1 /*
2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "os_account_interface.h"
16
17 #include<cerrno>
18 #include<thread>
19
20 #include "ability_manager_adapter.h"
21 #include "account_log_wrapper.h"
22 #include "bundle_manager_adapter.h"
23 #ifdef HAS_CES_PART
24 #include "common_event_manager.h"
25 #include "common_event_support.h"
26 #endif // HAS_CES_PART
27 #include "datetime_ex.h"
28 #include "hisysevent_adapter.h"
29 #include "hitrace_adapter.h"
30 #include "if_system_ability_manager.h"
31 #include "iservice_registry.h"
32 #ifdef HAS_STORAGE_PART
33 #include "istorage_manager.h"
34 #endif
35 #include "os_account_constants.h"
36 #include "os_account_delete_user_idm_callback.h"
37 #include "os_account_stop_user_callback.h"
38 #ifdef HAS_STORAGE_PART
39 #include "storage_manager_proxy.h"
40 #endif
41 #include "system_ability_definition.h"
42 #ifdef HAS_USER_IDM_PART
43 #include "user_idm_client.h"
44 #endif // HAS_USER_IDM_PART
45 #ifdef HAS_CES_PART
46 #include "want.h"
47 #endif // HAS_CES_PART
48
49 namespace OHOS {
50 namespace AccountSA {
51 namespace {
52 constexpr uint32_t CRYPTO_FLAG_EL1 = 1;
53 constexpr uint32_t CRYPTO_FLAG_EL2 = 2;
54 }
55
SendToAMSAccountStart(OsAccountInfo & osAccountInfo)56 ErrCode OsAccountInterface::SendToAMSAccountStart(OsAccountInfo &osAccountInfo)
57 {
58 ACCOUNT_LOGI("start");
59 StartTraceAdapter("AbilityManagerAdapter StartUser");
60 ErrCode code = AbilityManagerAdapter::GetInstance()->StartUser(osAccountInfo.GetLocalId());
61 if (code != ERR_OK) {
62 ACCOUNT_LOGE("AbilityManagerAdapter StartUser failed! errcode is %{public}d", code);
63 ReportOsAccountOperationFail(osAccountInfo.GetLocalId(), Constants::OPERATION_ACTIVATE, code,
64 "AbilityManagerAdapter StartUser failed!");
65 FinishTraceAdapter();
66 return code;
67 }
68 ACCOUNT_LOGI("end, succeed!");
69 FinishTraceAdapter();
70 return ERR_OK;
71 }
72
SendToAMSAccountStop(OsAccountInfo & osAccountInfo)73 ErrCode OsAccountInterface::SendToAMSAccountStop(OsAccountInfo &osAccountInfo)
74 {
75 sptr<OsAccountStopUserCallback> osAccountStopUserCallback = new (std::nothrow) OsAccountStopUserCallback();
76 if (osAccountStopUserCallback == nullptr) {
77 ACCOUNT_LOGE("alloc memory for stop user callback failed!");
78 ReportOsAccountOperationFail(osAccountInfo.GetLocalId(), Constants::OPERATION_STOP,
79 ERR_ACCOUNT_COMMON_INSUFFICIENT_MEMORY_ERROR,
80 "malloc for OsAccountStopUserCallback failed!");
81 return ERR_ACCOUNT_COMMON_INSUFFICIENT_MEMORY_ERROR;
82 }
83 StartTraceAdapter("AbilityManagerAdapter StopUser");
84 ErrCode code = AbilityManagerAdapter::GetInstance()->StopUser(osAccountInfo.GetLocalId(),
85 osAccountStopUserCallback);
86 if (code != ERR_OK) {
87 ACCOUNT_LOGE("failed to AbilityManagerAdapter stop errcode is %{public}d", code);
88 ReportOsAccountOperationFail(osAccountInfo.GetLocalId(), Constants::OPERATION_STOP, code,
89 "AbilityManagerService StopUser failed!");
90 FinishTraceAdapter();
91 return code;
92 }
93 struct tm startTime = {0};
94 struct tm nowTime = {0};
95 OHOS::GetSystemCurrentTime(&startTime);
96 OHOS::GetSystemCurrentTime(&nowTime);
97 while (OHOS::GetSecondsBetween(startTime, nowTime) < Constants::TIME_WAIT_TIME_OUT &&
98 !osAccountStopUserCallback->isCallBackOk_) {
99 std::this_thread::sleep_for(std::chrono::milliseconds(Constants::WAIT_ONE_TIME));
100 OHOS::GetSystemCurrentTime(&nowTime);
101 }
102 if (!osAccountStopUserCallback->isReturnOk_) {
103 ACCOUNT_LOGE("failed to AbilityManagerService stop in call back");
104 ReportOsAccountOperationFail(osAccountInfo.GetLocalId(), Constants::OPERATION_STOP, -1,
105 "AbilityManagerService StopUser timeout!");
