1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "iservice_registry.h"
16 #include "data_collect_manager.h"
17 #include <chrono>
18 #include "data_collect_manager_proxy.h"
19 #include "security_event_ruler.h"
20 #include "security_event_query_callback_service.h"
21 #include "security_guard_define.h"
22 #include "acquire_data_manager_callback_service.h"
23 #include "security_event_filter.h"
24 #include "security_guard_log.h"
25 #include "security_guard_utils.h"
26 #include "data_collect_manager_callback_service.h"
27 #include "security_collector_manager_callback_service.h"
28 #include "security_collector_subscribe_info.h"
29
30 namespace {
31 constexpr uint32_t MAX_RESUB_COUNTS = 3;
32 const std::string SECURITY_GROUP = "securityGroup";
33 }
34 namespace OHOS::Security::SecurityGuard {
GetInstance()35 DataCollectManager& DataCollectManager::GetInstance()
36 {
37 static DataCollectManager instance;
38 return instance;
39 };
40
DataCollectManager()41 DataCollectManager::DataCollectManager() : callback_(new (std::nothrow) AcquireDataManagerCallbackService())
42 {
43 auto func = [this](const SecurityCollector::Event &event) {
44 std::lock_guard<std::mutex> lock(mutex_);
45 for (const auto &iter : subscribers_) {
46 if (iter->GetSubscribeInfo().GetEvent().eventId == event.eventId) {
47 iter->OnNotify(event);
48 }
49 }
50 };
51 if (callback_ != nullptr) {
52 callback_->RegistCallBack(func);
53 std::string timeStr = std::to_string(std::chrono::steady_clock::now().time_since_epoch().count());
54 std::string ptrStr = std::to_string(reinterpret_cast<int64_t>(callback_.GetRefPtr()));
55 std::size_t hash = std::hash<std::string>{}(timeStr + ptrStr);
56 sdkFlag_ = std::to_string(hash);
57 }
58 }
59
QuerySecurityEvent(std::vector<SecurityCollector::SecurityEventRuler> rulers,std::shared_ptr<SecurityEventQueryCallback> callback)60 int32_t DataCollectManager::QuerySecurityEvent(std::vector<SecurityCollector::SecurityEventRuler> rulers,
61 std::shared_ptr<SecurityEventQueryCallback> callback)
62 {
63 return QuerySecurityEvent(rulers, callback, SECURITY_GROUP);
64 }
65
QuerySecurityEvent(std::vector<SecurityCollector::SecurityEventRuler> rulers,std::shared_ptr<SecurityEventQueryCallback> callback,const std::string & eventGroup)66 int32_t DataCollectManager::QuerySecurityEvent(std::vector<SecurityCollector::SecurityEventRuler> rulers,
67 std::shared_ptr<SecurityEventQueryCallback> callback, const std::string &eventGroup)
68 {
69 if (callback == nullptr) {
70 SGLOGE("callback is null");
71 return NULL_OBJECT;
72 }
73 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
74 if (registry == nullptr) {
75 SGLOGE("GetSystemAbilityManager error");
76 return FAILED;
77 }
78
79 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
80 auto proxy = iface_cast<IDataCollectManager>(object);
81 if (proxy == nullptr) {
82 SGLOGE("proxy is null");
83 return NULL_OBJECT;
84 }
85
86 auto obj = new (std::nothrow) SecurityEventQueryCallbackService(callback);
87 if (obj == nullptr) {
88 SGLOGE("obj is null");
89 return NULL_OBJECT;
90 }
91
92 int32_t ret = proxy->QuerySecurityEvent(rulers, obj, eventGroup);
93 if (ret != 0) {
94 SGLOGE("QuerySecurityEvent error, ret=%{public}d", ret);
95 return ret;
96 }
97 return 0;
98 }
99
QuerySecurityEventConfig(std::string & result)100 int32_t DataCollectManager::QuerySecurityEventConfig(std::string &result)
101 {
102 SGLOGI("Start DataCollectManager QuerySecurityEventConfig");
103 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
104 if (registry == nullptr) {
105 SGLOGE("GetSystemAbilityManager error");
106 return FAILED;
107 }
108 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
109 if (object == nullptr) {
110 SGLOGE("object is nullptr");
111 return FAILED;
112 }
113 auto proxy = iface_cast<IDataCollectManager>(object);
114 if (proxy == nullptr) {
115 SGLOGE("proxy is null");
116 return FAILED;
117 }
118 return proxy->QuerySecurityEventConfig(result);
119 }
120
OnRemoteDied(const wptr<IRemoteObject> & remote)121 void DataCollectManager::DeathRecipient::OnRemoteDied(const wptr<IRemoteObject> &remote)
