1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "cm_ipc_service.h"
17
18 #include "cm_log.h"
19 #include "cm_mem.h"
20 #include "cm_ipc_service_serialization.h"
21
22 #include "cm_param.h"
23 #include "cm_pfx.h"
24 #include "cm_report_wrapper.h"
25 #include "cm_response.h"
26 #include "cm_security_guard_info.h"
27 #include "cm_type.h"
28
29 #include "cert_manager.h"
30 #include "cert_manager_check.h"
31 #include "cert_manager_key_operation.h"
32 #include "cert_manager_permission_check.h"
33 #include "cert_manager_query.h"
34 #include "cert_manager_service.h"
35 #include "cert_manager_status.h"
36 #include "cert_manager_uri.h"
37 #include "cert_manager_updateflag.h"
38 #include "cert_manager_storage.h"
39 #include "cert_manager_file_operator.h"
40
41 #define MAX_LEN_CERTIFICATE 8196
42
GetInputParams(const struct CmBlob * paramSetBlob,struct CmParamSet ** paramSet,struct CmContext * cmContext,struct CmParamOut * params,uint32_t paramsCount)43 static int32_t GetInputParams(const struct CmBlob *paramSetBlob, struct CmParamSet **paramSet,
44 struct CmContext *cmContext, struct CmParamOut *params, uint32_t paramsCount)
45 {
46 int32_t ret = CmGetProcessInfoForIPC(cmContext);
47 if (ret != CM_SUCCESS) {
48 CM_LOG_E("get ipc info failed, ret = %d", ret);
49 return ret;
50 }
51
52 /* The paramSet blob pointer needs to be refreshed across processes. */
53 ret = CmGetParamSet((struct CmParamSet *)paramSetBlob->data, paramSetBlob->size, paramSet);
54 if (ret != CM_SUCCESS) {
55 CM_LOG_E("get paramSet failed, ret = %d", ret);
56 return ret;
57 }
58
59 ret = CmParamSetToParams(*paramSet, params, paramsCount);
60 if (ret != CM_SUCCESS) {
61 CM_LOG_E("get params from paramSet failed, ret = %d", ret);
62 }
63
64 return ret;
65 }
66
CmIpcServiceGetCertificateList(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)67 void CmIpcServiceGetCertificateList(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
68 const struct CmContext *context)
69 {
70 int32_t ret;
71 uint32_t store;
72 struct CmContext cmContext = {0};
73 struct CmMutableBlob certFileList = { 0, NULL };
74 struct CmParamSet *paramSet = NULL;
75 struct CmParamOut params[] = {
76 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
77 };
78
79 do {
80 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
81 if (ret != CM_SUCCESS) {
82 CM_LOG_E("GetCaCertList get input params failed, ret = %d", ret);
83 break;
84 }
85
86 ret = CmServiceGetSystemCertListCheck(store);
87 if (ret != CM_SUCCESS) {
88 CM_LOG_E("CmIpcServiceGetSystemCertCheck fail, ret = %d", ret);
89 break;
90 }
91
92 const struct UserCAProperty prop = { INIT_INVALID_VALUE, CM_ALL_USER };
93 ret = CmServiceGetCertList(&cmContext, &prop, store, &certFileList);
94 if (ret != CM_SUCCESS) {
95 CM_LOG_E("get cert list failed, ret = %d", ret);
96 break;
97 }
98
99 ret = CmServiceGetCertListPack(&cmContext, store, &certFileList, outData);
100 if (ret != CM_SUCCESS) {
101 CM_LOG_E("cert list data pack fail, ret = %d", ret);
102 break;
103 }
104
105 CmSendResponse(context, ret, outData);
106 } while (0);
107 CmReport(__func__, &cmContext, NULL, ret);
108
109 if (ret != CM_SUCCESS) {
110 CmSendResponse(context, ret, NULL);
111 }
112
113 if (certFileList.data != NULL) {
114 CmFreeCertFiles((struct CertFileInfo *)certFileList.data, certFileList.size);
115 }
116 CmFreeParamSet(¶mSet);
117 }
118
CmIpcServiceGetCertificateInfo(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)119 void CmIpcServiceGetCertificateInfo(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
120 const struct CmContext *context)
121 {
122 int32_t ret;
123 uint32_t status = 0;
124 uint32_t store;
125 struct CmContext cmContext = {0};
126 struct CmBlob certificateData = { 0, NULL };
127 struct CmBlob certUri = { 0, NULL };
128 struct CmParamSet *paramSet = NULL;
129 struct CmParamOut params[] = {
130 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri},
131 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store},
132 };
133
134 do {
135 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
136 if (ret != CM_SUCCESS) {
137 CM_LOG_E("GetUserCertInfo get input params failed, ret = %d", ret);
138 break;
139 }
140
141 ret = CmServiceGetSystemCertCheck(store, &certUri);
142 if (ret != CM_SUCCESS) {
143 CM_LOG_E("CmServiceGetSystemCertCheck failed, ret = %d", ret);
144 break;
145 }
146
147 ret = CmServiceGetCertInfo(&cmContext, &certUri, store, &certificateData, &status);
148 if (ret != CM_SUCCESS) {
149 CM_LOG_E("get cert info failed, ret = %d", ret);
150 break;
151 }
152
153 ret = CmServiceGetCertInfoPack(store, &certificateData, status, &certUri, outData);
154 if (ret != CM_SUCCESS) {
155 CM_LOG_E("cert info data pack failed, ret = %d", ret);
156 break;
157 }
158
159 CmSendResponse(context, ret, outData);
160 } while (0);
161 CmReport(__func__, &cmContext, &certUri, ret);
162
163 if (ret != CM_SUCCESS) {
164 CmSendResponse(context, ret, NULL);
165 }
166 CM_FREE_BLOB(certificateData);
167 CmFreeParamSet(¶mSet);
168 }
169
CmIpcServiceSetCertStatus(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)170 void CmIpcServiceSetCertStatus(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
171 const struct CmContext *context)
172 {
173 int32_t ret;
174 uint32_t store = CM_SYSTEM_TRUSTED_STORE;
175 uint32_t status = INIT_INVALID_VALUE;
176 struct CmContext cmContext = {0};
177 struct CmBlob certUri = { 0, NULL };
178 struct CmParamSet *paramSet = NULL;
179 struct CmParamOut params[] = {
