1 /*
2 * Copyright (C) 2024-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <ipc_skeleton.h>
17 #include <system_ability_definition.h>
18
19 #include "hc_log.h"
20 #include "device_auth.h"
21 #include "device_auth_defines.h"
22 #include "ipc_adapt.h"
23 #include "ipc_sdk_defines.h"
24 #include "common_defs.h"
25 #include "hc_thread.h"
26 #include "securec.h"
27 #include "hc_string_vector.h"
28 #include "hidump_adapter.h"
29 #include "string_ex.h"
30 #include "ipc_service_common.h"
31
32 #include "deviceauth_sa.h"
33
34 #ifdef DEV_AUTH_USE_JEMALLOC
35 #include "malloc.h"
36 #endif
37
38 namespace OHOS {
39
40 static const uint32_t RESTORE_CODE = 14701;
41 using IpcCallMap = struct {
42 int32_t (*func)(const IpcDataInfo*, int32_t, uintptr_t);
43 uint32_t id;
44 };
45
46 static IpcCallMap g_ipcCallMaps[] = {
47 {IpcServiceGmRegCallback, IPC_CALL_ID_REG_CB},
48 {IpcServiceGmUnRegCallback, IPC_CALL_ID_UNREG_CB},
49 {IpcServiceGmRegDataChangeListener, IPC_CALL_ID_REG_LISTENER},
50 {IpcServiceGmUnRegDataChangeListener, IPC_CALL_ID_UNREG_LISTENER},
51 {IpcServiceGmCreateGroup, IPC_CALL_ID_CREATE_GROUP},
52 {IpcServiceGmDelGroup, IPC_CALL_ID_DEL_GROUP},
53 {IpcServiceGmAddMemberToGroup, IPC_CALL_ID_ADD_GROUP_MEMBER},
54 {IpcServiceGmDelMemberFromGroup, IPC_CALL_ID_DEL_GROUP_MEMBER},
55 {IpcServiceGmAddMultiMembersToGroup, IPC_CALL_ID_ADD_MULTI_GROUP_MEMBERS},
56 {IpcServiceGmDelMultiMembersFromGroup, IPC_CALL_ID_DEL_MULTI_GROUP_MEMBERS},
57 {IpcServiceGmProcessData, IPC_CALL_ID_GM_PROC_DATA},
58 {IpcServiceGmApplyRegisterInfo, IPC_CALL_ID_APPLY_REG_INFO},
59 {IpcServiceGmCheckAccessToGroup, IPC_CALL_ID_CHECK_ACCESS_TO_GROUP},
60 {IpcServiceGmGetPkInfoList, IPC_CALL_ID_GET_PK_INFO_LIST},
61 {IpcServiceGmGetGroupInfoById, IPC_CALL_ID_GET_GROUP_INFO},
62 {IpcServiceGmGetGroupInfo, IPC_CALL_ID_SEARCH_GROUPS},
63 {IpcServiceGmGetJoinedGroups, IPC_CALL_ID_GET_JOINED_GROUPS},
64 {IpcServiceGmGetRelatedGroups, IPC_CALL_ID_GET_RELATED_GROUPS},
65 {IpcServiceGmGetDeviceInfoById, IPC_CALL_ID_GET_DEV_INFO_BY_ID},
66 {IpcServiceGmGetTrustedDevices, IPC_CALL_ID_GET_TRUST_DEVICES},
67 {IpcServiceGmIsDeviceInGroup, IPC_CALL_ID_IS_DEV_IN_GROUP},
68 {IpcServiceGmCancelRequest, IPC_CALL_GM_CANCEL_REQUEST},
69 {IpcServiceGaProcessData, IPC_CALL_ID_GA_PROC_DATA},
70 {IpcServiceGaAuthDevice, IPC_CALL_ID_AUTH_DEVICE},
71 {IpcServiceGaCancelRequest, IPC_CALL_GA_CANCEL_REQUEST},
72 {IpcServiceGaGetRealInfo, IPC_CALL_ID_GET_REAL_INFO},
73 {IpcServiceGaGetPseudonymId, IPC_CALL_ID_GET_PSEUDONYM_ID},
74 {IpcServiceDaProcessCredential, IPC_CALL_ID_PROCESS_CREDENTIAL},
75 {IpcServiceDaAuthDevice, IPC_CALL_ID_DA_AUTH_DEVICE},
76 {IpcServiceDaProcessData, IPC_CALL_ID_DA_PROC_DATA},
77 {IpcServiceDaCancelRequest, IPC_CALL_ID_DA_CANCEL_REQUEST},
78 {IpcServiceCmAddCredential, IPC_CALL_ID_CM_ADD_CREDENTIAL},
79 {IpcServiceCmRegCredChangeListener, IPC_CALL_ID_CM_REG_LISTENER},
80 {IpcServiceCmUnRegCredChangeListener, IPC_CALL_ID_CM_UNREG_LISTENER},
