1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "privacy_manager_service.h"
17
18 #include <cstring>
19
20 #include "accesstoken_log.h"
21 #include "constant_common.h"
22 #include "constant.h"
23 #include "ipc_skeleton.h"
24 #include "permission_record_manager.h"
25 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
26 #include "privacy_sec_comp_enhance_agent.h"
27 #endif
28 #ifdef POWER_MANAGER_ENABLE
29 #include "privacy_power_shutdown_callback.h"
30 #include "shutdown/shutdown_client.h"
31 #include "system_ability_definition.h"
32 #endif
33 #include "string_ex.h"
34
35 namespace OHOS {
36 namespace Security {
37 namespace AccessToken {
38 namespace {
39 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
40 LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacyManagerService"
41 };
42 }
43
44 const bool REGISTER_RESULT =
45 SystemAbility::MakeAndRegisterAbility(DelayedSingleton<PrivacyManagerService>::GetInstance().get());
46
PrivacyManagerService()47 PrivacyManagerService::PrivacyManagerService()
48 : SystemAbility(SA_ID_PRIVACY_MANAGER_SERVICE, true), state_(ServiceRunningState::STATE_NOT_START)
49 {
50 ACCESSTOKEN_LOG_INFO(LABEL, "PrivacyManagerService()");
51 }
52
~PrivacyManagerService()53 PrivacyManagerService::~PrivacyManagerService()
54 {
55 ACCESSTOKEN_LOG_INFO(LABEL, "~PrivacyManagerService()");
56 }
57
OnStart()58 void PrivacyManagerService::OnStart()
59 {
60 if (state_ == ServiceRunningState::STATE_RUNNING) {
61 ACCESSTOKEN_LOG_INFO(LABEL, "PrivacyManagerService has already started!");
62 return;
63 }
64 if (!Initialize()) {
65 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to initialize");
66 return;
67 }
68
69 #ifdef POWER_MANAGER_ENABLE
70 AddSystemAbilityListener(POWER_MANAGER_SERVICE_ID);
71 #endif
72
73 state_ = ServiceRunningState::STATE_RUNNING;
74 bool ret = Publish(DelayedSingleton<PrivacyManagerService>::GetInstance().get());
75 if (!ret) {
76 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to publish service!");
77 return;
78 }
79 ACCESSTOKEN_LOG_INFO(LABEL, "Congratulations, PrivacyManagerService start successfully!");
80 }
81
OnStop()82 void PrivacyManagerService::OnStop()
83 {
84 ACCESSTOKEN_LOG_INFO(LABEL, "stop service");
85 state_ = ServiceRunningState::STATE_NOT_START;
86
87 #ifdef POWER_MANAGER_ENABLE
88 if (powerShutDownCallback_ != nullptr) {
89 PowerMgr::ShutdownClient::GetInstance().UnRegisterShutdownCallback(powerShutDownCallback_);
90 powerShutDownCallback_ = nullptr;
91 }
92 #endif
93 }
94
AddPermissionUsedRecord(AccessTokenID tokenId,const std::string & permissionName,int32_t successCount,int32_t failCount,bool asyncMode)95 int32_t PrivacyManagerService::AddPermissionUsedRecord(AccessTokenID tokenId, const std::string& permissionName,
96 int32_t successCount, int32_t failCount, bool asyncMode)
97 {
98 return PermissionRecordManager::GetInstance().AddPermissionUsedRecord(
99 tokenId, permissionName, successCount, failCount);
100 }
101
StartUsingPermission(AccessTokenID tokenId,const std::string & permissionName)102 int32_t PrivacyManagerService::StartUsingPermission(AccessTokenID tokenId, const std::string& permissionName)
103 {
104 return PermissionRecordManager::GetInstance().StartUsingPermission(tokenId, permissionName);
105 }
106
StartUsingPermission(AccessTokenID tokenId,const std::string & permissionName,const sptr<IRemoteObject> & callback)107 int32_t PrivacyManagerService::StartUsingPermission(AccessTokenID tokenId, const std::string& permissionName,
108 const sptr<IRemoteObject>& callback)
109 {
110 return PermissionRecordManager::GetInstance().StartUsingPermission(tokenId, permissionName, callback);
111 }
112
StopUsingPermission(AccessTokenID tokenId,const std::string & permissionName)113 int32_t PrivacyManagerService::StopUsingPermission(AccessTokenID tokenId, const std::string& permissionName)
114 {
