1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "bundle_install_checker.h"
17
18 #include "bundle_data_mgr.h"
19 #include "bundle_mgr_service.h"
20 #include "bundle_mgr_service_event_handler.h"
21 #include "bundle_parser.h"
22 #include "bundle_util.h"
23 #include "parameter.h"
24 #include "privilege_extension_ability_type.h"
25 #include "systemcapability.h"
26
27 namespace OHOS {
28 namespace AppExecFwk {
29 namespace {
30 const std::string PRIVILEGE_ALLOW_APP_DATA_NOT_CLEARED = "AllowAppDataNotCleared";
31 const std::string PRIVILEGE_ALLOW_APP_MULTI_PROCESS = "AllowAppMultiProcess";
32 const std::string PRIVILEGE_ALLOW_APP_DESKTOP_ICON_HIDE = "AllowAppDesktopIconHide";
33 const std::string PRIVILEGE_ALLOW_ABILITY_PRIORITY_QUERIED = "AllowAbilityPriorityQueried";
34 const std::string PRIVILEGE_ALLOW_ABILITY_EXCLUDE_FROM_MISSIONS = "AllowAbilityExcludeFromMissions";
35 const std::string PRIVILEGE_ALLOW_APP_USE_PRIVILEGE_EXTENSION = "AllowAppUsePrivilegeExtension";
36 const std::string PRIVILEGE_ALLOW_FORM_VISIBLE_NOTIFY = "AllowFormVisibleNotify";
37 const std::string ALLOW_APP_DATA_NOT_CLEARED = "allowAppDataNotCleared";
38 const std::string ALLOW_APP_MULTI_PROCESS = "allowAppMultiProcess";
39 const std::string ALLOW_APP_DESKTOP_ICON_HIDE = "allowAppDesktopIconHide";
40 const std::string ALLOW_ABILITY_PRIORITY_QUERIED = "allowAbilityPriorityQueried";
41 const std::string ALLOW_ABILITY_EXCLUDE_FROM_MISSIONS = "allowAbilityExcludeFromMissions";
42 const std::string ALLOW_APP_USE_PRIVILEGE_EXTENSION = "allowAppUsePrivilegeExtension";
43 const std::string ALLOW_FORM_VISIBLE_NOTIFY = "allowFormVisibleNotify";
44 const std::string APP_TEST_BUNDLE_NAME = "com.OpenHarmony.app.test";
45 const std::string BUNDLE_NAME_XTS_TEST = "com.acts.";
46
47 const std::unordered_map<Security::Verify::AppDistType, std::string> APP_DISTRIBUTION_TYPE_MAPS = {
48 { Security::Verify::AppDistType::NONE_TYPE, Constants::APP_DISTRIBUTION_TYPE_NONE },
49 { Security::Verify::AppDistType::APP_GALLERY, Constants::APP_DISTRIBUTION_TYPE_APP_GALLERY },
50 { Security::Verify::AppDistType::ENTERPRISE, Constants::APP_DISTRIBUTION_TYPE_ENTERPRISE },
51 { Security::Verify::AppDistType::OS_INTEGRATION, Constants::APP_DISTRIBUTION_TYPE_OS_INTEGRATION },
52 { Security::Verify::AppDistType::CROWDTESTING, Constants::APP_DISTRIBUTION_TYPE_CROWDTESTING },
53 };
54
55 const std::unordered_map<std::string, void (*)(AppPrivilegeCapability &appPrivilegeCapability)>
56 PRIVILEGE_MAP = {
57 { PRIVILEGE_ALLOW_APP_DATA_NOT_CLEARED,
__anonf30a98170202() 58 [] (AppPrivilegeCapability &appPrivilegeCapability) {
59 appPrivilegeCapability.userDataClearable = false;
60 } },
61 { PRIVILEGE_ALLOW_APP_MULTI_PROCESS,
__anonf30a98170302() 62 [] (AppPrivilegeCapability &appPrivilegeCapability) {
63 appPrivilegeCapability.allowMultiProcess = true;
64 } },
65 { PRIVILEGE_ALLOW_APP_DESKTOP_ICON_HIDE,
__anonf30a98170402() 66 [] (AppPrivilegeCapability &appPrivilegeCapability) {
67 appPrivilegeCapability.hideDesktopIcon = true;
68 } },
69 { PRIVILEGE_ALLOW_ABILITY_PRIORITY_QUERIED,
__anonf30a98170502() 70 [] (AppPrivilegeCapability &appPrivilegeCapability) {
71 appPrivilegeCapability.allowQueryPriority = true;
72 } },
73 { PRIVILEGE_ALLOW_ABILITY_EXCLUDE_FROM_MISSIONS,
__anonf30a98170602() 74 [] (AppPrivilegeCapability &appPrivilegeCapability) {
75 appPrivilegeCapability.allowExcludeFromMissions = true;
76 } },
77 { PRIVILEGE_ALLOW_APP_USE_PRIVILEGE_EXTENSION,
__anonf30a98170702() 78 [] (AppPrivilegeCapability &appPrivilegeCapability) {
79 appPrivilegeCapability.allowUsePrivilegeExtension = true;
80 } },
81 { PRIVILEGE_ALLOW_FORM_VISIBLE_NOTIFY,
__anonf30a98170802() 82 [] (AppPrivilegeCapability &appPrivilegeCapability) {
83 appPrivilegeCapability.formVisibleNotify = true;
84 } },
85 };
86
GetAppDistributionType(const Security::Verify::AppDistType & type)87 std::string GetAppDistributionType(const Security::Verify::AppDistType &type)
88 {
89 auto typeIter = APP_DISTRIBUTION_TYPE_MAPS.find(type);
90 if (typeIter == APP_DISTRIBUTION_TYPE_MAPS.end()) {
91 APP_LOGE("wrong AppDistType");
92 return Constants::APP_DISTRIBUTION_TYPE_NONE;
93 }
94
95 return typeIter->second;
96 }
97
GetAppProvisionType(const Security::Verify::ProvisionType & type)98 std::string GetAppProvisionType(const Security::Verify::ProvisionType &type)
99 {
100 if (type == Security::Verify::ProvisionType::DEBUG) {
101 return Constants::APP_PROVISION_TYPE_DEBUG;
102 }
103
104 return Constants::APP_PROVISION_TYPE_RELEASE;
105 }
106
IsPrivilegeExtensionAbilityType(ExtensionAbilityType type)107 bool IsPrivilegeExtensionAbilityType(ExtensionAbilityType type)
108 {
109 return PRIVILEGE_EXTENSION_ABILITY_TYPE.find(type) != PRIVILEGE_EXTENSION_ABILITY_TYPE.end();
110 }
111
IsSystemExtensionAbilityType(ExtensionAbilityType type)112 bool IsSystemExtensionAbilityType(ExtensionAbilityType type)
113 {
114 return SYSTEM_EXTENSION_ABILITY_TYPE.find(type) != SYSTEM_EXTENSION_ABILITY_TYPE.end();
115 }
116 }
117
CheckSysCap(const std::vector<std::string> & bundlePaths)118 ErrCode BundleInstallChecker::CheckSysCap(const std::vector<std::string> &bundlePaths)
119 {
120 APP_LOGD("check hap syscaps start.");
121 if (bundlePaths.empty()) {
122 APP_LOGE("check hap syscaps failed due to empty bundlePaths!");
123 return ERR_APPEXECFWK_INSTALL_PARAM_ERROR;
124 }
125
126 ErrCode result = ERR_OK;
127 BundleParser bundleParser;
128 for (const auto &bundlePath : bundlePaths) {