122 {
123 if (remote == nullptr) {
124 SGLOGE("remote object is nullptr");
125 return;
126 }
127 sptr<IRemoteObject> object = remote.promote();
128 if (object == nullptr) {
129 SGLOGE("object is nullptr");
130 return;
131 }
132 object->RemoveDeathRecipient(this);
133 DataCollectManager::GetInstance().HandleDecipient();
134 }
135
HandleDecipient()136 void DataCollectManager::HandleDecipient()
137 {
138 std::set<std::shared_ptr<SecurityCollector::ICollectorSubscriber>> tmp {};
139 {
140 std::lock_guard<std::mutex> lock(mutex_);
141 if (count_ >= MAX_RESUB_COUNTS) {
142 SGLOGE("reSubscriber too many times");
143 return;
144 }
145 if (callback_ == nullptr) {
146 SGLOGE("callback is nullptr");
147 return;
148 }
149 subscribers_.swap(tmp);
150 }
151 // wait sg start up
152 sleep(1);
153 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
154 if (registry == nullptr) {
155 SGLOGE("GetSystemAbilityManager error");
156 return;
157 }
158 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
159 auto proxy = iface_cast<IDataCollectManager>(object);
160 if (proxy == nullptr) {
161 SGLOGE("proxy is null");
162 return;
163 }
164 if (deathRecipient_ == nullptr || !object->AddDeathRecipient(deathRecipient_)) {
165 SGLOGE("Failed to add death recipient");
166 return;
167 }
168 for (const auto &iter : tmp) {
169 int32_t ret = Subscribe(iter);
170 if (ret != SUCCESS) {
171 SGLOGE("ReSubscribe fail, ret=%{public}d", ret);
172 }
173 }
174 {
175 std::lock_guard<std::mutex> lock(mutex_);
176 count_++;
177 }
178 }
179
Subscribe(const std::shared_ptr<SecurityCollector::ICollectorSubscriber> & subscriber)180 int32_t DataCollectManager::Subscribe(const std::shared_ptr<SecurityCollector::ICollectorSubscriber> &subscriber)
181 {
182 SGLOGI("enter DataCollectManager Subscribe");
183 std::lock_guard<std::mutex> lock(mutex_);
184 if (subscriber == nullptr) {
185 SGLOGE("subscriber is nullptr");
186 return NULL_OBJECT;
187 }
188 if (callback_ == nullptr) {
189 SGLOGE("callback is null");
190 return NULL_OBJECT;
191 }
192 if (subscribers_.count(subscriber) != 0) {
193 SGLOGE("Already subscribed");
194 return BAD_PARAM;
195 }
196 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
197 if (registry == nullptr) {
198 SGLOGE("GetSystemAbilityManager error");
199 return NULL_OBJECT;
200 }
201 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
202 auto proxy = iface_cast<IDataCollectManager>(object);
203 if (proxy == nullptr) {
204 SGLOGE("proxy is null");
205 return NULL_OBJECT;
206 }
207 if (deathRecipient_ == nullptr) {
208 deathRecipient_ = new (std::nothrow) DeathRecipient();
209 if (deathRecipient_ == nullptr) {
210 SGLOGE("deathRecipient_ is nullptr.");
211 return NULL_OBJECT;
212 }
213 if (!object->AddDeathRecipient(deathRecipient_)) {
214 SGLOGE("Failed to add death recipient");
215 }
216 }
217 if (!IsCurrentSubscriberEventIdExist(subscriber)) {
218 int32_t ret = proxy->Subscribe(subscriber->GetSubscribeInfo(), callback_);
219 if (ret != SUCCESS) {
220 SGLOGI("Subscribe result, ret=%{public}d", ret);
221 return ret;
222 }
223 }
224 subscribers_.insert(subscriber);
225 SGLOGI("current subscrbe size %{public}zu", subscribers_.size());
226 return SUCCESS;
227 }
228
Unsubscribe(const std::shared_ptr<SecurityCollector::ICollectorSubscriber> & subscriber)229 int32_t DataCollectManager::Unsubscribe(const std::shared_ptr<SecurityCollector::ICollectorSubscriber> &subscriber)
230 {
231 SGLOGI("enter DataCollectManager UnSubscribe");
232 std::lock_guard<std::mutex> lock(mutex_);
233 if (subscriber == nullptr) {
234 SGLOGE("subscriber is nullptr");
235 return NULL_OBJECT;
236 }
237 if (callback_ == nullptr) {
238 SGLOGE("callback is null");
239 return NULL_OBJECT;
240 }
241 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
242 if (registry == nullptr) {
243 SGLOGE("GetSystemAbilityManager error");
244 return NULL_OBJECT;
245 }
246
247 if (subscribers_.count(subscriber) == 0) {
248 SGLOGE("Not subscribed");
249 return BAD_PARAM;
250 }
251
252 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
253 auto proxy = iface_cast<IDataCollectManager>(object);
