diff --git a/0000-security_device_auth.patch b/0000-security_device_auth.patch new file mode 100644 index 0000000000000000000000000000000000000000..8bf87f03f00217dc5faf31759d94d6db3098502d --- /dev/null +++ b/0000-security_device_auth.patch @@ -0,0 +1,213 @@ +From 37fca9f6e6f3d7e97abfe8de0a593b1cabd0cba7 Mon Sep 17 00:00:00 2001 +From: muyuying +Date: Thu, 12 Oct 2023 20:56:51 +0800 +Subject: [PATCH] =?UTF-8?q?=E9=80=82=E9=85=8DopenEuler?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--- + services/BUILD.gn | 16 +++---- + .../src/hiview_adapter/hisysevent_adapter.cpp | 33 +++++++------- + .../src/hiview_adapter/hitrace_adapter.cpp | 10 +++-- + .../permission_adapter/permission_adapter.cpp | 43 ++++++++++--------- + 4 files changed, 53 insertions(+), 49 deletions(-) + +diff --git a/services/BUILD.gn b/services/BUILD.gn +index 655f169..967d958 100644 +--- a/services/BUILD.gn ++++ b/services/BUILD.gn +@@ -176,8 +176,8 @@ if (os_level == "mini" || os_level == "small") { + external_deps = [ + "c_utils:utils", + "dsoftbus:softbus_client", +- "hisysevent_native:libhisysevent", +- "hitrace_native:hitrace_meter", ++ # "hisysevent_native:libhisysevent", ++ # "hitrace_native:hitrace_meter", + "hiviewdfx_hilog_native:libhilog", + ] + if (support_jsapi) { +@@ -225,10 +225,10 @@ if (os_level == "mini" || os_level == "small") { + ] + + external_deps = [ +- "access_token:libaccesstoken_sdk", ++ # "access_token:libaccesstoken_sdk", + "c_utils:utils", +- "hisysevent_native:libhisysevent", +- "hitrace_native:hitrace_meter", ++ # "hisysevent_native:libhisysevent", ++ # "hitrace_native:hitrace_meter", + "hiviewdfx_hilog_native:libhilog", + "init:libbegetutil", + "ipc:ipc_core", +@@ -269,10 +269,10 @@ if (os_level == "mini" || os_level == "small") { + ] + + external_deps = [ +- "access_token:libaccesstoken_sdk", ++ # "access_token:libaccesstoken_sdk", + "c_utils:utils", +- "hisysevent_native:libhisysevent", +- "hitrace_native:hitrace_meter", ++ # "hisysevent_native:libhisysevent", ++ # "hitrace_native:hitrace_meter", + "hiviewdfx_hilog_native:libhilog", + "init:libbegetutil", + "ipc:ipc_core", +diff --git a/services/frameworks/src/hiview_adapter/hisysevent_adapter.cpp b/services/frameworks/src/hiview_adapter/hisysevent_adapter.cpp +index 3954919..f5b3380 100644 +--- a/services/frameworks/src/hiview_adapter/hisysevent_adapter.cpp ++++ b/services/frameworks/src/hiview_adapter/hisysevent_adapter.cpp +@@ -14,33 +14,34 @@ + */ + + #include "hisysevent_adapter.h" +-#include "hisysevent.h" ++// #include "hisysevent.h" + + #ifdef __cplusplus + extern "C" { + #endif + +-constexpr char STR_EVENT_CORE_FUNCTION[] = "CORE_FUNCTION"; +-constexpr char STR_EVENT[] = "EVENT"; +-constexpr char STR_APP_ID[] = "APP_ID"; +-constexpr char STR_BATCH_NUMBER[] = "BATCH_NUMBER"; +-constexpr char STR_RESULT[] = "RESULT"; +-constexpr char STR_OS_ACCOUNT_ID[] = "OS_ACCOUNT_ID"; ++// constexpr char STR_EVENT_CORE_FUNCTION[] = "CORE_FUNCTION"; ++// constexpr char STR_EVENT[] = "EVENT"; ++// constexpr char STR_APP_ID[] = "APP_ID"; ++// constexpr char STR_BATCH_NUMBER[] = "BATCH_NUMBER"; ++// constexpr char STR_RESULT[] = "RESULT"; ++// constexpr char STR_OS_ACCOUNT_ID[] = "OS_ACCOUNT_ID"; + + void ReportCoreFuncInvokeEvent(const InvokeEvent *event) + { ++ return; + if (event == nullptr) { + return; + } +- OHOS::HiviewDFX::HiSysEvent::Write( +- OHOS::HiviewDFX::HiSysEvent::Domain::DEVICE_AUTH, +- STR_EVENT_CORE_FUNCTION, +- OHOS::HiviewDFX::HiSysEvent::EventType::STATISTIC, +- STR_EVENT, event->eventId, +- STR_APP_ID, event->appId, +- STR_BATCH_NUMBER, event->batchNumber, +- STR_RESULT, event->result, +- STR_OS_ACCOUNT_ID, event->osAccountId); ++ // OHOS::HiviewDFX::HiSysEvent::Write( ++ // OHOS::HiviewDFX::HiSysEvent::Domain::DEVICE_AUTH, ++ // STR_EVENT_CORE_FUNCTION, ++ // OHOS::HiviewDFX::HiSysEvent::EventType::STATISTIC, ++ // STR_EVENT, event->eventId, ++ // STR_APP_ID, event->appId, ++ // STR_BATCH_NUMBER, event->batchNumber, ++ // STR_RESULT, event->result, ++ // STR_OS_ACCOUNT_ID, event->osAccountId); + } + + #ifdef __cplusplus +diff --git a/services/frameworks/src/hiview_adapter/hitrace_adapter.cpp b/services/frameworks/src/hiview_adapter/hitrace_adapter.cpp +index 57eca82..0beea45 100644 +--- a/services/frameworks/src/hiview_adapter/hitrace_adapter.cpp ++++ b/services/frameworks/src/hiview_adapter/hitrace_adapter.cpp +@@ -15,24 +15,26 @@ + + #include "hitrace_adapter.h" + +-#include "hitrace_meter.h" ++// #include "hitrace_meter.h" + + #ifdef __cplusplus + extern "C" { + #endif + + void DevAuthStartTrace(const char *value) +-{ ++{ ++ return; + if (value == nullptr) { + return; + } + +- StartTrace(HITRACE_TAG_APP, value); ++ // StartTrace(HITRACE_TAG_APP, value); + } + + void DevAuthFinishTrace(void) + { +- FinishTrace(HITRACE_TAG_APP); ++ return; ++ // FinishTrace(HITRACE_TAG_APP); + } + + #ifdef __cplusplus +diff --git a/services/frameworks/src/permission_adapter/permission_adapter.cpp b/services/frameworks/src/permission_adapter/permission_adapter.cpp +index de5a31a..d649f1c 100644 +--- a/services/frameworks/src/permission_adapter/permission_adapter.cpp ++++ b/services/frameworks/src/permission_adapter/permission_adapter.cpp +@@ -15,34 +15,35 @@ + + #include "permission_adapter.h" + +-#include "accesstoken_kit.h" ++// #include "accesstoken_kit.h" + #include "ipc_skeleton.h" + + #include "device_auth_defines.h" + #include "hc_log.h" + + using namespace OHOS; +-using namespace OHOS::Security::AccessToken; ++// using namespace OHOS::Security::AccessToken; + + int32_t CheckPermission(void) + { +- AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID(); +- ATokenTypeEnum tokenType = AccessTokenKit::GetTokenTypeFlag(tokenId); +- if (tokenType == TOKEN_NATIVE) { +- NativeTokenInfo findInfo; +- if (AccessTokenKit::GetNativeTokenInfo(tokenId, findInfo) != 0) { +- LOGE("GetNativeTokenInfo failed!"); +- return HC_ERROR; +- } +- if ((findInfo.apl == APL_SYSTEM_CORE) || (findInfo.apl == APL_SYSTEM_BASIC)) { +- LOGI("Check permission(APL3=SYSTEM_CORE or APL2=SYSTEM_BASIC) success!"); +- return HC_SUCCESS; +- } else { +- LOGE("Check permission(APL3=SYSTEM_CORE or APL2=SYSTEM_BASIC) failed! APL: %d", findInfo.apl); +- return HC_ERROR; +- } +- } else { +- LOGE("Invalid token type: %d", tokenType); +- return HC_ERROR; +- } ++ // AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID(); ++ // ATokenTypeEnum tokenType = AccessTokenKit::GetTokenTypeFlag(tokenId); ++ // if (tokenType == TOKEN_NATIVE) { ++ // NativeTokenInfo findInfo; ++ // if (AccessTokenKit::GetNativeTokenInfo(tokenId, findInfo) != 0) { ++ // LOGE("GetNativeTokenInfo failed!"); ++ // return HC_ERROR; ++ // } ++ // if ((findInfo.apl == APL_SYSTEM_CORE) || (findInfo.apl == APL_SYSTEM_BASIC)) { ++ // LOGI("Check permission(APL3=SYSTEM_CORE or APL2=SYSTEM_BASIC) success!"); ++ // return HC_SUCCESS; ++ // } else { ++ // LOGE("Check permission(APL3=SYSTEM_CORE or APL2=SYSTEM_BASIC) failed! APL: %d", findInfo.apl); ++ // return HC_ERROR; ++ // } ++ // } else { ++ // LOGE("Invalid token type: %d", tokenType); ++ // return HC_ERROR; ++ // } ++ return HC_SUCCESS; + } +\ No newline at end of file +-- +2.33.0 + diff --git a/device_auth.BUILD.gn b/device_auth.BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..c507605d64afe1bb499c4fcf3a9b1c8b0b1c8215 --- /dev/null +++ b/device_auth.BUILD.gn @@ -0,0 +1,23 @@ +# Copyright (C) 