129 std::vector<std::string> bundleSysCaps;
130 result = bundleParser.ParseSysCap(bundlePath, bundleSysCaps);
131 if (result != ERR_OK) {
132 APP_LOGE("parse bundle syscap failed, error: %{public}d", result);
133 return result;
134 }
135
136 for (const auto &bundleSysCapItem : bundleSysCaps) {
137 APP_LOGD("check syscap(%{public}s)", bundleSysCapItem.c_str());
138 if (!HasSystemCapability(bundleSysCapItem.c_str())) {
139 APP_LOGE("check syscap failed which %{public}s is not exsit",
140 bundleSysCapItem.c_str());
141 return ERR_APPEXECFWK_INSTALL_CHECK_SYSCAP_FAILED;
142 }
143 }
144 }
145
146 APP_LOGD("finish check hap syscaps");
147 return result;
148 }
149
CheckMultipleHapsSignInfo(const std::vector<std::string> & bundlePaths,std::vector<Security::Verify::HapVerifyResult> & hapVerifyRes)150 ErrCode BundleInstallChecker::CheckMultipleHapsSignInfo(
151 const std::vector<std::string> &bundlePaths,
152 std::vector<Security::Verify::HapVerifyResult>& hapVerifyRes)
153 {
154 APP_LOGD("Check multiple haps signInfo");
155 if (bundlePaths.empty()) {
156 APP_LOGE("check hap sign info failed due to empty bundlePaths!");
157 return ERR_APPEXECFWK_INSTALL_PARAM_ERROR;
158 }
159
160 for (const std::string &bundlePath : bundlePaths) {
161 Security::Verify::HapVerifyResult hapVerifyResult;
162 #ifndef X86_EMULATOR_MODE
163 auto verifyRes = BundleVerifyMgr::HapVerify(bundlePath, hapVerifyResult);
164 if (verifyRes != ERR_OK) {
165 APP_LOGE("hap file verify failed");
166 return verifyRes;
167 }
168 #else
169 BundleVerifyMgr::ParseHapProfile(bundlePath, hapVerifyResult);
170 #endif
171 hapVerifyRes.emplace_back(hapVerifyResult);
172 }
173
174 if (hapVerifyRes.empty()) {
175 APP_LOGE("no sign info in the all haps!");
176 return ERR_APPEXECFWK_INSTALL_FAILED_INCOMPATIBLE_SIGNATURE;
177 }
178
179 #ifndef X86_EMULATOR_MODE
180 auto appId = hapVerifyRes[0].GetProvisionInfo().appId;
181 auto apl = hapVerifyRes[0].GetProvisionInfo().bundleInfo.apl;
182 auto appDistributionType = hapVerifyRes[0].GetProvisionInfo().distributionType;
183 auto appProvisionType = hapVerifyRes[0].GetProvisionInfo().type;
184 bool isInvalid = std::any_of(hapVerifyRes.begin(), hapVerifyRes.end(),
185 [appId, apl, appDistributionType, appProvisionType](const auto &hapVerifyResult) {
186 if (appId != hapVerifyResult.GetProvisionInfo().appId) {
187 APP_LOGE("error: hap files have different appId");
188 return true;
189 }
190 if (apl != hapVerifyResult.GetProvisionInfo().bundleInfo.apl) {
191 APP_LOGE("error: hap files have different apl");
192 return true;
193 }
194 if (appDistributionType != hapVerifyResult.GetProvisionInfo().distributionType) {
195 APP_LOGE("error: hap files have different appDistributionType");
196 return true;
197 }
198 if (appProvisionType != hapVerifyResult.GetProvisionInfo().type) {
199 APP_LOGE("error: hap files have different appProvisionType");
200 return true;
201 }
202 return false;
203 });
204 if (isInvalid) {
205 return ERR_APPEXECFWK_INSTALL_FAILED_INCOMPATIBLE_SIGNATURE;
206 }
207 #endif
208 APP_LOGD("finish check multiple haps signInfo");
209 return ERR_OK;
210 }
211
ParseHapFiles(const std::vector<std::string> & bundlePaths,const InstallCheckParam & checkParam,std::vector<Security::Verify::HapVerifyResult> & hapVerifyRes,std::unordered_map<std::string,InnerBundleInfo> & infos)212 ErrCode BundleInstallChecker::ParseHapFiles(
213 const std::vector<std::string> &bundlePaths,
214 const InstallCheckParam &checkParam,
215 std::vector<Security::Verify::HapVerifyResult> &hapVerifyRes,
216 std::unordered_map<std::string, InnerBundleInfo> &infos)
217 {
218 APP_LOGD("Parse hap file");
219 ErrCode result = ERR_OK;
220 for (uint32_t i = 0; i < bundlePaths.size(); ++i) {
221 InnerBundleInfo newInfo;
222 BundlePackInfo packInfo;
223 newInfo.SetAppType(checkParam.appType);
224 Security::Verify::ProvisionInfo provisionInfo = hapVerifyRes[i].GetProvisionInfo();
225 bool isSystemApp = (provisionInfo.bundleInfo.appFeature == Constants::HOS_SYSTEM_APP ||
226 provisionInfo.bundleInfo.appFeature == Constants::OHOS_SYSTEM_APP) ||
227 (bundlePaths[i].find(Constants::SYSTEM_APP_SCAN_PATH) == 0);
228 if (isSystemApp) {
229 newInfo.SetAppType(Constants::AppType::SYSTEM_APP);
230 }
231
232 newInfo.SetIsPreInstallApp(checkParam.isPreInstallApp);
233 result = ParseBundleInfo(bundlePaths[i], newInfo, packInfo);
234 if (result != ERR_OK) {
235 APP_LOGE("bundle parse failed %{public}d", result);
236 return result;
237 }
238 #ifndef X86_EMULATOR_MODE
239 result = CheckBundleName(provisionInfo.bundleInfo.bundleName, newInfo.GetBundleName());
240 if (result != ERR_OK) {
241 APP_LOGE("check provision bundleName failed");
242 return result;
243 }
244 #endif
245 if (newInfo.HasEntry()) {
246 if (isContainEntry_) {
247 APP_LOGE("more than one entry hap in the direction!");
248 return ERR_APPEXECFWK_INSTALL_INVALID_NUMBER_OF_ENTRY_HAP;
249 }
250 isContainEntry_ = true;
251 }
252
253 SetEntryInstallationFree(packInfo, newInfo);
254 result = CheckMainElement(newInfo);
255 if (result != ERR_OK) {
256 return result;
257 }
258 AppPrivilegeCapability appPrivilegeCapability;
259 // from provision file
260 ParseAppPrivilegeCapability(provisionInfo, appPrivilegeCapability);
261 // form install_list_capability.json, higher priority than provision file
262 FetchPrivilegeCapabilityFromPreConfig(
263 newInfo.GetBundleName(), provisionInfo.fingerprint, appPrivilegeCapability);
