From ec2f3bd8703552a1d9af58ad1aa7b1e60007c40b Mon Sep 17 00:00:00 2001 From: Kemin <541416002@qq.com> Date: Mon, 14 Nov 2022 15:56:30 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E9=80=82=E9=85=8DOpenHarmony3.2-Beta3,?= =?UTF-8?q?=E5=A2=9E=E5=8A=A0selinux=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cert_mgr_service/build/BUILD.gn | 5 +- .../interfaces/innerkits/native_cpp/BUILD.gn | 5 +- .../interfaces/kits/napi/BUILD.gn | 2 +- cert_mgr_service/sample/client/BUILD.gn | 2 +- .../services/cert_mgr_ability/BUILD.gn | 3 +- cert_mgr_service/services/core/BUILD.gn | 14 +++- .../services/core/adapter/cert_adapter.c | 2 +- .../services/core/adapter/cert_adapter_mock.c | 6 +- .../services/core/adapter/cert_adapter_oem.c | 1 - .../services/core/cert/cert_service.c | 2 +- .../services/core/cert/cert_service_active.c | 4 +- .../services/core/cert/cert_service_auth.c | 12 +-- .../core/cert/cert_service_challenge.c | 4 +- .../services/core/cert/cert_service_reset.c | 4 +- cert_mgr_service/services/core/cert_entry.c | 2 +- cert_mgr_service/services/core/dfx/cert_dfx.c | 2 +- .../services/core/include/cert_type.h | 2 +- .../core/include/security/cert_security.h | 1 - .../services/core/include/utils/cert_utils.h | 2 +- .../services/core/security/cert_security.c | 9 +-- .../core/security/cert_security_ticket.c | 11 +-- .../core/security/cert_security_token.c | 2 +- .../services/core/utils/cert_utils.c | 23 +++--- .../services/core/utils/cert_utils_log.c | 6 +- .../services/core/utils/cert_utils_memleak.c | 1 + cert_mgr_service/services/etc/init/BUILD.gn | 8 +- .../{cert_mgr_sa.cfg => cert_mgr_service.cfg} | 7 +- .../{cert_mgr_sa.rc => cert_mgr_service.rc} | 2 +- cert_mgr_service/services/sa_profile/BUILD.gn | 3 +- .../test/data/cert_mock_network_para | 2 +- cert_mgr_service/test/unittest/BUILD.gn | 3 +- .../system/cert_mgr_service.te | 79 +++++++++++++++++++ .../system/devicetoken_host.te | 23 ++++++ .../cert_mgr_standard/system/hdf_devmgr.te | 22 ++++++ .../cert_mgr_standard/system/parameter.te | 14 ++++ .../system/parameter_contexts | 14 ++++ devicetoken/bundle.json | 5 +- devicetoken/hal/include/hal_token.h | 2 - devicetoken/hal/src/hal_token.c | 8 +- devicetoken/hdi_service/BUILD.gn | 12 +-- 40 files changed, 241 insertions(+), 90 deletions(-) rename cert_mgr_service/services/etc/init/{cert_mgr_sa.cfg => cert_mgr_service.cfg} (58%) rename cert_mgr_service/services/etc/init/{cert_mgr_sa.rc => cert_mgr_service.rc} (88%) create mode 100644 certmanager/cert_mgr_standard/system/cert_mgr_service.te create mode 100644 certmanager/cert_mgr_standard/system/devicetoken_host.te create mode 100644 certmanager/cert_mgr_standard/system/hdf_devmgr.te create mode 100644 certmanager/cert_mgr_standard/system/parameter.te create mode 100644 certmanager/cert_mgr_standard/system/parameter_contexts diff --git a/cert_mgr_service/build/BUILD.gn b/cert_mgr_service/build/BUILD.gn index 6c13230..4c8af6e 100644 --- a/cert_mgr_service/build/BUILD.gn +++ b/cert_mgr_service/build/BUILD.gn @@ -15,18 +15,17 @@ import("//build/ohos.gni") import("//base/cert_mgr_service/build/certconfig.gni") group("cert_standard_packages") { + deps = [] if (is_standard_system) { - deps = [ + deps += [ "${certmanager_path}/services/etc/init:cert_mgr_etc", "${certmanager_path}/services/sa_profile:cert_mgr_sa_profile", "${certmanager_path}/services/cert_mgr_ability:cert_mgr_service", "${certmanager_path}/interfaces/innerkits/native_cpp:cert_mgr_sdk", #"${certmanager_path}/interfaces/kits/napi:cert_mgr_kit", ] - #print("enable_cert_test_sample = ${enable_cert_test_sample}.") if (enable_cert_test_sample) { deps += ["${certmanager_path}/sample/client:certtestclient"] } } } - diff --git a/cert_mgr_service/interfaces/innerkits/native_cpp/BUILD.gn b/cert_mgr_service/interfaces/innerkits/native_cpp/BUILD.gn index bde3f46..c099d94 100644 --- a/cert_mgr_service/interfaces/innerkits/native_cpp/BUILD.gn +++ b/cert_mgr_service/interfaces/innerkits/native_cpp/BUILD.gn @@ -40,11 +40,10 @@ ohos_shared_library("cert_mgr_sdk") { ":cert_mgr_sdk_config", ] - deps = [ - "//utils/native/base:utils", - ] + deps = [] external_deps = [ + "c_utils:utils", "hiviewdfx_hilog_native:libhilog", "ipc:ipc_core", "safwk:system_ability_fwk", diff --git a/cert_mgr_service/interfaces/kits/napi/BUILD.gn b/cert_mgr_service/interfaces/kits/napi/BUILD.gn index c164240..4220ba7 100644 --- a/cert_mgr_service/interfaces/kits/napi/BUILD.gn +++ b/cert_mgr_service/interfaces/kits/napi/BUILD.gn @@ -37,12 +37,12 @@ ohos_shared_library("cert_mgr_kit") { deps = [ "${certmanager_innerkit_path}/native_cpp:cert_mgr_sdk", "//foundation/ace/napi/:ace_napi", - "//utils/native/base:utils", ] relative_install_dir = "module" external_deps = [ + "c_utils:utils", "hiviewdfx_hilog_native:libhilog", "ipc:ipc_core", ] diff --git a/cert_mgr_service/sample/client/BUILD.gn b/cert_mgr_service/sample/client/BUILD.gn index 4c234f1..e163880 100644 --- a/cert_mgr_service/sample/client/BUILD.gn +++ b/cert_mgr_service/sample/client/BUILD.gn @@ -30,10 +30,10 @@ ohos_executable("certtestclient") { deps = [ "${certmanager_standard_path}/interfaces/innerkits/native_cpp:cert_mgr_sdk", - "//utils/native/base:utils", ] external_deps = [ + "c_utils:utils", "hiviewdfx_hilog_native:libhilog", "ipc:ipc_core", "safwk:system_ability_fwk", diff --git a/cert_mgr_service/services/cert_mgr_ability/BUILD.gn b/cert_mgr_service/services/cert_mgr_ability/BUILD.gn index eed27d9..e06582e 100644 --- a/cert_mgr_service/services/cert_mgr_ability/BUILD.gn +++ b/cert_mgr_service/services/cert_mgr_ability/BUILD.gn @@ -46,14 +46,15 @@ ohos_shared_library("cert_mgr_service") { ] deps = [ - "//utils/native/base:utils", "${certmanager_standard_path}/services/core:cert_mgr_core", ] external_deps = [ + "c_utils:utils", "hiviewdfx_hilog_native:libhilog", "ipc:ipc_core", "safwk:system_ability_fwk", + "samgr:samgr_common", "samgr:samgr_proxy", "netmanager_base:net_conn_manager_if", ] diff --git a/cert_mgr_service/services/core/BUILD.gn b/cert_mgr_service/services/core/BUILD.gn index e6b995e..a0bbc0f 100644 --- a/cert_mgr_service/services/core/BUILD.gn +++ b/cert_mgr_service/services/core/BUILD.gn @@ -37,6 +37,7 @@ sources_common = [ "utils/cert_utils_list.c", "utils/cert_utils.c", ] + if (enable_cert_debug_memory_leak) { sources_common += [ "utils/cert_utils_memleak.c", @@ -48,6 +49,7 @@ if (enable_cert_debug_dfx) { "dfx/cert_dfx.c", ] } + config("cert_mgr_core_config") { visibility = [ ":*" ] cflags = [ @@ -64,6 +66,10 @@ config("cert_mgr_core_config") { "//base/startup/syspara_lite/adapter/native/syspara/include", ] + include_dirs += [ + "//base/startup/init/interfaces/innerkits/include/syspara", + ] + defines = [ "CERT_HILOG_LEVEL = 1" ] if (enable_cert_common_debug) { defines += [ @@ -96,6 +102,10 @@ config("cert_mgr_core_config") { "__CERT_NETWORK_DEBUG_LOG__", ] } + + defines += [ + "MBEDTLS_ALLOW_PRIVATE_ACCESS", + ] } ohos_shared_library("cert_mgr_core") { @@ -116,8 +126,8 @@ ohos_shared_library("cert_mgr_core") { external_deps = [ "hiviewdfx_hilog_native:libhilog", - "utils_base:utils", - "startup_l2:syspara", + "c_utils:utils", + "init:libbegetutil", ] subsystem_name = "certmanager" diff --git a/cert_mgr_service/services/core/adapter/cert_adapter.c b/cert_mgr_service/services/core/adapter/cert_adapter.c index 4e7c4aa..0779cf8 100644 --- a/cert_mgr_service/services/core/adapter/cert_adapter.c +++ b/cert_mgr_service/services/core/adapter/cert_adapter.c @@ -115,7 +115,7 @@ int32_t CertReadToken(TokenInfo* tokenInfo) return CERT_ERR; } offset += (TOKEN_VALUE_ENCRYPT_LEN + 1); - if (memcpy_s(tokenInfo->salt, SALT_ENCRYPT_LEN, token + offset, SALT_ENCRYPT_LEN) != 0) { + if (memcpy_s(tokenInfo->salt, SALT_ENCRYPT_LEN, token + offset, SALT_ENCRYPT_LEN) != 0) { return CERT_ERR; } offset += (SALT_ENCRYPT_LEN + 1); diff --git a/cert_mgr_service/services/core/adapter/cert_adapter_mock.c b/cert_mgr_service/services/core/adapter/cert_adapter_mock.c index ccba281..f218e60 100644 --- a/cert_mgr_service/services/core/adapter/cert_adapter_mock.c +++ b/cert_mgr_service/services/core/adapter/cert_adapter_mock.c @@ -57,12 +57,10 @@ int32_t SendChallMsgStub(CERT_ACTION_TYPE actionType, char** respMsg) if (root == NULL) { return CERT_ERR; } - CERT_LOG_INFO("[SendChallMsgStub] action = %s.", root); int32_t ret = GetJsonOjectStringStub(root, CERT_MOCK_L2_CHALLENGE, respMsg); if (ret != CERT_OK) { return CERT_ERR; } - CERT_LOG_INFO("[SendChallMsgStub] respose message = %s.", *respMsg); return ret; } @@ -76,12 +74,10 @@ int32_t SendCertMsgStub(CERT_ACTION_TYPE actionType, char **respMsg) if (root == NULL) { return CERT_ERR; } - CERT_LOG_INFO("[SendCertMsgStub] root name = %s.", root); int32_t ret = GetJsonOjectStringStub(root, CERT_MOCK_L2_RESPONSE, respMsg); if (ret != CERT_OK) { return CERT_ERR; } - CERT_LOG_INFO("[SendCertMsgStub] respose message = %s.", *respMsg); return ret; } @@ -180,7 +176,7 @@ char* OsGetUdidStub(void) ret = CERT_ERR; break; } - ret = Sha256Value((const unsigned char *)udid, udidSha256, UDID_STRING_LEN + 1); + ret = Sha256Value((const unsigned char *)udid, udidSize, udidSha256, UDID_STRING_LEN + 1); } while (0); CERT_MEM_FREE(manufacture); CERT_MEM_FREE(model); diff --git a/cert_mgr_service/services/core/adapter/cert_adapter_oem.c b/cert_mgr_service/services/core/adapter/cert_adapter_oem.c index 48e4bb0..3fab6bc 100644 --- a/cert_mgr_service/services/core/adapter/cert_adapter_oem.c +++ b/cert_mgr_service/services/core/adapter/cert_adapter_oem.c @@ -16,7 +16,6 @@ #include "cert_type.h" #include "cert_utils_file.h" #include "cert_adapter_oem.h" -#include "cert_utils_log.h" // 是否存在重置标记 bool OEMIsResetFlagExist(void) diff --git a/cert_mgr_service/services/core/cert/cert_service.c b/cert_mgr_service/services/core/cert/cert_service.c index 7967a12..8421601 100644 --- a/cert_mgr_service/services/core/cert/cert_service.c +++ b/cert_mgr_service/services/core/cert/cert_service.c @@ -127,7 +127,7 @@ static int32_t ActiveToken(AuthResult* authResult) CERT_LOG_ERROR("[ActiveToken] Invalid parameter"); return CERT_ERR; } - CERT_LOG_DEBUG("[ActiveToken] Flush token begin."); + int32_t ret = FlushToken(authResult); if (ret != CERT_OK) { CERT_LOG_ERROR("[ActiveToken] Flush Token failed, ret = %d.", ret); diff --git a/cert_mgr_service/services/core/cert/cert_service_active.c b/cert_mgr_service/services/core/cert/cert_service_active.c index 94ead61..323849c 100644 --- a/cert_mgr_service/services/core/cert/cert_service_active.c +++ b/cert_mgr_service/services/core/cert/cert_service_active.c @@ -38,7 +38,7 @@ int32_t GenActiveMsg(AuthResult* authResult, const ChallengeResult* challengeRes return CERT_ERR; } - if (strlen(authResult->ticket) == 0 || strlen(authResult->tokenValue) == 0 || strlen(authResult->ticket) == 0) { + if (strlen(authResult->ticket) == 0 || strlen(authResult->tokenValue) == 0 || strlen(authResult->tokenId) == 0) { CERT_LOG_ERROR("[GenActiveMsg] The length of token is 0."); return CERT_ERR; } @@ -99,7 +99,7 @@ int32_t ParseActiveResult(const char* jsonStr) CERT_LOG_ERROR("[ParseActiveResult] Invalid parameter"); return CERT_ERR; } - int32_t errorCode = (int32_t)GetObjectItemValueNumber(jsonStr, "errcode"); + uint64_t errorCode = GetObjectItemValueNumber(jsonStr, "errcode"); if (isnan(errorCode)) { CERT_LOG_ERROR("[ParseActiveResult] errorCode is nan."); return CERT_ERR; diff --git a/cert_mgr_service/services/core/cert/cert_service_auth.c b/cert_mgr_service/services/core/cert/cert_service_auth.c index ca382c0..2ea4b1e 100644 --- a/cert_mgr_service/services/core/cert/cert_service_auth.c +++ b/cert_mgr_service/services/core/cert/cert_service_auth.c @@ -30,7 +30,7 @@ bool IsAuthStatusChg(void) { CERT_LOG_DEBUG("[IsAuthStatusChg] Begin."); char* authStatusBase64 = NULL; - if (GetAuthStatus(&authStatusBase64) != 0) { + if (GetAuthStatus(&authStatusBase64) != CERT_OK) { CERT_LOG_ERROR("[IsAuthStatusChg] Load auth status failed or status file not exist"); return true; } @@ -344,7 +344,7 @@ uint64_t GetCurrentTime(void) uint64_t currentTime = challengeResult->currentTime; FREE_CHALLENGE_RESULT(challengeResult); - CERT_LOG_DEBUG("[GetCloudCurrentTime] End."); + CERT_LOG_DEBUG("[GetCurrentTime] End."); return currentTime; } @@ -353,12 +353,12 @@ int32_t CheckVersionChanged(AuthStatus* authStatus) CERT_LOG_DEBUG("[CheckVersionChanged] Begin."); if ((authStatus == NULL) || (authStatus->versionId == NULL)) { CERT_LOG_ERROR("[CheckVersionChanged] Invalid parameter"); - return false; + return CERT_ERR; } char* versionIdFromOs = CertGetVersionId(); if (versionIdFromOs == NULL) { CERT_LOG_ERROR("[CheckVersionChanged] Cert GetVersionId is null"); - return false; + return CERT_ERR; } int32_t ret = strcmp(versionIdFromOs, authStatus->versionId); @@ -582,7 +582,7 @@ static int32_t ParseTicket(const cJSON* json, AuthResult* authResult) if (memcpy_s(authResult->ticket, len + 1, item, len + 1) != 0) { CERT_MEM_FREE(authResult->ticket); authResult->ticket = NULL; - CERT_LOG_ERROR("[ParseAuthStats] ticket memset_s or copy failed"); + CERT_LOG_ERROR("[ParseTicket] ticket memset_s or copy failed"); return CERT_ERR; } @@ -683,7 +683,7 @@ int32_t GenAuthMsg(ChallengeResult* challengeResult, DevicePacket** devPacket) int32_t ret = PackProductInfo(&devicePacket->productInfo); if (ret != CERT_OK) { CERT_LOG_ERROR("[GenAuthMsg] Pack ProductInfo failed."); - DestroyDevicePacket(&devicePacket); + FREE_DEVICE_PACKET(devicePacket); return CERT_ERR; } *devPacket = devicePacket; diff --git a/cert_mgr_service/services/core/cert/cert_service_challenge.c b/cert_mgr_service/services/core/cert/cert_service_challenge.c index 53405d8..a642aac 100644 --- a/cert_mgr_service/services/core/cert/cert_service_challenge.c +++ b/cert_mgr_service/services/core/cert/cert_service_challenge.c @@ -85,7 +85,7 @@ static int32_t ParseChallengeResult(const char* jsonStr, ChallengeResult *challe CERT_LOG_ERROR("[ParseChallengeResult] Invalid parameter"); return CERT_ERR; } - int32_t errorCode = (int32_t) GetObjectItemValueNumber(jsonStr, "errcode"); + uint64_t errorCode = GetObjectItemValueNumber(jsonStr, "errcode"); if (isnan(errorCode)) { CERT_LOG_WARN("[ParseChallengeResult] errorCode is nan."); CERT_LOG_ERROR("[ParseChallengeResult] Parse msg failed."); @@ -128,7 +128,7 @@ static int32_t SetChallenge(ChallengeResult* challengeResult, CERT_ACTION_TYPE a char* respMsg = NULL; ret = SendChallMsg(reqMsg, &respMsg, actionType); - DestroyDevicePacket(&reqMsg); + FREE_DEVICE_PACKET(reqMsg); if (ret != CERT_OK) { CERT_LOG_ERROR("[SetChallenge] Send Challenge Msg failed"); return ret; diff --git a/cert_mgr_service/services/core/cert/cert_service_reset.c b/cert_mgr_service/services/core/cert/cert_service_reset.c index 8bf1ef8..a429a65 100644 --- a/cert_mgr_service/services/core/cert/cert_service_reset.c +++ b/cert_mgr_service/services/core/cert/cert_service_reset.c @@ -44,7 +44,7 @@ int32_t GenResetMsg(ChallengeResult* challengeResult, DevicePacket** devPacket) if (devicePacket == NULL) { CERT_LOG_ERROR("[GenResetMsg] Create DevicePacket failed."); return CERT_ERR; - } + } devicePacket->appId = StrdupDevInfo(APP_ID); devicePacket->tenantId = StrdupDevInfo(TENANT_ID); devicePacket->randomUuid = StrdupDevInfo(RANDOM_UUID); @@ -86,7 +86,7 @@ int32_t ParseResetResult(const char* jsonStr) CERT_LOG_ERROR("[ParseResetResult] Invalid parameter"); return CERT_ERR; } - int32_t errorCode = (int32_t) GetObjectItemValueNumber(jsonStr, "errcode"); + uint64_t errorCode = GetObjectItemValueNumber(jsonStr, "errcode"); if (isnan(errorCode)) { CERT_LOG_ERROR("[ParseResetResult] errorCode is nan."); return CERT_ERR; diff --git a/cert_mgr_service/services/core/cert_entry.c b/cert_mgr_service/services/core/cert_entry.c index 0336422..4e30467 100644 --- a/cert_mgr_service/services/core/cert_entry.c +++ b/cert_mgr_service/services/core/cert_entry.c @@ -25,7 +25,7 @@ int32_t CertTask(void) // 执行主流程代码 int32_t ret = ProcCert(); if (ret != CERT_OK) { - CERT_LOG_ERROR("[CertTask] Proc Cert failed ret = %d.", ret); + CERT_LOG_ERROR("[CertTask] Proc failed ret = %d.", ret); } // 创建主流程定时器 diff --git a/cert_mgr_service/services/core/dfx/cert_dfx.c b/cert_mgr_service/services/core/dfx/cert_dfx.c index 340040d..3e71b50 100644 --- a/cert_mgr_service/services/core/dfx/cert_dfx.c +++ b/cert_mgr_service/services/core/dfx/cert_dfx.c @@ -183,7 +183,7 @@ void PrintAuthResult(AuthResult* authResult) if (authResult->authStatus == NULL) { CERT_LOG_WARN("authStatus = null;"); } else { - CERT_LOG_INFO_ANONY("authStatus = %s;", authResult->authStatus); + // authResult->authStatus 内容过长,不在打印 } CERT_LOG_INFO("----------------------------"); } diff --git a/cert_mgr_service/services/core/include/cert_type.h b/cert_mgr_service/services/core/include/cert_type.h index 647a928..fe32211 100644 --- a/cert_mgr_service/services/core/include/cert_type.h +++ b/cert_mgr_service/services/core/include/cert_type.h @@ -88,9 +88,9 @@ typedef struct { // 认证返回结果中的authStatus结构 typedef struct { char* versionId; + char* authType; int32_t softwareResult; int32_t hardwareResult; - char* authType; uint64_t expireTime; // 项目新增字段,参考接口文档 } AuthStatus; diff --git a/cert_mgr_service/services/core/include/security/cert_security.h b/cert_mgr_service/services/core/include/security/cert_security.h index 4a994b3..d2fc3c9 100644 --- a/cert_mgr_service/services/core/include/security/cert_security.h +++ b/cert_mgr_service/services/core/include/security/cert_security.h @@ -21,7 +21,6 @@ #include "ctr_drbg.h" #include "hkdf.h" #include "md.h" -#include "md_internal.h" #include "sha256.h" #include "entropy.h" diff --git a/cert_mgr_service/services/core/include/utils/cert_utils.h b/cert_mgr_service/services/core/include/utils/cert_utils.h index 5d7f3cf..9b35e9a 100644 --- a/cert_mgr_service/services/core/include/utils/cert_utils.h +++ b/cert_mgr_service/services/core/include/utils/cert_utils.h @@ -49,7 +49,7 @@ int32_t ToLowerStr(char* str, int len); int32_t StrToHex(char *pbDest, char *pbSrc, int nLen); -int Sha256Value(const unsigned char *src, char *dest, int destLen); +int Sha256Value(const unsigned char *src, int srcLen, char *dest, int destLen); int32_t AnonymiseStr(char* str); diff --git a/cert_mgr_service/services/core/security/cert_security.c b/cert_mgr_service/services/core/security/cert_security.c index c6dfbd9..ff4e6c5 100644 --- a/cert_mgr_service/services/core/security/cert_security.c +++ b/cert_mgr_service/services/core/security/cert_security.c @@ -42,7 +42,7 @@ int32_t Base64Encode(const uint8_t* srcData, size_t srcDataLen, uint8_t* base64E size_t outLen = 0; int32_t ret = mbedtls_base64_encode(NULL, 0, &outLen, srcData, srcDataLen); - if ((outLen == 0) || (outLen > (base64EncodeLen + 1))) { + if ((outLen == 0) || (outLen > (size_t)(base64EncodeLen + 1))) { CERT_LOG_ERROR("[Base64Encode] Base64 encode get outLen failed, outLen = %u, ret = -0x00%x", outLen, -ret); return ERR_CERT_SECURITY_BASE64_ENCODE; } @@ -78,9 +78,6 @@ void GetSalt(uint8_t* salt, uint32_t saltLen) } // temp右移8bits salt[i] = (uint8_t)((temp >> ((i % randomNumBytes) * offsetBits)) & 0xff); - if (salt[i] == 0) { - salt[i]++; - } } } @@ -183,7 +180,7 @@ int32_t GetAesKey(const SecurityParam* salt, const VersionData* versionData, co return ret; } -// AES-1238-CBC-PKCS#7加密 +// AES-128-CBC-PKCS#7加密 static int32_t EncryptAesCbc(AesCryptBufferDatas* datas, const uint8_t* aesKey, const char* iv, size_t ivLen) { @@ -240,7 +237,7 @@ static int32_t EncryptAesCbc(AesCryptBufferDatas* datas, const uint8_t* aesKey, return ret; } -// AES-1238-CBC-PKCS#7解密 +// AES-128-CBC-PKCS#7解密 static int32_t DecryptAesCbc(AesCryptBufferDatas* datas, const uint8_t* aesKey, const uint8_t* iv, size_t ivLen) { diff --git a/cert_mgr_service/services/core/security/cert_security_ticket.c b/cert_mgr_service/services/core/security/cert_security_ticket.c index 067dc3a..4b52ce8 100644 --- a/cert_mgr_service/services/core/security/cert_security_ticket.c +++ b/cert_mgr_service/services/core/security/cert_security_ticket.c @@ -28,8 +28,7 @@ int32_t WriteTicketToDevice(const char* ticket, uint8_t ticketLen) uint8_t ticketData[ENCRYPT_LEN + 1] = {0}; uint8_t encryptedData[BASE64_LEN] = {0}; uint8_t salt[SALT_LEN] = {0}; - TicketInfo ticketInfo; - + if ((ticket == NULL) || (ticketLen < MIN_TICKET_LEN) || (ticketLen >= MAX_TICKET_LEN)) { CERT_LOG_ERROR("[WriteTicketToDevice] Input Parameter."); return ERR_CERT_SECURITY_INVALID_ARG; @@ -47,17 +46,15 @@ int32_t WriteTicketToDevice(const char* ticket, uint8_t ticketLen) CERT_LOG_ERROR("[WriteTicketToDevice] Get AesKey fail."); return ERR_CERT_SECURITY_GEN_AESKEY; } - (void)memset_s(&ticketInfo, sizeof(TicketInfo), 0, sizeof(TicketInfo)); - if (ret != CERT_OK) { - CERT_LOG_ERROR("[WriteTicketToDevice] ticketInfo memset_s fail."); - return ERR_CERT_SECURITY_MEM_MEMSET; - } + ret = Encrypt(ticketData, ticketLen, aesKey, encryptedData, BASE64_LEN); if (ret != CERT_OK) { CERT_LOG_ERROR("[WriteTicketToDevice] ticketData Encrypt fail."); return ERR_CERT_SECURITY_ENCRYPT; } + TicketInfo ticketInfo; + (void)memset_s(&ticketInfo, sizeof(TicketInfo), 0, sizeof(TicketInfo)); if (memcpy_s(ticketInfo.ticket, sizeof(ticketInfo.ticket), encryptedData, BASE64_LEN) != 0 || memcpy_s(ticketInfo.salt, sizeof(ticketInfo.salt), salt, SALT_LEN) != 0) { CERT_LOG_ERROR("[WriteTicketToDevice] ticket or salt memcpy_s fail."); diff --git a/cert_mgr_service/services/core/security/cert_security_token.c b/cert_mgr_service/services/core/security/cert_security_token.c index 7330a70..37fed8a 100644 --- a/cert_mgr_service/services/core/security/cert_security_token.c +++ b/cert_mgr_service/services/core/security/cert_security_token.c @@ -210,7 +210,7 @@ static int32_t GetTokenInfo(const char* tokenValue, uint8_t tokenValueLen, } ret = memcpy_s(tokenInfo->version, sizeof(tokenInfo->version), g_tokenVersion, sizeof(tokenInfo->version)); if (ret != 0) { - CERT_LOG_ERROR("[GetTokenInfo] memcpy_s tokenVersion failed"); + CERT_LOG_ERROR("[GetTokenInfo] memcpy_s tokenVersion failed"); return ERR_CERT_SECURITY_MEM_MEMCPY; } return CERT_OK; diff --git a/cert_mgr_service/services/core/utils/cert_utils.c b/cert_mgr_service/services/core/utils/cert_utils.c index 58288a1..da5b68c 100644 --- a/cert_mgr_service/services/core/utils/cert_utils.c +++ b/cert_mgr_service/services/core/utils/cert_utils.c @@ -18,6 +18,7 @@ #include "mbedtls/ctr_drbg.h" #include "mbedtls/entropy.h" #include "mbedtls/sha256.h" +#include "mbedtls/version.h" #include "cert_utils_log.h" #include "cert_utils_memleak.h" #include "cert_utils.h" @@ -25,6 +26,12 @@ #define DEV_BUF_LENGTH 3 #define HASH_LENGTH 32 +#if defined(MBEDTLS_VERSION_NUMBER) && (MBEDTLS_VERSION_NUMBER >= 0x03000000) +#define mbedtls_sha256_starts_ret mbedtls_sha256_starts +#define mbedtls_sha256_update_ret mbedtls_sha256_update +#define mbedtls_sha256_finish_ret mbedtls_sha256_finish +#endif + int32_t GetRandomNum(void) { mbedtls_ctr_drbg_context randomContext; @@ -49,9 +56,8 @@ int32_t GetRandomNum(void) break; } - int i; result = random[randomBytes - 1]; - for (i = randomBytes - 2; i >= 0; --i) { + for (int i = randomBytes - 2; i >= 0; --i) { result <<= 8; result |= random[i]; } @@ -167,8 +173,7 @@ int32_t ToLowerStr(char* str, int len) return CERT_ERR; } - int i; - for (i = 0; i < len; i++) { + for (int i = 0; i < len; i++) { str[i] = tolower(str[i]); } return CERT_OK; @@ -208,20 +213,18 @@ int32_t StrToHex(char *pbDest, char *pbSrc, int nLen) return CERT_OK; } -int Sha256Value(const unsigned char *src, char *dest, int destLen) +int Sha256Value(const unsigned char *src, int srcLen, char *dest, int destLen) { - const int DEV_BUF_LENGTH = 3; - const int HASH_LENGTH = 32; if (src == NULL) { return CERT_ERR; } - char buf[DEV_BUF_LENGTH]; - unsigned char hash[HASH_LENGTH]; + char buf[DEV_BUF_LENGTH] = {0}; + unsigned char hash[HASH_LENGTH] = {0}; mbedtls_sha256_context context; mbedtls_sha256_init(&context); mbedtls_sha256_starts_ret(&context, 0); - mbedtls_sha256_update_ret(&context, src, strlen((const char *)src)); + mbedtls_sha256_update_ret(&context, src, srcLen); mbedtls_sha256_finish_ret(&context, hash); for (size_t i = 0; i < HASH_LENGTH; i++) { diff --git a/cert_mgr_service/services/core/utils/cert_utils_log.c b/cert_mgr_service/services/core/utils/cert_utils_log.c index 693bea3..42e2189 100644 --- a/cert_mgr_service/services/core/utils/cert_utils_log.c +++ b/cert_mgr_service/services/core/utils/cert_utils_log.c @@ -56,7 +56,7 @@ void CertLog(CertLogLevel logLevel, const char* fmt, ...) int32_t ret = vsprintf_s(outStr, sizeof(outStr), fmt, arg); va_end(arg); if (ret < 0) { - CertLogPrint(logLevel, "Cert log length error."); + CertLogPrint(logLevel, "log length error."); return; } CertLogPrint(logLevel, outStr); @@ -73,7 +73,7 @@ void CertLogAnonyStr(CertLogLevel logLevel, const char* fmt, const char* str) } int32_t ret = AnonymiseStr(strDup); if (ret != CERT_OK) { - CERT_LOG_ERROR("[CertLogAnony] AnonymiseStr failed, ret = %d;", ret); + CERT_LOG_ERROR("[CertLogAnonyStr] AnonymiseStr failed, ret = %d;", ret); CERT_MEM_FREE(strDup); return; } @@ -81,7 +81,7 @@ void CertLogAnonyStr(CertLogLevel logLevel, const char* fmt, const char* str) ret = sprintf_s(outStr, sizeof(outStr), fmt, strDup); CERT_MEM_FREE(strDup); if (ret < 0) { - CertLogPrint(logLevel, "[CertLogAnony] Cert anony str length error."); + CertLogPrint(logLevel, "[CertLogAnonyStr] anony str length error."); return; } CertLogPrint(logLevel, outStr); diff --git a/cert_mgr_service/services/core/utils/cert_utils_memleak.c b/cert_mgr_service/services/core/utils/cert_utils_memleak.c index 5e333f2..20717d1 100644 --- a/cert_mgr_service/services/core/utils/cert_utils_memleak.c +++ b/cert_mgr_service/services/core/utils/cert_utils_memleak.c @@ -48,6 +48,7 @@ int32_t InitMemNodeList(void) if (list == NULL) { return CERT_ERR; } + (void)memset_s(list, sizeof(List), 0, sizeof(List)); list->head = NULL; g_memNodeList = list; return CERT_OK; diff --git a/cert_mgr_service/services/etc/init/BUILD.gn b/cert_mgr_service/services/etc/init/BUILD.gn index a138f69..2708fb5 100644 --- a/cert_mgr_service/services/etc/init/BUILD.gn +++ b/cert_mgr_service/services/etc/init/BUILD.gn @@ -16,15 +16,15 @@ import("//base/cert_mgr_service/build/certconfig.gni") group("cert_mgr_etc") { deps = [ - ":cert_mgr_sa.rc", + ":cert_mgr_service.cfg", ] } -ohos_prebuilt_etc("cert_mgr_sa.rc") { +ohos_prebuilt_etc("cert_mgr_service.cfg") { if (use_musl) { - source = "cert_mgr_sa.cfg" + source = "cert_mgr_service.cfg" } else { - source = "cert_mgr_sa.rc" + source = "cert_mgr_service.rc" } relative_install_dir = "init" subsystem_name = "certmanager" diff --git a/cert_mgr_service/services/etc/init/cert_mgr_sa.cfg b/cert_mgr_service/services/etc/init/cert_mgr_service.cfg similarity index 58% rename from cert_mgr_service/services/etc/init/cert_mgr_sa.cfg rename to cert_mgr_service/services/etc/init/cert_mgr_service.cfg index 90e0c2e..c002200 100644 --- a/cert_mgr_service/services/etc/init/cert_mgr_sa.cfg +++ b/cert_mgr_service/services/etc/init/cert_mgr_service.cfg @@ -2,15 +2,16 @@ "jobs" : [{ "name" : "post-fs-data", "cmds" : [ - "start cert_mgr_server" + "start cert_mgr_service" ] } ], "services" : [{ - "name" : "cert_mgr_server", + "name" : "cert_mgr_service", "path" : ["/system/bin/sa_main", "/system/profile/cert_mgr_service.xml"], "uid" : "root", - "gid" : ["system", "shell", "uhid", "root"] + "gid" : ["system", "shell", "uhid", "root"], + "secon" : "u:r:cert_mgr_service:s0" } ] } diff --git a/cert_mgr_service/services/etc/init/cert_mgr_sa.rc b/cert_mgr_service/services/etc/init/cert_mgr_service.rc similarity index 88% rename from cert_mgr_service/services/etc/init/cert_mgr_sa.rc rename to cert_mgr_service/services/etc/init/cert_mgr_service.rc index 6f2dbbf..a527eac 100644 --- a/cert_mgr_service/services/etc/init/cert_mgr_sa.rc +++ b/cert_mgr_service/services/etc/init/cert_mgr_service.rc @@ -11,7 +11,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -service cert_mgr_server /system/bin/sa_main /system/profile/cert_mgr_service.xml +service cert_mgr_service /system/bin/sa_main /system/profile/cert_mgr_service.xml class z_core user root group system shell diff --git a/cert_mgr_service/services/sa_profile/BUILD.gn b/cert_mgr_service/services/sa_profile/BUILD.gn index f345abc..28b82b3 100644 --- a/cert_mgr_service/services/sa_profile/BUILD.gn +++ b/cert_mgr_service/services/sa_profile/BUILD.gn @@ -11,8 +11,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -import("//build/ohos.gni") -import("//base/cert_mgr_service/build/certconfig.gni") +import("//build/ohos/sa_profile/sa_profile.gni") ohos_sa_profile("cert_mgr_sa_profile") { sources = [ "7100.xml" ] diff --git a/cert_mgr_service/test/data/cert_mock_network_para b/cert_mgr_service/test/data/cert_mock_network_para index f7b07e2..6efa992 100644 --- a/cert_mgr_service/test/data/cert_mock_network_para +++ b/cert_mgr_service/test/data/cert_mock_network_para @@ -20,7 +20,7 @@ "challenge": { "currentTime": 1647914836482, "challenge": "b39b752290266b95acedde9b2f89fa5ebea6e060d509b0b20d07c922bcea7b64", - "errcode": 1 + "errcode": 0 }, "response": { "ticket": "ujlrjJ6loo16/32VSKj9hZ+vDpiPgt+L", diff --git a/cert_mgr_service/test/unittest/BUILD.gn b/cert_mgr_service/test/unittest/BUILD.gn index 88e0a13..7f2b521 100644 --- a/cert_mgr_service/test/unittest/BUILD.gn +++ b/cert_mgr_service/test/unittest/BUILD.gn @@ -24,6 +24,7 @@ config("module_private_config") { "${certmanager_standard_path}/services/core/include/security", "${certmanager_standard_path}/services/core/include/network", "${certmanager_standard_path}/services/core/include/utils", + "//utils/native/base/include", ] defines = [] if (enable_cert_debug_memory_leak) { @@ -38,10 +39,10 @@ deps_in = [ "//third_party/mbedtls:mbedtls_shared", "//third_party/googletest:gtest_main", "//third_party/googletest:gmock", - "//utils/native/base:utils" ] deps_ex = [ + "c_utils:utils", "hiviewdfx_hilog_native:libhilog", "ipc:ipc_core", "safwk:system_ability_fwk", diff --git a/certmanager/cert_mgr_standard/system/cert_mgr_service.te b/certmanager/cert_mgr_standard/system/cert_mgr_service.te new file mode 100644 index 0000000..1081f24 --- /dev/null +++ b/certmanager/cert_mgr_standard/system/cert_mgr_service.te @@ -0,0 +1,79 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +type cert_mgr_service, sadomain, domain; +type cert_mgr_service_exec, system_file_attr, exec_attr, file_attr; + +init_daemon_domain(cert_mgr_service); + +allow storage_daemon hmdfs:dir { mounton }; +allow foundation storage_manager:dir { open read write }; +allow netsysnative netmanager:tcp_socket { create read write getopt setopt }; +allow normal_hap cert_mgr_service:fd { use }; + +allow cert_mgr_service data_file:dir { search }; +allow cert_mgr_service data_data_file:dir { search getattr add_name open read remove_name search write create }; +allow cert_mgr_service data_data_file:file { append map open read create write getattr setattr unlink lock ioctl rename }; +allow cert_mgr_service data_ota_package:dir { append ioctl open read add_name search write remove_name }; +allow cert_mgr_service data_ota_package:file { append create ioctl open read rename unlink }; +allow cert_mgr_service dev_file:sock_file { write }; + +allow cert_mgr_service netsysnative:unix_stream_socket { connectto }; +allow cert_mgr_service port:tcp_socket { name_connect }; +allow cert_mgr_service cert_mgr_service:tcp_socket { connect create read setopt write getopt getattr }; +allow cert_mgr_service cert_mgr_service:udp_socket { create bind connect getattr read write }; + +allow cert_mgr_service accesstoken_service:binder { call }; +allow cert_mgr_service foundation:binder { call transfer }; +allow