diff --git a/interfaces/kits/napi/include/cm_napi_user_trusted_cert.h b/interfaces/kits/napi/include/cm_napi_user_trusted_cert.h index 27a889c70b79102870f208a5f56c0bd5b6f1f145..98dd1d8f5d90831fdce4d1b7571908a109900ea6 100755 --- a/interfaces/kits/napi/include/cm_napi_user_trusted_cert.h +++ b/interfaces/kits/napi/include/cm_napi_user_trusted_cert.h @@ -23,6 +23,7 @@ namespace CMNapi { napi_value CMNapiInstallUserTrustedCert(napi_env env, napi_callback_info info); napi_value CMNapiUninstallAllUserTrustedCert(napi_env env, napi_callback_info info); napi_value CMNapiUninstallUserTrustedCert(napi_env env, napi_callback_info info); + napi_value CMNapiUninstallUserCertSync(napi_env env, napi_callback_info info); } // namespace CMNapi #endif /* CM_NAPI_USER_TRUSTED_CERT_H */ diff --git a/interfaces/kits/napi/src/cm_napi.cpp b/interfaces/kits/napi/src/cm_napi.cpp index 4accac25470875170a872c9ce081ff6e42064ef3..ede526d9a120ce7ff092e14b90e82a1eb38a7caa 100644 --- a/interfaces/kits/napi/src/cm_napi.cpp +++ b/interfaces/kits/napi/src/cm_napi.cpp @@ -154,6 +154,7 @@ extern "C" { DECLARE_NAPI_FUNCTION("uninstallUserTrustedCertificate", CMNapiUninstallUserTrustedCert), DECLARE_NAPI_FUNCTION("getAllUserTrustedCertificates", CMNapiGetAllUserTrustedCertList), DECLARE_NAPI_FUNCTION("getUserTrustedCertificate", CMNapiGetUserTrustedCertInfo), + DECLARE_NAPI_FUNCTION("uninstallUserTrustedCertifacateSync", CMNapiUninstallUserCertSync), /* private cred */ DECLARE_NAPI_FUNCTION("installPrivateCertificate", CMNapiInstallPrivateAppCert), diff --git a/interfaces/kits/napi/src/cm_napi_user_trusted_cert.cpp b/interfaces/kits/napi/src/cm_napi_user_trusted_cert.cpp index 980c3b39ae54366a530033597bc4d223d8e1cac9..c7d231a9da3a8876df811de489c157f4ac4b6b70 100644 --- a/interfaces/kits/napi/src/cm_napi_user_trusted_cert.cpp +++ b/interfaces/kits/napi/src/cm_napi_user_trusted_cert.cpp @@ -460,5 +460,30 @@ napi_value CMNapiUninstallAllUserTrustedCert(napi_env env, napi_callback_info in return result; } + +napi_value CMNapiUninstallUserCertSync(napi_env env, napi_callback_info info) //to b +{ + UserCertAsyncContext context = InitUserCertAsyncContext(); + if (context == nullptr) { + CM_LOG_E("init uninstall user cert context failed"); + return nullptr; + } + + napi_value result = ParseUninstallUserCertParams(env, info, context); + if (result == nullptr) { + CM_LOG_E("parse uninstall user cert params failed"); + FreeUserCertAsyncContext(env, context); + return nullptr; + } + + int32_t ret = CmUninstallUserTrustedCert(context->certUri); + FreeUserCertAsyncContext(env, context); + if (ret != CM_SUCCESS) { + CM_LOG_E("start uninstall user cert sync work failed"); + return nullptr; + } + + return nullptr; +} } // namespace CMNapi diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_permission_check.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_permission_check.h index 429d151f45261bf8fae0ea0201c59f1aed0571fb..61d268e0e15a2ff724a252135c4785815fb6ab85 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_permission_check.