264 // process bundleInfo by appPrivilegeCapability
265 result = ProcessBundleInfoByPrivilegeCapability(appPrivilegeCapability, newInfo);
266 if (result != ERR_OK) {
267 return result;
268 }
269 CollectProvisionInfo(provisionInfo, appPrivilegeCapability, newInfo);
270 #ifdef USE_PRE_BUNDLE_PROFILE
271 GetPrivilegeCapability(checkParam, newInfo);
272 #endif
273 if (provisionInfo.distributionType == Security::Verify::AppDistType::CROWDTESTING) {
274 newInfo.SetAppCrowdtestDeadline(checkParam.crowdtestDeadline);
275 } else {
276 newInfo.SetAppCrowdtestDeadline(Constants::INVALID_CROWDTEST_DEADLINE);
277 }
278 if ((result = CheckSystemSize(bundlePaths[i], checkParam.appType)) != ERR_OK) {
279 APP_LOGE("install failed due to insufficient disk memory");
280 return result;
281 }
282
283 infos.emplace(bundlePaths[i], newInfo);
284 }
285 if ((result = CheckModuleNameForMulitHaps(infos)) != ERR_OK) {
286 APP_LOGE("install failed due to duplicated moduleName");
287 return result;
288 }
289 APP_LOGD("finish parse hap file");
290 return result;
291 }
292
CheckDependency(std::unordered_map<std::string,InnerBundleInfo> & infos)293 ErrCode BundleInstallChecker::CheckDependency(std::unordered_map<std::string, InnerBundleInfo> &infos)
294 {
295 APP_LOGD("CheckDependency");
296
297 for (const auto &info : infos) {
298 if (info.second.GetInnerModuleInfos().empty()) {
299 continue;
300 }
301 // There is only one innerModuleInfo when installing
302 InnerModuleInfo moduleInfo = info.second.GetInnerModuleInfos().begin()->second;
303 bool isModuleExist = false;
304 for (const auto &dependency : moduleInfo.dependencies) {
305 if (!NeedCheckDependency(dependency, info.second)) {
306 APP_LOGD("deliveryWithInstall is false, do not check whether the dependency exists.");
307 continue;
308 }
309
310 std::string bundleName =
311 dependency.bundleName.empty() ? info.second.GetBundleName() : dependency.bundleName;
312 isModuleExist = FindModuleInInstallingPackage(dependency.moduleName, bundleName, infos);
313 if (!isModuleExist) {
314 APP_LOGW("The depend module:%{public}s is not exist in installing package.",
315 dependency.moduleName.c_str());
316 isModuleExist = FindModuleInInstalledPackage(dependency.moduleName, bundleName);
317 if (!isModuleExist) {
318 APP_LOGE("The depend module:%{public}s is not exist.", dependency.moduleName.c_str());
319 return ERR_APPEXECFWK_INSTALL_DEPENDENT_MODULE_NOT_EXIST;
320 }
321 }
322 }
323 }
324
325 return ERR_OK;
326 }
327
NeedCheckDependency(const Dependency & dependency,const InnerBundleInfo & info)328 bool BundleInstallChecker::NeedCheckDependency(const Dependency &dependency, const InnerBundleInfo &info)
329 {
330 APP_LOGD("NeedCheckDependency the moduleName is %{public}s, the bundleName is %{public}s.",
331 dependency.moduleName.c_str(), dependency.bundleName.c_str());
332
333 if (!dependency.bundleName.empty() && dependency.bundleName != info.GetBundleName()) {
334 APP_LOGD("Cross-app dependencies, need check dependency.");
335 return true;
336 }
337 std::vector<PackageModule> modules = info.GetBundlePackInfo().summary.modules;
338 if (modules.empty()) {
339 APP_LOGD("NeedCheckDependency modules is empty, need check dependency.");
340 return true;
341 }
342 for (const auto &module : modules) {
343 if (module.distro.moduleName == dependency.moduleName) {
344 return module.distro.deliveryWithInstall;
345 }
346 }
347
348 APP_LOGD("NeedCheckDependency the module not found, need check dependency.");
349 return true;
350 }
351
FindModuleInInstallingPackage(const std::string & moduleName,const std::string & bundleName,const std::unordered_map<std::string,InnerBundleInfo> & infos)352 bool BundleInstallChecker::FindModuleInInstallingPackage(
353 const std::string &moduleName,
354 const std::string &bundleName,
355 const std::unordered_map<std::string, InnerBundleInfo> &infos)
356 {
357 APP_LOGD("FindModuleInInstallingPackage the moduleName is %{public}s, the bundleName is %{public}s.",
358 moduleName.c_str(), bundleName.c_str());
359 for (const auto &info : infos) {
360 if (info.second.GetBundleName() == bundleName) {
361 if (info.second.GetInnerModuleInfos().empty()) {
362 continue;
363 }
364 // There is only one innerModuleInfo when installing
365 InnerModuleInfo moduleInfo = info.second.GetInnerModuleInfos().begin()->second;
366 if (moduleInfo.moduleName == moduleName) {
367 return true;
368 }
369 }
370 }
371 return false;
372 }
373
FindModuleInInstalledPackage(const std::string & moduleName,const std::string & bundleName)374 bool BundleInstallChecker::FindModuleInInstalledPackage(
375 const std::string &moduleName,
376 const std::string &bundleName)
377 {
378 APP_LOGD("FindModuleInInstalledPackage the moduleName is %{public}s, the bundleName is %{public}s.",
379 moduleName.c_str(), bundleName.c_str());
380 std::shared_ptr<BundleDataMgr> dataMgr = DelayedSingleton<BundleMgrService>::GetInstance()->GetDataMgr();
381 if (dataMgr == nullptr) {
382 APP_LOGE("Get dataMgr shared_ptr nullptr");
383 return false;
384 }
385
386 InnerBundleInfo bundleInfo;
387 bool isBundleExist = dataMgr->GetInnerBundleInfo(bundleName, bundleInfo);
388 if (!isBundleExist) {
389 APP_LOGE("the bundle: %{public}s is not install", bundleName.c_str());
390 return false;
391 }
392 if (!bundleInfo.FindModule(moduleName)) {
393 APP_LOGE("the module: %{public}s is not install", moduleName.c_str());
394 return false;
395 }
396
397 return true;
398 }
399