115 return PermissionRecordManager::GetInstance().StopUsingPermission(tokenId, permissionName);
116 }
117
RemovePermissionUsedRecords(AccessTokenID tokenId,const std::string & deviceID)118 int32_t PrivacyManagerService::RemovePermissionUsedRecords(AccessTokenID tokenId, const std::string& deviceID)
119 {
120 PermissionRecordManager::GetInstance().RemovePermissionUsedRecords(tokenId, deviceID);
121 return Constant::SUCCESS;
122 }
123
GetPermissionUsedRecords(const PermissionUsedRequestParcel & request,PermissionUsedResultParcel & result)124 int32_t PrivacyManagerService::GetPermissionUsedRecords(
125 const PermissionUsedRequestParcel& request, PermissionUsedResultParcel& result)
126 {
127 PermissionUsedResult permissionRecord;
128 int32_t ret = PermissionRecordManager::GetInstance().GetPermissionUsedRecords(request.request, permissionRecord);
129 result.result = permissionRecord;
130 return ret;
131 }
132
GetPermissionUsedRecords(const PermissionUsedRequestParcel & request,const sptr<OnPermissionUsedRecordCallback> & callback)133 int32_t PrivacyManagerService::GetPermissionUsedRecords(
134 const PermissionUsedRequestParcel& request, const sptr<OnPermissionUsedRecordCallback>& callback)
135 {
136 return PermissionRecordManager::GetInstance().GetPermissionUsedRecordsAsync(request.request, callback);
137 }
138
RegisterPermActiveStatusCallback(std::vector<std::string> & permList,const sptr<IRemoteObject> & callback)139 int32_t PrivacyManagerService::RegisterPermActiveStatusCallback(
140 std::vector<std::string>& permList, const sptr<IRemoteObject>& callback)
141 {
142 return PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback(permList, callback);
143 }
144
145 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
RegisterSecCompEnhance(const SecCompEnhanceDataParcel & enhanceParcel)146 int32_t PrivacyManagerService::RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhanceParcel)
147 {
148 return PrivacySecCompEnhanceAgent::GetInstance().RegisterSecCompEnhance(enhanceParcel.enhanceData);
149 }
150
DepositSecCompEnhance(const std::vector<SecCompEnhanceDataParcel> & enhanceParcelList)151 int32_t PrivacyManagerService::DepositSecCompEnhance(const std::vector<SecCompEnhanceDataParcel>& enhanceParcelList)
152 {
153 std::vector<SecCompEnhanceData> enhanceList;
154 std::transform(enhanceParcelList.begin(),
155 enhanceParcelList.end(), std::back_inserter(enhanceList),
156 [](const auto& parcel) { return parcel.enhanceData; });
157
158 return PrivacySecCompEnhanceAgent::GetInstance().DepositSecCompEnhance(enhanceList);
159 }
160
RecoverSecCompEnhance(std::vector<SecCompEnhanceDataParcel> & enhanceParcelList)161 int32_t PrivacyManagerService::RecoverSecCompEnhance(std::vector<SecCompEnhanceDataParcel>& enhanceParcelList)
162 {
163 std::vector<SecCompEnhanceData> enhanceList;
164 PrivacySecCompEnhanceAgent::GetInstance().RecoverSecCompEnhance(enhanceList);
165 for (const auto& enhance : enhanceList) {
166 SecCompEnhanceDataParcel parcel;
167 parcel.enhanceData = enhance;
168 enhanceParcelList.emplace_back(parcel);
169 }
170
171 return RET_SUCCESS;
172 }
173 #endif
174
ResponseDumpCommand(int32_t fd,const std::vector<std::u16string> & args)175 int32_t PrivacyManagerService::ResponseDumpCommand(int32_t fd, const std::vector<std::u16string>& args)
176 {
177 if (args.size() < 2) { // 2 :need two args 0:command 1:tokenId
178 return ERR_INVALID_VALUE;
179 }
180 long long tokenId = atoll(static_cast<const char*>(Str16ToStr8(args.at(1)).c_str()));
181 PermissionUsedRequest request;
182 if (tokenId <= 0) {
183 return ERR_INVALID_VALUE;
184 }
185 request.tokenId = static_cast<uint32_t>(tokenId);
186 request.flag = FLAG_PERMISSION_USAGE_SUMMARY;
187 PermissionUsedResult result;
188 if (PermissionRecordManager::GetInstance().GetPermissionUsedRecords(request, result) != 0) {
189 return ERR_INVALID_VALUE;
190 }
191 std::string infos;
