1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "bundle_install_checker.h"
17
18 #include "bundle_data_mgr.h"
19 #include "bundle_mgr_service.h"
20 #include "bundle_mgr_service_event_handler.h"
21 #include "bundle_parser.h"
22 #include "bundle_util.h"
23 #include "parameter.h"
24 #include "privilege_extension_ability_type.h"
25 #include "scope_guard.h"
26 #include "systemcapability.h"
27
28 namespace OHOS {
29 namespace AppExecFwk {
30 namespace {
31 const std::string PRIVILEGE_ALLOW_APP_DATA_NOT_CLEARED = "AllowAppDataNotCleared";
32 const std::string PRIVILEGE_ALLOW_APP_MULTI_PROCESS = "AllowAppMultiProcess";
33 const std::string PRIVILEGE_ALLOW_APP_DESKTOP_ICON_HIDE = "AllowAppDesktopIconHide";
34 const std::string PRIVILEGE_ALLOW_ABILITY_PRIORITY_QUERIED = "AllowAbilityPriorityQueried";
35 const std::string PRIVILEGE_ALLOW_ABILITY_EXCLUDE_FROM_MISSIONS = "AllowAbilityExcludeFromMissions";
36 const std::string PRIVILEGE_ALLOW_APP_USE_PRIVILEGE_EXTENSION = "AllowAppUsePrivilegeExtension";
37 const std::string PRIVILEGE_ALLOW_FORM_VISIBLE_NOTIFY = "AllowFormVisibleNotify";
38 const std::string ALLOW_APP_DATA_NOT_CLEARED = "allowAppDataNotCleared";
39 const std::string ALLOW_APP_MULTI_PROCESS = "allowAppMultiProcess";
40 const std::string ALLOW_APP_DESKTOP_ICON_HIDE = "allowAppDesktopIconHide";
41 const std::string ALLOW_ABILITY_PRIORITY_QUERIED = "allowAbilityPriorityQueried";
42 const std::string ALLOW_ABILITY_EXCLUDE_FROM_MISSIONS = "allowAbilityExcludeFromMissions";
43 const std::string ALLOW_APP_USE_PRIVILEGE_EXTENSION = "allowAppUsePrivilegeExtension";
44 const std::string ALLOW_FORM_VISIBLE_NOTIFY = "allowFormVisibleNotify";
45 const std::string APP_TEST_BUNDLE_NAME = "com.OpenHarmony.app.test";
46 const std::string BUNDLE_NAME_XTS_TEST = "com.acts.";
47
48 const std::unordered_map<Security::Verify::AppDistType, std::string> APP_DISTRIBUTION_TYPE_MAPS = {
49 { Security::Verify::AppDistType::NONE_TYPE, Constants::APP_DISTRIBUTION_TYPE_NONE },
50 { Security::Verify::AppDistType::APP_GALLERY, Constants::APP_DISTRIBUTION_TYPE_APP_GALLERY },
51 { Security::Verify::AppDistType::ENTERPRISE, Constants::APP_DISTRIBUTION_TYPE_ENTERPRISE },
52 { Security::Verify::AppDistType::OS_INTEGRATION, Constants::APP_DISTRIBUTION_TYPE_OS_INTEGRATION },
53 { Security::Verify::AppDistType::CROWDTESTING, Constants::APP_DISTRIBUTION_TYPE_CROWDTESTING },
54 };
55
56 const std::unordered_map<std::string, void (*)(AppPrivilegeCapability &appPrivilegeCapability)>
57 PRIVILEGE_MAP = {
58 { PRIVILEGE_ALLOW_APP_DATA_NOT_CLEARED,
__anon946961190202() 59 [] (AppPrivilegeCapability &appPrivilegeCapability) {
60 appPrivilegeCapability.userDataClearable = false;
61 } },
62 { PRIVILEGE_ALLOW_APP_MULTI_PROCESS,
__anon946961190302() 63 [] (AppPrivilegeCapability &appPrivilegeCapability) {
64 appPrivilegeCapability.allowMultiProcess = true;
65 } },
66 { PRIVILEGE_ALLOW_APP_DESKTOP_ICON_HIDE,
__anon946961190402() 67 [] (AppPrivilegeCapability &appPrivilegeCapability) {
68 appPrivilegeCapability.hideDesktopIcon = true;
69 } },
70 { PRIVILEGE_ALLOW_ABILITY_PRIORITY_QUERIED,
__anon946961190502() 71 [] (AppPrivilegeCapability &appPrivilegeCapability) {
72 appPrivilegeCapability.allowQueryPriority = true;
73 } },
74 { PRIVILEGE_ALLOW_ABILITY_EXCLUDE_FROM_MISSIONS,
__anon946961190602() 75 [] (AppPrivilegeCapability &appPrivilegeCapability) {
76 appPrivilegeCapability.allowExcludeFromMissions = true;
77 } },
78 { PRIVILEGE_ALLOW_APP_USE_PRIVILEGE_EXTENSION,
__anon946961190702() 79 [] (AppPrivilegeCapability &appPrivilegeCapability) {
80 appPrivilegeCapability.allowUsePrivilegeExtension = true;
81 } },
82 { PRIVILEGE_ALLOW_FORM_VISIBLE_NOTIFY,
__anon946961190802() 83 [] (AppPrivilegeCapability &appPrivilegeCapability) {
84 appPrivilegeCapability.formVisibleNotify = true;
85 } },
86 };
87
GetAppDistributionType(const Security::Verify::AppDistType & type)88 std::string GetAppDistributionType(const Security::Verify::AppDistType &type)
89 {
90 auto typeIter = APP_DISTRIBUTION_TYPE_MAPS.find(type);
91 if (typeIter == APP_DISTRIBUTION_TYPE_MAPS.end()) {
92 APP_LOGE("wrong AppDistType");
93 return Constants::APP_DISTRIBUTION_TYPE_NONE;
94 }
95
96 return typeIter->second;
97 }
98
GetAppProvisionType(const Security::Verify::ProvisionType & type)99 std::string GetAppProvisionType(const Security::Verify::ProvisionType &type)
100 {
101 if (type == Security::Verify::ProvisionType::DEBUG) {
102 return Constants::APP_PROVISION_TYPE_DEBUG;
103 }
104
105 return Constants::APP_PROVISION_TYPE_RELEASE;
106 }
107
IsPrivilegeExtensionAbilityType(ExtensionAbilityType type)108 bool IsPrivilegeExtensionAbilityType(ExtensionAbilityType type)
109 {
110 return PRIVILEGE_EXTENSION_ABILITY_TYPE.find(type) != PRIVILEGE_EXTENSION_ABILITY_TYPE.end();
111 }
112
IsSystemExtensionAbilityType(ExtensionAbilityType type)113 bool IsSystemExtensionAbilityType(ExtensionAbilityType type)
114 {
115 return SYSTEM_EXTENSION_ABILITY_TYPE.find(type) != SYSTEM_EXTENSION_ABILITY_TYPE.end();
116 }
117 }
118
CheckSysCap(const std::vector<std::string> & bundlePaths)119 ErrCode BundleInstallChecker::CheckSysCap(const std::vector<std::string> &bundlePaths)
120 {
121 APP_LOGD("check hap syscaps start.");
122 if (bundlePaths.empty()) {
123 APP_LOGE("check hap syscaps failed due to empty bundlePaths!");
124 return ERR_APPEXECFWK_INSTALL_PARAM_ERROR;
125 }
126
127 ErrCode result = ERR_OK;
128 BundleParser bundleParser;
129 for (const auto &bundlePath : bundlePaths) {