CheckBundleName(const std::string & provisionBundleName,const std::string & bundleName)400 ErrCode BundleInstallChecker::CheckBundleName(const std::string &provisionBundleName, const std::string &bundleName)
401 {
402 APP_LOGD("CheckBundleName provisionBundleName:%{public}s, bundleName:%{public}s",
403 provisionBundleName.c_str(), bundleName.c_str());
404 if (provisionBundleName.empty() || bundleName.empty()) {
405 APP_LOGE("CheckBundleName provisionBundleName:%{public}s, bundleName:%{public}s failed",
406 provisionBundleName.c_str(), bundleName.c_str());
407 return ERR_APPEXECFWK_INSTALL_FAILED_BUNDLE_SIGNATURE_VERIFICATION_FAILURE;
408 }
409 if (provisionBundleName == bundleName) {
410 return ERR_OK;
411 }
412 APP_LOGE("CheckBundleName failed provisionBundleName:%{public}s, bundleName:%{public}s",
413 provisionBundleName.c_str(), bundleName.c_str());
414 return ERR_APPEXECFWK_INSTALL_FAILED_BUNDLE_SIGNATURE_VERIFICATION_FAILURE;
415 }
416
CollectProvisionInfo(const Security::Verify::ProvisionInfo & provisionInfo,const AppPrivilegeCapability & appPrivilegeCapability,InnerBundleInfo & newInfo)417 void BundleInstallChecker::CollectProvisionInfo(
418 const Security::Verify::ProvisionInfo &provisionInfo,
419 const AppPrivilegeCapability &appPrivilegeCapability,
420 InnerBundleInfo &newInfo)
421 {
422 newInfo.SetProvisionId(provisionInfo.appId);
423 newInfo.SetAppFeature(provisionInfo.bundleInfo.appFeature);
424 newInfo.SetAppPrivilegeLevel(provisionInfo.bundleInfo.apl);
425 newInfo.SetAllowedAcls(provisionInfo.acls.allowedAcls);
426 newInfo.SetCertificateFingerprint(provisionInfo.fingerprint);
427 newInfo.SetAppDistributionType(GetAppDistributionType(provisionInfo.distributionType));
428 newInfo.SetAppProvisionType(GetAppProvisionType(provisionInfo.type));
429 SetAppProvisionMetadata(provisionInfo.metadatas, newInfo);
430 #ifdef USE_PRE_BUNDLE_PROFILE
431 newInfo.SetUserDataClearable(appPrivilegeCapability.userDataClearable);
432 newInfo.SetHideDesktopIcon(appPrivilegeCapability.hideDesktopIcon);
433 newInfo.SetFormVisibleNotify(appPrivilegeCapability.formVisibleNotify);
434 #endif
435 }
436
SetAppProvisionMetadata(const std::vector<Security::Verify::Metadata> & provisionMetadatas,InnerBundleInfo & newInfo)437 void BundleInstallChecker::SetAppProvisionMetadata(const std::vector<Security::Verify::Metadata> &provisionMetadatas,
438 InnerBundleInfo &newInfo)
439 {
440 if (provisionMetadatas.empty()) {
441 return;
442 }
443 std::vector<Metadata> metadatas;
444 for (const auto &it : provisionMetadatas) {
445 Metadata metadata;
446 metadata.name = it.name;
447 metadata.value = it.value;
448 metadatas.emplace_back(metadata);
449 }
450 newInfo.SetAppProvisionMetadata(metadatas);
451 }
452
GetPrivilegeCapability(const InstallCheckParam & checkParam,InnerBundleInfo & newInfo)453 void BundleInstallChecker::GetPrivilegeCapability(
454 const InstallCheckParam &checkParam, InnerBundleInfo &newInfo)
455 {
456 // Reset privilege capability
457 newInfo.SetKeepAlive(false);
458 newInfo.SetSingleton(false);
459
460 newInfo.SetRemovable(checkParam.removable);
461 PreBundleConfigInfo preBundleConfigInfo;
462 preBundleConfigInfo.bundleName = newInfo.GetBundleName();
463 BMSEventHandler::GetPreInstallCapability(preBundleConfigInfo);
464 bool ret = false;
465 if (!preBundleConfigInfo.appSignature.empty()) {
466 ret = std::find(
467 preBundleConfigInfo.appSignature.begin(),
468 preBundleConfigInfo.appSignature.end(),
469 newInfo.GetCertificateFingerprint()) !=
470 preBundleConfigInfo.appSignature.end();
471 }
472
473 if (!ret) {
474 APP_LOGW("appSignature is incompatible");
475 return;
476 }
477
478 newInfo.SetKeepAlive(preBundleConfigInfo.keepAlive);
479 newInfo.SetSingleton(preBundleConfigInfo.singleton);
480 newInfo.SetRunningResourcesApply(preBundleConfigInfo.runningResourcesApply);
481 newInfo.SetAssociatedWakeUp(preBundleConfigInfo.associatedWakeUp);
482 newInfo.SetAllowCommonEvent(preBundleConfigInfo.allowCommonEvent);
483 }
484
SetPackInstallationFree(BundlePackInfo & bundlePackInfo,const InnerBundleInfo & innerBundleInfo) const485 void BundleInstallChecker::SetPackInstallationFree(BundlePackInfo &bundlePackInfo,
486 const InnerBundleInfo &innerBundleInfo) const
487 {
488 if (innerBundleInfo.GetIsNewVersion()) {
489 if (innerBundleInfo.GetApplicationBundleType() == BundleType::ATOMIC_SERVICE) {
490 for (auto &item : bundlePackInfo.summary.modules) {
491 item.distro.installationFree = true;
492 }
493 return;
494 }
495 for (auto &item : bundlePackInfo.summary.modules) {
496 item.distro.installationFree = false;
497 }
498 }
499 }
500
ParseBundleInfo(const std::string & bundleFilePath,InnerBundleInfo & info,BundlePackInfo & packInfo) const501 ErrCode BundleInstallChecker::ParseBundleInfo(
502 const std::string &bundleFilePath,
503 InnerBundleInfo &info,
504 BundlePackInfo &packInfo) const
505 {
506 BundleParser bundleParser;
507 ErrCode result = bundleParser.Parse(bundleFilePath, info);
508 if (result != ERR_OK) {
509 APP_LOGE("parse bundle info failed, error: %{public}d", result);
510 return result;
511 }
512
513 if (!packInfo.GetValid()) {
514 result = bundleParser.ParsePackInfo(bundleFilePath, packInfo);
515 if (result != ERR_OK) {
516 APP_LOGE("parse bundle pack info failed, error: %{public}d", result);
517 return result;
518 }
519
520 SetPackInstallationFree(packInfo, info);
521 info.SetBundlePackInfo(packInfo);
522 packInfo.SetValid(true);
523 }
524
