1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "sec_comp_kit.h"
16
17 #include "bundle_mgr_client.h"
18 #include "hisysevent.h"
19 #include "ipc_skeleton.h"
20 #include "sec_comp_caller_authorization.h"
21 #include "sec_comp_client.h"
22 #include "sec_comp_dialog_callback.h"
23 #include "sec_comp_enhance_adapter.h"
24 #include "sec_comp_log.h"
25
26 namespace OHOS {
27 namespace Security {
28 namespace SecurityComponent {
29 namespace {
30 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_SECURITY_COMPONENT, "SecCompKit"};
31 } // namespace
32
RegisterSecurityComponent(SecCompType type,std::string & componentInfo,int32_t & scId)33 int32_t SecCompKit::RegisterSecurityComponent(SecCompType type,
34 std::string& componentInfo, int32_t& scId)
35 {
36 if (!SecCompCallerAuthorization::GetInstance().IsKitCaller(
37 reinterpret_cast<uintptr_t>(__builtin_return_address(0)))) {
38 SC_LOG_ERROR(LABEL, "register security component fail, caller invalid");
39 int32_t uid = IPCSkeleton::GetCallingUid();
40 OHOS::AppExecFwk::BundleMgrClient bmsClient;
41 std::string bundleName = "";
42 bmsClient.GetNameForUid(uid, bundleName);
43 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CALLER_CHECK_FAILED",
44 HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName,
45 "CALLER_PID", IPCSkeleton::GetCallingRealPid(), "CALL_SCENE", "REGITSTER");
46 return SC_SERVICE_ERROR_CALLER_INVALID;
47 }
48
49 if (!SecCompEnhanceAdapter::EnhanceDataPreprocess(componentInfo)) {
50 SC_LOG_ERROR(LABEL, "Preprocess security component fail");
51 return SC_ENHANCE_ERROR_VALUE_INVALID;
52 }
53
54 int32_t res = SecCompClient::GetInstance().RegisterSecurityComponent(type, componentInfo, scId);
55 if (res != SC_OK) {
56 SC_LOG_ERROR(LABEL, "register security component fail, error: %{public}d", res);
57 return res;
58 }
59 SecCompEnhanceAdapter::RegisterScIdEnhance(scId);
60 return res;
61 }
62
UpdateSecurityComponent(int32_t scId,std::string & componentInfo)63 int32_t SecCompKit::UpdateSecurityComponent(int32_t scId, std::string& componentInfo)
64 {
65 if (!SecCompCallerAuthorization::GetInstance().IsKitCaller(
66 reinterpret_cast<uintptr_t>(__builtin_return_address(0)))) {
67 SC_LOG_ERROR(LABEL, "update security component fail, caller invalid");
68 int32_t uid = IPCSkeleton::GetCallingUid();
69 OHOS::AppExecFwk::BundleMgrClient bmsClient;
70 std::string bundleName = "";
71 bmsClient.GetNameForUid(uid, bundleName);
72 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CALLER_CHECK_FAILED",
73 HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName,
74 "CALLER_PID", IPCSkeleton::GetCallingRealPid(), "CALL_SCENE", "UPDATE");
75 return SC_SERVICE_ERROR_CALLER_INVALID;
76 }
77
78 if (!SecCompEnhanceAdapter::EnhanceDataPreprocess(scId, componentInfo)) {
79 SC_LOG_ERROR(LABEL, "Preprocess security component fail");
80 return SC_ENHANCE_ERROR_VALUE_INVALID;
81 }
82
83 int32_t res = SecCompClient::GetInstance().UpdateSecurityComponent(scId, componentInfo);
84 if (res != SC_OK) {
85 SC_LOG_ERROR(LABEL, "update security component fail, error: %{public}d", res);
86 }
87 return res;
88 }
89
UnregisterSecurityComponent(int32_t scId)90 int32_t SecCompKit::UnregisterSecurityComponent(int32_t scId)
91 {
92 int32_t res = SecCompClient::GetInstance().UnregisterSecurityComponent(scId);
93 SecCompEnhanceAdapter::UnregisterScIdEnhance(scId);
94 if (res != SC_OK) {
