!4 请求将security_device_auth合入next分支

From: @zxstty Reviewed-by: @yukaii Signed-off-by: @yukaii
2023-12-12 08:05:07 +00:00 · 2023-12-12 08:05:07 +00:00 · f3f96fab60
commit f3f96fab60
parent f8b71c66ec 222495b23c
5 changed files with 408 additions and 0 deletions
--- a/0001-security_device_auth.patch
+++ b/0001-security_device_auth.patch
@ -0,0 +1,213 @@
+From 37fca9f6e6f3d7e97abfe8de0a593b1cabd0cba7 Mon Sep 17 00:00:00 2001
+From: muyuying <muyuying1@huawei.com>
+Date: Thu, 12 Oct 2023 20:56:51 +0800
+Subject: [PATCH] =?UTF-8?q?=E9=80=82=E9=85=8DopenEuler?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+---
+ services/BUILD.gn                             | 16 +++----
+ .../src/hiview_adapter/hisysevent_adapter.cpp | 33 +++++++-------
+ .../src/hiview_adapter/hitrace_adapter.cpp    | 10 +++--
+ .../permission_adapter/permission_adapter.cpp | 43 ++++++++++---------
+ 4 files changed, 53 insertions(+), 49 deletions(-)
+
+diff --git a/services/BUILD.gn b/services/BUILD.gn
+index 655f169..967d958 100644
+--- a/services/BUILD.gn
+++ b/services/BUILD.gn
+@@ -176,8 +176,8 @@ if (os_level == "mini" || os_level == "small") {
+     external_deps = [
+       "c_utils:utils",
+       "dsoftbus:softbus_client",
+-      "hisysevent_native:libhisysevent",
+-      "hitrace_native:hitrace_meter",
+      # "hisysevent_native:libhisysevent",
+      # "hitrace_native:hitrace_meter",
+       "hiviewdfx_hilog_native:libhilog",
+     ]
+     if (support_jsapi) {
+@@ -225,10 +225,10 @@ if (os_level == "mini" || os_level == "small") {
+     ]
+ 
+     external_deps = [
+-      "access_token:libaccesstoken_sdk",
+      # "access_token:libaccesstoken_sdk",
+       "c_utils:utils",
+-      "hisysevent_native:libhisysevent",
+-      "hitrace_native:hitrace_meter",
+      # "hisysevent_native:libhisysevent",
+      # "hitrace_native:hitrace_meter",
+       "hiviewdfx_hilog_native:libhilog",
+       "init:libbegetutil",
+       "ipc:ipc_core",
+@@ -269,10 +269,10 @@ if (os_level == "mini" || os_level == "small") {
+     ]
+ 
+     external_deps = [
+-      "access_token:libaccesstoken_sdk",
+      # "access_token:libaccesstoken_sdk",
+       "c_utils:utils",
+-      "hisysevent_native:libhisysevent",
+-      "hitrace_native:hitrace_meter",
+      # "hisysevent_native:libhisysevent",
+      # "hitrace_native:hitrace_meter",
+       "hiviewdfx_hilog_native:libhilog",
+       "init:libbegetutil",
+       "ipc:ipc_core",
+diff --git a/services/frameworks/src/hiview_adapter/hisysevent_adapter.cpp b/services/frameworks/src/hiview_adapter/hisysevent_adapter.cpp
+index 3954919..f5b3380 100644
+--- a/services/frameworks/src/hiview_adapter/hisysevent_adapter.cpp
+++ b/services/frameworks/src/hiview_adapter/hisysevent_adapter.cpp
+@@ -14,33 +14,34 @@
+  */
+ 
+ #include "hisysevent_adapter.h"
+-#include "hisysevent.h"
+// #include "hisysevent.h"
+ 
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+ 
+-constexpr char STR_EVENT_CORE_FUNCTION[] = "CORE_FUNCTION";
+-constexpr char STR_EVENT[] = "EVENT";
+-constexpr char STR_APP_ID[] = "APP_ID";
+-constexpr char STR_BATCH_NUMBER[] = "BATCH_NUMBER";
+-constexpr char STR_RESULT[] = "RESULT";
+-constexpr char STR_OS_ACCOUNT_ID[] = "OS_ACCOUNT_ID";
+// constexpr char STR_EVENT_CORE_FUNCTION[] = "CORE_FUNCTION";
+// constexpr char STR_EVENT[] = "EVENT";
+// constexpr char STR_APP_ID[] = "APP_ID";
+// constexpr char STR_BATCH_NUMBER[] = "BATCH_NUMBER";
+// constexpr char STR_RESULT[] = "RESULT";
+// constexpr char STR_OS_ACCOUNT_ID[] = "OS_ACCOUNT_ID";
+ 
+ void ReportCoreFuncInvokeEvent(const InvokeEvent *event)
+ {
+    return;