2021-2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") + +config("deviceauth_config") { + include_dirs = [ "//base/security/device_auth/interfaces/innerkits" ] + libs = [ "deviceauth_sdk.z" ] +} + +group("deviceauth_sdk") { + public_configs = [ ":deviceauth_config" ] +} diff --git a/device_auth.bundle.json b/device_auth.bundle.json new file mode 100644 index 0000000000000000000000000000000000000000..29de22bceb0edf273a9370409fc2191d29e54e9c --- /dev/null +++ b/device_auth.bundle.json @@ -0,0 +1,64 @@ +{ + "name": "@ohos/deviceauth", + "version": "3.1", + "description": "The device authentication module belongs to the security subsystem of OpenHarmony. It manages the entire lifecycle of trust relationships between devices.", + "publishAs": "code-segment", + "segment": { + "destPath": "base/security/device_auth" + }, + "dirs": {}, + "scripts": {}, + "author": {}, + "repository": "", + "license": "Apache License 2.0", + "component": { + "name": "device_auth", + "subsystem": "security", + "syscap": [ "SystemCapability.Security.DeviceAuth" ], + "features": [], + "adapted_system_type": [ + "standard", + "small", + "mini" + ], + "rom": "500KB", + "ram": "500KB", + "deps": { + "components": [ + "dsoftbus", + "safwk", + "os_account", + "access_token", + "security", + "common", + "utils_base", + "hiviewdfx_hilog_native", + "hisysevent_native", + "samgr", + "ipc" + ], + "third_party": [ + "cJSON", + "bounds_checking_function", + "mbedtls", + "openssl" + ] + }, + "build": { + "sub_component": [ + ], + "inner_kits": [ + { + "name": "//base/security/device_auth/services:deviceauth_sdk", + "header": { + "header_files": [ + "device_auth_defines.h", + "device_auth.h" + ], + "header_base": "//base/security/device_auth/interfaces/innerkits" + } + } + ] + } + } +} diff --git a/security_device_auth-OpenHarmony-v3.2-Release.tar.gz b/security_device_auth-OpenHarmony-v3.2-Release.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..3c75b57273bd85cf61a02a725a6570651f04599f Binary files /dev/null and b/security_device_auth-OpenHarmony-v3.2-Release.tar.gz differ diff --git a/security_device_auth.spec b/security_device_auth.spec new file mode 100644 index 0000000000000000000000000000000000000000..3c605b40a2c5e4c005835439ee27165cf7e0dc16 --- /dev/null +++ b/security_device_auth.spec @@ -0,0 +1,135 @@ +%define debug_package %{nil} +%global openHarmony_source_release OpenHarmony-v3.2-Release +%global device_dir %{_builddir}/base/security +%global build_opt /opt/distributed-middleware-build + +Name: security_device_auth +Version: 1.0.0 +Release: 1 +Summary: System ability manager +License: Apache License 2.0 +Url: https://gitee.com/openharmony/security_device_auth +Source0: https://gitee.com/openharmony/security_device_auth/repository/archive/%{openHarmony_source_release}.tar.gz #/security_device_auth-%{openHarmony_source_release}.tar.gz +Source1: device_auth.bundle.json +Source2: device_auth.BUILD.gn + +Patch0: 0000-security_device_auth.patch +BuildRequires: distributed-build, hilog commonlibrary_c_utils, distributed-beget, notification_eventhandler, communication_ipc, systemabilitymgr_samgr, systemabilitymgr_safwk, security_huks, cjson-devel, openssl-devel +Requires: libboundscheck + +%description +OpenEuler supports device auth for distributed softbus capability + +%prep +rm -rf %{_builddir}/* + +cp -rf %{build_opt} %{_builddir}/build +[ ! -L "%{_builddir}/build.sh" ] && ln -s %{_builddir}/build/build_scripts/build.sh %{_builddir}/build.sh +[ ! -L "%{_builddir}/.gn" ] && ln -s %{_builddir}/build/core/gn/dotfile.gn %{_builddir}/.gn +[ ! -L "%{_builddir}/build.py" ] && ln -s %{_builddir}/build/lite/build.py %{_builddir}/build.py +cp -r %{_builddir}/build/openeuler/vendor %{_builddir}/ +cp -r %{_builddir}/build/openeuler/compiler_gn/third_party %{_builddir}/ +mkdir -p %{_builddir}/base/security +cp -r %{_builddir}/build/openeuler/compiler_gn/base/security/huks %{_builddir}/base/security +cp -rf %{_builddir}/build/openeuler/compiler_gn/commonlibrary %{_builddir}/ +rm -rf %{_builddir}/third_party/mbedtls + +cd %{_builddir} +if [ ! -d %{device_dir} ];then + mkdir -p %{device_dir} +else + echo "/base/security already exist" +fi + +%setup -q -D -T -a 0 -c -n %{device_dir} +%patch -P0 -p1 -d %{device_dir}/device_auth + +######copy gn files##### +#copy third_party gn files +cp -r %{_builddir}/build/openeuler/compiler_gn/third_party %{_builddir}/ + +#copy ipc gn files +mkdir -p %{_builddir}/foundation/communication +cp -r %{_builddir}/build/openeuler/compiler_gn/foundation/communication/ipc %{_builddir}/foundation/communication/ + +#copy dsoftbus gn files +cp -r %{_builddir}/build/openeuler/compiler_gn/foundation/communication/dsoftbus %{_builddir}/foundation/communication/ + +# copy init samgr files +mkdir -p %{_builddir}/foundation/systemabilitymgr +cp -r %{_builddir}/build/openeuler/compiler_gn/foundation/systemabilitymgr/samgr %{_builddir}/foundation/systemabilitymgr/ + +#copy hilog gn files +mkdir -p %{_builddir}/base/hiviewdfx/ +cp -r %{_builddir}/build/openeuler/compiler_gn/base/hiviewdfx/hilog %{_builddir}/base/hiviewdfx/ + +# copy init gn files +mkdir -p %{_builddir}/base/startup +cp -r %{_builddir}/build/openeuler/compiler_gn/base/startup/init %{_builddir}/base/startup/ + +#directory to avoid %build fail +if [ ! -d "device_auth" ];then + mkdir device_auth +else + echo "device_auth already exist" +fi + +%build +cd %{_builddir} +rm -rf %{_builddir}/out + +%ifarch x86_64 +./build.sh --product-name openeuler --target-cpu x86_64 +%endif + +%ifarch aarch64 +./build.sh --product-name openeuler --target-cpu arm64 +%endif + +%install +install -d -m 0755 %{buildroot}/%{_includedir}/device_auth +install -d -m 0755 %{buildroot}/%{_libdir} +install -d -m 0755 %{buildroot}/usr/bin/ +install -d -m 0755 %{buildroot}/system/bin/ +install -d -m 0755 %{buildroot}%{build_opt}/openeuler/compiler_gn/base/security/device_auth/services +install -d -m 0755 %{buildroot}%{build_opt}/openeuler/compiler_gn/base/security/device_auth/interfaces + +%ifarch aarch64 +module_out_path="out/openeuler/linux_clang_arm64" +header_out_path="out/openeuler/innerkits/linux-arm64/device_auth" +%endif +%ifarch x86_64 +module_out_path="out/openeuler/linux_clang_x86_64" +header_out_path="out/openeuler/innerkits/linux-x86_64/device_auth" +%endif + +# copy executable file. +install -m 755 %{_builddir}/out/openeuler/packages/phone/system/bin/deviceauth_service %{buildroot}/system/bin/ +install -m 755 %{_builddir}/out/openeuler/packages/phone/system/bin/deviceauth_service %{buildroot}/usr/bin/ + +# prepare so +install -m 0755 %{_builddir}/${module_out_path}/security/device_auth/*.so %{buildroot}/%{_libdir} + +# prepare head files +find %{_builddir}/${header_out_path} -name *.h -print0 | xargs -0 -i cp -rf {} %{buildroot}%{_includedir}/device_auth/ + +# cp json file +install -m 755 %{SOURCE1} %{buildroot}%{build_opt}/openeuler/compiler_gn/base/security/device_auth/bundle.json + +# cp gn file +install -m 755 %{SOURCE2} %{buildroot}%{build_opt}/openeuler/compiler_gn/base/security/device_auth/services/BUILD.gn + +# create soft link +ln -s /usr/include/device_auth %{buildroot}%{build_opt}/openeuler/compiler_gn/base/security/device_auth/interfaces/innerkits + +%files +%{_includedir}/device_auth/* +%{_libdir}/*.so +/usr/bin/deviceauth_service +/system/bin/deviceauth_service +%{build_opt}/* + +%changelog +* Thu Oct 12 2023 muyuying - 1.0.0-1 +- Init and adapt device auth to openEuler +