From b2af1dd83c25076357cf75cbfa95d1fd509088be Mon Sep 17 00:00:00 2001 From: zuojiangjiang Date: Sat, 26 Feb 2022 10:21:32 +0800 Subject: [PATCH 1/2] optimize the Security part Signed-off-by: zuojiangjiang --- .../app/src/security/security.cpp | 76 +++++++++---------- .../app/src/security/security.h | 16 ++-- .../app/src/security/sensitive.cpp | 10 ++- .../app/src/security/sensitive.h | 3 +- 4 files changed, 54 insertions(+), 51 deletions(-) diff --git a/services/distributeddataservice/app/src/security/security.cpp b/services/distributeddataservice/app/src/security/security.cpp index 398b4c141..fd772270e 100644 --- a/services/distributeddataservice/app/src/security/security.cpp +++ b/services/distributeddataservice/app/src/security/security.cpp @@ -24,6 +24,7 @@ #include "communication_provider.h" #include "dev_slinfo_mgr.h" #include "security_label.h" +#include "utils/anonymous.h" #undef LOG_TAG #define LOG_TAG "Security" @@ -33,10 +34,11 @@ namespace { const std::string EMPTY_STRING = ""; } using namespace DistributedDB; +using Anonymous = DistributedData::Anonymous; const std::string Security::LABEL_VALUES[S4 + 1] = { "", "s0", "s1", "s2", "s3", "s4" }; - +ConcurrentMap Security::devicesUdid_; Security::Security() { ZLOGD("construct"); @@ -92,7 +94,7 @@ DBStatus Security::GetSecurityOption(const std::string &filePath, SecurityOption bool Security::CheckDeviceSecurityAbility(const std::string &deviceId, const SecurityOption &option) const { ZLOGD("The kvstore security level: label:%d", option.securityLabel); - Sensitive sensitive = GetDeviceNodeByUuid(deviceId, true, nullptr); + Sensitive sensitive = GetSensitiveByUuid(deviceId); return (sensitive >= option); } @@ -139,11 +141,14 @@ void Security::OnDeviceChanged(const AppDistributedKv::DeviceInfo &info, } bool isOnline = type == AppDistributedKv::DeviceChangeType::DEVICE_ONLINE; - Sensitive sensitive = GetDeviceNodeByUuid(info.deviceId, isOnline, nullptr); - ZLOGD("device is online:%d, deviceId:%{public}s", isOnline, KvStoreUtils::ToBeAnonymous(info.deviceId).c_str()); if (isOnline) { + Sensitive sensitive = GetSensitiveByUuid(info.deviceId); + ZLOGD("device is online, deviceId:%{public}s", KvStoreUtils::ToBeAnonymous(info.deviceId).c_str()); auto secuiryLevel = sensitive.GetDeviceSecurityLevel(); - ZLOGI("device is online, secuiry Level:%d", secuiryLevel); + ZLOGI("device is online, secuiry Level:%{public}d", secuiryLevel); + } else { + EraseSensitiveByUuid(info.deviceId); + ZLOGD("device is offline, deviceId:%{public}s", KvStoreUtils::ToBeAnonymous(info.deviceId).c_str()); } } @@ -152,45 +157,40 @@ bool Security::IsExits(const std::string &file) const return access(file.c_str(), F_OK) == 0; } -Sensitive Security::GetDeviceNodeByUuid(const std::string &uuid, bool isOnline, - const std::function(void)> &getValue) +Sensitive Security::GetSensitiveByUuid(const std::string &uuid) { - static std::mutex mutex; - static std::map devicesUdid; - std::lock_guard guard(mutex); - auto it = devicesUdid.find(uuid); - if (!isOnline) { - if (it != devicesUdid.end()) { - devicesUdid.erase(uuid); + Sensitive sensitive; + devicesUdid_.Compute(uuid, [&sensitive](const auto &key, auto &value) { + if (value) { + sensitive = value; + return true; } - return Sensitive(); - } - if (it != devicesUdid.end()) { - return it->second; - } auto &network = AppDistributedKv::CommunicationProvider::GetInstance(); - auto devices = network.GetRemoteNodesBasicInfo(); - devices.push_back(network.GetLocalBasicInfo()); - for (auto &device : devices) { - auto deviceUuid = network.GetUuidByNodeId(device.deviceId); - ZLOGD("GetDeviceNodeByUuid(%.10s) peer device is %.10s", uuid.c_str(), deviceUuid.c_str()); - if (uuid != deviceUuid) { - continue; - } - - Sensitive sensitive(network.GetUdidByNodeId(device.deviceId)); - if (getValue == nullptr) { - devicesUdid.insert(std::pair(uuid, std::move(sensitive))); - return devicesUdid[uuid]; + auto devices = network.GetRemoteNodesBasicInfo(); + devices.push_back(network.GetLocalBasicInfo()); + for (auto &device : devices) { + auto deviceUuid = network.GetUuidByNodeId(device.deviceId); + ZLOGD("GetSensitiveByUuid(%{public}s) peer device is %{public}s", + Anonymous::Change(key).c_str(), Anonymous::Change(deviceUuid).c_str()); + if (key != deviceUuid) { + continue; + } + + value = Sensitive(network.GetUdidByNodeId(device.deviceId)); + value.GetDeviceSecurityLevel(); + sensitive = value; + return true; } + return false; + }); + return sensitive; +} - auto value = getValue(); - ZLOGI("getValue is not nullptr!"); - return sensitive; - } - - return Sensitive(); +bool Security::EraseSensitiveByUuid(const std::string &uuid) +{ + devicesUdid_.Erase(uuid); + return true; } int32_t Security::GetCurrentUserStatus() const diff --git a/services/distributeddataservice/app/src/security/security.h b/services/distributeddataservice/app/src/security/security.h index ab858c225..b8b7b9178 100644 --- a/services/distributeddataservice/app/src/security/security.h +++ b/services/distributeddataservice/app/src/security/security.h @@ -16,9 +16,8 @@ #ifndef OHOS_SECURITY_H #define OHOS_SECURITY_H -#include -#include -#include +#include +#include #include "iprocess_system_api_adapter.h" #include "kv_store_delegate_manager.h" #include "app_device_status_change_listener.h" @@ -52,6 +51,8 @@ public: // Check if the target device can save the data at the give sensitive class. bool CheckDeviceSecurityAbility(const std::string &deviceId, const SecurityOption &option) const override; + void OnDeviceChanged(const AppDistributedKv::DeviceInfo &info, + const AppDistributedKv::DeviceChangeType &type) const override; private: enum { NO_PWD = -1, @@ -59,21 +60,20 @@ private: LOCKED, UNINITIALIZED, }; - static constexpr int RETRY_MAX_TIMES = 10; static const std::string LABEL_VALUES[DistributedDB::S4 + 1]; static const std::string Convert2Name(const SecurityOption &option); static int Convert2Security(const std::string &name); bool IsExits(const std::string &file) const; - void OnDeviceChanged(const AppDistributedKv::DeviceInfo &info, - const AppDistributedKv::DeviceChangeType &type) const override; - static Sensitive GetDeviceNodeByUuid(const std::string &uuid, bool isOnline, - const std::function(void)> &getValue); + static Sensitive GetSensitiveByUuid(const std::string &uuid); + static bool EraseSensitiveByUuid(const std::string &uuid); bool IsXattrValueValid(const std::string& value) const; int32_t GetCurrentUserStatus() const; DBStatus SetFileSecurityOption(const std::string &filePath, const SecurityOption &option); DBStatus SetDirSecurityOption(const std::string &filePath, const SecurityOption &option); DBStatus GetFileSecurityOption(const std::string &filePath, SecurityOption &option) const; DBStatus GetDirSecurityOption(const std::string &filePath, SecurityOption &option) const; + + static ConcurrentMap devicesUdid_; }; } // namespace OHOS::DistributedKv diff --git a/services/distributeddataservice/app/src/security/sensitive.cpp b/services/distributeddataservice/app/src/security/sensitive.cpp index 3f7af3556..3c43bb594 100644 --- a/services/distributeddataservice/app/src/security/sensitive.cpp +++ b/services/distributeddataservice/app/src/security/sensitive.cpp @@ -17,7 +17,6 @@ #include #include #include "log_print.h" -#include "app_types.h" #include "kvstore_utils.h" #undef LOG_TAG #define LOG_TAG "Sensitive" @@ -57,6 +56,11 @@ bool Sensitive::InitDEVSLQueryParams(DEVSLQueryParams *params, const std::string return true; } +Sensitive::operator bool() const +{ + return (!deviceId.empty()) || (securityLevel > DATA_SEC_LEVEL1); +} + bool Sensitive::operator >= (const DistributedDB::SecurityOption &option) { if (option.securityLabel == DistributedDB::NOT_SET) { @@ -112,12 +116,12 @@ uint32_t Sensitive::GetSensitiveLevel(const std::string &udid) uint32_t level = DATA_SEC_LEVEL1; int32_t result = DATASL_GetHighestSecLevel(&query, &level); if (result != DEVSL_SUCCESS) { - ZLOGE("get highest level failed(%{public}s)! level: %d, error: %d", + ZLOGE("get highest level failed(%{public}s)! level: %{public}d, error: %d", KvStoreUtils::ToBeAnonymous(udid).c_str(), securityLevel, result); return DATA_SEC_LEVEL1; } securityLevel = level; - ZLOGI("get highest level success(%{public}s)! level: %d, error: %d", + ZLOGI("get highest level success(%{public}s)! level: %{public}d, error: %d", KvStoreUtils::ToBeAnonymous(udid).c_str(), securityLevel, result); return securityLevel; } diff --git a/services/distributeddataservice/app/src/security/sensitive.h b/services/distributeddataservice/app/src/security/sensitive.h index 250ad7612..376c39e0d 