• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef SERVICES_EDM_INCLUDE_EDM_ENTERPRISE_DEVICE_MGR_ABILITY_H
17 #define SERVICES_EDM_INCLUDE_EDM_ENTERPRISE_DEVICE_MGR_ABILITY_H
18 
19 #include <chrono>
20 #include <condition_variable>
21 #include <memory>
22 #include <string>
23 
24 #include "admin_manager.h"
25 #include "common_event_subscriber.h"
26 #include "enterprise_admin_proxy.h"
27 #include "enterprise_device_mgr_stub.h"
28 #include "hilog/log.h"
29 #include "plugin_manager.h"
30 #include "policy_manager.h"
31 #include "policy_struct.h"
32 #include "security_report.h"
33 #include "system_ability.h"
34 
35 #ifdef PASTEBOARD_EDM_ENABLE
36 #include "clipboard_policy_serializer.h"
37 #include "clipboard_utils.h"
38 #include "pasteboard_client.h"
39 #endif
40 
41 namespace OHOS {
42 namespace EDM {
43 class EnterpriseDeviceMgrAbility : public SystemAbility, public EnterpriseDeviceMgrStub {
44     DECLARE_SYSTEM_ABILITY(EnterpriseDeviceMgrAbility);
45 
46 public:
47     EnterpriseDeviceMgrAbility();
48     DISALLOW_COPY_AND_MOVE(EnterpriseDeviceMgrAbility);
49     ~EnterpriseDeviceMgrAbility() override;
50     static sptr<EnterpriseDeviceMgrAbility> GetInstance();
51 
52     ErrCode EnableAdmin(AppExecFwk::ElementName &admin, EntInfo &entInfo, AdminType type, int32_t userId) override;
53     ErrCode DisableAdmin(AppExecFwk::ElementName &admin, int32_t userId) override;
54     ErrCode DisableSuperAdmin(const std::string &bundleName) override;
55     ErrCode HandleDevicePolicy(uint32_t code, AppExecFwk::ElementName &admin, MessageParcel &data, MessageParcel &reply,
56         int32_t userId) override;
57     ErrCode GetDevicePolicy(uint32_t code, MessageParcel &data, MessageParcel &reply, int32_t userId) override;
58     ErrCode CheckAndGetAdminProvisionInfo(uint32_t code, MessageParcel &data, MessageParcel &reply, int32_t userId)
59         override;
60     ErrCode GetEnabledAdmin(AdminType type, std::vector<std::string> &enabledAdminList) override;
61     ErrCode GetEnterpriseInfo(AppExecFwk::ElementName &admin, MessageParcel &reply) override;
62     ErrCode SetEnterpriseInfo(AppExecFwk::ElementName &admin, EntInfo &entInfo) override;
63     ErrCode SubscribeManagedEvent(const AppExecFwk::ElementName &admin, const std::vector<uint32_t> &events) override;
64     ErrCode UnsubscribeManagedEvent(const AppExecFwk::ElementName &admin, const std::vector<uint32_t> &events) override;
65     ErrCode AuthorizeAdmin(const AppExecFwk::ElementName &admin, const std::string &bundleName) override;
66     ErrCode SetDelegatedPolicies(const std::string &parentAdminName, const std::string &bundleName,
67         const std::vector<std::string> &policies) override;
68     ErrCode GetDelegatedPolicies(const std::string &parentAdminName, const std::string &bundleName,
69         std::vector<std::string> &policies) override;
70     ErrCode GetDelegatedBundleNames(const std::string &parentAdminName, const std::string &policyName,
71         std::vector<std::string> &bundleNames) override;
72     ErrCode GetAdmins(std::vector<std::shared_ptr<AAFwk::Want>> &wants) override;
73     bool IsSuperAdmin(const std::string &bundleName) override;
74     bool IsAdminEnabled(AppExecFwk::ElementName &admin, int32_t userId) override;
75     void ConnectAbilityOnSystemEvent(const std::string &bundleName, ManagedEvent event, int32_t userId = 100);
76     std::unordered_map<std::string,
77         std::function<void(EnterpriseDeviceMgrAbility *that, const EventFwk::CommonEventData &data)>>
78         commonEventFuncMap_;
79     std::unordered_map<int32_t,
80         std::function<void(EnterpriseDeviceMgrAbility *that, int32_t systemAbilityId, const std::string &deviceId)>>
