diff --git a/frameworks/cert_manager_standard/main/common/src/cm_param.c b/frameworks/cert_manager_standard/main/common/src/cm_param.c index 4b6d1e46ba86e32fc329c5fdd0aa4f0e5fb9a86b..987e0025eab57311133ea20252dd998f8ec4032e 100644 --- a/frameworks/cert_manager_standard/main/common/src/cm_param.c +++ b/frameworks/cert_manager_standard/main/common/src/cm_param.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -32,7 +32,7 @@ int32_t CmInitParamSet(struct CmParamSet **paramSet) { if (paramSet == NULL) { CM_LOG_E("invalid init params!"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_PARAMSET_ARG; } *paramSet = (struct CmParamSet *)CmMalloc(CM_DEFAULT_PARAM_SET_SIZE); @@ -55,7 +55,7 @@ static int32_t CmCheckParamSet(const struct CmParamSet *paramSet, uint32_t size) (paramSet->paramSetSize != size) || (paramSet->paramsCnt > ((size - sizeof(struct CmParamSet)) / sizeof(struct CmParam)))) { CM_LOG_E("invalid param set!"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_PARAMSET_ARG; } return CM_SUCCESS; } @@ -78,18 +78,18 @@ static int32_t CmFreshParamSet(struct CmParamSet *paramSet, bool isCopy) for (uint32_t i = 0; i < paramSet->paramsCnt; i++) { if (offset > size) { CM_LOG_E("invalid param set offset!"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_PARAMSET_ARG; } if (GetTagType(paramSet->params[i].tag) == CM_TAG_TYPE_BYTES) { if (CmIsAdditionOverflow(offset, paramSet->params[i].blob.size)) { CM_LOG_E("blob size overflow!"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_PARAMSET_ARG; } if (isCopy && (memcpy_s((uint8_t *)paramSet + offset, size - offset, paramSet->params[i].blob.data, paramSet->params[i].blob.size) != EOK)) { CM_LOG_E("copy param blob failed!"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_INVALID_PARAMSET_ARG; } paramSet->params[i].blob.data = (uint8_t *)paramSet + offset; offset += paramSet->params[i].blob.size; @@ -98,7 +98,7 @@ static int32_t CmFreshParamSet(struct CmParamSet *paramSet, bool isCopy) if (paramSet->paramSetSize != offset) { CM_LOG_E("invalid param set size!"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_PARAMSET_ARG; } return CM_SUCCESS; } @@ -118,7 +118,7 @@ static int32_t BuildParamSet(struct CmParamSet **paramSet) if (memcpy_s(freshParamSet, size, *paramSet, offset) != EOK) { CM_FREE_PTR(freshParamSet); CM_LOG_E("copy params failed!"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_INVALID_PARAMSET_ARG; } CM_FREE_PTR(*paramSet); *paramSet = freshParamSet; @@ -155,12 +155,12 @@ int32_t CmGetParam(const struct CmParamSet *paramSet, uint32_t tag, struct CmPar { if ((paramSet == NULL) || (param == NULL)) { CM_LOG_E("invalid params!"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_PARAMSET_ARG; } if (CmCheckParamSet(paramSet, paramSet->paramSetSize) != CM_SUCCESS) { CM_LOG_E("invalid paramSet!"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_PARAMSET_ARG; } for (uint32_t i = 0; i < paramSet->paramsCnt; i++) { @@ -181,17 +181,17 @@ static int32_t FreshParamSet(struct CmParamSet *paramSet, bool isCopy) for (uint32_t i = 0; i < paramSet->paramsCnt; i++) { if (offset > size) { CM_LOG_E("FreshParamSet invalid param set offset!"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_PARAMSET_ARG; } if (GetTagType(paramSet->params[i].tag) == CM_TAG_TYPE_BYTES) { if (CmIsAdditionOverflow(offset, paramSet->params[i].blob.size)) { CM_LOG_E("FreshParamSet blob size overflow!"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_PARAMSET_ARG; } if (isCopy && memcpy_s((uint8_t *)paramSet + offset, size - offset, paramSet->params[i].blob.data, paramSet->params[i].blob.size) != EOK) { CM_LOG_E("FreshParamSet copy param blob failed!"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_INVALID_PARAMSET_ARG; } paramSet->params[i].blob.data = (uint8_t *)paramSet + offset; offset += paramSet->params[i].blob.size; @@ -200,7 +200,7 @@ static int32_t FreshParamSet(struct CmParamSet *paramSet, bool isCopy) if (paramSet->paramSetSize != offset) { CM_LOG_E("FreshParamSet invalid param set size!"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_PARAMSET_ARG; } return CM_SUCCESS; } @@ -235,14 +235,14 @@ static int32_t CheckBeforeAddParams(const struct CmParamSet *paramSet, const str if ((params == NULL) || (paramSet == NULL) || (paramSet->paramSetSize > CM_PARAM_SET_MAX_SIZE) || (paramCnt > CM_DEFAULT_PARAM_CNT) || ((paramSet->paramsCnt + paramCnt) > CM_DEFAULT_PARAM_CNT)) { CM_LOG_E("invalid params or paramset!"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_PARAMSET_ARG; } for (uint32_t i = 0; i < paramCnt; i++) { if ((GetTagType(params[i].tag) == CM_TAG_TYPE_BYTES) && (params[i].blob.data == NULL)) { CM_LOG_E("invalid blob param!"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_PARAMSET_ARG; } } return CM_SUCCESS; @@ -261,7 +261,7 @@ int32_t CmAddParams(struct CmParamSet *paramSet, const struct CmParam *params, u if (CmIsAdditionOverflow(paramSet->paramSetSize, params[i].blob.size)) { CM_LOG_E("params size overflow!"); paramSet->paramSetSize -= sizeof(struct CmParam); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_PARAMSET_ARG; } paramSet->paramSetSize += params[i].blob.size; } diff --git a/frameworks/cert_manager_standard/main/common/src/cm_pfx.c b/frameworks/cert_manager_standard/main/common/src/cm_pfx.c index 3af69f66721239545bb60adcb0595b5494a68e54..fd2bd7c07aacc7d53f8ad93f00e2611cf0ecea7a 100644 --- a/frameworks/cert_manager_standard/main/common/src/cm_pfx.c +++ b/frameworks/cert_manager_standard/main/common/src/cm_pfx.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -39,13 +39,13 @@ static int32_t CmGetAppCertChain(X509 *cert, STACK_OF(X509) *caCert, struct AppC out = BIO_new(BIO_s_mem()); if (out == NULL) { CM_LOG_E("BIO_new_mem_buf faild"); - ret = CM_FAILURE; + ret = CMR_ERROR_OPENSSL_FAIL; break; } /* copy app terminal cert to bio */ if (PEM_write_bio_X509(out, cert) == 0) { CM_LOG_E("Copy app cert to bio faild"); - ret = CM_FAILURE; + ret = CMR_ERROR_OPENSSL_FAIL; break; } certCount++; @@ -54,7 +54,7 @@ static int32_t CmGetAppCertChain(X509 *cert, STACK_OF(X509) *caCert, struct AppC xCert = sk_X509_value(caCert, i); if (PEM_write_bio_X509(out, xCert) == 0) { CM_LOG_E("Copy app ca cert to bio faild"); - ret = CM_FAILURE; + ret = CMR_ERROR_OPENSSL_FAIL; break; } certCount++; @@ -63,12 +63,12 @@ static int32_t CmGetAppCertChain(X509 *cert, STACK_OF(X509) *caCert, struct AppC long len = BIO_get_mem_data(out, &data); if (len <= 0) { CM_LOG_E("BIO_get_mem_data faild"); - ret = CM_FAILURE; + ret = CMR_ERROR_OPENSSL_FAIL; break; } if (memcpy_s(appCert->appCertdata, MAX_LEN_CERTIFICATE_CHAIN, data, len) != EOK) { CM_LOG_E("Copy appCert->appCertdata faild"); - ret = CM_FAILURE; + ret = CMR_ERROR_MEM_OPERATION_COPY; break; } /* default certificate chain is packaged as a whole */ @@ -92,13 +92,13 @@ int32_t CmParsePkcs12Cert(const struct CmBlob *p12Cert, char *passWd, EVP_PKEY * STACK_OF(X509) *caCert = NULL; if (p12Cert == NULL || p12Cert->data == NULL || p12Cert->size > MAX_LEN_CERTIFICATE_CHAIN) { - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_APP_CERT; } do { bio = BIO_new_mem_buf(p12Cert->data, p12Cert->size); if (bio == NULL) { - ret = CM_FAILURE; + ret = CMR_ERROR_OPENSSL_FAIL; CM_LOG_E("BIO_new_mem_buf faild"); break; } diff --git a/frameworks/cert_manager_standard/main/common/src/cm_x509.c b/frameworks/cert_manager_standard/main/common/src/cm_x509.c index ef40a1a854661f1a1216068fc0800a9fe5f91375..da3c00e10d1cc49229be24befd18732ec03bbac8 100644 --- a/frameworks/cert_manager_standard/main/common/src/cm_x509.c +++ b/frameworks/cert_manager_standard/main/common/src/cm_x509.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -85,7 +85,7 @@ int32_t GetX509SerialNumber(X509 *x509cert, char *outBuf, uint32_t outBufMaxSize if (strncpy_s(outBuf, outBufMaxSize, hex, len) != EOK) { OPENSSL_free(hex); BN_free(bn); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } OPENSSL_free(hex); @@ -123,7 +123,7 @@ static int32_t ToStringName(FUNC func, const X509 *x509cert, const char *objname } if (strncpy_s(outBuf, outBufMaxSize, data, length) != EOK) { OPENSSL_free(data); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } OPENSSL_free(data); break; @@ -153,7 +153,7 @@ static int32_t GetX509FirstSubjectName(const X509 *x509cert, struct CmBlob *disp } if (strlen(subjectName) > 0) { if (strncpy_s(outBuf, displaytName->size, subjectName, strlen(subjectName)) != EOK) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } outBuf[length] = '\0'; displaytName->size = (uint32_t)(length + 1); @@ -183,7 +183,7 @@ static int32_t GetX509FirstSubjectProp(const X509 *x509cert, struct CmBlob *disp } if (strncpy_s(outBuf, displaytName->size, data, length) != EOK) { OPENSSL_free(data); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } outBuf[length] = '\0'; displaytName->size = (uint32_t)(length + 1); @@ -212,7 +212,7 @@ static int32_t GetDisplayName(X509 *x509cert, const struct CmBlob *certAlias, } else { if (memcpy_s(displaytName->data, displaytName->size, certAlias->data, certAlias->size) != EOK) { CM_LOG_E("copy displayname failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } displaytName->size = certAlias->size; } @@ -264,7 +264,7 @@ int32_t GetX509SubjectNameLongFormat(const X509 *x509cert, char *outBuf, uint32_ } if (snprintf_s(outBuf + offset, outBufMaxSize - offset, outBufMaxSize - offset - 1, "%s=%s%c", subjectNameList[j], subjectName, (char)(((j + 1) == sizeList) ? '\0' : ',')) < 0) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } offset += strlen(subjectNameList[j]) + strlen(subjectName) + NAME_DELIMITER_SIZE; } @@ -288,7 +288,7 @@ int32_t GetX509IssueNameLongFormat(const X509 *x509cert, char *outBuf, uint32_t } if (snprintf_s(outBuf + offset, outBufMaxSize - offset, outBufMaxSize - offset - 1, "%s=%s%c", issueNameList[j], issueName, (char)(((j + 1) == sizeList) ? '\0' : ',')) < 0) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } offset += strlen(issueNameList[j]) + strlen(issueName) + NAME_DELIMITER_SIZE; } @@ -349,7 +349,7 @@ static int32_t GetX509Time(TIME_FUNC fuc, const X509 *x509cert, struct DataTime struct tm *localTime = GetLocalTime(asn1Time); if (localTime == NULL) { CM_LOG_E("Failed to get local time by utc time"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_GET_LOCAL_TIME_FAILED; } pDataTime->year = (uint32_t)(localTime->tm_year + BASE_YEAR); @@ -376,7 +376,7 @@ static int32_t GetX509TimeFormat(TIME_FUNC fuc, const X509 *x509cert, char *outB char buf[TIME_FORMAT_MAX_SIZE] = {0}; if (snprintf_s(buf, TIME_FORMAT_MAX_SIZE, TIME_FORMAT_MAX_SIZE - 1, "%d-%d-%d", (int)dataTime.year, (int)dataTime.month, (int)dataTime.day) < 0) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } uint32_t length = (uint32_t)strlen(buf); @@ -385,7 +385,7 @@ static int32_t GetX509TimeFormat(TIME_FUNC fuc, const X509 *x509cert, char *outB return CMR_ERROR_BUFFER_TOO_SMALL; } if (strncpy_s(outBuf, outBufMaxSize, buf, length) != EOK) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } return (int32_t)length; } @@ -416,7 +416,7 @@ int32_t GetX509Fingerprint(const X509 *x509cert, char *outBuf, uint32_t outBufMa if (snprintf_s(buf + 3 * i, FINGERPRINT_MAX_SIZE - 3 * i, /* 3 is array index */ FINGERPRINT_MAX_SIZE - 3 * i - 1, /* 3 is array index */ "%02X%c", md[i], (char)(((i + 1) == size) ? '\0' : ':')) < 0) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } } uint32_t length = (uint32_t)strlen(buf); @@ -426,7 +426,7 @@ int32_t GetX509Fingerprint(const X509 *x509cert, char *outBuf, uint32_t outBufMa } if (strncpy_s(outBuf, outBufMaxSize, buf, length) != EOK) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } return (int32_t)length; } diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c index 66e64a3bc85afbcd9d95a53cd96bcb1e0563706e..fe4fd0fc85bf44382611177a31846a6fdfc658a8 100644 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2023 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -344,7 +344,7 @@ static int32_t CmAppCertListUnpackFromService(const struct CmBlob *outData, } if (memcpy_s(certificateList->credentialAbstract[i].type, MAX_LEN_SUBJECT_NAME, blob.data, blob.size) != EOK) { CM_LOG_E("copy type failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } ret = CmGetBlobFromBuffer(&blob, outData, &offset); @@ -354,7 +354,7 @@ static int32_t CmAppCertListUnpackFromService(const struct CmBlob *outData, } if (memcpy_s(certificateList->credentialAbstract[i].keyUri, MAX_LEN_URI, blob.data, blob.size) != EOK) { CM_LOG_E("copy keyUri failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } ret = CmGetBlobFromBuffer(&blob, outData, &offset); @@ -364,7 +364,7 @@ static int32_t CmAppCertListUnpackFromService(const struct CmBlob *outData, } if (memcpy_s(certificateList->credentialAbstract[i].alias, MAX_LEN_CERT_ALIAS, blob.data, blob.size) != EOK) { CM_LOG_E("copy alias failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } } return CM_SUCCESS; @@ -454,7 +454,7 @@ static int32_t CmGetAppCertFromBuffer(struct Credential *certificateInfo, } if (memcpy_s(certificateInfo->type, MAX_LEN_SUBJECT_NAME, blob.data, blob.size) != EOK) { CM_LOG_E("copy type failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } ret = CmGetBlobFromBuffer(&blob, outData, offset); @@ -464,7 +464,7 @@ static int32_t CmGetAppCertFromBuffer(struct Credential *certificateInfo, } if (memcpy_s(certificateInfo->keyUri, MAX_LEN_URI, blob.data, blob.size) != EOK) { CM_LOG_E("copy keyUri failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } ret = CmGetBlobFromBuffer(&blob, outData, offset); @@ -474,7 +474,7 @@ static int32_t CmGetAppCertFromBuffer(struct Credential *certificateInfo, } if (memcpy_s(certificateInfo->alias, MAX_LEN_CERT_ALIAS, blob.data, blob.size) != EOK) { CM_LOG_E("copy alias failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } return ret; @@ -523,7 +523,7 @@ static int32_t CmAppCertInfoUnpackFromService(const struct CmBlob *outData, stru if ((blob.size > certificateInfo->credData.size) || memcpy_s(certificateInfo->credData.data, certificateInfo->credData.size, blob.data, blob.size) != EOK) { CM_LOG_E("copy credData failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } certificateInfo->credData.size = blob.size; diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client_serialization.c b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client_serialization.c index f0c547a5e5869f40cb85eb95be61d0f9d0868c2c..8c942254f5e932de8995813ebb012c0d3d1314c4 100644 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client_serialization.c +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client_serialization.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -28,7 +28,7 @@ int32_t GetUint32FromBuffer(uint32_t *value, const struct CmBlob *srcBlob, uint3 } if (memcpy_s(value, sizeof(uint32_t), srcBlob->data + *srcOffset, sizeof(uint32_t)) != EOK) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } *srcOffset += sizeof(uint32_t); @@ -95,7 +95,7 @@ int32_t CmCertificateListUnpackFromService(const struct CmBlob *outData, struct } if (memcpy_s(certificateList->certAbstract[i].subjectName, MAX_LEN_SUBJECT_NAME, blob.data, blob.size) != EOK) { CM_LOG_E("copy subjectName failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } uint32_t status = 0; @@ -113,7 +113,7 @@ int32_t CmCertificateListUnpackFromService(const struct CmBlob *outData, struct } if (memcpy_s(certificateList->certAbstract[i].uri, MAX_LEN_URI, blob.data, blob.size) != EOK) { CM_LOG_E("copy uri failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } ret = CmGetBlobFromBuffer(&blob, outData, &offset); @@ -123,7 +123,7 @@ int32_t CmCertificateListUnpackFromService(const struct CmBlob *outData, struct } if (memcpy_s(certificateList->certAbstract[i].certAlias, MAX_LEN_CERT_ALIAS, blob.data, blob.size) != EOK) { CM_LOG_E("copy certAlias failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } } return CM_SUCCESS; @@ -204,7 +204,7 @@ int32_t CmCertificateInfoUnpackFromService(const struct CmBlob *outData, const s } if (memcpy_s(cInfo->certInfo.data, cInfo->certInfo.size, bufBlob.data, bufBlob.size) != EOK) { CM_LOG_E("copy cert data failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } cInfo->certInfo.size = bufBlob.size; @@ -229,13 +229,13 @@ int32_t CmCertificateInfoUnpackFromService(const struct CmBlob *outData, const s (void)memset_s(cInfo->certAlias, MAX_LEN_CERT_ALIAS, 0, MAX_LEN_CERT_ALIAS); if (memcpy_s(cInfo->certAlias, MAX_LEN_CERT_ALIAS, bufBlob.data, bufBlob.size) != EOK) { CM_LOG_E("copy alias failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } (void)memset_s(cInfo->uri, MAX_LEN_URI, 0, MAX_LEN_URI); /* uri */ if (memcpy_s(cInfo->uri, MAX_LEN_URI, certUri->data, certUri->size) != EOK) { CM_LOG_E("copy uri failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } return CM_SUCCESS; } diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_request.cpp b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_request.cpp index d851b4905050f39670e2543fbec8ca1b59f893e9..5b9e4e14aa1f101540dd451cc12c8fde8a08ddde 100644 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_request.cpp +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_request.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2023 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -78,7 +78,7 @@ static int32_t CmReadRequestReply(MessageParcel &reply, struct CmBlob *outBlob) return CMR_ERROR_BUFFER_TOO_SMALL; } if (memcpy_s(outBlob->data, outBlob->size, outData, outLen) != EOK) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } outBlob->size = outLen; return CM_SUCCESS; diff --git a/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h b/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h index bbad297e6915988a46e14c040b3ee347490c671d..028612dfb2f1b7155a4770d5a5ee5532a618cc8e 100644 --- a/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h +++ b/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2024 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -162,6 +162,64 @@ enum CmErrorCode { CMR_ERROR_DELETE_RDB_DATA_FAIL = -34, CMR_ERROR_QUERY_RDB_DATA_FAIL = -35, CMR_ERROR_PASSWORD_IS_ERR = -36, + + CMR_ERROR_OPENSSL_FAIL = -37, + CMR_ERROR_MAX_GRANT_COUNT_REACHED = -38, + CMR_ERROR_SA_START_STATUS_INIT_FAILED = -39, + CMR_ERROR_SA_START_HUKS_INIT_FAILED = -40, + CMR_ERROR_SA_START_PUBLISH_FAILED = -41, + CMR_ERROR_IPC_PARAM_SIZE_INVALID = -42, + CMR_ERROR_GET_LOCAL_TIME_FAILED = -43, + CMR_ERROR_MEM_OPERATION_COPY = -44, + CMR_ERROR_MEM_OPERATION_PRINT = -45, + CMR_ERROR_FILE_OPEN_DIR = -46, + CMR_ERROR_FILE_STAT = -47, + CMR_ERROR_CERT_COUNT_MISMATCH = -48, + CMR_ERROR_GET_CERT_STATUS = -49, + CMR_ERROR_GET_CERT_SUBJECT_ITEM = -50, + + /* invalid argument */ + CMR_ERROR_INVALID_ARGUMENT_BEGIN = -10000, + CMR_ERROR_INVALID_PARAMSET_ARG = -10001, + CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE = -10002, + CMR_ERROR_INVALID_ARGUMENT_SCOPE = -10003, + CMR_ERROR_INVALID_ARGUMENT_USER_ID = -10004, + CMR_ERROR_INVALID_ARGUMENT_UID = -10005, + CMR_ERROR_INVALID_ARGUMENT_URI = -10006, + CMR_ERROR_INVALID_ARGUMENT_STATUS = -10007, + CMR_ERROR_INVALID_ARGUMENT_APP_CERT = -10008, + CMR_ERROR_INVALID_ARGUMENT_APP_PWD = -10009, + CMR_ERROR_INVALID_ARGUMENT_ALIAS = -10010, + CMR_ERROR_INVALID_ARGUMENT_SIGN_SPEC = -10011, + CMR_ERROR_INVALID_ARGUMENT_HANDLE = -10012, + CMR_ERROR_INVALID_ARGUMENT_END = -19999, + + /* key operation failed */ + CMR_ERROR_KEY_OPERATION_BEGIN = -20000, + CMR_ERROR_KEY_IMPORT_PARAM_FAILED = -20001, + CMR_ERROR_KEY_IMPORT_FAILED = -20002, + CMR_ERROR_KEY_DELETE_PARAM_FAILED = -20003, + CMR_ERROR_KEY_DELETE_FAILED = -20004, + CMR_ERROR_KEY_MAC_PARAM_FAILED = -20005, + CMR_ERROR_KEY_MAC_INIT_FAILED = -20006, + CMR_ERROR_KEY_MAC_FINISH_FAILED = -20007, + CMR_ERROR_KEY_GENERATE_PARAM_FAILED = -20008, + CMR_ERROR_KEY_GENERATE_FAILED = -20009, + CMR_ERROR_KEY_INIT_PARAM_FAILED = -20010, + CMR_ERROR_KEY_INIT_FAILED = -20011, + CMR_ERROR_KEY_PROCESS_PARAM_FAILED = -20012, + CMR_ERROR_KEY_UPDATE_FAILED = -20013, + CMR_ERROR_KEY_FINISH_FAILED = -20014, + CMR_ERROR_KEY_ABORT_FAILED = -20015, + CMR_ERROR_KEY_CHECK_EXIST_PARAM_FAILED = -20016, + CMR_ERROR_KEY_CHECK_EXIST_FAILED = -20017, + CMR_ERROR_KEY_OPERATION_END = -29999, + + /* auth check failed */ + CMR_ERROR_AUTH_FAILED_BEGIN = -30000, + CMR_ERROR_AUTH_FAILED_MAC_FAILED = -30001, + CMR_ERROR_AUTH_FAILED_MAC_MISMATCH = -30002, + CMR_ERROR_AUTH_FAILED_END = -39999, }; enum CMDialogErrorCode { diff --git a/interfaces/innerkits/cert_manager_standard/source/cert_manager_api.c b/interfaces/innerkits/cert_manager_standard/source/cert_manager_api.c index db9dec43b60c91e72e9c1d36bca757f6dba74162..c695ed8b2188729fde11fce000a92e34dfb9ff16 100644 --- a/interfaces/innerkits/cert_manager_standard/source/cert_manager_api.c +++ b/interfaces/innerkits/cert_manager_standard/source/cert_manager_api.c @@ -23,7 +23,7 @@ CM_API_EXPORT int32_t CmGetCertList(uint32_t store, struct CertList *certificateList) { - CM_LOG_D("enter get certificate list"); + CM_LOG_I("enter get certificate list"); if (certificateList == NULL) { CM_LOG_E("invalid input arguments"); return CMR_ERROR_NULL_POINTER; @@ -35,14 +35,14 @@ CM_API_EXPORT int32_t CmGetCertList(uint32_t store, struct CertList *certificate } int32_t ret = CmClientGetCertList(store, certificateList); - CM_LOG_D("leave get certificate list, result = %d", ret); + CM_LOG_I("leave get certificate list, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmGetCertInfo(const struct CmBlob *certUri, uint32_t store, struct CertInfo *certificateInfo) { - CM_LOG_D("enter get certificate info"); + CM_LOG_I("enter get certificate info"); if ((certUri == NULL) || (certificateInfo == NULL)) { CM_LOG_E("invalid input arguments"); return CMR_ERROR_NULL_POINTER; @@ -55,14 +55,14 @@ CM_API_EXPORT int32_t CmGetCertInfo(const struct CmBlob *certUri, uint32_t store } int32_t ret = CmClientGetCertInfo(certUri, store, certificateInfo); - CM_LOG_D("leave get certificate info, result = %d", ret); + CM_LOG_I("leave get certificate info, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmSetCertStatus(const struct CmBlob *certUri, const uint32_t store, const bool status) { - CM_LOG_D("enter set certificate status"); + CM_LOG_I("enter set certificate status"); if (certUri == NULL) { CM_LOG_E("invalid input arguments"); return CMR_ERROR_NULL_POINTER; @@ -76,13 +76,13 @@ CM_API_EXPORT int32_t CmSetCertStatus(const struct CmBlob *certUri, const uint32 uint32_t uStatus = status ? 