1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "bundle_install_checker.h"
17
18 #include "app_log_tag_wrapper.h"
19 #include "bms_extension_data_mgr.h"
20 #include "bundle_mgr_service.h"
21 #include "bundle_parser.h"
22 #include "bundle_permission_mgr.h"
23 #include "parameter.h"
24 #include "parameters.h"
25 #include "privilege_extension_ability_type.h"
26 #include "scope_guard.h"
27 #include "systemcapability.h"
28
29 namespace OHOS {
30 namespace AppExecFwk {
31 namespace {
32 constexpr const char* PRIVILEGE_ALLOW_APP_DATA_NOT_CLEARED = "AllowAppDataNotCleared";
33 constexpr const char* PRIVILEGE_ALLOW_APP_MULTI_PROCESS = "AllowAppMultiProcess";
34 constexpr const char* PRIVILEGE_ALLOW_APP_DESKTOP_ICON_HIDE = "AllowAppDesktopIconHide";
35 constexpr const char* PRIVILEGE_ALLOW_ABILITY_PRIORITY_QUERIED = "AllowAbilityPriorityQueried";
36 constexpr const char* PRIVILEGE_ALLOW_ABILITY_EXCLUDE_FROM_MISSIONS = "AllowAbilityExcludeFromMissions";
37 constexpr const char* PRIVILEGE_ALLOW_MISSION_NOT_CLEARED = "AllowMissionNotCleared";
38 constexpr const char* PRIVILEGE_ALLOW_APP_USE_PRIVILEGE_EXTENSION = "AllowAppUsePrivilegeExtension";
39 constexpr const char* PRIVILEGE_ALLOW_FORM_VISIBLE_NOTIFY = "AllowFormVisibleNotify";
40 constexpr const char* PRIVILEGE_ALLOW_APP_SHARE_LIBRARY = "AllowAppShareLibrary";
41 constexpr const char* PRIVILEGE_ALLOW_ENABLE_NOTIFICATION = "AllowEnableNotification";
42 constexpr const char* ALLOW_APP_DATA_NOT_CLEARED = "allowAppDataNotCleared";
43 constexpr const char* ALLOW_APP_MULTI_PROCESS = "allowAppMultiProcess";
44 constexpr const char* ALLOW_APP_DESKTOP_ICON_HIDE = "allowAppDesktopIconHide";
45 constexpr const char* ALLOW_ABILITY_PRIORITY_QUERIED = "allowAbilityPriorityQueried";
46 constexpr const char* ALLOW_ABILITY_EXCLUDE_FROM_MISSIONS = "allowAbilityExcludeFromMissions";
47 constexpr const char* ALLOW_MISSION_NOT_CLEARED = "allowMissionNotCleared";
48 constexpr const char* ALLOW_APP_USE_PRIVILEGE_EXTENSION = "allowAppUsePrivilegeExtension";
49 constexpr const char* ALLOW_FORM_VISIBLE_NOTIFY = "allowFormVisibleNotify";
50 constexpr const char* ALLOW_APP_SHARE_LIBRARY = "allowAppShareLibrary";
51 constexpr const char* ALLOW_ENABLE_NOTIFICATION = "allowEnableNotification";
52 constexpr const char* APL_NORMAL = "normal";
53 constexpr const char* SLASH = "/";
54 constexpr const char* DOUBLE_SLASH = "//";
55 constexpr const char* SUPPORT_ISOLATION_MODE = "persist.bms.supportIsolationMode";
56 constexpr const char* VALUE_TRUE = "true";
57 constexpr const char* VALUE_TRUE_BOOL = "1";
58 constexpr const char* VALUE_FALSE = "false";
59 constexpr const char* NONISOLATION_ONLY = "nonisolationOnly";
60 constexpr const char* ISOLATION_ONLY = "isolationOnly";
61 constexpr const char* SUPPORT_APP_TYPES = "const.bms.supportAppTypes";
62 constexpr const char* SUPPORT_APP_TYPES_SEPARATOR = ",";
63 constexpr int8_t SLAH_OFFSET = 2;
64 constexpr int8_t THRESHOLD_VAL_LEN = 40;
65 constexpr const char* SYSTEM_APP_SCAN_PATH = "/system/app";
66 constexpr const char* DEVICE_TYPE_OF_DEFAULT = "default";
67 constexpr const char* DEVICE_TYPE_OF_PHONE = "phone";
68 constexpr const char* APP_INSTALL_PATH = "/data/app/el1/bundle";
69
70 const std::unordered_map<std::string, void (*)(AppPrivilegeCapability &appPrivilegeCapability)>
71 PRIVILEGE_MAP = {
72 { PRIVILEGE_ALLOW_APP_DATA_NOT_CLEARED,
__anonbe0024d70202() 73 [] (AppPrivilegeCapability &appPrivilegeCapability) {
74 appPrivilegeCapability.userDataClearable = false;
75 } },