100644 --- a/services/distributeddataservice/app/src/security/sensitive.h +++ b/services/distributeddataservice/app/src/security/sensitive.h @@ -32,10 +32,9 @@ public: Sensitive(Sensitive &&sensitive) noexcept; Sensitive &operator=(Sensitive &&sensitive) noexcept; ~Sensitive() = default; - + operator bool () const; bool operator >= (const DistributedDB::SecurityOption &option); uint32_t GetDeviceSecurityLevel(); - private: uint32_t GetSensitiveLevel(const std::string &udid); bool InitDEVSLQueryParams(DEVSLQueryParams *params, const std::string &udid); -- Gitee From 49afbbb7c754881b3f2d61309ffc4238194a027a Mon Sep 17 00:00:00 2001 From: zuojiangjiang Date: Sat, 26 Feb 2022 10:47:22 +0800 Subject: [PATCH 2/2] optimize the log anonymous Signed-off-by: zuojiangjiang --- .../app/src/security/security.cpp | 5 ++--- .../app/src/security/sensitive.cpp | 11 ++++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/services/distributeddataservice/app/src/security/security.cpp b/services/distributeddataservice/app/src/security/security.cpp index fd772270e..3874ac43b 100644 --- a/services/distributeddataservice/app/src/security/security.cpp +++ b/services/distributeddataservice/app/src/security/security.cpp @@ -20,7 +20,6 @@ #include #include "constant.h" #include "log_print.h" -#include "kvstore_utils.h" #include "communication_provider.h" #include "dev_slinfo_mgr.h" #include "security_label.h" @@ -143,12 +142,12 @@ void Security::OnDeviceChanged(const AppDistributedKv::DeviceInfo &info, bool isOnline = type == AppDistributedKv::DeviceChangeType::DEVICE_ONLINE; if (isOnline) { Sensitive sensitive = GetSensitiveByUuid(info.deviceId); - ZLOGD("device is online, deviceId:%{public}s", KvStoreUtils::ToBeAnonymous(info.deviceId).c_str()); + ZLOGD("device is online, deviceId:%{public}s", Anonymous::Change(info.deviceId).c_str()); auto secuiryLevel = sensitive.GetDeviceSecurityLevel(); ZLOGI("device is online, secuiry Level:%{public}d", secuiryLevel); } else { EraseSensitiveByUuid(info.deviceId); - ZLOGD("device is offline, deviceId:%{public}s", KvStoreUtils::ToBeAnonymous(info.deviceId).c_str()); + ZLOGD("device is offline, deviceId:%{public}s", Anonymous::Change(info.deviceId).c_str()); } } diff --git a/services/distributeddataservice/app/src/security/sensitive.cpp b/services/distributeddataservice/app/src/security/sensitive.cpp index 3c43bb594..01e6ce305 100644 --- a/services/distributeddataservice/app/src/security/sensitive.cpp +++ b/services/distributeddataservice/app/src/security/sensitive.cpp @@ -17,12 +17,13 @@ #include #include #include "log_print.h" -#include "kvstore_utils.h" +#include "utils/anonymous.h" #undef LOG_TAG #define LOG_TAG "Sensitive" namespace OHOS { namespace DistributedKv { +using Anonymous = DistributedData::Anonymous; Sensitive::Sensitive(std::string deviceId) : deviceId(std::move(deviceId)), securityLevel(DATA_SEC_LEVEL1) { @@ -44,7 +45,7 @@ uint32_t Sensitive::GetDeviceSecurityLevel() bool Sensitive::InitDEVSLQueryParams(DEVSLQueryParams *params, const std::string &udid) { - ZLOGI("udid is [%{public}s]", KvStoreUtils::ToBeAnonymous(udid).c_str()); + ZLOGI("udid is [%{public}s]", Anonymous::Change(udid).c_str()); if (params == nullptr || udid.empty()) { return false; } @@ -109,7 +110,7 @@ uint32_t Sensitive::GetSensitiveLevel(const std::string &udid) { DEVSLQueryParams query; if (!InitDEVSLQueryParams(&query, udid)) { - ZLOGE("init query params failed! udid:[%{public}s]", KvStoreUtils::ToBeAnonymous(udid).c_str()); + ZLOGE("init query params failed! udid:[%{public}s]", Anonymous::Change(udid).c_str()); return DATA_SEC_LEVEL1; } @@ -117,12 +118,12 @@ uint32_t Sensitive::GetSensitiveLevel(const std::string &udid) int32_t result = DATASL_GetHighestSecLevel(&query, &level); if (result != DEVSL_SUCCESS) { ZLOGE("get highest level failed(%{public}s)! level: %{public}d, error: %d", - KvStoreUtils::ToBeAnonymous(udid).c_str(), securityLevel, result); + Anonymous::Change(udid).c_str(), securityLevel, result); return DATA_SEC_LEVEL1; } securityLevel = level; ZLOGI("get highest level success(%{public}s)! level: %{public}d, error: %d", - KvStoreUtils::ToBeAnonymous(udid).c_str(), securityLevel, result); + Anonymous::Change(udid).c_str(), securityLevel, result); return securityLevel; } } // namespace DistributedKv -- Gitee