1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "enterprise_device_mgr_ability.h"
17 #include <bundle_info.h>
18 #include <bundle_mgr_interface.h>
19 #include <ipc_skeleton.h>
20 #include <iservice_registry.h>
21 #include <message_parcel.h>
22 #include <permission/permission_kit.h>
23 #include <string_ex.h>
24 #include <system_ability.h>
25 #include <system_ability_definition.h>
26
27 #include "accesstoken_kit.h"
28 #include "bundle_mgr_proxy.h"
29 #include "edm_log.h"
30 #include "parameters.h"
31 #include "plugin_manager.h"
32
33 namespace OHOS {
34 namespace EDM {
35 constexpr int ROOT_UID = 0;
36 constexpr int PER_USER_RANGE = 100000;
37 constexpr int SYSTEM_UID = 1000;
38
39 const bool REGISTER_RESULT =
40 SystemAbility::MakeAndRegisterAbility(EnterpriseDeviceMgrAbility::GetInstance().GetRefPtr());
41
42 std::mutex EnterpriseDeviceMgrAbility::mutexLock_;
43
44 sptr<EnterpriseDeviceMgrAbility> EnterpriseDeviceMgrAbility::instance_;
45
GetInstance()46 sptr<EnterpriseDeviceMgrAbility> EnterpriseDeviceMgrAbility::GetInstance()
47 {
48 if (instance_ == nullptr) {
49 std::lock_guard<std::mutex> autoLock(mutexLock_);
50 if (instance_ == nullptr) {
51 EDMLOGD("EnterpriseDeviceMgrAbility:GetInstance instance = new EnterpriseDeviceMgrAbility()");
52 instance_ = new EnterpriseDeviceMgrAbility();
53 }
54 }
55 return instance_;
56 }
57
EnterpriseDeviceMgrAbility()58 EnterpriseDeviceMgrAbility::EnterpriseDeviceMgrAbility() : SystemAbility(ENTERPRISE_DEVICE_MANAGER_SA_ID, true)
59 {
60 EDMLOGI("EnterpriseDeviceMgrAbility:new instance");
61 }
62
~EnterpriseDeviceMgrAbility()63 EnterpriseDeviceMgrAbility::~EnterpriseDeviceMgrAbility()
64 {
65 instance_ = nullptr;
66
67 if (adminMgr_) {
68 adminMgr_.reset();
69 }
70
71 if (pluginMgr_) {
72 pluginMgr_.reset();
73 }
74
75 if (policyMgr_) {
76 policyMgr_.reset();
77 }
78 EDMLOGD("instance is destroyed");
79 }
80
OnDump()81 void EnterpriseDeviceMgrAbility::OnDump() {}
82
OnStart()83 void EnterpriseDeviceMgrAbility::OnStart()
84 {
85 EDMLOGD("EnterpriseDeviceMgrAbility::OnStart() Publish");
86 if (!registerToService_) {
87 if (!Publish(this)) {
88 EDMLOGE("EnterpriseDeviceMgrAbility: res == false");
89 return;
90 }
91 registerToService_ = true;
92 }
93 if (!adminMgr_) {
94 adminMgr_ = AdminManager::GetInstance();
95 }
96 EDMLOGD("create adminMgr_ success");
97 adminMgr_->Init();
98
99 if (!policyMgr_) {
100 policyMgr_ = PolicyManager::GetInstance();
101 }
102 EDMLOGD("create policyMgr_ success");
103 policyMgr_->Init();
104
105 if (!pluginMgr_) {
106 pluginMgr_ = PluginManager::GetInstance();
107 }
108 EDMLOGD("create pluginMgr_ success");
109 pluginMgr_->Init();
110 }
111
OnStop()112 void EnterpriseDeviceMgrAbility::OnStop()
113 {
114 EDMLOGD("EnterpriseDeviceMgrAbility::OnStop()");
115 }
116
GetAllPermissionsByAdmin(const std::string & bundleInfoName,std::vector<std::string> & permissionList,int32_t userId)117 ErrCode EnterpriseDeviceMgrAbility::GetAllPermissionsByAdmin(const std::string &bundleInfoName,