254 if (proxy == nullptr) {
255 SGLOGE("proxy is null");
256 return NULL_OBJECT;
257 }
258 subscribers_.erase(subscriber);
259 if (!IsCurrentSubscriberEventIdExist(subscriber)) {
260 int32_t ret = proxy->Unsubscribe(subscriber->GetSubscribeInfo(), callback_);
261 if (ret != SUCCESS) {
262 subscribers_.insert(subscriber);
263 return ret;
264 }
265 SGLOGI("Unsubscribe result, ret=%{public}d", ret);
266 }
267 SGLOGI("current subscrbe size %{public}zu", subscribers_.size());
268 return SUCCESS;
269 }
270
IsCurrentSubscriberEventIdExist(const std::shared_ptr<SecurityCollector::ICollectorSubscriber> & sub)271 bool DataCollectManager::IsCurrentSubscriberEventIdExist(
272 const std::shared_ptr<SecurityCollector::ICollectorSubscriber> &sub)
273 {
274 for (const auto &i : subscribers_) {
275 if (i->GetSubscribeInfo().GetEvent().eventId == sub->GetSubscribeInfo().GetEvent().eventId) {
276 return true;
277 }
278 }
279 return false;
280 }
281
Mute(const std::shared_ptr<EventMuteFilter> & subscribeMute)282 int32_t DataCollectManager::Mute(const std::shared_ptr<EventMuteFilter> &subscribeMute)
283 {
284 SGLOGI("enter DataCollectManager Mute");
285 std::lock_guard<std::mutex> lock(mutex_);
286 if (subscribeMute == nullptr) {
287 SGLOGE("subscriber is nullptr");
288 return NULL_OBJECT;
289 }
290 if (callback_ == nullptr) {
291 SGLOGE("callback is null");
292 return NULL_OBJECT;
293 }
294 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
295 if (registry == nullptr) {
296 SGLOGE("GetSystemAbilityManager error");
297 return NULL_OBJECT;
298 }
299 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
300 auto proxy = iface_cast<IDataCollectManager>(object);
301 if (proxy == nullptr) {
302 SGLOGE("proxy is null");
303 return NULL_OBJECT;
304 }
305 SecurityEventFilter filter(*subscribeMute);
306 int32_t ret = proxy->Mute(filter, callback_, sdkFlag_);
307 if (ret != SUCCESS) {
308 return ret;
309 }
310 subscribeMutes_.insert(subscribeMute);
311 return 0;
312 }
313
Unmute(const std::shared_ptr<EventMuteFilter> & subscribeMute)314 int32_t DataCollectManager::Unmute(const std::shared_ptr<EventMuteFilter> &subscribeMute)
315 {
316 SGLOGI("enter DataCollectManager Unmute");
317 std::lock_guard<std::mutex> lock(mutex_);
318 if (subscribeMute == nullptr) {
319 SGLOGE("subscriber is nullptr");
320 return NULL_OBJECT;
321 }
322 if (callback_ == nullptr) {
323 SGLOGE("callback is null");
324 return NULL_OBJECT;
325 }
326 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
327 if (registry == nullptr) {
328 SGLOGE("GetSystemAbilityManager error");
329 return NULL_OBJECT;
330 }
331 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
332 auto proxy = iface_cast<IDataCollectManager>(object);
333 if (proxy == nullptr) {
334 SGLOGE("proxy is null");
335 return NULL_OBJECT;
336 }
337 SecurityEventFilter filter(*subscribeMute);
338 int32_t ret = proxy->Unmute(filter, callback_, sdkFlag_);
339 if (ret != SUCCESS) {
340 return ret;
341 }
342 subscribeMutes_.erase(subscribeMute);
343 return 0;
344 }
345
ReportSecurityEvent(const std::shared_ptr<EventInfo> & info,bool isSync)346 int32_t DataCollectManager::ReportSecurityEvent(const std::shared_ptr<EventInfo> &info, bool isSync)
347 {
348 SGLOGD("enter DataCollectManager ReportSecurityEvent");
349 if (info == nullptr) {
350 return BAD_PARAM;
351 }
352 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
353 if (registry == nullptr) {
354 SGLOGE("GetSystemAbilityManager error");
355 return NULL_OBJECT;
356 }
357 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
358 auto proxy = iface_cast<IDataCollectManager>(object);
359 if (proxy == nullptr) {
360 SGLOGE("proxy is null");
361 return NULL_OBJECT;
362 }
363
364 int64_t eventId = info->GetEventId();
365 std::string version = info->GetVersion();
366 std::string content = info->GetContent();
367 std::string date = SecurityGuardUtils::GetDate();
368 int32_t ret = proxy->RequestDataSubmit(eventId, version, date, content, isSync);
369 if (ret != SUCCESS) {
370 SGLOGE("RequestSecurityInfo error, ret=%{public}d", ret);
371 return ret;