106 FinishTraceAdapter();
107 return ERR_OSACCOUNT_SERVICE_INTERFACE_TO_AM_ACCOUNT_START_ERROR;
108 }
109
110 FinishTraceAdapter();
111 return ERR_OK;
112 }
113
SendToBMSAccountCreate(OsAccountInfo & osAccountInfo)114 ErrCode OsAccountInterface::SendToBMSAccountCreate(OsAccountInfo &osAccountInfo)
115 {
116 return BundleManagerAdapter::GetInstance()->CreateNewUser(osAccountInfo.GetLocalId());
117 }
118
SendToBMSAccountDelete(OsAccountInfo & osAccountInfo)119 ErrCode OsAccountInterface::SendToBMSAccountDelete(OsAccountInfo &osAccountInfo)
120 {
121 return BundleManagerAdapter::GetInstance()->RemoveUser(osAccountInfo.GetLocalId());
122 }
123
124 #ifdef HAS_USER_IDM_PART
SendToIDMAccountDelete(OsAccountInfo & osAccountInfo)125 ErrCode OsAccountInterface::SendToIDMAccountDelete(OsAccountInfo &osAccountInfo)
126 {
127 std::shared_ptr<OsAccountDeleteUserIdmCallback> callback = std::make_shared<OsAccountDeleteUserIdmCallback>();
128 if (callback == nullptr) {
129 ACCOUNT_LOGE("get idm callback ptr failed! insufficient memory!");
130 ReportOsAccountOperationFail(osAccountInfo.GetLocalId(), Constants::OPERATION_DELETE,
131 ERR_ACCOUNT_COMMON_INSUFFICIENT_MEMORY_ERROR,
132 "malloc for OsAccountDeleteUserIdmCallback failed!");
133 return ERR_ACCOUNT_COMMON_INSUFFICIENT_MEMORY_ERROR;
134 }
135 StartTraceAdapter("UserIDMClient EnforceDelUser");
136 int32_t ret = UserIam::UserAuth::UserIdmClient::GetInstance().EraseUser(osAccountInfo.GetLocalId(), callback);
137 if (ret != 0) {
138 ACCOUNT_LOGE("idm enforce delete user failed! error %{public}d", ret);
139 ReportOsAccountOperationFail(osAccountInfo.GetLocalId(), Constants::OPERATION_DELETE, ret,
140 "UserIDMClient EnforceDelUser failed!");
141 FinishTraceAdapter();
142 return ERR_OK; // do not return fail
143 }
144
145 // wait callback
146 struct tm startTime = {0};
147 struct tm nowTime = {0};
148 OHOS::GetSystemCurrentTime(&startTime);
149 OHOS::GetSystemCurrentTime(&nowTime);
150 while (OHOS::GetSecondsBetween(startTime, nowTime) < Constants::TIME_WAIT_TIME_OUT &&
151 !callback->isIdmOnResultCallBack_) {
152 std::this_thread::sleep_for(std::chrono::milliseconds(Constants::WAIT_ONE_TIME));
153 OHOS::GetSystemCurrentTime(&nowTime);
154 }
155 if (!callback->isIdmOnResultCallBack_) {
156 ACCOUNT_LOGE("idm did not call back! timeout!");
157 ReportOsAccountOperationFail(osAccountInfo.GetLocalId(), Constants::OPERATION_DELETE, -1,
158 "UserIDMClient EnforceDelUser timeout!");
159 FinishTraceAdapter();
160 return ERR_OK; // do not return fail
161 }
162 ACCOUNT_LOGI("send to idm account delete and get callback succeed!");
163 FinishTraceAdapter();
164 return ERR_OK;
165 }
166 #endif // HAS_USER_IDM_PART
167
SendToCESAccountCreate(OsAccountInfo & osAccountInfo)168 void OsAccountInterface::SendToCESAccountCreate(OsAccountInfo &osAccountInfo)
169 {
170 int osAccountID = osAccountInfo.GetLocalId();
171 #ifdef HAS_CES_PART
172 StartTraceAdapter("PublishCommonEvent account create");
173 OHOS::AAFwk::Want want;
174 want.SetAction(OHOS::EventFwk::CommonEventSupport::COMMON_EVENT_USER_ADDED);
175 OHOS::EventFwk::CommonEventData data;
176 data.SetCode(osAccountID);
177 data.SetWant(want);
178 if (!OHOS::EventFwk::CommonEventManager::PublishCommonEvent(data)) {
179 ACCOUNT_LOGE("PublishCommonEvent for create account %{public}d failed!", osAccountID);
180 ReportOsAccountOperationFail(osAccountID, Constants::OPERATION_CREATE, -1, "PublishCommonEvent failed!");
181 } else {
182 ACCOUNT_LOGI("PublishCommonEvent for create account %{public}d succeed!", osAccountID);
183 }
184 FinishTraceAdapter();
185 #else // HAS_CES_PART
186 ACCOUNT_LOGI("No common event part, do not publish for account %{public}d create!", osAccountID);
