const std::string SUPPORT_PHOTO_DLP = "support_photo_dlp"; const std::string SUPPORT_VIDEO_DLP = "support_video_dlp"; @@ -282,6 +283,11 @@ int32_t DlpFileManager::SetDlpFileParams(std::shared_ptr& filePtr, cons return result; } + if (property.ownerAccountType == ENTERPRISE_ACCOUNT) { + policy.appId = filePtr->GetAppId(); + policy.fileId = policy.fileId; + } + result = PrepareDlpEncryptParms(policy, key, usage, certData, hmacKey); if (result != DLP_OK) { DLP_LOG_ERROR(LABEL, "Set dlp obj params fail, prepare encrypt params error, errno=%{public}d", result); @@ -308,7 +314,8 @@ int32_t DlpFileManager::SetDlpFileParams(std::shared_ptr& filePtr, cons return result; } - result = filePtr->SetContactAccount(property.contactAccount); + result = (property.ownerAccountType == ENTERPRISE_ACCOUNT) ? DLP_OK : + filePtr->SetContactAccount(property.contactAccount); if (result != DLP_OK) { DLP_LOG_WARN(LABEL, "Set dlp obj params fail, set contact account error, errno=%{public}d", result); } @@ -576,6 +583,10 @@ int32_t DlpFileManager::OpenRawDlpFile(int32_t dlpFileFd, std::shared_ptrGetContactAccount(certParcel->contactAccount); certParcel->isNeedAdapter = filePtr->NeedAdapter(); certParcel->needCheckCustomProperty = true; + if (filePtr->GetAccountType() == ENTERPRISE_ACCOUNT) { + certParcel->decryptType = DECRYPTTYPEFORUSER; + certParcel->appId = filePtr->GetAppId(); + } StartTrace(HITRACE_TAG_ACCESS_CONTROL, "DlpParseCertificate"); result = DlpPermissionKit::ParseDlpCertificate(certParcel, policy, appId, filePtr->GetOfflineAccess()); FinishTrace(HITRACE_TAG_ACCESS_CONTROL); diff --git a/interfaces/inner_api/dlp_parse/src/dlp_file_operator.cpp b/interfaces/inner_api/dlp_parse/src/dlp_file_operator.cpp index 48751054e3f3724a9747ed703a5b57b0b07e1767..1d3e65f5c6c12264246ef626fb13281dab8b654c 100644 --- a/interfaces/inner_api/dlp_parse/src/dlp_file_operator.cpp +++ b/interfaces/inner_api/dlp_parse/src/dlp_file_operator.cpp @@ -26,6 +26,7 @@ #include "cert_parcel.h" #include "dlp_crypt.h" +#include "dlp_zip.h" #include "dlp_file_manager.h" #include "dlp_permission.h" #include "dlp_permission_kit.h" @@ -60,6 +61,13 @@ static const std::string READ_INDEX = "read"; static const std::string RIGHT_INDEX = "right"; static const std::string CUSTOM_PROPERTY = "customProperty"; const std::string PATH_CACHE = "cache"; +const std::string FILEID = "fileId"; + +static const uint32_t FILE_HEAD = 8; +static const uint32_t MAX_DLP_HEAD_SIZE = 1024; +static const uint32_t MAX_CERT_SIZE = 30 * 1024; +static const uint32_t DECRYPTTYPEFORCLIENT = 1; +static const std::string DEFAULT_STRING = ""; static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { LOG_CORE, SECURITY_DOMAIN_DLP_PERMISSION, "EnterpriseDlpPermissionKit" @@ -165,6 +173,7 @@ static int32_t SerializePermissionPolicy(const PermissionPolicy& policy, std::st policyJson[PERM_EXPIRY_TIME] = policy.expireTime_; policyJson[NEED_ONLINE] = policy.needOnline_; policyJson[CUSTOM_PROPERTY] = policy.customProperty_; + policyJson[FILEID] = policy.fileId; SerializeEveryoneInfo(policy, policyJson); policyString = policyJson.dump(); return DLP_OK; @@ -176,7 +185,7 @@ static void SetCustomProperty(DlpProperty& property, const CustomProperty& custo } int32_t EnterpriseSpaceDlpPermissionKit::EnterpriseSpaceParseDlpFileProperty(std::shared_ptr& filePtr, - PermissionPolicy& policy, bool needCheckCustomProperty) + PermissionPolicy& policy, bool needCheckCustomProperty, int32_t decryptType) { int32_t result = filePtr->ProcessDlpFile(); if (result != DLP_OK) { @@ -199,6 +208,10 @@ int32_t EnterpriseSpaceDlpPermissionKit::EnterpriseSpaceParseDlpFileProperty(std filePtr->GetContactAccount(certParcel->contactAccount); certParcel->isNeedAdapter = filePtr->NeedAdapter(); certParcel->needCheckCustomProperty = needCheckCustomProperty; + if (filePtr->GetAccountType() == ENTERPRISE_ACCOUNT) { + certParcel->decryptType = decryptType; + certParcel->appId = filePtr->GetAppId(); + } result = DlpPermissionKit::ParseDlpCertificate(certParcel, policy, APPID, filePtr->GetOfflineAccess()); if (result != DLP_OK) { DLP_LOG_ERROR(LABEL, "Parse cert fail, errno=%{public}d", result); @@ -264,10 +277,10 @@ int32_t EnterpriseSpaceDlpPermissionKit::EnterpriseSpacePrepareWorkDir(int32_t d } int32_t EnterpriseSpaceDlpPermissionKit::EnterpriseSpaceParseDlpFileFormat(std::shared_ptr& filePtr, - bool needCheckCustomProperty) + bool needCheckCustomProperty, int32_t decryptType) { PermissionPolicy policy; - int result = EnterpriseSpaceParseDlpFileProperty(filePtr, policy, needCheckCustomProperty); + int result = EnterpriseSpaceParseDlpFileProperty(filePtr, policy, needCheckCustomProperty, decryptType); if (result != DLP_OK) { DLP_LOG_ERROR(LABEL, "Enterprise space parse dlp property fail, errno=%{public}d", result); return result; @@ -287,6 +300,61 @@ int32_t EnterpriseSpaceDlpPermissionKit::EnterpriseSpaceParseDlpFileFormat(std:: return result; } +static std::string GetFileSuffix(const std::string& fileName) +{ + char escape = '.'; + std::size_t escapeLocate = fileName.find_last_of(escape); + if (escapeLocate >= fileName.size()) { + DLP_LOG_ERROR(LABEL, "Get file suffix fail, no '.' in file name"); + return DEFAULT_STRING; + } + + return DlpUtils::ToLowerString(fileName.substr(escapeLocate + 1)); +} + +int32_t EnterpriseSpaceDlpPermissionKit::EncryptEnterpriseDlpFile(DlpProperty property, + CustomProperty customProperty, int32_t plainFileFd, int32_t dlpFileFd) +{ + DLP_LOG_INFO(LABEL, "Start generate dlp file for enterprise."); + SetCustomProperty(property, customProperty); + std::shared_ptr filePtr = nullptr; + std::string fileName; + int32_t result = DlpUtils::GetFileNameWithDlpFd(dlpFileFd, fileName); + if (result != DLP_OK) { + DLP_LOG_ERROR(LABEL, "GetFileNameWithFd fail, errno=%{public}d", result); + return result; + } + std::string realFileType = GetFileSuffix(fileName); + if (realFileType == DEFAULT_STRING) { + DLP_LOG_ERROR(LABEL, "GetFileSuffix fail"); + return DLP_PARSE_ERROR_VALUE_INVALID; + } + std::string fileType = DlpUtils::GetFileTypeBySuffix(realFileType, true); + if (fileType == DEFAULT_STRING) { + DLP_LOG_ERROR(LABEL, "GetFileTypeBySuffix fail"); + return DLP_PARSE_ERROR_VALUE_INVALID; + } + filePtr = std::make_shared(dlpFileFd, realFileType); + std::string appId; + if (!DlpUtils::GetAppIdFromToken(appId)) { + DLP_LOG_ERROR(LABEL, "cat get the apid"); + return DLP_PARSE_ERROR_VALUE_INVALID; + } + filePtr->SetAppId(appId); + filePtr->SetFileId(property.fileId); + filePtr->SetAccountType(property.ownerAccountType); + if (DlpFileManager::GetInstance().SetDlpFileParams(filePtr, property) != DLP_OK) { + DLP_LOG_ERROR(LABEL, "Generate dlp file fail, set dlp obj params error"); + return DLP_PARSE_ERROR_VALUE_INVALID; + } + result = filePtr->GenFile(plainFileFd); + if (result != DLP_OK) { + DLP_LOG_ERROR(LABEL, "Generate dlp file fail, errno=%{public}d", result); + return result; + } + return DLP_OK; +} + int32_t EnterpriseSpaceDlpPermissionKit::EncryptDlpFile(DlpProperty property, CustomProperty customProperty, int32_t plainFileFd, int32_t dlpFileFd) { @@ -295,6 +363,9 @@ int32_t EnterpriseSpaceDlpPermissionKit::EncryptDlpFile(DlpProperty property, DLP_LOG_ERROR(LABEL, "Encrypt dlp file fail, plain file fd or dlp file fd invalid"); return DLP_PARSE_ERROR_FD_ERROR; } + if (property.ownerAccountType == ENTERPRISE_ACCOUNT) { + return EncryptEnterpriseDlpFile(property, customProperty, plainFileFd, dlpFileFd); + } SetCustomProperty(property, customProperty); std::shared_ptr filePtr = nullptr; std::string workDir; @@ -319,6 +390,94 @@ int32_t EnterpriseSpaceDlpPermissionKit::EncryptDlpFile(DlpProperty property, return DLP_OK; } +uint32_t GetAccountTypeFromCert(std:string cert) +{ + auto jsonObj = nlohmann::json::parse(cert, nullptr, false); + if (jsonObj.is_discarded() || (!jsonObj.is_object())) { + return INVALID_ACCOUNT; + } + uint32_t accountType = 0; + if (jsonObj.find(ENC_ACCOUNT_TYPE) != jsonObj.end() && jsonObj.at(ENC_ACCOUNT_TYPE).is_number()) { + jsonObj.at(ENC_ACCOUNT_TYPE).get_to(accountType); + } + return accountType; +} + +uint32_t EnterpriseSpaceDlpPermissionKit::DecryptRawDlpFileAndGetAccountType(int32_t dlpFileFd) +{ + uint64_t fileLen = 0; + off_t readLen = lseek(dlpFileFd, 0, SEEK_END); + if (readLen == static_cast(-1) || static_cast(readLen) > UINT32_MAX) { + DLP_LOG_ERROR(LABEL, "Get file size is failed"); + return INVALID_ACCOUNT; + } + fileLen = static_cast(readLen); + (void)lseek(dlpFileFd, 0, SEEK_SET); + if (fileLen <= FILE_HEAD) { + DLP_LOG_ERROR(LABEL, "file size is error"); + return INVALID_ACCOUNT; + } + uint32_t version = 0; + uint32_t dlpHeaderSize = 0; + if (read(dlpFileFd, &version, sizeof(uint32_t)) != sizeof(uint32_t) || + read(dlpFileFd, &dlpHeaderSize, sizeof(uint32_t)) != sizeof(uint32_t)) { + DLP_LOG_ERROR(LABEL, "can not read version_ or dlpHeaderSize, %{public}s", strerror(errno)); + return INVALID_ACCOUNT; + } + if (fileLen - FILE_HEAD < dlpHeaderSize || dlpHeaderSize >= MAX_DLP_HEAD_SIZE) { + DLP_LOG_ERROR(LABEL, "dlpHeader size is error"); + return INVALID_ACCOUNT; + } + + DlpHeader head; + if (read(dlpFileFd, &head, sizeof(head)) != sizeof(head) || head.certSize > MAX_CERT_SIZE || + fileLen < head.certSize || fileLen - head.certSize < head.certOffset) { + DLP_LOG_ERROR(LABEL, "can not read dlp file head, %{public}s", strerror(errno)); + return INVALID_ACCOUNT; + } + uint8_t *buff = new (std::nothrow)uint8_t[head.certSize + 1]; + if (buff == nullptr) { + DLP_LOG_ERROR(LABEL, "buff is null"); + return INVALID_ACCOUNT; + } + memset_s(buff, head.certSize + 1, 0, head.certSize + 1); + (void)lseek(dlpFileFd, head.certOffset, SEEK_SET); + if (read(dlpFileFd, buff, head.certSize) != head.certSize) { + delete []buff; + DLP_LOG_ERROR(LABEL, "can not read dlp file cert, %{public}s", strerror(errno)); + return INVALID_ACCOUNT; + } + char *char_buffer = reinterpret_cast(buff); + std::string str(char_buffer); + delete []buff; + return GetAccountTypeFromCert(str); +} + +int32_t EnterpriseSpaceDlpPermissionKit::DecryptEnterpriseDlpFile(int32_t plainFileFd, int32_t dlpFileFd, int32_t decryptType) +{ + std::shared_ptr filePtr = nullptr; + bool isFromUriName; + std::string realType = DlpUtils::GetRealTypeWithFd(dlpFileFd, isFromUriName); + if (realType == DEFAULT_STRING) { + DLP_LOG_ERROR(LABEL, "Get realType failed"); + return DLP_PARSE_ERROR_FD_ERROR; + } + + filePtr = std::make_shared(dlpFileFd, realType); + filePtr->SetAccountType(ENTERPRISE_ACCOUNT); + int32_t result = EnterpriseSpaceParseDlpFileFormat(filePtr, true, decryptType); + if (result != DLP_OK) { + DLP_LOG_ERROR(LABEL, "Enterprise space prepare workDir fail, errno=%{public}d", result); + return result; + } + result = DlpFileManager::GetInstance().RecoverDlpFile(filePtr, plainFileFd); + if (result != DLP_OK) { + DLP_LOG_ERROR(LABEL, "Enterprise space prepare workDir fail, errno=%{public}d", result); + return result; + } + return DLP_OK; +} + int32_t EnterpriseSpaceDlpPermissionKit::DecryptDlpFile(int32_t plainFileFd, int32_t dlpFileFd) { DLP_LOG_INFO(LABEL, "Start decrypt dlp file from enterprise space service."); @@ -326,6 +485,10 @@ int32_t EnterpriseSpaceDlpPermissionKit::DecryptDlpFile(int32_t plainFileFd, int DLP_LOG_ERROR(LABEL, "Decrypt dlp file fail, plain file fd or dlp file fd