76 { PRIVILEGE_ALLOW_APP_MULTI_PROCESS,
__anonbe0024d70302() 77 [] (AppPrivilegeCapability &appPrivilegeCapability) {
78 appPrivilegeCapability.allowMultiProcess = true;
79 } },
80 { PRIVILEGE_ALLOW_APP_DESKTOP_ICON_HIDE,
__anonbe0024d70402() 81 [] (AppPrivilegeCapability &appPrivilegeCapability) {
82 appPrivilegeCapability.hideDesktopIcon = true;
83 } },
84 { PRIVILEGE_ALLOW_ABILITY_PRIORITY_QUERIED,
__anonbe0024d70502() 85 [] (AppPrivilegeCapability &appPrivilegeCapability) {
86 appPrivilegeCapability.allowQueryPriority = true;
87 } },
88 { PRIVILEGE_ALLOW_ABILITY_EXCLUDE_FROM_MISSIONS,
__anonbe0024d70602() 89 [] (AppPrivilegeCapability &appPrivilegeCapability) {
90 appPrivilegeCapability.allowExcludeFromMissions = true;
91 } },
92 { PRIVILEGE_ALLOW_MISSION_NOT_CLEARED,
__anonbe0024d70702() 93 [] (AppPrivilegeCapability &appPrivilegeCapability) {
94 appPrivilegeCapability.allowMissionNotCleared = true;
95 } },
96 { PRIVILEGE_ALLOW_APP_USE_PRIVILEGE_EXTENSION,
__anonbe0024d70802() 97 [] (AppPrivilegeCapability &appPrivilegeCapability) {
98 appPrivilegeCapability.allowUsePrivilegeExtension = true;
99 } },
100 { PRIVILEGE_ALLOW_FORM_VISIBLE_NOTIFY,
__anonbe0024d70902() 101 [] (AppPrivilegeCapability &appPrivilegeCapability) {
102 appPrivilegeCapability.formVisibleNotify = true;
103 } },
104 { PRIVILEGE_ALLOW_APP_SHARE_LIBRARY,
__anonbe0024d70a02() 105 [] (AppPrivilegeCapability &appPrivilegeCapability) {
106 appPrivilegeCapability.appShareLibrary = true;
107 } },
108 { PRIVILEGE_ALLOW_ENABLE_NOTIFICATION,
__anonbe0024d70b02() 109 [] (AppPrivilegeCapability &appPrivilegeCapability) {
110 appPrivilegeCapability.allowEnableNotification = true;
111 } },
112 };
113
114 static std::map<std::string, AppDistributionTypeEnum> AppDistributionTypeEnumMap = {
115 { Constants::APP_DISTRIBUTION_TYPE_APP_GALLERY,
116 AppDistributionTypeEnum::APP_DISTRIBUTION_TYPE_APP_GALLERY },
117 { Constants::APP_DISTRIBUTION_TYPE_ENTERPRISE,
118 AppDistributionTypeEnum::APP_DISTRIBUTION_TYPE_ENTERPRISE },
119 { Constants::APP_DISTRIBUTION_TYPE_ENTERPRISE_NORMAL,
120 AppDistributionTypeEnum::APP_DISTRIBUTION_TYPE_ENTERPRISE_NORMAL },
121 { Constants::APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM,
122 AppDistributionTypeEnum::APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM },
123 { Constants::APP_DISTRIBUTION_TYPE_INTERNALTESTING,
124 AppDistributionTypeEnum::APP_DISTRIBUTION_TYPE_INTERNALTESTING },
125 { Constants::APP_DISTRIBUTION_TYPE_CROWDTESTING,
126 AppDistributionTypeEnum::APP_DISTRIBUTION_TYPE_CROWDTESTING },
127 };
128
GetAppDistributionType(const Security::Verify::AppDistType & type)129 std::string GetAppDistributionType(const Security::Verify::AppDistType &type)
130 {
131 auto typeIter = APP_DISTRIBUTION_TYPE_MAPS.find(type);
132 if (typeIter == APP_DISTRIBUTION_TYPE_MAPS.end()) {
133 LOG_E(BMS_TAG_INSTALLER, "wrong AppDistType");
134 return Constants::APP_DISTRIBUTION_TYPE_NONE;
135 }
136
137 return typeIter->second;
138 }
139
GetAppProvisionType(const Security::Verify::ProvisionType & type)140 std::string GetAppProvisionType(const Security::Verify::ProvisionType &type)
141 {
142 if (type == Security::Verify::ProvisionType::DEBUG) {
143 return Constants::APP_PROVISION_TYPE_DEBUG;
144 }
145
146 return Constants::APP_PROVISION_TYPE_RELEASE;
147 }
148
IsPrivilegeExtensionAbilityType(ExtensionAbilityType type)149 bool IsPrivilegeExtensionAbilityType(ExtensionAbilityType type)
150 {
151 return PRIVILEGE_EXTENSION_ABILITY_TYPE.find(type) != PRIVILEGE_EXTENSION_ABILITY_TYPE.end();