0 : 1; // 0 indicates the certificate enabled status int32_t ret = CmClientSetCertStatus(certUri, store, uStatus); - CM_LOG_D("leave set certificate status, result = %d", ret); + CM_LOG_I("leave set certificate status, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmInstallAppCertEx(const struct CmAppCertParam *certParam, struct CmBlob *keyUri) { - CM_LOG_D("enter install app certificate extension"); + CM_LOG_I("enter install app certificate extension"); /* The store must be private, and the userid must be invalid */ if (certParam == NULL || certParam->appCert == NULL || certParam->appCertPwd == NULL|| certParam->certAlias == NULL || keyUri == NULL || certParam->userId != INIT_INVALID_VALUE || @@ -92,14 +92,14 @@ CM_API_EXPORT int32_t CmInstallAppCertEx(const struct CmAppCertParam *certParam, } int32_t ret = CmClientInstallAppCert(certParam, keyUri); - CM_LOG_D("leave install app certificate extension, result = %d", ret); + CM_LOG_I("leave install app certificate extension, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmInstallAppCert(const struct CmBlob *appCert, const struct CmBlob *appCertPwd, const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri) { - CM_LOG_D("enter install app certificate"); + CM_LOG_I("enter install app certificate"); if (appCert == NULL || appCertPwd == NULL || certAlias == NULL || keyUri == NULL || keyUri->data == NULL || CM_STORE_CHECK(store)) { CM_LOG_E("an error in the parameters of installing the application certificate."); @@ -114,41 +114,41 @@ CM_API_EXPORT int32_t CmInstallAppCert(const struct CmBlob *appCert, const struc (struct CmBlob *)certAlias, store, INIT_INVALID_VALUE, level }; int32_t ret = CmClientInstallAppCert(&certParam, keyUri); - CM_LOG_D("leave install app certificate, result = %d", ret); + CM_LOG_I("leave install app certificate, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmUninstallAppCert(const struct CmBlob *keyUri, const uint32_t store) { - CM_LOG_D("enter uninstall app certificate"); + CM_LOG_I("enter uninstall app certificate"); if (keyUri == NULL || CM_STORE_CHECK(store)) { return CMR_ERROR_INVALID_ARGUMENT; } int32_t ret = CmClientUninstallAppCert(keyUri, store); - CM_LOG_D("leave uninstall app certificate, result = %d", ret); + CM_LOG_I("leave uninstall app certificate, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmUninstallAllAppCert(void) { - CM_LOG_D("enter uninstall all app certificate"); + CM_LOG_I("enter uninstall all app certificate"); int32_t ret = CmClientUninstallAllAppCert(CM_MSG_UNINSTALL_ALL_APP_CERTIFICATE); - CM_LOG_D("leave uninstall all app certificate, result = %d", ret); + CM_LOG_I("leave uninstall all app certificate, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmGetAppCertList(const uint32_t store, struct CredentialList *certificateList) { - CM_LOG_D("enter get app certificatelist"); + CM_LOG_I("enter get app certificatelist"); if (certificateList == NULL || CM_STORE_CHECK(store)) { return CMR_ERROR_INVALID_ARGUMENT; } int32_t ret = CmClientGetAppCertList(store, certificateList); - CM_LOG_D("leave get app certificatelist, result = %d", ret); + CM_LOG_I("leave get app certificatelist, result = %d", ret); return ret; } @@ -165,148 +165,148 @@ CM_API_EXPORT int32_t CmCallingGetAppCertList(const uint32_t store, struct Crede CM_API_EXPORT int32_t CmGetAppCert(const struct CmBlob *keyUri, const uint32_t store, struct Credential *certificate) { - CM_LOG_D("enter get app certificate"); + CM_LOG_I("enter get app certificate"); if (keyUri == NULL || certificate == NULL || CM_STORE_CHECK(store)) { return CMR_ERROR_INVALID_ARGUMENT; } int32_t ret = CmClientGetAppCert(keyUri, store, certificate); - CM_LOG_D("leave get app certificate, result = %d", ret); + CM_LOG_I("leave get app certificate, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmGrantAppCertificate(const struct CmBlob *keyUri, uint32_t appUid, struct CmBlob *authUri) { - CM_LOG_D("enter grant app certificate"); + CM_LOG_I("enter grant app certificate"); if ((keyUri == NULL) || (authUri == NULL)) { CM_LOG_E("invalid input arguments"); return CMR_ERROR_INVALID_ARGUMENT; } int32_t ret = CmClientGrantAppCertificate(keyUri, appUid, authUri); - CM_LOG_D("leave grant app certificate, result = %d", ret); + CM_LOG_I("leave grant app certificate, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmGetAuthorizedAppList(const struct CmBlob *keyUri, struct CmAppUidList *appUidList) { - CM_LOG_D("enter get authorized app list"); + CM_LOG_I("enter get authorized app list"); if ((keyUri == NULL) || (appUidList == NULL)) { CM_LOG_E("invalid input arguments"); return CMR_ERROR_INVALID_ARGUMENT; } int32_t ret = CmClientGetAuthorizedAppList(keyUri, appUidList); - CM_LOG_D("leave get authorized app list, result = %d", ret); + CM_LOG_I("leave get authorized app list, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmIsAuthorizedApp(const struct CmBlob *authUri) { - CM_LOG_D("enter check is app authed"); + CM_LOG_I("enter check is app authed"); if (authUri == NULL) { CM_LOG_E("invalid input arguments"); return CMR_ERROR_INVALID_ARGUMENT; } int32_t ret = CmClientIsAuthorizedApp(authUri); - CM_LOG_D("leave check is app authed, result = %d", ret); + CM_LOG_I("leave check is app authed, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmRemoveGrantedApp(const struct CmBlob *keyUri, uint32_t appUid) { - CM_LOG_D("enter remove granted app"); + CM_LOG_I("enter remove granted app"); if (keyUri == NULL) { CM_LOG_E("invalid input arguments"); return CMR_ERROR_INVALID_ARGUMENT; } int32_t ret = CmClientRemoveGrantedApp(keyUri, appUid); - CM_LOG_D("leave remove granted app, result = %d", ret); + CM_LOG_I("leave remove granted app, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmInit(const struct CmBlob *authUri, const struct CmSignatureSpec *spec, struct CmBlob *handle) { - CM_LOG_D("enter cert manager init"); + CM_LOG_I("enter cert manager init"); if ((authUri == NULL) || (spec == NULL) || (handle == NULL)) { CM_LOG_E("invalid input arguments"); return CMR_ERROR_INVALID_ARGUMENT; } int32_t ret = CmClientInit(authUri, spec, handle); - CM_LOG_D("leave cert manager init, result = %d", ret); + CM_LOG_I("leave cert manager init, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmUpdate(const struct CmBlob *handle, const struct CmBlob *inData) { - CM_LOG_D("enter cert manager update"); + CM_LOG_I("enter cert manager update"); if ((handle == NULL) || (inData == NULL)) { CM_LOG_E("invalid input arguments"); return CMR_ERROR_INVALID_ARGUMENT; } int32_t ret = CmClientUpdate(handle, inData); - CM_LOG_D("leave cert manager update, result = %d", ret); + CM_LOG_I("leave cert manager update, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmFinish(const struct CmBlob *handle, const struct CmBlob *inData, struct CmBlob *outData) { - CM_LOG_D("enter cert manager finish"); + CM_LOG_I("enter cert manager finish"); if ((handle == NULL) || (inData == NULL) || (outData == NULL)) { CM_LOG_E("invalid input arguments"); return CMR_ERROR_INVALID_ARGUMENT; } int32_t ret = CmClientFinish(handle, inData, outData); - CM_LOG_D("leave cert manager finish, result = %d", ret); + CM_LOG_I("leave cert manager finish, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmAbort(const struct CmBlob *handle) { - CM_LOG_D("enter cert manager abort"); + CM_LOG_I("enter cert manager abort"); if (handle == NULL) { CM_LOG_E("invalid input arguments"); return CMR_ERROR_INVALID_ARGUMENT; } int32_t ret = CmClientAbort(handle); - CM_LOG_D("leave cert manager abort, result = %d", ret); + CM_LOG_I("leave cert manager abort, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmGetUserCertList(uint32_t store, struct CertList *certificateList) { - CM_LOG_D("enter get cert list"); + CM_LOG_I("enter get cert list"); if (certificateList == NULL) { return CMR_ERROR_NULL_POINTER; } const struct UserCAProperty property = { INIT_INVALID_VALUE, CM_ALL_USER }; int32_t ret = CmClientGetUserCertList(&property, store, certificateList); - CM_LOG_D("leave get cert list, result = %d", ret); + CM_LOG_I("leave get cert list, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmGetUserCertInfo(const struct CmBlob *certUri, uint32_t store, struct CertInfo *certificateInfo) { - CM_LOG_D("enter get cert info"); + CM_LOG_I("enter get cert info"); if ((certUri == NULL) || (certificateInfo == NULL)) { return CMR_ERROR_NULL_POINTER; } int32_t ret = CmClientGetUserCertInfo(certUri, store, certificateInfo); - CM_LOG_D("leave get cert info, result = %d", ret); + CM_LOG_I("leave get cert info, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmSetUserCertStatus(const struct CmBlob *certUri, uint32_t store, const bool status) { - CM_LOG_D("enter set cert status"); + CM_LOG_I("enter set cert status"); if (certUri == NULL) { return CMR_ERROR_NULL_POINTER; } @@ -314,14 +314,14 @@ CM_API_EXPORT int32_t CmSetUserCertStatus(const struct CmBlob *certUri, uint32_t uint32_t uStatus = status ? 0 : 1; // 0 indicates the certificate enabled status int32_t ret = CmClientSetUserCertStatus(certUri, store, uStatus); - CM_LOG_D("leave set cert status, result = %d", ret); + CM_LOG_I("leave set cert status, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmInstallUserTrustedCert(const struct CmBlob *userCert, const struct CmBlob *certAlias, struct CmBlob *certUri) { - CM_LOG_D("enter install user trusted cert"); + CM_LOG_I("enter install user trusted cert"); if ((userCert == NULL) || (certAlias == NULL) || (certUri == NULL)) { return CMR_ERROR_INVALID_ARGUMENT; } @@ -329,34 +329,34 @@ CM_API_EXPORT int32_t CmInstallUserTrustedCert(const struct CmBlob *userCert, co uint32_t userId = INIT_INVALID_VALUE; bool status = true; int32_t ret = CmInstallUserCACert(userCert, certAlias, userId, status, certUri); - CM_LOG_D("leave install user trusted cert, result = %d", ret); + CM_LOG_I("leave install user trusted cert, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmUninstallUserTrustedCert(const struct CmBlob *certUri) { - CM_LOG_D("enter uninstall user trusted cert"); + CM_LOG_I("enter uninstall user trusted cert"); if (certUri == NULL) { return CMR_ERROR_INVALID_ARGUMENT; } int32_t ret = CmClientUninstallUserTrustedCert(certUri); - CM_LOG_D("leave uninstall user trusted cert, result = %d", ret); + CM_LOG_I("leave uninstall user trusted cert, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmUninstallAllUserTrustedCert(void) { - CM_LOG_D("enter uninstall all user trusted cert"); + CM_LOG_I("enter uninstall all user trusted cert"); int32_t ret = CmClientUninstallAllUserTrustedCert(); - CM_LOG_D("leave uninstall all user trusted cert, result = %d", ret); + CM_LOG_I("leave uninstall all user trusted cert, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmInstallSystemAppCert(const struct CmAppCertParam *certParam, struct CmBlob *keyUri) { - CM_LOG_D("enter install system app certificate"); + CM_LOG_I("enter install system app certificate"); if ((certParam == NULL) || (certParam->appCert == NULL) || (certParam->appCertPwd == NULL) || (certParam->certAlias == NULL) || (keyUri == NULL) || (keyUri->data == NULL) || (certParam->store != CM_SYS_CREDENTIAL_STORE) || (certParam->userId == 0) || @@ -365,14 +365,14 @@ CM_API_EXPORT int32_t CmInstallSystemAppCert(const struct CmAppCertParam *certPa } int32_t ret = CmClientInstallSystemAppCert(certParam, keyUri); - CM_LOG_D("leave install system app certificate, result = %d", ret); + CM_LOG_I("leave install system app certificate, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmInstallUserCACert(const struct CmBlob *userCert, const struct CmBlob *certAlias, const uint32_t userId, const bool status, struct CmBlob *certUri) { - CM_LOG_D("enter install user ca cert"); + CM_LOG_I("enter install user ca cert"); if ((userCert == NULL) || (certAlias == NULL) || (certUri == NULL)) { return CMR_ERROR_INVALID_ARGUMENT; } @@ -389,20 +389,20 @@ CM_API_EXPORT int32_t CmInstallUserCACert(const struct CmBlob *userCert, uint32_t uStatus = status ? 0 : 1; // 0 indicates the certificate enabled status ret = CmClientInstallUserTrustedCert(userCert, certAlias, userId, uStatus, certUri); - CM_LOG_D("leave install user ca cert, result = %d", ret); + CM_LOG_I("leave install user ca cert, result = %d", ret); return ret; } CM_API_EXPORT int32_t CmGetUserCACertList(const struct UserCAProperty *property, struct CertList *certificateList) { - CM_LOG_D("enter get user ca cert list"); + CM_LOG_I("enter get user ca cert list"); if (certificateList == NULL || property == NULL) { return CMR_ERROR_NULL_POINTER; } const uint32_t store = CM_USER_TRUSTED_STORE; int32_t ret = CmClientGetUserCertList(property, store, certificateList); - CM_LOG_D("leave get user ca cert list, result = %d", ret); + CM_LOG_I("leave get user ca cert list, result = %d", ret); return ret; } diff --git a/interfaces/kits/napi/BUILD.gn b/interfaces/kits/napi/BUILD.gn index e82eb67d24f824e60fd908826d05e523effa868d..03db8cb006881d2853274bd4d9c2f7365614f2c8 100644 --- a/interfaces/kits/napi/BUILD.gn +++ b/interfaces/kits/napi/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2022-2023 Huawei Device Co., Ltd. +# Copyright (c) 2022-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -103,9 +103,11 @@ ohos_shared_library("certmanagerdialog") { "ability_runtime:app_context", "ability_runtime:napi_base_context", "ability_runtime:napi_common", + "access_token:libaccesstoken_sdk", "ace_engine:ace_uicontent", "c_utils:utils", "ipc:ipc_core", + "ipc:ipc_single", "napi:ace_napi", "samgr:samgr_proxy", ] diff --git a/interfaces/kits/napi/src/cm_napi_common.cpp b/interfaces/kits/napi/src/cm_napi_common.cpp index 58da3a826fa9ba6405ecb774dac30a4f625a8d8b..3c708e5f7b3e30f2035b0f6f94d08f37b6261f27 100644 --- a/interfaces/kits/napi/src/cm_napi_common.cpp +++ b/interfaces/kits/napi/src/cm_napi_common.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2024 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -68,6 +68,7 @@ static const std::unordered_map NATIVE_CODE_TO_MSG_MAP = { { CMR_ERROR_AUTH_CHECK_FAILED, NO_AUTHORIZATION_MSG }, { CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT, ALIAS_LENGTH_REACHED_LIMIT_MSG }, { CMR_ERROR_DEVICE_ENTER_ADVSECMODE, DEVICE_ENTER_ADVSECMODE_MSG }, + { CMR_ERROR_PASSWORD_IS_ERR, PASSWORD_IS_ERROR_MSG }, }; } // namespace diff --git a/interfaces/kits/napi/src/cm_napi_get_app_cert_info_common.cpp b/interfaces/kits/napi/src/cm_napi_get_app_cert_info_common.cpp index 1508cd2c0f14b4c3aa6e8e53afcc52dfa5cd692d..a009ccfad0434a9bf827b2f26524a76100a21caa 100644 --- a/interfaces/kits/napi/src/cm_napi_get_app_cert_info_common.cpp +++ b/interfaces/kits/napi/src/cm_napi_get_app_cert_info_common.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -173,6 +173,8 @@ napi_value GetAppCertInfoAsyncWork(napi_env env, GetAppCertInfoAsyncContext asyn napi_value CMNapiGetAppCertInfoCommon(napi_env env, napi_callback_info info, uint32_t store) { + CM_LOG_I("get app cert info enter, store = %u", store); + GetAppCertInfoAsyncContext context = CreateGetAppCertInfoAsyncContext(); if (context == nullptr) { CM_LOG_E("could not create context"); @@ -193,6 +195,8 @@ napi_value CMNapiGetAppCertInfoCommon(napi_env env, napi_callback_info info, uin DeleteGetAppCertInfoAsyncContext(env, context); return nullptr; } + + CM_LOG_I("get app cert info end"); return result; } } // namespace CertManagerNapi diff --git a/interfaces/kits/napi/src/cm_napi_get_app_cert_list_common.cpp b/interfaces/kits/napi/src/cm_napi_get_app_cert_list_common.cpp index a9f109364cf7090f050ff9137366889a3bca4529..b10e264fc2de864ee027efec8456efef9e4e7b61 100644 --- a/interfaces/kits/napi/src/cm_napi_get_app_cert_list_common.cpp +++ b/interfaces/kits/napi/src/cm_napi_get_app_cert_list_common.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -214,6 +214,8 @@ napi_value GetCallingAppCertListAsyncWork(napi_env env, GetAppCertListAsyncConte napi_value CMNapiGetAppCertListCommon(napi_env env, napi_callback_info info, uint32_t store) { + CM_LOG_I("get app cert list enter, store = %u", store); + GetAppCertListAsyncContext context = CreateGetAppCertListAsyncContext(); if (context == nullptr) { CM_LOG_E("could not create context"); @@ -234,11 +236,15 @@ napi_value CMNapiGetAppCertListCommon(napi_env env, napi_callback_info info, uin DeleteGetAppCertListAsyncContext(env, context); return nullptr; } + + CM_LOG_I("get app cert list end"); return result; } napi_value CMNapiGetCallingAppCertListCommon(napi_env env, napi_callback_info info, uint32_t store) { + CM_LOG_I("get calling app cert list enter"); + GetAppCertListAsyncContext context = CreateGetAppCertListAsyncContext(); if (context == nullptr) { CM_LOG_E("could not create context"); @@ -259,6 +265,8 @@ napi_value CMNapiGetCallingAppCertListCommon(napi_env env, napi_callback_info in DeleteGetAppCertListAsyncContext(env, context); return nullptr; } + + CM_LOG_I("get calling app cert list end"); return result; } } // namespace CertManagerNapi diff --git a/interfaces/kits/napi/src/cm_napi_get_cert_store_path.cpp b/interfaces/kits/napi/src/cm_napi_get_cert_store_path.cpp index 7033e62fedfcc12f353f73ea0629b5bac493b841..66b074e4d6922c6ee0169b1b46d7084a91ec5320 100644 --- a/interfaces/kits/napi/src/cm_napi_get_cert_store_path.cpp +++ b/interfaces/kits/napi/src/cm_napi_get_cert_store_path.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024-2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -188,6 +188,7 @@ static int32_t GetAndCheckCertScope(napi_env env, napi_value arg, const enum CmC napi_value CMNapiGetCertStorePath(napi_env env, napi_callback_info info) { + CM_LOG_I("get cert store path enter"); // get params size_t argc = CM_NAPI_GET_CERT_STORE_PATH_ARGS; napi_value argv[CM_NAPI_GET_CERT_STORE_PATH_ARGS] = { nullptr }; @@ -218,6 +219,8 @@ napi_value CMNapiGetCertStorePath(napi_env env, napi_callback_info info) return nullptr; } - return GetCertStorePath(env, static_cast(type), static_cast(scope)); + napi_value res = GetCertStorePath(env, static_cast(type), static_cast(scope)); + CM_LOG_I("get cert store path end"); + return res; } } // namespace CertManagerNapi diff --git a/interfaces/kits/napi/src/cm_napi_get_system_cert_info.cpp b/interfaces/kits/napi/src/cm_napi_get_system_cert_info.cpp index 43480d699f41f39334e94cdcee611e703b2925cb..fb14a40bea1fc15109f2aa800b49cb7f152bdc34 100644 --- a/interfaces/kits/napi/src/cm_napi_get_system_cert_info.cpp +++ b/interfaces/kits/napi/src/cm_napi_get_system_cert_info.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -196,6 +196,7 @@ static napi_value GetCertInfoAsyncWork(napi_env env, GetCertInfoAsyncContext con napi_value CMNapiGetSystemCertInfo(napi_env env, napi_callback_info info) { + CM_LOG_I("get system cert info enter"); GetCertInfoAsyncContext context = CreateGetCertInfoAsyncContext(); if (context == nullptr) { CM_LOG_E("could not create context"); @@ -214,11 +215,14 @@ napi_value CMNapiGetSystemCertInfo(napi_env env, napi_callback_info info) DeleteGetCertInfoAsyncContext(env, context); return nullptr; } + CM_LOG_I("get system cert info end"); return result; } napi_value CMNapiGetUserTrustedCertInfo(napi_env env, napi_callback_info info) { + CM_LOG_I("get user cert info enter"); + GetCertInfoAsyncContext context = CreateGetCertInfoAsyncContext(); if (context == nullptr) { CM_LOG_E("create cert info context failed"); @@ -237,6 +241,8 @@ napi_value CMNapiGetUserTrustedCertInfo(napi_env env, napi_callback_info info) DeleteGetCertInfoAsyncContext(env, context); return nullptr; } + + CM_LOG_I("get user cert info end"); return result; } } // namespace CertManagerNapi diff --git a/interfaces/kits/napi/src/cm_napi_get_system_cert_list.cpp b/interfaces/kits/napi/src/cm_napi_get_system_cert_list.cpp index a6d7eb12857949ecd5e75668375b69e511118331..4468842ea20b86c3fecc5845b47cb5a439b70be4 100644 --- a/interfaces/kits/napi/src/cm_napi_get_system_cert_list.cpp +++ b/interfaces/kits/napi/src/cm_napi_get_system_cert_list.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2024 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -223,6 +223,7 @@ static napi_value GetCertListAsyncWork(napi_env env, GetCertListAsyncContext con napi_value CMNapiGetSystemCertList(napi_env env, napi_callback_info info) { + CM_LOG_I("get system cert list enter"); GetCertListAsyncContext context = CreateGetCertListAsyncContext(); if (context == nullptr) { CM_LOG_E("could not create context"); @@ -240,11 +241,14 @@ napi_value CMNapiGetSystemCertList(napi_env env, napi_callback_info info) DeleteGetCertListAsyncContext(env, context); return nullptr; } + CM_LOG_I("get system cert list end"); return result; } napi_value CMNapiGetAllUserTrustedCertList(napi_env env, napi_callback_info info) { + CM_LOG_I("get all user cert list enter"); + GetCertListAsyncContext context = CreateGetCertListAsyncContext(); if (context == nullptr) { CM_LOG_E("create context failed"); @@ -264,6 +268,8 @@ napi_value CMNapiGetAllUserTrustedCertList(napi_env env, napi_callback_info info DeleteGetCertListAsyncContext(env, context); return nullptr; } + + CM_LOG_I("get all user cert list end"); return result; } } // namespace CertManagerNapi diff --git a/interfaces/kits/napi/src/cm_napi_grant.cpp b/interfaces/kits/napi/src/cm_napi_grant.cpp index 693cb72b01f49dd9c0be59aa32002ef91469d737..cfa5854ff78965558e3cf4dc800eef2a970c493b 100644 --- a/interfaces/kits/napi/src/cm_napi_grant.cpp +++ b/interfaces/kits/napi/src/cm_napi_grant.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2024 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -435,6 +435,8 @@ static napi_value GetUidListAsyncWork(napi_env env, GrantAsyncContext context) napi_value CMNapiGrantPublicCertificate(napi_env env, napi_callback_info info) { + CM_LOG_I("grant publice cert enter"); + GrantAsyncContext context = InitGrantAsyncContext(); if (context == nullptr) { CM_LOG_E("init grant uid context failed"); @@ -455,11 +457,14 @@ napi_value CMNapiGrantPublicCertificate(napi_env env, napi_callback_info info) return nullptr; } + CM_LOG_I("grant publice cert end"); return result; } napi_value CMNapiIsAuthorizedApp(napi_env env, napi_callback_info info) { + CM_LOG_I("is authed app enter"); + GrantAsyncContext context = InitGrantAsyncContext(); if (context == nullptr) { CM_LOG_E("init is authed uid context failed"); @@ -480,11 +485,14 @@ napi_value CMNapiIsAuthorizedApp(napi_env env, napi_callback_info info) return nullptr; } + CM_LOG_I("is authed app end"); return result; } napi_value CMNapiGetAuthorizedAppList(napi_env env, napi_callback_info info) { + CM_LOG_I("get auth app list enter"); + GrantAsyncContext context = InitGrantAsyncContext(); if (context == nullptr) { CM_LOG_E("init get authed uid list context failed"); @@ -505,11 +513,14 @@ napi_value CMNapiGetAuthorizedAppList(napi_env env, napi_callback_info info) return nullptr; } + CM_LOG_I("get auth app list end"); return result; } napi_value CMNapiRemoveGrantedPublic(napi_env env, napi_callback_info info) { + CM_LOG_I("remove granted app enter"); + GrantAsyncContext context = InitGrantAsyncContext(); if (context == nullptr) { CM_LOG_E("init remove uid context failed"); @@ -530,6 +541,7 @@ napi_value CMNapiRemoveGrantedPublic(napi_env env, napi_callback_info info) return nullptr; } + CM_LOG_I("remove granted app end"); return result; } } // namespace CMNapi diff --git a/interfaces/kits/napi/src/cm_napi_install_app_cert_common.cpp b/interfaces/kits/napi/src/cm_napi_install_app_cert_common.cpp index f05e49be808795a47ed25a5b1b871bb7633a5893..c3d2193a0849cbaadae71780a58c823c21e61af7 100644 --- a/interfaces/kits/napi/src/cm_napi_install_app_cert_common.cpp +++ b/interfaces/kits/napi/src/cm_napi_install_app_cert_common.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -254,6 +254,8 @@ napi_value InstallAppCertAsyncWork(napi_env env, InstallAppCertAsyncContext asyn napi_value CMNapiInstallAppCertCommon(napi_env env, napi_callback_info info, uint32_t store) { + CM_LOG_I("install app cert enter, store = %u", store); + InstallAppCertAsyncContext context = CreateInstallAppCertAsyncContext(); if (context == nullptr) { CM_LOG_E("could not create context"); @@ -274,6 +276,8 @@ napi_value CMNapiInstallAppCertCommon(napi_env env, napi_callback_info info, uin DeleteInstallAppCertAsyncContext(env, context); return nullptr; } + + CM_LOG_I("install app cert end"); return result; } } // namespace CertManagerNapi diff --git a/interfaces/kits/napi/src/cm_napi_set_cert_status.cpp b/interfaces/kits/napi/src/cm_napi_set_cert_status.cpp index fc0a6448c4f7f5017f5fbe8fadfe810867f10685..0aee2816e66e9608181ff1e0387fa01077a1aaf9 100644 --- a/interfaces/kits/napi/src/cm_napi_set_cert_status.cpp +++ b/interfaces/kits/napi/src/cm_napi_set_cert_status.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -178,6 +178,8 @@ static napi_value SetCertStatusAsyncWork(napi_env env, SetCertStatusAsyncContext napi_value CMNapiSetCertStatus(napi_env env, napi_callback_info info) { + CM_LOG_I("set cert status enter"); + SetCertStatusAsyncContext context = CreateSetCertStatusAsyncContext(); if (context == nullptr) { CM_LOG_E("could not create context"); @@ -196,6 +198,8 @@ napi_value CMNapiSetCertStatus(napi_env env, napi_callback_info info) DeleteSetCertStatusAsyncContext(env, context); return nullptr; } + + CM_LOG_I("set cert status end"); return result; } } // namespace CertManagerNapi diff --git a/interfaces/kits/napi/src/cm_napi_sign_verify.cpp b/interfaces/kits/napi/src/cm_napi_sign_verify.cpp index a09ddca35f4739e1611e8ac89ac882f5d916874b..20079d370eb9e049a3f9aaf273c6b434472a8d31 100644 --- a/interfaces/kits/napi/src/cm_napi_sign_verify.cpp +++ b/interfaces/kits/napi/src/cm_napi_sign_verify.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -810,6 +810,8 @@ static napi_value CMAbortAsyncWork(napi_env env, SignVerifyAsyncContext context) napi_value CMNapiInit(napi_env env, napi_callback_info info) { + CM_LOG_I("cm napi init enter"); + SignVerifyAsyncContext context = InitSignVerifyAsyncContext(); if (context == nullptr) { CM_LOG_E("init cm init context failed"); @@ -830,11 +832,13 @@ napi_value CMNapiInit(napi_env env, napi_callback_info info) return nullptr; } + CM_LOG_I("cm napi init end"); return result; } napi_value CMNapiUpdate(napi_env env, napi_callback_info info) { + CM_LOG_I("cm napi update enter"); SignVerifyAsyncContext context = InitSignVerifyAsyncContext(); if (context == nullptr) { CM_LOG_E("init cm update context failed"); @@ -855,11 +859,13 @@ napi_value CMNapiUpdate(napi_env env, napi_callback_info info) return nullptr; } + CM_LOG_I("cm napi update end"); return result; } napi_value CMNapiFinish(napi_env env, napi_callback_info info) { + CM_LOG_I("cm napi finish enter"); SignVerifyAsyncContext context = InitSignVerifyAsyncContext(); if (context == nullptr) { CM_LOG_E("init cm finish context failed"); @@ -880,11 +886,13 @@ napi_value CMNapiFinish(napi_env env, napi_callback_info info) return nullptr; } + CM_LOG_I("cm napi finish end"); return result; } napi_value CMNapiAbort(napi_env env, napi_callback_info info) { + CM_LOG_I("cm napi abort enter"); SignVerifyAsyncContext context = InitSignVerifyAsyncContext(); if (context == nullptr) { CM_LOG_E("init cm abort context failed"); @@ -906,6 +914,7 @@ napi_value CMNapiAbort(napi_env env, napi_callback_info info) } return result; + CM_LOG_I("cm napi abort end"); } } // namespace CMNapi diff --git a/interfaces/kits/napi/src/cm_napi_uninstall_all_app_cert.cpp b/interfaces/kits/napi/src/cm_napi_uninstall_all_app_cert.cpp index 712916faa221381f312500cc88e2ad4f82c068da..80ef71eef439826a38d1cc7428710cbabc1691b8 100644 --- a/interfaces/kits/napi/src/cm_napi_uninstall_all_app_cert.cpp +++ b/interfaces/kits/napi/src/cm_napi_uninstall_all_app_cert.