130 std::vector<std::string> bundleSysCaps;
131 result = bundleParser.ParseSysCap(bundlePath, bundleSysCaps);
132 if (result != ERR_OK) {
133 APP_LOGE("parse bundle syscap failed, error: %{public}d", result);
134 return result;
135 }
136
137 for (const auto &bundleSysCapItem : bundleSysCaps) {
138 APP_LOGD("check syscap(%{public}s)", bundleSysCapItem.c_str());
139 if (!HasSystemCapability(bundleSysCapItem.c_str())) {
140 APP_LOGE("check syscap failed which %{public}s is not exsit",
141 bundleSysCapItem.c_str());
142 return ERR_APPEXECFWK_INSTALL_CHECK_SYSCAP_FAILED;
143 }
144 }
145 }
146
147 APP_LOGD("finish check hap syscaps");
148 return result;
149 }
150
CheckMultipleHapsSignInfo(const std::vector<std::string> & bundlePaths,std::vector<Security::Verify::HapVerifyResult> & hapVerifyRes)151 ErrCode BundleInstallChecker::CheckMultipleHapsSignInfo(
152 const std::vector<std::string> &bundlePaths,
153 std::vector<Security::Verify::HapVerifyResult>& hapVerifyRes)
154 {
155 APP_LOGD("Check multiple haps signInfo");
156 if (bundlePaths.empty()) {
157 APP_LOGE("check hap sign info failed due to empty bundlePaths!");
158 return ERR_APPEXECFWK_INSTALL_PARAM_ERROR;
159 }
160
161 for (const std::string &bundlePath : bundlePaths) {
162 Security::Verify::HapVerifyResult hapVerifyResult;
163 #ifndef X86_EMULATOR_MODE
164 auto verifyRes = BundleVerifyMgr::HapVerify(bundlePath, hapVerifyResult);
165 if (verifyRes != ERR_OK) {
166 APP_LOGE("hap file verify failed");
167 return verifyRes;
168 }
169 #else
170 BundleVerifyMgr::ParseHapProfile(bundlePath, hapVerifyResult);
171 #endif
172 hapVerifyRes.emplace_back(hapVerifyResult);
173 }
174
175 if (hapVerifyRes.empty()) {
176 APP_LOGE("no sign info in the all haps!");
177 return ERR_APPEXECFWK_INSTALL_FAILED_INCOMPATIBLE_SIGNATURE;
178 }
179
180 #ifndef X86_EMULATOR_MODE
181 auto appId = hapVerifyRes[0].GetProvisionInfo().appId;
182 auto apl = hapVerifyRes[0].GetProvisionInfo().bundleInfo.apl;
183 auto appDistributionType = hapVerifyRes[0].GetProvisionInfo().distributionType;
184 auto appProvisionType = hapVerifyRes[0].GetProvisionInfo().type;
185 bool isInvalid = std::any_of(hapVerifyRes.begin(), hapVerifyRes.end(),
186 [appId, apl, appDistributionType, appProvisionType](const auto &hapVerifyResult) {
187 if (appId != hapVerifyResult.GetProvisionInfo().appId) {
188 APP_LOGE("error: hap files have different appId");
189 return true;
190 }
191 if (apl != hapVerifyResult.GetProvisionInfo().bundleInfo.apl) {
192 APP_LOGE("error: hap files have different apl");
193 return true;
194 }
195 if (appDistributionType != hapVerifyResult.GetProvisionInfo().distributionType) {
196 APP_LOGE("error: hap files have different appDistributionType");
197 return true;
198 }
199 if (appProvisionType != hapVerifyResult.GetProvisionInfo().type) {
200 APP_LOGE("error: hap files have different appProvisionType");
201 return true;
202 }
203 return false;
204 });
205 if (isInvalid) {
206 return ERR_APPEXECFWK_INSTALL_FAILED_INCOMPATIBLE_SIGNATURE;
207 }
208 #endif
209 APP_LOGD("finish check multiple haps signInfo");
210 return ERR_OK;
211 }
212
ParseHapFiles(const std::vector<std::string> & bundlePaths,const InstallCheckParam & checkParam,std::vector<Security::Verify::HapVerifyResult> & hapVerifyRes,std::unordered_map<std::string,InnerBundleInfo> & infos)213 ErrCode BundleInstallChecker::ParseHapFiles(
214 const std::vector<std::string> &bundlePaths,
215 const InstallCheckParam &checkParam,
216 std::vector<Security::Verify::HapVerifyResult> &hapVerifyRes,
217 std::unordered_map<std::string, InnerBundleInfo> &infos)
218 {
219 APP_LOGD("Parse hap file");
220 ErrCode result = ERR_OK;
221 for (uint32_t i = 0; i < bundlePaths.size(); ++i) {
222 InnerBundleInfo newInfo;
223 BundlePackInfo packInfo;
224 newInfo.SetAppType(checkParam.appType);
225 Security::Verify::ProvisionInfo provisionInfo = hapVerifyRes[i].GetProvisionInfo();
226 bool isSystemApp = (provisionInfo.bundleInfo.appFeature == Constants::HOS_SYSTEM_APP ||
227 provisionInfo.bundleInfo.appFeature == Constants::OHOS_SYSTEM_APP) ||
228 (bundlePaths[i].find(Constants::SYSTEM_APP_SCAN_PATH) == 0);
229 if (isSystemApp) {
230 newInfo.SetAppType(Constants::AppType::SYSTEM_APP);
231 }
232
233 newInfo.SetIsPreInstallApp(checkParam.isPreInstallApp);
234 result = ParseBundleInfo(bundlePaths[i], newInfo, packInfo);
235 if (result != ERR_OK) {
236 APP_LOGE("bundle parse failed %{public}d", result);
237 return result;
238 }
239 #ifndef X86_EMULATOR_MODE
240 result = CheckBundleName(provisionInfo.bundleInfo.bundleName, newInfo.GetBundleName());
241 if (result != ERR_OK) {
242 APP_LOGE("check provision bundleName failed");
243 return result;
244 }
245 #endif
246 if (newInfo.HasEntry()) {
247 if (isContainEntry_) {
248 APP_LOGE("more than one entry hap in the direction!");
249 return ERR_APPEXECFWK_INSTALL_INVALID_NUMBER_OF_ENTRY_HAP;
250 }
251 isContainEntry_ = true;
252 }
253
254 SetEntryInstallationFree(packInfo, newInfo);
255 result = CheckMainElement(newInfo);
256 if (result != ERR_OK) {
257 return result;
258 }
259 AppPrivilegeCapability appPrivilegeCapability;
260 // from provision file
261 ParseAppPrivilegeCapability(provisionInfo, appPrivilegeCapability);
262 // form install_list_capability.json, higher priority than provision file
263 FetchPrivilegeCapabilityFromPreConfig(
264 newInfo.GetBundleName(), provisionInfo.fingerprint, appPrivilegeCapability);
265 // process bundleInfo by appPrivilegeCapability