+     if (event == nullptr) {
+         return;
+     }
+-    OHOS::HiviewDFX::HiSysEvent::Write(
+-        OHOS::HiviewDFX::HiSysEvent::Domain::DEVICE_AUTH,
+-        STR_EVENT_CORE_FUNCTION,
+-        OHOS::HiviewDFX::HiSysEvent::EventType::STATISTIC,
+-        STR_EVENT, event->eventId,
+-        STR_APP_ID, event->appId,
+-        STR_BATCH_NUMBER, event->batchNumber,
+-        STR_RESULT, event->result,
+-        STR_OS_ACCOUNT_ID, event->osAccountId);
+    // OHOS::HiviewDFX::HiSysEvent::Write(
+    //     OHOS::HiviewDFX::HiSysEvent::Domain::DEVICE_AUTH,
+    //     STR_EVENT_CORE_FUNCTION,
+    //     OHOS::HiviewDFX::HiSysEvent::EventType::STATISTIC,
+    //     STR_EVENT, event->eventId,
+    //     STR_APP_ID, event->appId,
+    //     STR_BATCH_NUMBER, event->batchNumber,
+    //     STR_RESULT, event->result,
+    //     STR_OS_ACCOUNT_ID, event->osAccountId);
+ }
+ 
+ #ifdef __cplusplus
+diff --git a/services/frameworks/src/hiview_adapter/hitrace_adapter.cpp b/services/frameworks/src/hiview_adapter/hitrace_adapter.cpp
+index 57eca82..0beea45 100644
+--- a/services/frameworks/src/hiview_adapter/hitrace_adapter.cpp
+++ b/services/frameworks/src/hiview_adapter/hitrace_adapter.cpp
+@@ -15,24 +15,26 @@
+ 
+ #include "hitrace_adapter.h"
+ 
+-#include "hitrace_meter.h"
+// #include "hitrace_meter.h"
+ 
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+ 
+ void DevAuthStartTrace(const char *value)
+-{
+{   
+    return;
+     if (value == nullptr) {
+         return;
+     }
+ 
+-    StartTrace(HITRACE_TAG_APP, value);
+    // StartTrace(HITRACE_TAG_APP, value);
+ }
+ 
+ void DevAuthFinishTrace(void)
+ {
+-    FinishTrace(HITRACE_TAG_APP);
+    return;
+    // FinishTrace(HITRACE_TAG_APP);
+ }
+ 
+ #ifdef __cplusplus
+diff --git a/services/frameworks/src/permission_adapter/permission_adapter.cpp b/services/frameworks/src/permission_adapter/permission_adapter.cpp
+index de5a31a..d649f1c 100644
+--- a/services/frameworks/src/permission_adapter/permission_adapter.cpp
+++ b/services/frameworks/src/permission_adapter/permission_adapter.cpp
+@@ -15,34 +15,35 @@
+ 
+ #include "permission_adapter.h"
+ 
+-#include "accesstoken_kit.h"
+// #include "accesstoken_kit.h"
+ #include "ipc_skeleton.h"
+ 
+ #include "device_auth_defines.h"
+ #include "hc_log.h"
+ 
+ using namespace OHOS;
+-using namespace OHOS::Security::AccessToken;
+// using namespace OHOS::Security::AccessToken;
+ 
+ int32_t CheckPermission(void)
+ {
+-    AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID();
+-    ATokenTypeEnum tokenType = AccessTokenKit::GetTokenTypeFlag(tokenId);
+-    if (tokenType == TOKEN_NATIVE) {
+-        NativeTokenInfo findInfo;
+-        if (AccessTokenKit::GetNativeTokenInfo(tokenId, findInfo) != 0) {
+-            LOGE("GetNativeTokenInfo failed!");
+-            return HC_ERROR;
+-        }
+-        if ((findInfo.apl == APL_SYSTEM_CORE) || (findInfo.apl == APL_SYSTEM_BASIC)) {
+-            LOGI("Check permission(APL3=SYSTEM_CORE or APL2=SYSTEM_BASIC) success!");
+-            return HC_SUCCESS;
+-        } else {
+-            LOGE("Check permission(APL3=SYSTEM_CORE or APL2=SYSTEM_BASIC) failed! APL: %d", findInfo.apl);
+-            return HC_ERROR;
+-        }
+-    } else {
+-        LOGE("Invalid token type: %d", tokenType);
+-        return HC_ERROR;
+-    }
+    // AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID();
+    // ATokenTypeEnum tokenType = AccessTokenKit::GetTokenTypeFlag(tokenId);
+    // if (tokenType == TOKEN_NATIVE) {
+    //     NativeTokenInfo findInfo;
+    //     if (AccessTokenKit::GetNativeTokenInfo(tokenId, findInfo) != 0) {