180 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri},
181 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store},
182 { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &status},
183 };
184
185 do {
186 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
187 if (ret != CM_SUCCESS) {
188 CM_LOG_E("SetUserCertStatus get input params failed, ret = %d", ret);
189 break;
190 }
191
192 ret = CmServiceSetCertStatusCheck(store, &certUri, status);
193 if (ret != CM_SUCCESS) {
194 CM_LOG_E("CmServiceSetCertStatusCheck check failed, ret = %d", ret);
195 break;
196 }
197
198 ret = CmServiceSetCertStatus(&cmContext, &certUri, store, status);
199 if (ret != CM_SUCCESS) {
200 CM_LOG_E("set system cert status failed, ret = %d", ret);
201 break;
202 }
203 } while (0);
204 CmReport(__func__, &cmContext, &certUri, ret);
205
206 CmSendResponse(context, ret, NULL);
207 CmReportSGSetCertStatus(&certUri, store, status, ret);
208 CmFreeParamSet(¶mSet);
209 CM_LOG_D("CmIpcServiceSetCertStatus end:%d", ret);
210 }
211
CmIpcServiceInstallAppCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)212 void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
213 const struct CmContext *context)
214 {
215 uint32_t store = CM_CREDENTIAL_STORE;
216 uint32_t userId = 0;
217 struct CmBlob appCert = { 0, NULL };
218 struct CmBlob appCertPwd = { 0, NULL };
219 struct CmBlob certAlias = { 0, NULL };
220 enum CmAuthStorageLevel level;
221 struct CmParamOut params[] = {
222 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &appCert },
223 { .tag = CM_TAG_PARAM1_BUFFER, .blob = &appCertPwd },
224 { .tag = CM_TAG_PARAM2_BUFFER, .blob = &certAlias },
225 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
226 { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &userId },
227 { .tag = CM_TAG_PARAM2_UINT32, .uint32Param = &level },
228 };
229
230 int32_t ret;
231 struct CmContext cmContext = { 0 };
232 struct CmParamSet *paramSet = NULL;
233 do {
234 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
235 if (ret != CM_SUCCESS) {
236 CM_LOG_E("install app cert get input params failed, ret = %d", ret);
237 break;
238 }
239
240 struct CmAppCertParam certParam = { &appCert, &appCertPwd, &certAlias, store, userId, level };
241 ret = CmServicInstallAppCert(&cmContext, &certParam, outData);
242 if (ret != CM_SUCCESS) {
243 CM_LOG_E("service install app cert failed, ret = %d", ret);
244 break;
245 }
246 } while (0);
247
248 struct CmBlob tempBlob = { 0, NULL };
249 CmReport(__func__, &cmContext, &tempBlob, ret);
250
251 CmSendResponse(context, ret, outData);
252 CmReportSGInstallAppCert(&certAlias, store, ret);
253 CmFreeParamSet(¶mSet);
254 CM_LOG_D("CmIpcServiceInstallAppCert end:%d", ret);
255 }
256
CmIpcServiceUninstallAppCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)257 void CmIpcServiceUninstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
258 const struct CmContext *context)
259 {
260 int32_t ret;
261 (void)outData;
262 uint32_t store = CM_CREDENTIAL_STORE;
263 struct CmParamSet *paramSet = NULL;
264 struct CmBlob keyUri = { 0, NULL };
265 struct CmContext cmContext = {0};
266
267 struct CmParamOut params[] = {
268 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri },
269 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
270 };
271
272 do {
273 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
274 if (ret != CM_SUCCESS) {
275 CM_LOG_E("UninstallAppCert get input params failed, ret = %d", ret);
276 break;
277 }
278
279 ret = CmServiceUninstallAppCertCheck(&cmContext, store, &keyUri);
280 if (ret != CM_SUCCESS) {
281 CM_LOG_E("UninstallAppCert CmServiceGetSystemCertCheck failed, ret = %d", ret);
282 break;
283 }
284
285 ret = CmRemoveAppCert(&cmContext, &keyUri, store);
286 if (ret != CM_SUCCESS) {
287 CM_LOG_E("CmRemoveAppCert fail");
288 }
289 } while (0);
290
291 CmReport(__func__, &cmContext, &keyUri, ret);
292 CmSendResponse(context, ret, NULL);
293 CmReportSGUninstallAppCert(&keyUri, store, false, ret);
294 CmFreeParamSet(¶mSet);
295 CM_LOG_D("CmIpcServiceUninstallAppCert end:%d", ret);
296 }
297
CmIpcServiceUninstallAllAppCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)298 void CmIpcServiceUninstallAllAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
299 const struct CmContext *context)
300 {
301 (void)outData;
302 (void)paramSetBlob;
303 int32_t ret = CM_SUCCESS;
304 struct CmContext cmContext = {0};
305
306 do {
307 ret = CmGetProcessInfoForIPC(&cmContext);
308 if (ret != CM_SUCCESS) {
309 CM_LOG_E("CmGetProcessInfoForIPC fail, ret = %d", ret);
310 break;
311 }
312
313 ret = CmRemoveAllAppCert(&cmContext);
314 if (ret != CM_SUCCESS) {
315 CM_LOG_E("CmRemoveAllAppCert fail");
316 break;
317 }
318 } while (0);
319
320 CmReport(__func__, &cmContext, NULL, ret);
321 CmSendResponse(context, ret, NULL);
322 CmReportSGUninstallAppCert(NULL, INIT_INVALID_VALUE, true, ret);
323 CM_LOG_D("CmIpcServiceUninstallAllAppCert end:%d", ret);
324 }
325
GetAppCertInfo(const struct CmBlob * keyUri,struct CmBlob * certType,struct CmBlob * certUri,struct CmBlob * cerAlias)326 static int32_t GetAppCertInfo(const struct CmBlob *keyUri, struct CmBlob *certType,
327 struct CmBlob *certUri, struct CmBlob *cerAlias)
328 {
329 int32_t ret;
330 struct CMUri uri;
331 (void)memset_s(&uri, sizeof(struct CMUri), 0, sizeof(struct CMUri));
332
333 do {
334 ret = CertManagerUriDecode(&uri, (char *)keyUri->data);
335 if (ret != CM_SUCCESS) {
336 CM_LOG_E("CertManagerUriDecode failed");
337 break;