525 return ERR_OK;
526 }
527
SetEntryInstallationFree(const BundlePackInfo & bundlePackInfo,InnerBundleInfo & innerBundleInfo)528 void BundleInstallChecker::SetEntryInstallationFree(
529 const BundlePackInfo &bundlePackInfo,
530 InnerBundleInfo &innerBundleInfo)
531 {
532 APP_LOGI("SetEntryInstallationFree start");
533 if (!bundlePackInfo.GetValid()) {
534 APP_LOGW("no pack.info in the hap file");
535 return;
536 }
537
538 auto packageModule = bundlePackInfo.summary.modules;
539 auto installationFree = std::any_of(packageModule.begin(), packageModule.end(), [&](const auto &module) {
540 return module.distro.moduleType == "entry" && module.distro.installationFree;
541 });
542 if (installationFree) {
543 APP_LOGI("install or update hm service");
544 }
545 if (innerBundleInfo.GetIsNewVersion()) {
546 installationFree = innerBundleInfo.GetApplicationBundleType() == BundleType::ATOMIC_SERVICE;
547 }
548
549 innerBundleInfo.SetEntryInstallationFree(installationFree);
550 if (installationFree && !innerBundleInfo.GetIsNewVersion()) {
551 innerBundleInfo.SetApplicationBundleType(BundleType::ATOMIC_SERVICE);
552 }
553 APP_LOGI("SetEntryInstallationFree end");
554 }
555
CheckSystemSize(const std::string & bundlePath,const Constants::AppType appType) const556 ErrCode BundleInstallChecker::CheckSystemSize(
557 const std::string &bundlePath,
558 const Constants::AppType appType) const
559 {
560 if ((appType == Constants::AppType::SYSTEM_APP) &&
561 (BundleUtil::CheckSystemSize(bundlePath, Constants::SYSTEM_APP_INSTALL_PATH))) {
562 return ERR_OK;
563 }
564
565 if ((appType == Constants::AppType::THIRD_SYSTEM_APP) &&
566 (BundleUtil::CheckSystemSize(bundlePath, Constants::THIRD_SYSTEM_APP_INSTALL_PATH))) {
567 return ERR_OK;
568 }
569
570 if ((appType == Constants::AppType::THIRD_PARTY_APP) &&
571 (BundleUtil::CheckSystemSize(bundlePath, Constants::THIRD_PARTY_APP_INSTALL_PATH))) {
572 return ERR_OK;
573 }
574
575 APP_LOGE("install failed due to insufficient disk memory");
576 return ERR_APPEXECFWK_INSTALL_DISK_MEM_INSUFFICIENT;
577 }
578
CheckHapHashParams(std::unordered_map<std::string,InnerBundleInfo> & infos,std::map<std::string,std::string> hashParams)579 ErrCode BundleInstallChecker::CheckHapHashParams(
580 std::unordered_map<std::string, InnerBundleInfo> &infos,
581 std::map<std::string, std::string> hashParams)
582 {
583 if (hashParams.empty()) {
584 APP_LOGD("hashParams is empty");
585 return ERR_OK;
586 }
587
588 std::vector<std::string> hapModuleNames;
589 for (auto &info : infos) {
590 std::vector<std::string> moduleNames;
591 info.second.GetModuleNames(moduleNames);
592 if (moduleNames.empty()) {
593 APP_LOGE("hap(%{public}s) moduleName is empty", info.first.c_str());
594 return ERR_APPEXECFWK_INSTALL_FAILED_MODULE_NAME_EMPTY;
595 }
596
597 if (std::find(hapModuleNames.begin(), hapModuleNames.end(), moduleNames[0]) != hapModuleNames.end()) {
598 APP_LOGE("hap moduleName(%{public}s) duplicate", moduleNames[0].c_str());
599 return ERR_APPEXECFWK_INSTALL_FAILED_MODULE_NAME_DUPLICATE;
600 }
601
602 hapModuleNames.emplace_back(moduleNames[0]);
603 auto hashParamIter = hashParams.find(moduleNames[0]);
604 if (hashParamIter != hashParams.end()) {
605 info.second.SetModuleHashValue(hashParamIter->second);
606 hashParams.erase(hashParamIter);
607 }
608 }
609
610 if (!hashParams.empty()) {
611 APP_LOGE("Some hashParam moduleName is not exist in hap moduleNames");
612 return ERR_APPEXECFWK_INSTALL_FAILED_CHECK_HAP_HASH_PARAM;
613 }
614
615 return ERR_OK;
616 }
617
CheckAppLabelInfo(const std::unordered_map<std::string,InnerBundleInfo> & infos)618 ErrCode BundleInstallChecker::CheckAppLabelInfo(
619 const std::unordered_map<std::string, InnerBundleInfo> &infos)
620 {
621 APP_LOGD("Check APP label");
622 ErrCode ret = ERR_OK;
623 std::string bundleName = (infos.begin()->second).GetBundleName();
624 std::string vendor = (infos.begin()->second).GetVendor();
625 uint32_t versionCode = (infos.begin()->second).GetVersionCode();
626 std::string versionName = (infos.begin()->second).GetVersionName();
627 uint32_t minCompatibleVersionCode = (infos.begin()->second).GetMinCompatibleVersionCode();
628 uint32_t target = (infos.begin()->second).GetTargetVersion();
629 std::string releaseType = (infos.begin()->second).GetReleaseType();
630 uint32_t compatible = (infos.begin()->second).GetCompatibleVersion();
631 bool singleton = (infos.begin()->second).IsSingleton();
632 Constants::AppType appType = (infos.begin()->second).GetAppType();
633 bool isStage = (infos.begin()->second).GetIsNewVersion();
634 bool asanEnabled = (infos.begin()->second).GetAsanEnabled();
635 BundleType bundleType = (infos.begin()->second).GetApplicationBundleType();
636 bool isHmService = (infos.begin()->second).GetEntryInstallationFree();
637
638 for (const auto &info : infos) {
639 // check bundleName
640 if (bundleName != info.second.GetBundleName()) {
641 return ERR_APPEXECFWK_INSTALL_BUNDLENAME_NOT_SAME;
642 }
643 // check version
644 if (versionCode != info.second.GetVersionCode()) {
645 return ERR_APPEXECFWK_INSTALL_VERSIONCODE_NOT_SAME;
646 }
647 if (versionName != info.second.GetVersionName()) {
648 return ERR_APPEXECFWK_INSTALL_VERSIONNAME_NOT_SAME;
649 }
650 if (minCompatibleVersionCode != info.second.GetMinCompatibleVersionCode()) {
651 return ERR_APPEXECFWK_INSTALL_MINCOMPATIBLE_VERSIONCODE_NOT_SAME;
652 }
653 // check vendor
654 if (vendor != info.second.GetVendor()) {
