1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "sec_comp_stub.h"
16
17 #include "accesstoken_kit.h"
18 #include "ipc_skeleton.h"
19 #include "sec_comp_click_event_parcel.h"
20 #include "sec_comp_enhance_adapter.h"
21 #include "sec_comp_err.h"
22 #include "sec_comp_log.h"
23
24 namespace OHOS {
25 namespace Security {
26 namespace SecurityComponent {
27 namespace {
28 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_SECURITY_COMPONENT, "SecCompStub"};
29 static constexpr int32_t ROOT_UID = 0;
30 static constexpr int32_t BASE_USER_RANGE = 200000;
31 } // namespace
32
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)33 int32_t SecCompStub::OnRemoteRequest(
34 uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option)
35 {
36 std::u16string descripter = SecCompStub::GetDescriptor();
37 std::u16string remoteDescripter = data.ReadInterfaceToken();
38 if (descripter != remoteDescripter) {
39 SC_LOG_ERROR(LABEL, "Deal remote request failed, descriptor is not matched");
40 return SC_SERVICE_ERROR_IPC_REQUEST_FAIL;
41 }
42
43 auto funcIter = requestFuncMap_.find(code);
44 if (funcIter != requestFuncMap_.end()) {
45 auto func = funcIter->second;
46 if (func != nullptr) {
47 return (this->*func)(data, reply);
48 }
49 }
50 return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
51 }
52
RegisterSecurityComponentInner(MessageParcel & data,MessageParcel & reply)53 int32_t SecCompStub::RegisterSecurityComponentInner(MessageParcel& data, MessageParcel& reply)
54 {
55 MessageParcel deserializedData;
56 if (!SecCompEnhanceAdapter::EnhanceSrvDeserialize(data, deserializedData, reply)) {
57 SC_LOG_ERROR(LABEL, "Register deserialize session info failed");
58 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
59 }
60 uint32_t type;
61 if (!deserializedData.ReadUint32(type)) {
62 SC_LOG_ERROR(LABEL, "Register read component type failed");
63 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
64 }
65
66 if (type <= UNKNOWN_SC_TYPE || type >= MAX_SC_TYPE) {
67 SC_LOG_ERROR(LABEL, "Register security component type invalid");
68 return SC_SERVICE_ERROR_VALUE_INVALID;
69 }
70
71 std::string componentInfo;
72 if (!deserializedData.ReadString(componentInfo)) {
73 SC_LOG_ERROR(LABEL, "Register read component info failed");
74 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
75 }
76
77 int32_t scId = INVALID_SC_ID;
78 int32_t res = this->RegisterSecurityComponent(static_cast<SecCompType>(type), componentInfo, scId);
79 MessageParcel rawReply;
80 if (!rawReply.WriteInt32(res)) {
81 SC_LOG_ERROR(LABEL, "Register security component result failed");
82 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
83 }
84
85 if (!rawReply.WriteInt32(scId)) {
86 SC_LOG_ERROR(LABEL, "Register security component result failed");
87 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
88 }
89
90 if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(rawReply, reply)) {
91 SC_LOG_ERROR(LABEL, "Register serialize session info failed");
92 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
93 }
94
95 return SC_OK;
96 }
97
UpdateSecurityComponentInner(MessageParcel & data,MessageParcel & reply)98 int32_t SecCompStub::UpdateSecurityComponentInner(MessageParcel& data, MessageParcel& reply)
99 {
100 MessageParcel deserializedData;
101 if (!SecCompEnhanceAdapter::EnhanceSrvDeserialize(data, deserializedData, reply)) {
102 SC_LOG_ERROR(LABEL, "Update deserialize session info failed");
103 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
104 }
105 int32_t scId;
106 if (!deserializedData.ReadInt32(scId)) {
107 SC_LOG_ERROR(LABEL, "Update read component id failed");
108 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
109 }
110
111 if (scId < 0) {
112 SC_LOG_ERROR(LABEL, "Update security component id invalid");
113 return SC_SERVICE_ERROR_VALUE_INVALID;
114 }
115
116 std::string componentInfo;
117 if (!deserializedData.ReadString(componentInfo)) {
118 SC_LOG_ERROR(LABEL, "Update read component info failed");
119 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
120 }
121
122 int32_t res = this->UpdateSecurityComponent(scId, componentInfo);
123 MessageParcel rawReply;
124 if (!rawReply.WriteInt32(res)) {
125 SC_LOG_ERROR(LABEL, "Update security component result failed");
126 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
127 }
128
129 if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(rawReply, reply)) {
130 SC_LOG_ERROR(LABEL, "Update serialize session info failed");
131 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