118 std::vector<std::string> &permissionList, int32_t userId)
119 {
120 bool ret = false;
121 AppExecFwk::BundleInfo bundleInfo;
122 auto bundleManager = GetBundleMgr();
123 permissionList.clear();
124 EDMLOGD("GetAllPermissionsByAdmin GetBundleInfo: bundleInfoName %{public}s userid %{public}d",
125 bundleInfoName.c_str(), userId);
126 ret = bundleManager->GetBundleInfo(bundleInfoName, AppExecFwk::BundleFlag::GET_BUNDLE_WITH_REQUESTED_PERMISSION,
127 bundleInfo, userId);
128 if (ret == false) {
129 EDMLOGW("GetAllPermissionsByAdmin: GetBundleInfo failed %{public}d", ret);
130 return ERR_EDM_PARAM_ERROR;
131 }
132 std::vector<std::string> reqPermission = bundleInfo.reqPermissions;
133 if (reqPermission.empty()) {
134 EDMLOGW("GetAllPermissionsByAdmin: bundleInfo reqPermissions empty");
135 return ERR_OK;
136 }
137
138 std::vector<EdmPermission> edmPermissions;
139 ErrCode code = adminMgr_->GetReqPermission(reqPermission, edmPermissions);
140 if (SUCCEEDED(code)) {
141 for (const auto &perm : edmPermissions) {
142 permissionList.push_back(perm.getPermissionName());
143 }
144 }
145 return ERR_OK;
146 }
147
GetBundleMgr()148 sptr<AppExecFwk::IBundleMgr> EnterpriseDeviceMgrAbility::GetBundleMgr()
149 {
150 OHOS::sptr<OHOS::ISystemAbilityManager> systemAbilityManager =
151 OHOS::SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
152 OHOS::sptr<OHOS::IRemoteObject> remoteObject =
153 systemAbilityManager->GetSystemAbility(OHOS::BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
154 sptr<AppExecFwk::IBundleMgr> proxy(new AppExecFwk::BundleMgrProxy(remoteObject));
155 return proxy;
156 }
157
CheckPermission()158 ErrCode EnterpriseDeviceMgrAbility::CheckPermission()
159 {
160 if (IsHdb() || VerifyCallingPermission("ohos.permission.MANAGE_ADMIN")) {
161 EDMLOGW("check permission success, IsHdb: %{public}d", IsHdb());
162 return ERR_OK;
163 }
164 return ERR_EDM_PERMISSION_ERROR;
165 }
166
VerifyCallingPermission(const std::string & permissionName)167 bool EnterpriseDeviceMgrAbility::VerifyCallingPermission(const std::string &permissionName)
168 {
169 EDMLOGD("VerifyCallingPermission permission %{public}s", permissionName.c_str());
170 Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID();
171 EDMLOGD("callerToken : %{public}u", callerToken);
172 Security::AccessToken::ATokenTypeEnum tokenType =
173 Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken);
174 if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) {
175 EDMLOGD("caller tokenType is native, verify success");
176 return true;
177 }
178 int32_t ret = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName);
179 if (ret == Security::AccessToken::PermissionState::PERMISSION_DENIED) {
180 EDMLOGE("permission %{public}s: PERMISSION_DENIED", permissionName.c_str());
181 return false;
182 }
183 EDMLOGD("verify AccessToken success");
184 return true;
185 }
186
VerifyActiveAdminCondition(AppExecFwk::ElementName & admin,AdminType type)187 ErrCode EnterpriseDeviceMgrAbility::VerifyActiveAdminCondition(AppExecFwk::ElementName &admin, AdminType type)