338 }
339 if ((uri.type >= TYPE_COUNT) || (uri.object == NULL)) {
340 CM_LOG_E("uri's type[%u] or object is invalid after decode", uri.type);
341 ret = CMR_ERROR;
342 break;
343 }
344
345 if (memcpy_s(certType->data, certType->size, g_types[uri.type], strlen(g_types[uri.type]) + 1) != EOK) {
346 CM_LOG_E("Failed to copy certType->data");
347 ret = CMR_ERROR;
348 break;
349 }
350 certType->size = strlen(g_types[uri.type]) + 1;
351
352 if (memcpy_s(certUri->data, certUri->size, keyUri->data, keyUri->size) != EOK) {
353 CM_LOG_E("Failed to copy certUri->data");
354 ret = CMR_ERROR;
355 break;
356 }
357 certUri->size = keyUri->size;
358
359 ret = CmGetDisplayNameByURI(keyUri, uri.object, cerAlias);
360 if (ret != CM_SUCCESS) {
361 CM_LOG_E("Failed to CMGetDisplayNameByURI");
362 break;
363 }
364 } while (0);
365
366 CertManagerFreeUri(&uri);
367 return ret;
368 }
369
CmCertListGetAppCertInfo(const struct CmBlob * fileName,struct CmBlob * certType,struct CmBlob * certUri,struct CmBlob * certAlias)370 static int32_t CmCertListGetAppCertInfo(const struct CmBlob *fileName, struct CmBlob *certType,
371 struct CmBlob *certUri, struct CmBlob *certAlias)
372 {
373 char uriBuf[MAX_LEN_URI] = {0};
374 struct CmBlob keyUri = { sizeof(uriBuf), (uint8_t *)uriBuf };
375
376 int32_t ret = CmGetUri((char *)fileName->data, &keyUri);
377 if (ret != CM_SUCCESS) {
378 CM_LOG_E("Get uri failed");
379 return ret;
380 }
381
382 ret = GetAppCertInfo(&keyUri, certType, certUri, certAlias);
383 if (ret != CM_SUCCESS) {
384 CM_LOG_E("GetAppCertInfo failed");
385 return ret;
386 }
387
388 return ret;
389 }
390
CmServiceGetAppCertListPack(struct CmBlob * certificateList,const struct CmBlob * fileNames,const uint32_t fileCount)391 static int32_t CmServiceGetAppCertListPack(struct CmBlob *certificateList, const struct CmBlob *fileNames,
392 const uint32_t fileCount)
393 {
394 /* buff struct: cert count + (cert type + cert uri + cert alias) * MAX_CERT_COUNT */
395 uint32_t buffSize = sizeof(uint32_t) + (sizeof(uint32_t) + MAX_LEN_SUBJECT_NAME + sizeof(uint32_t) +
396 MAX_LEN_URI + sizeof(uint32_t) + MAX_LEN_CERT_ALIAS) * MAX_COUNT_CERTIFICATE;
397 certificateList->data = (uint8_t *)CmMalloc(buffSize);
398 if (certificateList->data == NULL) {
399 return CMR_ERROR_MALLOC_FAIL;
400 }
401 certificateList->size = buffSize;
402
403 uint32_t offset = 0;
404 int32_t ret = CopyUint32ToBuffer(fileCount, certificateList, &offset);
405 if (ret != CM_SUCCESS) {
406 CM_LOG_E("Copy certificate count failed");
407 return ret;
408 }
409
410 for (uint32_t i = 0; i < fileCount; i++) {
411 uint8_t typeBuf[MAX_LEN_SUBJECT_NAME] = {0};
412 struct CmBlob certType = { sizeof(typeBuf), typeBuf };
413 uint8_t certUriBuf[MAX_LEN_URI] = {0};
414 struct CmBlob certUri = { sizeof(certUriBuf), certUriBuf };
415 uint8_t aliasBuf[MAX_LEN_CERT_ALIAS] = {0};
416 struct CmBlob certAlias = { sizeof(aliasBuf), aliasBuf };
417
418 ret = CmCertListGetAppCertInfo(&fileNames[i], &certType, &certUri, &certAlias);
419 if (ret != CM_SUCCESS) {
420 CM_LOG_E("CmCertListGetAppCertInfo failed");
421 return ret;
422 }
423
424 ret = CopyBlobToBuffer(&certType, certificateList, &offset);
425 if (ret != CM_SUCCESS) {
426 CM_LOG_E("Copy certType failed");
427 return ret;
428 }
429
430 ret = CopyBlobToBuffer(&certUri, certificateList, &offset);
431 if (ret != CM_SUCCESS) {
432 CM_LOG_E("Copy certUri failed");
433 return ret;
434 }
435
436 ret = CopyBlobToBuffer(&certAlias, certificateList, &offset);
437 if (ret != CM_SUCCESS) {
438 CM_LOG_E("Copy certAlies failed");
439 return ret;
440 }
441 }
442
443 return ret;
444 }
445
CmIpcServiceGetAppCertList(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)446 void CmIpcServiceGetAppCertList(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
447 const struct CmContext *context)
448 {
449 int32_t ret;
450 (void)outData;
451 uint32_t store;
452 uint32_t fileCount = 0;
453 struct CmContext cmContext = {0};
454 struct CmBlob certificateList = { 0, NULL };
455 struct CmBlob fileNames[MAX_COUNT_CERTIFICATE];
456 uint32_t len = MAX_COUNT_CERTIFICATE * sizeof(struct CmBlob);
457 (void)memset_s(fileNames, len, 0, len);
458 struct CmParamSet *paramSet = NULL;
459 struct CmParamOut params[] = {
460 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
461 };
462
463 do {
464 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
465 if (ret != CM_SUCCESS) {
466 CM_LOG_E("CmIpcServiceGetAppCertList get input params failed, ret = %d", ret);
467 break;
468 }
469
470 ret = CmServiceGetAppCertListCheck(&cmContext, store);
471 if (ret != CM_SUCCESS) {
472 CM_LOG_E("CmServiceGetAppCertListCheck fail, ret = %d", ret);
473 break;
474 }
475
476 ret = CmServiceGetAppCertList(&cmContext, store, fileNames, MAX_COUNT_CERTIFICATE, &fileCount);
477 if (ret != CM_SUCCESS) {
478 CM_LOG_E("Get App cert list fail, ret = %d", ret);
479 break;
480 }
481
482 ret = CmServiceGetAppCertListPack(&certificateList, fileNames, fileCount);
483 if (ret != CM_SUCCESS) {
484 CM_LOG_E("CmServiceGetAppCertListPack pack fail, ret = %d", ret);
485 }
486 } while (0);
487
488 CmReport(__func__, &cmContext, NULL, ret);
489 CmSendResponse(context, ret, &certificateList);
490 CmFreeParamSet(¶mSet);
491 CmFreeFileNames(fileNames, fileCount);
492 CM_FREE_BLOB(certificateList);
493 CM_LOG_D("CmIpcServiceGetAppCertList end:%d", ret);
494 }
495
CmIpcServiceGetCallingAppCertList(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)496 void CmIpcServiceGetCallingAppCertList(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