cert_mgr_service netmanager:binder { call transfer }; +allow cert_mgr_service softbus_server:binder { call }; +allow cert_mgr_service system_basic_hap:binder { call }; +allow system_core_hap cert_mgr_service:binder { call transfer }; +allow cert_mgr_service system_core_hap:binder { call transfer }; +allow cert_mgr_service normal_hap:binder { call transfer }; +allow cert_mgr_service hdf_devmgr:binder { call transfer }; +allow cert_mgr_service devicetoken_host:binder { call transfer }; + +allow cert_mgr_service data_dhcp:dir { add_name remove_name search write create }; +allow cert_mgr_service data_dhcp:file { create getattr ioctl lock open read setattr unlink write }; +allow cert_mgr_service data_misc:dir { add_name search write }; +allow cert_mgr_service data_misc:file { create ioctl open read write }; +allow cert_mgr_service data_misc:sock_file { write }; +allow cert_mgr_service accessibility_param:file { read }; +allow cert_mgr_service dev_unix_socket:dir { search }; +allow cert_mgr_service system_bin_file:dir { search }; +allow cert_mgr_service system_bin_file:file { execute execute_no_trans map read open }; + +allow cert_mgr_service node:udp_socket { node_bind }; +allow cert_mgr_service port:udp_socket { name_bind }; +allow cert_mgr_service wifi_hal_service:unix_stream_socket { connectto }; +allow cert_mgr_service kernel:unix_stream_socket { connectto }; + +allow cert_mgr_service cert_mgr_service:netlink_route_socket { create nlmsg_read read write }; +allow cert_mgr_service cert_mgr_service:packet_socket { bind create read write }; +allow cert_mgr_service cert_mgr_service:udp_socket { bind create ioctl setopt getopt read write }; +allow cert_mgr_service cert_mgr_service:unix_dgram_socket { ioctl getopt setopt }; +allowxperm cert_mgr_service data_dhcp:file ioctl { 0x5413 }; +allowxperm cert_mgr_service data_misc:file ioctl { 0x5413 }; +allowxperm cert_mgr_service cert_mgr_service:udp_socket ioctl { 0x890B 0x8913 0x8915 0x8916 0x891b 0x891c 0x8927 0x8933 }; +allowxperm cert_mgr_service cert_mgr_service:unix_dgram_socket ioctl { 0x8910 }; + +allow cert_mgr_service paramservice_socket:sock_file { write create setattr getattr relabelto }; +allow cert_mgr_service cert_auth_result_param:file { map open read }; +allow cert_mgr_service cert_auth_result_param:parameter_service { set }; + +allow cert_mgr_service sa_cert_mgr_service:samgr_class { add }; +allow cert_mgr_service sa_net_conn_manager:samgr_class { get }; +allow cert_mgr_service sa_device_service_manager:samgr_class { get }; +allow cert_mgr_service hdf_devicetoken_driver_service:hdf_devmgr_class { get }; +allow cert_mgr_service hdf_device_manager:hdf_devmgr_class { get }; diff --git a/certmanager/cert_mgr_standard/system/devicetoken_host.te b/certmanager/cert_mgr_standard/system/devicetoken_host.te new file mode 100644 index 0000000..b6d391a --- /dev/null +++ b/certmanager/cert_mgr_standard/system/devicetoken_host.te @@ -0,0 +1,23 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +allow devicetoken_host samgr:binder { call transfer }; +allow devicetoken_host hdf_devmgr:binder { call transfer }; + +allow devicetoken_host sa_device_service_manager:samgr_class { get }; +allow devicetoken_host hdf_devicetoken_driver_service:hdf_devmgr_class { add }; + +allow devicetoken_host dev_unix_socket:dir { search }; +allow devicetoken_host data_file:dir { search }; +allow devicetoken_host data_data_file:dir { search getattr add_name open read remove_name search write create }; +allow devicetoken_host data_data_file:file { append map open read create write getattr setattr unlink lock ioctl rename }; diff --git a/certmanager/cert_mgr_standard/system/hdf_devmgr.te b/certmanager/cert_mgr_standard/system/hdf_devmgr.te new file mode 100644 index 0000000..1be194a --- /dev/null +++ b/certmanager/cert_mgr_standard/system/hdf_devmgr.te @@ -0,0 +1,22 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +allow hdf_devmgr cert_mgr_service:binder { call transfer }; +allow hdf_devmgr cert_mgr_service:process { getattr }; +allow hdf_devmgr cert_mgr_service:dir { search getattr add_name open read remove_name search write create }; +allow hdf_devmgr cert_mgr_service:file { append map open read create write getattr setattr unlink lock ioctl rename }; + +allow hdf_devmgr devicetoken_host:binder { call transfer }; +allow hdf_devmgr devicetoken_host:process { getattr }; +allow hdf_devmgr devicetoken_host:dir { search }; +allow hdf_devmgr devicetoken_host:file { open read write }; diff --git a/certmanager/cert_mgr_standard/system/parameter.te b/certmanager/cert_mgr_standard/system/parameter.te new file mode 100644 index 0000000..29df3f4 --- /dev/null +++ b/certmanager/cert_mgr_standard/system/parameter.te @@ -0,0 +1,14 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +type cert_auth_result_param, parameter_attr; diff --git a/certmanager/cert_mgr_standard/system/parameter_contexts b/certmanager/cert_mgr_standard/system/parameter_contexts new file mode 100644 index 0000000..0776ba8 --- /dev/null +++ b/certmanager/cert_mgr_standard/system/parameter_contexts @@ -0,0 +1,14 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +cert.auth.result u:object_r:cert_auth_result_param:s0 diff --git a/devicetoken/bundle.json b/devicetoken/bundle.json index 