From fbaf0b1747c5f345639d6d01c9cab498127a3587 Mon Sep 17 00:00:00 2001 From: xuqian Date: Mon, 26 Aug 2024 16:06:28 +0800 Subject: [PATCH] return account info Signed-off-by: xuqian --- frameworks/common/include/permission_policy.h | 4 + .../include/dlp_policy_parcel.h | 1 + .../dlp_permission/src/dlp_policy_parcel.cpp | 84 ++++++++++++++----- .../inner_api/dlp_parse/src/dlp_file.cpp | 5 ++ .../sa/mock/dlp_credential_client_defines.h | 5 ++ .../sa_common/dlp_permission_serializer.cpp | 15 ++++ .../sa/sa_main/dlp_credential.cpp | 6 +- .../fuzzer/dlpfile_fuzzer/dlpfile_fuzzer.cpp | 2 +- 8 files changed, 100 insertions(+), 22 deletions(-) diff --git a/frameworks/common/include/permission_policy.h b/frameworks/common/include/permission_policy.h index 34fc2a5..4014ae6 100644 --- a/frameworks/common/include/permission_policy.h +++ b/frameworks/common/include/permission_policy.h @@ -125,6 +125,10 @@ public: std::string ownerAccount_; std::string ownerAccountId_; DlpAccountType ownerAccountType_; + std::string accountName_ = ""; + std::string acountId_ = ""; + DlpAccountType acountType_ = INVALID_ACCOUNT; + DLPFileAccess perm_ = NO_PERMISSION; std::vector authUsers_; bool supportEveryone_ = false; DLPFileAccess everyonePerm_ = NO_PERMISSION; diff --git a/frameworks/dlp_permission/include/dlp_policy_parcel.h b/frameworks/dlp_permission/include/dlp_policy_parcel.h index a3aaedb..d3f7998 100644 --- a/frameworks/dlp_permission/include/dlp_policy_parcel.h +++ b/frameworks/dlp_permission/include/dlp_policy_parcel.h @@ -31,6 +31,7 @@ struct DlpPolicyParcel final : public Parcelable { PermissionPolicy policyParams_; private: + void MarshallingAccountInfo(Parcel& out) const; void MarshallingExpireTime(Parcel& out) const; void MarshallingKey(Parcel& out) const; }; diff --git a/frameworks/dlp_permission/src/dlp_policy_parcel.cpp b/frameworks/dlp_permission/src/dlp_policy_parcel.cpp index 5e02f31..be403db 100644 --- a/frameworks/dlp_permission/src/dlp_policy_parcel.cpp +++ b/frameworks/dlp_permission/src/dlp_policy_parcel.cpp @@ -51,6 +51,23 @@ bool DlpPolicyParcel::Marshalling(Parcel& out) const if (!(out.WriteUint8(this->policyParams_.everyonePerm_))) { DLP_LOG_ERROR(LABEL, "Write everyonePerm_ fail"); } + MarshallingAccountInfo(out); + if (!(out.WriteUint8(this->policyParams_.perm_))) { + DLP_LOG_ERROR(LABEL, "Write perm fail"); + } + MarshallingKey(out); + MarshallingExpireTime(out); + if (!(out.WriteUint32(this->policyParams_.dlpVersion_))) { + DLP_LOG_ERROR(LABEL, "Write dlpVersion_ fail"); + } + if (!(out.WriteBool(this->policyParams_.debug_))) { + DLP_LOG_ERROR(LABEL, "Write debug_ fail"); + } + return true; +} + +void DlpPolicyParcel::MarshallingAccountInfo(Parcel& out) const +{ if (!(out.WriteString(this->policyParams_.ownerAccount_))) { DLP_LOG_ERROR(LABEL, "Write owner account fail"); } @@ -60,16 +77,15 @@ bool DlpPolicyParcel::Marshalling(Parcel& out) const if (!(out.WriteUint8(this->policyParams_.ownerAccountType_))) { DLP_LOG_ERROR(LABEL, "Write owner account type fail"); } - - MarshallingKey(out); - MarshallingExpireTime(out); - if (!(out.WriteUint32(this->policyParams_.dlpVersion_))) { - DLP_LOG_ERROR(LABEL, "Write dlpVersion_ fail"); + if (!(out.WriteString(this->policyParams_.accountName_))) { + DLP_LOG_ERROR(LABEL, "Write accountName fail"); } - if (!(out.WriteBool(this->policyParams_.debug_))) { - DLP_LOG_ERROR(LABEL, "Write debug_ fail"); + if (!(out.WriteString(this->policyParams_.acountId_))) { + DLP_LOG_ERROR(LABEL, "Write accountId fail"); + } + if (!(out.WriteUint8(this->policyParams_.acountType_))) { + DLP_LOG_ERROR(LABEL, "Write accountType fail"); } - return true; } void DlpPolicyParcel::MarshallingKey(Parcel& out) const @@ -180,6 +196,39 @@ static bool ReadAesParam(PermissionPolicy& policy, Parcel& in) return true; } +static bool ReadAccountInfo(PermissionPolicy& policy, Parcel& in) +{ + if (!(in.ReadString(policy.ownerAccount_))) { + DLP_LOG_ERROR(LABEL, "Read owner account fail"); + return false; + } + if (!(in.ReadString(policy.ownerAccountId_))) { + DLP_LOG_ERROR(LABEL, "Read owner accountId fail"); + return false; + } + uint8_t res = 0; + if (!