266 result = ProcessBundleInfoByPrivilegeCapability(appPrivilegeCapability, newInfo);
267 if (result != ERR_OK) {
268 return result;
269 }
270 CollectProvisionInfo(provisionInfo, appPrivilegeCapability, newInfo);
271 #ifdef USE_PRE_BUNDLE_PROFILE
272 GetPrivilegeCapability(checkParam, newInfo);
273 #endif
274 if (provisionInfo.distributionType == Security::Verify::AppDistType::CROWDTESTING) {
275 newInfo.SetAppCrowdtestDeadline(checkParam.crowdtestDeadline);
276 } else {
277 newInfo.SetAppCrowdtestDeadline(Constants::INVALID_CROWDTEST_DEADLINE);
278 }
279 if ((result = CheckSystemSize(bundlePaths[i], checkParam.appType)) != ERR_OK) {
280 APP_LOGE("install failed due to insufficient disk memory");
281 return result;
282 }
283
284 infos.emplace(bundlePaths[i], newInfo);
285 }
286 if ((result = CheckModuleNameForMulitHaps(infos)) != ERR_OK) {
287 APP_LOGE("install failed due to duplicated moduleName");
288 return result;
289 }
290 APP_LOGD("finish parse hap file");
291 return result;
292 }
293
CheckDependency(std::unordered_map<std::string,InnerBundleInfo> & infos)294 ErrCode BundleInstallChecker::CheckDependency(std::unordered_map<std::string, InnerBundleInfo> &infos)
295 {
296 APP_LOGD("CheckDependency");
297
298 for (const auto &info : infos) {
299 if (info.second.GetInnerModuleInfos().empty()) {
300 continue;
301 }
302 // There is only one innerModuleInfo when installing
303 InnerModuleInfo moduleInfo = info.second.GetInnerModuleInfos().begin()->second;
304 bool isModuleExist = false;
305 for (const auto &dependency : moduleInfo.dependencies) {
306 if (!NeedCheckDependency(dependency, info.second)) {
307 APP_LOGD("deliveryWithInstall is false, do not check whether the dependency exists.");
308 continue;
309 }
310
311 std::string bundleName =
312 dependency.bundleName.empty() ? info.second.GetBundleName() : dependency.bundleName;
313 isModuleExist = FindModuleInInstallingPackage(dependency.moduleName, bundleName, infos);
314 if (!isModuleExist) {
315 APP_LOGW("The depend module:%{public}s is not exist in installing package.",
316 dependency.moduleName.c_str());
317 isModuleExist = FindModuleInInstalledPackage(dependency.moduleName, bundleName,
318 info.second.GetVersionCode());
319 if (!isModuleExist) {
320 APP_LOGE("The depend module:%{public}s is not exist.", dependency.moduleName.c_str());
321 return ERR_APPEXECFWK_INSTALL_DEPENDENT_MODULE_NOT_EXIST;
322 }
323 }
324 }
325 }
326
327 return ERR_OK;
328 }
329
NeedCheckDependency(const Dependency & dependency,const InnerBundleInfo & info)330 bool BundleInstallChecker::NeedCheckDependency(const Dependency &dependency, const InnerBundleInfo &info)
331 {
332 APP_LOGD("NeedCheckDependency the moduleName is %{public}s, the bundleName is %{public}s.",
333 dependency.moduleName.c_str(), dependency.bundleName.c_str());
334
335 if (!dependency.bundleName.empty() && dependency.bundleName != info.GetBundleName()) {
336 APP_LOGD("Cross-app dependencies, need check dependency.");
337 return true;
338 }
339 std::vector<PackageModule> modules = info.GetBundlePackInfo().summary.modules;
340 if (modules.empty()) {
341 APP_LOGD("NeedCheckDependency modules is empty, need check dependency.");
342 return true;
343 }
344 for (const auto &module : modules) {
345 if (module.distro.moduleName == dependency.moduleName) {
346 return module.distro.deliveryWithInstall;
347 }
348 }
349
350 APP_LOGD("NeedCheckDependency the module not found, need check dependency.");
351 return true;
352 }
353
FindModuleInInstallingPackage(const std::string & moduleName,const std::string & bundleName,const std::unordered_map<std::string,InnerBundleInfo> & infos)354 bool BundleInstallChecker::FindModuleInInstallingPackage(
355 const std::string &moduleName,
356 const std::string &bundleName,
357 const std::unordered_map<std::string, InnerBundleInfo> &infos)
358 {
359 APP_LOGD("FindModuleInInstallingPackage the moduleName is %{public}s, the bundleName is %{public}s.",
360 moduleName.c_str(), bundleName.c_str());
361 for (const auto &info : infos) {
362 if (info.second.GetBundleName() == bundleName) {
363 if (info.second.GetInnerModuleInfos().empty()) {
364 continue;
365 }
366 // There is only one innerModuleInfo when installing
367 InnerModuleInfo moduleInfo = info.second.GetInnerModuleInfos().begin()->second;
368 if (moduleInfo.moduleName == moduleName) {
369 return true;
370 }
371 }
372 }
373 return false;
374 }
375
FindModuleInInstalledPackage(const std::string & moduleName,const std::string & bundleName,uint32_t versionCode)376 bool BundleInstallChecker::FindModuleInInstalledPackage(
377 const std::string &moduleName,
378 const std::string &bundleName,
379 uint32_t versionCode)
380 {
381 APP_LOGD("FindModuleInInstalledPackage the moduleName is %{public}s, the bundleName is %{public}s.",
382 moduleName.c_str(), bundleName.c_str());
383 std::shared_ptr<BundleDataMgr> dataMgr = DelayedSingleton<BundleMgrService>::GetInstance()->GetDataMgr();
384 if (dataMgr == nullptr) {
385 APP_LOGE("Get dataMgr shared_ptr nullptr");
386 return false;
387 }
388
389 ScopeGuard enableGuard([&dataMgr, &bundleName] { dataMgr->EnableBundle(bundleName); });
390 InnerBundleInfo bundleInfo;
391 bool isBundleExist = dataMgr->GetInnerBundleInfo(bundleName, bundleInfo);
392 if (!isBundleExist) {
393 APP_LOGE("the bundle: %{public}s is not install", bundleName.c_str());
394 return false;
395 }
396 if (!bundleInfo.FindModule(moduleName)) {
397 APP_LOGE("the module: %{public}s is not install", moduleName.c_str());
398 return false;