187 #endif // HAS_CES_PART
188 }
189
SendToCESAccountDelete(OsAccountInfo & osAccountInfo)190 void OsAccountInterface::SendToCESAccountDelete(OsAccountInfo &osAccountInfo)
191 {
192 int osAccountID = osAccountInfo.GetLocalId();
193 #ifdef HAS_CES_PART
194 StartTraceAdapter("PublishCommonEvent account delete");
195 OHOS::AAFwk::Want want;
196 want.SetAction(OHOS::EventFwk::CommonEventSupport::COMMON_EVENT_USER_REMOVED);
197 OHOS::EventFwk::CommonEventData data;
198 data.SetCode(osAccountID);
199 data.SetWant(want);
200 if (!OHOS::EventFwk::CommonEventManager::PublishCommonEvent(data)) {
201 ACCOUNT_LOGE("PublishCommonEvent for delete account %{public}d failed!", osAccountID);
202 ReportOsAccountOperationFail(osAccountID, Constants::OPERATION_DELETE, -1, "PublishCommonEvent failed!");
203 } else {
204 ACCOUNT_LOGI("PublishCommonEvent for delete account %{public}d succeed!", osAccountID);
205 }
206 FinishTraceAdapter();
207 #else // HAS_CES_PART
208 ACCOUNT_LOGI("No common event part, do not publish for account %{public}d delete!", osAccountID);
209 #endif // HAS_CES_PART
210 }
211
PublishCommonEvent(const OsAccountInfo & osAccountInfo,const std::string & commonEvent,const std::string & operation)212 void OsAccountInterface::PublishCommonEvent(
213 const OsAccountInfo &osAccountInfo, const std::string &commonEvent, const std::string &operation)
214 {
215 int osAccountID = osAccountInfo.GetLocalId();
216 #ifdef HAS_CES_PART
217 StartTraceAdapter("PublishCommonEvent account");
218 OHOS::AAFwk::Want want;
219 want.SetAction(commonEvent);
220 OHOS::EventFwk::CommonEventData data;
221 data.SetCode(osAccountID);
222 data.SetWant(want);
223 if (!OHOS::EventFwk::CommonEventManager::PublishCommonEvent(data)) {
224 ACCOUNT_LOGE("PublishCommonEvent %{public}d failed!", osAccountID);
225 ReportOsAccountOperationFail(osAccountID, operation, -1, "PublishCommonEvent failed!");
226 } else {
227 ACCOUNT_LOGI("PublishCommonEvent %{public}d succeed!", osAccountID);
228 }
229 FinishTraceAdapter();
230 #else // HAS_CES_PART
231 ACCOUNT_LOGI("No common event part, do not publish for account %{public}d!", osAccountID);
232 #endif // HAS_CES_PART
233 }
234
SendToCESAccountSwitched(OsAccountInfo & osAccountInfo)235 void OsAccountInterface::SendToCESAccountSwitched(OsAccountInfo &osAccountInfo)
236 {
237 int osAccountID = osAccountInfo.GetLocalId();
238 #ifdef HAS_CES_PART
239 StartTraceAdapter("PublishCommonEvent account switch");
240 OHOS::AAFwk::Want want;
241 want.SetAction(OHOS::EventFwk::CommonEventSupport::COMMON_EVENT_USER_SWITCHED);
242 OHOS::EventFwk::CommonEventData data;
243 data.SetCode(osAccountID);
244 data.SetWant(want);
245 if (!OHOS::EventFwk::CommonEventManager::PublishCommonEvent(data)) {
246 ACCOUNT_LOGE("PublishCommonEvent for switched to account %{public}d failed!", osAccountID);
247 ReportOsAccountOperationFail(osAccountID, Constants::OPERATION_SWITCH, -1, "PublishCommonEvent failed!");
248 } else {
249 ACCOUNT_LOGI("PublishCommonEvent for switched to account %{public}d succeed!", osAccountID);
250 }
251 FinishTraceAdapter();
252 #else // HAS_CES_PART
253 ACCOUNT_LOGI("No common event part, do not publish for account %{public}d switched!", osAccountID);
254 #endif // HAS_CES_PART
255 }
256
SendToStorageAccountCreate(OsAccountInfo & osAccountInfo)257 ErrCode OsAccountInterface::SendToStorageAccountCreate(OsAccountInfo &osAccountInfo)
258 {
259 #ifdef HAS_STORAGE_PART
260 auto systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
261 if (!systemAbilityManager) {
262 ACCOUNT_LOGE("failed to get system ability mgr.");