81 {IpcServiceCmExportCredential, IPC_CALL_ID_CM_EXPORT_CREDENTIAL},
82 {IpcServiceCmQueryCredentialByParams, IPC_CALL_ID_CM_QUERY_CREDENTIAL_BY_PARAMS},
83 {IpcServiceCmQueryCredentialByCredId, IPC_CALL_ID_CM_QUERY_CREDENTIAL_BY_CRED_ID},
84 {IpcServiceCmDeleteCredential, IPC_CALL_ID_CM_DEL_CREDENTIAL},
85 {IpcServiceCmUpdateCredInfo, IPC_CALL_ID_CM_UPDATE_CRED_INFO},
86 {IpcServiceCmAgreeCredential, IPC_CALL_ID_CM_AGREE_CREDENTIAL},
87 {IpcServiceCmDelCredByParams, IPC_CALL_ID_CM_DEL_CRED_BY_PARAMS},
88 {IpcServiceCmBatchUpdateCredentials, IPC_CALL_ID_CM_BATCH_UPDATE_CREDENTIALS},
89 {IpcServiceCaAuthDevice, IPC_CALL_ID_CA_AUTH_DEVICE},
90 {IpcServiceCaProcessCredData, IPC_CALL_ID_CA_PROCESS_CRED_DATA},
91 {IpcServiceAvGetClientSharedKey, IPC_CALL_ID_AV_GET_CLIENT_SHARED_KEY},
92 {IpcServiceAvGetServerSharedKey, IPC_CALL_ID_AV_GET_SERVER_SHARED_KEY},
93 };
94
95 REGISTER_SYSTEM_ABILITY_BY_ID(DeviceAuthAbility, SA_ID_DEVAUTH_SERVICE, true);
96
97 std::mutex DeviceAuthAbility::g_instanceLock;
98 sptr<DeviceAuthAbility> DeviceAuthAbility::g_instance;
99
DeviceAuthAbility(int saId,bool runOnCreate=true)100 DeviceAuthAbility::DeviceAuthAbility(int saId, bool runOnCreate = true) : SystemAbility(saId, runOnCreate)
101 {
102 LOGI("DeviceAuthAbility");
103 }
104
~DeviceAuthAbility()105 DeviceAuthAbility::~DeviceAuthAbility()
106 {
107 LOGI("~DeviceAuthAbility");
108 }
109
SaSetIpcCallMap(uintptr_t ipcInstance,IpcServiceCall method,int32_t methodId)110 __attribute__((no_sanitize("cfi"))) static uint32_t SaSetIpcCallMap(
111 uintptr_t ipcInstance, IpcServiceCall method, int32_t methodId)
112 {
113 if ((method == nullptr) || (methodId <= 0)) {
114 return static_cast<uint32_t>(HC_ERR_INVALID_PARAMS);
115 }
116
117 DeviceAuthAbility *service = reinterpret_cast<DeviceAuthAbility *>(ipcInstance);
118 return static_cast<uint32_t>(service->SetCallMap(method, methodId));
119 }
120
SaAddMethodMap(uintptr_t ipcInstance)121 static int32_t SaAddMethodMap(uintptr_t ipcInstance)
122 {
123 uint32_t ret = 0;
124 for (uint32_t i = 0; i < sizeof(g_ipcCallMaps)/sizeof(g_ipcCallMaps[0]); i++) {
125 ret &= SaSetIpcCallMap(ipcInstance, g_ipcCallMaps[i].func, g_ipcCallMaps[i].id);
126 }
127 return ret;
128 }
129
GetInstance()130 sptr<DeviceAuthAbility> DeviceAuthAbility::GetInstance()
131 {
132 std::lock_guard<std::mutex> autoLock(g_instanceLock);
133 if (g_instance == nullptr) {
134 g_instance = new (std::nothrow) DeviceAuthAbility(SA_ID_DEVAUTH_SERVICE, true);
135 }
136 return g_instance;
137 }
138
DestroyInstance()139 void DeviceAuthAbility::DestroyInstance()
140 {
141 std::lock_guard<std::mutex> autoLock(g_instanceLock);
142 if (g_instance != nullptr) {
143 delete g_instance;
144 g_instance = nullptr;
145 }
146 LOGI("DeviceAuthAbility DestroyInstance done");
147 }
148
Dump(int32_t fd,const std::vector<std::u16string> & args)149 int32_t DeviceAuthAbility::Dump(int32_t fd, const std::vector<std::u16string> &args)
150 {
151 std::vector<std::string> strArgs;
152 for (auto arg : args) {