399 }
400 if (bundleInfo.GetVersionCode() != versionCode) {
401 APP_LOGE("the versionCode %{public}d of dependency is not consistent with the installed module",
402 bundleInfo.GetVersionCode());
403 return false;
404 }
405 return true;
406 }
407
CheckBundleName(const std::string & provisionBundleName,const std::string & bundleName)408 ErrCode BundleInstallChecker::CheckBundleName(const std::string &provisionBundleName, const std::string &bundleName)
409 {
410 APP_LOGD("CheckBundleName provisionBundleName:%{public}s, bundleName:%{public}s",
411 provisionBundleName.c_str(), bundleName.c_str());
412 if (provisionBundleName.empty() || bundleName.empty()) {
413 APP_LOGE("CheckBundleName provisionBundleName:%{public}s, bundleName:%{public}s failed",
414 provisionBundleName.c_str(), bundleName.c_str());
415 return ERR_APPEXECFWK_INSTALL_FAILED_BUNDLE_SIGNATURE_VERIFICATION_FAILURE;
416 }
417 if (provisionBundleName == bundleName) {
418 return ERR_OK;
419 }
420 APP_LOGE("CheckBundleName failed provisionBundleName:%{public}s, bundleName:%{public}s",
421 provisionBundleName.c_str(), bundleName.c_str());
422 return ERR_APPEXECFWK_INSTALL_FAILED_BUNDLE_SIGNATURE_VERIFICATION_FAILURE;
423 }
424
CollectProvisionInfo(const Security::Verify::ProvisionInfo & provisionInfo,const AppPrivilegeCapability & appPrivilegeCapability,InnerBundleInfo & newInfo)425 void BundleInstallChecker::CollectProvisionInfo(
426 const Security::Verify::ProvisionInfo &provisionInfo,
427 const AppPrivilegeCapability &appPrivilegeCapability,
428 InnerBundleInfo &newInfo)
429 {
430 newInfo.SetProvisionId(provisionInfo.appId);
431 newInfo.SetAppFeature(provisionInfo.bundleInfo.appFeature);
432 newInfo.SetAppPrivilegeLevel(provisionInfo.bundleInfo.apl);
433 newInfo.SetAllowedAcls(provisionInfo.acls.allowedAcls);
434 newInfo.SetCertificateFingerprint(provisionInfo.fingerprint);
435 newInfo.SetAppDistributionType(GetAppDistributionType(provisionInfo.distributionType));
436 newInfo.SetAppProvisionType(GetAppProvisionType(provisionInfo.type));
437 SetAppProvisionMetadata(provisionInfo.metadatas, newInfo);
438 #ifdef USE_PRE_BUNDLE_PROFILE
439 newInfo.SetUserDataClearable(appPrivilegeCapability.userDataClearable);
440 newInfo.SetHideDesktopIcon(appPrivilegeCapability.hideDesktopIcon);
441 newInfo.SetFormVisibleNotify(appPrivilegeCapability.formVisibleNotify);
442 #endif
443 }
444
SetAppProvisionMetadata(const std::vector<Security::Verify::Metadata> & provisionMetadatas,InnerBundleInfo & newInfo)445 void BundleInstallChecker::SetAppProvisionMetadata(const std::vector<Security::Verify::Metadata> &provisionMetadatas,
446 InnerBundleInfo &newInfo)
447 {
448 if (provisionMetadatas.empty()) {
449 return;
450 }
451 std::vector<Metadata> metadatas;
452 for (const auto &it : provisionMetadatas) {
453 Metadata metadata;
454 metadata.name = it.name;
455 metadata.value = it.value;
456 metadatas.emplace_back(metadata);
457 }
458 newInfo.SetAppProvisionMetadata(metadatas);
459 }
460
GetPrivilegeCapability(const InstallCheckParam & checkParam,InnerBundleInfo & newInfo)461 void BundleInstallChecker::GetPrivilegeCapability(
462 const InstallCheckParam &checkParam, InnerBundleInfo &newInfo)
463 {
464 // Reset privilege capability
465 newInfo.SetKeepAlive(false);
466 newInfo.SetSingleton(false);
467
468 newInfo.SetRemovable(checkParam.removable);
469 PreBundleConfigInfo preBundleConfigInfo;
470 preBundleConfigInfo.bundleName = newInfo.GetBundleName();
471 BMSEventHandler::GetPreInstallCapability(preBundleConfigInfo);
472 bool ret = false;
473 if (!preBundleConfigInfo.appSignature.empty()) {
474 ret = std::find(
475 preBundleConfigInfo.appSignature.begin(),
476 preBundleConfigInfo.appSignature.end(),
477 newInfo.GetCertificateFingerprint()) !=
478 preBundleConfigInfo.appSignature.end();
479 }
480
481 if (!ret) {
482 APP_LOGW("appSignature is incompatible");
483 return;
484 }
485
486 newInfo.SetKeepAlive(preBundleConfigInfo.keepAlive);
487 newInfo.SetSingleton(preBundleConfigInfo.singleton);
488 newInfo.SetRunningResourcesApply(preBundleConfigInfo.runningResourcesApply);
489 newInfo.SetAssociatedWakeUp(preBundleConfigInfo.associatedWakeUp);
490 newInfo.SetAllowCommonEvent(preBundleConfigInfo.allowCommonEvent);
491 }
492
SetPackInstallationFree(BundlePackInfo & bundlePackInfo,const InnerBundleInfo & innerBundleInfo) const493 void BundleInstallChecker::SetPackInstallationFree(BundlePackInfo &bundlePackInfo,
494 const InnerBundleInfo &innerBundleInfo) const
495 {
496 if (innerBundleInfo.GetIsNewVersion()) {
497 if (innerBundleInfo.GetApplicationBundleType() == BundleType::ATOMIC_SERVICE) {
498 for (auto &item : bundlePackInfo.summary.modules) {
499 item.distro.installationFree = true;
500 }
501 return;
502 }
503 for (auto &item : bundlePackInfo.summary.modules) {
504 item.distro.installationFree = false;
505 }
506 }
507 }
508
ParseBundleInfo(const std::string & bundleFilePath,InnerBundleInfo & info,BundlePackInfo & packInfo) const509 ErrCode BundleInstallChecker::ParseBundleInfo(
510 const std::string &bundleFilePath,
511 InnerBundleInfo &info,
512 BundlePackInfo &packInfo) const
513 {
514 BundleParser bundleParser;
515 ErrCode result = bundleParser.Parse(bundleFilePath, info);
516 if (result != ERR_OK) {
517 APP_LOGE("parse bundle info failed, error: %{public}d", result);
518 return result;
519 }
520
521 if (!packInfo.GetValid()) {
522 result = bundleParser.ParsePackInfo(bundleFilePath, packInfo);
523 if (result != ERR_OK) {