95 SC_LOG_ERROR(LABEL, "unregister security component fail, error: %{public}d", res);
96 return res;
97 }
98 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "UNREGISTER_SUCCESS",
99 HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "CALLER_UID", IPCSkeleton::GetCallingUid(),
100 "CALLER_PID", IPCSkeleton::GetCallingRealPid(), "SC_ID", scId);
101 return res;
102 }
103
ReportSecurityComponentClickEvent(SecCompInfo & secCompInfo,sptr<IRemoteObject> callerToken,OnFirstUseDialogCloseFunc && callback,std::string & message)104 int32_t SecCompKit::ReportSecurityComponentClickEvent(SecCompInfo& secCompInfo,
105 sptr<IRemoteObject> callerToken, OnFirstUseDialogCloseFunc&& callback, std::string& message)
106 {
107 if (!SecCompCallerAuthorization::GetInstance().IsKitCaller(
108 reinterpret_cast<uintptr_t>(__builtin_return_address(0)))) {
109 SC_LOG_ERROR(LABEL, "report click event fail, caller invalid");
110 int32_t uid = IPCSkeleton::GetCallingUid();
111 OHOS::AppExecFwk::BundleMgrClient bmsClient;
112 std::string bundleName = "";
113 bmsClient.GetNameForUid(uid, bundleName);
114 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CALLER_CHECK_FAILED",
115 HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName,
116 "CALLER_PID", IPCSkeleton::GetCallingRealPid(), "CALL_SCENE", "CLICK");
117 return SC_SERVICE_ERROR_CALLER_INVALID;
118 }
119
120 if (callback == nullptr) {
121 SC_LOG_ERROR(LABEL, "DialogCloseCallback is null");
122 return SC_ENHANCE_ERROR_VALUE_INVALID;
123 }
124
125 sptr<IRemoteObject> callbackRemote = new (std::nothrow) SecCompDialogCallback(std::move(callback));
126 if (callbackRemote == nullptr) {
127 SC_LOG_ERROR(LABEL, "New SecCompDialogCallback fail");
128 return SC_SERVICE_ERROR_MEMORY_OPERATE_FAIL;
129 }
130
131 if (!SecCompEnhanceAdapter::EnhanceDataPreprocess(secCompInfo.scId, secCompInfo.componentInfo)) {
132 SC_LOG_ERROR(LABEL, "Preprocess security component fail");
133 return SC_ENHANCE_ERROR_VALUE_INVALID;
134 }
135
136 int32_t res = SecCompClient::GetInstance().ReportSecurityComponentClickEvent(secCompInfo,
137 callerToken, callbackRemote, message);
138 if (res != SC_OK) {
139 SC_LOG_ERROR(LABEL, "report click event fail, error: %{public}d", res);
140 }
141 return res;
142 }
143
VerifySavePermission(AccessToken::AccessTokenID tokenId)144 bool SecCompKit::VerifySavePermission(AccessToken::AccessTokenID tokenId)
145 {
146 bool res =
147 SecCompClient::GetInstance().VerifySavePermission(tokenId);
148 if (!res) {
149 SC_LOG_ERROR(LABEL, "verify temp save permission, error: %{public}d", res);
150 }
151 return res;
152 }
153
GetEnhanceRemoteObject(bool isLoad)154 sptr<IRemoteObject> SecCompKit::GetEnhanceRemoteObject(bool isLoad)
155 {
156 return SecCompClient::GetInstance().GetEnhanceRemoteObject(isLoad);
157 }
158
PreRegisterSecCompProcess()159 int32_t SecCompKit::PreRegisterSecCompProcess()
160 {
161 return SecCompClient::GetInstance().PreRegisterSecCompProcess();
162 }
163
IsServiceExist()164 bool SecCompKit::IsServiceExist()
165 {
166 return SecCompClient::GetInstance().IsServiceExist();
167 }
168
LoadService()169 bool SecCompKit::LoadService()
170 {
171 return SecCompClient::GetInstance().LoadService();
172 }
173
IsSystemAppCalling()174 bool SecCompKit::IsSystemAppCalling()
175 {
176 return SecCompClient::GetInstance().IsSystemAppCalling();
177 }
178 } // namespace SecurityComponent
179 } // namespace Security
180 } // namespace OHOS
181