655 return ERR_APPEXECFWK_INSTALL_VENDOR_NOT_SAME;
656 }
657 // check release type
658 if (target != info.second.GetTargetVersion()) {
659 return ERR_APPEXECFWK_INSTALL_RELEASETYPE_TARGET_NOT_SAME;
660 }
661 if (compatible != info.second.GetCompatibleVersion()) {
662 return ERR_APPEXECFWK_INSTALL_RELEASETYPE_COMPATIBLE_NOT_SAME;
663 }
664 if (releaseType != info.second.GetReleaseType()) {
665 return ERR_APPEXECFWK_INSTALL_RELEASETYPE_NOT_SAME;
666 }
667 if (singleton != info.second.IsSingleton()) {
668 return ERR_APPEXECFWK_INSTALL_SINGLETON_NOT_SAME;
669 }
670 if (appType != info.second.GetAppType()) {
671 return ERR_APPEXECFWK_INSTALL_APPTYPE_NOT_SAME;
672 }
673 // check model type(FA or stage)
674 if (isStage != info.second.GetIsNewVersion()) {
675 APP_LOGE("must be all FA model or all stage model");
676 return ERR_APPEXECFWK_INSTALL_STATE_ERROR;
677 }
678 // check asanEnabled
679 if (asanEnabled != info.second.GetAsanEnabled()) {
680 APP_LOGE("asanEnabled is not same");
681 return ERR_APPEXECFWK_INSTALL_ASAN_ENABLED_NOT_SAME;
682 }
683 if (bundleType != info.second.GetApplicationBundleType()) {
684 return ERR_APPEXECFWK_BUNDLE_TYPE_NOT_SAME;
685 }
686 if (isHmService != info.second.GetEntryInstallationFree()) {
687 APP_LOGE("application and hm service are not allowed installed simultaneously.");
688 return ERR_APPEXECFWK_INSTALL_TYPE_ERROR;
689 }
690 }
691 // check api sdk version
692 if ((infos.begin()->second).GetCompatibleVersion() > static_cast<uint32_t>(GetSdkApiVersion())) {
693 return ERR_APPEXECFWK_INSTALL_SDK_INCOMPATIBLE;
694 }
695 APP_LOGD("finish check APP label");
696 return ret;
697 }
698
CheckMultiNativeFile(std::unordered_map<std::string,InnerBundleInfo> & infos)699 ErrCode BundleInstallChecker::CheckMultiNativeFile(
700 std::unordered_map<std::string, InnerBundleInfo> &infos)
701 {
702 ErrCode result = CheckMultiNativeSo(infos);
703 if (result != ERR_OK) {
704 APP_LOGE("Check multi nativeSo failed, result: %{public}d", result);
705 return result;
706 }
707
708 result = CheckMultiArkNativeFile(infos);
709 if (result != ERR_OK) {
710 APP_LOGE("Check multi arkNativeFile failed, result: %{public}d", result);
711 return result;
712 }
713
714 return ERR_OK;
715 }
716
CheckMultiArkNativeFile(std::unordered_map<std::string,InnerBundleInfo> & infos)717 ErrCode BundleInstallChecker::CheckMultiArkNativeFile(
718 std::unordered_map<std::string, InnerBundleInfo> &infos)
719 {
720 std::string arkNativeFileAbi = (infos.begin()->second).GetArkNativeFileAbi();
721 for (const auto &info : infos) {
722 if (info.second.GetArkNativeFileAbi().empty()) {
723 continue;
724 }
725 if (arkNativeFileAbi.empty()) {
726 arkNativeFileAbi = info.second.GetArkNativeFileAbi();
727 continue;
728 }
729 if (arkNativeFileAbi != info.second.GetArkNativeFileAbi()) {
730 return ERR_APPEXECFWK_INSTALL_AN_INCOMPATIBLE;
731 }
732 }
733
734 // Ensure the an is consistent in multiple haps
735 if (!arkNativeFileAbi.empty()) {
736 for (auto &info : infos) {
737 info.second.SetArkNativeFileAbi(arkNativeFileAbi);
738 }
739 }
740
741 return ERR_OK;
742 }
743
CheckMultiNativeSo(std::unordered_map<std::string,InnerBundleInfo> & infos)744 ErrCode BundleInstallChecker::CheckMultiNativeSo(
745 std::unordered_map<std::string, InnerBundleInfo> &infos)
746 {
747 std::string nativeLibraryPath = (infos.begin()->second).GetNativeLibraryPath();
748 std::string cpuAbi = (infos.begin()->second).GetCpuAbi();
749 for (const auto &info : infos) {
750 if (info.second.GetNativeLibraryPath().empty()) {
751 continue;
752 }
753 if (nativeLibraryPath.empty()) {
754 nativeLibraryPath = info.second.GetNativeLibraryPath();
755 cpuAbi = info.second.GetCpuAbi();
756 continue;
757 }
758 if (nativeLibraryPath != info.second.GetNativeLibraryPath()
759 || cpuAbi != info.second.GetCpuAbi()) {
760 return ERR_APPEXECFWK_INSTALL_SO_INCOMPATIBLE;
761 }
762 }
763
764 // Ensure the so is consistent in multiple haps
765 if (!nativeLibraryPath.empty()) {
766 for (auto &info : infos) {
767 info.second.SetNativeLibraryPath(nativeLibraryPath);
768 info.second.SetCpuAbi(cpuAbi);
769 }
770 }
771
772 return ERR_OK;
773 }
774
ResetProperties()775 void BundleInstallChecker::ResetProperties()
776 {
777 isContainEntry_ = false;
778 }
779
ParseAppPrivilegeCapability(const Security::Verify::ProvisionInfo & provisionInfo,AppPrivilegeCapability & appPrivilegeCapability)780 void BundleInstallChecker::ParseAppPrivilegeCapability(
781 const Security::Verify::ProvisionInfo &provisionInfo,
782 AppPrivilegeCapability &appPrivilegeCapability)
783 {
784 for (const auto &appPrivilege : provisionInfo.appPrivilegeCapabilities) {
785 auto iter = PRIVILEGE_MAP.find(appPrivilege);
786 if (iter != PRIVILEGE_MAP.end()) {
787 iter->second(appPrivilegeCapability);
788 }
789 }
790 if ((provisionInfo.bundleInfo.bundleName != APP_TEST_BUNDLE_NAME) &&
791 (provisionInfo.bundleInfo.bundleName.find(BUNDLE_NAME_XTS_TEST) != 0)) {
792 appPrivilegeCapability.allowMultiProcess = false;
793 appPrivilegeCapability.allowUsePrivilegeExtension = false;
794 appPrivilegeCapability.formVisibleNotify = false;
795 }
796 APP_LOGD("AppPrivilegeCapability %{public}s",
797 appPrivilegeCapability.ToString().c_str());
798 #ifndef USE_PRE_BUNDLE_PROFILE
799 appPrivilegeCapability.allowMultiProcess = true;
800 appPrivilegeCapability.allowUsePrivilegeExtension = true;
801 #endif
802 }
803