524 APP_LOGE("parse bundle pack info failed, error: %{public}d", result);
525 return result;
526 }
527
528 SetPackInstallationFree(packInfo, info);
529 info.SetBundlePackInfo(packInfo);
530 packInfo.SetValid(true);
531 }
532
533 return ERR_OK;
534 }
535
SetEntryInstallationFree(const BundlePackInfo & bundlePackInfo,InnerBundleInfo & innerBundleInfo)536 void BundleInstallChecker::SetEntryInstallationFree(
537 const BundlePackInfo &bundlePackInfo,
538 InnerBundleInfo &innerBundleInfo)
539 {
540 APP_LOGI("SetEntryInstallationFree start");
541 if (!bundlePackInfo.GetValid()) {
542 APP_LOGW("no pack.info in the hap file");
543 return;
544 }
545
546 auto packageModule = bundlePackInfo.summary.modules;
547 auto installationFree = std::any_of(packageModule.begin(), packageModule.end(), [&](const auto &module) {
548 return module.distro.moduleType == "entry" && module.distro.installationFree;
549 });
550 if (installationFree) {
551 APP_LOGI("install or update hm service");
552 }
553 if (innerBundleInfo.GetIsNewVersion()) {
554 installationFree = innerBundleInfo.GetApplicationBundleType() == BundleType::ATOMIC_SERVICE;
555 }
556
557 innerBundleInfo.SetEntryInstallationFree(installationFree);
558 if (installationFree && !innerBundleInfo.GetIsNewVersion()) {
559 innerBundleInfo.SetApplicationBundleType(BundleType::ATOMIC_SERVICE);
560 }
561 APP_LOGI("SetEntryInstallationFree end");
562 }
563
CheckSystemSize(const std::string & bundlePath,const Constants::AppType appType) const564 ErrCode BundleInstallChecker::CheckSystemSize(
565 const std::string &bundlePath,
566 const Constants::AppType appType) const
567 {
568 if ((appType == Constants::AppType::SYSTEM_APP) &&
569 (BundleUtil::CheckSystemSize(bundlePath, Constants::SYSTEM_APP_INSTALL_PATH))) {
570 return ERR_OK;
571 }
572
573 if ((appType == Constants::AppType::THIRD_SYSTEM_APP) &&
574 (BundleUtil::CheckSystemSize(bundlePath, Constants::THIRD_SYSTEM_APP_INSTALL_PATH))) {
575 return ERR_OK;
576 }
577
578 if ((appType == Constants::AppType::THIRD_PARTY_APP) &&
579 (BundleUtil::CheckSystemSize(bundlePath, Constants::THIRD_PARTY_APP_INSTALL_PATH))) {
580 return ERR_OK;
581 }
582
583 APP_LOGE("install failed due to insufficient disk memory");
584 return ERR_APPEXECFWK_INSTALL_DISK_MEM_INSUFFICIENT;
585 }
586
CheckHapHashParams(std::unordered_map<std::string,InnerBundleInfo> & infos,std::map<std::string,std::string> hashParams)587 ErrCode BundleInstallChecker::CheckHapHashParams(
588 std::unordered_map<std::string, InnerBundleInfo> &infos,
589 std::map<std::string, std::string> hashParams)
590 {
591 if (hashParams.empty()) {
592 APP_LOGD("hashParams is empty");
593 return ERR_OK;
594 }
595
596 std::vector<std::string> hapModuleNames;
597 for (auto &info : infos) {
598 std::vector<std::string> moduleNames;
599 info.second.GetModuleNames(moduleNames);
600 if (moduleNames.empty()) {
601 APP_LOGE("hap(%{public}s) moduleName is empty", info.first.c_str());
602 return ERR_APPEXECFWK_INSTALL_FAILED_MODULE_NAME_EMPTY;
603 }
604
605 if (std::find(hapModuleNames.begin(), hapModuleNames.end(), moduleNames[0]) != hapModuleNames.end()) {
606 APP_LOGE("hap moduleName(%{public}s) duplicate", moduleNames[0].c_str());
607 return ERR_APPEXECFWK_INSTALL_FAILED_MODULE_NAME_DUPLICATE;
608 }
609
610 hapModuleNames.emplace_back(moduleNames[0]);
611 auto hashParamIter = hashParams.find(moduleNames[0]);
612 if (hashParamIter != hashParams.end()) {
613 info.second.SetModuleHashValue(hashParamIter->second);
614 hashParams.erase(hashParamIter);
615 }
616 }
617
618 if (!hashParams.empty()) {
619 APP_LOGE("Some hashParam moduleName is not exist in hap moduleNames");
620 return ERR_APPEXECFWK_INSTALL_FAILED_CHECK_HAP_HASH_PARAM;
621 }
622
623 return ERR_OK;
624 }
625
CheckAppLabelInfo(const std::unordered_map<std::string,InnerBundleInfo> & infos)626 ErrCode BundleInstallChecker::CheckAppLabelInfo(
627 const std::unordered_map<std::string, InnerBundleInfo> &infos)
628 {
629 APP_LOGD("Check APP label");
630 ErrCode ret = ERR_OK;
631 std::string bundleName = (infos.begin()->second).GetBundleName();
632 std::string vendor = (infos.begin()->second).GetVendor();
633 uint32_t versionCode = (infos.begin()->second).GetVersionCode();
634 std::string versionName = (infos.begin()->second).GetVersionName();
635 uint32_t minCompatibleVersionCode = (infos.begin()->second).GetMinCompatibleVersionCode();
636 uint32_t target = (infos.begin()->second).GetTargetVersion();
637 std::string releaseType = (infos.begin()->second).GetReleaseType();
638 uint32_t compatible = (infos.begin()->second).GetCompatibleVersion();
639 bool singleton = (infos.begin()->second).IsSingleton();
640 Constants::AppType appType = (infos.begin()->second).GetAppType();
641 bool isStage = (infos.begin()->second).GetIsNewVersion();
642 bool asanEnabled = (infos.begin()->second).GetAsanEnabled();
643 BundleType bundleType = (infos.begin()->second).GetApplicationBundleType();
644 bool isHmService = (infos.begin()->second).GetEntryInstallationFree();
645
646 for (const auto &info : infos) {
647 // check bundleName
648 if (bundleName != info.second.GetBundleName()) {
649 return ERR_APPEXECFWK_INSTALL_BUNDLENAME_NOT_SAME;
650 }
651 // check version
652 if (versionCode != info.second.GetVersionCode()) {
653 return ERR_APPEXECFWK_INSTALL_VERSIONCODE_NOT_SAME;
654 }
655 if (versionName != info.second.GetVersionName()) {
656 return ERR_APPEXECFWK_INSTALL_VERSIONNAME_NOT_SAME;
657 }
658 if (minCompatibleVersionCode != info.second.GetMinCompatibleVersionCode()) {