192 if (result.bundleRecords.empty() || result.bundleRecords[0].permissionRecords.empty()) {
193 dprintf(fd, "No Record \n");
194 return ERR_OK;
195 }
196 for (size_t index = 0; index < result.bundleRecords[0].permissionRecords.size(); index++) {
197 infos.append(R"( "permissionRecord": [)");
198 infos.append("\n");
199 infos.append(R"( "bundleName": )" + result.bundleRecords[0].bundleName + ",\n");
200 infos.append(R"( "isRemote": )" + std::to_string(result.bundleRecords[0].isRemote) + ",\n");
201 infos.append(R"( "permissionName": ")" + result.bundleRecords[0].permissionRecords[index].permissionName +
202 R"(")" + ",\n");
203 time_t lastAccessTime = static_cast<time_t>(result.bundleRecords[0].permissionRecords[index].lastAccessTime);
204 infos.append(R"( "lastAccessTime": )" + std::to_string(lastAccessTime) + ",\n");
205 infos.append(R"( "lastAccessDuration": )" +
206 std::to_string(result.bundleRecords[0].permissionRecords[index].lastAccessDuration) + ",\n");
207 infos.append(R"( "accessCount": ")" +
208 std::to_string(result.bundleRecords[0].permissionRecords[index].accessCount) + R"(")" + ",\n");
209 infos.append(" ]");
210 infos.append("\n");
211 }
212 dprintf(fd, "%s\n", infos.c_str());
213 return ERR_OK;
214 }
215
Dump(int32_t fd,const std::vector<std::u16string> & args)216 int32_t PrivacyManagerService::Dump(int32_t fd, const std::vector<std::u16string>& args)
217 {
218 if (fd < 0) {
219 ACCESSTOKEN_LOG_ERROR(LABEL, "Dump fd invalid value");
220 return ERR_INVALID_VALUE;
221 }
222 int32_t ret = ERR_OK;
223 dprintf(fd, "Privacy Dump:\n");
224 if (args.size() == 0) {
225 dprintf(fd, "please use hidumper -s said -a '-h' command help\n");
226 return ret;
227 }
228 std::string arg0 = Str16ToStr8(args.at(0));
229 if (arg0.compare("-h") == 0) {
230 dprintf(fd, "Usage:\n");
231 dprintf(fd, " -h: command help\n");
232 dprintf(fd, " -t <TOKEN_ID>: according to specific token id dump permission used records\n");
233 } else if (arg0.compare("-t") == 0) {
234 ret = PrivacyManagerService::ResponseDumpCommand(fd, args);
235 } else {
236 dprintf(fd, "please use hidumper -s said -a '-h' command help\n");
237 ret = ERR_INVALID_VALUE;
238 }
239 return ret;
240 }
241
UnRegisterPermActiveStatusCallback(const sptr<IRemoteObject> & callback)242 int32_t PrivacyManagerService::UnRegisterPermActiveStatusCallback(const sptr<IRemoteObject>& callback)
243 {
244 return PermissionRecordManager::GetInstance().UnRegisterPermActiveStatusCallback(callback);
245 }
246
IsAllowedUsingPermission(AccessTokenID tokenId,const std::string & permissionName)247 bool PrivacyManagerService::IsAllowedUsingPermission(AccessTokenID tokenId, const std::string& permissionName)
248 {
249 return PermissionRecordManager::GetInstance().IsAllowedUsingPermission(tokenId, permissionName);
250 }
251
252 #ifdef POWER_MANAGER_ENABLE
OnAddSystemAbility(int32_t systemAbilityId,const std::string & deviceId)253 void PrivacyManagerService::OnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId)
254 {
255 ACCESSTOKEN_LOG_INFO(LABEL, "systemAbilityId is %{public}d", systemAbilityId);
256
257 if (systemAbilityId == POWER_MANAGER_SERVICE_ID) {
258 if (powerShutDownCallback_ == nullptr) {
259 powerShutDownCallback_ = new(std::nothrow) PrivacyPowerShutDownCallback();
260 if (powerShutDownCallback_ == nullptr) {
261 ACCESSTOKEN_LOG_ERROR(LABEL, "failed to new shutdown callback.");
262 return;
263 }
264
265 PowerMgr::ShutdownClient::GetInstance().RegisterShutdownCallback(powerShutDownCallback_,
266 PowerMgr::ShutdownPriority::HIGH);
267
268 ACCESSTOKEN_LOG_INFO(LABEL, "register power shutdown callback complete!");
269 }
270 }
271 }
272 #endif
273
Initialize() const274 bool PrivacyManagerService::Initialize() const
275 {
276 PermissionRecordManager::GetInstance().Init();
277 return true;
278 }
279 } // namespace AccessToken
280 } // namespace Security
281 } // namespace OHOS
282