1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "security_manager_proxy.h"
17
18 #include "edm_constants.h"
19 #include "edm_log.h"
20 #include "func_code.h"
21
22 namespace OHOS {
23 namespace EDM {
24 std::shared_ptr<SecurityManagerProxy> SecurityManagerProxy::instance_ = nullptr;
25 std::once_flag SecurityManagerProxy::flag_;
26 const std::u16string DESCRIPTOR = u"ohos.edm.IEnterpriseDeviceMgr";
27
GetSecurityManagerProxy()28 std::shared_ptr<SecurityManagerProxy> SecurityManagerProxy::GetSecurityManagerProxy()
29 {
30 std::call_once(flag_, []() {
31 if (instance_ == nullptr) {
32 instance_ = std::make_shared<SecurityManagerProxy>();
33 }
34 });
35 return instance_;
36 }
37
GetSecurityPatchTag(MessageParcel & data,std::string & securityPatchTag)38 int32_t SecurityManagerProxy::GetSecurityPatchTag(MessageParcel &data, std::string &securityPatchTag)
39 {
40 EDMLOGD("SecurityManagerProxy::GetSecurityPatchTag");
41 MessageParcel reply;
42 EnterpriseDeviceMgrProxy::GetInstance()->GetPolicy(EdmInterfaceCode::GET_SECURITY_PATCH_TAG, data, reply);
43 int32_t ret = ERR_INVALID_VALUE;
44 bool blRes = reply.ReadInt32(ret) && (ret == ERR_OK);
45 if (!blRes) {
46 EDMLOGE("EnterpriseDeviceMgrProxy:GetPolicy fail. %{public}d", ret);
47 return ret;
48 }
49 reply.ReadString(securityPatchTag);
50 return ret;
51 }
52
GetSecurityPatchTag(const AppExecFwk::ElementName & admin,std::string & securityPatchTag)53 int32_t SecurityManagerProxy::GetSecurityPatchTag(const AppExecFwk::ElementName &admin, std::string &securityPatchTag)
54 {
55 EDMLOGD("SecurityManagerProxy::GetSecurityPatchTag");
56 MessageParcel data;
57 MessageParcel reply;
58 data.WriteInterfaceToken(DESCRIPTOR);
59 data.WriteInt32(WITHOUT_USERID);
60 data.WriteString(WITHOUT_PERMISSION_TAG);
61 data.WriteInt32(HAS_ADMIN);
62 data.WriteParcelable(&admin);
63 EnterpriseDeviceMgrProxy::GetInstance()->GetPolicy(EdmInterfaceCode::GET_SECURITY_PATCH_TAG, data, reply);
64 int32_t ret = ERR_INVALID_VALUE;
65 bool blRes = reply.ReadInt32(ret) && (ret == ERR_OK);
66 if (!blRes) {
67 EDMLOGE("EnterpriseDeviceMgrProxy:GetPolicy fail. %{public}d", ret);
68 return ret;
69 }
70 reply.ReadString(securityPatchTag);
71 return ret;
72 }
73
GetDeviceEncryptionStatus(const AppExecFwk::ElementName & admin,DeviceEncryptionStatus & deviceEncryptionStatus)74 int32_t SecurityManagerProxy::GetDeviceEncryptionStatus(const AppExecFwk::ElementName &admin,
75 DeviceEncryptionStatus &deviceEncryptionStatus)
76 {
77 EDMLOGD("SecurityManagerProxy::GetDeviceEncryptionStatus");
78 MessageParcel data;
79 MessageParcel reply;
80 data.WriteInterfaceToken(DESCRIPTOR);
81 data.WriteInt32(WITHOUT_USERID);
82 data.WriteString(WITHOUT_PERMISSION_TAG);
83 data.WriteInt32(HAS_ADMIN);
84 data.WriteParcelable(&admin);
85 EnterpriseDeviceMgrProxy::GetInstance()->GetPolicy(EdmInterfaceCode::GET_DEVICE_ENCRYPTION_STATUS, data, reply);
86 int32_t ret = ERR_INVALID_VALUE;
87 bool blRes = reply.ReadInt32(ret) && (ret == ERR_OK);
88 if (!blRes) {
89 EDMLOGW("EnterpriseDeviceMgrProxy:GetPolicy fail. %{public}d", ret);
90 return ret;
91 }
92 reply.ReadBool(deviceEncryptionStatus.isEncrypted);
93 return ERR_OK;
94 }
95
GetDeviceEncryptionStatus(MessageParcel & data,DeviceEncryptionStatus & deviceEncryptionStatus)96 int32_t SecurityManagerProxy::GetDeviceEncryptionStatus(MessageParcel &data,
97 DeviceEncryptionStatus &deviceEncryptionStatus)
98 {
99 EDMLOGD("SecurityManagerProxy::GetDeviceEncryptionStatus");
100 MessageParcel reply;
101 EnterpriseDeviceMgrProxy::GetInstance()->GetPolicy(EdmInterfaceCode::GET_DEVICE_ENCRYPTION_STATUS, data, reply);
102 int32_t ret = ERR_INVALID_VALUE;
103 bool blRes = reply.ReadInt32(ret) && (ret == ERR_OK);
104 if (!blRes) {