659 return ERR_APPEXECFWK_INSTALL_MINCOMPATIBLE_VERSIONCODE_NOT_SAME;
660 }
661 // check vendor
662 if (vendor != info.second.GetVendor()) {
663 return ERR_APPEXECFWK_INSTALL_VENDOR_NOT_SAME;
664 }
665 // check release type
666 if (target != info.second.GetTargetVersion()) {
667 return ERR_APPEXECFWK_INSTALL_RELEASETYPE_TARGET_NOT_SAME;
668 }
669 if (compatible != info.second.GetCompatibleVersion()) {
670 return ERR_APPEXECFWK_INSTALL_RELEASETYPE_COMPATIBLE_NOT_SAME;
671 }
672 if (releaseType != info.second.GetReleaseType()) {
673 return ERR_APPEXECFWK_INSTALL_RELEASETYPE_NOT_SAME;
674 }
675 if (singleton != info.second.IsSingleton()) {
676 return ERR_APPEXECFWK_INSTALL_SINGLETON_NOT_SAME;
677 }
678 if (appType != info.second.GetAppType()) {
679 return ERR_APPEXECFWK_INSTALL_APPTYPE_NOT_SAME;
680 }
681 // check model type(FA or stage)
682 if (isStage != info.second.GetIsNewVersion()) {
683 APP_LOGE("must be all FA model or all stage model");
684 return ERR_APPEXECFWK_INSTALL_STATE_ERROR;
685 }
686 // check asanEnabled
687 if (asanEnabled != info.second.GetAsanEnabled()) {
688 APP_LOGE("asanEnabled is not same");
689 return ERR_APPEXECFWK_INSTALL_ASAN_ENABLED_NOT_SAME;
690 }
691 if (bundleType != info.second.GetApplicationBundleType()) {
692 return ERR_APPEXECFWK_BUNDLE_TYPE_NOT_SAME;
693 }
694 if (isHmService != info.second.GetEntryInstallationFree()) {
695 APP_LOGE("application and hm service are not allowed installed simultaneously.");
696 return ERR_APPEXECFWK_INSTALL_TYPE_ERROR;
697 }
698 }
699 // check api sdk version
700 if ((infos.begin()->second).GetCompatibleVersion() > static_cast<uint32_t>(GetSdkApiVersion())) {
701 return ERR_APPEXECFWK_INSTALL_SDK_INCOMPATIBLE;
702 }
703 APP_LOGD("finish check APP label");
704 return ret;
705 }
706
CheckMultiNativeFile(std::unordered_map<std::string,InnerBundleInfo> & infos)707 ErrCode BundleInstallChecker::CheckMultiNativeFile(
708 std::unordered_map<std::string, InnerBundleInfo> &infos)
709 {
710 ErrCode result = CheckMultiNativeSo(infos);
711 if (result != ERR_OK) {
712 APP_LOGE("Check multi nativeSo failed, result: %{public}d", result);
713 return result;
714 }
715
716 result = CheckMultiArkNativeFile(infos);
717 if (result != ERR_OK) {
718 APP_LOGE("Check multi arkNativeFile failed, result: %{public}d", result);
719 return result;
720 }
721
722 return ERR_OK;
723 }
724
CheckMultiArkNativeFile(std::unordered_map<std::string,InnerBundleInfo> & infos)725 ErrCode BundleInstallChecker::CheckMultiArkNativeFile(
726 std::unordered_map<std::string, InnerBundleInfo> &infos)
727 {
728 std::string arkNativeFileAbi = (infos.begin()->second).GetArkNativeFileAbi();
729 for (const auto &info : infos) {
730 if (info.second.GetArkNativeFileAbi().empty()) {
731 continue;
732 }
733 if (arkNativeFileAbi.empty()) {
734 arkNativeFileAbi = info.second.GetArkNativeFileAbi();
735 continue;
736 }
737 if (arkNativeFileAbi != info.second.GetArkNativeFileAbi()) {
738 return ERR_APPEXECFWK_INSTALL_AN_INCOMPATIBLE;
739 }
740 }
741
742 // Ensure the an is consistent in multiple haps
743 if (!arkNativeFileAbi.empty()) {
744 for (auto &info : infos) {
745 info.second.SetArkNativeFileAbi(arkNativeFileAbi);
746 }
747 }
748
749 return ERR_OK;
750 }
751
CheckMultiNativeSo(std::unordered_map<std::string,InnerBundleInfo> & infos)752 ErrCode BundleInstallChecker::CheckMultiNativeSo(
753 std::unordered_map<std::string, InnerBundleInfo> &infos)
754 {
755 std::string nativeLibraryPath = (infos.begin()->second).GetNativeLibraryPath();
756 std::string cpuAbi = (infos.begin()->second).GetCpuAbi();
757 for (const auto &info : infos) {
758 if (info.second.GetNativeLibraryPath().empty()) {
759 continue;
760 }
761 if (nativeLibraryPath.empty()) {
762 nativeLibraryPath = info.second.GetNativeLibraryPath();
763 cpuAbi = info.second.GetCpuAbi();
764 continue;
765 }
766 if (nativeLibraryPath != info.second.GetNativeLibraryPath()
767 || cpuAbi != info.second.GetCpuAbi()) {
768 return ERR_APPEXECFWK_INSTALL_SO_INCOMPATIBLE;
769 }
770 }
771
772 // Ensure the so is consistent in multiple haps
773 if (!nativeLibraryPath.empty()) {
774 for (auto &info : infos) {
775 info.second.SetNativeLibraryPath(nativeLibraryPath);
776 info.second.SetCpuAbi(cpuAbi);
777 }
778 }
779
780 return ERR_OK;
781 }
782
ResetProperties()783 void BundleInstallChecker::ResetProperties()
784 {
785 isContainEntry_ = false;
786 }
787
ParseAppPrivilegeCapability(const Security::Verify::ProvisionInfo & provisionInfo,AppPrivilegeCapability & appPrivilegeCapability)788 void BundleInstallChecker::ParseAppPrivilegeCapability(
789 const Security::Verify::ProvisionInfo &provisionInfo,
790 AppPrivilegeCapability &appPrivilegeCapability)
791 {
792 for (const auto &appPrivilege : provisionInfo.appPrivilegeCapabilities) {
793 auto iter = PRIVILEGE_MAP.find(appPrivilege);
794 if (iter != PRIVILEGE_MAP.end()) {
795 iter->second(appPrivilegeCapability);
796 }
797 }
798 if ((provisionInfo.bundleInfo.bundleName != APP_TEST_BUNDLE_NAME) &&
799 (provisionInfo.bundleInfo.bundleName.find(BUNDLE_NAME_XTS_TEST) != 0)) {
800 appPrivilegeCapability.allowMultiProcess = false;
801 appPrivilegeCapability.allowUsePrivilegeExtension = false;
802 appPrivilegeCapability.formVisibleNotify = false;
803 }
804 APP_LOGD("AppPrivilegeCapability %{public}s",
805 appPrivilegeCapability.ToString().c_str());
806 #ifndef USE_PRE_BUNDLE_PROFILE
807 appPrivilegeCapability.allowMultiProcess = true;
808 appPrivilegeCapability.allowUsePrivilegeExtension = true;