invalid"); return DLP_PARSE_ERROR_FD_ERROR; } + if (!IsZipFile(dlpFileFd) && DecryptRawDlpFileAndGetAccountType(dlpFileFd) == ENTERPRISE_ACCOUNT) { + int32_t decryptType = DECRYPTTYPEFORCLIENT; + return DecryptEnterpriseDlpFile(plainFileFd, dlpFileFd, decryptType); + } std::shared_ptr filePtr = nullptr; std::string workDir; @@ -357,11 +520,22 @@ int32_t EnterpriseSpaceDlpPermissionKit::QueryDlpFileProperty(int32_t dlpFileFd, } std::shared_ptr filePtr = nullptr; - std::string workDir; - int32_t result = EnterpriseSpacePrepareWorkDir(dlpFileFd, filePtr, workDir); - if (result != DLP_OK) { - DLP_LOG_ERROR(LABEL, "Enterprise space prepare workDir fail, errno=%{public}d", result); - return result; + if (!IsZipFile(dlpFileFd) && DecryptRawDlpFileAndGetAccountType(dlpFileFd) == ENTERPRISE_ACCOUNT) { + bool isFromUriName; + std::string realType = DlpUtils::GetRealTypeWithFd(dlpFileFd, isFromUriName); + if (realType == DEFAULT_STRING) { + DLP_LOG_ERROR(LABEL, "Get realType failed"); + return DLP_PARSE_ERROR_FD_ERROR; + } + filePtr = std::make_shared(dlpFileFd, realType); + filePtr->SetAccountType(ENTERPRISE_ACCOUNT); + } else { + std::string workDir; + int32_t result = EnterpriseSpacePrepareWorkDir(dlpFileFd, filePtr, workDir); + if (result != DLP_OK) { + DLP_LOG_ERROR(LABEL, "Enterprise space prepare workDir fail, errno=%{public}d", result); + return result; + } } PermissionPolicy policy; result = EnterpriseSpaceParseDlpFileProperty(filePtr, policy, false); diff --git a/interfaces/inner_api/dlp_parse/src/dlp_raw_file.cpp b/interfaces/inner_api/dlp_parse/src/dlp_raw_file.cpp index 0e813966385f5f3807691654e70d2307d16d18c7..01a869b2f926d18a11e08013b44cb52a920e88ed 100644 --- a/interfaces/inner_api/dlp_parse/src/dlp_raw_file.cpp +++ b/interfaces/inner_api/dlp_parse/src/dlp_raw_file.cpp @@ -151,6 +151,21 @@ bool DlpRawFile::IsValidDlpHeader(const struct DlpHeader& head) const return true; } +bool DlpRawFile::IsValidEnterpriseDlpHeader(const struct DlpHeader& head, uint32_t dlpHeaderSize) +{ + if (head.magic != DLP_FILE_MAGIC || head.certSize == 0 || head.certSize > DLP_MAX_CERT_SIZE || + head.contactAccountSize != 0 || + head.contactAccountOffset != dlpHeaderSize + FILE_HEAD || + head.txtOffset != head.contactAccountOffset + head.contactAccountSize || + head.txtSize > DLP_MAX_CONTENT_SIZE || head.hmacOffset != head.txtOffset + head.txtSize || + head.hmacSize != HMAC_SIZE * BYTE_TO_HEX_OPER_LENGTH || head.offlineCertSize > DLP_MAX_CERT_SIZE || + !(head.certOffset == head.txtOffset || head.certOffset == head.hmacOffset + head.hmacSize)) { + DLP_LOG_ERROR(LABEL, "IsValidEnterpriseDlpHeader error."); + return false; + } + return true; +} + int32_t DlpRawFile::ParseRawDlpHeader(uint64_t fileLen, uint32_t dlpHeaderSize) { if (fileLen - FILE_HEAD <= dlpHeaderSize || dlpHeaderSize >= DLP_MAX_CERT_SIZE) { @@ -192,6 +207,91 @@ int32_t DlpRawFile::ParseRawDlpHeader(uint64_t fileLen, uint32_t dlpHeaderSize) return DLP_OK; } +int32_t DlpRawFile::ParseEnterpriseFileId(uint64_t fileLen, uint32_t fileIdSize) +{ + uint32_t idSize = 0; + if (read(dlpFd_, &idSize, sizeof(uint32_t)) != sizeof(uint32_t) || idSize > fileIdSize) { + DLP_LOG_ERROR(LABEL, "can not read fileid size , %{public}s", strerror(errno)); + return DLP_PARSE_ERROR_FD_ERROR; + } + uint8_t *buff = new (std::nothrow)uint8_t[idSize + 1]; + if (buff == nullptr) { + DLP_LOG_ERROR(LABEL, "buff is null"); + return DLP_PARSE_ERROR_FD_ERROR; + } + (void)memset_s(buff, idSize + 1, 0, idSize + 1); + if (read(dlpFd_, buff, idSize) != idSize) { + delete []buff; + DLP_LOG_ERROR(LABEL, "can not read dlp file cert, %{public}s", strerror(errno)); + return DLP_PARSE_ERROR_FD_ERROR; + } + char *char_buffer = reinterpret_cast(buff); + std::string str(char_buffer); + delete []buff; + buff = nullptr; + fileId_ = str; + offlineAccess_ = head_.offlineAccess; + if (head_.txtSize == 0) { + if (fileLen < head_.hmacOffset + head_.certSize) { + DLP_LOG_ERROR(LABEL, "file is error"); + return DLP_PARSE_ERROR_FILE_FORMAT_ERROR; + } + } else if (fileLen < head_.hmacOffset + head_.hmacSize + head_.certSize) { + return DLP_PARSE_ERROR_FILE_FORMAT_ERROR; + } + if (version_ > CURRENT_VERSION) { + DLP_LOG_ERROR(LABEL, "version_ > CURRENT_VERSION"); + return DLP_PARSE_ERROR_FILE_VERSION_BIGGER_THAN_CURRENT; + } +#ifdef SUPPORT_DLP_CREDENTIAL + if (head_.algType == DLP_MODE_CTR) { + DLP_LOG_INFO(LABEL, "support openssl"); + return DLP_OK; + } + return InitDlpHIAEMgr(); +#endif + return DLP_OK; +} + +int32_t DlpRawFile::ParseEnterpriseRawDlpHeader(uint64_t fileLen, uint32_t dlpHeaderSize) +{ + accountType_ = ENTERPRISE_ACCOUNT; + if (fileLen - FILE_HEAD < dlpHeaderSize || dlpHeaderSize >= MAX_CERT_SIZE) { + DLP_LOG_ERROR(LABEL, "file size is error"); + return DLP_PARSE_ERROR_FD_ERROR; + } + if (read(dlpFd_, &head_, sizeof(head_)) != sizeof(head_)){ + DLP_LOG_ERROR(LABEL, "can not read version_ or dlpHeaderSize, %{public}s", strerror(errno)); + return DLP_PARSE_ERROR_FD_ERROR; + } + if (!IsValidEnterpriseDlpHeader(head_, dlpHeaderSize)) { + DLP_LOG_ERROR(LABEL, "head_ is error"); + return DLP_PARSE_ERROR_FD_ERROR; + } + uint32_t idSize = 0; + if (read(dlpFd_, &idSize, sizeof(uint32_t)) != sizeof(uint32_t) || idSize > dlpHeaderSize - FILE_HEAD) { + DLP_LOG_ERROR(LABEL, "can not read appid size , %{public}s", strerror(errno)); + return DLP_PARSE_ERROR_FD_ERROR; + } + uint8_t *buff = new (std::nothrow)uint8_t[idSize + 1]; + if (buff == nullptr) { + DLP_LOG_ERROR(LABEL, "buff is null"); + return DLP_PARSE_ERROR_FD_ERROR; + } + (void)memset_s(buff, idSize + 1, 0, idSize + 1); + if (read(dlpFd_, buff, idSize) != idSize) { + delete []buff; + DLP_LOG_ERROR(LABEL, "can