CheckModuleNameForMulitHaps(const std::unordered_map<std::string,InnerBundleInfo> & infos) const804 ErrCode BundleInstallChecker::CheckModuleNameForMulitHaps(
805 const std::unordered_map<std::string, InnerBundleInfo> &infos) const
806 {
807 std::set<std::string> moduleSet;
808 for (const auto &info : infos) {
809 std::vector<std::string> moduleVec = info.second.GetDistroModuleName();
810 if (moduleVec.empty()) {
811 APP_LOGE("moduleName vector is empty");
812 return ERR_APPEXECFWK_INSTALL_INTERNAL_ERROR;
813 }
814 moduleSet.insert(moduleVec[0]);
815 }
816
817 if (moduleSet.size() != infos.size()) {
818 APP_LOGE("someone moduleName is not unique in the haps");
819 return ERR_APPEXECFWK_INSTALL_NOT_UNIQUE_DISTRO_MODULE_NAME;
820 }
821 return ERR_OK;
822 }
823
IsExistedDistroModule(const InnerBundleInfo & newInfo,const InnerBundleInfo & info) const824 bool BundleInstallChecker::IsExistedDistroModule(const InnerBundleInfo &newInfo, const InnerBundleInfo &info) const
825 {
826 std::string moduleName = newInfo.GetCurModuleName();
827 std::string packageName = newInfo.GetCurrentModulePackage();
828 if (packageName.empty() || moduleName.empty()) {
829 APP_LOGE("IsExistedDistroModule failed due to invalid packageName or moduleName");
830 return false;
831 }
832 std::string oldModuleName = info.GetModuleNameByPackage(packageName);
833 // if FA update to Stage, allow module name inconsistent
834 bool isFAToStage = !info.GetIsNewVersion() && newInfo.GetIsNewVersion();
835 if (!isFAToStage) {
836 // if not FA update to Stage, check consistency of module name
837 if (moduleName.compare(oldModuleName) != 0) {
838 APP_LOGE("no moduleName in the innerModuleInfo");
839 return false;
840 }
841 }
842 // check consistency of module type
843 std::string newModuleType = newInfo.GetModuleTypeByPackage(packageName);
844 std::string oldModuleType = info.GetModuleTypeByPackage(packageName);
845 if (newModuleType.compare(oldModuleType) != 0) {
846 APP_LOGE("moduleType is different between the new hap and the original hap");
847 return false;
848 }
849
850 return true;
851 }
852
IsContainModuleName(const InnerBundleInfo & newInfo,const InnerBundleInfo & info) const853 bool BundleInstallChecker::IsContainModuleName(const InnerBundleInfo &newInfo, const InnerBundleInfo &info) const
854 {
855 std::string moduleName = newInfo.GetCurModuleName();
856 std::vector<std::string> moduleVec = info.GetDistroModuleName();
857 if (moduleName.empty() || moduleVec.empty()) {
858 APP_LOGE("IsContainModuleName failed due to invalid moduleName or modulevec");
859 return false;
860 }
861 return (find(moduleVec.cbegin(), moduleVec.cend(), moduleName) == moduleVec.cend()) ? false : true;
862 }
863
CheckMainElement(const InnerBundleInfo & info)864 ErrCode BundleInstallChecker::CheckMainElement(const InnerBundleInfo &info)
865 {
866 const std::map<std::string, InnerModuleInfo> &innerModuleInfos = info.GetInnerModuleInfos();
867 if (innerModuleInfos.empty()) {
868 return ERR_OK;
869 }
870 if (innerModuleInfos.cbegin()->second.distro.moduleType == Profile::MODULE_TYPE_SHARED) {
871 return ERR_OK;
872 }
873 if (info.GetEntryInstallationFree() && innerModuleInfos.cbegin()->second.mainAbility.empty()) {
874 APP_LOGE("atomic service's mainElement can't be empty.");
875 return ERR_APPEXECFWK_PARSE_PROFILE_PROP_CHECK_ERROR;
876 }
877 return ERR_OK;
878 }
879
GetPrivilegeCapabilityValue(const std::vector<std::string> & existInJson,const std::string & key,bool existInPreJson,bool existInProvision)880 bool BundleInstallChecker::GetPrivilegeCapabilityValue(
881 const std::vector<std::string> &existInJson,
882 const std::string &key,
883 bool existInPreJson,
884 bool existInProvision)
885 {
886 if (find(existInJson.cbegin(), existInJson.cend(), key) != existInJson.cend()) {
887 return existInPreJson;
888 }
889 return existInProvision;
890 }
891
FetchPrivilegeCapabilityFromPreConfig(const std::string & bundleName,const std::string & appSignature,AppPrivilegeCapability & appPrivilegeCapability)892 void BundleInstallChecker::FetchPrivilegeCapabilityFromPreConfig(
893 const std::string &bundleName,
894 const std::string &appSignature,
895 AppPrivilegeCapability &appPrivilegeCapability)
896 {
897 #ifdef USE_PRE_BUNDLE_PROFILE
898 APP_LOGD("bundleName: %{public}s, FetchPrivilegeCapabilityFromPreConfig start", bundleName.c_str());
899 PreBundleConfigInfo configInfo;
900 configInfo.bundleName = bundleName;
901 if (!BMSEventHandler::GetPreInstallCapability(configInfo)) {
902 APP_LOGW("bundleName: %{public}s is not exist in pre install capability list", bundleName.c_str());
903 return;
904 }
905 if (!MatchSignature(configInfo.appSignature, appSignature)) {
906 APP_LOGE("bundleName: %{public}s signature verify failed", bundleName.c_str());
907 return;
908 }
909 appPrivilegeCapability.allowUsePrivilegeExtension = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
910 ALLOW_APP_USE_PRIVILEGE_EXTENSION,
911 configInfo.allowUsePrivilegeExtension, appPrivilegeCapability.allowUsePrivilegeExtension);
912
913 appPrivilegeCapability.allowMultiProcess = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
914 ALLOW_APP_MULTI_PROCESS,
915 configInfo.allowMultiProcess, appPrivilegeCapability.allowMultiProcess);
916
917 appPrivilegeCapability.hideDesktopIcon = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
918 ALLOW_APP_DESKTOP_ICON_HIDE,
919 configInfo.hideDesktopIcon, appPrivilegeCapability.hideDesktopIcon);
920
921 appPrivilegeCapability.allowQueryPriority = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