+    //         LOGE("GetNativeTokenInfo failed!");
+    //         return HC_ERROR;
+    //     }
+    //     if ((findInfo.apl == APL_SYSTEM_CORE) || (findInfo.apl == APL_SYSTEM_BASIC)) {
+    //         LOGI("Check permission(APL3=SYSTEM_CORE or APL2=SYSTEM_BASIC) success!");
+    //         return HC_SUCCESS;
+    //     } else {
+    //         LOGE("Check permission(APL3=SYSTEM_CORE or APL2=SYSTEM_BASIC) failed! APL: %d", findInfo.apl);
+    //         return HC_ERROR;
+    //     }
+    // } else {
+    //     LOGE("Invalid token type: %d", tokenType);
+    //     return HC_ERROR;
+    // }
+    return HC_SUCCESS;
+ }
+\ No newline at end of file
+-- 
+2.33.0
+
--- a/device_auth.BUILD.gn
+++ b/device_auth.BUILD.gn
@ -0,0 +1,23 @@
+# Copyright (C) 2021-2022 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/ohos.gni")
+
+config("deviceauth_config") {
+  include_dirs = [ "//base/security/device_auth/interfaces/innerkits" ]
+  libs = [ "deviceauth_sdk.z" ]
+}
+
+group("deviceauth_sdk") {
+  public_configs = [ ":deviceauth_config" ]
+}
--- a/device_auth.bundle.json
+++ b/device_auth.bundle.json
@ -0,0 +1,64 @@
+{
+    "name": "@ohos/deviceauth",
+    "version": "3.1",
+    "description": "The device authentication module belongs to the security subsystem of OpenHarmony. It manages the entire lifecycle of trust relationships between devices.",
+    "publishAs": "code-segment",
+    "segment": {
+        "destPath": "base/security/device_auth"
+    },
+    "dirs": {},
+    "scripts": {},
+    "author": {},
+    "repository": "",
+    "license": "Apache License 2.0",
+    "component": {
+      "name": "device_auth",
+      "subsystem": "security",
+      "syscap": [ "SystemCapability.Security.DeviceAuth" ],
+      "features": [],
+      "adapted_system_type": [
+          "standard",
+          "small",
+          "mini"
+        ],
+      "rom": "500KB",
+      "ram": "500KB",
+      "deps": {
+        "components": [
+          "dsoftbus",
+          "safwk",
+          "os_account",
+          "access_token",
+          "security",
+          "common",
+          "utils_base",
+          "hiviewdfx_hilog_native",
+          "hisysevent_native",
+          "samgr",
+          "ipc"
+        ],
+        "third_party": [
+          "cJSON",
+          "bounds_checking_function",
+          "mbedtls",
+          "openssl"
+        ]
+      },
+      "build": {
+        "sub_component": [
+        ],
+        "inner_kits": [
+          {
+            "name": "//base/security/device_auth/services:deviceauth_sdk",
+            "header": {
+              "header_files": [
+                "device_auth_defines.h",
+                "device_auth.h"
+              ],
+              "header_base": "//base/security/device_auth/interfaces/innerkits"
+            }
+          }
+        ]
+      }
+    }
+}
--- a/security_device_auth-OpenHarmony-v3.2-Release.tar.gz
+++ b/security_device_auth-OpenHarmony-v3.2-Release.tar.gz
--- a/security_device_auth.spec
+++ b/security_device_auth.spec
@ -0,0 +1,108 @@
+%define debug_package %{nil}
+%global openHarmony_source_release OpenHarmony-v3.2-Release
+%global security_dir %{_builddir}/base/security
+%global build_opt /opt/distributed-middleware-build
+
+Name: security_device_auth
+Version: 1.0.0
+Release: 1
+Summary: System ability manager
+License: Apache License 2.0
+Url: https://gitee.com/openharmony/security_device_auth
+Source1: https://gitee.com/openharmony/security_device_auth/repository/archive/%{openHarmony_source_release}.tar.gz #/security_device_auth-%{openHarmony_source_release}.tar.gz