not read dlp file cert, %{public}s", strerror(errno)); + return DLP_PARSE_ERROR_FD_ERROR; + } + char *char_buffer = reinterpret_cast(buff); + std::string str(char_buffer); + delete []buff; + buff = nullptr; + appId_ = str; + return ParseEnterpriseFileId(fileLen, dlpHeaderSize - idSize - FILE_HEAD); +} + int32_t DlpRawFile::CheckDlpFile() { if (dlpFd_ < 0) { @@ -229,6 +329,8 @@ int32_t DlpRawFile::CheckDlpFile() if (version_ == CURRENT_VERSION && dlpHeaderSize == sizeof(struct DlpHeader)) { return ParseRawDlpHeader(fileLen, dlpHeaderSize); + } else { + return ParseEnterpriseRawDlpHeader(fileLen, dlpHeaderSize); } DLP_LOG_ERROR(LABEL, "the version or HeaderSize is error"); @@ -298,19 +400,21 @@ int32_t DlpRawFile::ProcessDlpFile() CleanBlobParam(cert_); cert_.data = buf; cert_.size = head_.certSize; - uint8_t *tmpBuf = new (std::nothrow)uint8_t[head_.contactAccountSize]; - if (tmpBuf == nullptr) { - DLP_LOG_WARN(LABEL, "alloc tmpBuf failed."); - return DLP_PARSE_ERROR_MEMORY_OPERATE_FAIL; - } - (void)lseek(dlpFd_, head_.contactAccountOffset, SEEK_SET); - if (read(dlpFd_, tmpBuf, head_.contactAccountSize) != (ssize_t)head_.contactAccountSize) { + uint8_t *tmpBuf = nullptr; + if (accountType_ != ENTERPRISE_ACCOUNT) { + uint8_t *tmpBuf = new (std::nothrow)uint8_t[head_.contactAccountSize]; + if (tmpBuf == nullptr) { + return DLP_PARSE_ERROR_MEMORY_OPERATE_FAIL; + } + (void)lseek(dlpFd_, head_.contactAccountOffset, SEEK_SET); + if (read(dlpFd_, tmpBuf, head_.contactAccountSize) != (ssize_t)head_.contactAccountSize) { + delete[] tmpBuf; + DLP_LOG_ERROR(LABEL, "can not read dlp contact account, %{public}s", strerror(errno)); + return DLP_PARSE_ERROR_FILE_FORMAT_ERROR; + } + contactAccount_ = std::string(tmpBuf, tmpBuf + head_.contactAccountSize); delete[] tmpBuf; - DLP_LOG_ERROR(LABEL, "can not read dlp contact account, %{public}s", strerror(errno)); - return DLP_PARSE_ERROR_FILE_FORMAT_ERROR; } - contactAccount_ = std::string(tmpBuf, tmpBuf + head_.contactAccountSize); - delete[] tmpBuf; if (head_.offlineCertSize != 0 && head_.offlineCertSize == head_.certSize) { tmpBuf = new (std::nothrow)uint8_t[head_.offlineCertSize]; if (tmpBuf == nullptr) { @@ -474,13 +578,32 @@ int32_t DlpRawFile::DoWriteHeaderAndContactAccount(int32_t inPlainFileFd, uint64 DLP_LOG_ERROR(LABEL, "write dlp head failed, %{public}s", strerror(errno)); return DLP_PARSE_ERROR_FILE_OPERATE_FAIL; } - - if (write(dlpFd_, contactAccount_.c_str(), contactAccount_.size()) != - static_cast(contactAccount_.size())) { - DLP_LOG_ERROR(LABEL, "write dlp contact data failed, %{public}s", strerror(errno)); - return DLP_PARSE_ERROR_FILE_OPERATE_FAIL; + if (accountType_ == ENTERPRISE_ACCOUNT) { + uint32_t idSize = appId_.size(); + if (write(dlpFd_, &idSize, sizeof(uint32_t)) != sizeof(uint32_t)) { + DLP_LOG_ERROR(LABEL, "write appId_ size failed, %{public}s", strerror(errno)); + return DLP_PARSE_ERROR_FILE_OPERATE_FAIL; + } + if (write(dlpFd_, appId_.c_str(), idSize) != static_cast(idSize)) { + DLP_LOG_ERROR(LABEL, "write appId_ failed, %{public}s", strerror(errno)); + return DLP_PARSE_ERROR_FILE_OPERATE_FAIL; + } + idSize = fileId_.size(); + if (write(dlpFd_, &idSize, sizeof(uint32_t)) != sizeof(uint32_t)) { + DLP_LOG_ERROR(LABEL, "write fileId_ size failed, %{public}s", strerror(errno)); + return DLP_PARSE_ERROR_FILE_OPERATE_FAIL; + } + if (write(dlpFd_, fileId_.c_str(), idSize) != static_cast(idSize)) { + DLP_LOG_ERROR(LABEL, "write fileId_ failed, %{public}s", strerror(errno)); + return DLP_PARSE_ERROR_FILE_OPERATE_FAIL; + } + } else { + if (write(dlpFd_, contactAccount_.c_str(), contactAccount_.size()) != + static_cast(contactAccount_.size())) { + DLP_LOG_ERROR(LABEL, "write dlp contact data failed, %{public}s", strerror(errno)); + return DLP_PARSE_ERROR_FILE_OPERATE_FAIL; + } } - if (head_.txtSize == 0) { DLP_LOG_INFO(LABEL, "Plaintext file len is 0, do not need encrypt"); if (write(dlpFd_, cert_.data, head_.certSize) != (ssize_t)head_.certSize) { @@ -496,6 +619,11 @@ int32_t DlpRawFile::DoWriteHeaderAndContactAccount(int32_t inPlainFileFd, uint64 int32_t DlpRawFile::GenFileInRaw(int32_t inPlainFileFd) { off_t fileLen = lseek(inPlainFileFd, 0, SEEK_END); + if (accountType_ == ENTERPRISE_ACCOUNT) { + head_.contactAccountSize = 0; + head_.contactAccountOffset = FILE_HEAD + sizeof(DlpHeader) + appId_.size() + fileId_.size() + FILE_HEAD; + head_.txtOffset = head_.contactAccountOffset + head_.contactAccountSize; + } head_.txtSize = static_cast(fileLen); if (fileLen == 0) { head_.hmacOffset = head_.txtOffset + head_.txtSize; @@ -536,7 +664,8 @@ int32_t DlpRawFile::GenFileInRaw(int32_t inPlainFileFd) DLP_LOG_ERROR(LABEL, "write dlp dlpHeaderSize failed, %{public}s", strerror(errno)); return DLP_PARSE_ERROR_FILE_OPERATE_FAIL; } - uint32_t dlpHeaderSize = sizeof(struct DlpHeader); + uint32_t dlpHeaderSize = accountType_ == ENTERPRISE_ACCOUNT ? + (sizeof(DlpHeader) + appId_.size() + fileId_.size() + FILE_HEAD) : sizeof(struct DlpHeader); if (write(dlpFd_, &dlpHeaderSize, sizeof(uint32_t)) != sizeof(uint32_t)) { DLP_LOG_ERROR(LABEL, "write dlp dlpHeaderSize failed, %{public}s", strerror(errno)); return DLP_PARSE_ERROR_FILE_OPERATE_FAIL; @@ -568,12 +697,6 @@ int32_t DlpRawFile::RemoveDlpPermissionInRaw(int32_t outPlainFileFd) return DLP_PARSE_ERROR_FILE_OPERATE_FAIL; } - // clean plainTxtFile - if (ftruncate(outPlainFileFd, 0) == -1) { - DLP_LOG_ERROR(LABEL, "truncate plain file to zero failed, %{public}s", strerror(errno)); - return DLP_PARSE_ERROR_FILE_OPERATE_FAIL; - } - if (lseek(outPlainFileFd, 0, SEEK_SET) == static_cast(-1)) { DLP_LOG_ERROR(LABEL, "seek plain file start