81         addSystemAbilityFuncMap_;
82     ErrCode GetSuperAdmin(MessageParcel &reply) override;
83 
84     virtual std::shared_ptr<PermissionChecker> GetPermissionChecker();
85     ErrCode ReplaceSuperAdmin(AppExecFwk::ElementName &oldAdmin, AppExecFwk::ElementName &newAdmin,
86         bool keepPolicy) override;
87 
88 protected:
89     void OnStart() override;
90     void OnStop() override;
91     int32_t Dump(int32_t fd, const std::vector<std::u16string> &args) override;
92     void OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override;
93     void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override;
94 
95 private:
96     void AddCommonEventFuncMap();
97     void AddOnAddSystemAbilityFuncMap();
98     bool SubscribeAppState();
99     bool UnsubscribeAppState();
100     void NotifyAdminEnabled(bool isEnabled);
101     void CheckAndUpdateByodSettingsData();
102     void UpdateClipboardInfo(const std::string &bundleName, int32_t userId);
103     ErrCode RemoveAdminItem(const std::string &adminName, const std::string &policyName, const std::string &policyValue,
104         int32_t userId);
105     ErrCode RemoveAdminAndAdminPolicy(const std::string &adminName, int32_t userId);
106     ErrCode RemoveAdmin(const std::string &adminName, int32_t userId);
107     ErrCode RemoveAdminPolicy(const std::string &adminName, int32_t userId);
108     ErrCode RemoveSubSuperAdminAndAdminPolicy(const std::string &bundleName);
109     ErrCode RemoveSuperAdminAndAdminPolicy(const std::string &bundleName);
110     ErrCode RemoveSubOrSuperAdminAndAdminPolicy(const std::string &bundleName,
111         const std::vector<int32_t> &nonDefaultUserIds);
112     ErrCode GetDevicePolicyFromPlugin(uint32_t code, MessageParcel &data, MessageParcel &reply, int32_t userId);
113     ErrCode CheckGetPolicyParam(MessageParcel &data, std::shared_ptr<IPlugin> &plugin,
114         AppExecFwk::ElementName &elementName, const std::string &permissionTag, int32_t userId);
115     int32_t GetCurrentUserId();
116     ErrCode HandleApplicationEvent(const std::vector<uint32_t> &events, bool subscribe);
117     ErrCode VerifyEnableAdminCondition(AppExecFwk::ElementName &admin, AdminType type, int32_t userId, bool isDebug);
118     ErrCode VerifyEnableAdminConditionCheckExistAdmin(AppExecFwk::ElementName &admin, AdminType type, int32_t userId,
119         bool isDebug);
120     ErrCode VerifyManagedEvent(const AppExecFwk::ElementName &admin, const std::vector<uint32_t> &events);
121     ErrCode UpdateDevicePolicy(uint32_t code, const std::string &bundleName, MessageParcel &data, MessageParcel &reply,
122         int32_t userId);
123     ErrCode CheckDelegatedPolicies(std::shared_ptr<Admin> admin, const std::vector<std::string> &policies);
124     ErrCode CheckReplaceAdmins(AppExecFwk::ElementName &oldAdmin, AppExecFwk::ElementName &newAdmin,
125         std::vector<AppExecFwk::ExtensionAbilityInfo> &abilityInfo, std::vector<std::string> &permissionList);
126     ErrCode HandleKeepPolicy(std::string &adminName, std::string &newAdminName, const Admin &edmAdmin,
127         std::shared_ptr<Admin> adminPtr);
128     ErrCode AddDisallowUninstallApp(const std::string &bundleName);
129     ErrCode DelDisallowUninstallApp(const std::string &bundleName);
130     void AfterEnableAdmin(AppExecFwk::ElementName &admin, AdminType type, int32_t userId);
131 #ifdef COMMON_EVENT_SERVICE_EDM_ENABLE
132     std::shared_ptr<EventFwk::CommonEventSubscriber> CreateEnterpriseDeviceEventSubscriber(
133         EnterpriseDeviceMgrAbility &listener);
134 #endif
135     void OnCommonEventUserAdded(const EventFwk::CommonEventData &data);