152 }
153
IsSystemExtensionAbilityType(ExtensionAbilityType type)154 bool IsSystemExtensionAbilityType(ExtensionAbilityType type)
155 {
156 return SYSTEM_EXTENSION_ABILITY_TYPE.find(type) != SYSTEM_EXTENSION_ABILITY_TYPE.end();
157 }
158 }
159
CheckSysCap(const std::vector<std::string> & bundlePaths)160 ErrCode BundleInstallChecker::CheckSysCap(const std::vector<std::string> &bundlePaths)
161 {
162 LOG_D(BMS_TAG_INSTALLER, "check hap syscaps start");
163 if (bundlePaths.empty()) {
164 LOG_NOFUNC_E(BMS_TAG_INSTALLER, "empty bundlePaths check hap syscaps fail");
165 return ERR_APPEXECFWK_INSTALL_PARAM_ERROR;
166 }
167
168 ErrCode result = ERR_OK;
169 BundleParser bundleParser;
170 for (const auto &bundlePath : bundlePaths) {
171 std::vector<std::string> bundleSysCaps;
172 result = bundleParser.ParseSysCap(bundlePath, bundleSysCaps);
173 if (result != ERR_OK) {
174 LOG_E(BMS_TAG_INSTALLER, "parse bundle syscap failed, error: %{public}d", result);
175 return result;
176 }
177
178 for (const auto &bundleSysCapItem : bundleSysCaps) {
179 LOG_D(BMS_TAG_INSTALLER, "check syscap(%{public}s)", bundleSysCapItem.c_str());
180 if (!HasSystemCapability(bundleSysCapItem.c_str())) {
181 LOG_E(BMS_TAG_INSTALLER, "check syscap failed which %{public}s is not exsit",
182 bundleSysCapItem.c_str());
183 return ERR_APPEXECFWK_INSTALL_CHECK_SYSCAP_FAILED;
184 }
185 }
186 }
187
188 LOG_D(BMS_TAG_INSTALLER, "finish check hap syscaps");
189 return result;
190 }
191
CheckMultipleHapsSignInfo(const std::vector<std::string> & bundlePaths,std::vector<Security::Verify::HapVerifyResult> & hapVerifyRes,bool readFile)192 ErrCode BundleInstallChecker::CheckMultipleHapsSignInfo(
193 const std::vector<std::string> &bundlePaths,
194 std::vector<Security::Verify::HapVerifyResult>& hapVerifyRes, bool readFile)
195 {
196 LOG_D(BMS_TAG_INSTALLER, "Check multiple haps signInfo");
197 if (bundlePaths.empty()) {
198 LOG_E(BMS_TAG_INSTALLER, "check hap sign info failed due to empty bundlePaths");
199 return ERR_APPEXECFWK_INSTALL_PARAM_ERROR;
200 }
201 for (const std::string &bundlePath : bundlePaths) {
202 Security::Verify::HapVerifyResult hapVerifyResult;
203 ErrCode verifyRes = ERR_OK;
204 if (readFile) {
205 verifyRes = Security::Verify::HapVerify(bundlePath, hapVerifyResult, true);
206 } else {
207 verifyRes = BundleVerifyMgr::HapVerify(bundlePath, hapVerifyResult);
208 }
209 #ifndef X86_EMULATOR_MODE
210 if (verifyRes != ERR_OK) {
211 LOG_E(BMS_TAG_INSTALLER, "hap file verify failed, bundlePath: %{public}s", bundlePath.c_str());
212 return readFile ? ERR_APPEXECFWK_INSTALL_FAILED_BUNDLE_SIGNATURE_VERIFICATION_FAILURE : verifyRes;
213 }
214 #endif
215 hapVerifyRes.emplace_back(hapVerifyResult);
216 }
217
218 if (hapVerifyRes.empty()) {
219 LOG_E(BMS_TAG_INSTALLER, "no sign info in the all haps");
220 return ERR_APPEXECFWK_INSTALL_FAILED_INCOMPATIBLE_SIGNATURE;
221 }
222
223 if (!CheckProvisionInfoIsValid(hapVerifyRes)) {
224 #ifndef X86_EMULATOR_MODE
225 return ERR_APPEXECFWK_INSTALL_FAILED_INCOMPATIBLE_SIGNATURE;
226 #else
227 // on emulator if check signature failed clear appid
228 for (auto &verifyRes : hapVerifyRes) {
229 Security::Verify::ProvisionInfo provisionInfo = verifyRes.GetProvisionInfo();
230 provisionInfo.appId = Constants::EMPTY_STRING;
231 verifyRes.SetProvisionInfo(provisionInfo);
232 }
233 #endif
234 }
235 LOG_D(BMS_TAG_INSTALLER, "finish check multiple haps signInfo");
236 return ERR_OK;
237 }
238