188 {
189 std::shared_ptr<Admin> existAdmin = adminMgr_->GetAdminByPkgName(admin.GetBundleName());
190 if (type == AdminType::ENT && adminMgr_->IsSuperAdminExist()) {
191 if (existAdmin == nullptr || existAdmin->adminInfo_.adminType_ != AdminType::ENT) {
192 EDMLOGW("ActiveAdmin: There is another super admin active.");
193 return ERR_EDM_ADD_ADMIN_FAILED;
194 }
195 }
196
197 if (existAdmin == nullptr) {
198 return ERR_OK;
199 }
200
201 /* An application can't active twice with different ability name */
202 if (existAdmin->adminInfo_.className_ != admin.GetAbilityName()) {
203 EDMLOGW("ActiveAdmin: There is another admin ability active with the same package name.");
204 return ERR_EDM_ADD_ADMIN_FAILED;
205 }
206
207 /* An existed super admin can't be reactive to normal */
208 if ((existAdmin->adminInfo_.adminType_ == AdminType::ENT) && (type == AdminType::NORMAL)) {
209 EDMLOGW("ActiveAdmin: The admin is super, can't be reactive to normal.");
210 return ERR_EDM_ADD_ADMIN_FAILED;
211 }
212 return ERR_OK;
213 }
214
ActiveAdmin(AppExecFwk::ElementName & admin,EntInfo & entInfo,AdminType type,int32_t userId)215 ErrCode EnterpriseDeviceMgrAbility::ActiveAdmin(AppExecFwk::ElementName &admin, EntInfo &entInfo, AdminType type,
216 int32_t userId)
217 {
218 EDMLOGD("EnterpriseDeviceMgrAbility::ActiveAdmin");
219 std::lock_guard<std::mutex> autoLock(mutexLock_);
220 int32_t ret = CheckPermission();
221 if (ret != ERR_OK) {
222 EDMLOGW("EnterpriseDeviceMgrAbility::ActiveAdmin check permission failed, ret: %{public}d", ret);
223 return ERR_EDM_PERMISSION_ERROR;
224 }
225 std::vector<AppExecFwk::AbilityInfo> abilityInfo;
226 auto bundleManager = GetBundleMgr();
227 if (!bundleManager) {
228 EDMLOGW("can not get iBundleMgr");
229 return ERR_EDM_BMS_ERROR;
230 }
231 AAFwk::Want want;
232 want.SetElement(admin);
233 if (!bundleManager->QueryAbilityInfos(want, AppExecFwk::AbilityInfoFlag::GET_ABILITY_INFO_WITH_APPLICATION,
234 userId, abilityInfo)) {
235 EDMLOGW("ActiveAdmin: GetAbilityInfoByName failed %{public}d", ret);
236 return ERR_EDM_BMS_ERROR;
237 }
238 ret = VerifyActiveAdminCondition(admin, type);
239 if (FAILED(ret)) {
240 EDMLOGW("ActiveAdmin: VerifyActiveAdminCondition failed.");
241 return ERR_EDM_ADD_ADMIN_FAILED;
242 }
243
244 /* Get all request and registered permissions */
245 std::vector<std::string> permissionList;
246 ret = GetAllPermissionsByAdmin(admin.GetBundleName(), permissionList, userId);
247 if (FAILED(ret)) {
248 EDMLOGW("ActiveAdmin: GetAllPermissionsByAdmin failed %{public}d", ret);
249 return ERR_EDM_ADD_ADMIN_FAILED;
250 }
251 /* Filter permissions with AdminType, such as NORMAL can't request super permission */
252 ret = adminMgr_->GetGrantedPermission(abilityInfo.at(0), permissionList, type);
253 if (ret != ERR_OK) {
254 EDMLOGW("ActiveAdmin: GetGrantedPermission failed %{public}d", ret);
255 // permission verify, should throw exception if failed
256 return ERR_EDM_PERMISSION_ERROR;
257 }
258
