diff --git a/bundle.json b/bundle.json index 275021d07ff072fa6b677455aa13b289cb29cab7..1b480d5fec9a601d263276eff570be904f1cf5ed 100644 --- a/bundle.json +++ b/bundle.json @@ -54,7 +54,8 @@ "window_manager", "device_manager", "dsoftbus", - "ets_frontend" + "ets_frontend", + "runtime_core" ] }, "build": { @@ -68,7 +69,8 @@ "//base/useriam/user_auth_framework/frameworks/js/napi/user_auth_extension/module_loader:user_auth_extension_module", "//base/useriam/user_auth_framework/frameworks/js/napi/user_auth_icon:userauthicon", "//base/useriam/user_auth_framework/frameworks/cj/user_auth:cj_userauth_ffi", - "//base/useriam/user_auth_framework/frameworks/js/napi/user_access_ctrl:useraccessctrl" + "//base/useriam/user_auth_framework/frameworks/js/napi/user_access_ctrl:useraccessctrl", + "//base/useriam/user_auth_framework/frameworks/ets/ani:user_auth_framework_ani" ], "service_group": [ "//base/useriam/user_auth_framework/sa_profile:useriam.init", diff --git a/frameworks/ets/ani/BUILD.gn b/frameworks/ets/ani/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..dbddbdb950efdd3ab2fd5d7626722b40d9b4c735 --- /dev/null +++ b/frameworks/ets/ani/BUILD.gn @@ -0,0 +1,19 @@ +# Copyright (C) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +group("user_auth_framework_ani") { + deps = [ + "./user_access_ctrl:user_access_ctrl_ani", + "./user_auth:user_auth_ani", + ] +} diff --git a/frameworks/ets/ani/user_access_ctrl/BUILD.gn b/frameworks/ets/ani/user_access_ctrl/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..f96066b6092d92814c2148aa3f621153e00242b6 --- /dev/null +++ b/frameworks/ets/ani/user_access_ctrl/BUILD.gn @@ -0,0 +1,106 @@ +# Copyright (C) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/components/ets_frontend/ets2abc_config.gni") +import("//build/ohos.gni") +import("//build/ohos/taihe_idl/taihe.gni") +import("../../../../user_auth_framework.gni") + +copy_taihe_idl("user_access_ctrl_copy_taihe_idl") { + sources = [ "idl/ohos.userIAM.userAccessCtrl.taihe" ] +} + +taihe_generated_file_path = + "$taihe_file_path/out/useriam/user_auth_frameworks/user_access_ctrl" +ohos_taihe("user_access_ctrl_taihe") { + taihe_generated_file_path = "$taihe_generated_file_path" + deps = [ + ":user_access_ctrl_copy_taihe_idl", + "$user_auth_framework_path/frameworks/ets/ani/user_auth:user_auth_taihe", + ] + outputs = [ + "$taihe_generated_file_path/src/ohos.userIAM.userAccessCtrl.ani.cpp", + "$taihe_generated_file_path/src/ohos.userIAM.userAccessCtrl.abi.c", + ] +} + +generate_static_abc("user_access_ctrl_abc") { + base_url = "$taihe_generated_file_path" + files = [ "$taihe_generated_file_path/@ohos.userIAM.userAccessCtrl.ets" ] + is_boot_abc = "True" + device_dst_file = "system/framework/ohos.userIAM.userAccessCtrl.abc" + dst_file = "$target_out_dir/ohos.userIAM.userAccessCtrl.abc" + out_puts = [ "$target_out_dir/ohos.userIAM.userAccessCtrl.abc" ] + dependencies = [ ":user_access_ctrl_taihe" ] +} + +ohos_prebuilt_etc("user_access_ctrl_abc_etc") { + source = "$target_out_dir/ohos.userIAM.userAccessCtrl.abc" + module_install_dir = "framework" + deps = [ ":user_access_ctrl_abc" ] + part_name = "user_auth_framework" + subsystem_name = "useriam" +} + +taihe_shared_library("useraccessctrl_ani") { + sanitize = { + integer_overflow = true + ubsan = true + boundary_sanitize = true + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + remove_configs = [ "//build/config/compiler:no_exceptions" ] + + taihe_generated_file_path = "$taihe_generated_file_path" + include_dirs = [ + "${user_auth_framework_path}/common/logs", + "${user_auth_framework_path}/common/utils", + ] + + sources = get_target_outputs(":user_access_ctrl_taihe") + + sources += [ + "src/ani_constructor.cpp", + "src/ohos.userIAM.userAccessCtrl.impl.cpp", + ] + + deps = [ + ":user_access_ctrl_taihe", + "${user_auth_framework_path}/frameworks/native/client:userauth_client", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_single", + "runtime_core:ani", + "runtime_core:libarkruntime", + ] + + if (use_musl) { + version_script = "user_access_ctrl_ani_map" + } + + part_name = "user_auth_framework" + subsystem_name = "useriam" +} + +group("user_access_ctrl_ani") { + deps = [ + ":user_access_ctrl_abc_etc", + ":useraccessctrl_ani", + ] +} diff --git a/frameworks/ets/ani/user_access_ctrl/idl/ohos.userIAM.userAccessCtrl.taihe b/frameworks/ets/ani/user_access_ctrl/idl/ohos.userIAM.userAccessCtrl.taihe new file mode 100644 index 0000000000000000000000000000000000000000..9b14cc41395ef2bf216d88c70e10751ca75c3829 --- /dev/null +++ b/frameworks/ets/ani/user_access_ctrl/idl/ohos.userIAM.userAccessCtrl.taihe @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +@!namespace("@ohos.userIAM.userAccessCtrl", "userAccessCtrl") + +from ohos.userIAM.userAuth use AuthTrustLevel, UserAuthType as UserAuthType; + +@!sts_inject(""" +static { loadLibrary("useraccessctrl_ani.z"); } +""") + +enum AuthTokenType : i32 { + TOKEN_TYPE_LOCAL_AUTH = 0, + TOKEN_TYPE_LOCAL_RESIGN = 1, + TOKEN_TYPE_COAUTH = 2 +} + +struct AuthToken { + challenge: @typedarray Array; + authTrustLevel: AuthTrustLevel; + authType: UserAuthType; + tokenType: AuthTokenType; + userId: i32; + timeInterval: i64; + secureUid: Optional; + enrolledId: Optional; + credentialId: Optional; +} + +@gen_promise("verifyAuthToken") +function verifyAuthTokenSync(authToken: @typedarray Array, allowableDuration: i32): AuthToken; \ No newline at end of file diff --git a/frameworks/ets/ani/user_access_ctrl/src/ani_constructor.cpp b/frameworks/ets/ani/user_access_ctrl/src/ani_constructor.cpp new file mode 100644 index 0000000000000000000000000000000000000000..bde731fae44b23e7a5a493a9278bf4e3b7bc6f93 --- /dev/null +++ b/frameworks/ets/ani/user_access_ctrl/src/ani_constructor.cpp @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ohos.userIAM.userAccessCtrl.ani.hpp" + +ANI_EXPORT ani_status ANI_Constructor(ani_vm *vm, uint32_t *result) +{ + ani_env *env; + if (ANI_OK != vm->GetEnv(ANI_VERSION_1, &env)) { + return ANI_ERROR; + } + if (ANI_OK != ohos::userIAM::userAccessCtrl::ANIRegister(env)) { + std::cerr << "ohos::userIAM::userAccessCtrl" << std::endl; + return ANI_ERROR; + } + *result = ANI_VERSION_1; + return ANI_OK; +} diff --git a/frameworks/ets/ani/user_access_ctrl/src/ohos.userIAM.userAccessCtrl.impl.cpp b/frameworks/ets/ani/user_access_ctrl/src/ohos.userIAM.userAccessCtrl.impl.cpp new file mode 100644 index 0000000000000000000000000000000000000000..27cd7c522a7e867856e63fb65a34f6397bb4394a --- /dev/null +++ b/frameworks/ets/ani/user_access_ctrl/src/ohos.userIAM.userAccessCtrl.impl.cpp @@ -0,0 +1,318 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ohos.userIAM.userAccessCtrl.impl.hpp" + +#include "taihe/runtime.hpp" + +#include +#include +#include +#include + +#include "attributes.h" +#include "iam_check.h" +#include "iam_common_defines.h" +#include "iam_logger.h" +#include "iam_ptr.h" +#include "user_access_ctrl_client.h" + +#define LOG_TAG "USER_ACCESS_CTRL_ANI" + +namespace userAccessCtrl = ohos::userIAM::userAccessCtrl; +namespace userAuth = ohos::userIAM::userAuth; +namespace UserAuth = OHOS::UserIam::UserAuth; +using namespace taihe; +using namespace OHOS::UserIam::Common; +namespace OHOS { +namespace UserIam { +namespace UserAuth { +enum class JsResultCode : int32_t { + OHOS_CHECK_PERMISSION_FAILED = 201, + OHOS_CHECK_SYSTEM_APP_FAILED = 202, + OHOS_INVALID_PARAM = 401, + GENERAL_ERROR = 12500002, + AUTH_TOKEN_CHECK_FAILED = 12500015, + AUTH_TOKEN_EXPIRED = 12500016, +}; + +struct VerifyAuthTokenResult { + int32_t resultCode; + std::vector extraInfo; +}; + +class VerifyAuthTokenCallback : public VerifyTokenCallback { +public: + VerifyAuthTokenCallback() + { + future_ = promise_.get_future().share(); + } + + void OnResult(int32_t result, const Attributes &extraInfo) override + { + std::lock_guard lock(mutex_); + IAM_LOGI("result: %{public}d, resultSet_: %{public}d", result, resultSet_); + if (!resultSet_) { + VerifyAuthTokenResult verifyAuthTokenResult { result, extraInfo.Serialize() }; + promise_.set_value(verifyAuthTokenResult); + resultSet_ = true; + } + } + + std::shared_future GetFuture() + { + std::lock_guard lock(mutex_); + return future_; + } + +private: + std::mutex mutex_; + std::promise promise_; + std::shared_future future_; + bool resultSet_ = false; +}; + +bool CheckAllowableDuration(uint64_t allowableDuration) +{ + constexpr const uint64_t maxAllowableDuration = 24 * 60 * 60 * 1000; + if (allowableDuration <= 0 || allowableDuration > maxAllowableDuration) { + IAM_LOGE("allowableDuration check fail:%{public}" PRIu64, allowableDuration); + return false; + } + return true; +} + +bool CheckAuthTokenLen(std::vector &authToken) +{ + constexpr const size_t maxAuthTokenLen = 1024; + if (authToken.size() > maxAuthTokenLen) { + IAM_LOGE("authToken length check fail:%{public}zu", authToken.size()); + return false; + } + return true; +} + +bool ConvertAuthTrustLevel(int32_t authTrustLevel, userAuth::AuthTrustLevel &authTrustLevelOut) +{ + switch (authTrustLevel) { + case AuthTrustLevel::ATL1: + authTrustLevelOut = userAuth::AuthTrustLevel::key_t::ATL1; + return true; + case AuthTrustLevel::ATL2: + authTrustLevelOut = userAuth::AuthTrustLevel::key_t::ATL2; + return true; + case AuthTrustLevel::ATL3: + authTrustLevelOut = userAuth::AuthTrustLevel::key_t::ATL3; + return true; + case AuthTrustLevel::ATL4: + authTrustLevelOut = userAuth::AuthTrustLevel::key_t::ATL4; + return true; + default: + IAM_LOGE("invalid authTrustLevel:%{public}d", authTrustLevel); + return false; + } +} + +bool ConvertUserAuthType(int32_t userAuthType, userAuth::UserAuthType &userAuthTypeOut) +{ + switch (userAuthType) { + case AuthType::PIN: + userAuthTypeOut = userAuth::UserAuthType::key_t::PIN; + return