263 ReportOsAccountOperationFail(osAccountInfo.GetLocalId(), Constants::OPERATION_CREATE,
264 ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER,
265 "GetSystemAbilityManager for storage failed!");
266 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER;
267 }
268 auto remote = systemAbilityManager->CheckSystemAbility(STORAGE_MANAGER_MANAGER_ID);
269 if (!remote) {
270 ACCOUNT_LOGE("failed to get STORAGE_MANAGER_MANAGER_ID service.");
271 ReportOsAccountOperationFail(osAccountInfo.GetLocalId(), Constants::OPERATION_CREATE,
272 ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER,
273 "CheckSystemAbility for storage failed!");
274 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER;
275 }
276 auto proxy = iface_cast<StorageManager::IStorageManager>(remote);
277 if (!proxy) {
278 ACCOUNT_LOGE("failed to get STORAGE_MANAGER_MANAGER_ID proxy.");
279 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER;
280 }
281 StartTraceAdapter("StorageManager PrepareAddUser");
282 int err = proxy->PrepareAddUser(osAccountInfo.GetLocalId(),
283 CRYPTO_FLAG_EL1 | CRYPTO_FLAG_EL2);
284 if (err != 0) {
285 ReportOsAccountOperationFail(
286 osAccountInfo.GetLocalId(), Constants::OPERATION_CREATE, err, "Storage PrepareAddUser failed!");
287 if (err != -EEXIST) {
288 FinishTraceAdapter();
289 return ERR_OSACCOUNT_SERVICE_STORAGE_PREPARE_ADD_USER_FAILED;
290 }
291 }
292
293 FinishTraceAdapter();
294 #endif
295 return ERR_OK;
296 }
297
SendToStorageAccountRemove(OsAccountInfo & osAccountInfo)298 ErrCode OsAccountInterface::SendToStorageAccountRemove(OsAccountInfo &osAccountInfo)
299 {
300 ACCOUNT_LOGI("start");
301 #ifdef HAS_STORAGE_PART
302 auto systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
303 if (!systemAbilityManager) {
304 ACCOUNT_LOGE("failed to get system ability mgr.");
305 ReportOsAccountOperationFail(osAccountInfo.GetLocalId(), Constants::OPERATION_DELETE,
306 ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER,
307 "GetSystemAbilityManager for storage failed!");
308 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER;
309 }
310 auto remote = systemAbilityManager->GetSystemAbility(STORAGE_MANAGER_MANAGER_ID);
311 if (!remote) {
312 ACCOUNT_LOGE("failed to get STORAGE_MANAGER_MANAGER_ID service.");
313 ReportOsAccountOperationFail(osAccountInfo.GetLocalId(), Constants::OPERATION_DELETE,
314 ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER,
315 "GetSystemAbility for storage failed!");
316 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER;
317 }
318 auto proxy = iface_cast<StorageManager::IStorageManager>(remote);
319 if (!proxy) {
320 ACCOUNT_LOGE("failed to get STORAGE_MANAGER_MANAGER_ID proxy.");
321 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER;
322 }
323
324 StartTraceAdapter("StorageManager RemoveUser");
325 int err = proxy->RemoveUser(osAccountInfo.GetLocalId(),
326 CRYPTO_FLAG_EL1 | CRYPTO_FLAG_EL2);
327 if (err != 0) {
328 ReportOsAccountOperationFail(osAccountInfo.GetLocalId(), Constants::OPERATION_DELETE,
329 err, "Storage RemoveUser failed!");
330 }
331
332 ACCOUNT_LOGI("end, Storage RemoveUser ret %{public}d.", err);
333 FinishTraceAdapter();
334 #endif
335 return ERR_OK;
336 }
337
SendToStorageAccountStart(OsAccountInfo & osAccountInfo)338 ErrCode OsAccountInterface::SendToStorageAccountStart(OsAccountInfo &osAccountInfo)
339 {
340 ACCOUNT_LOGI("start");
341 bool isUserUnlocked = false;
342 #ifdef HAS_STORAGE_PART
343 auto systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
344 if (!systemAbilityManager) {
345 ACCOUNT_LOGE("failed to get system ability mgr.");
346 ReportOsAccountOperationFail(osAccountInfo.GetLocalId(), Constants::OPERATION_ACTIVATE,