372 }
373 return SUCCESS;
374 }
375
SecurityGuardConfigUpdate(int32_t fd,const std::string & name)376 int32_t DataCollectManager::SecurityGuardConfigUpdate(int32_t fd, const std::string &name)
377 {
378 SGLOGI("enter DataCollectManager SecurityGuardConfigUpdate");
379 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
380 if (registry == nullptr) {
381 SGLOGE("GetSystemAbilityManager error");
382 return NULL_OBJECT;
383 }
384 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
385 auto proxy = iface_cast<IDataCollectManager>(object);
386 if (proxy == nullptr) {
387 SGLOGE("proxy is null");
388 return NULL_OBJECT;
389 }
390 SecurityGuard::SecurityConfigUpdateInfo updateInfo(fd, name);
391 int32_t ret = proxy->ConfigUpdate(updateInfo);
392 if (ret != SUCCESS) {
393 SGLOGE("ConfigUpdate error, ret=%{public}d", ret);
394 return ret;
395 }
396 return SUCCESS;
397 }
398
StartCollector(const SecurityCollector::Event & event,int64_t duration)399 int32_t DataCollectManager::StartCollector(const SecurityCollector::Event &event,
400 int64_t duration)
401 {
402 SGLOGI("enter DataCollectManager StartCollector");
403 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
404 if (registry == nullptr) {
405 SGLOGE("GetSystemAbilityManager error");
406 return NULL_OBJECT;
407 }
408
409 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
410 auto proxy = iface_cast<DataCollectManagerProxy>(object);
411 if (proxy == nullptr) {
412 SGLOGE("proxy is null");
413 return NULL_OBJECT;
414 }
415
416 SecurityCollector::SecurityCollectorSubscribeInfo subscriberInfo{event, duration, true};
417 sptr<SecurityCollector::SecurityCollectorManagerCallbackService> callback =
418 new (std::nothrow) SecurityCollector::SecurityCollectorManagerCallbackService(nullptr);
419 if (callback == nullptr) {
420 SGLOGE("callback is null");
421 return NULL_OBJECT;
422 }
423
424 int32_t ret = proxy->CollectorStart(subscriberInfo, callback);
425 SGLOGI("StartCollector result, ret=%{public}d", ret);
426 return ret;
427 }
428
StopCollector(const SecurityCollector::Event & event)429 int32_t DataCollectManager::StopCollector(const SecurityCollector::Event &event)
430 {
431 SGLOGI("in DataCollectManager StopCollector");
432 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
433 if (registry == nullptr) {
434 SGLOGE("GetSystemAbilityManager error");
435 return NULL_OBJECT;
436 }
437
438 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
439 auto proxy = iface_cast<DataCollectManagerProxy>(object);
440 if (proxy == nullptr) {
441 SGLOGE("proxy is null");
442 return NULL_OBJECT;
443 }
444
445 SecurityCollector::SecurityCollectorSubscribeInfo subscriberInfo{event, -1, true};
446 sptr<SecurityCollector::SecurityCollectorManagerCallbackService> callback =
447 new (std::nothrow) SecurityCollector::SecurityCollectorManagerCallbackService(nullptr);
448 if (callback == nullptr) {
449 SGLOGE("callback is null");
450 return NULL_OBJECT;
451 }
452
453 int32_t ret = proxy->CollectorStop(subscriberInfo, callback);
454 SGLOGI("StopCollector result, ret=%{public}d", ret);
455 return ret;
456 }
457
RequestSecurityEventInfo(std::string & devId,std::string & eventList,RequestRiskDataCallback callback)458 int32_t DataCollectManager::RequestSecurityEventInfo(std::string &devId, std::string &eventList,
459 RequestRiskDataCallback callback)
460 {
461 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
462 if (registry == nullptr) {
463 SGLOGE("GetSystemAbilityManager error");
464 return NULL_OBJECT;
465 }
466
467 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
468 auto proxy = iface_cast<DataCollectManagerProxy>(object);
469 if (proxy == nullptr) {
470 SGLOGE("proxy is null");
471 return NULL_OBJECT;
472 }
473
474 auto obj = new (std::nothrow) DataCollectManagerCallbackService(callback);
475 if (obj == nullptr) {
476 SGLOGE("stub is null");
477 return NULL_OBJECT;
478 }
479 int32_t ret = proxy->RequestRiskData(devId, eventList, obj);
480 if (ret != 0) {
481 SGLOGE("RequestSecurityEventInfo error, ret=%{public}d", ret);
482 return ret;
483 }
484 return SUCCESS;
485 }
486 }