true; + case AuthType::FACE: + userAuthTypeOut = userAuth::UserAuthType::key_t::FACE; + return true; + case AuthType::FINGERPRINT: + userAuthTypeOut = userAuth::UserAuthType::key_t::FINGERPRINT; + return true; + case AuthType::PRIVATE_PIN: + userAuthTypeOut = userAuth::UserAuthType::key_t::PRIVATE_PIN; + return true; + default: + IAM_LOGE("invalid userAuthType:%{public}d", userAuthType); + return false; + } +} + +bool ConvertAuthTokenType(int32_t authTokenType, userAccessCtrl::AuthTokenType &authTokenTypeOut) +{ + switch (authTokenType) { + case AuthTokenType::TOKEN_TYPE_LOCAL_AUTH: + authTokenTypeOut = userAccessCtrl::AuthTokenType::key_t::TOKEN_TYPE_LOCAL_AUTH; + return true; + case AuthTokenType::TOKEN_TYPE_LOCAL_RESIGN: + authTokenTypeOut = userAccessCtrl::AuthTokenType::key_t::TOKEN_TYPE_LOCAL_RESIGN; + return true; + case AuthTokenType::TOKEN_TYPE_LOCAL_COAUTH: + authTokenTypeOut = userAccessCtrl::AuthTokenType::key_t::TOKEN_TYPE_COAUTH; + return true; + default: + IAM_LOGE("invalid authTokenType:%{public}d", authTokenType); + return false; + } +} + +bool FillAniAuthToken(const std::vector &extraInfo, userAccessCtrl::AuthToken &authToken) +{ + IAM_LOGI("start"); + Attributes attr(extraInfo); + + std::vector localChallenge; + bool getChallengeRet = attr.GetUint8ArrayValue(Attributes::ATTR_CHALLENGE, localChallenge); + IF_FALSE_LOGE_AND_RETURN_VAL(getChallengeRet, false); + authToken.challenge = array_view(localChallenge); + + int32_t localAuthTrustLevel; + bool getAuthTrustLevelRet = attr.GetInt32Value(Attributes::ATTR_AUTH_TRUST_LEVEL, localAuthTrustLevel); + IF_FALSE_LOGE_AND_RETURN_VAL(getAuthTrustLevelRet, false); + bool convertAuthTrustLevelRet = ConvertAuthTrustLevel(localAuthTrustLevel, authToken.authTrustLevel); + IF_FALSE_LOGE_AND_RETURN_VAL(convertAuthTrustLevelRet, false); + + int32_t localAuthType; + bool getAuthTypeRet = attr.GetInt32Value(Attributes::ATTR_AUTH_TYPE, localAuthType); + IF_FALSE_LOGE_AND_RETURN_VAL(getAuthTypeRet, false); + bool convertUserAuthTypeRet = ConvertUserAuthType(localAuthType, authToken.authType); + IF_FALSE_LOGE_AND_RETURN_VAL(convertUserAuthTypeRet, false); + + int32_t localTokenType; + bool getTokenTypeRet = attr.GetInt32Value(Attributes::ATTR_TOKEN_TYPE, localTokenType); + IF_FALSE_LOGE_AND_RETURN_VAL(getTokenTypeRet, false); + bool convertAuthTokenTypeRet = ConvertAuthTokenType(localTokenType, authToken.tokenType); + IF_FALSE_LOGE_AND_RETURN_VAL(convertAuthTokenTypeRet, false); + + bool getUserIdRet = attr.GetInt32Value(Attributes::ATTR_USER_ID, authToken.userId); + IF_FALSE_LOGE_AND_RETURN_VAL(getUserIdRet, false); + + bool getTokenTimeIntervalRet = attr.GetInt64Value(Attributes::ATTR_TOKEN_TIME_INTERVAL, authToken.timeInterval); + IF_FALSE_LOGE_AND_RETURN_VAL(getTokenTimeIntervalRet, false); + + int64_t secureUid; + bool getSecureUidRet = attr.GetInt64Value(Attributes::ATTR_SEC_USER_ID, secureUid); + if (!getSecureUidRet) { + IAM_LOGE("optional: ATTR_SEC_USER_ID is not set"); + } else { + authToken.secureUid = optional::make(secureUid); + } + + int64_t enrolledId; + bool getEnrolledIdRet = attr.GetInt64Value(Attributes::ATTR_CREDENTIAL_DIGEST, enrolledId); + if (!getEnrolledIdRet) { + IAM_LOGE("optional: ATTR_CREDENTIAL_DIGEST