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -137,6 +137,8 @@ static napi_value UninstallAllAppCertAsyncWork(napi_env env, UninstallAllAppCert napi_value CMNapiUninstallAllAppCert(napi_env env, napi_callback_info info) { + CM_LOG_I("uninstall all app cert enter"); + UninstallAllAppCertAsyncContext context = CreateUinstallAllAppCertAsyncContext(); if (context == nullptr) { CM_LOG_E("could not create context"); @@ -155,6 +157,8 @@ napi_value CMNapiUninstallAllAppCert(napi_env env, napi_callback_info info) DeleteUninstallAllAppCertAsyncContext(env, context); return nullptr; } + + CM_LOG_I("uninstall all app cert end"); return result; } } // namespace CertManagerNapi diff --git a/interfaces/kits/napi/src/cm_napi_uninstall_app_cert_common.cpp b/interfaces/kits/napi/src/cm_napi_uninstall_app_cert_common.cpp index ad7dc7966a216f64d905c7cb71b970bce2a130f7..83ff35ba2eecc8fe0ad53441b30c674c13080e86 100644 --- a/interfaces/kits/napi/src/cm_napi_uninstall_app_cert_common.cpp +++ b/interfaces/kits/napi/src/cm_napi_uninstall_app_cert_common.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -143,6 +143,8 @@ napi_value UninstallAppCertAsyncWork(napi_env env, UninstallAppCertAsyncContext napi_value CMNapiUninstallAppCertCommon(napi_env env, napi_callback_info info, uint32_t store) { + CM_LOG_I("uninstall app cert enter, store = %u", store); + UninstallAppCertAsyncContext context = CreateUninstallAppCertAsyncContext(); if (context == nullptr) { CM_LOG_E("could not create context"); @@ -163,6 +165,8 @@ napi_value CMNapiUninstallAppCertCommon(napi_env env, napi_callback_info info, u DeleteUninstallAppCertAsyncContext(env, context); return nullptr; } + + CM_LOG_I("uninstall app cert end"); return result; } } // namespace CertManagerNapi diff --git a/interfaces/kits/napi/src/cm_napi_user_trusted_cert.cpp b/interfaces/kits/napi/src/cm_napi_user_trusted_cert.cpp index 639ce51c19f11e62e9aec80da240e6fe3c9aea72..0e0cc70895bfd613e9be7d93d73a50f115a66253 100644 --- a/interfaces/kits/napi/src/cm_napi_user_trusted_cert.cpp +++ b/interfaces/kits/napi/src/cm_napi_user_trusted_cert.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -220,7 +220,7 @@ static int32_t ParseUninstallUserCertSyncParams(napi_env env, napi_callback_info CM_LOG_E("get certUri failed when uninstalling user cert sync"); return CMR_ERROR_INVALID_ARGUMENT; } - + return CM_SUCCESS; } @@ -467,6 +467,8 @@ static int32_t InstallUserCertSyncExecute(CmBlob *userCert, const CmCertScope sc napi_value CMNapiInstallUserTrustedCert(napi_env env, napi_callback_info info) { + CM_LOG_I("install user trusted cert enter"); + UserCertAsyncContext context = InitUserCertAsyncContext(); if (context == nullptr) { CM_LOG_E("init install user cert context failed"); @@ -487,11 +489,14 @@ napi_value CMNapiInstallUserTrustedCert(napi_env env, napi_callback_info info) return nullptr; } + CM_LOG_I("install user trusted cert end"); return result; } napi_value CMNapiInstallUserTrustedCertSync(napi_env env, napi_callback_info info) { + CM_LOG_I("install user trusted cert sync enter"); + CmBlob *userCert = nullptr; CmCertScope installScope; uint8_t uri[OUT_AUTH_URI_SIZE] = { 0 }; @@ -519,11 +524,15 @@ napi_value CMNapiInstallUserTrustedCertSync(napi_env env, napi_callback_info inf } napi_value result = ConvertResultCertUri(env, &certUri); FreeCmBlob(userCert); + + CM_LOG_I("install user trusted cert sync end"); return result; } napi_value CMNapiUninstallUserTrustedCert(napi_env env, napi_callback_info info) { + CM_LOG_I("uninstall user trusted cert enter"); + UserCertAsyncContext context = InitUserCertAsyncContext(); if (context == nullptr) { CM_LOG_E("init uninstall user cert context failed"); @@ -544,11 +553,14 @@ napi_value CMNapiUninstallUserTrustedCert(napi_env env, napi_callback_info info) return nullptr; } + CM_LOG_I("uninstall user trusted cert end"); return result; } napi_value CMNapiUninstallAllUserTrustedCert(napi_env env, napi_callback_info info) { + CM_LOG_I("uninstall all user trusted cert enter"); + UserCertAsyncContext context = InitUserCertAsyncContext(); if (context == nullptr) { CM_LOG_E("init uninstall all user cert context failed"); @@ -569,11 +581,14 @@ napi_value CMNapiUninstallAllUserTrustedCert(napi_env env, napi_callback_info in return nullptr; } + CM_LOG_I("uninstall all user trusted cert end"); return result; } napi_value CMNapiUninstallUserCertSync(napi_env env, napi_callback_info info) { + CM_LOG_I("uninstall user trusted cert sync enter"); + UserCertAsyncContext context = InitUserCertAsyncContext(); int32_t ret; do { @@ -600,8 +615,10 @@ napi_value CMNapiUninstallUserCertSync(napi_env env, napi_callback_info info) CM_LOG_E("uninstall user cert sync failed, ret = %d", ret); napi_throw(env, GenerateBusinessError(env, ret)); } - + FreeUserCertAsyncContext(env, context); + + CM_LOG_I("uninstall user trusted cert sync end"); return nullptr; } } // namespace CMNapi diff --git a/interfaces/kits/napi/src/dialog/cm_napi_dialog_common.cpp b/interfaces/kits/napi/src/dialog/cm_napi_dialog_common.cpp index 9e1bdc20e574dd5e5f1e072ace86c5fe9a4fe2e7..2635285d65b511f1ebea505f0a4737b30a8aa361 100644 --- a/interfaces/kits/napi/src/dialog/cm_napi_dialog_common.cpp +++ b/interfaces/kits/napi/src/dialog/cm_napi_dialog_common.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2024 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,6 +23,10 @@ #include "iservice_registry.h" #include "bundle_mgr_proxy.h" #include "system_ability_definition.h" +#include "accesstoken_kit.h" +#include "ipc_skeleton.h" + +using namespace OHOS::Security::AccessToken; #define BYTE_SHIFT_16 0x10 #define BYTE_SHIFT_8 0x08 @@ -103,9 +107,31 @@ static const std::unordered_map DIALOG_CODE_TO_MSG_MAP = { }; } // namespace +static bool CheckBasicPermission(void) +{ + AccessTokenID tokenId = OHOS::IPCSkeleton::GetCallingTokenID(); + + int result = AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.ACCESS_CERT_MANAGER"); + if (result == PERMISSION_GRANTED) { + return true; + } + + return false; +} + void StartUIExtensionAbility(std::shared_ptr asyncContext, OHOS::AAFwk::Want want, std::shared_ptr uiExtCallback) { + /* + * Before starting the UIExtension, the permission is verified for interception. + * The verification will be performed again in the process of starting the com.ohos.certmanager application. + */ + if (!CheckBasicPermission()) { + CM_LOG_E("not has basic permission"); + ThrowError(asyncContext->env, HAS_NO_PERMISSION, DIALOG_NO_PERMISSION_MSG); + return; + } + CM_LOG_D("begin StartUIExtensionAbility"); auto abilityContext = asyncContext->context; if (abilityContext == nullptr) { diff --git a/interfaces/kits/napi/src/dialog/cm_napi_open_detail_dialog.cpp b/interfaces/kits/napi/src/dialog/cm_napi_open_detail_dialog.cpp index 47499a1ed0d67f2ba7574f031e7728a8b1123558..8e11d17ed73a8cb7102e1f0b0edebb1b29ce682b 100644 --- a/interfaces/kits/napi/src/dialog/cm_napi_open_detail_dialog.cpp +++ b/interfaces/kits/napi/src/dialog/cm_napi_open_detail_dialog.cpp @@ -84,7 +84,7 @@ static OHOS::AAFwk::Want CMGetCertDetailWant(std::shared_ptr(asyncContext); StartUIExtensionAbility(asyncContext, CMGetCertDetailWant(asyncContext), uiExtCallback); - CM_LOG_D("cert open detail dialog end"); + CM_LOG_I("cert open detail dialog end"); return result; } } // namespace CMNapi diff --git a/interfaces/kits/napi/src/dialog/cm_napi_open_dialog.cpp b/interfaces/kits/napi/src/dialog/cm_napi_open_dialog.cpp index 3394ee5a1baad71640769c88aaf5cc21550c8376..1d77a35be265de2c6f7ff80d4164b156eaafa31d 100644 --- a/interfaces/kits/napi/src/dialog/cm_napi_open_dialog.cpp +++ b/interfaces/kits/napi/src/dialog/cm_napi_open_dialog.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -214,7 +214,7 @@ napi_value CMNapiOpenCertManagerDialog(napi_env env, napi_callback_info info) auto uiExtCallback = std::make_shared(asyncContext); // Start ui extension by context. StartUIExtensionAbility(asyncContext, want, uiExtCallback); - CM_LOG_D("cert manager dialog end"); + CM_LOG_I("cert manager dialog end"); return result; } } // namespace CMNapi \ No newline at end of file diff --git a/interfaces/kits/napi/src/dialog/cm_napi_open_install_dialog.cpp b/interfaces/kits/napi/src/dialog/cm_napi_open_install_dialog.cpp index 3e424285eee4da0bf549a6156694136ce45bb917..b4b4b62e04982840ed777d576d04248074634867 100644 --- a/interfaces/kits/napi/src/dialog/cm_napi_open_install_dialog.cpp +++ b/interfaces/kits/napi/src/dialog/cm_napi_open_install_dialog.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -98,7 +98,7 @@ static OHOS::AAFwk::Want CMGetInstallCertWant(std::shared_ptr(asyncContext); StartUIExtensionAbility(asyncContext, CMGetInstallCertWant(asyncContext), uiExtCallback); - CM_LOG_D("cert install dialog end"); + CM_LOG_I("cert install dialog end"); return result; } } // namespace CMNapi diff --git a/interfaces/kits/napi/src/dialog/cm_napi_open_uninstall_dialog.cpp b/interfaces/kits/napi/src/dialog/cm_napi_open_uninstall_dialog.cpp index 59f888cd0a9c1e2f54e4e16ffb7e9987c0c077bb..17a8f5899dfbdbdfb5af231e58f04bec19a348a1 100755 --- a/interfaces/kits/napi/src/dialog/cm_napi_open_uninstall_dialog.cpp +++ b/interfaces/kits/napi/src/dialog/cm_napi_open_uninstall_dialog.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -82,7 +82,7 @@ static OHOS::AAFwk::Want CMGetUninstallCertWant(std::shared_ptr(asyncContext); StartUIExtensionAbility(asyncContext, CMGetUninstallCertWant(asyncContext), uiExtCallback); - CM_LOG_D("cert install dialog end"); + CM_LOG_I("cert uninstall dialog end"); return result; } } // namespace CMNapi \ No newline at end of file diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c index fb64e7f3f119b9f4b109f4255d1e980ac6c68317..c38909f59f1307c7ccd7aaada1a1550b41d6c188 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2024 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -50,24 +50,32 @@ static bool g_hksInitialized = false; int32_t CertManagerInitialize(void) { + int32_t ret; if (!g_hksInitialized) { - ASSERT_CM_CALL(HksInitialize()); + ret = HksInitialize(); + if (ret != HKS_SUCCESS) { + CM_LOG_E("HUKS init failed, ret = %d", ret); + return CMR_ERROR_SA_START_HUKS_INIT_FAILED; + } g_hksInitialized = true; } if (CmMakeDir(CERT_DIR) == CMR_ERROR_MAKE_DIR_FAIL) { CM_LOG_E("Failed to create folder\n"); - return CMR_ERROR_WRITE_FILE_FAIL; + return CMR_ERROR_MAKE_DIR_FAIL; } - int32_t ret = CreateCertPropertyRdb(); + ret = CreateCertPropertyRdb(); if (ret != CM_SUCCESS) { return ret; } - ASSERT_FUNC(CertManagerStatusInit()); + ret = CertManagerStatusInit(); + if (ret != CM_SUCCESS) { + return (ret == CM_FAILURE) ? CMR_ERROR_SA_START_STATUS_INIT_FAILED : ret; + } - return CMR_OK; + return CM_SUCCESS; } static int32_t GetFilePath(const struct CmContext *context, uint32_t store, char *pathPtr, @@ -102,12 +110,12 @@ static int32_t GetFilePath(const struct CmContext *context, uint32_t store, char ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s", SYSTEM_CA_STORE); break; default: - return CMR_ERROR_NOT_SUPPORTED; + return CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE; } if (ret < 0) { CM_LOG_E("Construct file Path failed ret: %d", ret); - return CMR_ERROR; + return CMR_ERROR_MEM_OPERATION_PRINT; } // construct file suffix @@ -115,7 +123,7 @@ static int32_t GetFilePath(const struct CmContext *context, uint32_t store, char ret = sprintf_s(suffix, MAX_SUFFIX_LEN, "%u", context->uid); if (ret < 0) { CM_LOG_E("Construct file suffix failed ret: %d", ret); - return CMR_ERROR; + return CMR_ERROR_MEM_OPERATION_PRINT; } } @@ -136,13 +144,13 @@ static int32_t CmGetFilePath(const struct CmContext *context, uint32_t store, st int32_t ret = GetFilePath(context, store, pathPtr, suffixBuf, &suffixLen); if (ret != CMR_OK) { CM_LOG_E("Get file path faild"); - return CMR_ERROR; + return ret; } /* Create folder if it does not exist */ if (CmMakeDir(pathPtr) == CMR_ERROR_MAKE_DIR_FAIL) { CM_LOG_E("Failed to create path folder"); - return CMR_ERROR_WRITE_FILE_FAIL; + return CMR_ERROR_MAKE_DIR_FAIL; } if (pathBlob->size - 1 < strlen(pathPtr) + suffixLen) { @@ -153,18 +161,18 @@ static int32_t CmGetFilePath(const struct CmContext *context, uint32_t store, st char *path = (char *)pathBlob->data; if (suffixLen == 0) { if (sprintf_s(path, MAX_PATH_LEN, "%s", pathPtr) < 0) { - return CM_FAILURE; + return CMR_ERROR_MEM_OPERATION_PRINT; } } else { if (sprintf_s(path, MAX_PATH_LEN, "%s/%s", pathPtr, suffixBuf) < 0) { - return CM_FAILURE; + return CMR_ERROR_MEM_OPERATION_PRINT; } } pathBlob->size = strlen(path) + 1; if (CmMakeDir(path) == CMR_ERROR_MAKE_DIR_FAIL) { CM_LOG_E("Failed to create folder"); - return CMR_ERROR_WRITE_FILE_FAIL; + return CMR_ERROR_MAKE_DIR_FAIL; } return CMR_OK; } @@ -199,7 +207,7 @@ int32_t CertManagerFindCertFileNameByUri(const struct CmContext *context, const ret = CertManagerGetFilenames(&fileNames, (char *)path->data); if (ret != CM_SUCCESS) { CM_LOG_E("Failed obtain filenames from path"); - return CMR_ERROR_STORAGE; + return ret; } struct CmMutableBlob *fNames = (struct CmMutableBlob *)fileNames.data; @@ -288,10 +296,10 @@ static int32_t CmAppCertGetFilePath(const struct CmContext *context, const uint3 ret = sprintf_s((char *)path->data, MAX_PATH_LEN, "%s%u", USER_CA_STORE, context->userId); break; default: - break; + return CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE; } if (ret < 0) { - return CM_FAILURE; + return CMR_ERROR_MEM_OPERATION_PRINT; } return CM_SUCCESS; } @@ -318,10 +326,10 @@ static int32_t CmCallingAppCertGetFilePath(const struct CmContext *context, cons USER_CA_STORE, context->userId, context->uid); break; default: - break; + return CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE; } if (ret < 0) { - return CM_FAILURE; + return CMR_ERROR_MEM_OPERATION_PRINT; } return CM_SUCCESS; } @@ -405,8 +413,8 @@ static int32_t CmRemoveSpecifiedAppCert(const struct CmContext *context, const u (void)memset_s(fileNames, len, 0, len); do { - if (CmAppCertGetFilePath(context, store, &path) != CM_SUCCESS) { - ret = CM_FAILURE; + ret = CmAppCertGetFilePath(context, store, &path); + if (ret != CM_SUCCESS) { CM_LOG_E("Get file path for store:%u faild", store); break; } @@ -572,7 +580,7 @@ int32_t CmCheckCertCount(const struct CmContext *context, const uint32_t store, char fullFileName[CM_MAX_FILE_NAME_LEN] = {0}; if (snprintf_s(fullFileName, CM_MAX_FILE_NAME_LEN, CM_MAX_FILE_NAME_LEN - 1, "%s/%s", pathBuf, fileName) < 0) { CM_LOG_E("mkdir full name failed"); - ret = CM_FAILURE; + ret = CMR_ERROR_MEM_OPERATION_PRINT; break; } @@ -604,7 +612,7 @@ static int32_t ConstructCertUri(const struct CmContext *context, const struct Cm if (memcpy_s(certUri->data, certUri->size, commonUri.data, commonUri.size) != EOK) { CM_LOG_E("copy cert uri failed"); - ret = CMR_ERROR_INVALID_OPERATION; + ret = CMR_ERROR_MEM_OPERATION_COPY; break; } @@ -619,7 +627,7 @@ int32_t CmWriteUserCert(const struct CmContext *context, struct CmMutableBlob *p const struct CmBlob *userCert, const struct CmBlob *certAlias, struct CmBlob *certUri) { if (certAlias->size > MAX_LEN_CERT_ALIAS) { - CM_LOG_E("alias size is too large"); + CM_LOG_E("alias size[%u] is too large", certAlias->size); return CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT; } @@ -676,7 +684,7 @@ int32_t CmGetDisplayNameByURI(const struct CmBlob *uri, const char *object, stru } if (memcpy_s(displayName->data, displayName->size, temp, strlen(temp) + 1) != CM_SUCCESS) { CM_LOG_E("Failed to copy displayName->data"); - ret = CM_FAILURE; + ret = CMR_ERROR_MEM_OPERATION_COPY; } displayName->size = strlen(temp) + 1; return ret; @@ -719,22 +727,22 @@ int32_t RdbInsertCertProperty(const struct CertPropertyOri *propertyOri) certProp.certStore = (int32_t)propertyOri->store; if (memcpy_s(certProp.certType, MAX_LEN_CERT_TYPE, certType, strlen(certType)) != EOK) { CM_LOG_E("memcpy certType fail"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } if (memcpy_s(certProp.uri, MAX_LEN_URI, (char *)propertyOri->uri->data, propertyOri->uri->size) != EOK) { CM_LOG_E("memcpy uri fail"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } if (memcpy_s(certProp.alias, MAX_LEN_CERT_ALIAS, (char *)propertyOri->alias->data, propertyOri->alias->size) != EOK) { CM_LOG_E("memcpy subjectName fail"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } if (memcpy_s(certProp.subjectName, MAX_LEN_SUBJECT_NAME, (char *)propertyOri->subjectName->data, propertyOri->subjectName->size) != EOK) { CM_LOG_E("memcpy subjectName fail"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } int32_t ret = InsertCertProperty(&certProp); @@ -763,13 +771,13 @@ int32_t CmGenerateSaConf(const char *userCertConfigPath, const char *userCertBak if (userCertBakupDirPath == NULL) { if (snprintf_s(userCertBackupFilePath, CERT_MAX_PATH_LEN, CERT_MAX_PATH_LEN - 1, "%s", userCertName) < 0) { CM_LOG_E("construct userCertBackupFilePath failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } } else { if (snprintf_s(userCertBackupFilePath, CERT_MAX_PATH_LEN, CERT_MAX_PATH_LEN - 1, "%s/%s", userCertBakupDirPath, userCertName) < 0) { CM_LOG_E("construct userCertBackupFilePath failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } } @@ -878,7 +886,7 @@ static int32_t RemoveAllConfUidDir(uint32_t userId, const char *uidPath) int32_t ret = CmGetCertConfUidDir(userId, uid, configUidDirPath, CERT_MAX_PATH_LEN); if (ret != CM_SUCCESS) { CM_LOG_E("Get user cert config file UidDirPath failed, ret = %d", ret); - return CM_FAILURE; + return ret; } ret = CmDirRemove(configUidDirPath); @@ -930,7 +938,7 @@ int32_t CmRemoveBackupUserCert(const struct CmContext *context, const struct CmB ret = CmGetCertConfPath(context->userId, context->uid, certUri, userConfigFilePath, CERT_MAX_PATH_LEN); if (ret != CM_SUCCESS) { CM_LOG_E("CmGetCertConfPath failed, ret = %d", ret); - return CM_FAILURE; + return ret; } userConfFilePath = userConfigFilePath; } else { @@ -940,13 +948,13 @@ int32_t CmRemoveBackupUserCert(const struct CmContext *context, const struct CmB ret = CmRmUserCert(userConfFilePath); if (ret != CM_SUCCESS) { CM_LOG_E("RmUserCertFile failed, ret = %d", ret); - return CM_FAILURE; + return ret; } ret = CmRmSaConf(userConfFilePath); if (ret != CM_SUCCESS) { CM_LOG_E("RmSaConfFile fail, ret = %d", ret); - return CM_FAILURE; + return ret; } return CM_SUCCESS; @@ -974,7 +982,7 @@ int32_t GetObjNameFromCertData(const struct CmBlob *certData, const struct CmBlo if (memcpy_s(objectName->data, objectName->size, object.data, object.size) != CM_SUCCESS) { CM_LOG_E("memcpy object name failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } return CM_SUCCESS; } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c index 65118c8a9cd372443fd8f6184165917b2c4f4c9c..dc0abc2e663c2ee114031e8746765e1ed7c71144 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -52,7 +52,7 @@ static int32_t TransEccKeyToKeyBlob(const EC_KEY *eccKey, const struct HksKeyMat struct CmBlob *rawMaterial) { /* rawMaterial size ensure enougth */ - int32_t ret = CM_FAILURE; + int32_t ret = CMR_ERROR_OPENSSL_FAIL; BIGNUM *pubX = BN_new(); BIGNUM *pubY = BN_new(); do { @@ -153,7 +153,7 @@ static int32_t SaveKeyMaterialRsa(const RSA *rsa, const uint32_t keySize, struct keyMaterial->keySize = keySize; uint8_t tmpBuff[HKS_RSA_KEY_SIZE_4096] = {0}; - int32_t ret = CMR_ERROR_INVALID_OPERATION; + int32_t ret = CMR_ERROR_MEM_OPERATION_COPY; do { uint32_t offset = sizeof(*keyMaterial); keyMaterial->nSize = (uint32_t)BN_bn2bin(RSA_get0_n(rsa), tmpBuff); @@ -208,7 +208,7 @@ static int32_t SaveKeyMaterialCurve25519(uint32_t algType, const EVP_PKEY *pKey, CM_LOG_E("EVP_PKEY_get_raw_public_key failed"); (void)memset_s(buffer, totalSize, 0, totalSize); CMFree(buffer); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_OPENSSL_FAIL; } uint32_t pubKeyLen = (uint32_t)tmpPubKeyLen; @@ -217,7 +217,7 @@ static int32_t SaveKeyMaterialCurve25519(uint32_t algType, const EVP_PKEY *pKey, CM_LOG_E("EVP_PKEY_get_raw_private_key"); (void)memset_s(buffer, totalSize, 0, totalSize); CMFree(buffer); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_OPENSSL_FAIL; } uint32_t priKeyLen = (uint32_t)tmpPriKeyLen; @@ -240,7 +240,7 @@ static int32_t ImportRsaKey(const EVP_PKEY *priKey, const struct CmBlob *keyUri, const RSA *rsa = EVP_PKEY_get0_RSA((EVP_PKEY *)priKey); if (rsa == NULL) { CM_LOG_E("EVP_PKEY_get1_RSA error %s", ERR_reason_error_string(ERR_get_error())); - ret = CM_FAILURE; + ret = CMR_ERROR_OPENSSL_FAIL; break; } uint32_t keySize = ((uint32_t)RSA_size(rsa)) * CM_BITS_PER_BYTE; @@ -279,7 +279,7 @@ static int32_t ImportEccKey(const EVP_PKEY *priKey, const struct CmBlob *keyUri, const EC_KEY *eccKey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)priKey); if (eccKey == NULL) { CM_LOG_E("EVP_PKEY_get0_EC_KEY faild"); - ret = CM_FAILURE; + ret = CMR_ERROR_OPENSSL_FAIL; break; } @@ -358,7 +358,7 @@ static int32_t ImportKeyPair(const EVP_PKEY *priKey, const struct CmBlob *keyUri return CMR_ERROR_INVALID_CERT_FORMAT; default: CM_LOG_E("Import key type not suported"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_APP_CERT; } } @@ -409,7 +409,7 @@ static int32_t ConstructKeyUri( if (memcpy_s(keyUri->data, keyUri->size, commonUri.data, commonUri.size) != EOK) { CM_LOG_E("copy key uri failed"); - ret = CMR_ERROR_INVALID_OPERATION; + ret = CMR_ERROR_MEM_OPERATION_COPY; break; } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_list_mgr.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_list_mgr.c index 02e6237a52270dffa764a25427cee298fd015736..be5de095830be921e511a9e5d298553884550589 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_list_mgr.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_list_mgr.