259 EDMLOGI("ActiveAdmin: SetAdminValue success %{public}s, type:%{public}d", admin.GetBundleName().c_str(),
260 static_cast<uint32_t>(type));
261 return adminMgr_->SetAdminValue(abilityInfo.at(0), entInfo, type, permissionList);
262 }
263
RemoveAdminItem(std::string adminName,std::string policyName,std::string policyValue)264 ErrCode EnterpriseDeviceMgrAbility::RemoveAdminItem(std::string adminName, std::string policyName,
265 std::string policyValue)
266 {
267 ErrCode ret;
268 std::shared_ptr<IPlugin> plugin = pluginMgr_->GetPluginByPolicyName(policyName);
269 if (plugin == nullptr) {
270 EDMLOGW("RemoveAdminItem: Get plugin by policy failed: %{public}s\n", policyName.c_str());
271 return ERR_EDM_GET_PLUGIN_MGR_FAILED;
272 }
273 if ((ret = plugin->OnAdminRemove(adminName, policyValue)) != ERR_OK) {
274 EDMLOGW("RemoveAdminItem: OnAdminRemove failed, admin:%{public}s, value:%{public}s, res:%{public}d\n",
275 adminName.c_str(), policyValue.c_str(), ret);
276 }
277 if (plugin->NeedSavePolicy()) {
278 std::string mergedPolicyData = "";
279 if ((ret = plugin->MergePolicyData(adminName, mergedPolicyData)) != ERR_OK) {
280 EDMLOGW("RemoveAdminItem: Get admin by policy name failed: %{public}s, ErrCode:%{public}d\n",
281 policyName.c_str(), ret);
282 }
283
284 ErrCode setRet = ERR_OK;
285 std::unordered_map<std::string, std::string> adminListMap;
286 ret = policyMgr_->GetAdminByPolicyName(policyName, adminListMap);
287 if ((ret == ERR_EDM_POLICY_NOT_FOUND) || adminListMap.empty()) {
288 setRet = policyMgr_->SetPolicy("", policyName, "", "");
289 } else {
290 setRet = policyMgr_->SetPolicy(adminName, policyName, "", mergedPolicyData);
291 }
292
293 if (FAILED(setRet)) {
294 EDMLOGW("RemoveAdminItem: DeleteAdminPolicy failed, admin:%{public}s, policy:%{public}s, res:%{public}d\n",
295 adminName.c_str(), policyName.c_str(), ret);
296 return ERR_EDM_DEL_ADMIN_FAILED;
297 }
298 }
299 plugin->OnAdminRemoveDone(adminName, policyValue);
300 return ERR_OK;
301 }
302
RemoveAdmin(const std::string & adminName)303 ErrCode EnterpriseDeviceMgrAbility::RemoveAdmin(const std::string &adminName)
304 {
305 EDMLOGD("RemoveAdmin %{public}s", adminName.c_str());
306 std::unordered_map<std::string, std::string> policyItems;
307 policyMgr_->GetAllPolicyByAdmin(adminName, policyItems);
308 for (auto &policyItem : policyItems) {
309 std::string policyItemName = policyItem.first;
310 std::string policyItemValue = policyItem.second;
311 EDMLOGD("RemoveAdmin: RemoveAdminItem policyName:%{public}s,policyValue:%{public}s", policyItemName.c_str(),
312 policyItemValue.c_str());
313 if (RemoveAdminItem(adminName, policyItemName, policyItemValue) != ERR_OK) {
314 return ERR_EDM_DEL_ADMIN_FAILED;
315 }
316 }
317 if (adminMgr_->DeleteAdmin(adminName) != ERR_OK) {
318 return ERR_EDM_DEL_ADMIN_FAILED;
319 }
320 return ERR_OK;
321 }
322
DeactiveAdmin(AppExecFwk::ElementName & admin,int32_t userId)323 ErrCode EnterpriseDeviceMgrAbility::DeactiveAdmin(AppExecFwk::ElementName &admin, int32_t userId)
324 {
325 std::lock_guard<std::mutex> autoLock(mutexLock_);