132 }
133
134 return res;
135 }
136
UnregisterSecurityComponentInner(MessageParcel & data,MessageParcel & reply)137 int32_t SecCompStub::UnregisterSecurityComponentInner(MessageParcel& data, MessageParcel& reply)
138 {
139 MessageParcel deserializedData;
140 if (!SecCompEnhanceAdapter::EnhanceSrvDeserialize(data, deserializedData, reply)) {
141 SC_LOG_ERROR(LABEL, "Unreigster deserialize session info failed");
142 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
143 }
144 int32_t scId;
145 if (!deserializedData.ReadInt32(scId)) {
146 SC_LOG_ERROR(LABEL, "Unreigster read component id failed");
147 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
148 }
149
150 if (scId < 0) {
151 SC_LOG_ERROR(LABEL, "Unreigster security component id invalid");
152 return SC_SERVICE_ERROR_VALUE_INVALID;
153 }
154
155 int32_t res = this->UnregisterSecurityComponent(scId);
156 MessageParcel rawReply;
157 if (!rawReply.WriteInt32(res)) {
158 SC_LOG_ERROR(LABEL, "Unregister security component result failed");
159 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
160 }
161
162 if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(rawReply, reply)) {
163 SC_LOG_ERROR(LABEL, "Unreigster serialize session info failed");
164 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
165 }
166
167 return SC_OK;
168 }
169
WriteSecurityComponentClickEventResult(int32_t res,MessageParcel & reply,const std::string & message)170 int32_t SecCompStub::WriteSecurityComponentClickEventResult(int32_t res, MessageParcel& reply,
171 const std::string& message)
172 {
173 MessageParcel rawReply;
174 if (!rawReply.WriteInt32(res)) {
175 SC_LOG_ERROR(LABEL, "Report security component result failed");
176 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
177 }
178
179 if (!rawReply.WriteString(message)) {
180 SC_LOG_ERROR(LABEL, "Report security component error message failed");
181 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
182 }
183
184 if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(rawReply, reply)) {
185 SC_LOG_ERROR(LABEL, "Report serialize session info failed");
186 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
187 }
188
189 return SC_OK;
190 }
191
ReportSecurityComponentClickEventInner(MessageParcel & data,MessageParcel & reply)192 int32_t SecCompStub::ReportSecurityComponentClickEventInner(MessageParcel& data, MessageParcel& reply)
193 {
194 sptr<IRemoteObject> callerToken = data.ReadRemoteObject();
195 if (callerToken == nullptr) {
196 SC_LOG_ERROR(LABEL, "callerToken is nullptr");
197 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
198 }
199
200 sptr<IRemoteObject> dialogCallback = data.ReadRemoteObject();
201 if (dialogCallback == nullptr) {
202 SC_LOG_ERROR(LABEL, "dialogCallback is nullptr");
203 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
204 }
205
206 MessageParcel deserializedData;
207 if (!SecCompEnhanceAdapter::EnhanceSrvDeserialize(data, deserializedData, reply)) {
208 SC_LOG_ERROR(LABEL, "Report deserialize session info failed");
209 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
210 }
211 int32_t scId;
212 if (!deserializedData.ReadInt32(scId)) {
213 SC_LOG_ERROR(LABEL, "Report read component id failed");
214 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
215 }
216
217 if (scId < 0) {
218 SC_LOG_ERROR(LABEL, "Report security component id invalid");
219 return SC_SERVICE_ERROR_VALUE_INVALID;
220 }
221
222 std::string componentInfo;
223 if (!deserializedData.ReadString(componentInfo)) {
224 SC_LOG_ERROR(LABEL, "Report read component info failed");
225 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
226 }
227 sptr<SecCompClickEventParcel> clickInfoParcel = deserializedData.ReadParcelable<SecCompClickEventParcel>();
228 if (clickInfoParcel == nullptr) {
229 SC_LOG_ERROR(LABEL, "Report read clickInfo info failed");
230 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
231 }
232
233 SecCompInfo secCompInfo{ scId, componentInfo, clickInfoParcel->clickInfoParams_ };
234 std::string message;
235 int32_t res = this->ReportSecurityComponentClickEvent(secCompInfo, callerToken, dialogCallback, message);
236 return WriteSecurityComponentClickEventResult(res, reply, message);
237 }
238
VerifySavePermissionInner(MessageParcel & data,MessageParcel & reply)239 int32_t SecCompStub::VerifySavePermissionInner(MessageParcel& data, MessageParcel& reply)
240 {
241 if (!IsMediaLibraryCalling()) {
242 SC_LOG_ERROR(LABEL, "Not medialibrary called");