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -33,20 +33,20 @@ static int32_t CheckAuthListFileSizeValid(const struct CmBlob *originList, uint3 { if (originList->size < (sizeof(uint32_t) + sizeof(uint32_t))) { /* version and count size */ CM_LOG_E("invalid authlist size[%u]", originList->size); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_STORAGE; } uint32_t count = 0; (void)memcpy_s(&count, sizeof(count), originList->data + sizeof(uint32_t), sizeof(count)); if (count > MAX_OUT_BLOB_SIZE) { CM_LOG_E("invalid auth count[%u]", count); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } uint32_t size = sizeof(uint32_t) + sizeof(uint32_t) + sizeof(uint32_t) * count; if (originList->size != size) { CM_LOG_E("invalid auth list file size[%u], count[%u]", originList->size, count); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_STORAGE; } *authCount = count; @@ -99,7 +99,8 @@ static int32_t InsertUid(const struct CmBlob *originList, uint32_t uid, struct C } if (count >= MAX_AUTH_COUNT) { - return CMR_ERROR_INVALID_OPERATION; + CM_LOG_E("max granted uid count reached, count = %u", count); + return CMR_ERROR_MAX_GRANT_COUNT_REACHED; } uint32_t size = originList->size + sizeof(uint32_t); /* add one uid */ @@ -109,7 +110,7 @@ static int32_t InsertUid(const struct CmBlob *originList, uint32_t uid, struct C } do { - ret = CMR_ERROR_INVALID_OPERATION; + ret = CMR_ERROR_MEM_OPERATION_COPY; if (memcpy_s(data, size, originList->data, originList->size) != EOK) { CM_LOG_E("copy origin list failed"); break; @@ -159,7 +160,7 @@ static int32_t RemoveUid(const struct CmBlob *originList, uint32_t uid, struct C } do { - ret = CMR_ERROR_INVALID_OPERATION; + ret = CMR_ERROR_MEM_OPERATION_COPY; uint32_t beforeSize = position - sizeof(uint32_t); /* positon >= 12 */ if (memcpy_s(data, size, originList->data, beforeSize) != EOK) { CM_LOG_E("copy origin list before uid failed"); @@ -233,21 +234,21 @@ static int32_t InitAuthListBuf(uint32_t uid, struct CmBlob *authList) do { if (memcpy_s(data + offset, size - offset, &version, sizeof(version)) != EOK) { CM_LOG_E("copy count failed"); - ret = CMR_ERROR_INVALID_OPERATION; + ret = CMR_ERROR_MEM_OPERATION_COPY; break; } offset += sizeof(version); if (memcpy_s(data + offset, size - offset, &count, sizeof(count)) != EOK) { CM_LOG_E("copy count failed"); - ret = CMR_ERROR_INVALID_OPERATION; + ret = CMR_ERROR_MEM_OPERATION_COPY; break; } offset += sizeof(count); if (memcpy_s(data + offset, size - offset, &uid, sizeof(uid)) != EOK) { CM_LOG_E("copy uid failed"); - ret = CMR_ERROR_INVALID_OPERATION; + ret = CMR_ERROR_MEM_OPERATION_COPY; break; } } while (0); @@ -270,7 +271,7 @@ static int32_t RefreshAuthList(const char *path, const char *fileName, uint32_t } if (!isAuthListExist && !isAdd) { - CM_LOG_D("auth list file not exit when delete uid"); + CM_LOG_D("auth list file not exist when delete uid"); return CM_SUCCESS; /* auth list file not exit when delete uid */ } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c index e20eb8ce9f20038af534a30e20e9ce3d54744bd3..da710de8183a6b2e85bf6403424cc926aba595e4 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2024 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -76,14 +76,14 @@ static int32_t HexStringToByte(const char *hexStr, uint8_t *byte, uint32_t byteL uint32_t realHexLen = strlen(hexStr); /* odd number or len too small */ if ((realHexLen % BYTE_TO_HEX_OPER_LENGTH != 0) || (byteLen < realHexLen / BYTE_TO_HEX_OPER_LENGTH)) { - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } for (uint32_t i = 0; i < realHexLen / BYTE_TO_HEX_OPER_LENGTH; ++i) { uint8_t high = CharToHex(hexStr[i * BYTE_TO_HEX_OPER_LENGTH]); uint8_t low = CharToHex(hexStr[i * BYTE_TO_HEX_OPER_LENGTH + 1]); if ((high == OUT_OF_HEX) || (low == OUT_OF_HEX)) { - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } byte[i] = high << 4; /* 4: Set the high nibble */ byte[i] |= low; /* Set the low nibble */ @@ -102,7 +102,7 @@ static int32_t GetAndCheckUriObj(struct CMUri *uriObj, const struct CmBlob *uri, if ((uriObj->object == NULL) || (uriObj->user == NULL) || (uriObj->app == NULL) || (uriObj->type != type)) { CM_LOG_E("uri format invalid"); (void)CertManagerFreeUri(uriObj); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } return CM_SUCCESS; @@ -116,7 +116,7 @@ static int32_t CheckCallerIsProducer(const struct CmContext *context, const stru if (CmIsNumeric(uriObj->user, strlen(uriObj->user) + 1, &userId) != CM_SUCCESS || CmIsNumeric(uriObj->app, strlen(uriObj->app) + 1, &uid) != CM_SUCCESS) { CM_LOG_E("parse string to uint32 failed."); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } if ((userId == context->userId) && (uid == context->uid)) { @@ -124,13 +124,13 @@ static int32_t CheckCallerIsProducer(const struct CmContext *context, const stru return CM_SUCCESS; } - return CMR_ERROR_PERMISSION_DENIED; + return CMR_ERROR_NOT_PERMITTED; } static int32_t UintToString(uint32_t input, char *out, uint32_t outLen) { if (snprintf_s(out, outLen, outLen - 1, "%u", input) < 0) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } return CM_SUCCESS; } @@ -319,13 +319,13 @@ static int32_t GenerateAuthUri(const struct CMUri *uriObj, uint32_t clientUid, } if (authUri->size < tempAuthUri.size) { - CM_LOG_E("auth uri out size too small"); + CM_LOG_E("auth uri out size[%u] too small, need at least[%u]", authUri->size, tempAuthUri.size); ret = CMR_ERROR_BUFFER_TOO_SMALL; break; } if (memcpy_s(authUri->data, authUri->size, tempAuthUri.data, tempAuthUri.size) != EOK) { CM_LOG_E("copy auth uri failed"); - ret = CMR_ERROR_INVALID_OPERATION; + ret = CMR_ERROR_MEM_OPERATION_COPY; break; } authUri->size = tempAuthUri.size; @@ -429,7 +429,7 @@ int32_t CmAuthGetAuthorizedAppList(const struct CmContext *context, const struct } if (memcpy_s(appUidList->appUid, appUidList->appUidCount * sizeof(uint32_t), tempAppUidList.appUid, tempAppUidList.appUidCount * sizeof(uint32_t)) != EOK) { - ret = CMR_ERROR_INVALID_OPERATION; + ret = CMR_ERROR_MEM_OPERATION_COPY; break; } } @@ -447,7 +447,7 @@ static int32_t GetMacByteFromString(const char *macString, struct CmBlob *macByt { uint32_t size = strlen(macString) / BYTE_TO_HEX_OPER_LENGTH; if ((size == 0) || (size > MAX_OUT_BLOB_SIZE)) { - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } uint8_t *data = (uint8_t *)CMMalloc(size); @@ -472,7 +472,7 @@ static int32_t CheckIsAuthorizedApp(const struct CMUri *uriObj, enum CmAuthStora { if ((uriObj->clientApp == NULL) || (uriObj->mac == NULL)) { CM_LOG_E("invalid input auth uri"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } struct CmBlob macByte = { 0, NULL }; @@ -489,20 +489,20 @@ static int32_t CheckIsAuthorizedApp(const struct CMUri *uriObj, enum CmAuthStora if (CmIsNumeric(uriObj->clientApp, strlen(uriObj->clientApp) + 1, &clientUid) != CM_SUCCESS) { CM_LOG_E("parse string to uint32 failed."); CM_FREE_PTR(macByte.data); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } ret = CalcUriMac(uriObj, clientUid, &mac, false, level); if (ret != CM_SUCCESS) { CM_LOG_E("calc uri mac failed, ret = %d", ret); CM_FREE_PTR(macByte.data); - return CMR_ERROR_AUTH_CHECK_FAILED; + return CMR_ERROR_AUTH_FAILED_MAC_FAILED; } if ((macByte.size != mac.size) || (memcmp(macByte.data, mac.data, macByte.size) != 0)) { CM_LOG_E("mac size[%u] invalid or mac check failed", macByte.size); CM_FREE_PTR(macByte.data); - return CMR_ERROR_AUTH_CHECK_FAILED; + return CMR_ERROR_AUTH_FAILED_MAC_MISMATCH; } CM_FREE_PTR(macByte.data); @@ -754,18 +754,18 @@ static int32_t CheckCommonPermission(const struct CmContext *context, const stru if (uriObj->clientApp == NULL) { CM_LOG_E("invalid uri client app"); - return CMR_ERROR_PERMISSION_DENIED; + return CMR_ERROR_NOT_PERMITTED; } uint32_t clientUid = 0; if (CmIsNumeric(uriObj->clientApp, strlen(uriObj->clientApp) + 1, &clientUid) != CM_SUCCESS) { CM_LOG_E("parse string to uint32 failed."); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } if (clientUid != context->uid) { CM_LOG_E("caller uid not match client uid"); - return CMR_ERROR_PERMISSION_DENIED; + return CMR_ERROR_NOT_PERMITTED; } CM_LOG_D("caller may be authed app, need check"); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c index 3dde8b8d4dbaba51fdb505cdd3e85b43ac4675fa..e3ad6276cf49bd101f363a0b5fa3621e596bc387 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -47,7 +47,7 @@ int32_t CmServiceGetSystemCertListCheck(const uint32_t store) { if (store != CM_SYSTEM_TRUSTED_STORE) { CM_LOG_E("invalid input arguments store:%u", store); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE; } if (!CmHasCommonPermission()) { @@ -62,12 +62,12 @@ int32_t CmServiceGetSystemCertCheck(const uint32_t store, const struct CmBlob *c { if (store != CM_SYSTEM_TRUSTED_STORE) { CM_LOG_E("invalid input arguments store:%u", store); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE; } if (CheckUri(certUri) != CM_SUCCESS) { CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } if (!CmHasCommonPermission()) { @@ -82,17 +82,17 @@ int32_t CmServiceSetCertStatusCheck(const uint32_t store, const struct CmBlob *c { if (store != CM_SYSTEM_TRUSTED_STORE) { CM_LOG_E("invalid input arguments store:%u", store); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE; } if (CheckUri(certUri) != CM_SUCCESS) { CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } if ((status != 0) && (status != 1)) { CM_LOG_E("invalid input status:%u", status); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_STATUS; } if (!CmHasPrivilegedPermission() || !CmHasCommonPermission()) { @@ -112,12 +112,12 @@ static int32_t CmCheckAppCert(const struct CmBlob *appCert) { if (CmCheckBlob(appCert) != CM_SUCCESS) { CM_LOG_E("appCert blob is invalid"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_APP_CERT; } if (appCert->size > MAX_LEN_APP_CERT) { CM_LOG_E("appCert size max check fail, appCert size:%u", appCert->size); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_APP_CERT; } return CM_SUCCESS; } @@ -126,17 +126,17 @@ static int32_t CmCheckAppCertPwd(const struct CmBlob *appCertPwd) { if (CmCheckBlob(appCertPwd) != CM_SUCCESS) { CM_LOG_E("appCertPwd blob is invalid"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_APP_PWD; } if (appCertPwd->size > MAX_LEN_APP_CERT_PASSWD) { CM_LOG_E("appCertPwd size max check fail, appCertPwd size:%u", appCertPwd->size); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_APP_PWD; } if (CheckUri(appCertPwd) != CM_SUCCESS) { CM_LOG_E("appCertPwd data check fail"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_APP_PWD; } return CM_SUCCESS; } @@ -163,17 +163,17 @@ static int32_t CmCheckCertAlias(const struct CmBlob *certAlias, uint32_t store) { if (CmCheckBlob(certAlias) != CM_SUCCESS) { CM_LOG_E("certAlias blob is invalid"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_ALIAS; } if (certAlias->size > MAX_LEN_CERT_ALIAS) { CM_LOG_E("alias size is too large"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_ALIAS; } if ((store == CM_PRI_CREDENTIAL_STORE) && (certAlias->size > MAX_LEN_PRI_CRED_ALIAS)) { CM_LOG_E("pri_cred: alias size is too large"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_ALIAS; } if ((store != CM_PRI_CREDENTIAL_STORE) && (strcmp("", (char *)certAlias->data) == 0)) { @@ -183,7 +183,7 @@ static int32_t CmCheckCertAlias(const struct CmBlob *certAlias, uint32_t store) if (!AppCertCheckBlobValid(certAlias)) { CM_LOG_E("certAlias data check fail"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_ALIAS; } return CM_SUCCESS; } @@ -216,7 +216,7 @@ int32_t CmServiceInstallAppCertCheck(const struct CmAppCertParam *certParam, str if (CM_STORE_CHECK(certParam->store)) { CM_LOG_E("CmInstallAppCertCheck store check fail, store:%u", certParam->store); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE; } if (CM_LEVEL_CHECK(certParam->level)) { @@ -242,7 +242,7 @@ int32_t CmServiceInstallAppCertCheck(const struct CmAppCertParam *certParam, str if (certParam->store == CM_SYS_CREDENTIAL_STORE && !CmCheckUserIdAndUpdateContext(certParam->userId, &(cmContext->userId))) { CM_LOG_E("input userId is invalid"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_USER_ID; } if (!CmPermissionCheck(certParam->store)) { @@ -271,7 +271,7 @@ static int32_t CheckAndUpdateCallerAndUri(struct CmContext *cmContext, const str if ((uriObj.object == NULL) || (uriObj.user == NULL) || (uriObj.app == NULL) || (uriObj.type != type)) { CM_LOG_E("uri format is invalid"); (void)CertManagerFreeUri(&uriObj); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } uint32_t userId = 0; @@ -280,27 +280,27 @@ static int32_t CheckAndUpdateCallerAndUri(struct CmContext *cmContext, const str CmIsNumeric(uriObj.app, strlen(uriObj.app) + 1, &uid) != CM_SUCCESS) { CM_LOG_E("parse string to uint32 failed."); (void)CertManagerFreeUri(&uriObj); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } (void)CertManagerFreeUri(&uriObj); if (type == CM_URI_TYPE_SYS_KEY) { if ((cmContext->userId != 0) && (cmContext->userId != userId)) { CM_LOG_E("caller is hap, current user is %u, userid[%u] is invalid", cmContext->userId, userId); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_USER_ID; } } else if (type == CM_URI_TYPE_CERTIFICATE) { if ((cmContext->userId != 0) && (cmContext->userId != userId) && (userId != 0)) { CM_LOG_E("caller is hap, current user is %u, userid[%u] is invalid", cmContext->userId, userId); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_USER_ID; } } else { - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE; } if ((isCheckUid) && (cmContext->userId == 0) && (cmContext->uid != uid)) { CM_LOG_E("caller uid is not producer"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_UID; } cmContext->userId = userId; @@ -319,7 +319,7 @@ int32_t CmServiceGetUserCertInfoCheck(struct CmContext *cmContext, const struct if (CheckUri(uri) != CM_SUCCESS) { CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } return CheckAndUpdateCallerAndUri(cmContext, uri, type, isCheckUid); @@ -330,12 +330,12 @@ int32_t CmServiceUninstallAppCertCheck(struct CmContext *cmContext, { if (CM_STORE_CHECK(store)) { CM_LOG_E("invalid input arguments store:%u", store); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE; } if (CheckUri(keyUri) != CM_SUCCESS) { CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } if (!CmPermissionCheck(store)) { @@ -359,7 +359,7 @@ static int32_t CmGetSysAppCertListCheck(const struct CmContext *cmContext, const { if (cmContext->userId == 0) { CM_LOG_E("get sys app cert list: caller is not hap"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_USER_ID; } if (!CmHasCommonPermission()) { @@ -378,7 +378,7 @@ int32_t CmServiceGetAppCertListCheck(const struct CmContext *cmContext, const ui { if (CM_STORE_CHECK(store)) { CM_LOG_E("invalid input arguments store:%u", store); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE; } if (store == CM_SYS_CREDENTIAL_STORE) { @@ -402,7 +402,7 @@ int32_t CmServiceGetCallingAppCertListCheck(const struct CmContext *cmContext, c { if (CM_STORE_CHECK(store)) { CM_LOG_E("invalid input arguments store:%u", store); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE; } if (store == CM_SYS_CREDENTIAL_STORE) { @@ -435,12 +435,12 @@ int32_t CmServiceGetAppCertCheck(struct CmContext *cmContext, const uint32_t sto { if (CM_STORE_CHECK(store)) { CM_LOG_E("invalid input arguments store:%u", store); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE; } if (CheckUri(keyUri) != CM_SUCCESS) { CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } if (!CmHasCommonPermission()) { @@ -502,7 +502,7 @@ int32_t CmServiceInstallUserCertCheck(struct CmContext *cmContext, const struct if ((CmCheckBlob(userCert) != CM_SUCCESS) || userCert->size > MAX_LEN_CERTIFICATE) { CM_LOG_E("input params userCert is invalid"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_APP_CERT; } int32_t ret = CmCheckCertAlias(certAlias, CM_USER_TRUSTED_STORE); @@ -517,7 +517,7 @@ int32_t CmServiceInstallUserCertCheck(struct CmContext *cmContext, const struct if (!CmCheckAndUpdateCallerUserId(userId, &(cmContext->userId))) { CM_LOG_E("input userId is invalid"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_USER_ID; } return CM_SUCCESS; } @@ -531,7 +531,7 @@ int32_t CmServiceUninstallUserCertCheck(struct CmContext *cmContext, const struc if (CmCheckBlob(certUri) != CM_SUCCESS || CheckUri(certUri) != CM_SUCCESS) { CM_LOG_E("certUri is invalid"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } if (!CmHasEnterpriseUserTrustedPermission() && !CmHasUserTrustedPermission()) { @@ -566,7 +566,7 @@ int32_t CmServiceSetUserCertStatusCheck(struct CmContext *cmContext, const struc if (CmCheckBlob(certUri) != CM_SUCCESS || CheckUri(certUri) != CM_SUCCESS) { CM_LOG_E("certUri is invalid"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } int32_t ret = CheckAndUpdateCallerAndUri(cmContext, certUri, CM_URI_TYPE_CERTIFICATE, true); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_crypto_operation.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_crypto_operation.c index b432a28e048d535b96ef78a21fa6d61fec14f3e1..744a62a5b1987c921e29c02c69e5eab092b76efa 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_crypto_operation.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_crypto_operation.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2023 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -94,7 +94,7 @@ int32_t CmGetRandom(struct CmBlob *random) int ret = RAND_bytes(random->data, random->size); if (ret <= 0) { CM_LOG_E("Get random failed"); - return CMR_ERROR_KEY_OPERATION_FAILED; + return CMR_ERROR_OPENSSL_FAIL; } return CM_SUCCESS; @@ -111,13 +111,13 @@ int32_t CmGetHash(const struct CmBlob *inData, struct CmBlob *hash) const EVP_MD *opensslAlg = EVP_sha256(); if (opensslAlg == NULL) { CM_LOG_E("get openssl alg failed"); - return CMR_ERROR_KEY_OPERATION_FAILED; + return CMR_ERROR_OPENSSL_FAIL; } int32_t ret = EVP_Digest(inData->data, inData->size, hash->data, &hash->size, opensslAlg, NULL); if (ret <= 0) { CM_LOG_E("digest failed"); - return CMR_ERROR_KEY_OPERATION_FAILED; + return CMR_ERROR_OPENSSL_FAIL; } return CM_SUCCESS; } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file.c index 738ea74fca2621df12108f31ae9c5fd4ee83e451..1f6638f00e3b8dcff5a40a723b7e9f57ab1e3333 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -51,7 +51,7 @@ static int32_t GetNumberOfFiles(const char *path) void *dir = CmOpenDir(path); if (dir == NULL) { CM_LOG_W("can't open directory"); - return -1; + return CMR_ERROR_FILE_OPEN_DIR; } int32_t count = 0; @@ -85,12 +85,12 @@ static int32_t MallocFileNames(struct CmMutableBlob **fNames, const char *path, if (fileNums < 0) { CM_LOG_E("Failed to obtain number of files from: path"); - return CM_FAILURE; + return CMR_ERROR_FILE_OPEN_DIR; /* when open dir failed return value will smaller than 0 */ } if (fileNums > MAX_COUNT_CERTIFICATE) { CM_LOG_E("cert count %d beyond MAX", fileNums); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_MAX_CERT_COUNT_REACHED; } uint32_t bufSize = sizeof(struct CmMutableBlob) * (uint32_t)fileNums; @@ -112,7 +112,7 @@ static int32_t GetFileNames(const char *path, struct CmMutableBlob *fNames, uint void *d = CmOpenDir(path); if (d == NULL) { CM_LOG_E("Failed to open directory"); - return CM_FAILURE; + return CMR_ERROR_FILE_OPEN_DIR; } int32_t ret = CM_SUCCESS; @@ -137,7 +137,7 @@ static int32_t GetFileNames(const char *path, struct CmMutableBlob *fNames, uint (void)memset_s(fNames[i].data, nameSize, 0, nameSize); if (sprintf_s((char *)fNames[i].data, nameSize, "%s", dire.fileName) < 0) { CM_LOG_E("copy file name failed"); - ret = CM_FAILURE; + ret = CMR_ERROR_MEM_OPERATION_PRINT; break; } @@ -146,8 +146,8 @@ static int32_t GetFileNames(const char *path, struct CmMutableBlob *fNames, uint (void) CmCloseDir(d); if (i != fileCount) { - CM_LOG_E("get certfiles no enough"); - ret = CM_FAILURE; + CM_LOG_E("get certfiles no enough, i(%u), fileCount(%u)", i, fileCount); + ret = CMR_ERROR_CERT_COUNT_MISMATCH; } return ret; @@ -185,7 +185,7 @@ int32_t GetNumberOfDirs(const char *userIdPath) void *dir = CmOpenDir(userIdPath); if (dir == NULL) { CM_LOG_W("can't open directory"); - return CM_FAILURE; + return CMR_ERROR_FILE_OPEN_DIR; } int32_t fileCount = 0; diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c index 208bc864e3db0bc8ede4728c728408f643b26e36..5eecc4a5b750c3527b54d79b439291dc052422e7 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -33,21 +33,21 @@ static int32_t GetFileName(const char *path, const char *fileName, char *fullFil { if (path != NULL && strlen(path) > 0) { if (strncpy_s(fullFileName, fullFileNameLen, path, strlen(path)) != EOK) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } if (path[strlen(path) - 1] != '/') { if (strncat_s(fullFileName, fullFileNameLen, "/", strlen("/")) != EOK) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } } if (strncat_s(fullFileName, fullFileNameLen, fileName, strlen(fileName)) != EOK) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } } else { if (strncpy_s(fullFileName, fullFileNameLen, fileName, strlen(fileName)) != EOK) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } } return CMR_OK; @@ -153,7 +153,7 @@ static int32_t FileWrite(const char *fileName, uint32_t offset, const uint8_t *b (void)offset; char filePath[PATH_MAX + 1] = {0}; if (memcpy_s(filePath, sizeof(filePath) - 1, fileName, strlen(fileName)) != EOK) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } if (strstr(filePath, "../") != NULL) { CM_LOG_E("invalid filePath"); @@ -198,7 +198,7 @@ static int32_t FileRemove(const char *fileName) struct stat tmp; if (stat(fileName, &tmp) != 0) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_FILE_STAT; } if (S_ISDIR(tmp.st_mode)) { @@ -298,7 +298,7 @@ int32_t CmGetDirFile(void *dirp, struct CmFileDirentInfo *direntInfo) uint32_t len = strlen(dire->d_name); if (memcpy_s(direntInfo->fileName, sizeof(direntInfo->fileName) - 1, dire->d_name, len) != EOK) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } direntInfo->fileName[len] = '\0'; return CMR_OK; @@ -413,7 +413,7 @@ int32_t CmUidLayerGetFileCountAndNames(const char *path, struct CmBlob *fileName DIR *dir = opendir(path); if (dir == NULL) { CM_LOG_E("open uid layer dir failed"); - return CMR_ERROR_OPEN_FILE_FAIL; + return CMR_ERROR_FILE_OPEN_DIR; } int32_t ret = CM_SUCCESS; @@ -422,19 +422,19 @@ int32_t CmUidLayerGetFileCountAndNames(const char *path, struct CmBlob *fileName while (dire != NULL) { char uidPath[CM_MAX_FILE_NAME_LEN] = {0}; if (strncpy_s(uidPath, sizeof(uidPath), path, strlen(path)) != EOK) { - ret = CMR_ERROR_INVALID_OPERATION; + ret = CMR_ERROR_MEM_OPERATION_COPY; break; } if (uidPath[strlen(uidPath) - 1] != '/') { if (strncat_s(uidPath, sizeof(uidPath), "/", strlen("/")) != EOK) { - ret = CMR_ERROR_INVALID_OPERATION; + ret = CMR_ERROR_MEM_OPERATION_COPY; break; } } if (strncat_s(uidPath, sizeof(uidPath), dire->d_name, strlen(dire->d_name)) != EOK) { - ret = CMR_ERROR_INVALID_OPERATION; + ret = CMR_ERROR_MEM_OPERATION_COPY; break; } @@ -464,26 +464,26 @@ int32_t CmUserIdLayerGetFileCountAndNames(const char *path, struct CmBlob *fileN DIR *dir = opendir(path); if (dir == NULL) { CM_LOG_E("open userId layer dir failed"); - return CMR_ERROR_OPEN_FILE_FAIL; + return CMR_ERROR_FILE_OPEN_DIR; } struct dirent *dire = readdir(dir); while (dire != NULL) { (void)memset_s(userIdPath, CM_MAX_FILE_NAME_LEN, 0, CM_MAX_FILE_NAME_LEN); if (strncpy_s(userIdPath, sizeof(userIdPath), path, strlen(path)) != EOK) { closedir(dir); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } if (userIdPath[strlen(userIdPath) - 1] != '/') { if (strncat_s(userIdPath, sizeof(userIdPath), "/", strlen("/")) != EOK) { closedir(dir); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } } if (strncat_s(userIdPath, sizeof(userIdPath), dire->d_name, strlen(dire->d_name)) != EOK) { closedir(dir); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } if ((dire->d_type == DT_DIR) && (strcmp("..", dire->d_name) != 0) && (strcmp(".", dire->d_name) != 0)) { @@ -534,7 +534,7 @@ int32_t CmGetSubDir(void *dirp, struct CmFileDirentInfo *direntInfo) uint32_t dirLen = strlen(dire->d_name); if (memcpy_s(direntInfo->fileName, sizeof(direntInfo->fileName) - 1, dire->d_name, dirLen) != EOK) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } direntInfo->fileName[dirLen] = '\0'; return CMR_OK; @@ -551,7 +551,7 @@ static int32_t DirRemove(const char *path) struct stat tmp; if (stat(path, &tmp) != 0) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_FILE_STAT; } if (S_ISDIR(tmp.st_mode)) { diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_key_operation.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_key_operation.c index 9a791afdd59cf3542e9540ad6f16b86e9fa12795..b6e83734ccb6042355eb563d19ddcb81a91d2c1a 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_key_operation.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_key_operation.