326 int32_t checkRet = CheckPermission();
327 if (checkRet != ERR_OK) {
328 EDMLOGW("EnterpriseDeviceMgrAbility::DeactiveAdmin check permission failed, ret: %{public}d", checkRet);
329 return ERR_EDM_PERMISSION_ERROR;
330 }
331
332 std::shared_ptr<Admin> adminPtr = adminMgr_->GetAdminByPkgName(admin.GetBundleName());
333 if (adminPtr == nullptr) {
334 return ERR_EDM_DEL_ADMIN_FAILED;
335 }
336 if (adminPtr->adminInfo_.adminType_ != AdminType::NORMAL) {
337 EDMLOGW("DeactiveAdmin: only remove normal admin.");
338 return ERR_EDM_PERMISSION_ERROR;
339 }
340
341 return RemoveAdmin(admin.GetBundleName());
342 }
343
CheckCallingUid(std::string & bundleName)344 ErrCode EnterpriseDeviceMgrAbility::CheckCallingUid(std::string &bundleName)
345 {
346 if (!IsHdb()) {
347 // super admin can be removed by itself
348 int uid = GetCallingUid();
349 auto bundleManager = GetBundleMgr();
350 std::string callingBundleName;
351 if (!bundleManager->GetNameForUid(uid, callingBundleName)) {
352 EDMLOGD("CheckCallingUid failed: get bundleName for uid %{public}d fail.", uid);
353 return ERR_EDM_PERMISSION_ERROR;
354 }
355 if (bundleName != callingBundleName) {
356 EDMLOGD("CheckCallingUid failed: only the app %{public}s can remove itself.", callingBundleName.c_str());
357 return ERR_EDM_PERMISSION_ERROR;
358 }
359 }
360 return ERR_OK;
361 }
362
DeactiveSuperAdmin(std::string & bundleName)363 ErrCode EnterpriseDeviceMgrAbility::DeactiveSuperAdmin(std::string &bundleName)
364 {
365 std::lock_guard<std::mutex> autoLock(mutexLock_);
366 std::shared_ptr<Admin> admin = adminMgr_->GetAdminByPkgName(bundleName);
367 if (admin == nullptr) {
368 return ERR_EDM_DEL_ADMIN_FAILED;
369 }
370 if (admin->adminInfo_.adminType_ != AdminType::ENT) {
371 EDMLOGW("DeactiveSuperAdmin: only remove super admin.");
372 return ERR_EDM_PERMISSION_ERROR;
373 }
374 int32_t checkRet = CheckCallingUid(admin->adminInfo_.packageName_);
375 if (checkRet != ERR_OK) {
376 EDMLOGW("DeactiveSuperAdmin: CheckCallingUid failed: %{public}d", checkRet);
377 return ERR_EDM_PERMISSION_ERROR;
378 }
379
380 return RemoveAdmin(bundleName);
381 }
382
IsSuperAdmin(std::string & bundleName)383 bool EnterpriseDeviceMgrAbility::IsSuperAdmin(std::string &bundleName)
384 {
385 std::lock_guard<std::mutex> autoLock(mutexLock_);
386 std::shared_ptr<Admin> admin = adminMgr_->GetAdminByPkgName(bundleName);
387 if (admin == nullptr) {
388 EDMLOGW("IsSuperAdmin: admin == nullptr.");
389 return false;
390 }
391 if (admin->adminInfo_.adminType_ == AdminType::ENT) {
392 EDMLOGW("IsSuperAdmin: admin->adminInfo_.adminType_ == AdminType::ENT.");
393 return true;
394 }
395 return false;
396 }
397
IsAdminActive(AppExecFwk::ElementName & admin)398 bool EnterpriseDeviceMgrAbility::IsAdminActive(AppExecFwk::ElementName &admin)
399 {
400 std::lock_guard<std::mutex> autoLock(mutexLock_);
401 std::shared_ptr<Admin> existAdmin = adminMgr_->GetAdminByPkgName(admin.GetBundleName());
402 if (existAdmin != nullptr) {
403 EDMLOGD("IsAdminActive: get admin successed");
404 return true;
405 }