497 const struct CmContext *context)
498 {
499 int32_t ret;
500 (void)outData;
501 uint32_t store;
502 uint32_t fileCount = 0;
503 struct CmContext cmContext = {0};
504 struct CmBlob certificateList = { 0, NULL };
505 struct CmBlob fileNamesBlob[MAX_COUNT_CERTIFICATE];
506 uint32_t len = MAX_COUNT_CERTIFICATE * sizeof(struct CmBlob);
507 (void)memset_s(fileNamesBlob, len, 0, len);
508 struct CmParamSet *paramSets = NULL;
509 struct CmParamOut params[] = {
510 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
511 };
512
513 do {
514 ret = GetInputParams(paramSetBlob, ¶mSets, &cmContext, params, CM_ARRAY_SIZE(params));
515 if (ret != CM_SUCCESS) {
516 CM_LOG_E("CmIpcServiceGetCallingAppCertList get input params failed, ret = %d", ret);
517 break;
518 }
519
520 ret = CmServiceGetCallingAppCertListCheck(&cmContext, store);
521 if (ret != CM_SUCCESS) {
522 CM_LOG_E("CmServiceGetCallingAppCertListCheck fail, ret = %d", ret);
523 break;
524 }
525
526 ret = CmServiceGetCallingAppCertList(&cmContext, store, fileNamesBlob, MAX_COUNT_CERTIFICATE, &fileCount);
527 if (ret != CM_SUCCESS) {
528 CM_LOG_E("Get calling App cert list fail, ret = %d", ret);
529 break;
530 }
531
532 ret = CmServiceGetAppCertListPack(&certificateList, fileNamesBlob, fileCount);
533 if (ret != CM_SUCCESS) {
534 CM_LOG_E("CmServiceGetAppCertListPack pack fail, ret = %d", ret);
535 }
536 } while (0);
537
538 CmReport(__func__, &cmContext, NULL, ret);
539 CmSendResponse(context, ret, &certificateList);
540 CmFreeParamSet(¶mSets);
541 CmFreeFileNames(fileNamesBlob, fileCount);
542 CM_FREE_BLOB(certificateList);
543 CM_LOG_D("CmServiceGetCallingAppCertListCheck end:%d", ret);
544 }
545
CopyCertificateInfoToBuffer(const struct CmBlob * certBlob,const struct CmBlob * certificateInfo,uint32_t * offset)546 static int32_t CopyCertificateInfoToBuffer(const struct CmBlob *certBlob,
547 const struct CmBlob *certificateInfo, uint32_t *offset)
548 {
549 if (certBlob->size < (sizeof(struct AppCert) - MAX_LEN_CERTIFICATE_CHAIN)) {
550 CM_LOG_E("certInfo size[%u] invalid", certBlob->size);
551 return CMR_ERROR_INVALID_ARGUMENT;
552 }
553
554 struct AppCert *appCert = (struct AppCert *)certBlob->data;
555 if ((certBlob->size - (sizeof(struct AppCert) - MAX_LEN_CERTIFICATE_CHAIN)) < appCert->certSize) {
556 CM_LOG_E("certInfo data size[%u] invalid, certSize[%u]", certBlob->size, appCert->certSize);
557 return CMR_ERROR_INVALID_ARGUMENT;
558 }
559
560 int32_t ret = CopyUint32ToBuffer(appCert->certCount, certificateInfo, offset);
561 if (ret != CM_SUCCESS) {
562 CM_LOG_E("copy appcert->certCount failed");
563 return ret;
564 }
565
566 ret = CopyUint32ToBuffer(appCert->keyCount, certificateInfo, offset);
567 if (ret != CM_SUCCESS) {
568 CM_LOG_E("get appcert->keyCount failed");
569 return ret;
570 }
571
572 struct CmBlob appCertBlob = { appCert->certSize, appCert->appCertdata };
573 ret = CopyBlobToBuffer(&appCertBlob, certificateInfo, offset);
574 if (ret != CM_SUCCESS) {
575 CM_LOG_E("Copy appCertBlob failed");
576 }
577
578 return ret;
579 }
580
CopyCertSize(const struct CmBlob * certBlob,const struct CmBlob * certificateInfo,uint32_t * offset)581 static int32_t CopyCertSize(const struct CmBlob *certBlob, const struct CmBlob *certificateInfo,
582 uint32_t *offset)
583 {
584 uint32_t certCount = (((certBlob->size > 0) && (certBlob->data != NULL)) ? 1 : 0);
585
586 int32_t ret = CopyUint32ToBuffer(certCount, certificateInfo, offset);
587 if (ret != CM_SUCCESS) {
588 CM_LOG_E("copy certificateList->size failed");
589 return ret;
590 }
591 if (certCount == 0) {
592 CM_LOG_E("app cert not exist");
593 return CMR_ERROR_NOT_EXIST;
594 }
595 return ret;
596 }
597
CmAppCertificateInfoPack(struct CmBlob * certificateInfo,const struct CmBlob * certBlob,const struct CmBlob * keyUri)598 static int32_t CmAppCertificateInfoPack(struct CmBlob *certificateInfo,
599 const struct CmBlob *certBlob, const struct CmBlob *keyUri)
600 {
601 /* buff struct: certCount + certType + certAlias + certUri + certNum + keyNum + credData */
602 uint32_t buffSize = sizeof(uint32_t) + sizeof(uint32_t) + MAX_LEN_SUBJECT_NAME +
603 sizeof(uint32_t) + MAX_LEN_CERT_ALIAS + sizeof(uint32_t) + MAX_LEN_URI +
604 sizeof(uint32_t) + sizeof(uint32_t) + sizeof(uint32_t) + MAX_LEN_CERTIFICATE_CHAIN;
605 certificateInfo->data = (uint8_t *)CmMalloc(buffSize);
606 if (certificateInfo->data == NULL) {
607 return CMR_ERROR_MALLOC_FAIL;
608 }
609 certificateInfo->size = buffSize;
610
611 uint32_t offset = 0;
612 if (CopyCertSize(certBlob, certificateInfo, &offset) != CM_SUCCESS) {
613 return CMR_ERROR_NOT_EXIST;
614 }
615
616 uint8_t typeBuf[MAX_LEN_SUBJECT_NAME] = {0};
617 uint8_t certUriBuf[MAX_LEN_URI] = {0};
618 uint8_t aliasBuf[MAX_LEN_CERT_ALIAS] = {0};
619 struct CmBlob certType = { sizeof(typeBuf), typeBuf };
620 struct CmBlob certUri = { sizeof(certUriBuf), certUriBuf };
621 struct CmBlob cerAlias = { sizeof(aliasBuf), aliasBuf };
622 int32_t ret = GetAppCertInfo(keyUri, &certType, &certUri, &cerAlias);
623 if (ret != CM_SUCCESS) {
624 CM_LOG_E("GetAppCertInfo failed");
625 return ret;
626 }
627
628 if (CopyBlobToBuffer(&certType, certificateInfo, &offset) != CM_SUCCESS) {
629 CM_LOG_E("Copy certType failed");
630 return CMR_ERROR;
631 }
632
633 if (CopyBlobToBuffer(&certUri, certificateInfo, &offset) != CM_SUCCESS) {
634 CM_LOG_E("Copy certUri failed");
635 return CMR_ERROR;
636 }
637
638 if (CopyBlobToBuffer(&cerAlias, certificateInfo, &offset) != CM_SUCCESS) {