failed, %{public}s", strerror(errno)); return DLP_PARSE_ERROR_FILE_OPERATE_FAIL; @@ -589,7 +712,7 @@ int32_t DlpRawFile::RemoveDlpPermissionInRaw(int32_t outPlainFileFd) return DLP_OK; } - return DoDlpContentCryptyOperation(dlpFd_, outPlainFileFd, head_.txtOffset, head_.txtSize, false); + return DoDlpContentCryptyOperation(dlpFd_, outPlainFileFd, 0, head_.txtSize, false); } int32_t DlpRawFile::RemoveDlpPermission(int32_t outPlainFileFd) diff --git a/interfaces/inner_api/dlp_parse/src/dlp_utils.cpp b/interfaces/inner_api/dlp_parse/src/dlp_utils.cpp index 349db734d21d68370df361a0550a23ea293455d3..16b710fb0564e1d5b4b104de6af23c17ddd27774 100644 --- a/interfaces/inner_api/dlp_parse/src/dlp_utils.cpp +++ b/interfaces/inner_api/dlp_parse/src/dlp_utils.cpp @@ -25,6 +25,7 @@ #include "dlp_permission_public_interface.h" #include "dlp_file.h" #include "dlp_zip.h" +#include "ipc_skeleton.h" #include "securec.h" namespace OHOS { @@ -377,6 +378,23 @@ bool DlpUtils::GetBundleInfoWithBundleName(const std::string &bundleName, int32_ return bundleMgrProxy->GetBundleInfo(bundleName, flag, bundleInfo, userId); } +bool DlpUtils::GetAppIdFromToken(std::string &appId) +{ + auto bundleMgrProxy = DlpUtils::GetBundleMgrProxy(); + if (bundleMgrProxy == nullptr) { + return false; + } + AppExecFwk::BundleInfo bundleInfo; + int32_t ret = bundleMgrProxy->GetBundleInfoForSelf(static_cast( + AppExecFwk::GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_SIGNATURE_INFO), bundleInfo); + if (ret != DLP_OK || bundleInfo.appId.size() == 0) { + DLP_LOG_ERROR(LABEL, "GetBundleInfoForSelf failed %{public}d", ret); + return false; + } + appId = bundleInfo.appId; + return true; +} + bool DlpUtils::GetUserIdByForegroundAccount(int32_t &userId) { int32_t ret = AccountSA::OsAccountManager::GetForegroundOsAccountLocalId(userId); diff --git a/interfaces/kits/dlp_permission/BUILD.gn b/interfaces/kits/dlp_permission/BUILD.gn index 7ae9dc48fd95c6c939afbac644d6096f4c3b08cc..dd206a6173fbbf2d9163be793352bf42a411b59f 100644 --- a/interfaces/kits/dlp_permission/BUILD.gn +++ b/interfaces/kits/dlp_permission/BUILD.gn @@ -73,6 +73,7 @@ ohos_shared_library("libdlppermission_napi") { "ipc:ipc_core", "napi:ace_napi", "samgr:samgr_proxy", + "dlp_credential_service:dlp_connection_static" ] relative_install_dir = "module" diff --git a/interfaces/kits/dlp_permission/napi/src/napi_dlp_permission.cpp b/interfaces/kits/dlp_permission/napi/src/napi_dlp_permission.cpp index ef58e6de833aad94049cd7001c6ad6c7eb8f3cfa..275184dd517e1fe2f6945e92fb117c994f003771 100644 --- a/interfaces/kits/dlp_permission/napi/src/napi_dlp_permission.cpp +++ b/interfaces/kits/dlp_permission/napi/src/napi_dlp_permission.cpp @@ -35,10 +35,13 @@ #include "securec.h" #include "tokenid_kit.h" #include "token_setproc.h" +#include "dlp_connection_client.h" namespace OHOS { namespace Security { -namespace DlpPermission { +namespace DlpConnection { + +using namespace OHOS::Security::DlpPermission; namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_DLP_PERMISSION, "DlpPermissionNapi"}; std::mutex g_lockForOpenDlpFileSubscriber; @@ -1889,16 +1892,36 @@ napi_value NapiDlpPermission::StartDLPManagerForResult(napi_env env, napi_callba return result; } -napi_value NapiDlpPermission::GenerateDlpFileForEnterprise(napi_env env, napi_callback_info cbInfo) +napi_value NapiDlpPermission::ProcessDomainAccount(napi_env env, napi_callback_info cbInfo) { if (!IsSystemApp(env)) { return nullptr; } - if (!CheckPermission(env, PERMISSION_ENTERPRISE_ACCESS_DLP_FILE)) { + + auto asyncContextPtr = std::make_unique(env); + if (!GetGenerateDlpFileForDomainParam(env, cbInfo, *asyncContextPtr)) { return nullptr; } - auto asyncContextPtr = std::make_unique(env); + napi_value result = nullptr; + if (asyncContextPtr->callbackRef == nullptr) { + DLP_LOG_DEBUG(LABEL, "Create promise"); + NAPI_CALL(env, napi_create_promise(env, &asyncContextPtr->deferred, &result)); + } else { + DLP_LOG_DEBUG(LABEL, "Undefined the result parameter"); + NAPI_CALL(env, napi_get_undefined(env, &result)); + } + napi_value resource = nullptr; + NAPI_CALL(env, napi_create_string_utf8(env, "ProcessDomainAccount", NAPI_AUTO_LENGTH, &resource)); + NAPI_CALL(env, napi_create_async_work(env, nullptr, resource, GenerateDlpFileForEnterpriseExcute, + GenerateDlpFileForEnterpriseComplete, static_cast(asyncContextPtr.get()), &(asyncContextPtr->work))); + NAPI_CALL(env, napi_queue_async_work_with_qos(env, asyncContextPtr->work, napi_qos_user_initiated)); + asyncContextPtr.release(); + return result; +} +napi_value NapiDlpPermission::ProcessEnterpriseAccount(napi_env env, napi_callback_info cbInfo) +{ + auto asyncContextPtr = std::make_unique(env); if (!GetGenerateDlpFileForEnterpriseParam(env, cbInfo, *asyncContextPtr)) { return nullptr; } @@ -1911,7 +1934,7 @@ napi_value NapiDlpPermission::GenerateDlpFileForEnterprise(napi_env env, napi_ca NAPI_CALL(env, napi_get_undefined(env, &result)); } napi_value resource = nullptr; - NAPI_CALL(env, napi_create_string_utf8(env, "GenerateDlpFileForEnterprise", NAPI_AUTO_LENGTH, &resource)); + NAPI_CALL(env, napi_create_string_utf8(env, "ProcessEnterpriseAccount", NAPI_AUTO_LENGTH, &resource)); NAPI_CALL(env, napi_create_async_work(env, nullptr, resource, GenerateDlpFileForEnterpriseExcute, GenerateDlpFileForEnterpriseComplete, static_cast(asyncContextPtr.get()), &(asyncContextPtr->work))); NAPI_CALL(env, napi_queue_async_work_with_qos(env, asyncContextPtr->work, napi_qos_user_initiated)); @@ -1919,6 +1942,21 @@ napi_value NapiDlpPermission::GenerateDlpFileForEnterprise(napi_env env, napi_ca return result; } +napi_value NapiDlpPermission::GenerateDlpFileForEnterprise(napi_env