406 return false;
407 }
408
HandleDevicePolicy(uint32_t code,AppExecFwk::ElementName & admin,MessageParcel & data)409 ErrCode EnterpriseDeviceMgrAbility::HandleDevicePolicy(uint32_t code, AppExecFwk::ElementName &admin,
410 MessageParcel &data)
411 {
412 std::shared_ptr<Admin> deviceAdmin = adminMgr_->GetAdminByPkgName(admin.GetBundleName());
413 if (deviceAdmin == nullptr) {
414 EDMLOGW("HandleDevicePolicy: get admin failed");
415 return ERR_EDM_GET_ADMIN_MGR_FAILED;
416 }
417 std::shared_ptr<IPlugin> plugin = pluginMgr_->GetPluginByFuncCode(code);
418 if (plugin == nullptr) {
419 EDMLOGW("HandleDevicePolicy: get plugin failed, code:%{public}d", code);
420 return ERR_EDM_GET_PLUGIN_MGR_FAILED;
421 }
422 EDMLOGD("HandleDevicePolicy: plugin info:%{public}d , %{public}s , %{public}s", plugin->GetCode(),
423 plugin->GetPolicyName().c_str(), plugin->GetPermission().c_str());
424 if (!deviceAdmin->CheckPermission(plugin->GetPermission())) {
425 EDMLOGW("HandleDevicePolicy: check permission failed");
426 return ERR_EDM_PERMISSION_ERROR;
427 }
428 std::lock_guard<std::mutex> autoLock(mutexLock_);
429 std::string policyName = plugin->GetPolicyName();
430 std::string policyValue = "";
431 policyMgr_->GetPolicy(admin.GetBundleName(), policyName, policyValue);
432 bool isChanged = false;
433 if (plugin->OnHandlePolicy(code, data, policyValue, isChanged) != ERR_OK) {
434 EDMLOGW("HandleDevicePolicy: OnHandlePolicy failed");
435 return ERR_EDM_HANDLE_POLICY_FAILED;
436 }
437
438 EDMLOGD("HandleDevicePolicy: isChanged:%{public}d, needSave:%{public}d, policyValue:%{public}s\n", isChanged,
439 plugin->NeedSavePolicy(), policyValue.c_str());
440 std::string oldCombinePolicy = "";
441 policyMgr_->GetPolicy("", policyName, oldCombinePolicy);
442 std::string mergedPolicy = policyValue;
443 bool isGlobalChanged = false;
444 if (plugin->NeedSavePolicy() && isChanged) {
445 ErrCode res = plugin->MergePolicyData(admin.GetBundleName(), mergedPolicy);
446 if (res != ERR_OK) {
447 EDMLOGW("HandleDevicePolicy: MergePolicyData failed error:%{public}d", res);
448 return ERR_EDM_HANDLE_POLICY_FAILED;
449 }
450 policyMgr_->SetPolicy(admin.GetBundleName(), policyName, policyValue, mergedPolicy);
451 isGlobalChanged = (oldCombinePolicy != mergedPolicy);
452 }
453 plugin->OnHandlePolicyDone(code, admin.GetBundleName(), isGlobalChanged);
454 return ERR_OK;
455 }
456
GetDevicePolicy(uint32_t code,AppExecFwk::ElementName * admin,MessageParcel & reply)457 ErrCode EnterpriseDeviceMgrAbility::GetDevicePolicy(uint32_t code, AppExecFwk::ElementName *admin,
458 MessageParcel &reply)
459 {
460 std::shared_ptr<IPlugin> plugin = pluginMgr_->GetPluginByFuncCode(code);
461 if (plugin == nullptr) {
462 EDMLOGW("GetDevicePolicy: get plugin failed");
463 reply.WriteInt32(ERR_EDM_GET_PLUGIN_MGR_FAILED);
464 return ERR_EDM_GET_PLUGIN_MGR_FAILED;
465 }
466 std::string policyName = plugin->GetPolicyName();
467 std::string policyValue;
468 std::string adminName = (admin == nullptr) ? "" : admin->GetBundleName();