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -87,14 +87,14 @@ static int32_t AddUserIdParam(struct HksParamSet *paramSet, enum CmAuthStorageLe do { if (uriObj.user == NULL) { CM_LOG_E("uri format is invalid"); - ret = CMR_ERROR_INVALID_ARGUMENT; + ret = CMR_ERROR_INVALID_ARGUMENT_URI; break; } uint32_t userId = 0; if (CmIsNumeric(uriObj.user, strlen(uriObj.user) + 1, &userId) != CM_SUCCESS) { CM_LOG_E("parse string to uint32 failed."); - ret = CMR_ERROR_INVALID_ARGUMENT; + ret = CMR_ERROR_INVALID_ARGUMENT_URI; break; } /* If the caller is SA and the level is not EL1, @@ -122,27 +122,27 @@ static int32_t ConstructParamSet(const struct HksParam *params, uint32_t paramCo struct HksParamSet *paramSet = NULL; int32_t ret = HksInitParamSet(¶mSet); if (ret != HKS_SUCCESS) { - CM_LOG_E("init paramset failed"); + CM_LOG_E("init huks paramset failed, ret = %d", ret); return ret; } ret = AddUserIdParam(paramSet, level, uri); if (ret != HKS_SUCCESS) { - CM_LOG_E("add userid param failed"); + CM_LOG_E("add userid param failed, ret = %d", ret); HksFreeParamSet(¶mSet); return ret; } ret = HksAddParams(paramSet, params, paramCount); if (ret != HKS_SUCCESS) { - CM_LOG_E("add params failed"); + CM_LOG_E("add huks params failed, ret = %d", ret); HksFreeParamSet(¶mSet); return ret; } ret = HksBuildParamSet(¶mSet); if (ret != HKS_SUCCESS) { - CM_LOG_E("build paramSet failed"); + CM_LOG_E("build huks paramSet failed, ret = %d", ret); HksFreeParamSet(¶mSet); return ret; } @@ -193,7 +193,7 @@ int32_t CmKeyOpGenMacKey(const struct CmBlob *alias, enum CmAuthStorageLevel lev ¶mSet, level, alias); if (ret != CM_SUCCESS) { CM_LOG_E("construct gen mac key paramSet failed"); - return CMR_ERROR_KEY_OPERATION_FAILED; + return CMR_ERROR_KEY_GENERATE_PARAM_FAILED; } struct HksBlob keyAlias = { alias->size, alias->data }; @@ -211,7 +211,7 @@ int32_t CmKeyOpGenMacKey(const struct CmBlob *alias, enum CmAuthStorageLevel lev HksFreeParamSet(¶mSet); if (ret != HKS_SUCCESS) { CM_LOG_E("hks generate key failed, ret = %d", ret); - return CMR_ERROR_KEY_OPERATION_FAILED; + return CMR_ERROR_KEY_GENERATE_FAILED; } return CM_SUCCESS; } @@ -226,7 +226,7 @@ int32_t CmKeyOpGenMacKeyIfNotExist(const struct CmBlob *alias) CM_AUTH_STORAGE_LEVEL_EL1, alias); if (ret != CM_SUCCESS) { CM_LOG_E("Failed to construct key exist paramSet"); - return CMR_ERROR_KEY_OPERATION_FAILED; + return CMR_ERROR_KEY_CHECK_EXIST_PARAM_FAILED; } struct HksBlob keyAlias = { alias->size, alias->data }; @@ -247,7 +247,7 @@ int32_t CmKeyOpGenMacKeyIfNotExist(const struct CmBlob *alias) } if (ret != HKS_ERROR_NOT_EXIST) { CM_LOG_E("find mac key failed, ret = %d", ret); - return CMR_ERROR_KEY_OPERATION_FAILED; + return CMR_ERROR_KEY_CHECK_EXIST_FAILED; } return CmKeyOpGenMacKey(alias, CM_AUTH_STORAGE_LEVEL_EL1); @@ -305,7 +305,7 @@ int32_t CmKeyOpCalcMac(const struct CmBlob *alias, const struct CmBlob *srcData, level, alias); if (ret != CM_SUCCESS) { CM_LOG_E("construct mac init paramSet failed"); - return CMR_ERROR_KEY_OPERATION_FAILED; + return CMR_ERROR_KEY_MAC_PARAM_FAILED; } do { @@ -324,6 +324,7 @@ int32_t CmKeyOpCalcMac(const struct CmBlob *alias, const struct CmBlob *srcData, ret = HksInit(&keyAlias, paramSet, &handle, NULL); if (ret != HKS_SUCCESS) { CM_LOG_E("mac calc init failed, ret = %d", ret); + ret = CMR_ERROR_KEY_MAC_INIT_FAILED; break; } @@ -332,13 +333,14 @@ int32_t CmKeyOpCalcMac(const struct CmBlob *alias, const struct CmBlob *srcData, ret = HksFinish(&handle, paramSet, &inData, &outMac); if (ret != HKS_SUCCESS) { CM_LOG_E("mac calc finish failed, ret = %d", ret); + ret = CMR_ERROR_KEY_MAC_FINISH_FAILED; break; } mac->size = outMac.size; } while (0); HksFreeParamSet(¶mSet); - return (ret == HKS_SUCCESS) ? CM_SUCCESS : CMR_ERROR_KEY_OPERATION_FAILED; + return ret; } int32_t CmKeyOpImportKey(const struct CmBlob *alias, const struct CmKeyProperties *properties, @@ -358,7 +360,7 @@ int32_t CmKeyOpImportKey(const struct CmBlob *alias, const struct CmKeyPropertie properties->level, alias); if (ret != CM_SUCCESS) { CM_LOG_E("construct import key paramSet failed"); - return CMR_ERROR_KEY_OPERATION_FAILED; + return CMR_ERROR_KEY_IMPORT_PARAM_FAILED; } struct HksBlob keyAlias = { alias->size, alias->data }; @@ -377,7 +379,7 @@ int32_t CmKeyOpImportKey(const struct CmBlob *alias, const struct CmKeyPropertie HksFreeParamSet(¶mSet); if (ret != HKS_SUCCESS) { CM_LOG_E("hks import key failed, ret = %d", ret); - return CMR_ERROR_KEY_OPERATION_FAILED; + return CMR_ERROR_KEY_IMPORT_FAILED; } return CM_SUCCESS; } @@ -572,7 +574,7 @@ static int32_t ServiceSignVerifyUpdate(const struct CmBlob *handle, const struct if (ret != HKS_SUCCESS) { CM_LOG_E("huks update fail, ret = %d", ret); CmDeleteSession(handle); - return CMR_ERROR_KEY_OPERATION_FAILED; + return CMR_ERROR_KEY_UPDATE_FAILED; } return CM_SUCCESS; } @@ -588,7 +590,7 @@ static int32_t ServiceSignVerifyFinish(const struct CmBlob *handle, const struct CmDeleteSession(handle); if (ret != HKS_SUCCESS) { CM_LOG_E("huks finish fail, ret = %d", ret); - return CMR_ERROR_KEY_OPERATION_FAILED; + return CMR_ERROR_KEY_FINISH_FAILED; } outData->size = outDataHks.size; return CM_SUCCESS; @@ -602,7 +604,7 @@ static int32_t ServiceSignVerifyAbort(const struct CmBlob *handle, const struct CmDeleteSession(handle); if (ret != HKS_SUCCESS) { CM_LOG_E("huks abort fail, ret = %d", ret); - return CMR_ERROR_KEY_OPERATION_FAILED; + return CMR_ERROR_KEY_ABORT_FAILED; } return CM_SUCCESS; } @@ -614,7 +616,7 @@ int32_t CmKeyOpInit(const struct CmContext *context, const struct CmBlob *alias, int32_t ret = ConstructInitParamSet(alias, spec, ¶mSet, level); if (ret != CM_SUCCESS) { CM_LOG_E("construct init paramSet failed, ret = %d", ret); - return ret; + return CMR_ERROR_KEY_INIT_PARAM_FAILED; } do { @@ -631,6 +633,7 @@ int32_t CmKeyOpInit(const struct CmContext *context, const struct CmBlob *alias, ret = HksInit(&keyAlias, paramSet, &handleOut, NULL); if (ret != HKS_SUCCESS) { CM_LOG_E("Huks init failed, ret = %d", ret); + ret = CMR_ERROR_KEY_INIT_FAILED; break; } handle->size = handleOut.size; @@ -644,7 +647,7 @@ int32_t CmKeyOpInit(const struct CmContext *context, const struct CmBlob *alias, } while (0); HksFreeParamSet(¶mSet); - return (ret == HKS_SUCCESS) ? CM_SUCCESS : CMR_ERROR_KEY_OPERATION_FAILED; + return ret; } int32_t CmKeyOpProcess(enum CmSignVerifyCmd cmdId, const struct CmContext *context, const struct CmBlob *handle, @@ -666,7 +669,7 @@ int32_t CmKeyOpProcess(enum CmSignVerifyCmd cmdId, const struct CmContext *conte if (ret != CM_SUCCESS) { CM_LOG_E("Failed to construct paramSet"); CmDeleteSession(handle); - return CMR_ERROR_KEY_OPERATION_FAILED; + return CMR_ERROR_KEY_PROCESS_PARAM_FAILED; } switch (cmdId) { diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_query.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_query.c index 8224bc3759953a7672f31dbfbf78e36117ac0de6..7e895a02b087814506a38de247bdec50e4debd8a 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_query.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_query.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -62,7 +62,7 @@ static int32_t ConstrutPathList(const char *useridPath, struct CmMutableBlob *cP void *d = CmOpenDir(useridPath); if (d == NULL) { CM_LOG_E("Failed to open directory"); - return CM_FAILURE; + return CMR_ERROR_FILE_OPEN_DIR; } uint32_t dealCert = 0; @@ -76,7 +76,7 @@ static int32_t ConstrutPathList(const char *useridPath, struct CmMutableBlob *cP char pathBuf[MAX_PATH_LEN] = {0}; if (sprintf_s(pathBuf, MAX_PATH_LEN, "%s/%s", useridPath, dire.fileName) < 0) { CM_LOG_E("copy uid path failed"); - ret = CM_FAILURE; + ret = CMR_ERROR_MEM_OPERATION_PRINT; break; } @@ -86,7 +86,7 @@ static int32_t ConstrutPathList(const char *useridPath, struct CmMutableBlob *cP } if (sprintf_s((char *)cPathList[dealCert].data, cPathList[dealCert].size, "%s", pathBuf) < 0) { - ret = CM_FAILURE; + ret = CMR_ERROR_MEM_OPERATION_PRINT; break; } dealCert++; @@ -94,7 +94,8 @@ static int32_t ConstrutPathList(const char *useridPath, struct CmMutableBlob *cP (void) CmCloseDir(d); if (dealCert != dirCount) { /* real dir count less than dirCount */ - ret = CM_FAILURE; + CM_LOG_E("cert count mismatch, dealCert(%u), dirCount(%u)", dealCert, dirCount); + ret = CMR_ERROR_CERT_COUNT_MISMATCH; } return ret; } @@ -104,7 +105,7 @@ static int32_t CreateCertPathList(const char *useridPath, struct CmMutableBlob * int32_t uidCount = GetNumberOfDirs(useridPath); if (uidCount < 0) { CM_LOG_E("Failed to obtain number of uid from path"); - return CM_FAILURE; + return CMR_ERROR_FILE_OPEN_DIR; /* when open dir failed return value will smaller than 0 */ } if (uidCount == 0) { @@ -112,8 +113,8 @@ static int32_t CreateCertPathList(const char *useridPath, struct CmMutableBlob * } if (uidCount > MAX_COUNT_CERTIFICATE) { - CM_LOG_E("uidCount beyond max"); - return CM_FAILURE; + CM_LOG_E("uidCount beyond max, uidCount: %d", uidCount); + return CMR_ERROR_MAX_CERT_COUNT_REACHED; } uint32_t arraySize = sizeof(struct CmMutableBlob) * (uint32_t)uidCount; @@ -177,7 +178,7 @@ int32_t CmGetSysCertPathList(const struct CmContext *context, struct CmMutableBl if (sprintf_s((char *)cPathList[0].data, cPathList[0].size, "%s", SYSTEM_CA_STORE) < 0) { CM_LOG_E("sprintf_s path failed"); CmFreePathList(cPathList, sysPathCnt); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } pathList->data = (uint8_t *)cPathList; @@ -262,13 +263,13 @@ static int32_t CreateCertFile(struct CertFileInfo *cFileList, const char *path, if (fileNums < 0) { CM_LOG_E("Failed to obtain number of files"); - return CM_FAILURE; + return CMR_ERROR_FILE_OPEN_DIR; /* when open dir failed return value will smaller than 0 */ } void *isOpen = CmOpenDir(path); if (isOpen == NULL) { CM_LOG_E("Failed to open directory"); - return CM_FAILURE; + return CMR_ERROR_FILE_OPEN_DIR; } int32_t ret; @@ -292,7 +293,8 @@ static int32_t CreateCertFile(struct CertFileInfo *cFileList, const char *path, uint32_t realCount = getCount - *certCount; *certCount += realCount; if (realCount != (uint32_t)fileNums) { - return CM_FAILURE; + CM_LOG_E("cert count mismatch, realCount(%u), fileCount(%d)", realCount, fileNums); + return CMR_ERROR_CERT_COUNT_MISMATCH; } return ret; } @@ -373,7 +375,7 @@ static int32_t GetUserCertAlias(const char *uri, struct CmBlob *alias) if (certUri.object == NULL) { CM_LOG_E("uri's object is invalid after decode"); (void)CertManagerFreeUri(&certUri); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } struct CertProperty certProperty; @@ -390,12 +392,12 @@ static int32_t GetUserCertAlias(const char *uri, struct CmBlob *alias) size = strlen(certUri.object) + 1; if (memcpy_s(alias->data, size, certUri.object, size) != EOK) { (void)CertManagerFreeUri(&certUri); - return CM_FAILURE; + return CMR_ERROR_MEM_OPERATION_COPY; } } else { if (memcpy_s(alias->data, size, (uint8_t *)certProperty.alias, size) != EOK) { (void)CertManagerFreeUri(&certUri); - return CM_FAILURE; + return CMR_ERROR_MEM_OPERATION_COPY; } } alias->size = size; @@ -408,16 +410,16 @@ static int32_t GetSysCertAlias(const struct CmBlob *certData, struct CmBlob *ali X509 *cert = InitCertContext(certData->data, certData->size); if (cert == NULL) { CM_LOG_E("cert data can't convert x509 format"); - return CM_FAILURE; + return CMR_ERROR_INVALID_CERT_FORMAT; } int32_t aliasLen = GetX509SubjectName(cert, CM_ORGANIZATION_NAME, (char *)alias->data, alias->size); if (aliasLen <= 0) { aliasLen = GetX509SubjectName(cert, CM_COMMON_NAME, (char *)alias->data, alias->size); if (aliasLen <= 0) { - CM_LOG_E("Failed to get certificates CN name"); + CM_LOG_E("Failed to get certificates CN name, aliasLen = %d", aliasLen); FreeCertContext(cert); - return CM_FAILURE; + return CMR_ERROR_GET_CERT_SUBJECT_ITEM; } } alias->size = (uint32_t)aliasLen + 1; @@ -436,7 +438,7 @@ int32_t CmGetCertAlias(const uint32_t store, const char *uri, const struct CmBlo ret = GetSysCertAlias(certData, alias); } else { CM_LOG_E("Invalid store"); - return CM_FAILURE; + return CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE; } if (ret != CM_SUCCESS) { @@ -452,14 +454,14 @@ static int32_t CmGetCertSubjectName(const struct CmBlob *certData, struct CmBlob X509 *cert = InitCertContext(certData->data, certData->size); if (cert == NULL) { CM_LOG_E("cert data can't convert x509 format"); - return CM_FAILURE; + return CMR_ERROR_INVALID_CERT_FORMAT; } - int32_t subjectLen = GetX509SubjectNameLongFormat(cert, (char *)subjectName->data, MAX_LEN_SUBJECT_NAME); + int32_t subjectLen = GetX509SubjectNameLongFormat(cert, (char *)subjectName->data, subjectName->size); if (subjectLen <= 0) { - CM_LOG_E("get cert subjectName failed"); + CM_LOG_E("get cert subjectName failed, subjectLen = %d", subjectLen); FreeCertContext(cert); - return CM_FAILURE; + return CMR_ERROR_GET_CERT_SUBJECT_ITEM; } subjectName->size = (uint32_t)subjectLen + 1; @@ -489,7 +491,7 @@ static int32_t GetCertContext(const struct CmBlob *fileName, struct CmContext *c CmIsNumeric(uriObj.app, strlen(uriObj.app) + 1, &uid) != CM_SUCCESS) { CM_LOG_E("parse string to uint32 failed."); (void)CertManagerFreeUri(&uriObj); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } (void)CertManagerFreeUri(&uriObj); @@ -521,13 +523,13 @@ int32_t CmGetCertListInfo(const struct CmContext *context, uint32_t store, ret = CmGetCertStatus(&certContext, &cFileList[i], store, &status[i]); /* status */ if (ret != CM_SUCCESS) { CM_LOG_E("Failed to get cert status"); - return CM_FAILURE; + return CMR_ERROR_GET_CERT_STATUS; } if (memcpy_s(certBlob->uri[i].data, MAX_LEN_URI, cFileList[i].fileName.data, cFileList[i].fileName.size) != EOK) { CM_LOG_E("Failed to get cert uri"); - return CM_FAILURE; + return CMR_ERROR_MEM_OPERATION_COPY; } certBlob->uri[i].size = cFileList[i].fileName.size; /* uri */ @@ -536,20 +538,20 @@ int32_t CmGetCertListInfo(const struct CmContext *context, uint32_t store, ret = CmStorageGetBuf((char *)cFileList[i].path.data, (char *)cFileList[i].fileName.data, &certData); if (ret != CM_SUCCESS) { CM_LOG_E("get cert data failed"); - return CM_FAILURE; + return ret; } ret = CmGetCertAlias(store, (char *)cFileList[i].fileName.data, &certData, &(certBlob->certAlias[i])); /* alias */ if (ret != CM_SUCCESS) { CM_FREE_BLOB(certData); - return CM_FAILURE; + return ret; } ret = CmGetCertSubjectName(&certData, &(certBlob->subjectName[i])); /* subjectName */ if (ret != CM_SUCCESS) { CM_FREE_BLOB(certData); - return CM_FAILURE; + return ret; } CM_FREE_BLOB(certData); } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c index ef9f78cd4fc7326b6667640eaf724ea57fbbd2e9..c36ae2eca8f181653a02d7900cb0d04b33c6c4e3 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2024 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -103,12 +103,12 @@ static int32_t GetPublicAppCert(const struct CmContext *context, uint32_t store, /* remove authinfo from uri */ if (keyUri->size < commonUri.size) { CM_LOG_E("keyUri size[%u] smaller than commonUri size[%u]", keyUri->size, commonUri.size); - ret = CMR_ERROR_INVALID_ARGUMENT; + ret = CMR_ERROR_BUFFER_TOO_SMALL; break; } if (memcpy_s(keyUri->data, keyUri->size, commonUri.data, commonUri.size) != EOK) { CM_LOG_E("copy keyUri failed"); - ret = CMR_ERROR_INVALID_OPERATION; + ret = CMR_ERROR_MEM_OPERATION_COPY; break; } keyUri->size = commonUri.size; @@ -156,7 +156,7 @@ int32_t CmServiceGrantAppCertificate(const struct CmContext *context, const stru { if (CheckUri(keyUri) != CM_SUCCESS || CmCheckBlob(authUri) != CM_SUCCESS || context == NULL) { CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } int32_t ret = CheckPermission(true, true); @@ -172,7 +172,7 @@ int32_t CmServiceGetAuthorizedAppList(const struct CmContext *context, const str { if (CheckUri(keyUri) != CM_SUCCESS) { CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } int32_t ret = CheckPermission(true, true); @@ -202,7 +202,7 @@ int32_t CmServiceRemoveGrantedApp(const struct CmContext *context, const struct { if (CheckUri(keyUri) != CM_SUCCESS) { CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } int32_t ret = CheckPermission(true, true); @@ -225,7 +225,7 @@ static int32_t CheckAndGetStore(const struct CmContext *context, const struct Cm if ((uriObj.object == NULL) || (uriObj.user == NULL) || (uriObj.app == NULL)) { CM_LOG_E("uri format invalid"); (void)CertManagerFreeUri(&uriObj); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } uint32_t type = uriObj.type; @@ -233,7 +233,7 @@ static int32_t CheckAndGetStore(const struct CmContext *context, const struct Cm if (CmIsNumeric(uriObj.user, strlen(uriObj.user) + 1, &userId) != CM_SUCCESS) { CM_LOG_E("parse string to uint32 failed."); (void)CertManagerFreeUri(&uriObj); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } (void)CertManagerFreeUri(&uriObj); @@ -245,7 +245,7 @@ static int32_t CheckAndGetStore(const struct CmContext *context, const struct Cm if (context->userId != 0 && context->userId != userId) { CM_LOG_E("uri check userId failed"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_USER_ID; } *store = CM_SYS_CREDENTIAL_STORE; @@ -257,9 +257,14 @@ static int32_t CheckAndGetStore(const struct CmContext *context, const struct Cm int32_t CmServiceInit(const struct CmContext *context, const struct CmBlob *authUri, const struct CmSignatureSpec *spec, struct CmBlob *handle) { - if (CheckUri(authUri) != CM_SUCCESS || CmCheckBlob(handle) != CM_SUCCESS) { - CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; + if (CheckUri(authUri) != CM_SUCCESS) { + CM_LOG_E("invalid input arguments uri"); + return CMR_ERROR_INVALID_ARGUMENT_URI; + } + + if (CmCheckBlob(handle) != CM_SUCCESS) { + CM_LOG_E("invalid input arguments handle"); + return CMR_ERROR_INVALID_ARGUMENT_HANDLE; } int32_t ret = CheckPermission(false, true); @@ -297,7 +302,12 @@ int32_t CmServiceInit(const struct CmContext *context, const struct CmBlob *auth int32_t CmServiceUpdate(const struct CmContext *context, const struct CmBlob *handle, const struct CmBlob *inData) { - if (CmCheckBlob(handle) != CM_SUCCESS || CmCheckBlob(inData) != CM_SUCCESS) { + if (CmCheckBlob(handle) != CM_SUCCESS) { + CM_LOG_E("invalid input arguments"); + return CMR_ERROR_INVALID_ARGUMENT_HANDLE; + } + + if (CmCheckBlob(inData) != CM_SUCCESS) { CM_LOG_E("invalid input arguments"); return CMR_ERROR_INVALID_ARGUMENT; } @@ -315,7 +325,7 @@ int32_t CmServiceFinish(const struct CmContext *context, const struct CmBlob *ha { if (CmCheckBlob(handle) != CM_SUCCESS) { /* inData.data and outData.data can be null */ CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_HANDLE; } int32_t ret = CheckPermission(false, true); @@ -330,7 +340,7 @@ int32_t CmServiceAbort(const struct CmContext *context, const struct CmBlob *han { if (CmCheckBlob(handle) != CM_SUCCESS) { CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_HANDLE; } int32_t ret = CheckPermission(false, true); @@ -365,7 +375,7 @@ static int32_t MergeUserPathList(const struct CmMutableBlob *callerPathList, if (uidCount > MAX_COUNT_CERTIFICATE_ALL) { CM_LOG_E("uid count beyond MAX"); - return CM_FAILURE; + return CMR_ERROR_MAX_CERT_COUNT_REACHED; } uint32_t memSize = sizeof(struct CmMutableBlob) * uidCount; @@ -529,7 +539,7 @@ int32_t CmServiceGetCertList(const struct CmContext *context, const struct UserC uint32_t scope = prop->scope; if (scope != CM_ALL_USER && scope != CM_CURRENT_USER && scope != CM_GLOBAL_USER) { CM_LOG_E("The scope is incorrect"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_SCOPE; } int32_t ret = CM_SUCCESS; @@ -540,7 +550,7 @@ int32_t CmServiceGetCertList(const struct CmContext *context, const struct UserC if (context->userId != 0 && prop->userId != INIT_INVALID_VALUE) { /* if caller is hap, the target userid must be invalid */ CM_LOG_E("The target userid is incorrect"); - ret = CMR_ERROR_INVALID_ARGUMENT; + ret = CMR_ERROR_INVALID_ARGUMENT_USER_ID; break; } /* get all uid path for caller and system service */ @@ -556,7 +566,7 @@ int32_t CmServiceGetCertList(const struct CmContext *context, const struct UserC break; } } else { - ret = CM_FAILURE; + ret = CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE; CM_LOG_E("Invalid store"); break; } @@ -654,7 +664,7 @@ int32_t CmServiceGetCertInfo(struct CmContext *context, const struct CmBlob *cer { if (CmCheckBlob(certUri) != CM_SUCCESS || CheckUri(certUri) != CM_SUCCESS) { CM_LOG_E("input params invalid"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } int32_t ret = CM_SUCCESS; @@ -672,7 +682,7 @@ int32_t CmServiceGetCertInfo(struct CmContext *context, const struct CmBlob *cer } } else { CM_LOG_E("Invalid store"); - ret = CM_FAILURE; + ret = CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE; } return ret; } @@ -685,20 +695,20 @@ int32_t CmX509ToPEM(const X509 *x509, struct CmBlob *userCertPem) BIO *bio = BIO_new(BIO_s_mem()); if (!bio) { CM_LOG_E("BIO_new failed!"); - return CM_FAILURE; + return CMR_ERROR_OPENSSL_FAIL; } do { if (PEM_write_bio_X509(bio, (X509 *)x509) == 0) { CM_LOG_E("Error writing PEM"); - ret = CM_FAILURE; + ret = CMR_ERROR_OPENSSL_FAIL; break; } long pemCertLen = BIO_get_mem_data(bio, &pemCert); if (pemCertLen <= 0) { perror("Error getting PEM data"); - ret = CM_FAILURE; + ret = CMR_ERROR_OPENSSL_FAIL; break; } @@ -725,7 +735,7 @@ static int32_t TryBackupUserCert(const struct CmContext *context, const struct C if (CmRemoveUserCert(pathBlob, certUri) != CM_SUCCESS) { CM_LOG_E("CmBackupUserCert fail and CmRemoveUserCert fail"); } - return CM_FAILURE; + return ret; } return ret; } @@ -824,7 +834,7 @@ static int32_t CmComparisonCallerIdWithUri(const struct CmContext *context, (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); if (CheckUri(certUri) != CM_SUCCESS) { CM_LOG_E("cert uri no end"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } int32_t ret = CertManagerUriDecode(&uriObj, (char *)certUri->data); @@ -833,35 +843,35 @@ static int32_t CmComparisonCallerIdWithUri(const struct CmContext *context, return ret; } - if (uriObj.user == NULL) { - CM_LOG_E("uri user invalid"); - (void)CertManagerFreeUri(&uriObj); - return CMR_ERROR_INVALID_ARGUMENT; - } - uint32_t userId = 0; - if (CmIsNumeric(uriObj.user, strlen(uriObj.user) + 1, &userId) != CM_SUCCESS) { - CM_LOG_E("parse string to uint32 failed."); - (void)CertManagerFreeUri(&uriObj); - return CMR_ERROR_INVALID_ARGUMENT; - } + ret = CMR_ERROR_INVALID_ARGUMENT_URI; + do { + if (uriObj.user == NULL) { + CM_LOG_E("uri user invalid"); + break; + } + uint32_t userId = 0; + if (CmIsNumeric(uriObj.user, strlen(uriObj.user) + 1, &userId) != CM_SUCCESS) { + CM_LOG_E("parse string to uint32 failed."); + break; + } - if (uriObj.app == NULL) { - CM_LOG_E("uri app invalid"); - (void)CertManagerFreeUri(&uriObj); - return CMR_ERROR_INVALID_ARGUMENT; - } - uint32_t uid = 0; - if (CmIsNumeric(uriObj.app, strlen(uriObj.app) + 1, &uid) != CM_SUCCESS) { - CM_LOG_E("parse string to uint32 failed."); - (void)CertManagerFreeUri(&uriObj); - return CMR_ERROR_INVALID_ARGUMENT; - } + if (uriObj.app == NULL) { + CM_LOG_E("uri app invalid"); + break; + } + uint32_t uid = 0; + if (CmIsNumeric(uriObj.app, strlen(uriObj.app) + 1, &uid) != CM_SUCCESS) { + CM_LOG_E("parse string to uint32 failed."); + break; + } - if ((context->userId == userId) && (context->uid == uid)) { - ret = CM_SUCCESS; - } else { - ret = CMR_ERROR_INVALID_ARGUMENT; - } + if ((context->userId == userId) && (context->uid == uid)) { + ret = CM_SUCCESS; + break; + } + + CM_LOG_E("userid(%u) or uid(%u) is mismatch, uri: userid(%u), uid(%u)", userId, uid); + } while (0); (void)CertManagerFreeUri(&uriObj); return ret; @@ -880,7 +890,7 @@ int32_t CmRmUserCert(const char *usrCertConfigFilepath) size = CmFileRead(NULL, usrCertConfigFilepath, 0, usrCertBackupFilePath, CERT_MAX_PATH_LEN); if (size == 0) { CM_LOG_E("CmFileRead read size 0 invalid ,fail"); - return CM_FAILURE; + return CMR_ERROR_READ_FILE_ERROR; } ret = CmFileRemove(NULL, (const char *)usrCertBackupFilePath); @@ -906,7 +916,7 @@ int32_t CmUninstallUserCert(const struct CmContext *context, const struct CmBlob { if (CmCheckBlob(certUri) != CM_SUCCESS || CheckUri(certUri) != CM_SUCCESS) { CM_LOG_E("input params invalid"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } int32_t ret = CM_SUCCESS; @@ -986,7 +996,7 @@ int32_t CmServiceSetCertStatus(const struct CmContext *context, const struct CmB { if (CmCheckBlob(certUri) != CM_SUCCESS || CheckUri(certUri) != CM_SUCCESS) { CM_LOG_E("input params invalid"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } return SetcertStatus(context, certUri, store, status, NULL); } @@ -1001,7 +1011,7 @@ int32_t CmSetStatusBackupCert( ret = IsCertNeedBackup(context->userId, context->uid, certUri, &needUpdate); if (ret != CM_SUCCESS) { CM_LOG_E("Check cert is need update failed, ret = %d", ret); - return CMR_ERROR_INVALID_OPERATION; + return ret; } else if (needUpdate == false) { /* No need to update */ return CM_SUCCESS; diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_status.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_status.c index 469745550bbc7acddc2a8a3889371140470fa006..bb71a68b4637e31042f661859903cf27b45c8010 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_status.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_status.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -753,49 +753,12 @@ static int32_t CertManagerStatus(const struct CmContext *context, struct RbTree return rc; } -static int32_t CertManagerIsCallerPrivileged(const struct CmContext *context) -{ - (void) context; - return CMR_OK; -} - -static int32_t CertManagerCheckStorePermission(const struct CmContext *context, uint32_t store, bool statusOnly) -{ - /* System Store is read-only therefore we don't even try to use it. */ - if (store == CM_SYSTEM_TRUSTED_STORE) { - if (!statusOnly) { - CM_LOG_E("Storege type %u should be read on;y\n", store); - return CMR_ERROR_NOT_PERMITTED; - } else if (CertManagerIsCallerPrivileged(context) != CMR_OK) { - CM_LOG_W("Only privileged caller can change status in system stores.