639 CM_LOG_E("Copy cerAlias failed");
640 return CMR_ERROR;
641 }
642
643 ret = CopyCertificateInfoToBuffer(certBlob, certificateInfo, &offset);
644 if (ret != CM_SUCCESS) {
645 CM_LOG_E("Copy CertificateInfo failed");
646 return ret;
647 }
648
649 return ret;
650 }
651
CmIpcServiceGetAppCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)652 void CmIpcServiceGetAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
653 const struct CmContext *context)
654 {
655 int32_t ret;
656 (void)outData;
657 uint32_t store;
658 struct CmBlob keyUri = { 0, NULL };
659 struct CmBlob certificateInfo = { 0, NULL };
660 struct CmBlob certBlob = { 0, NULL };
661 struct CmContext cmContext = {0};
662 struct CmParamSet *paramSet = NULL;
663 struct CmParamOut params[] = {
664 {
665 .tag = CM_TAG_PARAM0_BUFFER,
666 .blob = &keyUri
667 },
668 {
669 .tag = CM_TAG_PARAM0_UINT32,
670 .uint32Param = &store
671 },
672 };
673 do {
674 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
675 if (ret != CM_SUCCESS) {
676 CM_LOG_E("CmIpcServiceGetAppCert get input params failed, ret = %d", ret);
677 break;
678 }
679
680 ret = CmServiceGetAppCertCheck(&cmContext, store, &keyUri);
681 if (ret != CM_SUCCESS) {
682 CM_LOG_E("GCmServiceGetAppCertCheck fail, ret = %d", ret);
683 break;
684 }
685
686 ret = CmServiceGetAppCert(&cmContext, store, &keyUri, &certBlob);
687 if (ret != CM_SUCCESS) {
688 CM_LOG_E("Get App cert list fail, ret = %d", ret);
689 break;
690 }
691
692 ret = CmAppCertificateInfoPack(&certificateInfo, &certBlob, &keyUri);
693 if (ret != CM_SUCCESS) {
694 CM_LOG_E("CmAppCertificateInfoPack fail, ret = %d", ret);
695 }
696 } while (0);
697
698 CmReport(__func__, &cmContext, &keyUri, ret);
699 CmSendResponse(context, ret, &certificateInfo);
700 CmFreeParamSet(¶mSet);
701 CM_FREE_BLOB(certBlob);
702 CM_FREE_BLOB(certificateInfo);
703 CM_LOG_D("CmIpcServiceGetAppCert end:%d", ret);
704 }
705
GetAuthedList(const struct CmContext * context,const struct CmBlob * keyUri,struct CmBlob * outData)706 static int32_t GetAuthedList(const struct CmContext *context, const struct CmBlob *keyUri, struct CmBlob *outData)
707 {
708 if (outData->size < sizeof(uint32_t)) { /* appUidCount size */
709 CM_LOG_E("invalid outData size[%u]", outData->size);
710 return CMR_ERROR_INVALID_ARGUMENT;
711 }
712
713 uint32_t count = (outData->size - sizeof(uint32_t)) / sizeof(uint32_t);
714 struct CmAppUidList appUidList = { count, NULL };
715 if (count != 0) {
716 appUidList.appUid = (uint32_t *)(outData->data + sizeof(uint32_t));
717 }
718
719 int32_t ret = CmServiceGetAuthorizedAppList(context, keyUri, &appUidList);
720 if (ret != CM_SUCCESS) {
721 CM_LOG_E("service get authed list failed, ret = %d", ret);
722 return ret;
723 }
724
725 /* refresh outData: 1.refresh appUidCount; 2.appUidCount is no bigger than count */
726 (void)memcpy_s(outData->data, sizeof(uint32_t), &appUidList.appUidCount, sizeof(uint32_t));
727 outData->size = sizeof(uint32_t) + sizeof(uint32_t) * appUidList.appUidCount;
728
729 return CM_SUCCESS;
730 }
731
CmIpcServiceGrantAppCertificate(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)732 void CmIpcServiceGrantAppCertificate(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
733 const struct CmContext *context)
734 {
735 struct CmContext cmContext = { 0, 0, {0} };
736 struct CmParamSet *paramSet = NULL;
737 struct CmBlob keyUri = { 0, NULL };
738 uint32_t grantUid = INIT_INVALID_VALUE;
739 int32_t ret;
740 do {
741 struct CmParamOut params[] = {
742 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri },
743 { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &grantUid },
744 };
745 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
746 if (ret != CM_SUCCESS) {
747 CM_LOG_E("get input params failed, ret = %d", ret);
748 break;
749 }
750
751 ret = CmServiceGrantAppCertificate(&cmContext, &keyUri, grantUid, outData);
752 if (ret != CM_SUCCESS) {
753 CM_LOG_E("service grant app failed, ret = %d", ret);
754 break;
755 }
756 } while (0);
757
758 CmReport(__func__, &cmContext, &keyUri, ret);
759
760 CM_LOG_D("CmIpcServiceGrantAppCertificate end:%d", ret);
761 CmSendResponse(context, ret, outData);
762 CmReportSGGrantAppCert(&keyUri, grantUid, false, ret);
763 CmFreeParamSet(¶mSet);
764 }
765
CmIpcServiceGetAuthorizedAppList(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)766 void CmIpcServiceGetAuthorizedAppList(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
767 const struct CmContext *context)
768 {
769 struct CmContext cmContext = { 0, 0, {0} };
770 struct CmParamSet *paramSet = NULL;
771 struct CmBlob keyUri = { 0, NULL };
772
773 int32_t ret;
774 do {
775 struct CmParamOut params[] = {
776 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri },
777 };
778 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
779 if (ret != CM_SUCCESS) {
780 CM_LOG_E("get input params failed, ret = %d", ret);
781 break;
782 }
783
784 ret = GetAuthedList(&cmContext, &keyUri, outData);
785 if (ret != CM_SUCCESS) {
786 CM_LOG_E("get authed app list failed, ret = %d", ret);
787 break;
788 }
789 } while (0);
790 CmReport(__func__, &cmContext, &keyUri, ret);
791
792 CM_LOG_D("CmIpcServiceGetAuthorizedAppList end:%d", ret);
793 CmSendResponse(context, ret, outData);
794 CmFreeParamSet(¶mSet);
795 }
796
CmIpcServiceIsAuthorizedApp(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)797 void CmIpcServiceIsAuthorizedApp(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
