diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c index 66191e7ecfa984371f572fcfb077e04d5d8c6db7..45a75a2a0eed570cbf3784cea1679dc3a5690daf 100644 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c @@ -241,10 +241,8 @@ static int32_t UninstallAppCert(enum CertManagerInterfaceCode type, const struct struct CmParamSet *sendParamSet = NULL; struct CmParam params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, - .blob = *keyUri }, - { .tag = CM_TAG_PARAM0_UINT32, - .uint32Param = store }, + { .tag = CM_TAG_PARAM0_BUFFER, .blob = *keyUri }, + { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = store }, }; do { diff --git a/interfaces/kits/napi/include/cm_napi_user_trusted_cert.h b/interfaces/kits/napi/include/cm_napi_user_trusted_cert.h index 7a4b03282311b831fff092da06be8bc7279752f7..3d519568b24837dc6e90fc74e4cdb6217cc5f30d 100755 --- a/interfaces/kits/napi/include/cm_napi_user_trusted_cert.h +++ b/interfaces/kits/napi/include/cm_napi_user_trusted_cert.h @@ -24,6 +24,7 @@ namespace CMNapi { napi_value CMNapiInstallUserTrustedCertSync(napi_env env, napi_callback_info info); napi_value CMNapiUninstallAllUserTrustedCert(napi_env env, napi_callback_info info); napi_value CMNapiUninstallUserTrustedCert(napi_env env, napi_callback_info info); + napi_value CMNapiUninstallUserCertSync(napi_env env, napi_callback_info info); } // namespace CMNapi #endif /* CM_NAPI_USER_TRUSTED_CERT_H */ diff --git a/interfaces/kits/napi/src/cm_napi.cpp b/interfaces/kits/napi/src/cm_napi.cpp index 0101125861988defbba801e7bee61ee4e1c4e921..fac22964aeff7273b5ae864941e23b9c84357181 100644 --- a/interfaces/kits/napi/src/cm_napi.cpp +++ b/interfaces/kits/napi/src/cm_napi.cpp @@ -155,6 +155,7 @@ extern "C" { DECLARE_NAPI_FUNCTION("uninstallUserTrustedCertificate", CMNapiUninstallUserTrustedCert), DECLARE_NAPI_FUNCTION("getAllUserTrustedCertificates", CMNapiGetAllUserTrustedCertList), DECLARE_NAPI_FUNCTION("getUserTrustedCertificate", CMNapiGetUserTrustedCertInfo), + DECLARE_NAPI_FUNCTION("uninstallUserTrustedCertificateSync", CMNapiUninstallUserCertSync), /* private cred */ DECLARE_NAPI_FUNCTION("installPrivateCertificate", CMNapiInstallPrivateAppCert), diff --git a/interfaces/kits/napi/src/cm_napi_user_trusted_cert.cpp b/interfaces/kits/napi/src/cm_napi_user_trusted_cert.cpp index 2407ead39c19efe04f6fb220b7736d418560439c..639ce51c19f11e62e9aec80da240e6fe3c9aea72 100644 --- a/interfaces/kits/napi/src/cm_napi_user_trusted_cert.cpp +++ b/interfaces/kits/napi/src/cm_napi_user_trusted_cert.cpp @@ -29,6 +29,7 @@ constexpr int CM_NAPI_USER_INSTALL_ARGS_CNT = 2; constexpr int CM_NAPI_USER_INSTALL_SYNC_ARGS_CNT = 2; constexpr int CM_NAPI_USER_UNINSTALL_ARGS_CNT = 2; constexpr int CM_NAPI_USER_UNINSTALL_ALL_ARGS_CNT = 1; +constexpr int CM_NAPI_USER_UNINSTALL_SYNC_ARGS_CNT = 1; constexpr int CM_NAPI_CALLBACK_ARG_CNT = 1; constexpr uint32_t OUT_AUTH_URI_SIZE = 1000; } // namespace @@ -203,6 +204,26 @@ static napi_value ParseUninstallUserCertParams(napi_env env, napi_callback_info return GetInt32(env, 0); } +static int32_t ParseUninstallUserCertSyncParams(napi_env env, napi_callback_info info, UserCertAsyncContext context) +{ + size_t argc = CM_NAPI_USER_UNINSTALL_SYNC_ARGS_CNT; + napi_value