is not set"); + } else { + authToken.enrolledId = optional::make(enrolledId); + } + + int64_t credentialId; + bool getCredentialIdRet = attr.GetInt64Value(Attributes::ATTR_CREDENTIAL_ID, credentialId); + if (!getCredentialIdRet) { + IAM_LOGE("optional: ATTR_CREDENTIAL_ID is not set"); + } else { + authToken.credentialId = optional::make(credentialId); + } + + return true; +} + +ResultCode VerifyAuthTokenSyncInner(array_view authToken, int32_t allowableDuration, + userAccessCtrl::AuthToken &authTokenOut) +{ + int32_t maxWaitTime = 10000; // 10 seconds + IAM_LOGI("start"); + std::shared_ptr callback = MakeShared(); + IF_FALSE_LOGE_AND_RETURN_VAL(callback != nullptr, ResultCode::GENERAL_ERROR); + + std::vector localAuthToken(authToken.begin(), authToken.end()); + if (!CheckAuthTokenLen(localAuthToken) || !CheckAllowableDuration(allowableDuration)) { + return ResultCode::INVALID_PARAMETERS; + } + + UserAccessCtrlClient::GetInstance().VerifyAuthToken(localAuthToken, allowableDuration, callback); + auto future = callback->GetFuture(); + auto result = future.wait_for(std::chrono::milliseconds(maxWaitTime)); + if (result == std::future_status::timeout) { + IAM_LOGE("verifyAuthToken timeout"); + return ResultCode::TIMEOUT; + } + + VerifyAuthTokenResult verifyAuthTokenResult = future.get(); + if (verifyAuthTokenResult.resultCode != ResultCode::SUCCESS) { + IAM_LOGE("verifyAuthToken resultCode error:%{public}d", verifyAuthTokenResult.resultCode); + return static_cast(verifyAuthTokenResult.resultCode); + } + bool fillAniAuthTokenRet = FillAniAuthToken(verifyAuthTokenResult.extraInfo, authTokenOut); + IF_FALSE_LOGE_AND_RETURN_VAL(fillAniAuthTokenRet, ResultCode::GENERAL_ERROR); + + IAM_LOGI("success"); + return ResultCode::SUCCESS; +} + +void ThrowBusinessError(ResultCode ret) +{ + const std::map> result2Pair = { + { ResultCode::INVALID_PARAMETERS, { JsResultCode::OHOS_INVALID_PARAM, "Invalid authentication parameters." } }, + { ResultCode::CHECK_PERMISSION_FAILED, { JsResultCode::OHOS_CHECK_PERMISSION_FAILED, "Permission denied." } }, + { ResultCode::CHECK_SYSTEM_APP_FAILED, + { JsResultCode::OHOS_CHECK_SYSTEM_APP_FAILED, "The caller is not a system application." } }, + { ResultCode::GENERAL_ERROR, { JsResultCode::GENERAL_ERROR, "Unknown errors." } }, + { ResultCode::AUTH_TOKEN_CHECK_FAILED, + { JsResultCode::AUTH_TOKEN_CHECK_FAILED, + "Operation failed because of authToken integrity check failed." } }, + { ResultCode::AUTH_TOKEN_EXPIRED, + { JsResultCode::AUTH_TOKEN_EXPIRED, "Operation failed because of authToken has expired." } } + }; + + if (ret == ResultCode::SUCCESS) { + return; + } + + auto pair = result2Pair.find(ret); + if (pair == result2Pair.end()) { + pair = result2Pair.find(ResultCode::GENERAL_ERROR); + } + IF_FALSE_LOGE_AND_RETURN(pair != result2Pair.end()); + IAM_LOGE("ThrowBusinessError, result: %{public}d, errorCode: %{public}d, errmsg: %{public}s", pair->first, + pair->second.first, pair->second.second.c_str()); + set_business_error(static_cast(pair->second.first), pair->second.second); +} + +userAccessCtrl::AuthToken VerifyAuthTokenSync(array_view authToken, int32_t allowableDuration) +{ + IAM_LOGI("start"); + userAccessCtrl::AuthToken authTokenOut = { + array_view(nullptr, 