798 const struct CmContext *context)
799 {
800 (void)outData;
801 struct CmContext cmContext = { 0, 0, {0} };
802 struct CmParamSet *paramSet = NULL;
803 struct CmBlob authUri = { 0, NULL };
804
805 int32_t ret;
806 do {
807 struct CmParamOut params[] = {
808 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &authUri },
809 };
810 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
811 if (ret != CM_SUCCESS) {
812 CM_LOG_E("get input params failed, ret = %d", ret);
813 break;
814 }
815
816 ret = CmServiceIsAuthorizedApp(&cmContext, &authUri);
817 if (ret != CM_SUCCESS) {
818 CM_LOG_E("service check is authed app failed, ret = %d", ret);
819 break;
820 }
821 } while (0);
822
823 CmReport(__func__, &cmContext, &authUri, ret);
824 CM_LOG_D("CmIpcServiceIsAuthorizedApp end:%d", ret);
825 CmSendResponse(context, ret, NULL);
826 CmFreeParamSet(¶mSet);
827 }
828
CmIpcServiceRemoveGrantedApp(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)829 void CmIpcServiceRemoveGrantedApp(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
830 const struct CmContext *context)
831 {
832 struct CmContext cmContext = { 0, 0, {0} };
833 struct CmParamSet *paramSet = NULL;
834 (void)outData;
835 struct CmBlob keyUri = { 0, NULL };
836 uint32_t appUid = INIT_INVALID_VALUE;
837 int32_t ret;
838 do {
839 struct CmParamOut params[] = {
840 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri },
841 { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &appUid },
842 };
843 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
844 if (ret != CM_SUCCESS) {
845 CM_LOG_E("get input params failed, ret = %d", ret);
846 break;
847 }
848
849 ret = CmServiceRemoveGrantedApp(&cmContext, &keyUri, appUid);
850 if (ret != CM_SUCCESS) {
851 CM_LOG_E("service remove grant app failed, ret = %d", ret);
852 break;
853 }
854 } while (0);
855 CmReport(__func__, &cmContext, &keyUri, ret);
856
857 CM_LOG_D("CmIpcServiceRemoveGrantedApp end:%d", ret);
858 CmSendResponse(context, ret, NULL);
859 CmReportSGGrantAppCert(&keyUri, appUid, true, ret);
860 CmFreeParamSet(¶mSet);
861 }
862
CmIpcServiceInit(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)863 void CmIpcServiceInit(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
864 const struct CmContext *context)
865 {
866 struct CmContext cmContext = { 0, 0, {0} };
867 struct CmParamSet *paramSet = NULL;
868 struct CmBlob authUri = { 0, NULL };
869
870 int32_t ret;
871 do {
872 struct CmBlob specBlob = { 0, NULL };
873 struct CmParamOut params[] = {
874 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &authUri },
875 { .tag = CM_TAG_PARAM1_BUFFER, .blob = &specBlob },
876 };
877 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
878 if (ret != CM_SUCCESS) {
879 CM_LOG_E("get input params failed, ret = %d", ret);
880 break;
881 }
882
883 struct CmSignatureSpec spec = { 0 };
884 if (specBlob.size < sizeof(struct CmSignatureSpec)) {
885 CM_LOG_E("invalid input spec size");
886 ret = CMR_ERROR_INVALID_ARGUMENT;
887 break;
888 }
889 (void)memcpy_s(&spec, sizeof(struct CmSignatureSpec), specBlob.data, sizeof(struct CmSignatureSpec));
890
891 ret = CmServiceInit(&cmContext, &authUri, &spec, outData);
892 if (ret != CM_SUCCESS) {
893 CM_LOG_E("service init failed, ret = %d", ret);
894 break;
895 }
896 } while (0);
897
898 CmReport(__func__, &cmContext, &authUri, ret);
899 CM_LOG_D("CmIpcServiceInit end:%d", ret);
900 CmSendResponse(context, ret, outData);
901 CmFreeParamSet(¶mSet);
902 }
903
CmIpcServiceUpdate(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)904 void CmIpcServiceUpdate(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
905 const struct CmContext *context)
906 {
907 (void)outData;
908 struct CmContext cmContext = { 0, 0, {0} };
909 struct CmParamSet *paramSet = NULL;
910
911 int32_t ret;
912 do {
913 struct CmBlob handleUpdate = { 0, NULL };
914 struct CmBlob inDataUpdate = { 0, NULL };
915 struct CmParamOut params[] = {
916 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &handleUpdate },
917 { .tag = CM_TAG_PARAM1_BUFFER, .blob = &inDataUpdate },
918 };
919 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
920 if (ret != CM_SUCCESS) {
921 CM_LOG_E("get input params failed, ret = %d", ret);
922 break;
923 }
924
925 ret = CmServiceUpdate(&cmContext, &handleUpdate, &inDataUpdate);
926 if (ret != CM_SUCCESS) {
927 CM_LOG_E("service update failed, ret = %d", ret);
928 break;
929 }
930 } while (0);
931
932 CmReport(__func__, &cmContext, NULL, ret);
933 CM_LOG_D("CmIpcServiceUpdate end:%d", ret);
934 CmSendResponse(context, ret, NULL);
935 CmFreeParamSet(¶mSet);
936 }
937
CmIpcServiceFinish(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)938 void CmIpcServiceFinish(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
939 const struct CmContext *context)
940 {
941 struct CmContext cmContext = { 0, 0, {0} };
942 struct CmParamSet *paramSet = NULL;
943
944 int32_t ret;
945 do {
946 struct CmBlob handleFinish = { 0, NULL };
947 struct CmBlob inDataFinish = { 0, NULL };
948 struct CmParamOut params[] = {
949 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &handleFinish },
950 { .tag = CM_TAG_PARAM1_BUFFER, .blob = &inDataFinish },
951 };
952 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
953 if (ret != CM_SUCCESS) {
954 CM_LOG_E("get input params failed, ret = %d", ret);
955 break;
956 }
957
958 ret = CmServiceFinish(&cmContext, &handleFinish, &inDataFinish, outData);
959 if (ret != CM_SUCCESS) {