argv[CM_NAPI_USER_UNINSTALL_SYNC_ARGS_CNT] = { nullptr }; + napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr); + + if (argc != CM_NAPI_USER_UNINSTALL_SYNC_ARGS_CNT) { + CM_LOG_E("arguments count is not expected when uninstalling user cert sync"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + napi_value result = ParseString(env, argv[0], context->certUri); + if (result == nullptr) { + CM_LOG_E("get certUri failed when uninstalling user cert sync"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + return CM_SUCCESS; +} + static int32_t ParseInstallUserCertSyncParams(napi_env env, napi_callback_info info, CmBlob **userCert, CmCertScope &installScope) { @@ -550,5 +571,38 @@ napi_value CMNapiUninstallAllUserTrustedCert(napi_env env, napi_callback_info in return result; } + +napi_value CMNapiUninstallUserCertSync(napi_env env, napi_callback_info info) +{ + UserCertAsyncContext context = InitUserCertAsyncContext(); + int32_t ret; + do { + if (context == nullptr) { + ret = CMR_ERROR_NULL_POINTER; + CM_LOG_E("init uninstall user cert context failed"); + break; + } + + ret = ParseUninstallUserCertSyncParams(env, info, context); + if (ret != CM_SUCCESS) { + CM_LOG_E("parse uninstall user cert params failed"); + break; + } + + ret = CmUninstallUserTrustedCert(context->certUri); + if (ret != CM_SUCCESS) { + CM_LOG_E("start uninstall user cert sync work failed"); + break; + } + } while (0); + + if (ret != CM_SUCCESS) { + CM_LOG_E("uninstall user cert sync failed, ret = %d", ret); + napi_throw(env, GenerateBusinessError(env, ret)); + } + + FreeUserCertAsyncContext(env, context); + return nullptr; +} } // namespace CMNapi diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c index c2b90f6e209f1e0bd86ef71fdb54d57a9dc9fc26..c9bfc23fb5a30a05964165227aa146ebcc6d0ca4 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c @@ -279,8 +279,17 @@ static int32_t CheckAndUpdateCallerAndUri(struct CmContext *cmContext, const str } (void)CertManagerFreeUri(&uriObj); - if ((cmContext->userId != 0) && (cmContext->userId != userId)) { - CM_LOG_E("caller userid is not producer"); + if (type == CM_URI_TYPE_SYS_KEY) { + if ((cmContext->userId != 0) && (cmContext->userId != userId)) { + CM_LOG_E("caller is hap, current user is %u, userid[%u] is invalid", cmContext->userId, userId); + return CMR_ERROR_INVALID_ARGUMENT; + } + } else if (type == CM_URI_TYPE_CERTIFICATE) { + if ((cmContext->userId != 0) && (cmContext->userId != userId) && (userId != 0)) { + CM_LOG_E("caller is hap, current user is %u, userid[%u] is invalid", cmContext->userId, userId); + return CMR_ERROR_INVALID_ARGUMENT; + } + } else { return CMR_ERROR_INVALID_ARGUMENT; } @@ -520,16 +529,11 @@ int32_t CmServiceUninstallUserCertCheck(struct CmContext *cmContext, const struc return CMR_ERROR_INVALID_ARGUMENT; } - if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) { + if (!CmHasEnterpriseUserTrustedPermission() && !CmHasUserTrustedPermission()) { CM_LOG_E("uninstall user cert: caller no permission"); return CMR_ERROR_PERMISSION_DENIED; } - if (!CmIsSystemApp()) { - CM_LOG_E("uninstall user cert: caller is not system app"); - return CMR_ERROR_NOT_SYSTEMP_APP; - } - int32_t ret = CheckAndUpdateCallerAndUri(cmContext, certUri, CM_URI_TYPE_CERTIFICATE, true); if (ret != CM_SUCCESS) { CM_LOG_E("uninstall user cert: caller and uri check fail"); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c index 594bb3194f192b664bd75864c5c7538045ec8a81..bc98134733ebee8d0b4fe0536dc3e8ecab9d70c2 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c @@ -209,8 +209,14 @@ int32_t CmFileRemove(const char *path, const char *fileName) return CMR_ERROR_INVALID_ARGUMENT; } + int32_t ret = CmIsFileExist(path, fileName); + if (ret != CMR_OK) { + CM_LOG_E("target file not exist"); + return ret; + } + char *fullFileName = NULL; - int32_t ret = GetFullFileName(path, fileName, &fullFileName); + ret = GetFullFileName(path, fileName, &fullFileName); if (ret != CMR_OK) { return ret; } diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c index 3330a939d7590a0bebf69f068273563079aa8a14..c9c87c08c9a47cdd7348cf11a6e47ca312fc7c55 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c @@ -263,13 +263,8 @@ void CmIpcServiceUninstallAppCert(const struct CmBlob *paramSetBlob, struct CmBl struct CmContext cmContext = {0}; struct CmParamOut params[] = { - { - .tag = CM_TAG_PARAM0_BUFFER, - .blob = &keyUri - }, { - .tag = CM_TAG_PARAM0_UINT32, - .uint32Param = &store - }, + { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri }, + { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store }, }; do { @@ -1166,6 +1161,7 @@ void CmIpcServiceInstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlo uint32_t userId = 0; uint32_t status = CERT_STATUS_ENANLED; struct CmContext cmContext = {0}; + struct CmContext oriContext = {0}; struct CmParamSet *paramSet = NULL; struct CmParamOut params[] = { { .tag = CM_TAG_PARAM0_BUFFER, .blob = &userCert }, @@ -1180,6 +1176,8 @@ void CmIpcServiceInstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlo CM_LOG_E("InstallUserCert get input params failed, ret = %d", ret); break; } + oriContext.userId = cmContext.userId; + oriContext.uid = cmContext.uid; ret = CmServiceInstallUserCertCheck(&cmContext, &userCert, &certAlias, userId); if (ret != CM_SUCCESS) { @@ -1197,12 +1195,12 @@ void CmIpcServiceInstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlo } while (0); struct CmBlob tempBlob = { 0, NULL }; - CmReport(__func__, &cmContext, &tempBlob, ret); + CmReport(__func__, &oriContext, &tempBlob, ret); if (ret != CM_SUCCESS) { CmSendResponse(context, ret, NULL); } - CmReportSGInstallUserCert(&certAlias, ret); + CmReportSGInstallUserCert(&certAlias, outData, ret); CmFreeParamSet(¶mSet); } @@ -1213,6 +1211,7 @@ void CmIpcServiceUninstallUserCert(const struct CmBlob *paramSetBlob, struct CmB int32_t ret = CM_SUCCESS; struct CmBlob certUri = { 0, NULL }; struct CmContext cmContext = {0}; + struct CmContext oriContext = {0}; struct CmParamSet *paramSet = NULL; struct CmParamOut params[] = { { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri }, @@ -1224,6 +1223,8 @@ void CmIpcServiceUninstallUserCert(const struct CmBlob *paramSetBlob, struct CmB CM_LOG_E("UninstallUserCert get input params failed, ret = %d", ret); break; } + oriContext.userId = cmContext.userId; + oriContext.uid = cmContext.uid; ret = CmServiceUninstallUserCertCheck(&cmContext, &certUri); if (ret != CM_SUCCESS) { @@ -1238,7 +1239,7 @@ void CmIpcServiceUninstallUserCert(const struct CmBlob *paramSetBlob, struct CmB } } while (0); - CmReport(__func__, &cmContext, &certUri, ret); + CmReport(__func__, &oriContext, &certUri, ret); CmSendResponse(context, ret, NULL); CmReportSGUninstallUserCert(&certUri, false, ret); CmFreeParamSet(¶mSet); diff --git a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/BUILD.gn b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/BUILD.gn index 968f7b4620e0a4b51686f51221d0157a37c399c2..39e56eb3c7d85f1dbb6d96a99c5f910fb743ce2a 100644 --- a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/BUILD.gn +++ b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/BUILD.gn @@ -35,6 +35,7 @@ ohos_static_library("libcert_manager_sg_report_static") { deps = [ "${cert_manager_root_dir}/frameworks/cert_manager_standard/main/common:libcert_manager_common_standard_static", "${cert_manager_root_dir}/interfaces/innerkits/cert_manager_standard/main:cert_manager_sdk", + "${cert_manager_root_dir}/services/cert_manager_standard/cert_manager_engine/main/rdb:libcert_manager_rdb_static", ] sources = [ "src/cm_security_guard_info.c", @@ -46,6 +47,7 @@ ohos_static_library("libcert_manager_sg_report_static") { ] external_deps = [ + "access_token:libaccesstoken_sdk", "bounds_checking_function:libsec_shared", "c_utils:utils", "ipc:ipc_single", diff --git a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/include/cm_security_guard_info.h b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/include/cm_security_guard_info.h index b45318b32b9eabcdabdc9b2f4223792e42ebcdfa..a7bebee7271de0645e990e3d084704217f2417b7 100644 --- a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/include/cm_security_guard_info.h +++ b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/include/cm_security_guard_info.h @@ -24,7 +24,7 @@ extern "C" { void CmReportSGSetCertStatus(const struct CmBlob *certUri, uint32_t store, uint32_t status, int32_t result); -void CmReportSGInstallUserCert(const struct CmBlob *certAlias, int32_t result); +void CmReportSGInstallUserCert(const struct CmBlob *certAlias, struct CmBlob *certUri, int32_t result); void CmReportSGUninstallUserCert(const struct CmBlob *certUri, bool isUninstallAll, int32_t result); diff --git a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/include/cm_security_guard_report.h b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/include/cm_security_guard_report.h index 05c7890b3151b81fbe242146755a409a1e8f22f8..3dbee81a0622cb7e80e67795cd8f6ef69141950b 100644 --- a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/include/cm_security_guard_report.h +++ b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/include/cm_security_guard_report.h @@ -25,6 +25,7 @@ struct CmReportSGInfo { uint32_t uid; int32_t result; char *name; + char *subjectName; bool isSetGrantUid; uint32_t grantUid; bool isSetStatus; diff --git a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_info.c b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_info.c index 20aaa0369fa5f7d038daa9fde874eb37bdc299c2..e7e1b45549784224374b0060ce3eb0ad36773620 100644 --- a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_info.c +++ b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_info.c @@ -18,6 +18,7 @@ #include "cm_log.h" #include "cm_mem.h" #include "cm_security_guard_report.h" +#include "cm_cert_property_rdb.h" #ifdef SUPPORT_SECURITY_GUARD #define CM_INVALID_NAME "nameInvalid" @@ -40,28 +41,6 @@ static bool IsNameValid(const struct CmBlob *name) #define ANONYMOUS_LEN 4 -static void AnonymousName(char *name, uint32_t nameLen) -{ - char p = '*'; - uint32_t offset = strlen("o="); - char *substr = strstr(name, "o="); - if (substr == NULL || strlen(substr) == offset) { - if (nameLen <= ANONYMOUS_LEN) { - (void)memset_s(name, nameLen, p, nameLen); - } else { - (void)memset_s(name + nameLen - ANONYMOUS_LEN, ANONYMOUS_LEN, p, ANONYMOUS_LEN); - } - return; - } - - uint32_t substrLen = strlen(substr); - if (substrLen <= ANONYMOUS_LEN + offset) { - (void)memset_s(substr + offset, substrLen - offset, p, substrLen - offset); - } else { - (void)memset_s(substr + offset, ANONYMOUS_LEN, p, ANONYMOUS_LEN); - } -} - static int32_t ConstructInfoName(const struct CmBlob *input, char **name) { bool isNameValid = IsNameValid(input); @@ -73,9 +52,6 @@ static int32_t ConstructInfoName(const struct CmBlob *input, char **name) (void)memset_s(*name, nameLen, 0, nameLen); /* initialized to 0 to avoid that input does not end with '\0' */ (void)strcpy_s(*name, nameLen, isNameValid ? (char *)input->data : CM_INVALID_NAME); - if (isNameValid) { - AnonymousName(*name, nameLen - 1); /* nameLen is bigger than 1 and exclude end '\0' */ - } return CM_SUCCESS; } @@ -90,6 +66,54 @@ static void ConstructInfoAndReport(const struct CmBlob *input, const char *actio CmReportSGRecord(info); CM_FREE_PTR(info->name); } + +static int32_t ConstructInfoSubjectName(const struct CmBlob *input, char **name) +{ + if (!IsNameValid(input)) { + return CMR_ERROR_INVALID_ARGUMENT; + } + + struct CertProperty certProperty; + (void)memset_s(&certProperty, sizeof(struct CertProperty), 0, sizeof(struct CertProperty)); + int32_t ret = QueryCertProperty((const char *)input->data, &certProperty); + if (ret != CM_SUCCESS) { + return ret; + } + + if (strlen(certProperty.subjectName) > MAX_LEN_SUBJECT_NAME) { + return CM_FAILURE; + } + + uint32_t nameLen = strlen(certProperty.subjectName) + 1; + *name = (char *)CmMalloc(nameLen); + if (*name == NULL) { + return CMR_ERROR_MALLOC_FAIL; + } + (void)memset_s(*name, nameLen, 0, nameLen); + if (strcpy_s(*name, nameLen, certProperty.subjectName) != EOK) { + CM_FREE_PTR(*name); + return CMR_ERROR_BUFFER_TOO_SMALL; + } + + return ret; +} + +static void ConstructSubjectAndReport(const struct CmBlob *input, const char *action, struct CmReportSGInfo *info) +{ + if (strcpy_s(info->action, sizeof(info->action), action) != EOK) { + return; + } + if (ConstructInfoName(input, &info->name) != CM_SUCCESS) { + return; + } + if (ConstructInfoSubjectName(input, &info->subjectName) != CM_SUCCESS) { + return; + } + + CmReportSGRecord(info); + CM_FREE_PTR(info->name); + CM_FREE_PTR(info->subjectName); +} #endif void CmReportSGSetCertStatus(const struct CmBlob *certUri, uint32_t store, uint32_t status, int32_t result) @@ -114,7 +138,7 @@ void CmReportSGSetCertStatus(const struct CmBlob *certUri, uint32_t store, uint3 #endif } -void CmReportSGInstallUserCert(const struct CmBlob *certAlias, int32_t result) +void CmReportSGInstallUserCert(const struct CmBlob *certAlias, struct CmBlob *certUri, int32_t result) { #ifdef SUPPORT_SECURITY_GUARD struct CmReportSGInfo info; @@ -126,7 +150,11 @@ void CmReportSGInstallUserCert(const struct CmBlob *certAlias, int32_t result) info.isSetStatus = false; char *action = "CmInstallUserCert"; - ConstructInfoAndReport(certAlias, action, &info); + if (result != CM_SUCCESS) { + ConstructInfoAndReport(certAlias, action, &info); + } else { + ConstructSubjectAndReport(certUri, action, &info); + } #else (void)certAlias; (void)result; diff --git a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_report.cpp b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_report.cpp index eb5da801b23a0c62e20e3241d0bbc5d8af1f68ea..75d8e79f2fde3025d3630897c88cf337a9a8e9ed 100644 --- a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_report.cpp +++ b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_report.cpp @@ -24,13 +24,21 @@ #include "event_info.h" #include "sg_collect_client.h" +#include "accesstoken_kit.h" +#include "hap_token_info.h" +#include "ipc_skeleton.h" #define CM_INFO_JSON_MAX_LEN 512 #define SG_JSON_MAX_LEN 1024 #define CERT_EVENTID 1011015014 #define CERT_VERSION "1.0" +#define CALLER_NAME_MAX_SIZE 128 using namespace OHOS::Security::SecurityGuard; +using namespace OHOS; +using namespace OHOS::Security::AccessToken; + +const std::string CALLER_UID_NAME = "ipc_calling_uid: "; uint32_t CmGetCallingUid(void) { @@ -39,23 +47,68 @@ uint32_t CmGetCallingUid(void) void InfoToJson(const struct CmReportSGInfo *info, char *json, int32_t jsonLen) { - int32_t ret = snprintf_s(json, jsonLen, jsonLen - 1, "{\\\"action\\\":\\\"%s\\\", \\\"uid\\\":%u, " - "\\\"result\\\":%d, \\\"name\\\":\\\"%s\\\", \\\"isSetGrantUid\\\":%d, \\\"grantUid\\\":%u," - "\\\"isSetStatus\\\":%d, \\\"status\\\":%d}", info->action, info->uid, info->result, info->name, + char subjectName[MAX_LEN_SUBJECT_NAME] = {0}; + if (info->subjectName == nullptr) { + subjectName[0] = '\0'; + } else { + if (strncpy_s(subjectName, MAX_LEN_SUBJECT_NAME, info->subjectName, strlen(info->subjectName)) != EOK) { + CM_LOG_E("Failed to copy subject name"); + return; + } + } + + int32_t ret = snprintf_s( + json, jsonLen, jsonLen - 1, + "{\\\"action\\\":\\\"%s\\\", \\\"uid\\\":%u, \\\"result\\\":%d, \\\"name\\\":\\\"%s\\\", " + "\\\"subjectName\\\":\\\"%s\\\", \\\"isSetGrantUid\\\":%d, \\\"grantUid\\\":%u, " + "\\\"isSetStatus\\\":%d, \\\"status\\\":%d}", + info->action, info->uid, info->result, info->name, subjectName, info->isSetGrantUid ? 1 : 0, info->grantUid, info->isSetStatus ? 1 : 0, info->status ? 1 : 0); if (ret < 0) { CM_LOG_E("info to json error"); } } +static int32_t GetCallerBundleName(char *callerName, uint32_t callerNameSize) +{ + std::string caller = ""; + auto callingTokenId = IPCSkeleton::GetCallingTokenID(); + if (AccessTokenKit::GetTokenType(callingTokenId) != ATokenTypeEnum::TOKEN_HAP) { + int32_t uid = IPCSkeleton::GetCallingUid(); + caller += CALLER_UID_NAME; + caller += std::to_string(uid); + } else { + HapTokenInfo hapTokenInfo; + int32_t ret = AccessTokenKit::GetHapTokenInfo(callingTokenId, hapTokenInfo); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed to get hap info from access token kit."); + return CM_FAILURE; + } + caller += hapTokenInfo.bundleName; + } + + if (strncpy_s(callerName, callerNameSize, caller.c_str(), caller.size() + 1) != EOK) { + CM_LOG_E("Failed to copy caller"); + return CMR_ERROR_INVALID_OPERATION; + } + return CM_SUCCESS; +} + void CmFillSGRecord(char *objectInfoJson, char *recordJson, int32_t recordJsonLen) { struct SGEventContent content; (void)memset_s(&content, sizeof(content), 0, sizeof(content)); + char callerName[CALLER_NAME_MAX_SIZE] = { 0 }; + int32_t ret = GetCallerBundleName(callerName, CALLER_NAME_MAX_SIZE); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed to get caller bundle name"); + return; + } + char constant[] = ""; content.type = 0; content.subType = 0; - content.caller = constant; + content.caller = callerName; content.objectInfo = objectInfoJson; content.bootTime = constant; content.wallTime = constant; @@ -63,7 +116,7 @@ void CmFillSGRecord(char *objectInfoJson, char *recordJson, int32_t recordJsonLe content.sourceInfo = constant; content.targetInfo = constant; content.extra = constant; - int32_t ret = snprintf_s(recordJson, recordJsonLen, recordJsonLen - 1, "{\"type\":%d, \"subType\":%d," + ret = snprintf_s(recordJson, recordJsonLen, recordJsonLen - 1, "{\"type\":%d, \"subType\":%d," "\"caller\":\"%s\", \"objectInfo\":\"%s\", \"bootTime\":\"%s\", \"wallTime\":\"%s\", \"outcome\":\"%s\", " "\"sourceInfo\":\"%s\", \"targetInfo\":\"%s\", \"extra\":\"%s\"}", content.type, content.subType, content.caller, content.objectInfo, content.bootTime, content.wallTime, content.outcome, content.sourceInfo, @@ -75,22 +128,29 @@ void CmFillSGRecord(char *objectInfoJson, char *recordJson, int32_t recordJsonLe void CmReportSGRecord(const struct CmReportSGInfo *info) { - char *objectJson = static_cast(CmMalloc(CM_INFO_JSON_MAX_LEN)); + int32_t jsonLen = CM_INFO_JSON_MAX_LEN; + if (info->subjectName != NULL) { + jsonLen += strlen(info->subjectName); + } + + char *objectJson = static_cast(CmMalloc(jsonLen)); if (objectJson == NULL) { CM_LOG_E("objectJson malloc error"); return; } - (void)memset_s(objectJson, CM_INFO_JSON_MAX_LEN, 0, CM_INFO_JSON_MAX_LEN); - InfoToJson(info, objectJson, CM_INFO_JSON_MAX_LEN); + (void)memset_s(objectJson, jsonLen, 0, jsonLen); + InfoToJson(info, objectJson, jsonLen); - char *recordJson = static_cast(CmMalloc(SG_JSON_MAX_LEN)); + int32_t recordJsonLen = jsonLen > SG_JSON_MAX_LEN ? jsonLen : SG_JSON_MAX_LEN; + char *recordJson = static_cast(CmMalloc(recordJsonLen)); if (recordJson == NULL) { CM_FREE_PTR(objectJson); CM_LOG_E("recordJson malloc error"); return; } - (void)memset_s(recordJson, SG_JSON_MAX_LEN, 0, SG_JSON_MAX_LEN); - CmFillSGRecord(objectJson, recordJson, SG_JSON_MAX_LEN); + + (void)memset_s(recordJson, recordJsonLen, 0, recordJsonLen); + CmFillSGRecord(objectJson, recordJson, recordJsonLen); CM_FREE_PTR(objectJson); std::shared_ptr eventInfo = std::make_shared(CERT_EVENTID, CERT_VERSION, recordJson); int32_t ret = NativeDataCollectKit::ReportSecurityInfo(eventInfo); diff --git a/test/unittest/src/cm_app_cert_test.cpp b/test/unittest/src/cm_app_cert_test.cpp