env, napi_callback_info cbInfo) +{ + if (!CheckPermission(env, PERMISSION_ENTERPRISE_ACCESS_DLP_FILE)) { + return nullptr; + } + auto asyncContextPtr = std::make_unique(env); + if (!GetAccountTypeInEnterpriseParam(env, cbInfo, *asyncContextPtr)) { + return nullptr; + } + if (asyncContextPtr->property.ownerAccountType == ENTERPRISE_ACCOUNT) { + return ProcessEnterpriseAccount(env, cbInfo); + } + return ProcessDomainAccount(env, cbInfo); +} + void NapiDlpPermission::GenerateDlpFileForEnterpriseExcute(napi_env env, void* data) { DLP_LOG_DEBUG(LABEL, "GenerateDlpFileForEnterprise start run."); @@ -1951,9 +1989,6 @@ void NapiDlpPermission::GenerateDlpFileForEnterpriseComplete(napi_env env, napi_ napi_value NapiDlpPermission::DecryptDlpFile(napi_env env, napi_callback_info cbInfo) { - if (!IsSystemApp(env)) { - return nullptr; - } if (!CheckPermission(env, PERMISSION_ENTERPRISE_ACCESS_DLP_FILE)) { return nullptr; } @@ -2011,9 +2046,6 @@ void NapiDlpPermission::DecryptDlpFileComplete(napi_env env, napi_status status, napi_value NapiDlpPermission::QueryDlpPolicy(napi_env env, napi_callback_info cbInfo) { - if (!IsSystemApp(env)) { - return nullptr; - } if (!CheckPermission(env, PERMISSION_ENTERPRISE_ACCESS_DLP_FILE)) { return nullptr; } @@ -2070,6 +2102,283 @@ void NapiDlpPermission::QueryDlpPolicyComplete(napi_env env, napi_status status, ProcessCallbackOrPromise(env, asyncContext, resJs); } +static napi_value CreatePluginAsyncCallback(napi_env env, napi_callback callback, JsDlpConnectionParam *parm) +{ + napi_value napiCallback = nullptr; + napi_status status = napi_create_function(env, "callback", NAPI_AUTO_LENGTH, callback, param, &napiCallback); + if (status != napi_ok) { + DLP_LOG_ERROR(LABEL, "status is not ok."); + return nullptr; + } + status = napi_wrap(env, napiCallback, param, + [](napi_env env, void *data, void *hint) { + DLP_LOG_DEBUG(LABEL, "release JsDlpConnectionParam."); + delete reinterpret_cast(data); + }, nullptr, nullptr); + if (status != napi_ok) { + DLP_LOG_ERROR(LABEL, "status is not ok."); + return nullptr; + } + return napiCallback; +} + +static bool GetPluginCallbackCommonParam(napi_env env, napi_callback_info cbInfo, + JsDlpConnectionParam **param, BusinessError &error, napi_value *businessData) +{ + size_t argc = PARAM1; + napi_value argv[PARAM1] = {nullptr}; + void *data = nullptr; + NAPI_CALL_BASE(env, napi_get_cb_info(env, cbInfo, &argc, argv, nullptr, &data), false); + if (argc != PARAM1) { + DLP_LOG_ERROR(LABEL, "param size is error."); + return false; + } + *param = reinterpret_cast(data); + if ((*param == nullptr) || ((*param)->callback == nullptr)) { + DLP_LOG_ERROR(LABEL, "param is error."); + return false; + } + *businessData = argv[PARAM0]; + error.code = 0; + return true; +} + +void ReleaseNapiRefArray(napi_env env, const std::vector &napiRefVec) +{ + if (env == nullptr) { + return; + } + auto task = [env, napiRefVec]() { + for (auto &napiRef : napiRefVec) { + if (napiRef != nullptr) { + napi_delete_reference(env, napiRef); + } + } + }; + if (napi_ok != napi_send_event(env, task, napi_eprio_high)) { + DLP_LOG_ERROR(LABEL, "napi_send_event is error."); + } +} + +void ReleaseNapiRefAsync(napi_env env, napi_ref napiRef) +{ + ReleaseNapiRefArray(env, {napiRef}); +} + +bool GetStringProperty(napi_env env, napi_value obj, std::string &property) +{ + napi_valuetype valuetype = napi_undefined; + NAPI_CALL_BASE(env, napi_typeof(env, obj, &valuetype), false); + if (valuetype != napi_string) { + return false; + } + size_t propLen; + NAPI_CALL_BASE(env, napi_get_value_string_utf8(env, obj, nullptr, 0, &propLen), false); + property.reserve(propLen + 1); + property.resize(propLen); + NAPI_CALL_BASE(env, napi_get_value_string_utf8(env, obj, property.data(), propLen + 1, &propLen), false); + return true; +} + +static napi_value ConnectServerCallback(napi_env env, napi_callback_info cbInfo) +{ + JsDlpConnectionParam *param = nullptr; + BusinessError error; + napi_value businessData = nullptr; + if (!GetPluginCallbackCommonParam(env, cbInfo, ¶m, error, &businessData)) { + DlpNapiThrow(env, ERR_JS_PARAMETER_ERROR); + return nullptr; + } + std::string data; + if ((error.code == 0) && (!GetStringProperty(env, businessData, data))) { + DLP_LOG_ERROR(LABEL, "GetStringProperty is error."); + DlpNapiThrow(env, ERR_JS_PARAMETER_ERROR); + return nullptr; + } + + param->callback->OnResult(error.code, data); + return nullptr; +} + +NapiDlpConnectionPlugin::NapiDlpConnectionPlugin(napi_env env, const JsDlpConnPlugin &jsPlugin) + : env_(env), jsPlugin_(jsPlugin) +{} + +NapiDlpConnectionPlugin::~NapiDlpConnectionPlugin() +{ + std::unique_lock lock(lockInfo_.mutex); + lockInfo_.condition.wait(lock, [this] { return this->lockInfo_.count == 0;}); + lockInfo_.count--; + if (env_ == nullptr) { + return; + } + ReleaseNapiRefAsync(env_, jsPlugin_.context); + ReleaseNapiRefAsync(env_, jsPlugin_.funcRef); + jsPlugin_.context = nullptr; + jsPlugin_.funcRef = nullptr; +} + +static napi_value CreateString(const std::string &data, JsDlpConnectionParam *param) +{ + napi_value result = nullptr; + NAPI_CALL(param->env, + napi_create_string_utf8(param->env, data.c_str(), NAPI_AUTO_LENGTH, &result)); + return result; +} + +void NapiCallVoidFunction(napi_env env, napi_value *argv, size_t argc, napi_ref funcRef, napi_ref contextRef) +{ + napi_value context = nullptr; + NAPI_CALL_RETURN_VOID(env, napi_get_reference_value(env, contextRef, &context)); + napi_value returnVal; + napi_value func = nullptr; + NAPI_CALL_RETURN_VOID(env, napi_get_reference_value(env, funcRef, &func)); + NAPI_CALL_RETURN_VOID(env, napi_call_function(env, context, func, argc, argv, &returnVal)); +} + +static