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_permission_check.h @@ -36,6 +36,8 @@ bool CmIsSystemAppByStoreType(const uint32_t store); bool CmPermissionCheck(const uint32_t store); +bool CmHasEnterPriseUserTrustedPermission(void); + #ifdef __cplusplus } #endif diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c index 8b41023a4241dfca9d9276a55ae0ecc978fac2db..a863130dfa26d43f32a37cca0fa877b4d599a92f 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c @@ -279,13 +279,23 @@ static int32_t CheckAndUpdateCallerAndUri(struct CmContext *cmContext, const str } (void)CertManagerFreeUri(&uriObj); - if ((cmContext->userId != 0) && (cmContext->userId != userId)) { - CM_LOG_E("caller userid is not producer"); - return CMR_ERROR_INVALID_ARGUMENT; - } - if ((isCheckUid) && (cmContext->userId == 0) && (cmContext->uid != uid)) { - CM_LOG_E("caller uid is not producer"); + if (type == CM_URI_TYPE_SYS_KEY) { + if ((cmContext->userId != 0) && (cmContext->userId != userId)) { + CM_LOG_E("caller userid is not producer"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if ((isCheckUid) && (cmContext->userId == 0) && (cmContext->uid != uid)) { + CM_LOG_E("caller uid is not producer"); + return CMR_ERROR_INVALID_ARGUMENT; + } + } else if (type == CM_URI_TYPE_CERTIFICATE) { + if ((cmContext->userId != 0) && (cmContext->userId != userId) && (userId != 0)) { + CM_LOG_E("caller is hap, current user is %u, userid[%u] is invalid", cmContext->userId, userId); + return CMR_ERROR_INVALID_ARGUMENT; + } + } else { return CMR_ERROR_INVALID_ARGUMENT; } @@ -521,16 +531,11 @@ int32_t CmServiceUninstallUserCertCheck(struct CmContext *cmContext, const struc return CMR_ERROR_INVALID_ARGUMENT; } - if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) { + if (!CmHasEnterPriseUserTrustedPermission() && !CmHasUserTrustedPermission()) { CM_LOG_E("uninstall user cert: caller no permission"); return CMR_ERROR_PERMISSION_DENIED; } - if (!CmIsSystemApp()) { - CM_LOG_E("uninstall user cert: caller is not system app"); - return CMR_ERROR_NOT_SYSTEMP_APP; - } - int32_t ret = CheckAndUpdateCallerAndUri(cmContext, certUri, CM_URI_TYPE_CERTIFICATE, true); if (ret != CM_SUCCESS) { CM_LOG_E("uninstall user cert: caller and uri check fail"); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c index 594bb3194f192b664bd75864c5c7538045ec8a81..662a5171f0f79b358b9740b5ae50d6e17cc9b09b 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c @@ -209,8 +209,13 @@ int32_t CmFileRemove(const char *path, const char *fileName) return CMR_ERROR_INVALID_ARGUMENT; } + int32_t ret = CmIsFileExist(path, fileName); + if (ret != CMR_OK) { + CM_LOG_E("target file not exist"); + return ret; + } char *fullFileName = NULL; - int32_t ret = GetFullFileName(path, fileName, &fullFileName); + ret = GetFullFileName(path, fileName, &fullFileName); if (ret != CMR_OK) { return ret; } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_permission_check.cpp b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_permission_check.cpp index 1f788a23c7317d14b06b8ef77fb8bb8f8aff60ce..e077fe359415ea7eec1f3c63874fd14af1bf422c 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_permission_check.cpp +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_permission_check.cpp @@ -55,6 +55,11 @@ bool CmHasSystemAppPermission(void) return HasPermission("ohos.permission.ACCESS_SYSTEM_APP_CERT"); } +bool CmHasEnterPriseUserTrustedPermission(void) +{ + return HasPermission("ohos.permission.ACCESS_ENTERPRISE_USER_TRUSTED_CERT"); +} + bool CmIsSystemApp(void) { AccessTokenID