\n"); - return CMR_ERROR_NOT_PERMITTED; - } - } else if (store == CM_CREDENTIAL_STORE) { - CM_LOG_E("Credential certificates should be set via CertManagerIsCallerPrivileged\n"); - return CMR_ERROR_NOT_SUPPORTED; - } else if (store == CM_USER_TRUSTED_STORE) { - /* only priviled callers can update the user store */ - if (CertManagerIsCallerPrivileged(context) != CMR_OK) { - CM_LOG_W("Only privileged caller can modify user stores.\n"); - return CMR_ERROR_NOT_PERMITTED; - } - } else if (store == CM_PRI_CREDENTIAL_STORE) { - /* no additional checks here. context->caller can remove its own */ - } else { - CM_LOG_W("Invalid store type. Only a single store should be indicated: %u\n", store); - return CMR_ERROR_INVALID_ARGUMENT; - } - - return CMR_OK; -} - static int32_t CertManagerStatusFile(const struct CmContext *context, struct CertFile certFile, uint32_t store, const uint32_t status, uint32_t *stp) { ASSERT_ARGS(context && certFile.path && certFile.fileName); ASSERT_ARGS(certFile.path->size && certFile.path->data && certFile.fileName->size && certFile.fileName->data); ASSERT_ARGS((status <= CERT_STATUS_MAX || stp != NULL)); - ASSERT_FUNC(CertManagerCheckStorePermission(context, store, true)); int rc = CMR_OK; uint32_t oldStatus = 0; diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_storage.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_storage.c index ca7d5bf90bfc16a1a99ad8a2e6a307e252bb52b4..acec8167de9c614ce58421212c339f5401130ae9 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_storage.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_storage.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2024 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -47,12 +47,12 @@ int32_t GetRootPath(uint32_t store, char *rootPath, uint32_t pathLen) ret = memcpy_s(rootPath, pathLen - 1, SYS_CREDNTIAL_STORE, strlen(SYS_CREDNTIAL_STORE)); break; default: - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE; } if (ret != EOK) { CM_LOG_E("copy path failed, store = %u", store); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } return CM_SUCCESS; @@ -69,7 +69,7 @@ int32_t ConstructUserIdPath(const struct CmContext *context, uint32_t store, if (snprintf_s(userIdPath, pathLen, pathLen - 1, "%s%u", rootPath, context->userId) < 0) { CM_LOG_E("construct user id path failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } ret = CmMakeDir(userIdPath); @@ -92,7 +92,7 @@ int32_t ConstructUidPath(const struct CmContext *context, uint32_t store, if (snprintf_s(uidPath, pathLen, pathLen - 1, "%s/%u", userIdPath, context->uid) < 0) { CM_LOG_E("construct uid path failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } ret = CmMakeDir(uidPath); @@ -115,7 +115,7 @@ int32_t ConstructAuthListPath(const struct CmContext *context, uint32_t store, if (snprintf_s(authListPath, pathLen, pathLen - 1, "%s/%s", uidPath, "authlist") < 0) { CM_LOG_E("construct authlist failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } ret = CmMakeDir(authListPath); @@ -132,7 +132,7 @@ int32_t CmStorageGetBuf(const char *path, const char *fileName, struct CmBlob *s uint32_t fileSize = CmFileSize(path, fileName); if (fileSize > MAX_OUT_BLOB_SIZE) { CM_LOG_E("file size[%u] invalid", fileSize); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_STORAGE; } if (fileSize == 0) { @@ -189,12 +189,12 @@ int32_t CmGetCertFilePath(const struct CmContext *context, uint32_t store, struc int32_t ret = ConstructUidPath(context, store, pathPtr, CERT_MAX_PATH_LEN); if (ret != CM_SUCCESS) { CM_LOG_E("Get file path faild"); - return CM_FAILURE; + return ret; } char *path = (char *)pathBlob->data; if (sprintf_s(path, CERT_MAX_PATH_LEN, "%s", pathPtr) < 0) { - return CM_FAILURE; + return CMR_ERROR_MEM_OPERATION_PRINT; } pathBlob->size = strlen(path) + 1; @@ -235,7 +235,7 @@ static int32_t GetCertConfRootDir(char *confRootDir, uint32_t dirLen) if (snprintf_s(confRootDir, dirLen, dirLen - 1, "%s", CERT_BACKUP_CONFIG_ROOT_DIR) < 0) { CM_LOG_E("Construct confRootDir failed"); - return CM_FAILURE; + return CMR_ERROR_MEM_OPERATION_PRINT; } return CM_SUCCESS; @@ -253,14 +253,14 @@ int32_t CmGetCertConfUserIdDir(uint32_t userId, char *confUserIdDir, uint32_t di ret = GetCertConfRootDir(rootPath, CERT_MAX_PATH_LEN); if (ret != CM_SUCCESS) { CM_LOG_E("Get user cert root path failed"); - return CM_FAILURE; + return ret; } char pathTmp[CERT_MAX_PATH_LEN] = { 0 }; /* Concatenate the {confRootDir}/{userid} directory */ if (snprintf_s(pathTmp, CERT_MAX_PATH_LEN, CERT_MAX_PATH_LEN - 1, "%s/%u", rootPath, userId) < 0) { CM_LOG_E("Construct userIdPath failed, rootPath: %s, userId: %u", rootPath, userId); - return CM_FAILURE; + return CMR_ERROR_MEM_OPERATION_PRINT; } /* Create the {confRootDir}/{userid} directory */ ret = CmUserBakupMakeDir(pathTmp, NULL); @@ -271,7 +271,7 @@ int32_t CmGetCertConfUserIdDir(uint32_t userId, char *confUserIdDir, uint32_t di if (snprintf_s(confUserIdDir, dirLen, dirLen - 1, "%s", pathTmp) < 0) { CM_LOG_E("Failed to construct confUserIdDir"); - return CM_FAILURE; + return CMR_ERROR_MEM_OPERATION_PRINT; } return CM_SUCCESS; @@ -288,15 +288,15 @@ int32_t CmGetCertConfUidDir(uint32_t userId, uint32_t uid, char *certConfUidDir, char confUserIdDir[CERT_MAX_PATH_LEN] = { 0 }; ret = CmGetCertConfUserIdDir(userId, confUserIdDir, CERT_MAX_PATH_LEN); if (ret != CM_SUCCESS) { - CM_LOG_E("Construct confUserIdDir(userId: %u) failed", userId); - return CM_FAILURE; + CM_LOG_E("Construct confUserIdDir(userId: %u) failed, ret = %d", userId, ret); + return ret; } char pathTmp[CERT_MAX_PATH_LEN] = { 0 }; /* Concatenate the {confRootDir}/{userid}/{uid} directory */ if (snprintf_s(pathTmp, CERT_MAX_PATH_LEN, CERT_MAX_PATH_LEN - 1, "%s/%u", confUserIdDir, uid) < 0) { CM_LOG_E("Construct uidPath failed, uid: %u", uid); - return CM_FAILURE; + return CMR_ERROR_MEM_OPERATION_PRINT; } /* Create the {confRootDir}/{userid}/{uid} directory */ ret = CmUserBakupMakeDir(pathTmp, NULL); @@ -307,7 +307,7 @@ int32_t CmGetCertConfUidDir(uint32_t userId, uint32_t uid, char *certConfUidDir, if (snprintf_s(certConfUidDir, dirLen, dirLen - 1, "%s", pathTmp) < 0) { CM_LOG_E("Failed to construct certConfUidDir"); - return CM_FAILURE; + return CMR_ERROR_MEM_OPERATION_PRINT; } return CM_SUCCESS; @@ -325,14 +325,14 @@ int32_t CmGetCertConfPath(uint32_t userId, uint32_t uid, const struct CmBlob *ce char certConfUidDir[CERT_MAX_PATH_LEN] = { 0 }; ret = CmGetCertConfUidDir(userId, uid, certConfUidDir, CERT_MAX_PATH_LEN); if (ret != CM_SUCCESS) { - CM_LOG_E("Get user cert root path failed"); - return CM_FAILURE; + CM_LOG_E("Get user cert root path failed, ret = %d", ret); + return ret; } if (snprintf_s(confFilePath, confFilePathLen, confFilePathLen - 1, "%s/%.*s%s", certConfUidDir, certUri->size, certUri->data, CERT_CONFIG_FILE_SUFFIX) < 0) { CM_LOG_E("Failed to construct user cert config file path"); - return CM_FAILURE; + return CMR_ERROR_MEM_OPERATION_PRINT; } return CM_SUCCESS; } @@ -370,7 +370,7 @@ static int32_t GetCertBackupRootDir(char *certBackupRootDir, uint32_t dirLen) if (snprintf_s(certBackupRootDir, dirLen, dirLen - 1, "%s", CERT_BACKUP_ROOT_DIR) < 0) { CM_LOG_E("Construct certBackupRootDir failed"); - return CM_FAILURE; + return CMR_ERROR_MEM_OPERATION_PRINT; } return CM_SUCCESS; @@ -391,7 +391,7 @@ int32_t CmGetCertBackupDir(uint32_t userId, char *certBackupDir, uint32_t certBa /* Concatenate the {userId} directory for the certificate backup */ if (snprintf_s(userIdPath, CERT_MAX_PATH_LEN, CERT_MAX_PATH_LEN - 1, "%s/%u", rootPath, userId) < 0) { CM_LOG_E("Construct userIdPath failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } /* Create the {userId} directory for the certificate backup */ ret = CmUserBakupMakeDir(userIdPath, NULL); @@ -402,7 +402,7 @@ int32_t CmGetCertBackupDir(uint32_t userId, char *certBackupDir, uint32_t certBa if (snprintf_s(certBackupDir, certBackupDirLen, certBackupDirLen - 1, "%s", userIdPath) < 0) { CM_LOG_E("Construct certBackupDir failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } return CM_SUCCESS; } @@ -432,7 +432,7 @@ static int32_t CmGetCertMinSeqNum(uint32_t userId, unsigned long certSubjectName if (snprintf_s(backupFileSearchPath, CERT_MAX_PATH_LEN, CERT_MAX_PATH_LEN - 1, "%s/" CERT_BACKUP_FILENAME_FORMAT, certBackupDir, certSubjectNameHash, seq) < 0) { CM_LOG_E("Call snprintf_s return failed"); - return CM_FAILURE; + return CMR_ERROR_MEM_OPERATION_PRINT; } if (access(backupFileSearchPath, F_OK) == 0) { @@ -472,7 +472,7 @@ int32_t CmGetCertBackupFileName(const X509 *userCertX509, uint32_t userId, char if (snprintf_s(certBackupFileName, certBackupFileNameLen, certBackupFileNameLen - 1, CERT_BACKUP_FILENAME_FORMAT, certSubjectNameHash, sequenceNumber) < 0) { CM_LOG_E("Call snprintf_s return failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } return CM_SUCCESS; } @@ -503,7 +503,7 @@ int32_t CmGetCertBackupFilePath(const X509 *userCertX509, uint32_t userId, char if (snprintf_s(backupFilePath, backupFilePathLen, backupFilePathLen - 1, "%s/%s", certBackupDir, certBackupFileName) < 0) { CM_LOG_E("Call snprintf_s return failed"); - ret = CMR_ERROR_INVALID_OPERATION; + ret = CMR_ERROR_MEM_OPERATION_PRINT; } return ret; } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_updateflag.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_updateflag.c index 73819fef2a87ccbba8816875a9630853d64fc9b2..7382122f77e7eedc11afcbda97e142abeb72ab6d 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_updateflag.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_updateflag.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -73,7 +73,7 @@ static int32_t GetUpdateFlag(uint8_t *updateFlag) *updateFlag = updateFlagTmp; } else { CM_LOG_E("Failed read UpdateFlag"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_STORAGE; } return CM_SUCCESS; @@ -116,7 +116,7 @@ int32_t IsCertNeedBackup(uint32_t userId, uint32_t uid, const struct CmBlob *cer ret = CmGetCertConfPath(userId, uid, certUri, configPath, CERT_MAX_PATH_LEN); if (ret != CM_SUCCESS) { CM_LOG_E("Construct cert config configPath failed."); - return CMR_ERROR_INVALID_OPERATION; + return ret; } do { @@ -167,14 +167,14 @@ int32_t CmReadCertData(uint32_t store, const struct CmContext *context, const st if (snprintf_s(uriStr, CERT_MAX_PATH_LEN, CERT_MAX_PATH_LEN - 1, "%.*s", certUri->size, certUri->data) < 0) { CM_LOG_E("Construct cert uri string failed."); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } /* Reading certificate data */ ret = CmStorageGetBuf(uidPath, uriStr, userCertData); if (ret != CM_SUCCESS) { - CM_LOG_E("Failed to get certificate data"); - return CM_FAILURE; + CM_LOG_E("Failed to get certificate data, ret = %d", ret); + return ret; } return CM_SUCCESS; @@ -187,7 +187,7 @@ static int32_t ConvertCertDataToPem(const struct CmBlob *userCertData, const X50 int32_t ret = CmX509ToPEM(userCertX509, userCertPemData); if (ret != CM_SUCCESS) { CM_LOG_E("CmX509ToPEM fail"); - return CM_FAILURE; + return ret; } *userCertPemDataNeedFree = true; } else { @@ -210,27 +210,27 @@ int32_t CmConstructContextFromUri(const char *certUri, struct CmContext *context int32_t ret = CertManagerUriDecode(&cmUri, certUri); if ((ret != CM_SUCCESS)) { CM_LOG_E("Failed to decode struct CMUri from certUri, ret = %d", ret); - return CMR_ERROR_INVALID_OPERATION; + return ret; } do { if ((cmUri.user == NULL) || (cmUri.app == NULL) || (cmUri.object == NULL)) { CM_LOG_E("cmUri.user or cmUri.app or cmUri.object is NULL error"); - ret = CMR_ERROR_INVALID_ARGUMENT; + ret = CMR_ERROR_INVALID_ARGUMENT_URI; break; } if (CmIsNumeric(cmUri.user, strlen(cmUri.user) + 1, &(context->userId)) != CM_SUCCESS || CmIsNumeric(cmUri.app, strlen(cmUri.app) + 1, &(context->uid)) != CM_SUCCESS) { CM_LOG_E("parse string to uint32 failed."); - ret = CMR_ERROR_INVALID_ARGUMENT; + ret = CMR_ERROR_INVALID_ARGUMENT_URI; break; } if (snprintf_s(context->packageName, sizeof(context->packageName), sizeof(context->packageName) - 1, "%s", cmUri.object) < 0) { CM_LOG_E("Failed to fill context->packageName"); - ret = CMR_ERROR_INVALID_ARGUMENT; + ret = CMR_ERROR_MEM_OPERATION_PRINT; break; } } while (0); @@ -249,7 +249,7 @@ static int32_t BackupUserCert(const X509 *userCertX509, const struct CmBlob *use int32_t ret = CmGetCertConfPath(context->userId, context->uid, certUri, userCertConfigFilePath, CERT_MAX_PATH_LEN); if (ret != CM_SUCCESS) { CM_LOG_E("CmGetCertConfPath fail"); - return CM_FAILURE; + return ret; } ret = CmRemoveBackupUserCert(context, certUri, userCertConfigFilePath); @@ -260,18 +260,18 @@ static int32_t BackupUserCert(const X509 *userCertX509, const struct CmBlob *use ret = CmGetCertBackupFilePath(userCertX509, context->userId, userCertBackupFilePath, CERT_MAX_PATH_LEN); if (ret != CM_SUCCESS) { CM_LOG_E("CmGetCertBackupFilePath fail"); - return CM_FAILURE; + return ret; } ret = CmGenerateSaConf(userCertConfigFilePath, NULL, userCertBackupFilePath); if (ret != CM_SUCCESS) { CM_LOG_E("GenerateSaConf: save CertBackupFilePath fail"); - return CM_FAILURE; + return ret; } ret = CmStoreUserCert(NULL, userCert, userCertBackupFilePath); if (ret != CM_SUCCESS) { CM_LOG_E("StoreUserCert fail"); - return CM_FAILURE; + return ret; } return CM_SUCCESS; @@ -297,14 +297,12 @@ int32_t CmBackupUserCert(const struct CmContext *context, const struct CmBlob *c ret = ConvertCertDataToPem(certData, userCertX509, &certPemData, &certPemDataNeedFree); if (ret != CM_SUCCESS) { CM_LOG_E("ConvertCertDataToPem fail"); - ret = CM_FAILURE; break; } ret = BackupUserCert(userCertX509, (const struct CmBlob *)&certPemData, context, certUri); if (ret != CM_SUCCESS) { CM_LOG_E("BackupUserCert fail"); - ret = CM_FAILURE; break; } } while (0); @@ -335,7 +333,7 @@ static int32_t UpdateUserCert(uint32_t userId, uint32_t uid, const char *certPat ret = IsCertNeedBackup(userId, uid, &certUri, &needUpdate); if (ret != CM_SUCCESS) { CM_LOG_E("Check cert is need update failed, ret = %d", ret); - return CMR_ERROR_INVALID_OPERATION; + return ret; } else if (needUpdate == false) { /* No need to update */ return CM_SUCCESS; diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_uri.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_uri.c index 48bbbab0b2481c93a2bdf4a1c08411f360b0f88b..d39064686c8491135dc118eaff8d8d89ecb23e3a 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_uri.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_uri.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2023 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -296,7 +296,7 @@ int32_t CertManagerUriEncode(char *encoded, uint32_t *encodedLen, const struct C uint32_t avail = *encodedLen; if (memcpy_s(encoded, avail, SCHEME, strlen(SCHEME)) != EOK) { - return CM_FAILURE; + return CMR_ERROR_MEM_OPERATION_COPY; } off += strlen(SCHEME); avail -= strlen(SCHEME); @@ -395,7 +395,7 @@ static int32_t DecodePath(struct CMUri *uri, const char *path, uint32_t start, u if (i <= start) { // something is wrong CM_LOG_W("Invalid uri path\n"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } uint32_t valueOff = 0; @@ -439,7 +439,7 @@ static int32_t DecodePath(struct CMUri *uri, const char *path, uint32_t start, u *e = DecodeEnum(path, valueOff, valueLen, values, valueCount); } else { CM_LOG_W("Invalid field in path\n"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } start = i + 1; @@ -455,7 +455,7 @@ static int32_t DecodeQuery(struct CMUri *uri, const char *query, uint32_t start, if (i <= start) { // something is wrong CM_LOG_W("Invalid uri query\n"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } uint32_t valueOff = 0; @@ -483,7 +483,7 @@ static int32_t DecodeQuery(struct CMUri *uri, const char *query, uint32_t start, } } else { CM_LOG_W("Invalid field in query\n"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } start = i + 1; @@ -495,7 +495,7 @@ int32_t CertManagerUriDecode(struct CMUri *uri, const char *encoded) { if (uri == NULL || encoded == NULL) { CM_LOG_E("input params is invaild"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } (void)memset_s(uri, sizeof(*uri), 0, sizeof(*uri)); @@ -504,13 +504,13 @@ int32_t CertManagerUriDecode(struct CMUri *uri, const char *encoded) uint32_t len = strlen(encoded); if (len > MAX_AUTH_LEN_URI) { CM_LOG_E("invalid uri len[%u]", len); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } uint32_t off = 0; if (len < strlen(SCHEME) || memcmp(encoded, SCHEME, strlen(SCHEME))) { CM_LOG_E("Scheme mismatch. Not a cert manager URI"); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } off += strlen(SCHEME); @@ -547,13 +547,13 @@ int32_t CertManagerGetUidFromUri(const struct CmBlob *uri, uint32_t *uid) if (uriObj.app == NULL) { CM_LOG_E("uri app invalid"); (void)CertManagerFreeUri(&uriObj); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } if (CmIsNumeric(uriObj.app, strlen(uriObj.app) + 1, uid) != CM_SUCCESS) { CM_LOG_E("parse string to uint32 failed."); (void)CertManagerFreeUri(&uriObj); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_ARGUMENT_URI; } (void)CertManagerFreeUri(&uriObj); @@ -571,13 +571,13 @@ int32_t CmConstructUri(const struct CMUri *uriObj, struct CmBlob *outUri) if ((outLen == 0) || (outLen > MAX_OUT_BLOB_SIZE)) { CM_LOG_E("invalid outLen[%u]", outLen); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_INVALID_ARGUMENT; } char *data = (char *)CMMalloc(outLen); if (data == NULL) { CM_LOG_E("malloc uri buf failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MALLOC_FAIL; } (void)memset_s(data, outLen, 0, outLen); outUri->size = outLen; /* include 1 byte: the terminator('\0') */ @@ -597,7 +597,7 @@ int32_t CmConstructUri(const struct CMUri *uriObj, struct CmBlob *outUri) static int32_t UintToStr(uint32_t input, char *out, uint32_t outLen) { if (snprintf_s(out, outLen, outLen - 1, "%u", input) < 0) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } return CM_SUCCESS; } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cm_event_process.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cm_event_process.c index 4af95ade0d350c03534b64fe3697efb4841a5d0c..d91b8b503fc86bf69eadec813d8255fa87b4f325 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cm_event_process.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cm_event_process.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -128,15 +128,15 @@ static int32_t CmTraversalDirAction(const struct CmContext *context, const char static int32_t GetNextLayerPath(const char *path, const char *name, char *outPath, uint32_t outPathLen) { if (strncpy_s(outPath, outPathLen, path, strlen(path)) != EOK) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } if (outPath[strlen(outPath) - 1] != '/') { if (strncat_s(outPath, outPathLen, "/", strlen("/")) != EOK) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } } if (strncat_s(outPath, outPathLen, name, strlen(name)) != EOK) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } return CM_SUCCESS; } @@ -146,16 +146,16 @@ static int32_t RemoveDir(const char *dirPath) struct stat fileStat; int32_t ret = stat(dirPath, &fileStat); if (ret != 0) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_FILE_STAT; } if (!S_ISDIR(fileStat.st_mode)) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_INVALID_ARGUMENT; } DIR *dir = opendir(dirPath); if (dir == NULL) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_FILE_OPEN_DIR; } struct dirent *dire = readdir(dir); @@ -222,7 +222,7 @@ static int32_t CmTraversalUidLayerDir(const struct CmContext *context, const cha char uidPath[CM_MAX_FILE_NAME_LEN] = {0}; if (GetNextLayerPath(path, dire->d_name, uidPath, sizeof(uidPath)) != CM_SUCCESS) { closedir(dir); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } if ((strcmp("..", dire->d_name) != 0) && (strcmp(".", dire->d_name) != 0) && (dire->d_type == DT_REG)) { @@ -290,7 +290,7 @@ static int32_t CmTraversalUserIdLayerDir(const struct CmContext *context, const char userIdPath[CM_MAX_FILE_NAME_LEN] = {0}; if (GetNextLayerPath(path, dire->d_name, userIdPath, sizeof(userIdPath)) != CM_SUCCESS) { closedir(dir); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } if (dire->d_type == DT_DIR && (strcmp("..", dire->d_name) != 0) && (strcmp(".", dire->d_name) != 0)) { @@ -331,7 +331,7 @@ static int32_t CmTraversalDir(const struct CmContext *context, const char *path, char deletePath[CM_MAX_FILE_NAME_LEN] = { 0 }; if (GetNextLayerPath(path, dire->d_name, deletePath, sizeof(deletePath)) != CM_SUCCESS) { closedir(dir); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_PRINT; } if (CmIsNumeric(dire->d_name, strlen(dire->d_name) + 1, &uid) != CM_SUCCESS) { diff --git a/services/cert_manager_standard/cert_manager_engine/main/rdb/src/cm_cert_property_rdb.cpp b/services/cert_manager_standard/cert_manager_engine/main/rdb/src/cm_cert_property_rdb.cpp index 058738b65f7528bd0a61434a83a66c6d6d7bfc77..e684fbd5f9a17e27532e1fe9cbc622e1720c3392 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/rdb/src/cm_cert_property_rdb.cpp +++ b/services/cert_manager_standard/cert_manager_engine/main/rdb/src/cm_cert_property_rdb.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -142,7 +142,7 @@ static int32_t GetStringValue(const std::shared_ptr -#include "hisysevent_wrapper.h" +#include "cm_type.h" #ifdef __cplusplus extern "C" { diff --git a/services/cert_manager_standard/cert_manager_service/main/hisysevent_wrapper/src/cm_report_wrapper.c b/services/cert_manager_standard/cert_manager_service/main/hisysevent_wrapper/src/cm_report_wrapper.c index b6c9775aa317a9fd0785cd223343f096598f42f9..050fa98a5170ed08b57130a95076064311fccbbe 100644 --- a/services/cert_manager_standard/cert_manager_service/main/hisysevent_wrapper/src/cm_report_wrapper.c +++ b/services/cert_manager_standard/cert_manager_service/main/hisysevent_wrapper/src/cm_report_wrapper.