136     void OnCommonEventUserSwitched(const EventFwk::CommonEventData &data);
137     void OnCommonEventUserRemoved(const EventFwk::CommonEventData &data);
138     void OnCommonEventPackageAdded(const EventFwk::CommonEventData &data);
139     void OnCommonEventPackageRemoved(const EventFwk::CommonEventData &data);
140     void OnCommonEventPackageChanged(const EventFwk::CommonEventData &data);
141     void OnCommonEventBmsReady(const EventFwk::CommonEventData &data);
142     bool ShouldUnsubscribeAppState(const std::string &adminName, int32_t userId);
143     bool CheckManagedEvent(uint32_t event);
144     void OnAppManagerServiceStart();
145     void OnAbilityManagerServiceStart();
146     void OnCommonEventServiceStart();
147     void ConnectAbilityOnSystemAccountEvent(const int32_t accountId, ManagedEvent event);
148     void ConnectEnterpriseAbility();
149 #ifdef PASTEBOARD_EDM_ENABLE
150     void OnPasteboardServiceStart();
151 #endif
152 #ifdef NET_MANAGER_BASE_EDM_ENABLE
153     void OnNetManagerBaseServiceStart();
154     void HandleDisallowedNetworkInterface(const std::map<std::string, std::string> policyMap);
155 #endif
156 #ifdef USERIAM_EDM_ENABLE
157     void OnUserAuthFrameworkStart();
158 #endif
159 #ifdef USB_EDM_ENABLE
160     void OnUsbServiceStart();
161 #endif
162     void OnRenderSystemStart();
163     void OnWindowManagerServiceStart();
164     bool OnAdminEnabled(const std::string &bundleName, const std::string &abilityName, uint32_t code, int32_t userId,
165         bool isAdminEnabled);
166     void InitAllAdmins();
167     void InitAllPlugins();
168     void InitAllPolices();
169     void RemoveAllDebugAdmin();
170     void AddSystemAbilityListeners();
171     void ConnectAbilityOnSystemUpdate(const UpdateInfo &updateInfo);
172     void OnCommonEventSystemUpdate(const EventFwk::CommonEventData &data);
173     std::shared_ptr<IEdmBundleManager> GetBundleMgr();
174     std::shared_ptr<IEdmAppManager> GetAppMgr();
175     std::shared_ptr<IEdmOsAccountManager> GetOsAccountMgr();
176     // non-thread-safe function
177     ErrCode DoDisableAdmin(const std::string &bundleName, int32_t userId, AdminType adminType);
178     void UnloadPluginTask();
179     void SetPasswordPolicy();
180     void SetFingerprintPolicy();
181 
182     static std::shared_mutex adminLock_;
183     static std::shared_mutex dataLock_;
184     static sptr<EnterpriseDeviceMgrAbility> instance_;
185     std::shared_ptr<PolicyManager> policyMgr_;
186     std::shared_ptr<PluginManager> pluginMgr_;
187     std::unordered_set<std::string> allowDelegatedPolicies_;
188     bool registerToService_ = false;
189     std::shared_ptr<EventFwk::CommonEventSubscriber> commonEventSubscriber = nullptr;
190     sptr<AppExecFwk::IApplicationStateObserver> appStateObserver_;
191     bool pluginHasInit_ = false;
192     bool notifySignal_ = false;
193     std::chrono::system_clock::time_point lastCallTime_;
194     std::condition_variable waitSignal_;
195     std::mutex waitMutex_;
196     bool hasConnect_ = false;
197 };
198 #ifdef COMMON_EVENT_SERVICE_EDM_ENABLE
199 class EnterpriseDeviceEventSubscriber : public EventFwk::CommonEventSubscriber {
200 public:
201     EnterpriseDeviceEventSubscriber(const EventFwk::CommonEventSubscribeInfo &subscribeInfo,
202         EnterpriseDeviceMgrAbility &listener);
203     ~EnterpriseDeviceEventSubscriber() override = default;
204 
205     void OnReceiveEvent(const EventFwk::CommonEventData &data) override;
206 
207 private:
208     EnterpriseDeviceMgrAbility &listener_;
209 };
210 #endif
211 } // namespace EDM
212 } // namespace OHOS
213 #endif // SERVICES_EDM_INCLUDE_EDM_ENTERPRISE_DEVICE_MGR_ABILITY_H
214