tokenId = OHOS::IPCSkeleton::GetCallingTokenID(); diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c index 3330a939d7590a0bebf69f068273563079aa8a14..c9c87c08c9a47cdd7348cf11a6e47ca312fc7c55 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c @@ -263,13 +263,8 @@ void CmIpcServiceUninstallAppCert(const struct CmBlob *paramSetBlob, struct CmBl struct CmContext cmContext = {0}; struct CmParamOut params[] = { - { - .tag = CM_TAG_PARAM0_BUFFER, - .blob = &keyUri - }, { - .tag = CM_TAG_PARAM0_UINT32, - .uint32Param = &store - }, + { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri }, + { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store }, }; do { @@ -1166,6 +1161,7 @@ void CmIpcServiceInstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlo uint32_t userId = 0; uint32_t status = CERT_STATUS_ENANLED; struct CmContext cmContext = {0}; + struct CmContext oriContext = {0}; struct CmParamSet *paramSet = NULL; struct CmParamOut params[] = { { .tag = CM_TAG_PARAM0_BUFFER, .blob = &userCert }, @@ -1180,6 +1176,8 @@ void CmIpcServiceInstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlo CM_LOG_E("InstallUserCert get input params failed, ret = %d", ret); break; } + oriContext.userId = cmContext.userId; + oriContext.uid = cmContext.uid; ret = CmServiceInstallUserCertCheck(&cmContext, &userCert, &certAlias, userId); if (ret != CM_SUCCESS) { @@ -1197,12 +1195,12 @@ void CmIpcServiceInstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlo } while (0); struct CmBlob tempBlob = { 0, NULL }; - CmReport(__func__, &cmContext, &tempBlob, ret); + CmReport(__func__, &oriContext, &tempBlob, ret); if (ret != CM_SUCCESS) { CmSendResponse(context, ret, NULL); } - CmReportSGInstallUserCert(&certAlias, ret); + CmReportSGInstallUserCert(&certAlias, outData, ret); CmFreeParamSet(¶mSet); } @@ -1213,6 +1211,7 @@ void CmIpcServiceUninstallUserCert(const struct CmBlob *paramSetBlob, struct CmB int32_t ret = CM_SUCCESS; struct CmBlob certUri = { 0, NULL }; struct CmContext cmContext = {0}; + struct CmContext oriContext = {0}; struct CmParamSet *paramSet = NULL; struct CmParamOut params[] = { { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri }, @@ -1224,6 +1223,8 @@ void CmIpcServiceUninstallUserCert(const struct CmBlob *paramSetBlob, struct CmB CM_LOG_E("UninstallUserCert get input params failed, ret = %d", ret); break; } + oriContext.userId = cmContext.userId; + oriContext.uid = cmContext.uid; ret = CmServiceUninstallUserCertCheck(&cmContext, &certUri); if (ret != CM_SUCCESS) { @@ -1238,7 +1239,7 @@ void CmIpcServiceUninstallUserCert(const struct CmBlob *paramSetBlob, struct CmB } } while (0); - CmReport(__func__, &cmContext, &certUri, ret); + CmReport(__func__, &oriContext, &certUri, ret); CmSendResponse(context, ret, NULL); CmReportSGUninstallUserCert(&certUri, false, ret); CmFreeParamSet(¶mSet); diff --git a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/BUILD.gn b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/BUILD.gn index 968f7b4620e0a4b51686f51221d0157a37c399c2..39e56eb3c7d85f1dbb6d96a99c5f910fb743ce2a 100644 --- a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/BUILD.gn +++ b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/BUILD.gn @@ -35,6 +35,7 @@ ohos_static_library("libcert_manager_sg_report_static") { deps = [ "${cert_manager_root_dir}/frameworks/cert_manager_standard/main/common:libcert_manager_common_standard_static", "${cert_manager_root_dir}/interfaces/innerkits/cert_manager_standard/main:cert_manager_sdk", + "${cert_manager_root_dir}/services/cert_manager_standard/cert_manager_engine/main/rdb:libcert_manager_rdb_static", ] sources = [ "src/cm_security_guard_info.c", @@ -46,6 +47,7 @@ ohos_static_library("libcert_manager_sg_report_static") { ] external_deps = [ + "access_token:libaccesstoken_sdk", "bounds_checking_function:libsec_shared", "c_utils:utils", "ipc:ipc_single", diff --git a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/include/cm_security_guard_info.h b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/include/cm_security_guard_info.h index b45318b32b9eabcdabdc9b2f4223792e42ebcdfa..a7bebee7271de0645e990e3d084704217f2417b7 100644 --- a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/include/cm_security_guard_info.h +++ b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/include/cm_security_guard_info.h @@ -24,7 +24,7 @@ extern "C" { void CmReportSGSetCertStatus(const struct CmBlob *certUri, uint32_t store, uint32_t status, int32_t result); -void CmReportSGInstallUserCert(const struct CmBlob *certAlias, int32_t result); +void CmReportSGInstallUserCert(const struct CmBlob *certAlias, struct CmBlob *certUri, int32_t result); void CmReportSGUninstallUserCert(const struct CmBlob *certUri, bool isUninstallAll, int32_t result); diff --git a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/include/cm_security_guard_report.h b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/include/cm_security_guard_report.h index 05c7890b3151b81fbe242146755a409a1e8f22f8..3dbee81a0622cb7e80e67795cd8f6ef69141950b 100644 --- a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/include/cm_security_guard_report.h +++ b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/include/cm_security_guard_report.h @@ -25,6 +25,7 @@ struct CmReportSGInfo { uint32_t uid; int32_t result; char *name; + char *subjectName; bool isSetGrantUid; uint32_t grantUid; bool isSetStatus; diff --git a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_info.c b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_info.c index 20aaa0369fa5f7d038daa9fde874eb37bdc299c2..0032487e55afd388979d5ee3365a53af582c4c36 100644 --- a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_info.c +++ b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_info.c @@ -18,6 +18,7 @@ #include "cm_log.h" #include "cm_mem.h" #include "cm_security_guard_report.h" +#include "cm_cert_property_rdb.h" #ifdef SUPPORT_SECURITY_GUARD #define CM_INVALID_NAME "nameInvalid" @@ -40,27 +41,27 @@ static bool IsNameValid(const struct CmBlob *name) #define ANONYMOUS_LEN 4 -static void AnonymousName(char *name, uint32_t nameLen) -{ - char p = '*'; - uint32_t offset = strlen("o="); - char *substr = strstr(name, "o="); - if (substr == NULL || strlen(substr) == offset) { - if (nameLen <= ANONYMOUS_LEN) { - (void)memset_s(name, nameLen, p, nameLen); - } else { - (void)memset_s(name + nameLen - ANONYMOUS_LEN, ANONYMOUS_LEN, p, ANONYMOUS_LEN); - } - return; - } +// static void AnonymousName(char *name, uint32_t nameLen) +// { +// char p = '*'; +// uint32_t offset = strlen("o="); +// char *substr = strstr(name, "o="); +// if (substr == NULL || strlen(substr) == offset) { +// if (nameLen <= ANONYMOUS_LEN) { +// (void)memset_s(name, nameLen, p, nameLen); +// } else { +// (void)memset_s(name + nameLen - ANONYMOUS_LEN, ANONYMOUS_LEN, p, ANONYMOUS_LEN); +// } +// return; +// } - uint32_t substrLen = strlen(substr); - if (substrLen <= ANONYMOUS_LEN + offset) { - (void)memset_s(substr + offset, substrLen - offset, p, substrLen - offset); - } else { - (void)memset_s(substr + offset, ANONYMOUS_LEN, p, ANONYMOUS_LEN); - } -} +// uint32_t substrLen = strlen(substr); +// if (substrLen <= ANONYMOUS_LEN + offset) { +// (void)memset_s(substr + offset, substrLen - offset, p, substrLen - offset); +// } else { +// (void)memset_s(substr + offset, ANONYMOUS_LEN, p, ANONYMOUS_LEN); +// } +// } static int32_t ConstructInfoName(const struct CmBlob *input, char **name) { @@ -73,9 +74,6 @@ static int32_t ConstructInfoName(const struct CmBlob *input, char **name) (void)memset_s(*name, nameLen, 0, nameLen); /* initialized to 0 to avoid that input does not end with '\0' */ (void)strcpy_s(*name, nameLen, isNameValid ? (char *)input->data : CM_INVALID_NAME); - if (isNameValid) { - AnonymousName(*name, nameLen - 1); /* nameLen is bigger than 1 and exclude end '\0' */ - } return CM_SUCCESS; } @@ -90,6 +88,50 @@ static void ConstructInfoAndReport(const struct CmBlob *input, const char *actio CmReportSGRecord(info); CM_FREE_PTR(info->name); } + +static int32_t ConstructInfoSubjectName(const struct CmBlob *input, char **name) +{ + if (!IsNameValid(input)) { + return CMR_ERROR_INVALID_ARGUMENT; + } + + struct CertProperty certProperty; + (void)memset_s(&certProperty, sizeof(struct CertProperty), 0, sizeof(struct CertProperty)); + int32_t ret = QueryCertProperty((const char *)input->data, &certProperty); + if (ret != CM_SUCCESS) { + return ret; + } + + if (strlen(certProperty.subjectName) > MAX_LEN_SUBJECT_NAME) { //构造uri的时候应该会判断 + return CM_FAILURE; + } + + uint32_t nameLen = strlen(certProperty.subjectName) + 1; + *name = (char *)CmMalloc(nameLen); + if (*name == NULL) { + return CMR_ERROR_MALLOC_FAIL; + } + (void)memset_s(*name, nameLen, 0, nameLen); + (void)strcpy_s(*name, nameLen, certProperty.subjectName); + return ret; +} + +static void ConstructSubjectAndReport(const struct CmBlob *input, const char *action, struct CmReportSGInfo *info) +{ + if (strcpy_s(info->action, sizeof(info->action), action) != EOK) { + return; + } + if (ConstructInfoName(input, &info->name) != CM_SUCCESS) { //uri->name + return; + } + if (ConstructInfoSubjectName(input, &info->subjectName) != CM_SUCCESS) { + return; + } + + CmReportSGRecord(info); + CM_FREE_PTR(info->name); + CM_FREE_PTR(info->subjectName); +} #endif void CmReportSGSetCertStatus(const struct CmBlob *certUri, uint32_t store, uint32_t status, int32_t result) @@ -114,7 +156,7 @@ void CmReportSGSetCertStatus(const struct CmBlob *certUri, uint32_t store, uint3 #endif } -void CmReportSGInstallUserCert(const struct CmBlob *certAlias, int32_t result) +void CmReportSGInstallUserCert(const struct CmBlob *certAlias, struct CmBlob *certUri, int32_t result) { #ifdef SUPPORT_SECURITY_GUARD struct CmReportSGInfo info; @@ -126,7 +168,12 @@ void CmReportSGInstallUserCert(const struct CmBlob *certAlias, int32_t result) info.isSetStatus = false; char *action = "CmInstallUserCert"; - ConstructInfoAndReport(certAlias, action, &info); + if (result != CM_SUCCESS) { + ConstructInfoAndReport(certAlias, action, &info); + } else { + ConstructSubjectAndReport(certUri, action, &info); + } + #else (void)certAlias; (void)result; @@ -153,7 +200,7 @@ void CmReportSGUninstallUserCert(const struct CmBlob *certUri, bool isUninstallA } char *action = "CmUninstallUserCert"; - ConstructInfoAndReport(certUri, action, &info); + ConstructInfoAndReport(certUri, action, &info); //走这 #else (void)certUri; (void)isUninstallAll; diff --git a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_report.cpp b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_report.cpp index eb5da801b23a0c62e20e3241d0bbc5d8af1f68ea..24d64d221c8078b72c44ff87cecea2f5484f01c6 100644 --- a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_report.cpp +++ b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_report.cpp @@ -24,13 +24,21 @@ #include "event_info.h" #include "sg_collect_client.h" +#include "accesstoken_kit.h" +#include "hap_token_info.h" +#include "ipc_skeleton.h" #define CM_INFO_JSON_MAX_LEN 512 #define SG_JSON_MAX_LEN 1024 #define CERT_EVENTID 1011015014 #define CERT_VERSION "1.0" +#define CALLER_NAME_MAX_SIZE 128 using namespace OHOS::Security::SecurityGuard; +using namespace OHOS; +using namespace OHOS::Security::AccessToken; + +const std::string CALLER_UID_NAME = "ipc_calling_uid: "; uint32_t CmGetCallingUid(void) { @@ -39,19 +47,61 @@ uint32_t CmGetCallingUid(void) void InfoToJson(const struct CmReportSGInfo *info, char *json, int32_t jsonLen) { + char subjectName[MAX_LEN_SUBJECT_NAME] = {0}; + if (info->subjectName == nullptr) { + subjectName[0] = '\0'; + } else { + if (strncpy_s(subjectName, MAX_LEN_SUBJECT_NAME, info->subjectName, strlen(info->subjectName)) != EOK) { + CM_LOG_E("Failed to copy subject name"); + return; + } + } + int32_t ret = snprintf_s(json, jsonLen, jsonLen - 1, "{\\\"action\\\":\\\"%s\\\", \\\"uid\\\":%u, " - "\\\"result\\\":%d, \\\"name\\\":\\\"%s\\\", \\\"isSetGrantUid\\\":%d, \\\"grantUid\\\":%u," - "\\\"isSetStatus\\\":%d, \\\"status\\\":%d}", info->action, info->uid, info->result, info->name, + "\\\"result\\\":%d, \\\"name\\\":\\\"%s\\\", \\\"subjectName\\\":\\\"%s\\\", \\\"isSetGrantUid\\\":%d, \\\"grantUid\\\":%u," + "\\\"isSetStatus\\\":%d, \\\"status\\\":%d}", info->action, info->uid, info->result, info->name, subjectName, info->isSetGrantUid ? 1 : 0, info->grantUid, info->isSetStatus ? 1 : 0, info->status ? 1 : 0); if (ret < 0) { CM_LOG_E("info to json error"); } } +static int32_t GetCaller(char *callerName, uint32_t callerNameSize) +{ + std::string caller = ""; + auto callingTokenId = IPCSkeleton::GetCallingTokenID(); + if (AccessTokenKit::GetTokenType(callingTokenId) != ATokenTypeEnum::TOKEN_HAP) { + int32_t uid = IPCSkeleton::GetCallingUid(); + caller += CALLER_UID_NAME; + caller += std::to_string(uid); + } else { + HapTokenInfo hapTokenInfo; + int32_t ret = AccessTokenKit::GetHapTokenInfo(callingTokenId, hapTokenInfo); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed to get hap info from access token kit."); + return CM_FAILURE; + } + caller += hapTokenInfo.bundleName; + } + + if (strncpy_s(callerName, callerNameSize, caller.c_str(), caller.size() + 