243 return SC_SERVICE_ERROR_CALLER_INVALID;
244 }
245 uint32_t tokenId;
246 if (!data.ReadUint32(tokenId)) {
247 SC_LOG_ERROR(LABEL, "Verify read component id failed");
248 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
249 }
250
251 if (tokenId == 0) {
252 SC_LOG_ERROR(LABEL, "Verify AccessTokenId invalid");
253 return SC_SERVICE_ERROR_VALUE_INVALID;
254 }
255
256 bool res = this->VerifySavePermission(tokenId);
257 if (!reply.WriteBool(res)) {
258 SC_LOG_ERROR(LABEL, "Verify temp save permission result failed");
259 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
260 }
261
262 return SC_OK;
263 }
264
GetEnhanceRemoteObjectInner(MessageParcel & data,MessageParcel & reply)265 int32_t SecCompStub::GetEnhanceRemoteObjectInner(MessageParcel& data, MessageParcel& reply)
266 {
267 MessageParcel deserializedData;
268 if (!SecCompEnhanceAdapter::EnhanceSrvDeserialize(data, deserializedData, reply)) {
269 SC_LOG_ERROR(LABEL, "Get remote obj deserialize session info failed");
270 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
271 }
272 auto res = this->GetEnhanceRemoteObject();
273 MessageParcel rawReply;
274 if (!reply.WriteRemoteObject(res)) {
275 SC_LOG_ERROR(LABEL, "Security component enhance remote object failed");
276 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
277 }
278
279 if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(rawReply, reply)) {
280 SC_LOG_ERROR(LABEL, "Get remote obj serialize session info failed");
281 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
282 }
283
284 return SC_OK;
285 }
286
PreRegisterSecCompProcessInner(MessageParcel & data,MessageParcel & reply)287 int32_t SecCompStub::PreRegisterSecCompProcessInner(MessageParcel& data, MessageParcel& reply)
288 {
289 MessageParcel deserializedData;
290 if (!SecCompEnhanceAdapter::EnhanceSrvDeserialize(data, deserializedData, reply)) {
291 SC_LOG_ERROR(LABEL, "preRegister deserialize session info failed");
292 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
293 }
294 int32_t res = this->PreRegisterSecCompProcess();
295 MessageParcel rawReply;
296 if (!rawReply.WriteInt32(res)) {
297 SC_LOG_ERROR(LABEL, "preRegister write result failed");
298 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
299 }
300
301 if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(rawReply, reply)) {
302 SC_LOG_ERROR(LABEL, "preRegister serialize session info failed");
303 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
304 }
305
306 return SC_OK;
307 }
308
IsMediaLibraryCalling()309 bool SecCompStub::IsMediaLibraryCalling()
310 {
311 int32_t uid = IPCSkeleton::GetCallingUid();
312 if (uid == ROOT_UID) {
313 return true;
314 }
315 int32_t userId = uid / BASE_USER_RANGE;
316 uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID();
317 if (mediaLibraryTokenId_ != tokenCaller) {
318 mediaLibraryTokenId_ = AccessToken::AccessTokenKit::GetHapTokenID(
319 userId, "com.ohos.medialibrary.medialibrarydata", 0);
320 }
321 return tokenCaller == mediaLibraryTokenId_;
322 }
323
SecCompStub()324 SecCompStub::SecCompStub()
325 {
326 requestFuncMap_[static_cast<uint32_t>(SecurityComponentServiceInterfaceCode::REGISTER_SECURITY_COMPONENT)] =
327 &SecCompStub::RegisterSecurityComponentInner;
328 requestFuncMap_[static_cast<uint32_t>(SecurityComponentServiceInterfaceCode::UPDATE_SECURITY_COMPONENT)] =
329 &SecCompStub::UpdateSecurityComponentInner;
330 requestFuncMap_[static_cast<uint32_t>(SecurityComponentServiceInterfaceCode::UNREGISTER_SECURITY_COMPONENT)] =
331 &SecCompStub::UnregisterSecurityComponentInner;
332 requestFuncMap_[static_cast<uint32_t>(
333 SecurityComponentServiceInterfaceCode::REPORT_SECURITY_COMPONENT_CLICK_EVENT)] =
334 &SecCompStub::ReportSecurityComponentClickEventInner;
335 requestFuncMap_[static_cast<uint32_t>(SecurityComponentServiceInterfaceCode::VERIFY_TEMP_SAVE_PERMISSION)] =
336 &SecCompStub::VerifySavePermissionInner;
337 requestFuncMap_[static_cast<uint32_t>(
338 SecurityComponentServiceInterfaceCode::GET_SECURITY_COMPONENT_ENHANCE_OBJECT)] =
339 &SecCompStub::GetEnhanceRemoteObjectInner;
340 requestFuncMap_[static_cast<uint32_t>(
341 SecurityComponentServiceInterfaceCode::PRE_REGISTER_PROCESS)] =
342 &SecCompStub::PreRegisterSecCompProcessInner;
343 }
344
~SecCompStub()345 SecCompStub::~SecCompStub()
346 {
347 SC_LOG_ERROR(LABEL, "~SecCompStub");
348 requestFuncMap_.clear();
349 SC_LOG_ERROR(LABEL, "~SecCompStub end");
350 }
351 } // namespace SecurityComponent
352 } // namespace Security
353 } // namespace OHOS
354