809 #endif
810 }
811
CheckModuleNameForMulitHaps(const std::unordered_map<std::string,InnerBundleInfo> & infos) const812 ErrCode BundleInstallChecker::CheckModuleNameForMulitHaps(
813 const std::unordered_map<std::string, InnerBundleInfo> &infos) const
814 {
815 std::set<std::string> moduleSet;
816 for (const auto &info : infos) {
817 std::vector<std::string> moduleVec = info.second.GetDistroModuleName();
818 if (moduleVec.empty()) {
819 APP_LOGE("moduleName vector is empty");
820 return ERR_APPEXECFWK_INSTALL_INTERNAL_ERROR;
821 }
822 moduleSet.insert(moduleVec[0]);
823 }
824
825 if (moduleSet.size() != infos.size()) {
826 APP_LOGE("someone moduleName is not unique in the haps");
827 return ERR_APPEXECFWK_INSTALL_NOT_UNIQUE_DISTRO_MODULE_NAME;
828 }
829 return ERR_OK;
830 }
831
IsExistedDistroModule(const InnerBundleInfo & newInfo,const InnerBundleInfo & info) const832 bool BundleInstallChecker::IsExistedDistroModule(const InnerBundleInfo &newInfo, const InnerBundleInfo &info) const
833 {
834 std::string moduleName = newInfo.GetCurModuleName();
835 std::string packageName = newInfo.GetCurrentModulePackage();
836 if (packageName.empty() || moduleName.empty()) {
837 APP_LOGE("IsExistedDistroModule failed due to invalid packageName or moduleName");
838 return false;
839 }
840 std::string oldModuleName = info.GetModuleNameByPackage(packageName);
841 // if FA update to Stage, allow module name inconsistent
842 bool isFAToStage = !info.GetIsNewVersion() && newInfo.GetIsNewVersion();
843 if (!isFAToStage) {
844 // if not FA update to Stage, check consistency of module name
845 if (moduleName.compare(oldModuleName) != 0) {
846 APP_LOGE("no moduleName in the innerModuleInfo");
847 return false;
848 }
849 }
850 // check consistency of module type
851 std::string newModuleType = newInfo.GetModuleTypeByPackage(packageName);
852 std::string oldModuleType = info.GetModuleTypeByPackage(packageName);
853 if (newModuleType.compare(oldModuleType) != 0) {
854 APP_LOGE("moduleType is different between the new hap and the original hap");
855 return false;
856 }
857
858 return true;
859 }
860
IsContainModuleName(const InnerBundleInfo & newInfo,const InnerBundleInfo & info) const861 bool BundleInstallChecker::IsContainModuleName(const InnerBundleInfo &newInfo, const InnerBundleInfo &info) const
862 {
863 std::string moduleName = newInfo.GetCurModuleName();
864 std::vector<std::string> moduleVec = info.GetDistroModuleName();
865 if (moduleName.empty() || moduleVec.empty()) {
866 APP_LOGE("IsContainModuleName failed due to invalid moduleName or modulevec");
867 return false;
868 }
869 return (find(moduleVec.cbegin(), moduleVec.cend(), moduleName) == moduleVec.cend()) ? false : true;
870 }
871
CheckMainElement(const InnerBundleInfo & info)872 ErrCode BundleInstallChecker::CheckMainElement(const InnerBundleInfo &info)
873 {
874 const std::map<std::string, InnerModuleInfo> &innerModuleInfos = info.GetInnerModuleInfos();
875 if (innerModuleInfos.empty()) {
876 return ERR_OK;
877 }
878 if (innerModuleInfos.cbegin()->second.distro.moduleType == Profile::MODULE_TYPE_SHARED) {
879 return ERR_OK;
880 }
881 if (info.GetEntryInstallationFree() && innerModuleInfos.cbegin()->second.mainAbility.empty()) {
882 APP_LOGE("atomic service's mainElement can't be empty.");
883 return ERR_APPEXECFWK_PARSE_PROFILE_PROP_CHECK_ERROR;
884 }
885 return ERR_OK;
886 }
887
GetPrivilegeCapabilityValue(const std::vector<std::string> & existInJson,const std::string & key,bool existInPreJson,bool existInProvision)888 bool BundleInstallChecker::GetPrivilegeCapabilityValue(
889 const std::vector<std::string> &existInJson,
890 const std::string &key,
891 bool existInPreJson,
892 bool existInProvision)
893 {
894 if (find(existInJson.cbegin(), existInJson.cend(), key) != existInJson.cend()) {
895 return existInPreJson;
896 }
897 return existInProvision;
898 }
899
FetchPrivilegeCapabilityFromPreConfig(const std::string & bundleName,const std::string & appSignature,AppPrivilegeCapability & appPrivilegeCapability)900 void BundleInstallChecker::FetchPrivilegeCapabilityFromPreConfig(
901 const std::string &bundleName,
902 const std::string &appSignature,
903 AppPrivilegeCapability &appPrivilegeCapability)
904 {
905 #ifdef USE_PRE_BUNDLE_PROFILE
906 APP_LOGD("bundleName: %{public}s, FetchPrivilegeCapabilityFromPreConfig start", bundleName.c_str());
907 PreBundleConfigInfo configInfo;
908 configInfo.bundleName = bundleName;
909 if (!BMSEventHandler::GetPreInstallCapability(configInfo)) {
910 APP_LOGW("bundleName: %{public}s is not exist in pre install capability list", bundleName.c_str());
911 return;
912 }
913 if (!MatchSignature(configInfo.appSignature, appSignature)) {
914 APP_LOGE("bundleName: %{public}s signature verify failed", bundleName.c_str());
915 return;
916 }
917 appPrivilegeCapability.allowUsePrivilegeExtension = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
918 ALLOW_APP_USE_PRIVILEGE_EXTENSION,
919 configInfo.allowUsePrivilegeExtension, appPrivilegeCapability.allowUsePrivilegeExtension);
920
921 appPrivilegeCapability.allowMultiProcess = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
922 ALLOW_APP_MULTI_PROCESS,
923 configInfo.allowMultiProcess, appPrivilegeCapability.allowMultiProcess);
924
925 appPrivilegeCapability.hideDesktopIcon = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
926 ALLOW_APP_DESKTOP_ICON_HIDE,
927 configInfo.hideDesktopIcon, appPrivilegeCapability.hideDesktopIcon);
928