153 strArgs.emplace_back(Str16ToStr8(arg));
154 }
155 uint32_t argc = strArgs.size();
156 StringVector strArgVec = CreateStrVector();
157 for (uint32_t i = 0; i < argc; i++) {
158 HcString strArg = CreateString();
159 if (!StringSetPointer(&strArg, strArgs[i].c_str())) {
160 LOGE("Failed to set strArg!");
161 DeleteString(&strArg);
162 continue;
163 }
164 if (strArgVec.pushBackT(&strArgVec, strArg) == nullptr) {
165 LOGE("Failed to push strArg to strArgVec!");
166 DeleteString(&strArg);
167 }
168 }
169 DEV_AUTH_DUMP(fd, &strArgVec);
170 DestroyStrVector(&strArgVec);
171 return 0;
172 }
173
OnStart()174 void DeviceAuthAbility::OnStart()
175 {
176 LOGI("DeviceAuthAbility starting ...");
177 int32_t ret = InitDeviceAuthService();
178 if (ret != HC_SUCCESS) {
179 LOGE("DeviceAuthAbility InitDeviceAuthService failed, ret %" LOG_PUB "d", ret);
180 return;
181 }
182
183 ret = MainRescInit();
184 if (ret != HC_SUCCESS) {
185 DestroyDeviceAuthService();
186 LOGE("device auth service main, init work failed");
187 return;
188 }
189
190 sptr<DeviceAuthAbility> serviceInstance = DeviceAuthAbility::GetInstance();
191 if (serviceInstance == nullptr) {
192 LOGE("DeviceAuthAbility GetInstance Failed");
193 DeMainRescInit();
194 DestroyDeviceAuthService();
195 return;
196 }
197
198 uintptr_t serviceInstanceAddress = reinterpret_cast<uintptr_t>(serviceInstance.GetRefPtr());
199 ret = SaAddMethodMap(serviceInstanceAddress);
200 if (ret != HC_SUCCESS) {
201 LOGW("DeviceAuthAbility SaAddMethodMap failed at least once.");
202 }
203
204 if (!Publish(serviceInstance)) {
205 LOGE("DeviceAuthAbility Publish failed");
206 DeviceAuthAbility::DestroyInstance();
207 DeMainRescInit();
208 DestroyDeviceAuthService();
209 return;
210 }
211 LOGI("DeviceAuthAbility start success.");
212 }
213
DevAuthInitMemoryPolicy(void)214 static void DevAuthInitMemoryPolicy(void)
215 {
216 #ifdef DEV_AUTH_USE_JEMALLOC
217 (void)mallopt(M_SET_THREAD_CACHE, M_THREAD_CACHE_DISABLE);
218 (void)mallopt(M_DELAYED_FREE, M_DELAYED_FREE_DISABLE);
219 #endif
220 }
221
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)222 int32_t DeviceAuthAbility::OnRemoteRequest(uint32_t code, MessageParcel &data, MessageParcel &reply,
223 MessageOption &option)
224 {
225 DevAuthInitMemoryPolicy();
226 std::u16string readToken = data.ReadInterfaceToken();
227
228 bool isRestoreCall = ((code == RESTORE_CODE) && (readToken == std::u16string(u"OHOS.Updater.RestoreData")));
229 if (readToken != GetDescriptor() && !isRestoreCall) {
230 LOGE("DeviceAuthAbility [IPC][C->S]: The proxy interface token is invalid!");
231 return -1;
232 }
233 if (isRestoreCall) {
234 return HandleRestoreCall(data, reply);
235 } else {
236 return HandleDeviceAuthCall(code, data, reply, option);
237 }
238 }
239
OnStop()240 void DeviceAuthAbility::OnStop()
241 {
242 LOGI("DeviceAuthAbility OnStop");
243 DeviceAuthAbility::DestroyInstance();
244 DeMainRescInit();
245 DestroyDeviceAuthService();
246 }
247
248 } // namespace OHOS