CheckProvisionInfoIsValid(const std::vector<Security::Verify::HapVerifyResult> & hapVerifyRes)239 bool BundleInstallChecker::CheckProvisionInfoIsValid(
240 const std::vector<Security::Verify::HapVerifyResult> &hapVerifyRes)
241 {
242 auto appId = hapVerifyRes[0].GetProvisionInfo().appId;
243 auto appIdentifier = hapVerifyRes[0].GetProvisionInfo().bundleInfo.appIdentifier;
244 auto apl = hapVerifyRes[0].GetProvisionInfo().bundleInfo.apl;
245 auto appDistributionType = hapVerifyRes[0].GetProvisionInfo().distributionType;
246 auto appProvisionType = hapVerifyRes[0].GetProvisionInfo().type;
247 bool isInvalid = std::any_of(hapVerifyRes.begin(), hapVerifyRes.end(),
248 [appId, apl, appDistributionType, appProvisionType, appIdentifier](const auto &hapVerifyResult) {
249 if (appId != hapVerifyResult.GetProvisionInfo().appId) {
250 LOG_E(BMS_TAG_INSTALLER, "error: hap files have different appId");
251 return true;
252 }
253 if (apl != hapVerifyResult.GetProvisionInfo().bundleInfo.apl) {
254 LOG_E(BMS_TAG_INSTALLER, "error: hap files have different apl");
255 return true;
256 }
257 if (appDistributionType != hapVerifyResult.GetProvisionInfo().distributionType) {
258 LOG_E(BMS_TAG_INSTALLER, "error: hap files have different appDistributionType");
259 return true;
260 }
261 if (appProvisionType != hapVerifyResult.GetProvisionInfo().type) {
262 LOG_E(BMS_TAG_INSTALLER, "error: hap files have different appProvisionType");
263 return true;
264 }
265 if (appIdentifier != hapVerifyResult.GetProvisionInfo().bundleInfo.appIdentifier) {
266 LOG_E(BMS_TAG_INSTALLER, "error: hap files have different appIdentifier");
267 return true;
268 }
269 return false;
270 });
271 return !isInvalid;
272 }
273
VaildInstallPermission(const InstallParam & installParam,const std::vector<Security::Verify::HapVerifyResult> & hapVerifyRes)274 bool BundleInstallChecker::VaildInstallPermission(const InstallParam &installParam,
275 const std::vector<Security::Verify::HapVerifyResult> &hapVerifyRes)
276 {
277 PermissionStatus installBundleStatus = installParam.installBundlePermissionStatus;
278 PermissionStatus installEnterpriseBundleStatus = installParam.installEnterpriseBundlePermissionStatus;
279 PermissionStatus installEtpMdmBundleStatus = installParam.installEtpMdmBundlePermissionStatus;
280 PermissionStatus installInternaltestingBundleStatus = installParam.installInternaltestingBundlePermissionStatus;
281 bool isCallByShell = installParam.isCallByShell;
282 if (!isCallByShell && installBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS &&
283 installEnterpriseBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS &&
284 installEtpMdmBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS &&
285 installInternaltestingBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS) {
286 return true;
287 }
288 for (uint32_t i = 0; i < hapVerifyRes.size(); ++i) {
289 Security::Verify::ProvisionInfo provisionInfo = hapVerifyRes[i].GetProvisionInfo();
290 if (provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE) {
291 if (isCallByShell && provisionInfo.type != Security::Verify::ProvisionType::DEBUG) {
292 LOG_E(BMS_TAG_INSTALLER, "enterprise bundle can not be installed by shell");
293 return false;
294 }
295 if (!isCallByShell && installEnterpriseBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) {
296 LOG_E(BMS_TAG_INSTALLER, "install enterprise bundle permission denied");
297 return false;
298 }
299 continue;
300 }
301 if (provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_NORMAL ||