void ConnectServerWork(JsDlpConnectionParam *param) +{ + napi_handle_scope scope = nullptr; + int32_t res = 0; + do { + napi_open_handle_scope(param->env, &scope); + if (scope == nullptr) { + DLP_LOG_ERROR(LABEL, "scope is error."); + res = 1; + break; + } + napi_value napiCallback = CreatePluginAsyncCallback(param->env, ConnectServerCallback, param); + if (napiCallback == nullptr) { + DLP_LOG_ERROR(LABEL, "napiCallback is error."); + res = 1; + break; + } + napi_value napiRequestId = CreateString(param->requestId, param); + if (napiRequestId == nullptr) { + DLP_LOG_ERROR(LABEL, "napiRequestId is error."); + res = 1; + break; + } + napi_value napiRequestData = CreateString(param->requestData, param); + if (napiRequestData == nullptr) { + DLP_LOG_ERROR(LABEL, "napiRequestData is error."); + res = 1; + break; + } + napi_value argv[] = {napiRequestId, napiRequestData, napiCallback}; + NapiCallVoidFunction(param->env, argv, PARAM3, param->func, param->context); + } while (0); + std::unique_lock lock(param->lockInfo->mutex); + param->lockInfo->count--; + param->loakInfo->condition.notify_all(); + napi_close_handle_scope(param->env, scope); + if (res != 0) { + delete param; + } +} + +bool GetCallbackProperty(napi_env env, napi_value obj, napi_ref &property, int argNum) +{ + napi_valuetype valueType = napi_undefined; + NAPI_CALL_BASE(env, napi_typeof(env, obj, &valueType), false); + if ((valueType == napi_undefined) || (valueType == napi_null)) { + return true; + } else if (valueType == napi_function) { + NAPI_CALL_BASE(env, napi_create_reference(env, obj, argNum, &property), false); + return true; + } + return false; +} + +void NapiDlpConnectionPlugin::ConnectServer(const std::string requestId, const std::string requestData, + const std::shared_ptr &callback) +{ + std::unique_lock lock(lockInfo_.mutex); + if (lockInfo_.count < 0) { + DLP_LOG_ERROR(LABEL, "the plugin has been released"); + return; + } + if (jsPlugin_.funcRef == nullptr) { + DLP_LOG_ERROR(LABEL, "funcRef released"); + return; + } + JsDlpConnectionParam *param = new (std::nothrow) JsDlpConnectionParam(env_); + if (param == nullptr) { + DLP_LOG_ERROR(LABEL, "JsDlpConnectionParam error"); + return; + } + param->callback = callback; + param->func = jsPlugin_.funcRef; + param->context = jsPlugin_.context; + param->requestId = requestId; + param->requestData = requestData; + param->lockInfo = &lockInfo_; + auto task = [param]() { + ConnectServerWork(param); + }; + if (napi_ok != napi_send_event(env_, task, napi_eprio_high)) { + DLP_LOG_ERROR(LABEL, "napi_send_event error"); + delete param; + return; + } + loakInfo_.count++; +} + +bool GetNamedJsFunction(napi_env env, napi_value object, const std::string &name, napi_ref &callback) +{ + napi_valuetype valueType = napi_undefined; + NAPI_CALL_BASE(env, napi_typeof(env, object, &valueType), false); + if (valueType != napi_object) { + return false; + } + napi_value result = nullptr; + NAPI_CALL_BASE(env, napi_get_named_property(env, object, name.c_str(), &result), false); + return GetCallbackProperty(env, result, callback, 1); +} + +static bool ParseContextForRegisterPlugin(napi_env env, napi_callback_info cbInfo, JsDlpConnPlugin &jsPlugin) +{ + size_t argc = PARAM1; + napi_value argv[PARAM1]; + NAPI_CALL_BASE(env, napi_get_cb_info(env, cbInfo, &argc, argv, nullptr, nullptr), false); + if (argc != PARAM1) { + DLP_LOG_ERROR(LABEL, "param size is error."); + return false; + } + napi_valuetype valueType = napi_undefined; + NAPI_CALL_BASE(env, napi_typeof(env, argv[PARAM0], &valueType), false); + if (valueType != napi_object) { + DLP_LOG_ERROR(LABEL, "valueType is error."); + return false; + } + + NAPI_CALL_BASE(env, napi_create_reference(env, argv[PARAM0], PARAM1, &jsPlugin.context), false); + if (!GetNamedJsFunction(env, argv[PARAM0], "connectServer", jsPlugin.funcRef)) { + DLP_LOG_ERROR(LABEL, "get connectServer is error."); + return false; + } + return true; +} + +napi_value NapiDlpPermission::RegisterPlugin(napi_env env, napi_callback_info cbInfo) +{ + JsDlpConnPlugin jsPlugin; + if (!ParseContextForRegisterPlugin(env, cbInfo, jsPlugin)) { + std::string errMsg = "Parameter error of plugin"; + DlpNapiThrow(env, ERR_JS_PARAMETER_ERROR, errMsg); + return nullptr; + } + uint64_t pluginId = 0; + auto plugin = std::make_shared(env, jsPlugin); + int32_t errCode = DlpConnectionClient::GetInstance().RegisterPlugin(plugin, pluginId); + if (errCode != 0) { + DLP_LOG_ERROR(LABEL, "RegisterPlugin is error."); + DlpNapiThrow(env, errCode); + } + napi_value result = CreateUint64(env, pluginId); + return result; +} + void NapiDlpPermission::InitFunction(napi_env env, napi_value exports) { napi_property_descriptor desc[] = { @@ -2105,6 +2414,11 @@ void NapiDlpPermission::InitFunction(napi_env env, napi_value exports) NAPI_CALL_RETURN_VOID(env, napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[PARAM0]), desc)); } +napi_value NapiDlpPermission::InitDlpConnectFunction(napi_env env, napi_value exports) +{ + +} + napi_value NapiDlpPermission::Init(napi_env env, napi_value exports) { InitFunction(env, exports); diff --git a/services/dlp_permission/sa/mock/dlp_credential_client_defines.h b/services/dlp_permission/sa/mock/dlp_credential_client_defines.h index 74c470e1c99b8a9939225ba891b947e3eb1421ff..f439385c9a5f42733d7bf9665d016af6d9ea6c7e 100644 --- a/services/dlp_permission/sa/mock/dlp_credential_client_defines.h +++ b/services/dlp_permission/sa/mock/dlp_credential_client_defines.h @@ -34,6 +34,10 @@ typedef enum { typedef enum { IS_INNER_HAP_RESTORE_INDEX = 0, // 1 byte IS_NEED_CHECK_CUSTOM_PROPERTY = 1, // 1 byte + ENTERPRISE_ONE = 2, + ENTERPRISE_TWO = 3, + ENTERPRISE_THREE = 4, + ENTERPRISE_FOUR = 5, } ReservedValue; typedef enum { @@ -96,6 +100,9 @@ typedef enum { DLP_ERR_TOKEN_CONNECTION_TIME_OUT = 0x00006007, DLP_ERR_APPID_NOT_AUTHORIZED = 0x00007003, DLP_ERR_CALLBACK_TIME_OUT = 0x0000200A, + DLP_ERR_ENTERPRISE_MIN = 0x0000C0000, + DLP_ERR_ENTERPRISE_MAX = 0x0000CFFFF, + } DLP_ErrorCode; typedef void (*DLP_PackPolicyCallback)(uint64_t requestId, int errorCode, DLP_EncPolicyData *outParams); diff --git a/services/dlp_permission/sa/sa_common/dlp_permission_serializer.cpp b/services/dlp_permission/sa/sa_common/dlp_permission_serializer.cpp index 5432cde6fea8b37c515f76baefc54f1b55330f9a..91b4e6bb609f7b320d59341a550888972a15897f 100644 --- a/services/dlp_permission/sa/sa_common/dlp_permission_serializer.cpp +++ b/services/dlp_permission/sa/sa_common/dlp_permission_serializer.cpp @@ -72,6 +72,8 @@ const std::string ACCOUNT_ID = "accountId"; const std::string ACTION_UPON_EXPIRY = "actionUponExpiry"; const std::string CUSTOM_PROPERTY = "customProperty"; const std::string ENTERPRISE = "enterprise"; +const std::string APPID = "appId"; +const std::string FILEID = "fileId"; constexpr uint64_t VALID_TIME_STAMP = 2147483647; static const uint32_t DOMAIN_VERSION = 2; static const uint32_t CLOUD_VERSION = 1; @@ -391,6 +393,10 @@ int32_t DlpPermissionSerializer::SerializeDlpPermission(const PermissionPolicy& policyJson[ACCOUNT_INDEX] = authUsersJson; SerializeCustomProperty(policy, policyJson); SerializeEveryoneInfo(policy, policyJson); + if (policy.ownerAccountType_ == ENTERPRISE_ACCOUNT) { + policyJson[APPID] = policy.appId; + policyJson[FILEID] = policy.fileId; + } permInfoJson[POLICY_INDEX] = policyJson; unordered_json fileEnc; @@ -488,6 +494,9 @@ static void InitPermissionPolicy(PermissionPolicy& policy, const std::vector= DLP_ERR_GENERATE_KEY_FAILED) && (errorCode < DLP_ERR_IPC_INTERNAL_FAILED)); } +static bool IsEnterpriseError(int errorCode) +{ + return ((errorCode >= DLP_ERR_ENTERPRISE_MIN) && (errorCode < DLP_ERR_ENTERPRISE_MAX)); +} + static bool IsDlpCredentialIpcError(int errorCode) { return ((errorCode >= DLP_ERR_IPC_INTERNAL_FAILED) && (errorCode < DLP_ERR_CONNECTION_TIME_OUT)); @@ -101,6 +107,9 @@ static int32_t ConvertCredentialError(int errorCode) if (errorCode == DLP_SUCCESS) { return DLP_OK; } + if (IsEnterpriseError(errorCode)) { + return errorCode; + } if (errorCode == DLP_ERR_CONNECTION_POLICY_PERMISSION_EXPIRED) { return DLP_CREDENTIAL_ERROR_TIME_EXPIRED; } @@ -556,6 +565,20 @@ static int32_t GetDomainAccountName(std::string& account, const std::string& con return DLP_OK; } +static int32_t GetEnterpriseAccountName(AccountInfo& accountCfg, const std::string& appId, bool* isOwner) +{ + std::string account = appId; + accountCfg = { + .account = reinterpret_cast(strdup(account.c_str())), + .accountIdLen = strlen(account.c_str()), + }; + if (accountCfg.account == nullptr) { + DLP_LOG_ERROR(LABEL, "accountCfg error"); + return DLP_PARSE_ERROR_ACCOUNT_INVALID; + } + return DLP_OK; +} + static int32_t GetAccoutInfo(DlpAccountType accountType, AccountInfo& accountCfg, const std::string& contactAccount, bool* isOwner) { @@ -688,7 +711,12 @@ int32_t DlpCredential::ParseDlpCertificate(const sptr& certParcel, return DLP_SERVICE_ERROR_JSON_OPERATE_FAIL; } bool isOwner = false; - int32_t infoRet = GetAccoutInfo(accountType, encPolicy.receiverAccountInfo, certParcel->contactAccount, &isOwner); + int32_t infoRet = DLP_OK; + if (accountType == ENTERPRISE_ACCOUNT) { + infoRet = GetEnterpriseAccountName(encPolicy.receiverAccountInfo, certParcel->appId, &isOwner); + } else { + infoRet = GetAccoutInfo(accountType, encPolicy.receiverAccountInfo, certParcel->contactAccount, &isOwner); + } if (infoRet != DLP_OK) { FreeDLPEncPolicyData(encPolicy); return infoRet; @@ -697,6 +725,7 @@ int32_t DlpCredential::ParseDlpCertificate(const sptr& certParcel, AdapterData(certParcel->offlineCert, isOwner, jsonObj, encPolicy); } encPolicy.reserved[IS_NEED_CHECK_CUSTOM_PROPERTY] = static_cast(certParcel->needCheckCustomProperty); + (void)memcpy_s(&(encPolicy.reserved[ENTERPRISE_ONE]), DECTYPE_SIZE, &(certParcel->decryptType), DECTYPE_SIZE); int32_t res = 0; { std::lock_guard lock(g_lockRequest); diff --git a/services/dlp_permission/sa/sa_main/dlp_permission_service.cpp b/services/dlp_permission/sa/sa_main/dlp_permission_service.cpp index 8adf5dbfbe2ea414fb5525b5605c344aa42e34ca..445fb7e9307bf412692a2359d7e9b53be4e7e34f 100644 --- a/services/dlp_permission/sa/sa_main/dlp_permission_service.cpp +++ b/services/dlp_permission/sa/sa_main/dlp_permission_service.cpp @@ -185,9 +185,6 @@ void DlpPermissionService::UnregisterAppStateObserver() int32_t DlpPermissionService::GenerateDlpCertificate( const sptr& policyParcel, const sptr& callback) { - if (!AccessTokenAdapter::IsSystemApp()) { - return DLP_SERVICE_ERROR_NOT_SYSTEM_APP; - } if (!PermissionManagerAdapter::CheckPermission(PERMISSION_ACCESS_DLP_FILE) && !PermissionManagerAdapter::CheckPermission(PERMISSION_ENTERPRISE_ACCESS_DLP_FILE)) { return DLP_SERVICE_ERROR_PERMISSION_DENY; @@ -238,9 +235,6 @@ static bool GetApplicationInfo(std::string appId, AppExecFwk::ApplicationInfo& a int32_t DlpPermissionService::ParseDlpCertificate(const sptr& certParcel, const sptr& callback, const std::string& appId, bool offlineAccess) { - if (!AccessTokenAdapter::IsSystemApp()) { - return DLP_SERVICE_ERROR_NOT_SYSTEM_APP; - } if (!PermissionManagerAdapter::CheckPermission(PERMISSION_ACCESS_DLP_FILE) && !PermissionManagerAdapter::CheckPermission(PERMISSION_ENTERPRISE_ACCESS_DLP_FILE)) { return DLP_SERVICE_ERROR_PERMISSION_DENY;