+Source2: device_auth.bundle.json
+Source3: device_auth.BUILD.gn
+
+Patch1: 0001-security_device_auth.patch
+
+BuildRequires:  gcc, make, hilog, kernel-devel, uname-build-checks
+BuildRequires:  distributed-build, distributed-beget
+BuildRequires:  commonlibrary_c_utils
+BuildRequires:  notification_eventhandler
+BuildRequires:  communication_ipc
+BuildRequires:  security_huks
+BuildRequires:  systemabilitymgr_safwk, systemabilitymgr_samgr
+BuildRequires:  cjson-devel, openssl-devel
+
+
+Requires:  distributed-beget
+Requires:  commonlibrary_c_utils
+Requires:  notification_eventhandler
+Requires:  communication_ipc
+Requires:  security_huks
+Requires:  systemabilitymgr_safwk, systemabilitymgr_samgr
+Requires:  libboundscheck
+
+%description
+OpenEuler supports device auth for distributed softbus capability
+
+%prep
+rm -rf %{_builddir}/*
+
+cp -rf %{build_opt} %{_builddir}/build
+[ ! -L "%{_builddir}/build.sh" ] && ln -s %{_builddir}/build/build_scripts/build.sh %{_builddir}/build.sh
+[ ! -L "%{_builddir}/.gn" ] && ln -s %{_builddir}/build/core/gn/dotfile.gn %{_builddir}/.gn
+[ ! -L "%{_builddir}/build.py" ] && ln -s %{_builddir}/build/lite/build.py %{_builddir}/build.py
+cp -rf %{_builddir}/build/openeuler/vendor %{_builddir}/
+cp -rf %{_builddir}/build/openeuler/compiler_gn/* %{_builddir}
+
+%setup -q -D -T -a 1 -c -n %{security_dir}
+%patch -P1 -p1 -d %{security_dir}/device_auth
+%build
+
+%ifarch x86_64
+%{_builddir}/build.sh --product-name openeuler --target-cpu x86_64
+%endif
+
+%ifarch aarch64
+%{_builddir}/build.sh --product-name openeuler --target-cpu arm64
+%endif
+
+%install
+install -d -m 0755 %{buildroot}/%{_includedir}/device_auth
+install -d -m 0755 %{buildroot}/%{_libdir}
+install -d -m 0755 %{buildroot}/usr/bin/
+install -d -m 0755 %{buildroot}/system/bin/
+install -d -m 0755 %{buildroot}%{build_opt}/openeuler/compiler_gn/base/security/device_auth/services
+install -d -m 0755 %{buildroot}%{build_opt}/openeuler/compiler_gn/base/security/device_auth/interfaces
+
+%ifarch aarch64
+%define header_out_path out/openeuler/innerkits/linux-arm64/device_auth
+%define module_out_path out/openeuler/linux_clang_arm64
+%endif
+%ifarch x86_64
+%define header_out_path out/openeuler/innerkits/linux-x86_64/device_auth
+%define module_out_path out/openeuler/linux_clang_x86_64
+%endif
+# prepare head files
+find %{_builddir}/%{header_out_path} -name *.h -print0 | xargs -0 -i cp -rf {} %{buildroot}/%{_includedir}/device_auth/
+
+# copy executable file.
+install -m 0755 %{_builddir}/out/openeuler/packages/phone/system/bin/deviceauth_service %{buildroot}/system/bin/
+install -m 0755 %{_builddir}/out/openeuler/packages/phone/system/bin/deviceauth_service %{buildroot}/usr/bin/
+
+# prepare so
+install -m 0755 %{_builddir}/%{module_out_path}/security/device_auth/*.so %{buildroot}/%{_libdir}
+
+
+# cp json file
+install -m 0755 %{SOURCE2} %{buildroot}/%{build_opt}/openeuler/compiler_gn/base/security/device_auth/bundle.json
+
+# cp gn file
+install -m 0755 %{SOURCE3} %{buildroot}/%{build_opt}/openeuler/compiler_gn/base/security/device_auth/services/BUILD.gn
+
+# create soft link
+ln -s  /usr/include/device_auth  %{buildroot}%{build_opt}/openeuler/compiler_gn/base/security/device_auth/interfaces/innerkits
+
+%files
+%{_includedir}/device_auth/*
+%{_libdir}/*.so
+/usr/bin/deviceauth_service
+/system/bin/deviceauth_service
+%{build_opt}/*
+
+%changelog
+* Thu Oct 12 2023 YuYing Mu <muyuying1@huawei.com> - 1.0.0-1
+* Tue Nov 21 2023 JiaQi Zhao <zhaojiaqi18@huawei.com> - 1.0.0-1
+- Init and adapt device auth to openEuler
+