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -15,28 +15,27 @@ #include "cm_report_wrapper.h" -#include "cm_log.h" #include "cm_type.h" +#include "hisysevent_wrapper.h" static int32_t ReportFaultEvent(const char *funcName, const struct CmContext *cmContext, const char *name, int32_t errorCode) { struct EventValues eventValues = { cmContext->userId, cmContext->uid, name, errorCode }; - int32_t ret = WriteEvent(funcName, &eventValues); - if (ret != CM_SUCCESS) { - CM_LOG_E("ReportFaultEvent failed, ret = %d", ret); - } - return ret; + return WriteEvent(funcName, &eventValues); } -static bool CheckCertName(const char *certName, uint32_t len) +static bool CheckCertName(const struct CmBlob *certName) { - if ((len == 0) || (len > MAX_LEN_URI)) { + if (CmCheckBlob(certName) != CM_SUCCESS) { + return false; + } + if (certName->size > MAX_LEN_URI) { return false; } - for (uint32_t i = 1; i < len; ++i) { /* from index 1 has '\0' */ - if (certName[i] == 0) { + for (uint32_t i = 1; i < certName->size; ++i) { /* from index 1 has '\0' */ + if (certName->data[i] == 0) { return true; } } @@ -50,15 +49,10 @@ void CmReport(const char *funcName, const struct CmContext *cmContext, return; } - if ((certName == NULL) || (certName->data == NULL)) { + if (!CheckCertName(certName)) { (void)ReportFaultEvent(funcName, cmContext, "NULL", errorCode); return; } - if (!CheckCertName((char *)certName->data, certName->size)) { - CM_LOG_E("certName is invalid"); - return; - } - (void)ReportFaultEvent(funcName, cmContext, (char *)certName->data, errorCode); } \ No newline at end of file diff --git a/services/cert_manager_standard/cert_manager_service/main/hisysevent_wrapper/src/hisysevent_wrapper.cpp b/services/cert_manager_standard/cert_manager_service/main/hisysevent_wrapper/src/hisysevent_wrapper.cpp index 41487698dd30c1b99b5f98b4a10a41a58017fd1b..d9477b8d9ad400eca89ab9e711fbcad3ad3d2e56 100644 --- a/services/cert_manager_standard/cert_manager_service/main/hisysevent_wrapper/src/hisysevent_wrapper.cpp +++ b/services/cert_manager_standard/cert_manager_service/main/hisysevent_wrapper/src/hisysevent_wrapper.cpp @@ -75,6 +75,58 @@ static const std::string CMR_ERROR_DELETE_RDB_DATA_FAIL_MSG = "failed to delete static const std::string CMR_ERROR_QUERY_RDB_DATA_FAIL_MSG = "failed to query data from rdb table"; static const std::string CMR_ERROR_PASSWORD_IS_ERR_MSG = "the password is incorrect"; +static const std::string CMR_ERROR_OPENSSL_FAIL_MSG = "failed to call openssl API"; +static const std::string CMR_ERROR_MAX_GRANT_COUNT_REACHED_MSG = "reach the max grant uid count"; +static const std::string CMR_ERROR_SA_START_STATUS_INIT_FAILED_MSG = "failed to init status when sa start"; +static const std::string CMR_ERROR_SA_START_HUKS_INIT_FAILED_MSG = "failed to init huks when sa start"; +static const std::string CMR_ERROR_SA_START_PUBLISH_FAILED_MSG = "failed to publish sa when sa start"; +static const std::string CMR_ERROR_IPC_PARAM_SIZE_INVALID_MSG = "the ipc param size is invalid"; +static const std::string CMR_ERROR_GET_LOCAL_TIME_FAILED_MSG = "failed to get local time"; +static const std::string CMR_ERROR_MEM_OPERATION_COPY_MSG = "failed to copy data, maybe invalid buffer length"; +static const std::string CMR_ERROR_MEM_OPERATION_PRINT_MSG = "failed to sprintf data, maybe invalid buffer length"; +static const std::string CMR_ERROR_FILE_OPEN_DIR_MSG = "failed to open dir"; +static const std::string CMR_ERROR_FILE_STAT_MSG = "failed to stat file"; +static const std::string CMR_ERROR_CERT_COUNT_MISMATCH_MSG = "the file count is not same"; +static const std::string CMR_ERROR_GET_CERT_STATUS_MSG = "failed to get cert status"; +static const std::string CMR_ERROR_GET_CERT_SUBJECT_ITEM_MSG = "failed to get cert subject item"; + +/* invalid argument msg */ +static const std::string CMR_ERROR_INVALID_PARAMSET_ARG_MSG = "the paramset argument is invalid"; +static const std::string CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE_MSG = "the store type argument is invalid"; +static const std::string CMR_ERROR_INVALID_ARGUMENT_SCOPE_MSG = "the scope argument is invalid"; +static const std::string CMR_ERROR_INVALID_ARGUMENT_USER_ID_MSG = "the user id argument is invalid"; +static const std::string CMR_ERROR_INVALID_ARGUMENT_UID_MSG = "the uid argument is invalid"; +static const std::string CMR_ERROR_INVALID_ARGUMENT_URI_MSG = "the uri argument is invalid"; +static const std::string CMR_ERROR_INVALID_ARGUMENT_STATUS_MSG = "the statue argument is invalid"; +static const std::string CMR_ERROR_INVALID_ARGUMENT_APP_CERT_MSG = "the app cert data is invalid"; +static const std::string CMR_ERROR_INVALID_ARGUMENT_APP_PWD_MSG = "the app pwd data is invalid"; +static const std::string CMR_ERROR_INVALID_ARGUMENT_ALIAS_MSG = "the alias argument is invalid"; +static const std::string CMR_ERROR_INVALID_ARGUMENT_SIGN_SPEC_MSG = "the sign verify spec argument is invalid"; +static const std::string CMR_ERROR_INVALID_ARGUMENT_HANDLE_MSG = "the handle argument is invalid"; + +/* key operation failed msg */ +static const std::string CMR_ERROR_KEY_IMPORT_PARAM_FAILED_MSG = "failed to construct import key param"; +static const std::string CMR_ERROR_KEY_IMPORT_FAILED_MSG = "failed to import key to huks"; +static const std::string CMR_ERROR_KEY_DELETE_PARAM_FAILED_MSG = "failed to construct delete key param"; +static const std::string CMR_ERROR_KEY_DELETE_FAILED_MSG = "failed to delete key from huks"; +static const std::string CMR_ERROR_KEY_MAC_PARAM_FAILED_MSG = "failed to construct mac param"; +static const std::string CMR_ERROR_KEY_MAC_INIT_FAILED_MSG = "failed to calc mac when call huks init"; +static const std::string CMR_ERROR_KEY_MAC_FINISH_FAILED_MSG = "failed to calc mac when call huks finish"; +static const std::string CMR_ERROR_KEY_GENERATE_PARAM_FAILED_MSG = "failed to construct generate key param"; +static const std::string CMR_ERROR_KEY_GENERATE_FAILED_MSG = "failed to generate key from huks"; +static const std::string CMR_ERROR_KEY_INIT_PARAM_FAILED_MSG = "failed to construct init key param"; +static const std::string CMR_ERROR_KEY_INIT_FAILED_MSG = "failed to init from huks"; +static const std::string CMR_ERROR_KEY_PROCESS_PARAM_FAILED_MSG = "failed to construct update or finish or abort param"; +static const std::string CMR_ERROR_KEY_UPDATE_FAILED_MSG = "failed to do update operation from huks"; +static const std::string CMR_ERROR_KEY_FINISH_FAILED_MSG = "failed to do finish operation from huks"; +static const std::string CMR_ERROR_KEY_ABORT_FAILED_MSG = "failed to do abort operation from huks"; +static const std::string CMR_ERROR_KEY_CHECK_EXIST_PARAM_FAILED_MSG = "failed to construct check key exist param"; +static const std::string CMR_ERROR_KEY_CHECK_EXIST_FAILED_MSG = "failed to check key exist from huks"; + +/* auth check failed msg */ +static const std::string CMR_ERROR_AUTH_FAILED_MAC_FAILED_MSG = "failed to calc the mac value"; +static const std::string CMR_ERROR_AUTH_FAILED_MAC_MISMATCH_MSG = "the auth result is not same with mac value"; + static const std::unordered_map ERROR_CODE_TO_MSG_MAP = { { CM_FAILURE, CM_UNKNOWN_MSG }, { CMR_ERROR_NOT_PERMITTED, CMR_ERROR_NOT_PERMITTED_MSG }, @@ -112,6 +164,58 @@ static const std::unordered_map ERROR_CODE_TO_MSG_MAP = { { CMR_ERROR_DELETE_RDB_DATA_FAIL, CMR_ERROR_DELETE_RDB_DATA_FAIL_MSG }, { CMR_ERROR_QUERY_RDB_DATA_FAIL, CMR_ERROR_QUERY_RDB_DATA_FAIL_MSG }, { CMR_ERROR_PASSWORD_IS_ERR, CMR_ERROR_PASSWORD_IS_ERR_MSG }, + + { CMR_ERROR_OPENSSL_FAIL, CMR_ERROR_OPENSSL_FAIL_MSG }, + { CMR_ERROR_MAX_GRANT_COUNT_REACHED, CMR_ERROR_MAX_GRANT_COUNT_REACHED_MSG }, + { CMR_ERROR_SA_START_STATUS_INIT_FAILED, CMR_ERROR_SA_START_STATUS_INIT_FAILED_MSG }, + { CMR_ERROR_SA_START_HUKS_INIT_FAILED, CMR_ERROR_SA_START_HUKS_INIT_FAILED_MSG }, + { CMR_ERROR_SA_START_PUBLISH_FAILED, CMR_ERROR_SA_START_PUBLISH_FAILED_MSG }, + { CMR_ERROR_IPC_PARAM_SIZE_INVALID, CMR_ERROR_IPC_PARAM_SIZE_INVALID_MSG }, + { CMR_ERROR_GET_LOCAL_TIME_FAILED, CMR_ERROR_GET_LOCAL_TIME_FAILED_MSG }, + { CMR_ERROR_MEM_OPERATION_COPY, CMR_ERROR_MEM_OPERATION_COPY_MSG }, + { CMR_ERROR_MEM_OPERATION_PRINT, CMR_ERROR_MEM_OPERATION_PRINT_MSG }, + { CMR_ERROR_FILE_OPEN_DIR, CMR_ERROR_FILE_OPEN_DIR_MSG }, + { CMR_ERROR_FILE_STAT, CMR_ERROR_FILE_STAT_MSG }, + { CMR_ERROR_CERT_COUNT_MISMATCH, CMR_ERROR_CERT_COUNT_MISMATCH_MSG }, + { CMR_ERROR_GET_CERT_STATUS, CMR_ERROR_GET_CERT_STATUS_MSG }, + { CMR_ERROR_GET_CERT_SUBJECT_ITEM, CMR_ERROR_GET_CERT_SUBJECT_ITEM_MSG }, + + /* invalid argument */ + { CMR_ERROR_INVALID_PARAMSET_ARG, CMR_ERROR_INVALID_PARAMSET_ARG_MSG }, + { CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE, CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE_MSG }, + { CMR_ERROR_INVALID_ARGUMENT_SCOPE, CMR_ERROR_INVALID_ARGUMENT_SCOPE_MSG }, + { CMR_ERROR_INVALID_ARGUMENT_USER_ID, CMR_ERROR_INVALID_ARGUMENT_USER_ID_MSG }, + { CMR_ERROR_INVALID_ARGUMENT_UID, CMR_ERROR_INVALID_ARGUMENT_UID_MSG }, + { CMR_ERROR_INVALID_ARGUMENT_URI, CMR_ERROR_INVALID_ARGUMENT_URI_MSG }, + { CMR_ERROR_INVALID_ARGUMENT_STATUS, CMR_ERROR_INVALID_ARGUMENT_STATUS_MSG }, + { CMR_ERROR_INVALID_ARGUMENT_APP_CERT, CMR_ERROR_INVALID_ARGUMENT_APP_CERT_MSG }, + { CMR_ERROR_INVALID_ARGUMENT_APP_PWD, CMR_ERROR_INVALID_ARGUMENT_APP_PWD_MSG }, + { CMR_ERROR_INVALID_ARGUMENT_ALIAS, CMR_ERROR_INVALID_ARGUMENT_ALIAS_MSG }, + { CMR_ERROR_INVALID_ARGUMENT_SIGN_SPEC, CMR_ERROR_INVALID_ARGUMENT_SIGN_SPEC_MSG }, + { CMR_ERROR_INVALID_ARGUMENT_HANDLE, CMR_ERROR_INVALID_ARGUMENT_HANDLE_MSG }, + + /* key operation failed */ + { CMR_ERROR_KEY_IMPORT_PARAM_FAILED, CMR_ERROR_KEY_IMPORT_PARAM_FAILED_MSG }, + { CMR_ERROR_KEY_IMPORT_FAILED, CMR_ERROR_KEY_IMPORT_FAILED_MSG }, + { CMR_ERROR_KEY_DELETE_PARAM_FAILED, CMR_ERROR_KEY_DELETE_PARAM_FAILED_MSG }, + { CMR_ERROR_KEY_DELETE_FAILED, CMR_ERROR_KEY_DELETE_FAILED_MSG }, + { CMR_ERROR_KEY_MAC_PARAM_FAILED, CMR_ERROR_KEY_MAC_PARAM_FAILED_MSG }, + { CMR_ERROR_KEY_MAC_INIT_FAILED, CMR_ERROR_KEY_MAC_INIT_FAILED_MSG }, + { CMR_ERROR_KEY_MAC_FINISH_FAILED, CMR_ERROR_KEY_MAC_FINISH_FAILED_MSG }, + { CMR_ERROR_KEY_GENERATE_PARAM_FAILED, CMR_ERROR_KEY_GENERATE_PARAM_FAILED_MSG }, + { CMR_ERROR_KEY_GENERATE_FAILED, CMR_ERROR_KEY_GENERATE_FAILED_MSG }, + { CMR_ERROR_KEY_INIT_PARAM_FAILED, CMR_ERROR_KEY_INIT_PARAM_FAILED_MSG }, + { CMR_ERROR_KEY_INIT_FAILED, CMR_ERROR_KEY_INIT_FAILED_MSG }, + { CMR_ERROR_KEY_PROCESS_PARAM_FAILED, CMR_ERROR_KEY_PROCESS_PARAM_FAILED_MSG }, + { CMR_ERROR_KEY_UPDATE_FAILED, CMR_ERROR_KEY_UPDATE_FAILED_MSG }, + { CMR_ERROR_KEY_FINISH_FAILED, CMR_ERROR_KEY_FINISH_FAILED_MSG }, + { CMR_ERROR_KEY_ABORT_FAILED, CMR_ERROR_KEY_ABORT_FAILED_MSG }, + { CMR_ERROR_KEY_CHECK_EXIST_PARAM_FAILED, CMR_ERROR_KEY_CHECK_EXIST_PARAM_FAILED_MSG }, + { CMR_ERROR_KEY_CHECK_EXIST_FAILED, CMR_ERROR_KEY_CHECK_EXIST_FAILED_MSG }, + + /* auth check failed */ + { CMR_ERROR_AUTH_FAILED_MAC_FAILED, CMR_ERROR_AUTH_FAILED_MAC_FAILED_MSG }, + { CMR_ERROR_AUTH_FAILED_MAC_MISMATCH, CMR_ERROR_AUTH_FAILED_MAC_MISMATCH_MSG }, }; static const char *GetErrorMsg(int32_t errCode) @@ -137,7 +241,8 @@ static void GetCallerName(std::string &callerName) int32_t ret = AccessTokenKit::GetHapTokenInfo(callingTokenId, hapTokenInfo); if (ret != CM_SUCCESS) { CM_LOG_E("Failed to get hap info from access token kit."); - return; /* when faile to get hap info, callName is empty string */ + callerName += "NULL"; /* when faile to get hap info, callName is empty string */ + return; } callerName += hapTokenInfo.bundleName; return; diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/BUILD.gn b/services/cert_manager_standard/cert_manager_service/main/os_dependency/BUILD.gn index 120ac7d381d67a293fb50d4248ff1c91db7f8a5c..e4c267d1c7e0819a4556ddc2dac0135481306dff 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/BUILD.gn +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (C) 2022 Huawei Device Co., Ltd. +# Copyright (C) 2022-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -37,6 +37,7 @@ ohos_static_library("libcert_manager_service_os_dependency_standard_static") { "${cert_manager_root_dir}/frameworks/cert_manager_standard/main/common:libcert_manager_common_standard_static", "${cert_manager_root_dir}/services/cert_manager_standard/cert_manager_engine/main/core:cert_manager_engine_core_standard", "${cert_manager_root_dir}/services/cert_manager_standard/cert_manager_engine/main/rdb:libcert_manager_rdb_static", + "${cert_manager_root_dir}/services/cert_manager_standard/cert_manager_service/main/hisysevent_wrapper:libcert_manager_hisysevent_wrapper_static", "idl:libcm_service_idl_standard_static", ] diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c index 891a920d688c3637315844977428997bae71031f..5ab82f9c3ad3cda9bc50e397c2058795c2e082d6 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -114,6 +114,8 @@ void CmIpcServiceGetCertificateList(const struct CmBlob *paramSetBlob, struct Cm CmFreeCertFiles((struct CertFileInfo *)certFileList.data, certFileList.size); } CmFreeParamSet(¶mSet); + + CM_LOG_I("leave: ret = %d", ret); } void CmIpcServiceGetCertificateInfo(const struct CmBlob *paramSetBlob, struct CmBlob *outData, @@ -165,6 +167,8 @@ void CmIpcServiceGetCertificateInfo(const struct CmBlob *paramSetBlob, struct Cm } CM_FREE_BLOB(certificateData); CmFreeParamSet(¶mSet); + + CM_LOG_I("leave: ret = %d", ret); } void CmIpcServiceSetCertStatus(const struct CmBlob *paramSetBlob, struct CmBlob *outData, @@ -206,7 +210,8 @@ void CmIpcServiceSetCertStatus(const struct CmBlob *paramSetBlob, struct CmBlob CmSendResponse(context, ret, NULL); CmReportSGSetCertStatus(&certUri, store, status, ret); CmFreeParamSet(¶mSet); - CM_LOG_D("CmIpcServiceSetCertStatus end:%d", ret); + + CM_LOG_I("leave: ret = %d", ret); } void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData, @@ -229,6 +234,7 @@ void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob int32_t ret; struct CmContext cmContext = { 0 }; + struct CmContext oriContext = {0}; struct CmParamSet *paramSet = NULL; do { ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); @@ -236,6 +242,8 @@ void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob CM_LOG_E("install app cert get input params failed, ret = %d", ret); break; } + oriContext.userId = cmContext.userId; + oriContext.uid = cmContext.uid; struct CmAppCertParam certParam = { &appCert, &appCertPwd, &certAlias, store, userId, level }; ret = CmServicInstallAppCert(&cmContext, &certParam, outData); @@ -246,12 +254,13 @@ void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob } while (0); struct CmBlob tempBlob = { 0, NULL }; - CmReport(__func__, &cmContext, &tempBlob, ret); + CmReport(__func__, &oriContext, &tempBlob, ret); CmSendResponse(context, ret, outData); CmReportSGInstallAppCert(&certAlias, store, ret); CmFreeParamSet(¶mSet); - CM_LOG_D("CmIpcServiceInstallAppCert end:%d", ret); + + CM_LOG_I("leave: ret = %d", ret); } void CmIpcServiceUninstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData, @@ -263,6 +272,7 @@ void CmIpcServiceUninstallAppCert(const struct CmBlob *paramSetBlob, struct CmBl struct CmParamSet *paramSet = NULL; struct CmBlob keyUri = { 0, NULL }; struct CmContext cmContext = {0}; + struct CmContext oriContext = {0}; struct CmParamOut params[] = { { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri }, @@ -275,6 +285,8 @@ void CmIpcServiceUninstallAppCert(const struct CmBlob *paramSetBlob, struct CmBl CM_LOG_E("UninstallAppCert get input params failed, ret = %d", ret); break; } + oriContext.userId = cmContext.userId; + oriContext.uid = cmContext.uid; ret = CmServiceUninstallAppCertCheck(&cmContext, store, &keyUri); if (ret != CM_SUCCESS) { @@ -288,11 +300,12 @@ void CmIpcServiceUninstallAppCert(const struct CmBlob *paramSetBlob, struct CmBl } } while (0); - CmReport(__func__, &cmContext, &keyUri, ret); + CmReport(__func__, &oriContext, &keyUri, ret); CmSendResponse(context, ret, NULL); CmReportSGUninstallAppCert(&keyUri, store, false, ret); CmFreeParamSet(¶mSet); - CM_LOG_D("CmIpcServiceUninstallAppCert end:%d", ret); + + CM_LOG_I("leave: ret = %d", ret); } void CmIpcServiceUninstallAllAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData, @@ -316,7 +329,8 @@ void CmIpcServiceUninstallAllAppCert(const struct CmBlob *paramSetBlob, struct C CmReport(__func__, &cmContext, NULL, ret); CmSendResponse(context, ret, NULL); CmReportSGUninstallAppCert(NULL, INIT_INVALID_VALUE, true, ret); - CM_LOG_D("CmIpcServiceUninstallAllAppCert end:%d", ret); + + CM_LOG_I("leave: ret = %d", ret); } static int32_t GetAppCertInfo(const struct CmBlob *keyUri, struct CmBlob *certType, @@ -334,20 +348,20 @@ static int32_t GetAppCertInfo(const struct CmBlob *keyUri, struct CmBlob *certTy } if ((uri.type >= TYPE_COUNT) || (uri.object == NULL)) { CM_LOG_E("uri's type[%u] or object is invalid after decode", uri.type); - ret = CMR_ERROR; + ret = CMR_ERROR_INVALID_ARGUMENT_URI; break; } if (memcpy_s(certType->data, certType->size, g_types[uri.type], strlen(g_types[uri.type]) + 1) != EOK) { CM_LOG_E("Failed to copy certType->data"); - ret = CMR_ERROR; + ret = CMR_ERROR_MEM_OPERATION_COPY; break; } certType->size = strlen(g_types[uri.type]) + 1; if (memcpy_s(certUri->data, certUri->size, keyUri->data, keyUri->size) != EOK) { CM_LOG_E("Failed to copy certUri->data"); - ret = CMR_ERROR; + ret = CMR_ERROR_MEM_OPERATION_COPY; break; } certUri->size = keyUri->size; @@ -486,7 +500,8 @@ void CmIpcServiceGetAppCertList(const struct CmBlob *paramSetBlob, struct CmBlob CmFreeParamSet(¶mSet); CmFreeFileNames(fileNames, fileCount); CM_FREE_BLOB(certificateList); - CM_LOG_D("CmIpcServiceGetAppCertList end:%d", ret); + + CM_LOG_I("leave: ret = %d", ret); } void CmIpcServiceGetCallingAppCertList(const struct CmBlob *paramSetBlob, struct CmBlob *outData, @@ -536,7 +551,8 @@ void CmIpcServiceGetCallingAppCertList(const struct CmBlob *paramSetBlob, struct CmFreeParamSet(¶mSets); CmFreeFileNames(fileNamesBlob, fileCount); CM_FREE_BLOB(certificateList); - CM_LOG_D("CmServiceGetCallingAppCertListCheck end:%d", ret); + + CM_LOG_I("leave: ret = %d", ret); } static int32_t CopyCertificateInfoToBuffer(const struct CmBlob *certBlob, @@ -655,6 +671,7 @@ void CmIpcServiceGetAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *ou struct CmBlob certificateInfo = { 0, NULL }; struct CmBlob certBlob = { 0, NULL }; struct CmContext cmContext = {0}; + struct CmContext oriContext = {0}; struct CmParamSet *paramSet = NULL; struct CmParamOut params[] = { { @@ -672,6 +689,8 @@ void CmIpcServiceGetAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *ou CM_LOG_E("CmIpcServiceGetAppCert get input params failed, ret = %d", ret); break; } + oriContext.userId = cmContext.userId; + oriContext.uid = cmContext.uid; ret = CmServiceGetAppCertCheck(&cmContext, store, &keyUri); if (ret != CM_SUCCESS) { @@ -691,19 +710,20 @@ void CmIpcServiceGetAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *ou } } while (0); - CmReport(__func__, &cmContext, &keyUri, ret); + CmReport(__func__, &oriContext, &keyUri, ret); CmSendResponse(context, ret, &certificateInfo); CmFreeParamSet(¶mSet); CM_FREE_BLOB(certBlob); CM_FREE_BLOB(certificateInfo); - CM_LOG_D("CmIpcServiceGetAppCert end:%d", ret); + + CM_LOG_I("leave: ret = %d", ret); } static int32_t GetAuthedList(const struct CmContext *context, const struct CmBlob *keyUri, struct CmBlob *outData) { if (outData->size < sizeof(uint32_t)) { /* appUidCount size */ CM_LOG_E("invalid outData size[%u]", outData->size); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_BUFFER_TOO_SMALL; } uint32_t count = (outData->size - sizeof(uint32_t)) / sizeof(uint32_t); @@ -753,10 +773,11 @@ void CmIpcServiceGrantAppCertificate(const struct CmBlob *paramSetBlob, struct C CmReport(__func__, &cmContext, &keyUri, ret); - CM_LOG_D("CmIpcServiceGrantAppCertificate end:%d", ret); CmSendResponse(context, ret, outData); CmReportSGGrantAppCert(&keyUri, grantUid, false, ret); CmFreeParamSet(¶mSet); + + CM_LOG_I("leave: ret = %d", ret); } void CmIpcServiceGetAuthorizedAppList(const struct CmBlob *paramSetBlob, struct CmBlob *outData, @@ -784,10 +805,10 @@ void CmIpcServiceGetAuthorizedAppList(const struct CmBlob *paramSetBlob, struct } } while (0); CmReport(__func__, &cmContext, &keyUri, ret); - - CM_LOG_D("CmIpcServiceGetAuthorizedAppList end:%d", ret); CmSendResponse(context, ret, outData); CmFreeParamSet(¶mSet); + + CM_LOG_I("leave: ret = %d", ret); } void CmIpcServiceIsAuthorizedApp(const struct CmBlob *paramSetBlob, struct CmBlob *outData, @@ -817,9 +838,10 @@ void CmIpcServiceIsAuthorizedApp(const struct CmBlob *paramSetBlob, struct CmBlo } while (0); CmReport(__func__, &cmContext, &authUri, ret); - CM_LOG_D("CmIpcServiceIsAuthorizedApp end:%d", ret); CmSendResponse(context, ret, NULL); CmFreeParamSet(¶mSet); + + CM_LOG_I("leave: ret = %d", ret); } void CmIpcServiceRemoveGrantedApp(const struct CmBlob *paramSetBlob, struct CmBlob *outData, @@ -850,10 +872,11 @@ void CmIpcServiceRemoveGrantedApp(const struct CmBlob *paramSetBlob, struct CmBl } while (0); CmReport(__func__, &cmContext, &keyUri, ret); - CM_LOG_D("CmIpcServiceRemoveGrantedApp end:%d", ret); CmSendResponse(context, ret, NULL); CmReportSGGrantAppCert(&keyUri, appUid, true, ret); CmFreeParamSet(¶mSet); + + CM_LOG_I("leave: ret = %d", ret); } void CmIpcServiceInit(const struct CmBlob *paramSetBlob, struct CmBlob *outData, @@ -879,7 +902,7 @@ void CmIpcServiceInit(const struct CmBlob *paramSetBlob, struct CmBlob *outData, struct CmSignatureSpec spec = { 0 }; if (specBlob.size < sizeof(struct CmSignatureSpec)) { CM_LOG_E("invalid input spec size"); - ret = CMR_ERROR_INVALID_ARGUMENT; + ret = CMR_ERROR_INVALID_ARGUMENT_SIGN_SPEC; break; } (void)memcpy_s(&spec, sizeof(struct CmSignatureSpec), specBlob.data, sizeof(struct CmSignatureSpec)); @@ -892,9 +915,10 @@ void CmIpcServiceInit(const struct CmBlob *paramSetBlob, struct CmBlob *outData, } while (0); CmReport(__func__, &cmContext, &authUri, ret); - CM_LOG_D("CmIpcServiceInit end:%d", ret); CmSendResponse(context, ret, outData); CmFreeParamSet(¶mSet); + + CM_LOG_I("leave: ret = %d", ret); } void CmIpcServiceUpdate(const struct CmBlob *paramSetBlob, struct CmBlob *outData, @@ -926,9 +950,9 @@ void CmIpcServiceUpdate(const struct CmBlob *paramSetBlob, struct CmBlob *outDat } while (0); CmReport(__func__, &cmContext, NULL, ret); - CM_LOG_D("CmIpcServiceUpdate end:%d", ret); CmSendResponse(context, ret, NULL); CmFreeParamSet(¶mSet); + CM_LOG_I("leave: ret = %d", ret); } void CmIpcServiceFinish(const struct CmBlob *paramSetBlob, struct CmBlob *outData, @@ -959,9 +983,10 @@ void CmIpcServiceFinish(const struct CmBlob *paramSetBlob, struct CmBlob *outDat } while (0); CmReport(__func__, &cmContext, NULL, ret); - CM_LOG_D("CmIpcServiceFinish end:%d", ret); CmSendResponse(context, ret, outData); CmFreeParamSet(¶mSet); + + CM_LOG_I("leave: ret = %d", ret); } void CmIpcServiceAbort(const struct CmBlob *paramSetBlob, struct CmBlob *outData, @@ -991,9 +1016,10 @@ void CmIpcServiceAbort(const struct CmBlob *paramSetBlob, struct CmBlob *outData } while (0); CmReport(__func__, &cmContext, NULL, ret); - CM_LOG_D("CmIpcServiceAbort end:%d", ret); CmSendResponse(context, ret, NULL); CmFreeParamSet(¶mSet); + + CM_LOG_I("leave: ret = %d", ret); } void CmIpcServiceGetUserCertList(const struct CmBlob *paramSetBlob, struct CmBlob *outData, @@ -1013,18 +1039,18 @@ void CmIpcServiceGetUserCertList(const struct CmBlob *paramSetBlob, struct CmBlo }; do { - if (!CmHasCommonPermission()) { - CM_LOG_E("caller no permission"); - ret = CMR_ERROR_PERMISSION_DENIED; - break; - } - ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); if (ret != CM_SUCCESS) { CM_LOG_E("GetUserCertList get input params failed, ret = %d", ret); break; } + if (!CmHasCommonPermission()) { + CM_LOG_E("caller no permission"); + ret = CMR_ERROR_PERMISSION_DENIED; + break; + } + struct UserCAProperty prop = { userId, scope }; ret = CmServiceGetCertList(&cmContext, &prop, store, &certFileList); if (ret != CM_SUCCESS) { @@ -1052,6 +1078,8 @@ void CmIpcServiceGetUserCertList(const struct CmBlob *paramSetBlob, struct CmBlo CmFreeCertFiles((struct CertFileInfo *)certFileList.data, certFileList.size); } CmFreeParamSet(¶mSet); + + CM_LOG_I("leave: ret = %d", ret); } void CmIpcServiceGetUserCertInfo(const struct CmBlob *paramSetBlob, struct CmBlob *outData, @@ -1063,6 +1091,7 @@ void CmIpcServiceGetUserCertInfo(const struct CmBlob *paramSetBlob, struct CmBlo struct CmBlob certUri = { 0, NULL }; struct CmBlob certificateData = { 0, NULL }; struct CmContext cmContext = {0}; + struct CmContext oriContext = {0}; struct CmParamSet *paramSet = NULL; struct CmParamOut params[] = { { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri}, @@ -1070,17 +1099,19 @@ void CmIpcServiceGetUserCertInfo(const struct CmBlob *paramSetBlob, struct CmBlo }; do { - if (!CmHasCommonPermission()) { - CM_LOG_E("caller no permission"); - ret = CMR_ERROR_PERMISSION_DENIED; - break; - } - ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); if (ret != CM_SUCCESS) { CM_LOG_E("GetUserCertInfo get input params failed, ret = %d", ret); break; } + oriContext.userId = cmContext.userId; + oriContext.uid = cmContext.uid; + + if (!CmHasCommonPermission()) { + CM_LOG_E("caller no permission"); + ret = CMR_ERROR_PERMISSION_DENIED; + break; + } ret = CmServiceGetCertInfo(&cmContext, &certUri, store, &certificateData, &status); if (ret != CM_SUCCESS) { @@ -1095,12 +1126,14 @@ void CmIpcServiceGetUserCertInfo(const struct CmBlob *paramSetBlob, struct CmBlo } CmSendResponse(context, ret, outData); } while (0); - CmReport(__func__, &cmContext, &certUri, ret); + CmReport(__func__, &oriContext, &certUri, ret); if (ret != CM_SUCCESS) { CmSendResponse(context, ret, NULL); } CM_FREE_BLOB(certificateData); CmFreeParamSet(¶mSet); + + CM_LOG_I("leave: ret = %d", ret); } void CmIpcServiceSetUserCertStatus(const struct CmBlob *paramSetBlob, struct CmBlob *outData, @@ -1146,10 +1179,12 @@ void CmIpcServiceSetUserCertStatus(const struct CmBlob *paramSetBlob, struct CmB } } while (0); - CmReport(__func__, &cmContext, &certUri, ret); + CmReport(__func__, &oriContext, &certUri, ret); CmSendResponse(context, ret, NULL); CmReportSGSetCertStatus(&certUri, store, status, ret); CmFreeParamSet(¶mSet); + + CM_LOG_I("leave: ret = %d", ret); } void CmIpcServiceInstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData, @@ -1202,6 +1237,8 @@ void CmIpcServiceInstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlo } CmReportSGInstallUserCert(&certAlias, outData, ret); CmFreeParamSet(¶mSet); + + CM_LOG_I("leave: ret = %d", ret); } void CmIpcServiceUninstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData, @@ -1243,6 +1280,8 @@ void CmIpcServiceUninstallUserCert(const struct CmBlob *paramSetBlob, struct CmB CmSendResponse(context, ret, NULL); CmReportSGUninstallUserCert(&certUri, false, ret); CmFreeParamSet(¶mSet); + + CM_LOG_I("leave: ret = %d", ret); } void CmIpcServiceUninstallAllUserCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData, @@ -1253,6 +1292,12 @@ void CmIpcServiceUninstallAllUserCert(const struct CmBlob *paramSetBlob, struct struct CmContext cmContext = {0}; do { + ret = CmGetProcessInfoForIPC(&cmContext); + if (ret != CM_SUCCESS) { + CM_LOG_E("CmGetProcessInfoForIPC fail, ret = %d", ret); + break; + } + if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) { CM_LOG_E("caller no permission"); ret = CMR_ERROR_PERMISSION_DENIED; @@ -1263,13 +1308,6 @@ void CmIpcServiceUninstallAllUserCert(const struct CmBlob *paramSetBlob, struct ret = CMR_ERROR_NOT_SYSTEMP_APP; break; } - - ret = CmGetProcessInfoForIPC(&cmContext); - if (ret != CM_SUCCESS) { - CM_LOG_E("CmGetProcessInfoForIPC fail, ret = %d", ret); - break; - } - ret = CmUninstallAllUserCert(&cmContext); if (ret != CM_SUCCESS) { CM_LOG_E("CertManagerUninstallAllUserCert fail, ret = %d", ret); @@ -1279,5 +1317,7 @@ void CmIpcServiceUninstallAllUserCert(const struct CmBlob *paramSetBlob, struct CmReport(__func__, &cmContext, NULL, ret); CmSendResponse(context, ret, NULL); CmReportSGUninstallUserCert(NULL, true, ret); + + CM_LOG_I("leave: ret = %d", ret); } diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service_serialization.c b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service_serialization.c index 55756c0d6bc053d4c379c2f60fe9749f3c7d68e3..ea2a4e330e9eeedc37ce2a8605f29421ff0ef4ff 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service_serialization.c +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service_serialization.