From d8c6cdbdf9dc679d0ae0365b10cde92558f13c0d Mon Sep 17 00:00:00 2001 From: yang1946 Date: Thu, 28 Dec 2023 14:19:35 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BB=A3=E7=A0=81=E7=AD=BE=E5=90=8D=E9=80=BB?= =?UTF-8?q?=E8=BE=91=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: yang1946 --- .../code_sign_utils/include/code_sign_utils.h | 21 +++++-- .../code_sign_utils/src/code_sign_utils.cpp | 57 ++++++++++++++++--- test/unittest/code_sign_utils_test.cpp | 31 +++++----- utils/src/code_sign_block.cpp | 2 + 4 files changed, 87 insertions(+), 24 deletions(-) diff --git a/interfaces/innerkits/code_sign_utils/include/code_sign_utils.h b/interfaces/innerkits/code_sign_utils/include/code_sign_utils.h index fd145de..db90c87 100644 --- a/interfaces/innerkits/code_sign_utils/include/code_sign_utils.h +++ b/interfaces/innerkits/code_sign_utils/include/code_sign_utils.h @@ -17,6 +17,7 @@ #define OHOS_SECURITY_CODE_SIGN_UTILS_H #include +#include #include #include #include @@ -53,9 +54,11 @@ public: * @param path hap real path on disk * @param entryPath map from entryname in hap to real path on disk * @param type signature file type + * @param moduleName hap module name * @return err code, see err_code.h */ - int32_t EnforceCodeSignForApp(const std::string &path, const EntryMap &entryPathMap, FileType type); + int32_t EnforceCodeSignForApp(const std::string &path, const EntryMap &entryPathMap, + FileType type, const std::string &moduleName); /** * @brief Enforce code signature for app with ownerID @@ -63,10 +66,11 @@ public: * @param path hap real path on disk * @param entryPath map from entryname in hap to real path on disk * @param type signature file type + * @param moduleName hap module name * @return err code, see err_code.h */ int32_t EnforceCodeSignForAppWithOwnerId(const std::string &ownerId, const std::string &path, - const EntryMap &entryPathMap, FileType type); + const EntryMap &entryPathMap, FileType type, const std::string &moduleName); /** * @brief Enforce code signature for file with signature @@ -108,20 +112,29 @@ public: * @brief Whether enabling code signing for app compiled by oh-sdk * @return return ture if support oh-sdk code sign */ - static bool isSupportOHCodeSign(); + static bool IsSupportOHCodeSign(); /** * @brief Check if code signing is permissive * @return return ture if in permissive mode */ static bool InPermissiveMode(); + /** + * @brief Check if code signing is completed + * @return return ture if Completed + */ + bool IsCodeSignEnableCompleted(); private: static int32_t IsSupportFsVerity(const std::string &path); static int32_t IsFsVerityEnabled(int fd); static int32_t EnableCodeSignForFile(const std::string &path, const struct code_sign_enable_arg &arg); static void ShowCodeSignInfo(const std::string &path, const struct code_sign_enable_arg &arg); static int32_t IsValidPathAndFileType(const std::string &path, std::string &realPath, FileType type); + void StoredEntryMapInsert(const std::string &moduleName, const EntryMap &entryPathMap); + void StoredEntryMapDelete(const std::string &moduleName); + void StoredEntryMapSearch(const std::string &moduleName, EntryMap &entryPathMap); private: - EntryMap storedEntryMap_; + std::unordered_map storedEntryMap_; + std::mutex storedEntryMapLock_; }; } } diff --git a/interfaces/innerkits/code_sign_utils/src/code_sign_utils.cpp b/interfaces/innerkits/code_sign_utils/src/code_sign_utils.cpp index 7a8979f..3fdeebd 100644 --- a/interfaces/innerkits/code_sign_utils/src/code_sign_utils.cpp +++ b/interfaces/innerkits/code_sign_utils/src/code_sign_utils.cpp @@ -230,11 +230,14 @@ void CodeSignUtils::ShowCodeSignInfo(const std::string &path, const struct code_ } int32_t CodeSignUtils::EnforceCodeSignForAppWithOwnerId(const std::string &ownerId, const std::string &path, - const EntryMap &entryPathMap, FileType type) + const EntryMap &entryPathMap, FileType type, const std::string &moduleName) { + LOG_DEBUG(LABEL, "Start to enforce codesign FileType:%{public}d, entryPathMap size:%{public}u", + type, static_cast(entryPathMap.size())); if (type == FILE_ENTRY_ADD || type == FILE_ENTRY_ONLY || type == FILE_ALL) { - storedEntryMap_.insert(entryPathMap.begin(), entryPathMap.end()); + StoredEntryMapInsert(moduleName, entryPathMap); if (type == FILE_ENTRY_ADD) { + LOG_DEBUG(LABEL, "Add entryPathMap complete"); return CS_SUCCESS; } } @@ -243,11 +246,14 @@ int32_t CodeSignUtils::EnforceCodeSignForAppWithOwnerId(const