960 CM_LOG_E("service finish failed, ret = %d", ret);
961 break;
962 }
963 } while (0);
964
965 CmReport(__func__, &cmContext, NULL, ret);
966 CM_LOG_D("CmIpcServiceFinish end:%d", ret);
967 CmSendResponse(context, ret, outData);
968 CmFreeParamSet(¶mSet);
969 }
970
CmIpcServiceAbort(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)971 void CmIpcServiceAbort(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
972 const struct CmContext *context)
973 {
974 (void)outData;
975 struct CmContext cmContext = { 0, 0, {0} };
976 struct CmParamSet *paramSet = NULL;
977
978 int32_t ret;
979 do {
980 struct CmBlob handle = { 0, NULL };
981 struct CmParamOut params[] = {
982 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &handle },
983 };
984 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
985 if (ret != CM_SUCCESS) {
986 CM_LOG_E("get input params failed, ret = %d", ret);
987 break;
988 }
989
990 ret = CmServiceAbort(&cmContext, &handle);
991 if (ret != CM_SUCCESS) {
992 CM_LOG_E("service abort failed, ret = %d", ret);
993 break;
994 }
995 } while (0);
996
997 CmReport(__func__, &cmContext, NULL, ret);
998 CM_LOG_D("CmIpcServiceAbort end:%d", ret);
999 CmSendResponse(context, ret, NULL);
1000 CmFreeParamSet(¶mSet);
1001 }
1002
CmIpcServiceGetUserCertList(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1003 void CmIpcServiceGetUserCertList(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1004 const struct CmContext *context)
1005 {
1006 int32_t ret = CM_SUCCESS;
1007 uint32_t store;
1008 uint32_t userId;
1009 enum CmCertScope scope;
1010 struct CmContext cmContext = {0};
1011 struct CmParamSet *paramSet = NULL;
1012 struct CmMutableBlob certFileList = { 0, NULL };
1013 struct CmParamOut params[] = {
1014 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
1015 { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &userId },
1016 { .tag = CM_TAG_PARAM2_UINT32, .uint32Param = &scope },
1017 };
1018
1019 do {
1020 if (!CmHasCommonPermission()) {
1021 CM_LOG_E("caller no permission");
1022 ret = CMR_ERROR_PERMISSION_DENIED;
1023 break;
1024 }
1025
1026 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
1027 if (ret != CM_SUCCESS) {
1028 CM_LOG_E("GetUserCertList get input params failed, ret = %d", ret);
1029 break;
1030 }
1031
1032 struct UserCAProperty prop = { userId, scope };
1033 ret = CmServiceGetCertList(&cmContext, &prop, store, &certFileList);
1034 if (ret != CM_SUCCESS) {
1035 CM_LOG_E("GetCertList failed, ret = %d", ret);
1036 break;
1037 }
1038
1039 ret = CmServiceGetCertListPack(&cmContext, store, &certFileList, outData);
1040 if (ret != CM_SUCCESS) {
1041 CM_LOG_E("CmServiceGetCertListPack pack fail, ret = %d", ret);
1042 break;
1043 }
1044
1045 CmSendResponse(context, ret, outData);
1046 } while (0);
1047
1048 struct CmBlob tempBlob = { 0, NULL };
1049 CmReport(__func__, &cmContext, &tempBlob, ret);
1050
1051 if (ret != CM_SUCCESS) {
1052 CmSendResponse(context, ret, NULL);
1053 }
1054
1055 if (certFileList.data != NULL) {
1056 CmFreeCertFiles((struct CertFileInfo *)certFileList.data, certFileList.size);
1057 }
1058 CmFreeParamSet(¶mSet);
1059 }
1060
CmIpcServiceGetUserCertInfo(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1061 void CmIpcServiceGetUserCertInfo(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1062 const struct CmContext *context)
1063 {
1064 int32_t ret = CM_SUCCESS;
1065 uint32_t store;
1066 uint32_t status = 0;
1067 struct CmBlob certUri = { 0, NULL };
1068 struct CmBlob certificateData = { 0, NULL };
1069 struct CmContext cmContext = {0};
1070 struct CmParamSet *paramSet = NULL;
1071 struct CmParamOut params[] = {
1072 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri},
1073 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store},
1074 };
1075
1076 do {
1077 if (!CmHasCommonPermission()) {
1078 CM_LOG_E("caller no permission");
1079 ret = CMR_ERROR_PERMISSION_DENIED;
1080 break;
1081 }
1082
1083 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
1084 if (ret != CM_SUCCESS) {
1085 CM_LOG_E("GetUserCertInfo get input params failed, ret = %d", ret);
1086 break;
1087 }
1088
1089 ret = CmServiceGetCertInfo(&cmContext, &certUri, store, &certificateData, &status);
1090 if (ret != CM_SUCCESS) {
1091 CM_LOG_E("GetCertInfo failed, ret = %d", ret);
1092 break;
1093 }
1094
1095 ret = CmServiceGetCertInfoPack(store, &certificateData, status, &certUri, outData);
1096 if (ret != CM_SUCCESS) {
1097 CM_LOG_E("CmServiceGetCertInfoPack pack failed, ret = %d", ret);
1098 break;
1099 }
1100 CmSendResponse(context, ret, outData);
1101 } while (0);
1102 CmReport(__func__, &cmContext, &certUri, ret);
1103 if (ret != CM_SUCCESS) {
1104 CmSendResponse(context, ret, NULL);
1105 }
1106 CM_FREE_BLOB(certificateData);
1107 CmFreeParamSet(¶mSet);
1108 }
1109
CmIpcServiceSetUserCertStatus(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1110 void CmIpcServiceSetUserCertStatus(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1111 const struct CmContext *context)
1112 {
1113 int32_t ret = CM_SUCCESS;
1114 uint32_t store = CM_USER_TRUSTED_STORE;
1115 uint32_t status = INIT_INVALID_VALUE;
1116 struct CmBlob certUri = { 0, NULL };
1117 struct CmContext cmContext = {0};
1118 struct CmParamSet *paramSet = NULL;
1119 struct CmParamOut params[] = {
1120 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri },
1121 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
1122 { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &status },
1123 };