105 EDMLOGW("EnterpriseDeviceMgrProxy:GetPolicy fail. %{public}d", ret);
106 return ret;
107 }
108 reply.ReadBool(deviceEncryptionStatus.isEncrypted);
109 return ERR_OK;
110 }
111
SetPasswordPolicy(MessageParcel & data)112 int32_t SecurityManagerProxy::SetPasswordPolicy(MessageParcel &data)
113 {
114 EDMLOGD("SecurityManagerProxy::SetPasswordPolicy");
115 std::uint32_t funcCode =
116 POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::SET, EdmInterfaceCode::PASSWORD_POLICY);
117 return EnterpriseDeviceMgrProxy::GetInstance()->HandleDevicePolicy(funcCode, data);
118 }
119
GetPasswordPolicy(PasswordPolicy & policy)120 int32_t SecurityManagerProxy::GetPasswordPolicy(PasswordPolicy &policy)
121 {
122 EDMLOGD("SecurityManagerProxy::GetPasswordPolicy innerapi");
123 return GetPasswordPolicy(nullptr, policy);
124 }
125
GetPasswordPolicy(const AppExecFwk::ElementName & admin,PasswordPolicy & policy)126 int32_t SecurityManagerProxy::GetPasswordPolicy(const AppExecFwk::ElementName &admin, PasswordPolicy &policy)
127 {
128 EDMLOGD("SecurityManagerProxy::GetPasswordPolicy");
129 return GetPasswordPolicy(&admin, policy);
130 }
131
GetPasswordPolicy(const AppExecFwk::ElementName * admin,PasswordPolicy & policy)132 int32_t SecurityManagerProxy::GetPasswordPolicy(const AppExecFwk::ElementName *admin, PasswordPolicy &policy)
133 {
134 MessageParcel data;
135 MessageParcel reply;
136 data.WriteInterfaceToken(DESCRIPTOR);
137 data.WriteInt32(WITHOUT_USERID);
138 if (admin == nullptr) {
139 data.WriteString(EdmConstants::PERMISSION_TAG_SYSTEM_API);
140 data.WriteInt32(WITHOUT_ADMIN);
141 } else {
142 data.WriteString(WITHOUT_PERMISSION_TAG);
143 data.WriteInt32(HAS_ADMIN);
144 data.WriteParcelable(admin);
145 }
146 EnterpriseDeviceMgrProxy::GetInstance()->GetPolicy(EdmInterfaceCode::PASSWORD_POLICY, data, reply);
147 int32_t ret = ERR_INVALID_VALUE;
148 reply.ReadInt32(ret);
149 if (ret != ERR_OK) {
150 EDMLOGW("EnterpriseDeviceMgrProxy:GetPolicy fail. %{public}d", ret);
151 return ret;
152 }
153 policy.complexityReg = reply.ReadString();
154 reply.ReadInt64(policy.validityPeriod);
155 policy.additionalDescription = reply.ReadString();
156 return ERR_OK;
157 }
158
GetRootCheckStatus(const AppExecFwk::ElementName & admin,std::string & info)159 int32_t SecurityManagerProxy::GetRootCheckStatus(const AppExecFwk::ElementName &admin, std::string &info)
160 {
161 EDMLOGD("SecurityManagerProxy::GetRootCheckStatus");
162 MessageParcel data;
163 MessageParcel reply;
164 data.WriteInterfaceToken(DESCRIPTOR);
165 data.WriteInt32(WITHOUT_USERID);
166 data.WriteString(WITHOUT_PERMISSION_TAG);
167 data.WriteInt32(HAS_ADMIN);
168 data.WriteParcelable(&admin);
169 std::uint32_t funcCode =
170 POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::GET, EdmInterfaceCode::POLICY_CODE_END + 8);
171 EnterpriseDeviceMgrProxy::GetInstance()->GetPolicy(funcCode, data, reply);
172 int32_t ret = ERR_INVALID_VALUE;
173 bool blRes = reply.ReadInt32(ret) && (ret == ERR_OK);
174 if (!blRes) {
175 EDMLOGW("EnterpriseDeviceMgrProxy:GetPolicy fail. %{public}d", ret);
176 return ret;
177 }
178 reply.ReadString(info);
179 return ERR_OK;
180 }
181
SetAppClipboardPolicy(MessageParcel & data)182 int32_t SecurityManagerProxy::SetAppClipboardPolicy(MessageParcel &data)
183 {
184 EDMLOGD("SecurityManagerProxy::SetAppClipboardPolicy");
185 std::uint32_t funcCode =
186 POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::SET, EdmInterfaceCode::CLIPBOARD_POLICY);
187 return EnterpriseDeviceMgrProxy::GetInstance()->HandleDevicePolicy(funcCode, data);
188 }
189
GetAppClipboardPolicy(MessageParcel & data,std::string & policy)190 int32_t SecurityManagerProxy::GetAppClipboardPolicy(MessageParcel &data, std::string &policy)