std::string &owner if (ret != CS_SUCCESS) { return ret; } + EntryMap entryMap; + StoredEntryMapSearch(moduleName, entryMap); CodeSignBlock codeSignBlock; - ret = codeSignBlock.ParseCodeSignBlock(realPath, storedEntryMap_, type); - storedEntryMap_.clear(); + ret = codeSignBlock.ParseCodeSignBlock(realPath, entryMap, type); + StoredEntryMapDelete(moduleName); if (ret != CS_SUCCESS) { if ((ret == CS_CODE_SIGN_NOT_EXISTS) && InPermissiveMode()) { + LOG_DEBUG(LABEL, "Code sign not exists"); return CS_SUCCESS; } ReportParseCodeSig(realPath, ret); @@ -282,9 +288,10 @@ int32_t CodeSignUtils::EnforceCodeSignForAppWithOwnerId(const std::string &owner return ret; } -int32_t CodeSignUtils::EnforceCodeSignForApp(const std::string &path, const EntryMap &entryPathMap, FileType type) +int32_t CodeSignUtils::EnforceCodeSignForApp(const std::string &path, const EntryMap &entryPathMap, + FileType type, const std::string &moduleName) { - return EnforceCodeSignForAppWithOwnerId("", path, entryPathMap, type); + return EnforceCodeSignForAppWithOwnerId("", path, entryPathMap, type, moduleName); } int32_t CodeSignUtils::IsValidPathAndFileType(const std::string &path, std::string &realPath, FileType type) @@ -345,7 +352,7 @@ bool CodeSignUtils::InPermissiveMode() #endif } -bool CodeSignUtils::isSupportOHCodeSign() +bool CodeSignUtils::IsSupportOHCodeSign() { #ifdef SUPPORT_OH_CODE_SIGN return !InPermissiveMode(); @@ -353,6 +360,42 @@ bool CodeSignUtils::isSupportOHCodeSign() return false; #endif } + +bool CodeSignUtils::IsCodeSignEnableCompleted() +{ + std::lock_guard lock(storedEntryMapLock_); + if (!storedEntryMap_.empty()) { + storedEntryMap_.clear(); + return false; + } + return true; +} + +void CodeSignUtils::StoredEntryMapInsert(const std::string &moduleName, const EntryMap &entryPathMap) +{ + std::lock_guard lock(storedEntryMapLock_); + auto iter = storedEntryMap_.find(moduleName); + if (iter != storedEntryMap_.end()) { + iter->second.insert(entryPathMap.begin(), entryPathMap.end()); + return; + } + storedEntryMap_.emplace(moduleName, entryPathMap); +} + +void CodeSignUtils::StoredEntryMapDelete(const std::string &moduleName) +{ + std::lock_guard lock(storedEntryMapLock_); + storedEntryMap_.erase(moduleName); +} + +void CodeSignUtils::StoredEntryMapSearch(const std::string &moduleName, EntryMap &entryPathMap) +{ + std::lock_guard lock(storedEntryMapLock_); + auto iter = storedEntryMap_.find(moduleName); + if (iter != storedEntryMap_.end()) { + entryPathMap = iter->second; + } +} } } } diff --git a/test/unittest/code_sign_utils_test.cpp b/test/unittest/code_sign_utils_test.cpp index 57bf760..cd54b24 100644 --- a/test/unittest/code_sign_utils_test.cpp +++ b/test/unittest/code_sign_utils_test.cpp @@ -454,9 +454,10 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0015, TestSize.Level0) HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0016, TestSize.Level0) { std::string hapRealPath = APP_BASE_PATH + "/demo_with_multi_lib/demo_with_code_sign_block.hap"; + std::string moduleName = "EntryAbility"; EntryMap entryMap; CodeSignUtils utils; - int32_t ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_SELF); + int32_t ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_SELF, moduleName); EXPECT_EQ(ret, CS_SUCCESS); std::string filePath1("libs/arm64-v8a/libc++_shared.so"); @@ -466,10 +467,10 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0016, TestSize.Level0) std::string targetPath2 = TEST_APP_DTAT_DIR + "libs/arm64/libentry.so"; entryMap.emplace(filePath2, targetPath2); - ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_ENTRY_ADD); + ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_ENTRY_ADD, moduleName); EXPECT_EQ(ret, CS_SUCCESS); - ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_ALL); + ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_ALL, moduleName); EXPECT_EQ(ret, CS_ERR_FILE_PATH); } @@ -484,7 +485,8 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0017, TestSize.Level0) std::string hapRealPath = APP_BASE_PATH + "/demo_with_multi_lib/entry-default-signed-debug.hap"; EntryMap entryMap; CodeSignUtils utils; - int32_t ret = utils.EnforceCodeSignForAppWithOwnerId("DEBUG_LIB_ID", hapRealPath, entryMap, FILE_SELF); + int32_t ret = utils.EnforceCodeSignForAppWithOwnerId("DEBUG_LIB_ID", + hapRealPath, entryMap, FILE_SELF, "EntryAbility"); EXPECT_EQ(ret, CS_SUCCESS); } @@ -500,7 +502,7 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0018, TestSize.Level0) EntryMap