929 appPrivilegeCapability.allowQueryPriority = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
930 ALLOW_ABILITY_PRIORITY_QUERIED,
931 configInfo.allowQueryPriority, appPrivilegeCapability.allowQueryPriority);
932
933 appPrivilegeCapability.allowExcludeFromMissions = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
934 ALLOW_ABILITY_EXCLUDE_FROM_MISSIONS,
935 configInfo.allowExcludeFromMissions, appPrivilegeCapability.allowExcludeFromMissions);
936
937 appPrivilegeCapability.formVisibleNotify = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
938 ALLOW_FORM_VISIBLE_NOTIFY,
939 configInfo.formVisibleNotify, appPrivilegeCapability.formVisibleNotify);
940
941 appPrivilegeCapability.userDataClearable = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
942 ALLOW_APP_DATA_NOT_CLEARED,
943 configInfo.userDataClearable, appPrivilegeCapability.userDataClearable);
944 APP_LOGD("AppPrivilegeCapability %{public}s", appPrivilegeCapability.ToString().c_str());
945 #endif
946 }
947
MatchSignature(const std::vector<std::string> & appSignatures,const std::string & signature)948 bool BundleInstallChecker::MatchSignature(
949 const std::vector<std::string> &appSignatures, const std::string &signature)
950 {
951 if (appSignatures.empty()) {
952 APP_LOGW("appSignature is empty");
953 return false;
954 }
955
956 return std::find(
957 appSignatures.begin(), appSignatures.end(), signature) != appSignatures.end();
958 }
959
ProcessBundleInfoByPrivilegeCapability(const AppPrivilegeCapability & appPrivilegeCapability,InnerBundleInfo & innerBundleInfo)960 ErrCode BundleInstallChecker::ProcessBundleInfoByPrivilegeCapability(
961 const AppPrivilegeCapability &appPrivilegeCapability,
962 InnerBundleInfo &innerBundleInfo)
963 {
964 // process application
965 ApplicationInfo applicationInfo = innerBundleInfo.GetBaseApplicationInfo();
966 if (!appPrivilegeCapability.allowMultiProcess || applicationInfo.process.empty()) {
967 applicationInfo.process = applicationInfo.bundleName;
968 }
969 innerBundleInfo.SetBaseApplicationInfo(applicationInfo);
970 BundleInfo bundleInfo = innerBundleInfo.GetBaseBundleInfo();
971 // process ability
972 auto &abilityInfos = innerBundleInfo.FetchAbilityInfos();
973 for (auto iter = abilityInfos.begin(); iter != abilityInfos.end(); ++iter) {
974 #ifdef USE_PRE_BUNDLE_PROFILE
975 if (!appPrivilegeCapability.allowQueryPriority) {
976 iter->second.priority = 0;
977 }
978 if (!appPrivilegeCapability.allowExcludeFromMissions) {
979 iter->second.excludeFromMissions = false;
980 }
981 #else
982 if (!applicationInfo.isSystemApp || !bundleInfo.isPreInstallApp) {
983 iter->second.priority = 0;
984 iter->second.excludeFromMissions = false;
985 }
986 #endif
987 }
988 // process ExtensionAbility
989 auto &extensionAbilityInfos = innerBundleInfo.FetchInnerExtensionInfos();
990 for (auto iter = extensionAbilityInfos.begin(); iter != extensionAbilityInfos.end(); ++iter) {
991 bool privilegeType = IsPrivilegeExtensionAbilityType(iter->second.type);
992 if (privilegeType && !appPrivilegeCapability.allowUsePrivilegeExtension) {
993 APP_LOGE("not allow use privilege extension");
994 return ERR_APPEXECFWK_PARSE_PROFILE_PROP_CHECK_ERROR;
995 }
996
997 bool systemType = IsSystemExtensionAbilityType(iter->second.type);
998 if (systemType && !applicationInfo.isSystemApp) {
999 APP_LOGE("not allow use system extension");
1000 return ERR_APPEXECFWK_PARSE_PROFILE_PROP_CHECK_ERROR;
1001 }
1002
1003 #ifdef USE_PRE_BUNDLE_PROFILE
1004 if (!appPrivilegeCapability.allowQueryPriority) {
1005 iter->second.priority = 0;
1006 }
1007 #else
1008 if (!applicationInfo.isSystemApp || !bundleInfo.isPreInstallApp) {
1009 iter->second.priority = 0;
1010 }
1011 #endif
1012 }
1013 // process InnerModuleInfo
1014 auto &innerModuleInfos = innerBundleInfo.FetchInnerModuleInfos();
1015 for (auto iter = innerModuleInfos.begin(); iter != innerModuleInfos.end(); ++iter) {
1016 if (iter->second.isModuleJson && (!appPrivilegeCapability.allowMultiProcess || iter->second.process.empty())) {
1017 iter->second.process = applicationInfo.bundleName;
1018 }
1019 }
1020 return ERR_OK;
1021 }
1022
CheckDeviceType(std::unordered_map<std::string,InnerBundleInfo> & infos) const1023 ErrCode BundleInstallChecker::CheckDeviceType(std::unordered_map<std::string, InnerBundleInfo> &infos) const
1024 {
1025 std::string deviceType = GetDeviceType();
1026 APP_LOGD("deviceType is %{public}s", deviceType.c_str());
1027 for (const auto &info : infos) {
1028 std::vector<std::string> devVec = info.second.GetDeviceType(info.second.GetCurrentModulePackage());
1029 if (devVec.empty()) {
1030 APP_LOGW("deviceTypes is empty");
1031 continue;
1032 }
1033
1034 if ((deviceType == Constants::DEVICE_TYPE_OF_PHONE) &&
1035 (find(devVec.begin(), devVec.end(), Constants::DEVICE_TYPE_OF_DEFAULT) != devVec.end())) {
1036 APP_LOGW("current deviceType is phone and bundle is matched with default");
1037 continue;
1038 }
1039
1040 if ((deviceType == Constants::DEVICE_TYPE_OF_DEFAULT) &&
1041 (find(devVec.begin(), devVec.end(), Constants::DEVICE_TYPE_OF_PHONE) != devVec.end())) {
1042 APP_LOGW("current deviceType is default and bundle is matched with phone");
1043 continue;
1044 }
1045
1046 if (find(devVec.begin(), devVec.end(), deviceType) == devVec.end()) {
1047 APP_LOGE("%{public}s is not supported", deviceType.c_str());
1048 return ERR_APPEXECFWK_INSTALL_DEVICE_TYPE_NOT_SUPPORTED;
1049 }
1050 }
1051 return ERR_OK;
1052 }
1053 } // namespace AppExecFwk
1054 } // namespace OHOS