0), + userAuth::AuthTrustLevel::key_t::ATL1, + userAuth::UserAuthType::key_t::PIN, + userAccessCtrl::AuthTokenType::key_t::TOKEN_TYPE_LOCAL_AUTH, + }; + + ResultCode ret = VerifyAuthTokenSyncInner(authToken, allowableDuration, authTokenOut); + if (ret != ResultCode::SUCCESS) { + ThrowBusinessError(ret); + return authTokenOut; + } + IAM_LOGI("success"); + return authTokenOut; +} +} // namespace UserAuth +} // namespace UserIam +} // namespace OHOS + +namespace { +userAccessCtrl::AuthToken verifyAuthTokenSync(array_view authToken, int32_t allowableDuration) +{ + return UserAuth::VerifyAuthTokenSync(authToken, allowableDuration); +} +} // namespace +TH_EXPORT_CPP_API_verifyAuthTokenSync(verifyAuthTokenSync); diff --git a/frameworks/ets/ani/user_access_ctrl/user_access_ctrl_ani_map b/frameworks/ets/ani/user_access_ctrl/user_access_ctrl_ani_map new file mode 100644 index 0000000000000000000000000000000000000000..443c2148f1fa0d4e1c23c0c6c631ad584c498906 --- /dev/null +++ b/frameworks/ets/ani/user_access_ctrl/user_access_ctrl_ani_map @@ -0,0 +1,22 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{ + global: + extern "C++" { + ANI_Constructor; + taihe*; + }; + local: + *; +}; \ No newline at end of file diff --git a/frameworks/ets/ani/user_auth/BUILD.gn b/frameworks/ets/ani/user_auth/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..ff444d0646efb83d3516fee211f5591dc88d9262 --- /dev/null +++ b/frameworks/ets/ani/user_auth/BUILD.gn @@ -0,0 +1,54 @@ +# Copyright (C) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/components/ets_frontend/ets2abc_config.gni") +import("//build/ohos.gni") +import("//build/ohos/taihe_idl/taihe.gni") +import("../../../../user_auth_framework.gni") + +copy_taihe_idl("user_auth_copy_taihe_idl") { + sources = [ "idl/ohos.userIAM.userAuth.taihe" ] +} + +taihe_generated_file_path = + "$taihe_file_path/out/useriam/user_auth_frameworks/user_auth" +ohos_taihe("user_auth_taihe") { + taihe_generated_file_path = "$taihe_generated_file_path" + deps = [ ":user_auth_copy_taihe_idl" ] + outputs = [ + "$taihe_generated_file_path/src/ohos.userIAM.userAuth.ani.cpp", + "$taihe_generated_file_path/src/ohos.userIAM.userAuth.abi.c", + ] +} + +generate_static_abc("user_auth_abc") { + base_url = "$taihe_generated_file_path" + files = [ "$taihe_generated_file_path/@ohos.userIAM.userAuth.ets" ] + is_boot_abc = "True" + device_dst_file = "system/framework/ohos.userIAM.userAuth.abc" + dst_file = "$target_out_dir/ohos.userIAM.userAuth.abc" + out_puts = [ "$target_out_dir/ohos.userIAM.userAuth.abc" ] + dependencies = [ ":user_auth_taihe" ] +} + +ohos_prebuilt_etc("user_auth_abc_etc") { + source = "$target_out_dir/ohos.userIAM.userAuth.abc" + module_install_dir = "framework" + deps = [ ":user_auth_abc" ] + part_name = "user_auth" + subsystem_name = "useriam" +} + +group("user_auth_ani") { + deps = [ ":user_auth_abc_etc" ] +} diff --git a/frameworks/ets/ani/user_auth/idl/ohos.userIAM.userAuth.taihe b/frameworks/ets/ani/user_auth/idl/ohos.userIAM.userAuth.taihe new file mode 100644 index 0000000000000000000000000000000000000000..a93ab6a906310ef129894df64668f3056c6b6c17 --- /dev/null +++ b/frameworks/ets/ani/user_auth/idl/ohos.userIAM.userAuth.taihe @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +@!namespace("@ohos.userIAM.userAuth", "userAuth") + +enum UserAuthType : i32 { + PIN = 1, + FACE = 2, + FINGERPRINT = 4, + PRIVATE_PIN = 16 +} + +enum AuthTrustLevel : i32 { + ATL1 = 10000, + ATL2 = 20000, + ATL3 = 30000, + ATL4 = 40000 +} \ No newline at end of file diff --git a/frameworks/js/napi/user_access_ctrl/inc/user_access_ctrl_common.h b/frameworks/js/napi/user_access_ctrl/inc/user_access_ctrl_common.h index 75fa0ff69513ee25239faf8272669092bced6647..10944489d32f7abda27ab0e58ad0b916bbd1e0b4 100644 --- a/frameworks/js/napi/user_access_ctrl/inc/user_access_ctrl_common.h +++ b/frameworks/js/napi/user_access_ctrl/inc/user_access_ctrl_common.h @@ -45,12 +45,6 @@ struct AuthToken { uint64_t enrolledId {0}; uint64_t credentialId {0}; }; - -enum AuthTokenType: int32_t { - TOKEN_TYPE_LOCAL_AUTH = 0, - TOKEN_TYPE_LOCAL_RESIGN = 1, - TOKEN_TYPE_LOCAL_COAUTH = 2, -}; } // namespace OHOS } // namespace UserIam } // namespace UserAccessCtrl diff --git a/frameworks/js/napi/user_access_ctrl/src/user_access_ctrl_entry.cpp b/frameworks/js/napi/user_access_ctrl/src/user_access_ctrl_entry.cpp index e9771bdc8defed47423777a43c776634b2429fef..43d35cee89d63b7272e7890a29f27364f5ab8fd0 100644 --- a/frameworks/js/napi/user_access_ctrl/src/user_access_ctrl_entry.cpp +++ b/frameworks/js/napi/user_access_ctrl/src/user_access_ctrl_entry.cpp @@ -25,7 +25,7 @@ namespace OHOS { namespace UserIam { namespace UserAccessCtrl { namespace { - +using AuthTokenType = UserAuth::AuthTokenType; napi_value VerifyAuthToken(napi_env env, napi_callback_info info) { IAM_LOGI("start"); diff --git a/interfaces/inner_api/iam_common_defines.h b/interfaces/inner_api/iam_common_defines.h index 81c08d4f41d3b2528c7c4f4d5cf3fc967193da5f..dae043f2278d836f821281fef4d139a6a6aa7637 100644 --- a/interfaces/inner_api/iam_common_defines.h +++ b/interfaces/inner_api/iam_common_defines.h @@ -155,6 +155,18 @@ enum PropertyMode : uint32_t { PROPERTY_MODE_NOTIFY_COLLECTOR_READY = 8, }; +/** + * @brief Defines auth token type. + */ +enum AuthTokenType: int32_t { + /** The auth token type is local auth. */ + TOKEN_TYPE_LOCAL_AUTH = 0, + /** The auth token type is local resign. */ + TOKEN_TYPE_LOCAL_RESIGN = 1, + /** The auth token type is local coauth. */ + TOKEN_TYPE_LOCAL_COAUTH = 2, +}; + /** * @brief The result code. */ diff --git a/interfaces/inner_api/user_access_ctrl_client_callback.h b/interfaces/inner_api/user_access_ctrl_client_callback.h index c02d3de576f4294f74606410cb5969017966187b..339db31b5580e855dc5ee02f1b74ce35f0a66352 100644 --- a/interfaces/inner_api/user_access_ctrl_client_callback.h +++ b/interfaces/inner_api/user_access_ctrl_client_callback.h @@ -31,6 +31,7 @@ namespace UserIam { namespace UserAuth { class VerifyTokenCallback { public: + virtual ~VerifyTokenCallback() = default; /** * @brief The callback return verify token result. * diff --git a/user_auth_framework.gni b/user_auth_framework.gni index e88a8dc9a4e4d0efd295c3527a3596fd4b507da3..6ebb0f319daa693bea11c1c3c59ddcb5bdcdf44b 100644 --- a/user_auth_framework.gni +++ b/user_auth_framework.gni @@ -13,4 +13,5 @@ declare_args() { user_auth_framework_enable_dynamic_load = false + user_auth_framework_path = "//base/useriam/user_auth_framework" }