343a84b..15666c4 100644 --- a/devicetoken/bundle.json +++ b/devicetoken/bundle.json @@ -13,9 +13,8 @@ "deps": { "components": [ "ipc", - "device_driver_framework", - "hiviewdfx_hilog_native", - "utils_base" + "hdf_core", + "hiviewdfx_hilog_native" ], "third_part": [ "bounds_checking_function" diff --git a/devicetoken/hal/include/hal_token.h b/devicetoken/hal/include/hal_token.h index eaf314a..e4f6def 100644 --- a/devicetoken/hal/include/hal_token.h +++ b/devicetoken/hal/include/hal_token.h @@ -33,8 +33,6 @@ extern "C" { #define TOKEN_B_ADDR "tokenB" #define BITS_PER_BYTE 8 - - /** * @brief Read token value form device. * diff --git a/devicetoken/hal/src/hal_token.c b/devicetoken/hal/src/hal_token.c index c258482..94c3bab 100644 --- a/devicetoken/hal/src/hal_token.c +++ b/devicetoken/hal/src/hal_token.c @@ -100,8 +100,8 @@ int32_t HalReadToken(char *token, uint32_t len) HDF_LOGE("[HalReadToken] tokenWithFlagA = %{public}s", tokenWithFlagA); HDF_LOGE("[HalReadToken] tokenWithFlagB = %{public}s", tokenWithFlagB); - HDF_LOGE("[HalReadToken] tokenWithFlagA length = %{public}d", strlen(tokenWithFlagA)); - HDF_LOGE("[HalReadToken] tokenWithFlagB length = %{public}d", strlen(tokenWithFlagB)); + HDF_LOGE("[HalReadToken] tokenWithFlagA length = %{public}lu", strlen(tokenWithFlagA)); + HDF_LOGE("[HalReadToken] tokenWithFlagB length = %{public}lu", strlen(tokenWithFlagB)); if ((retA != HAL_TOKEN_OK) && (retB != HAL_TOKEN_OK)) { return HAL_TOKEN_UNPRESET; @@ -140,8 +140,8 @@ int32_t HalWriteToken(const char *token, uint32_t len) HDF_LOGE("[HalWriteToken] tokenWithFlagA = %{public}s", tokenWithFlagA); HDF_LOGE("[HalWriteToken] tokenWithFlagB = %{public}s", tokenWithFlagB); - HDF_LOGE("[HalWriteToken] tokenWithFlagA length = %{public}d", strlen(tokenWithFlagA)); - HDF_LOGE("[HalWriteToken] tokenWithFlagB length = %{public}d", strlen(tokenWithFlagB)); + HDF_LOGE("[HalWriteToken] tokenWithFlagA length = %{public}lu", strlen(tokenWithFlagA)); + HDF_LOGE("[HalWriteToken] tokenWithFlagB length = %{public}lu", strlen(tokenWithFlagB)); if ((retA != HAL_TOKEN_OK) && (retB != HAL_TOKEN_OK)) { unsigned char flag[TOKEN_FLAG_SIZE] = {0}; diff --git a/devicetoken/hdi_service/BUILD.gn b/devicetoken/hdi_service/BUILD.gn index 26fe518..1d88473 100644 --- a/devicetoken/hdi_service/BUILD.gn +++ b/devicetoken/hdi_service/BUILD.gn @@ -12,7 +12,7 @@ # limitations under the License. import("//build/ohos.gni") -import("//drivers/adapter/uhdf2/uhdf.gni") +import("//drivers/hdf_core/adapter/uhdf2/uhdf.gni") config("exported_header_files") { visibility = [ ":*" ] @@ -36,13 +36,13 @@ ohos_shared_library("devicetoken_driver") { ] external_deps = [ - "device_driver_framework:libhdf_host", - "device_driver_framework:libhdf_ipc_adapter", - "device_driver_framework:libhdf_utils", - "device_driver_framework:libhdi", + "hdf_core:libhdf_host", + "hdf_core:libhdf_ipc_adapter", + "hdf_core:libhdf_utils", + "hdf_core:libhdi", "hiviewdfx_hilog_native:libhilog", "ipc:ipc_single", - "utils_base:utils", + "c_utils:utils", ] public_configs = [ ":exported_header_files" ] -- Gitee From 6eb9afc46a971146eaceec4d4b0abf2361cbae0e Mon Sep 17 00:00:00 2001 From: Kemin <541416002@qq.com> Date: Tue, 15 Nov 2022 11:20:16 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E9=80=80=E5=9B=9Esalt=E7=9A=84=E9=80=BB?= =?UTF-8?q?=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cert_mgr_service/services/core/adapter/cert_adapter.c | 7 ------- cert_mgr_service/services/core/security/cert_security.c | 3 +++ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/cert_mgr_service/services/core/adapter/cert_adapter.c b/cert_mgr_service/services/core/adapter/cert_adapter.c index 0779cf8..2edd62a 100644 --- a/cert_mgr_service/services/core/adapter/cert_adapter.c +++ b/cert_mgr_service/services/core/adapter/cert_adapter.c @@ -102,10 +102,6 @@ int32_t CertReadToken(TokenInfo* tokenInfo) CERT_LOG_ERROR("[CertReadToken] Read oem token failed, ret = %d", ret); return ret; } - - CERT_LOG_INFO("[CertReadTokenCertReadTokenCertReadTokenCertReadTokenCertReadToken] token = %s", token); - CERT_LOG_INFO("[CertReadTokenCertReadTokenCertReadTokenCertReadTokenCertReadToken] token length = %d", strlen(token)); - int32_t offset = 0; if (memcpy_s(tokenInfo->tokenId, TOKEN_ID_ENCRYPT_LEN, token + offset, TOKEN_ID_ENCRYPT_LEN) != 0) { return CERT_ERR; @@ -154,9 +150,6 @@ int32_t CertWriteToken(TokenInfo* tokenInfo) return CERT_ERR; } - CERT_LOG_INFO("[CertWriteTokenCertWriteTokenCertWriteTokenCertWriteToken] token = %s", token); - CERT_LOG_INFO("[CertWriteTokenCertWriteTokenCertWriteTokenCertWriteToken] token length = %d", strlen(token)); - struct IDeviceTokenInterface *devicetoken = DeviceTokenInterfaceGet(); if (devicetoken == NULL) { CERT_LOG_INFO("[CertWriteToken] devicetoken is NULL."); diff --git a/cert_mgr_service/services/core/security/cert_security.c b/cert_mgr_service/services/core/security/cert_security.c index ff4e6c5..86cafd2 100644 --- a/cert_mgr_service/services/core/security/cert_security.c +++ b/cert_mgr_service/services/core/security/cert_security.c @@ -78,6 +78,9 @@ void GetSalt(uint8_t* salt, uint32_t saltLen) } // temp右移8bits salt[i] = (uint8_t)((temp >> ((i % randomNumBytes) * offsetBits)) & 0xff); + if (salt[i] == 0) { + salt[i]++; + } } } -- Gitee