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -32,7 +32,7 @@ int32_t CopyUint32ToBuffer(uint32_t value, const struct CmBlob *destBlob, uint32 } if (memcpy_s(destBlob->data + *destOffset, destBlob->size - *destOffset, &value, sizeof(value)) != EOK) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } *destOffset += sizeof(value); return CM_SUCCESS; @@ -50,13 +50,13 @@ int32_t CopyBlobToBuffer(const struct CmBlob *blob, const struct CmBlob *destBlo if (memcpy_s(destBlob->data + *destOffset, destBlob->size - *destOffset, &(blob->size), sizeof(blob->size)) != EOK) { - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } *destOffset += sizeof(blob->size); if (memcpy_s(destBlob->data + *destOffset, destBlob->size - *destOffset, blob->data, blob->size) != EOK) { *destOffset -= sizeof(blob->size); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } *destOffset += ALIGN_SIZE(blob->size); return CM_SUCCESS; @@ -82,7 +82,7 @@ static int32_t GetNormalParam(const struct CmParam *param, struct CmParamOut *ou break; default: CM_LOG_E("invalid tag type:%x", GetTagType(outParams->tag)); - return CMR_ERROR_INVALID_ARGUMENT; + return CMR_ERROR_INVALID_PARAMSET_ARG; } return CM_SUCCESS; } @@ -133,7 +133,7 @@ static int32_t CmGetCertListPack(const struct CertBlob *certBlob, uint32_t *stat uint32_t offset = 0; if (certCount > MAX_COUNT_CERTIFICATE_ALL) { CM_LOG_E("cert count is too large"); - return CM_FAILURE; + return CMR_ERROR_MAX_CERT_COUNT_REACHED; } uint32_t buffSize = sizeof(uint32_t) + (sizeof(uint32_t) + MAX_LEN_SUBJECT_NAME + sizeof(uint32_t) + sizeof(uint32_t) + MAX_LEN_URI + sizeof(uint32_t) + MAX_LEN_CERT_ALIAS) * certCount; @@ -220,7 +220,7 @@ int32_t CmServiceGetCertInfoPack(const uint32_t store, const struct CmBlob *cert MAX_LEN_CERT_ALIAS + sizeof(uint32_t); if (certificateInfo->size < buffSize) { CM_LOG_E("outdata size too small"); - return CMR_ERROR_MALLOC_FAIL; + return CMR_ERROR_BUFFER_TOO_SMALL; } certificateInfo->size = buffSize; @@ -249,7 +249,7 @@ int32_t CmServiceGetCertInfoPack(const uint32_t store, const struct CmBlob *cert if (ret != CM_SUCCESS) { CM_LOG_E("Failed to get cert certAlias"); CM_FREE_BLOB(certAlias); - return CM_FAILURE; + return ret; } ret = CopyBlobToBuffer(&certAlias, certificateInfo, &offset); /* certAlias */ diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_response.cpp b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_response.cpp index 593f894444729481ec991f28677f9caa8a957025..7d9f5abe820f61bc9bb67a1d38e6fcfba059fb36 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_response.cpp +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_response.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -26,21 +26,47 @@ #include "cm_mem.h" #include "os_account_manager.h" - #define MAX_SIZE_CAPACITY 819200 /* Prevent sendrequest from failing to send due to memory limitations */ using namespace OHOS; +static bool IsBetween(int32_t result, int32_t resultBegin, int32_t resultEnd) +{ + if ((result > resultEnd) && (result < resultBegin)) { + return true; + } + return false; +} + +int32_t ConvertErrorCode(int32_t result) +{ + if (IsBetween(result, CMR_ERROR_INVALID_ARGUMENT_BEGIN, CMR_ERROR_INVALID_ARGUMENT_END)) { + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (IsBetween(result, CMR_ERROR_KEY_OPERATION_BEGIN, CMR_ERROR_KEY_OPERATION_END)) { + return CMR_ERROR_KEY_OPERATION_FAILED; + } + + if (IsBetween(result, CMR_ERROR_AUTH_FAILED_BEGIN, CMR_ERROR_AUTH_FAILED_END)) { + return CMR_ERROR_AUTH_CHECK_FAILED; + } + + return result; +} + void CmSendResponse(const struct CmContext *context, int32_t result, const struct CmBlob *response) { if (context == nullptr) { CM_LOG_E("SendResponse NULL Pointer"); return; } + + int32_t ret = ConvertErrorCode(result); MessageParcel *reply = reinterpret_cast(const_cast(context)); - reply->WriteInt32(result); - if (result != CM_SUCCESS) { - CM_LOG_E("SendResponse result is %d.", result); + reply->WriteInt32(ret); + if (ret != CM_SUCCESS) { + CM_LOG_E("SendResponse result is %d.", ret); return; } if (response == nullptr) { @@ -56,7 +82,7 @@ int32_t CmGetProcessInfoForIPC(struct CmContext *cmContext) { if (cmContext == nullptr) { CM_LOG_D("CmGetProcessInfoForIPC Paramset is Invalid"); - return CM_FAILURE; + return CMR_ERROR_NULL_POINTER; } int userId = 0; diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp b/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp index bd54929a8ca88094acef6b4330044d929cf5a911..d566885426c674548ee0466e00e06bb50e2d6b38 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2023 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -31,6 +31,8 @@ #include "cm_ipc_service.h" #include "ipc_skeleton.h" #include "cert_manager_updateflag.h" +#include "cm_report_wrapper.h" +#include "cm_response.h" namespace OHOS { namespace Security { @@ -129,12 +131,12 @@ static int32_t ProcessMessage(uint32_t code, uint32_t outSize, const struct CmBl outData.size = outSize; if (outData.size > MAX_MALLOC_LEN) { CM_LOG_E("outData size is invalid, size:%u", outData.size); - return CM_SYSTEM_ERROR; + return CMR_ERROR_IPC_PARAM_SIZE_INVALID; } outData.data = static_cast(CmMalloc(outData.size)); if (outData.data == nullptr) { CM_LOG_E("Malloc outData failed."); - return CM_SYSTEM_ERROR; + return CMR_ERROR_MALLOC_FAIL; } (void)memset_s(outData.data, outData.size, 0, outData.size); } @@ -144,7 +146,7 @@ static int32_t ProcessMessage(uint32_t code, uint32_t outSize, const struct CmBl break; } - return NO_ERROR; + return CM_SUCCESS; } CertManagerService::CertManagerService() @@ -158,7 +160,7 @@ CertManagerService::~CertManagerService() CM_LOG_D("~CertManagerService"); } -bool CertManagerService::Init() +int32_t CertManagerService::Init() { CM_LOG_D("CertManagerService::Init Ready to init"); @@ -171,19 +173,23 @@ bool CertManagerService::Init() DelayUnload(); if (!Publish(this)) { CM_LOG_E("CertManagerService::Init Publish Failed"); - return false; + return CMR_ERROR_SA_START_PUBLISH_FAILED; } CM_LOG_D("CertManagerService::Init Publish service success"); registerToService_ = true; } CM_LOG_D("CertManagerService::Init success."); - return true; + return CM_SUCCESS; } int CertManagerService::OnRemoteRequest(uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) { + struct CmContext context = { 0, 0, {0} }; + (void)CmGetProcessInfoForIPC(&context); + CM_LOG_I("OnRemoteRequest code: %u, callingUid = %u, userId = %u", code, context.uid, context.userId); + // this is the temporary version which comments the descriptor check std::u16string descriptor = CertManagerService::GetDescriptor(); std::u16string remoteDescriptor = data.ReadInterfaceToken(); @@ -194,6 +200,7 @@ int CertManagerService::OnRemoteRequest(uint32_t code, MessageParcel &data, // check the code is valid if (code < static_cast(CM_MSG_BASE) || code >= static_cast(CM_MSG_MAX)) { + CM_LOG_E("code[%u] invalid", code); return IPCObjectStub::OnRemoteRequest(code, data, reply, option); } @@ -203,13 +210,13 @@ int CertManagerService::OnRemoteRequest(uint32_t code, MessageParcel &data, srcData.size = static_cast(data.ReadUint32()); if (IsInvalidLength(srcData.size)) { CM_LOG_E("srcData size is invalid, size:%u", srcData.size); - return CM_SYSTEM_ERROR; + return CMR_ERROR_IPC_PARAM_SIZE_INVALID; } srcData.data = static_cast(CmMalloc(srcData.size)); if (srcData.data == nullptr) { CM_LOG_E("Malloc srcData failed."); - return CM_SYSTEM_ERROR; + return CMR_ERROR_MALLOC_FAIL; } const uint8_t *pdata = data.ReadBuffer(static_cast(srcData.size)); if (pdata == nullptr) { @@ -220,13 +227,14 @@ int CertManagerService::OnRemoteRequest(uint32_t code, MessageParcel &data, if (memcpy_s(srcData.data, srcData.size, pdata, srcData.size) != EOK) { CM_LOG_E("copy remote data failed!"); CM_FREE_BLOB(srcData); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } - if (ProcessMessage(code, outSize, srcData, reply) != NO_ERROR) { + + int32_t ret = ProcessMessage(code, outSize, srcData, reply); + if (ret != CM_SUCCESS) { CM_LOG_E("process message!"); CM_FREE_BLOB(srcData); - CM_LOG_E("copy remote data failed!"); - return CMR_ERROR_INVALID_OPERATION; + return ret; } CM_FREE_BLOB(srcData); return NO_ERROR; @@ -234,25 +242,29 @@ int CertManagerService::OnRemoteRequest(uint32_t code, MessageParcel &data, void CertManagerService::OnStart(const SystemAbilityOnDemandReason& startReason) { - CM_LOG_D("CertManagerService OnStart startReason"); + CM_LOG_I("CertManagerService OnStart Begin"); if (runningState_ == STATE_RUNNING) { - CM_LOG_D("CertManagerService has already Started"); + CM_LOG_I("CertManagerService has already Started"); return; } - if (CertManagerInitialize() != CMR_OK) { + struct CmContext context = { 0, 0, {0} }; + int32_t ret = CertManagerInitialize(); + if (ret != CM_SUCCESS) { CM_LOG_E("Failed to init CertManagerService"); + CmReport(__func__, &context, nullptr, ret); return; } - CM_LOG_D("CertManager init success"); - if (!Init()) { - CM_LOG_E("Failed to init CertManagerService"); + ret = Init(); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed to publish"); + CmReport(__func__, &context, nullptr, ret); return; } - CM_LOG_D("certmanager start reason %s", startReason.GetName().c_str()); + CM_LOG_I("certmanager start reason %s", startReason.GetName().c_str()); if (startReason.GetId() == OnDemandReasonId::COMMON_EVENT && startReason.GetName() == USER_REMOVED_EVENT) { struct CmContext context = { 0, INVALID_VALUE, {0} }; @@ -265,7 +277,7 @@ void CertManagerService::OnStart(const SystemAbilityOnDemandReason& startReason) (void)AddSystemAbilityListener(COMMON_EVENT_SERVICE_ID); runningState_ = STATE_RUNNING; - CM_LOG_D("CertManagerService start success."); + CM_LOG_I("CertManagerService start success."); (void)CmBackupAllSaUserCerts(); } diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.h b/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.h index d9674e6af20445db8ffe9a7250dcd8afdb68ac61..26e2b81dfc888487386ac09e355452b222f34b72 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.h +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2023 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -63,7 +63,7 @@ protected: void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string& deviceId) override; private: - bool Init(); + int32_t Init(); bool registerToService_; ServiceRunningState runningState_; diff --git a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_report.cpp b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_report.cpp index f921474018b41a51af8252c125b1fc269db468d8..21e7e5c26cb185831f9541672ade383c52b31731 100644 --- a/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_report.cpp +++ b/services/cert_manager_standard/cert_manager_service/main/security_guard_report/src/cm_security_guard_report.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -89,7 +89,7 @@ static int32_t GetCallerBundleName(char *callerName, uint32_t callerNameSize) if (strncpy_s(callerName, callerNameSize, caller.c_str(), caller.size() + 1) != EOK) { CM_LOG_E("Failed to copy caller"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_MEM_OPERATION_COPY; } return CM_SUCCESS; } diff --git a/test/unittest/module_test/src/cm_cert_parse_test.cpp b/test/unittest/module_test/src/cm_cert_parse_test.cpp index 7e00171a1fc8785ea48301b860c102d29aa0aba2..bb597c5f19b0339a255150eefd8f43124ddd1e1f 100644 --- a/test/unittest/module_test/src/cm_cert_parse_test.cpp +++ b/test/unittest/module_test/src/cm_cert_parse_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -405,7 +405,7 @@ HWTEST_F(CmCertParseTest, CmCertParseTest022, TestSize.Level0) char tmpFinggerOut[DEFAULT_SIZE] = {0}; int32_t ret = GetX509Fingerprint(x509, nullptr, sizeof(tmpFinggerOut)); - EXPECT_EQ(ret, CMR_ERROR_INVALID_OPERATION); + EXPECT_EQ(ret, CMR_ERROR_MEM_OPERATION_PRINT); FreeCertContext(x509); } @@ -452,7 +452,7 @@ HWTEST_F(CmCertParseTest, CmCertParseTest024, TestSize.Level0) if (cert != nullptr) { FreeCertContext(cert); } - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT_APP_CERT); EVP_PKEY_free(pkey); } @@ -476,7 +476,7 @@ HWTEST_F(CmCertParseTest, CmCertParseTest025, TestSize.Level0) if (cert != nullptr) { FreeCertContext(cert); } - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT_APP_CERT); EVP_PKEY_free(pkey); } @@ -500,7 +500,7 @@ HWTEST_F(CmCertParseTest, CmCertParseTest026, TestSize.Level0) if (cert != nullptr) { FreeCertContext(cert); } - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT_APP_CERT); EVP_PKEY_free(pkey); } diff --git a/test/unittest/module_test/src/cm_param_test.cpp b/test/unittest/module_test/src/cm_param_test.cpp index 585b03b6de3087eb1fd71749a4d40ca6358d0fae..24b4e3537a6ea10ddc863fd8307dc47b29ec9413 100644 --- a/test/unittest/module_test/src/cm_param_test.cpp +++ b/test/unittest/module_test/src/cm_param_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -56,7 +56,7 @@ void CmParamTest::TearDown() HWTEST_F(CmParamTest, CmParamTest001, TestSize.Level0) { int32_t ret = CmInitParamSet(nullptr); - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_PARAMSET_ARG); } /** @@ -71,7 +71,7 @@ HWTEST_F(CmParamTest, CmParamTest002, TestSize.Level0) { .tag = CM_TAG_PARAM0_BOOL, .boolParam = false }, }; int32_t ret = CmAddParams(nullptr, param, sizeof(param) / sizeof(struct CmParam)); - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_PARAMSET_ARG); } /** @@ -87,7 +87,7 @@ HWTEST_F(CmParamTest, CmParamTest003, TestSize.Level0) EXPECT_EQ(ret, CM_SUCCESS); ret = CmAddParams(paramSet, nullptr, 0); - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_PARAMSET_ARG); CmFreeParamSet(¶mSet); } @@ -105,7 +105,7 @@ HWTEST_F(CmParamTest, CmParamTest004, TestSize.Level0) { .tag = CM_TAG_PARAM0_BOOL, .boolParam = false }, }; int32_t ret = CmAddParams(¶mSet, param, sizeof(param) / sizeof(struct CmParam)); - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_PARAMSET_ARG); } /** @@ -124,7 +124,7 @@ HWTEST_F(CmParamTest, CmParamTest005, TestSize.Level0) { .tag = CM_TAG_PARAM0_BOOL, .boolParam = false }, }; ret = CmAddParams(paramSet, param, CM_DEFAULT_PARAM_CNT + 1); - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_PARAMSET_ARG); CmFreeParamSet(¶mSet); } @@ -146,7 +146,7 @@ HWTEST_F(CmParamTest, CmParamTest006, TestSize.Level0) { .tag = CM_TAG_PARAM0_BOOL, .boolParam = false }, }; ret = CmAddParams(paramSet, param, sizeof(param) / sizeof(struct CmParam)); - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_PARAMSET_ARG); CmFreeParamSet(¶mSet); } @@ -168,7 +168,7 @@ HWTEST_F(CmParamTest, CmParamTest007, TestSize.Level0) { .tag = CM_TAG_PARAM0_BUFFER, .blob = tempBlob }, }; ret = CmAddParams(paramSet, param, sizeof(param) / sizeof(struct CmParam)); - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_PARAMSET_ARG); CmFreeParamSet(¶mSet); } @@ -191,7 +191,7 @@ HWTEST_F(CmParamTest, CmParamTest008, TestSize.Level0) { .tag = CM_TAG_PARAM0_BUFFER, .blob = tempBlob }, }; ret = CmAddParams(paramSet, param, sizeof(param) / sizeof(struct CmParam)); - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_PARAMSET_ARG); CmFreeParamSet(¶mSet); } @@ -206,7 +206,7 @@ HWTEST_F(CmParamTest, CmParamTest009, TestSize.Level0) { struct CmParam *param = nullptr; int32_t ret = CmGetParam(nullptr, CM_TAG_PARAM0_BUFFER, ¶m); - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_PARAMSET_ARG); } /** @@ -222,7 +222,7 @@ HWTEST_F(CmParamTest, CmParamTest010, TestSize.Level0) EXPECT_EQ(ret, CM_SUCCESS); ret = CmGetParam(paramSet, CM_TAG_PARAM0_BUFFER, nullptr); - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_PARAMSET_ARG); CmFreeParamSet(¶mSet); } @@ -238,7 +238,7 @@ HWTEST_F(CmParamTest, CmParamTest011, TestSize.Level0) struct CmParamSet paramSet = {CM_PARAM_SET_MAX_SIZE + 1, 1 }; struct CmParam *param = nullptr; int32_t ret = CmGetParam(¶mSet, CM_TAG_PARAM0_BUFFER, ¶m); - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_PARAMSET_ARG); } /** @@ -252,7 +252,7 @@ HWTEST_F(CmParamTest, CmParamTest012, TestSize.Level0) struct CmParamSet paramSet = { sizeof(struct CmParamSet) - 1, 1 }; struct CmParam *param = nullptr; int32_t ret = CmGetParam(¶mSet, CM_TAG_PARAM0_BUFFER, ¶m); - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_PARAMSET_ARG); } /** @@ -266,7 +266,7 @@ HWTEST_F(CmParamTest, CmParamTest013, TestSize.Level0) struct CmParamSet paramSet = { sizeof(struct CmParamSet), 1 }; struct CmParam *param = nullptr; int32_t ret = CmGetParam(¶mSet, CM_TAG_PARAM0_BUFFER, ¶m); - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_PARAMSET_ARG); } static void ConstrutParamSet(struct CmParamSet **paramSet) @@ -365,7 +365,7 @@ HWTEST_F(CmParamTest, CmParamTest019, TestSize.Level0) paramSet->paramSetSize = sizeof(struct CmParamSet) - 1; ret = CmBuildParamSet(¶mSet); - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_PARAMSET_ARG); CmFreeParamSet(¶mSet); } @@ -393,7 +393,7 @@ HWTEST_F(CmParamTest, CmParamTest020, TestSize.Level0) paramSet->params[0].blob.data = tempBuf; ret = CmBuildParamSet(¶mSet); - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_PARAMSET_ARG); CmFreeParamSet(¶mSet); } @@ -421,7 +421,7 @@ HWTEST_F(CmParamTest, CmParamTest021, TestSize.Level0) paramSet->params[0].blob.data = nullptr; ret = CmBuildParamSet(¶mSet); - EXPECT_EQ(ret, CMR_ERROR_INVALID_OPERATION); + EXPECT_EQ(ret, CMR_ERROR_INVALID_PARAMSET_ARG); CmFreeParamSet(¶mSet); } @@ -449,7 +449,7 @@ HWTEST_F(CmParamTest, CmParamTest022, TestSize.Level0) paramSet->params[0].blob.data = tempBuf; ret = CmBuildParamSet(¶mSet); - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_PARAMSET_ARG); CmFreeParamSet(¶mSet); } @@ -513,7 +513,7 @@ HWTEST_F(CmParamTest, CmParamTest025, TestSize.Level0) struct CmParamSet *outParamSet = nullptr; ret = CmGetParamSet(paramSet, paramSet->paramSetSize, &outParamSet); - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_PARAMSET_ARG); CmFreeParamSet(¶mSet); CmFreeParamSet(&outParamSet); @@ -543,7 +543,7 @@ HWTEST_F(CmParamTest, CmParamTest026, TestSize.Level0) struct CmParamSet *outParamSet = nullptr; ret = CmGetParamSet(paramSet, paramSet->paramSetSize, &outParamSet); - EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(ret, CMR_ERROR_INVALID_PARAMSET_ARG); CmFreeParamSet(¶mSet); CmFreeParamSet(&outParamSet); diff --git a/test/unittest/src/cm_grant_test.cpp b/test/unittest/src/cm_grant_test.cpp index 818f36c2691a56dd20f10dee0ce55fdf9fb807b6..d5e193c13fe49b2895b44f05f711f59b46d56f51 100755 --- a/test/unittest/src/cm_grant_test.cpp +++ b/test/unittest/src/cm_grant_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -27,6 +27,7 @@ static constexpr uint32_t INVALID_AUTH_URI_LEN = 100; static constexpr uint32_t DEFAULT_APP_ID = 1000; static constexpr uint32_t GRANT_ONE_APP_ID = 1; static constexpr uint32_t GRANT_MULTIPLE_APP_ID = 10; +static constexpr uint32_t GRANT_MAX_APP_ID = 256; class CmGrantTest : public testing::Test { public: @@ -340,12 +341,12 @@ HWTEST_F(CmGrantTest, CmGrantTest014, TestSize.Level0) */ HWTEST_F(CmGrantTest, CmGrantTest015, TestSize.Level0) { - uint8_t aliasData[] = "CmGrantTest014"; + uint8_t aliasData[] = "CmGrantTest015"; struct CmBlob alias = { sizeof(aliasData), aliasData }; int32_t ret = TestGenerateAppCert(&alias, CERT_KEY_ALG_RSA, CM_CREDENTIAL_STORE); EXPECT_EQ(ret, CM_SUCCESS) << "TestGenerateAppCert failed, retcode:" << ret; - uint8_t uriData[] = "oh:t=ak;o=CmGrantTest014;u=0;a=0"; + uint8_t uriData[] = "oh:t=ak;o=CmGrantTest015;u=0;a=0"; struct CmBlob keyUri = { sizeof(uriData), uriData }; uint8_t authUriData[INVALID_AUTH_URI_LEN] = {0}; /* size too small */ struct CmBlob authUri = { INVALID_AUTH_URI_LEN, authUriData }; @@ -358,6 +359,47 @@ HWTEST_F(CmGrantTest, CmGrantTest015, TestSize.Level0) EXPECT_EQ(ret, CM_SUCCESS) << "CmUninstallAppCert failed, retcode:" << ret; } +/** + * @tc.name: CmGrantTest016 + * @tc.desc: Test CmGrantTest max grant test + * @tc.type: FUNC + * @tc.require: AR000H0MIA /SR000H09NA + */ +HWTEST_F(CmGrantTest, CmGrantTest016, TestSize.Level0) +{ + uint8_t aliasData[] = "CmGrantTest016"; + struct CmBlob alias = { sizeof(aliasData), aliasData }; + int32_t ret = TestGenerateAppCert(&alias, CERT_KEY_ALG_ECC, CM_CREDENTIAL_STORE); + EXPECT_EQ(ret, CM_SUCCESS) << "TestGenerateAppCert ecc failed, retcode:" << ret; + + uint8_t uriData[] = "oh:t=ak;o=CmGrantTest016;u=0;a=0"; + struct CmBlob keyUri = { sizeof(uriData), uriData }; + uint8_t authUriData[DEFAULT_AUTH_URI_LEN] = {0}; + struct CmBlob authUri = { DEFAULT_AUTH_URI_LEN, authUriData }; + uint32_t appId = DEFAULT_APP_ID; + + for (uint32_t i = 0; i < GRANT_MAX_APP_ID; ++i) { + appId += i; + authUri.size = DEFAULT_AUTH_URI_LEN; /* clear authUri size */ + ret = CmGrantAppCertificate(&keyUri, appId, &authUri); + EXPECT_EQ(ret, CM_SUCCESS) << "CmGrantAppCertificate failed, retcode:" << ret; + } + + /* grant exist appUid: success */ + authUri.size = DEFAULT_AUTH_URI_LEN; /* clear authUri size */ + ret = CmGrantAppCertificate(&keyUri, appId, &authUri); + EXPECT_EQ(ret, CM_SUCCESS) << "CmGrantAppCertificate failed, retcode:" << ret; + + /* grant 257 appUid: failed */ + appId += 1; + authUri.size = DEFAULT_AUTH_URI_LEN; /* clear authUri size */ + ret = CmGrantAppCertificate(&keyUri, appId, &authUri); + EXPECT_EQ(ret, CMR_ERROR_MAX_GRANT_COUNT_REACHED) << "CmGrantAppCertificate failed, retcode:" << ret; + + ret = CmUninstallAppCert(&keyUri, CM_CREDENTIAL_STORE); + EXPECT_EQ(ret, CM_SUCCESS) << "CmUninstallAppCert failed, retcode:" << ret; +} + /** * @tc.name: CmGrantTestPerformance016 * @tc.desc: 1000 times: grant and remove grant diff --git a/test/unittest/src/cm_user_cert_test.cpp b/test/unittest/src/cm_user_cert_test.cpp index 5854a24cf62ffb2b48180522113b781a5f2413bf..7f45aa4ac493d7f702bf0199fe302335105b45a4 100755 --- a/test/unittest/src/cm_user_cert_test.cpp +++ b/test/unittest/src/cm_user_cert_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2024 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -1022,7 +1022,7 @@ HWTEST_F(CmUserCertTest, GetUserCertListTest003, TestSize.Level0) struct CertList *certList003 = nullptr; InitCertList(&certList003); ret = CmGetUserCertList(100, certList003); /* invalid store 100 */ - EXPECT_EQ(ret, CM_FAILURE); + EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); FreeCertList(certList003); ret = CmUninstallAllUserTrustedCert(); @@ -1185,7 +1185,7 @@ HWTEST_F(CmUserCertTest, GetUserCertInfoTest004, TestSize.Level0) struct CertInfo *certInfo004 = nullptr; InitUserCertInfo(&certInfo004); ret = CmGetUserCertInfo(&certUri, 100, certInfo004); /* invalid store 100 */ - EXPECT_EQ(ret, CM_FAILURE); + EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); FreeCertInfo(certInfo004); } @@ -1262,7 +1262,7 @@ HWTEST_F(CmUserCertTest, GetUserCertInfoTest007, TestSize.Level0) struct CertInfo *certInfo008 = nullptr; InitUserCertInfo(&certInfo008); ret = CmGetUserCertInfo(&testCertUri, CM_USER_TRUSTED_STORE, certInfo008); - + EXPECT_EQ(CompareCertInfo(certInfo008, &(g_userCertInfoExpectResult[0].certInfo)), true) << DumpCertInfo(certInfo008); EXPECT_EQ(ret, CM_SUCCESS) << "Normal get user cert info test failed, recode:" << ret; @@ -1415,7 +1415,7 @@ HWTEST_F(CmUserCertTest, SetUserCertStatusTest005, TestSize.Level0) reinterpret_cast(g_certStatusExpectResult[1].uri) }; ret = CmSetUserCertStatus(&certUri, 100, true); /* invalid store */ - EXPECT_EQ(ret, CM_FAILURE) << "Normal set user cert status test failed, recode:" << ret; + EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "Normal set user cert status test failed, recode:" << ret; } /**