(in.ReadUint8(res))) { + DLP_LOG_ERROR(LABEL, "Read owner account type fail"); + return false; + } + policy.ownerAccountType_ = static_cast(res); + if (!(in.ReadString(policy.accountName_))) { + DLP_LOG_ERROR(LABEL, "Read accountName fail"); + return false; + } + if (!(in.ReadString(policy.acountId_))) { + DLP_LOG_ERROR(LABEL, "Read accountId fail"); + return false; + } + uint8_t type = 0; + if (!(in.ReadUint8(type))) { + DLP_LOG_ERROR(LABEL, "Read account type fail"); + return false; + } + policy.acountType_ = static_cast(type); + return true; +} + static bool ReadParcel(Parcel& in, DlpPolicyParcel* policyParcel) { uint32_t listSize; @@ -203,26 +252,21 @@ static bool ReadParcel(Parcel& in, DlpPolicyParcel* policyParcel) DLP_LOG_ERROR(LABEL, "Write supportEveryone_ fail"); return false; } - uint8_t perm; - if (!(in.ReadUint8(perm))) { + uint8_t everyonePerm; + if (!(in.ReadUint8(everyonePerm))) { DLP_LOG_ERROR(LABEL, "Write everyonePerm_ fail"); return false; } - policyParcel->policyParams_.everyonePerm_ = static_cast(perm); - if (!(in.ReadString(policyParcel->policyParams_.ownerAccount_))) { - DLP_LOG_ERROR(LABEL, "Read owner account fail"); - return false; - } - if (!(in.ReadString(policyParcel->policyParams_.ownerAccountId_))) { - DLP_LOG_ERROR(LABEL, "Read owner accountId fail"); + policyParcel->policyParams_.everyonePerm_ = static_cast(everyonePerm); + if (!ReadAccountInfo(policyParcel->policyParams_, in)) { return false; } - uint8_t res = 0; - if (!(in.ReadUint8(res))) { + uint8_t perm = 0; + if (!(in.ReadUint8(perm))) { DLP_LOG_ERROR(LABEL, "Read owner account type fail"); return false; } - policyParcel->policyParams_.ownerAccountType_ = static_cast(res); + policyParcel->policyParams_.perm_ = static_cast(perm); return ReadAesParam(policyParcel->policyParams_, in); } diff --git a/interfaces/inner_api/dlp_parse/src/dlp_file.cpp b/interfaces/inner_api/dlp_parse/src/dlp_file.cpp index 04d689b..dbe00cf 100755 --- a/interfaces/inner_api/dlp_parse/src/dlp_file.cpp +++ b/interfaces/inner_api/dlp_parse/src/dlp_file.cpp @@ -241,6 +241,11 @@ int32_t DlpFile::GetDomainAccountName(std::string& account) const bool DlpFile::UpdateDlpFilePermission() { + if (!policy_.accountName_.empty()) { + DLP_LOG_INFO(LABEL, "AccountName_ is not empty, perm is %{public}d", policy_.perm_); + authPerm_ = policy_.perm_; + return true; + } std::string accountName; if (policy_.ownerAccountType_ == DOMAIN_ACCOUNT) { if (GetDomainAccountName(accountName) != DLP_OK) { diff --git a/services/dlp_permission/sa/mock/dlp_credential_client_defines.h b/services/dlp_permission/sa/mock/dlp_credential_client_defines.h index 5ced139..74cf58a 100644 --- a/services/dlp_permission/sa/mock/dlp_credential_client_defines.h +++ b/services/dlp_permission/sa/mock/dlp_credential_client_defines.h @@ -26,6 +26,11 @@ typedef enum { APPLICATION_ACCOUNT, } AccountType; +typedef enum { + READ_ONLY = 1, + USE_PERM_IN_POLICY, +}OpenMode; + typedef enum { RECEIVER_DECRYPT_MUST_USE_CLOUD_AND_RETURN_ENCRYPTION_VALUE = 0, RECEIVER_DECRYPT_MUST_USE_CLOUD = 1, diff --git a/services/dlp_permission/sa/sa_common/dlp_permission_serializer.cpp b/services/dlp_permission/sa/sa_common/dlp_permission_serializer.cpp index c1924c3..a04e999 100644 --- a/services/dlp_permission/sa/sa_common/dlp_permission_serializer.cpp +++ b/services/dlp_permission/sa/sa_common/dlp_permission_serializer.cpp @@ -60,6 +60,9 @@ const std::string ENC_POLICY = "encPolicy"; const std::string OFFLINE_CERT = "offlineCert"; const std::string ACCOUNT_TYPE = "accountType"; const std::string RECEIVER_ACCOUNT_INFO = "receiverAccountInfo"; +const std::string OPEN_MODE = "openMode"; +const std::string ACCOUNT_NAME = "accountName"; +const std::string ACCOUNT_ID = "accountId"; constexpr uint64_t VALID_TIME_STAMP = 2147483647; static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { @@ -396,6 +399,18 @@ static void InitPermissionPolicy(PermissionPolicy& policy, const std::vector(accountName.c_str())), - .authPerm = READ_ONLY, + .authPerm = DLPFileAccess::READ_ONLY, .permExpiryTime = curTime + EXPIRT_TIME, .authAccountType = DlpAccountType::CLOUD_ACCOUNT}; encProp.authUsers.emplace_back(perminfo); -- Gitee