191 {
192 EDMLOGD("SecurityManagerProxy::GetAppClipboardPolicy");
193 MessageParcel reply;
194 EnterpriseDeviceMgrProxy::GetInstance()->GetPolicy(EdmInterfaceCode::CLIPBOARD_POLICY, data, reply);
195 int32_t ret = ERR_INVALID_VALUE;
196 reply.ReadInt32(ret);
197 if (ret != ERR_OK) {
198 EDMLOGW("EnterpriseDeviceMgrProxy:GetPolicy fail. %{public}d", ret);
199 return ret;
200 }
201 policy = reply.ReadString();
202 return ERR_OK;
203 }
204
SetWatermarkImage(const AppExecFwk::ElementName & admin,std::shared_ptr<WatermarkParam> param)205 int32_t SecurityManagerProxy::SetWatermarkImage(const AppExecFwk::ElementName &admin,
206 std::shared_ptr<WatermarkParam> param)
207 {
208 EDMLOGD("SecurityManagerProxy::SetWatermarkImage");
209 MessageParcel data;
210 std::uint32_t funcCode =
211 POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::SET, EdmInterfaceCode::WATERMARK_IMAGE);
212 data.WriteInterfaceToken(DESCRIPTOR);
213 data.WriteInt32(WITHOUT_USERID);
214 data.WriteParcelable(&admin);
215 data.WriteString(WITHOUT_PERMISSION_TAG);
216 data.WriteString(EdmConstants::SecurityManager::SET_SINGLE_WATERMARK_TYPE);
217 data.WriteString(param->bundleName);
218 data.WriteInt32(param->accountId);
219 data.WriteInt32(param->width);
220 data.WriteInt32(param->height);
221 data.WriteInt32(param->size);
222 data.WriteRawData(reinterpret_cast<const void*>(param->pixels), param->size);
223 return EnterpriseDeviceMgrProxy::GetInstance()->HandleDevicePolicy(funcCode, data);
224 }
225
CancelWatermarkImage(MessageParcel & data)226 int32_t SecurityManagerProxy::CancelWatermarkImage(MessageParcel &data)
227 {
228 EDMLOGD("SecurityManagerProxy::CancelWatermarkImage");
229 std::uint32_t funcCode =
230 POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::REMOVE, EdmInterfaceCode::WATERMARK_IMAGE);
231 return EnterpriseDeviceMgrProxy::GetInstance()->HandleDevicePolicy(funcCode, data);
232 }
233
InstallUserCertificate(const AppExecFwk::ElementName & admin,const CertBlobCA & certblobCA,std::string & result,std::string & innerCodeMsg)234 int32_t SecurityManagerProxy::InstallUserCertificate(const AppExecFwk::ElementName &admin,
235 const CertBlobCA &certblobCA, std::string &result, std::string &innerCodeMsg)
236 {
237 EDMLOGD("SecurityManagerProxy::InstallUserCertificate");
238 MessageParcel data;
239 MessageParcel reply;
240 std::uint32_t funcCode =
241 POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::SET, EdmInterfaceCode::INSTALL_CERTIFICATE);
242 data.WriteInterfaceToken(DESCRIPTOR);
243 data.WriteInt32(WITHOUT_USERID);
244 data.WriteParcelable(&admin);
245 data.WriteString(WITHOUT_PERMISSION_TAG);
246 data.WriteUInt8Vector(certblobCA.certArray);
247 data.WriteString(certblobCA.alias);
248 data.WriteInt32(certblobCA.accountId);
249 ErrCode ret = EnterpriseDeviceMgrProxy::GetInstance()->HandleDevicePolicy(funcCode, data, reply);
250 EDMLOGI("DeviceSettingsProxy::InstallUserCertificate : %{public}d.", ret);
251 if (ret == ERR_OK) {
252 result = reply.ReadString();
253 } else if (ret == EdmReturnErrCode::MANAGED_CERTIFICATE_FAILED) {
254 innerCodeMsg = reply.ReadString();
255 }
256 return ret;
257 }
258
GetUserCertificates(MessageParcel & data,std::vector<std::string> & uriList)259 int32_t SecurityManagerProxy::GetUserCertificates(MessageParcel &data, std::vector<std::string> &uriList)
260 {
261 EDMLOGD("SecurityManagerProxy::GetUserCertificates");
262 MessageParcel reply;
263 EnterpriseDeviceMgrProxy::GetInstance()->GetPolicy(EdmInterfaceCode::INSTALL_CERTIFICATE, data, reply);
264 int32_t ret = ERR_INVALID_VALUE;
265 reply.ReadInt32(ret);
266 if (ret == ERR_OK) {
267 reply.ReadStringVector(&uriList);
268 }
269 return ret;
270 }
271 } // namespace EDM
272 } // namespace OHOS
273