1124
1125 do {
1126 if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) {
1127 CM_LOG_E("caller no permission");
1128 ret = CMR_ERROR_PERMISSION_DENIED;
1129 break;
1130 }
1131 if (!CmIsSystemApp()) {
1132 CM_LOG_E("set user status: caller is not system app");
1133 ret = CMR_ERROR_NOT_SYSTEMP_APP;
1134 break;
1135 }
1136
1137 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
1138 if (ret != CM_SUCCESS) {
1139 CM_LOG_E("SetUserCertStatus get input params failed, ret = %d", ret);
1140 break;
1141 }
1142
1143 ret = CmServiceSetCertStatus(&cmContext, &certUri, store, status);
1144 if (ret != CM_SUCCESS) {
1145 CM_LOG_E("set user cert status failed, ret = %d", ret);
1146 break;
1147 }
1148 ret = CmSetStatusBackupCert(&cmContext, &certUri, store, status);
1149 if (ret != CM_SUCCESS) {
1150 CM_LOG_E("CmSetStatusBackupCert failed, ret = %d", ret);
1151 break;
1152 }
1153 } while (0);
1154
1155 CmReport(__func__, &cmContext, &certUri, ret);
1156 CmSendResponse(context, ret, NULL);
1157 CmReportSGSetCertStatus(&certUri, store, status, ret);
1158 CmFreeParamSet(¶mSet);
1159 }
1160
CmIpcServiceInstallUserCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1161 void CmIpcServiceInstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1162 const struct CmContext *context)
1163 {
1164 int32_t ret = CM_SUCCESS;
1165 struct CmBlob userCert = { 0, NULL };
1166 struct CmBlob certAlias = { 0, NULL };
1167 uint32_t userId = 0;
1168 uint32_t status = CERT_STATUS_ENANLED;
1169 struct CmContext cmContext = {0};
1170 struct CmContext oriContext = {0};
1171 struct CmParamSet *paramSet = NULL;
1172 struct CmParamOut params[] = {
1173 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &userCert },
1174 { .tag = CM_TAG_PARAM1_BUFFER, .blob = &certAlias },
1175 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &userId },
1176 { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &status },
1177 };
1178
1179 do {
1180 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
1181 if (ret != CM_SUCCESS) {
1182 CM_LOG_E("InstallUserCert get input params failed, ret = %d", ret);
1183 break;
1184 }
1185 oriContext.userId = cmContext.userId;
1186 oriContext.uid = cmContext.uid;
1187
1188 ret = CmServiceInstallUserCertCheck(&cmContext, &userCert, &certAlias, userId);
1189 if (ret != CM_SUCCESS) {
1190 CM_LOG_E("CmServiceInstallUserCertCheck fail, ret = %d", ret);
1191 break;
1192 }
1193
1194 ret = CmInstallUserCert(&cmContext, &userCert, &certAlias, status, outData);
1195 if (ret != CM_SUCCESS) {
1196 CM_LOG_E("CertManagerInstallUserCert fail, ret = %d", ret);
1197 break;
1198 }
1199
1200 CmSendResponse(context, ret, outData);
1201 } while (0);
1202
1203 struct CmBlob tempBlob = { 0, NULL };
1204 CmReport(__func__, &oriContext, &tempBlob, ret);
1205
1206 if (ret != CM_SUCCESS) {
1207 CmSendResponse(context, ret, NULL);
1208 }
1209 CmReportSGInstallUserCert(&certAlias, outData, ret);
1210 CmFreeParamSet(¶mSet);
1211 }
1212
CmIpcServiceUninstallUserCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1213 void CmIpcServiceUninstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1214 const struct CmContext *context)
1215 {
1216 (void)outData;
1217 int32_t ret = CM_SUCCESS;
1218 struct CmBlob certUri = { 0, NULL };
1219 struct CmContext cmContext = {0};
1220 struct CmContext oriContext = {0};
1221 struct CmParamSet *paramSet = NULL;
1222 struct CmParamOut params[] = {
1223 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri },
1224 };
1225
1226 do {
1227 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
1228 if (ret != CM_SUCCESS) {
1229 CM_LOG_E("UninstallUserCert get input params failed, ret = %d", ret);
1230 break;
1231 }
1232 oriContext.userId = cmContext.userId;
1233 oriContext.uid = cmContext.uid;
1234
1235 ret = CmServiceUninstallUserCertCheck(&cmContext, &certUri);
1236 if (ret != CM_SUCCESS) {
1237 CM_LOG_E("CmServiceUninstallUserCertCheck fail, ret = %d", ret);
1238 break;
1239 }
1240
1241 ret = CmUninstallUserCert(&cmContext, &certUri);
1242 if (ret != CM_SUCCESS) {
1243 CM_LOG_E("CertManagerUninstallUserCert fail, ret = %d", ret);
1244 break;
1245 }
1246 } while (0);
1247
1248 CmReport(__func__, &oriContext, &certUri, ret);
1249 CmSendResponse(context, ret, NULL);
1250 CmReportSGUninstallUserCert(&certUri, false, ret);
1251 CmFreeParamSet(¶mSet);
1252 }
1253
CmIpcServiceUninstallAllUserCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1254 void CmIpcServiceUninstallAllUserCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1255 const struct CmContext *context)
1256 {
1257 (void)outData;
1258 int32_t ret = CM_SUCCESS;
1259 struct CmContext cmContext = {0};
1260
1261 do {
1262 if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) {
1263 CM_LOG_E("caller no permission");
1264 ret = CMR_ERROR_PERMISSION_DENIED;
1265 break;
1266 }
1267 if (!CmIsSystemApp()) {
1268 CM_LOG_E("uninstall all user cert: caller is not system app");
1269 ret = CMR_ERROR_NOT_SYSTEMP_APP;
1270 break;
1271 }
1272
1273 ret = CmGetProcessInfoForIPC(&cmContext);
1274 if (ret != CM_SUCCESS) {
1275 CM_LOG_E("CmGetProcessInfoForIPC fail, ret = %d", ret);
1276 break;
1277 }
1278
1279 ret = CmUninstallAllUserCert(&cmContext);
1280 if (ret != CM_SUCCESS) {
1281 CM_LOG_E("CertManagerUninstallAllUserCert fail, ret = %d", ret);
1282 break;
1283 }
1284 } while (0);
1285 CmReport(__func__, &cmContext, NULL, ret);
1286 CmSendResponse(context, ret, NULL);
1287 CmReportSGUninstallUserCert(NULL, true, ret);
1288 }
1289
1290