entryMap; CodeSignUtils utils; int32_t ret = utils.EnforceCodeSignForAppWithOwnerId("test-app-identifier", - hapRealPath, entryMap, FILE_SELF); + hapRealPath, entryMap, FILE_SELF, "EntryAbility"); EXPECT_EQ(ret, CS_SUCCESS); } @@ -515,7 +517,8 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0019, TestSize.Level0) std::string hapRealPath = APP_BASE_PATH + "/demo_with_multi_lib/entry-default-signed-debug.hap"; EntryMap entryMap; CodeSignUtils utils; - int32_t ret = utils.EnforceCodeSignForAppWithOwnerId("INVALID_ID", hapRealPath, entryMap, FILE_SELF); + int32_t ret = utils.EnforceCodeSignForAppWithOwnerId("INVALID_ID", + hapRealPath, entryMap, FILE_SELF, "EntryAbility"); EXPECT_EQ(ret, CS_ERR_INVALID_OWNER_ID); } @@ -530,7 +533,8 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0020, TestSize.Level0) std::string hapRealPath = APP_BASE_PATH + "/demo_with_multi_lib/entry-default-signed-release.hap"; EntryMap entryMap; CodeSignUtils utils; - int32_t ret = utils.EnforceCodeSignForAppWithOwnerId("INVALID_ID", hapRealPath, entryMap, FILE_SELF); + int32_t ret = utils.EnforceCodeSignForAppWithOwnerId("INVALID_ID", + hapRealPath, entryMap, FILE_SELF, "EntryAbility"); EXPECT_EQ(ret, CS_ERR_INVALID_OWNER_ID); } @@ -554,7 +558,7 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0021, TestSize.Level0) EntryMap entryMap; CodeSignUtils utils; - ret = utils.EnforceCodeSignForApp(hapEnablePath, entryMap, FILE_SELF); + ret = utils.EnforceCodeSignForApp(hapEnablePath, entryMap, FILE_SELF, "EntryAbility"); EXPECT_EQ(ret, CS_SUCCESS); } @@ -594,6 +598,7 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0022, TestSize.Level0) HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0023, TestSize.Level0) { std::string hapRealPath = APP_BASE_PATH + "/demo_with_multi_lib/demo_with_code_sign_block.hap"; + std::string moduleName = "EntryAbility"; EntryMap entryMap; std::string filePath1("libs/arm64-v8a/libc++_shared.so"); @@ -601,18 +606,18 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0023, TestSize.Level0) entryMap.emplace(filePath1, targetPath1); CodeSignUtils utils; - int32_t ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_ENTRY_ONLY); + int32_t ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_ENTRY_ONLY, moduleName); EXPECT_EQ(ret, CS_SUCCESS); std::string filePath2("libs/arm64-v8a/libentry.so"); std::string targetPath2 = APP_BASE_PATH + "/demo_with_multi_lib/libs/arm64-v8a/libentry.so"; entryMap.emplace(filePath2, targetPath2); - ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_ENTRY_ADD); + ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_ENTRY_ADD, moduleName); EXPECT_EQ(ret, CS_SUCCESS); entryMap.clear(); - ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_ALL); + ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_ALL, moduleName); EXPECT_EQ(ret, CS_SUCCESS); } @@ -630,7 +635,7 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0024, TestSize.Level0) EntryMap entryMap; CodeSignUtils utils; std::string hapRealPath = APP_BASE_PATH + "/demo_without_lib/demo_without_lib.hap"; - int32_t ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_SELF); + int32_t ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_SELF, "EntryAbility"); EXPECT_EQ(ret, CS_SUCCESS); SaveStringToFile(XPM_DEBUG_FS_MODE_PATH, ENFORCE_MODE); } @@ -649,7 +654,7 @@ HWTEST_F(CodeSignUtilsTest, CodeSignUtilsTest_0025, TestSize.Level0) std::string hapRealPath = APP_BASE_PATH + "/demo_without_lib/demo_without_lib.hap"; EntryMap entryMap; CodeSignUtils utils; - int32_t ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_SELF); + int32_t ret = utils.EnforceCodeSignForApp(hapRealPath, entryMap, FILE_SELF, "EntryAbility"); EXPECT_EQ(ret, CS_CODE_SIGN_NOT_EXISTS); } } // namespace CodeSign diff --git a/utils/src/code_sign_block.cpp b/utils/src/code_sign_block.cpp index d5eb31c..887169f 100644 --- a/utils/src/code_sign_block.cpp +++ b/utils/src/code_sign_block.cpp @@ -87,6 +87,8 @@ int32_t CodeSignBlock::GetOneFileAndCodeSignInfo(std::string &targetFile, struct int32_t CodeSignBlock::ParseNativeLibSignInfo(const EntryMap &entryMap) { auto soInfo = GetNativeLibSignInfo(); + LOG_DEBUG(LABEL, "So info sectionNum:%{public}d, entryMap size:%{public}u", + soInfo->sectionNum, static_cast(entryMap.size())); if ((soInfo->sectionNum == 0) || entryMap.empty()) { return CS_SUCCESS; } else if (!entryMap.empty() && (soInfo->sectionNum == 0)) { -- Gitee