347 ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER,
348 "GetSystemAbilityManager for storage failed!");
349 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER;
350 }
351 auto remote = systemAbilityManager->CheckSystemAbility(STORAGE_MANAGER_MANAGER_ID);
352 if (!remote) {
353 ACCOUNT_LOGE("failed to get STORAGE_MANAGER_MANAGER_ID service.");
354 ReportOsAccountOperationFail(osAccountInfo.GetLocalId(), Constants::OPERATION_ACTIVATE,
355 ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER, "CheckSystemAbility for storage failed!");
356 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER;
357 }
358 auto proxy = iface_cast<StorageManager::IStorageManager>(remote);
359 if (!proxy) {
360 ACCOUNT_LOGE("failed to get STORAGE_MANAGER_MANAGER_ID proxy.");
361 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER;
362 }
363 StartTraceAdapter("StorageManager PrepareStartUser");
364 int localId = osAccountInfo.GetLocalId();
365 std::vector<uint8_t> emptyData;
366 int err = proxy->ActiveUserKey(localId, emptyData, emptyData);
367 if ((err == 0) && !osAccountInfo.GetIsVerified()) {
368 isUserUnlocked = true;
369 }
370 err = proxy->PrepareStartUser(localId);
371 if (err != 0) {
372 ReportOsAccountOperationFail(osAccountInfo.GetLocalId(), Constants::OPERATION_ACTIVATE,
373 err, "Storage PrepareStartUser failed!");
374 }
375 ACCOUNT_LOGI("end, Storage PrepareStartUser ret %{public}d.", err);
376 FinishTraceAdapter();
377 #else
378 isUserUnlocked = osAccountInfo.GetIsVerified() ? false : true;
379 #endif
380 if (isUserUnlocked) {
381 osAccountInfo.SetIsVerified(true);
382 PublishCommonEvent(osAccountInfo, OHOS::EventFwk::CommonEventSupport::COMMON_EVENT_USER_UNLOCKED,
383 Constants::OPERATION_UNLOCK);
384 }
385 ACCOUNT_LOGI("end, succeed!");
386 return ERR_OK;
387 }
388
SendToStorageAccountStop(OsAccountInfo & osAccountInfo)389 ErrCode OsAccountInterface::SendToStorageAccountStop(OsAccountInfo &osAccountInfo)
390 {
391 #ifdef HAS_STORAGE_PART
392 auto systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
393 if (!systemAbilityManager) {
394 ACCOUNT_LOGE("failed to get system ability mgr.");
395 ReportOsAccountOperationFail(osAccountInfo.GetLocalId(), Constants::OPERATION_STOP,
396 ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER,
397 "GetSystemAbilityManager for storage failed!");
398 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER;
399 }
400 auto remote = systemAbilityManager->GetSystemAbility(STORAGE_MANAGER_MANAGER_ID);
401 if (!remote) {
402 ACCOUNT_LOGE("failed to get STORAGE_MANAGER_MANAGER_ID service.");
403 ReportOsAccountOperationFail(osAccountInfo.GetLocalId(), Constants::OPERATION_STOP,
404 ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER,
405 "GetSystemAbility for storage failed!");
406 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER;
407 }
408 auto proxy = iface_cast<StorageManager::IStorageManager>(remote);
409 if (!proxy) {
410 ACCOUNT_LOGE("failed to get STORAGE_MANAGER_MANAGER_ID proxy.");
411 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER;
412 }
413 StartTraceAdapter("StorageManager StopUser");
414 int localId = osAccountInfo.GetLocalId();
415 int err = proxy->StopUser(localId);
416 if (err != 0) {
417 ReportOsAccountOperationFail(osAccountInfo.GetLocalId(), Constants::OPERATION_STOP,
418 err, "Storage StopUser failed!");
419 }
420 err = proxy->InactiveUserKey(localId);
421 if (err != 0) {
422 ReportOsAccountOperationFail(osAccountInfo.GetLocalId(), Constants::OPERATION_STOP,
423 err, "Storage StopUser failed!");
424 }
425
426 FinishTraceAdapter();
427 #endif
428 return ERR_OK;
429 }
430 } // namespace AccountSA
431 } // namespace OHOS
432