index 9fd237a27a2edb30ed4a2b260a94bb13416300fc..e0ae813f1152ced41985b75d3a61b5755597b184 100644 --- a/test/unittest/src/cm_app_cert_test.cpp +++ b/test/unittest/src/cm_app_cert_test.cpp @@ -686,6 +686,21 @@ HWTEST_F(CmAppCertTest, AppCertUnInstallAbnormalTest003, TestSize.Level0) EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "AppCertUnInstallAbnormalTest003 test failed, retcode:" << ret; } +/** + * @tc.name: AppCertUnInstallAbnormalTest004 + * @tc.desc: Test CertManager unInstall app cert interface abnormal function + * @tc.type: FUNC + * @tc.require: AR000H0MI8 /SR000H09N9 + */ +HWTEST_F(CmAppCertTest, AppCertUnInstallAbnormalTest004, TestSize.Level0) +{ + uint8_t keyUriBuf[] = "oh:t=ak;o=NOTEXIST;u=0;a=0"; + struct CmBlob keyUri = { sizeof(keyUriBuf), keyUriBuf }; + + int32_t ret = CmUninstallAppCert(&keyUri, CM_CREDENTIAL_STORE); + EXPECT_EQ(ret, CMR_ERROR_NOT_EXIST) << "AppCertUnInstallAbnormalTest004 test failed, retcode:" << ret; +} + /** * @tc.name: AppCertUnInstallAllAppCertBaseTest001 * @tc.desc: Test CertManager unInstall all app cert interface base function diff --git a/test/unittest/src/cm_get_user_ca_cert_list.cpp b/test/unittest/src/cm_get_user_ca_cert_list.cpp index 2c2be48a2e17bcf01f8dcacab19a1d92597c9929..ce9e430a6a5f8ded14146f3e132635d0e4803fd1 100755 --- a/test/unittest/src/cm_get_user_ca_cert_list.cpp +++ b/test/unittest/src/cm_get_user_ca_cert_list.cpp @@ -374,6 +374,8 @@ HWTEST_F(CmGetUserCertListTest, CmGetUserCACertList006, TestSize.Level0) struct CertList *certList006 = nullptr; InitCertList(&certList006); + struct CertList *certList007 = nullptr; + InitCertList(&certList007); struct UserCAProperty prop = { SA_USERID, CM_ALL_USER }; ret = CmGetUserCACertList(&prop, certList006); EXPECT_EQ(ret, CM_SUCCESS) << "Normal get user ca cert list test failed, recode:" << ret; @@ -381,11 +383,13 @@ HWTEST_F(CmGetUserCertListTest, CmGetUserCACertList006, TestSize.Level0) uint32_t certsCount006 = certList006->certsCount; EXPECT_EQ(certsCount006, size) << "Get certs count wrong, recode:" << ret; - ret = CmUninstallAllUserTrustedCert(); - EXPECT_EQ(ret, CM_SUCCESS) << "Normal user cert Uninstall All test failed, recode:" << ret; - CmUninstallCACertList(certList006); + prop = { TEST_USERID, CM_ALL_USER }; + ret = CmGetUserCACertList(&prop, certList007); + + CmUninstallCACertList(certList007); EXPECT_EQ(ret, CM_SUCCESS) << "Normal user cert Uninstall CA test cert failed, recode:" << ret; FreeCertList(certList006); + FreeCertList(certList007); } // /** diff --git a/test/unittest/src/cm_user_cert_test.cpp b/test/unittest/src/cm_user_cert_test.cpp index 3d2d2e1757765e7935f6504f9e56039fa945d659..5854a24cf62ffb2b48180522113b781a5f2413bf 100755 --- a/test/unittest/src/cm_user_cert_test.cpp +++ b/test/unittest/src/cm_user_cert_test.cpp @@ -863,7 +863,7 @@ HWTEST_F(CmUserCertTest, UninstallUserCertTest004, TestSize.Level0) struct CmBlob invalidUri = { strlen(invalidUriBuf) + 1, reinterpret_cast(invalidUriBuf) }; ret = CmUninstallUserTrustedCert(&invalidUri); - EXPECT_EQ(ret, CM_SUCCESS) << "Normal user cert Uninstall test failed, recode:" << ret; + EXPECT_EQ(ret, CMR_ERROR_NOT_EXIST) << "Normal user cert Uninstall test failed, recode:" << ret; } /**