1) != EOK) { + CM_LOG_E("Failed to copy caller"); + return CMR_ERROR_INVALID_OPERATION; + } + return CM_SUCCESS; +} + void CmFillSGRecord(char *objectInfoJson, char *recordJson, int32_t recordJsonLen) { struct SGEventContent content; (void)memset_s(&content, sizeof(content), 0, sizeof(content)); + char caller[CALLER_NAME_MAX_SIZE] = { 0 }; + int32_t ret = GetCaller(caller, CALLER_NAME_MAX_SIZE); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed to get caller"); + return; + } + content.caller = caller; char constant[] = ""; content.type = 0; content.subType = 0; @@ -63,7 +113,7 @@ void CmFillSGRecord(char *objectInfoJson, char *recordJson, int32_t recordJsonLe content.sourceInfo = constant; content.targetInfo = constant; content.extra = constant; - int32_t ret = snprintf_s(recordJson, recordJsonLen, recordJsonLen - 1, "{\"type\":%d, \"subType\":%d," + ret = snprintf_s(recordJson, recordJsonLen, recordJsonLen - 1, "{\"type\":%d, \"subType\":%d," "\"caller\":\"%s\", \"objectInfo\":\"%s\", \"bootTime\":\"%s\", \"wallTime\":\"%s\", \"outcome\":\"%s\", " "\"sourceInfo\":\"%s\", \"targetInfo\":\"%s\", \"extra\":\"%s\"}", content.type, content.subType, content.caller, content.objectInfo, content.bootTime, content.wallTime, content.outcome, content.sourceInfo, @@ -75,22 +125,27 @@ void CmFillSGRecord(char *objectInfoJson, char *recordJson, int32_t recordJsonLe void CmReportSGRecord(const struct CmReportSGInfo *info) { - char *objectJson = static_cast(CmMalloc(CM_INFO_JSON_MAX_LEN)); + int32_t jsonLen = CM_INFO_JSON_MAX_LEN; + if (info->subjectName != NULL) { + jsonLen += strlen(info->subjectName); + } + + char *objectJson = static_cast(CmMalloc(jsonLen)); if (objectJson == NULL) { CM_LOG_E("objectJson malloc error"); return; } - (void)memset_s(objectJson, CM_INFO_JSON_MAX_LEN, 0, CM_INFO_JSON_MAX_LEN); - InfoToJson(info, objectJson, CM_INFO_JSON_MAX_LEN); + (void)memset_s(objectJson, jsonLen, 0, jsonLen); + InfoToJson(info, objectJson, jsonLen); - char *recordJson = static_cast(CmMalloc(SG_JSON_MAX_LEN)); + char *recordJson = static_cast(CmMalloc(jsonLen)); if (recordJson == NULL) { CM_FREE_PTR(objectJson); CM_LOG_E("recordJson malloc error"); return; } - (void)memset_s(recordJson, SG_JSON_MAX_LEN, 0, SG_JSON_MAX_LEN); - CmFillSGRecord(objectJson, recordJson, SG_JSON_MAX_LEN); + (void)memset_s(recordJson, jsonLen, 0, jsonLen); + CmFillSGRecord(objectJson, recordJson, jsonLen); CM_FREE_PTR(objectJson); std::shared_ptr eventInfo = std::make_shared(CERT_EVENTID, CERT_VERSION, recordJson); int32_t ret = NativeDataCollectKit::ReportSecurityInfo(eventInfo); diff --git a/test/unittest/src/cm_user_cert_test.cpp b/test/unittest/src/cm_user_cert_test.cpp index 3d2d2e1757765e7935f6504f9e56039fa945d659..5854a24cf62ffb2b48180522113b781a5f2413bf 100755 --- a/test/unittest/src/cm_user_cert_test.cpp +++ b/test/unittest/src/cm_user_cert_test.cpp @@ -863,7 +863,7 @@ HWTEST_F(CmUserCertTest, UninstallUserCertTest004, TestSize.Level0) struct CmBlob invalidUri = { strlen(invalidUriBuf) + 1, reinterpret_cast(invalidUriBuf) }; ret = CmUninstallUserTrustedCert(&invalidUri); - EXPECT_EQ(ret, CM_SUCCESS) << "Normal user cert Uninstall test failed, recode:" << ret; + EXPECT_EQ(ret, CMR_ERROR_NOT_EXIST) << "Normal user cert Uninstall test failed, recode:" << ret; } /**