922 ALLOW_ABILITY_PRIORITY_QUERIED,
923 configInfo.allowQueryPriority, appPrivilegeCapability.allowQueryPriority);
924
925 appPrivilegeCapability.allowExcludeFromMissions = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
926 ALLOW_ABILITY_EXCLUDE_FROM_MISSIONS,
927 configInfo.allowExcludeFromMissions, appPrivilegeCapability.allowExcludeFromMissions);
928
929 appPrivilegeCapability.formVisibleNotify = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
930 ALLOW_FORM_VISIBLE_NOTIFY,
931 configInfo.formVisibleNotify, appPrivilegeCapability.formVisibleNotify);
932
933 appPrivilegeCapability.userDataClearable = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
934 ALLOW_APP_DATA_NOT_CLEARED,
935 configInfo.userDataClearable, appPrivilegeCapability.userDataClearable);
936 APP_LOGD("AppPrivilegeCapability %{public}s", appPrivilegeCapability.ToString().c_str());
937 #endif
938 }
939
MatchSignature(const std::vector<std::string> & appSignatures,const std::string & signature)940 bool BundleInstallChecker::MatchSignature(
941 const std::vector<std::string> &appSignatures, const std::string &signature)
942 {
943 if (appSignatures.empty()) {
944 APP_LOGW("appSignature is empty");
945 return false;
946 }
947
948 return std::find(
949 appSignatures.begin(), appSignatures.end(), signature) != appSignatures.end();
950 }
951
ProcessBundleInfoByPrivilegeCapability(const AppPrivilegeCapability & appPrivilegeCapability,InnerBundleInfo & innerBundleInfo)952 ErrCode BundleInstallChecker::ProcessBundleInfoByPrivilegeCapability(
953 const AppPrivilegeCapability &appPrivilegeCapability,
954 InnerBundleInfo &innerBundleInfo)
955 {
956 // process application
957 ApplicationInfo applicationInfo = innerBundleInfo.GetBaseApplicationInfo();
958 if (!appPrivilegeCapability.allowMultiProcess || applicationInfo.process.empty()) {
959 applicationInfo.process = applicationInfo.bundleName;
960 }
961 innerBundleInfo.SetBaseApplicationInfo(applicationInfo);
962 BundleInfo bundleInfo = innerBundleInfo.GetBaseBundleInfo();
963 // process ability
964 auto &abilityInfos = innerBundleInfo.FetchAbilityInfos();
965 for (auto iter = abilityInfos.begin(); iter != abilityInfos.end(); ++iter) {
966 #ifdef USE_PRE_BUNDLE_PROFILE
967 if (!appPrivilegeCapability.allowQueryPriority) {
968 iter->second.priority = 0;
969 }
970 if (!appPrivilegeCapability.allowExcludeFromMissions) {
971 iter->second.excludeFromMissions = false;
972 }
973 #else
974 if (!applicationInfo.isSystemApp || !bundleInfo.isPreInstallApp) {
975 iter->second.priority = 0;
976 iter->second.excludeFromMissions = false;
977 }
978 #endif
979 }
980 // process ExtensionAbility
981 auto &extensionAbilityInfos = innerBundleInfo.FetchInnerExtensionInfos();
982 for (auto iter = extensionAbilityInfos.begin(); iter != extensionAbilityInfos.end(); ++iter) {
983 bool privilegeType = IsPrivilegeExtensionAbilityType(iter->second.type);
984 if (privilegeType && !appPrivilegeCapability.allowUsePrivilegeExtension) {
985 APP_LOGE("not allow use privilege extension");
986 return ERR_APPEXECFWK_PARSE_PROFILE_PROP_CHECK_ERROR;
987 }
988
989 bool systemType = IsSystemExtensionAbilityType(iter->second.type);
990 if (systemType && !applicationInfo.isSystemApp) {
991 APP_LOGE("not allow use system extension");
992 return ERR_APPEXECFWK_PARSE_PROFILE_PROP_CHECK_ERROR;
993 }
994
995 #ifdef USE_PRE_BUNDLE_PROFILE
996 if (!appPrivilegeCapability.allowQueryPriority) {
997 iter->second.priority = 0;
998 }
999 #else
1000 if (!applicationInfo.isSystemApp || !bundleInfo.isPreInstallApp) {
1001 iter->second.priority = 0;
1002 }
1003 #endif
1004 }
1005 // process InnerModuleInfo
1006 auto &innerModuleInfos = innerBundleInfo.FetchInnerModuleInfos();
1007 for (auto iter = innerModuleInfos.begin(); iter != innerModuleInfos.end(); ++iter) {
1008 if (iter->second.isModuleJson && (!appPrivilegeCapability.allowMultiProcess || iter->second.process.empty())) {
1009 iter->second.process = applicationInfo.bundleName;
1010 }
1011 }
1012 return ERR_OK;
1013 }
1014
CheckDeviceType(std::unordered_map<std::string,InnerBundleInfo> & infos) const1015 ErrCode BundleInstallChecker::CheckDeviceType(std::unordered_map<std::string, InnerBundleInfo> &infos) const
1016 {
1017 std::string deviceType = GetDeviceType();
1018 APP_LOGD("deviceType is %{public}s", deviceType.c_str());
1019 for (const auto &info : infos) {
1020 std::vector<std::string> devVec = info.second.GetDeviceType(info.second.GetCurrentModulePackage());
1021 if (devVec.empty()) {
1022 APP_LOGW("deviceTypes is empty");
1023 continue;
1024 }
1025
1026 if ((deviceType == Constants::DEVICE_TYPE_OF_PHONE) &&
1027 (find(devVec.begin(), devVec.end(), Constants::DEVICE_TYPE_OF_DEFAULT) != devVec.end())) {
1028 APP_LOGW("current deviceType is phone and bundle is matched with default");
1029 continue;
1030 }
1031
1032 if ((deviceType == Constants::DEVICE_TYPE_OF_DEFAULT) &&
1033 (find(devVec.begin(), devVec.end(), Constants::DEVICE_TYPE_OF_PHONE) != devVec.end())) {
1034 APP_LOGW("current deviceType is default and bundle is matched with phone");
1035 continue;
1036 }
1037
1038 if (find(devVec.begin(), devVec.end(), deviceType) == devVec.end()) {
1039 APP_LOGE("%{public}s is not supported", deviceType.c_str());
1040 return ERR_APPEXECFWK_INSTALL_DEVICE_TYPE_NOT_SUPPORTED;
1041 }
1042 }
1043 return ERR_OK;
1044 }
1045 } // namespace AppExecFwk
1046 } // namespace OHOS