469 if (policyMgr_->GetPolicy(adminName, policyName, policyValue) != ERR_OK) {
470 EDMLOGW("GetDevicePolicy: get policy failed");
471 reply.WriteInt32(ERR_EDM_POLICY_NOT_FIND);
472 } else {
473 reply.WriteInt32(ERR_OK);
474 plugin->WritePolicyToParcel(policyValue, reply);
475 }
476
477 return ERR_OK;
478 }
479
GetActiveAdmin(AdminType type,std::vector<std::string> & activeAdminList)480 ErrCode EnterpriseDeviceMgrAbility::GetActiveAdmin(AdminType type, std::vector<std::string> &activeAdminList)
481 {
482 std::vector<std::string> superList;
483 std::vector<std::string> normalList;
484 switch (type) {
485 case AdminType::NORMAL:
486 adminMgr_->GetActiveAdmin(AdminType::NORMAL, normalList);
487 adminMgr_->GetActiveAdmin(AdminType::ENT, superList);
488 break;
489 case AdminType::ENT:
490 adminMgr_->GetActiveAdmin(AdminType::ENT, superList);
491 break;
492 case AdminType::UNKNOWN:
493 break;
494 default:
495 return ERR_EDM_PARAM_ERROR;
496 }
497 if (!superList.empty()) {
498 activeAdminList.insert(activeAdminList.begin(), superList.begin(), superList.end());
499 }
500 if (!normalList.empty()) {
501 activeAdminList.insert(activeAdminList.begin(), normalList.begin(), normalList.end());
502 }
503 for (const auto &activeAdmin : activeAdminList) {
504 EDMLOGD("GetActiveAdmin: %{public}s", activeAdmin.c_str());
505 }
506 return ERR_OK;
507 }
508
IsHdb()509 bool EnterpriseDeviceMgrAbility::IsHdb()
510 {
511 auto uid = GetCallingUid();
512 return uid == ROOT_UID || uid % PER_USER_RANGE == SYSTEM_UID;
513 }
514
GetEnterpriseInfo(AppExecFwk::ElementName & admin,MessageParcel & reply)515 ErrCode EnterpriseDeviceMgrAbility::GetEnterpriseInfo(AppExecFwk::ElementName &admin, MessageParcel &reply)
516 {
517 EntInfo entInfo;
518 ErrCode code = adminMgr_->GetEntInfo(admin.GetBundleName(), entInfo);
519 if (code != ERR_OK) {
520 reply.WriteInt32(ERR_EDM_GET_ENTINFO_FAILED);
521 return ERR_EDM_GET_ENTINFO_FAILED;
522 }
523 reply.WriteInt32(ERR_OK);
524 reply.WriteParcelable(&entInfo);
525 EDMLOGD("EnterpriseDeviceMgrAbility::GetEnterpriseInfo: entInfo->enterpriseName %{public}s, "
526 "entInfo->description:%{public}s",
527 entInfo.enterpriseName.c_str(), entInfo.description.c_str());
528 return ERR_OK;
529 }
530
SetEnterpriseInfo(AppExecFwk::ElementName & admin,EntInfo & entInfo)531 ErrCode EnterpriseDeviceMgrAbility::SetEnterpriseInfo(AppExecFwk::ElementName &admin, EntInfo &entInfo)
532 {
533 std::lock_guard<std::mutex> autoLock(mutexLock_);
534 std::shared_ptr<Admin> adminItem = adminMgr_->GetAdminByPkgName(admin.GetBundleName());
535 if (adminItem == nullptr) {
536 return ERR_EDM_SET_ENTINFO_FAILED;
537 }
538 int32_t ret = CheckCallingUid(adminItem->adminInfo_.packageName_);
539 if (ret != ERR_OK) {
540 EDMLOGW("SetEnterpriseInfo: CheckCallingUid failed: %{public}d", ret);
541 return ERR_EDM_PERMISSION_ERROR;
542 }
543 ErrCode code = adminMgr_->SetEntInfo(admin.GetBundleName(), entInfo);
544 return (code != ERR_OK) ? ERR_EDM_SET_ENTINFO_FAILED : ERR_OK;
545 }
546 } // namespace EDM
547 } // namespace OHOS