302 provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_MDM) {
303 bool result = VaildEnterpriseInstallPermission(installParam, provisionInfo);
304 if (!result) {
305 return false;
306 }
307 continue;
308 }
309 if (provisionInfo.distributionType == Security::Verify::AppDistType::INTERNALTESTING) {
310 if (!isCallByShell && installInternaltestingBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) {
311 LOG_E(BMS_TAG_INSTALLER, "install internaltesting bundle permission denied");
312 return false;
313 }
314 continue;
315 }
316 if (installBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) {
317 LOG_E(BMS_TAG_INSTALLER, "install permission denied");
318 return false;
319 }
320 }
321 return true;
322 }
323
VaildEnterpriseInstallPermission(const InstallParam & installParam,const Security::Verify::ProvisionInfo & provisionInfo)324 bool BundleInstallChecker::VaildEnterpriseInstallPermission(const InstallParam &installParam,
325 const Security::Verify::ProvisionInfo &provisionInfo)
326 {
327 if (installParam.isSelfUpdate) {
328 if (provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_MDM) {
329 LOG_I(BMS_TAG_INSTALLER, "Mdm self update");
330 return true;
331 }
332 LOG_E(BMS_TAG_INSTALLER, "Self update not MDM");
333 return false;
334 }
335 bool isCallByShell = installParam.isCallByShell;
336 PermissionStatus installEtpNormalBundleStatus = installParam.installEtpNormalBundlePermissionStatus;
337 PermissionStatus installEtpMdmBundleStatus = installParam.installEtpMdmBundlePermissionStatus;
338 if (isCallByShell && provisionInfo.type != Security::Verify::ProvisionType::DEBUG) {
339 LOG_E(BMS_TAG_INSTALLER, "enterprise normal/mdm bundle can not be installed by shell");
340 return false;
341 }
342 if (!isCallByShell &&
343 provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_NORMAL &&
344 installEtpNormalBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS &&
345 installEtpMdmBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) {
346 LOG_E(BMS_TAG_INSTALLER, "install enterprise normal bundle permission denied");
347 return false;
348 }
349 if (!isCallByShell &&
350 provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_MDM &&
351 installEtpMdmBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) {
352 LOG_E(BMS_TAG_INSTALLER, "install enterprise mdm bundle permission denied");
353 return false;
354 }
355 return true;
356 }
357
ParseHapFiles(const std::vector<std::string> & bundlePaths,const InstallCheckParam & checkParam,std::vector<Security::Verify::HapVerifyResult> & hapVerifyRes,std::unordered_map<std::string,InnerBundleInfo> & infos)358 ErrCode BundleInstallChecker::ParseHapFiles(
359 const std::vector<std::string> &bundlePaths,
360 const InstallCheckParam &checkParam,
361 std::vector<Security::Verify::HapVerifyResult> &hapVerifyRes,
362 std::unordered_map<std::string, InnerBundleInfo> &infos)
363 {
364 LOG_D(BMS_TAG_INSTALLER, "Parse hap file");
365 ErrCode result = ERR_OK;
366 for (uint32_t i = 0; i < bundlePaths.size(); ++i) {
367 InnerBundleInfo newInfo;
368 BundlePackInfo packInfo;
369 Security::Verify::ProvisionInfo provisionInfo = hapVerifyRes[i].GetProvisionInfo();
370 if (provisionInfo.bundleInfo.appFeature == ServiceConstants::HOS_SYSTEM_APP) {
371 newInfo.SetAppType(Constants::AppType::SYSTEM_APP);
372 } else {
373 newInfo.SetAppType(Constants::AppType::THIRD_PARTY_APP);
374 }
375 newInfo.SetIsPreInstallApp(checkParam.isPreInstallApp);
376 result = ParseBundleInfo(bundlePaths[i], newInfo, packInfo);
377 if (result != ERR_OK) {
378 LOG_E(BMS_TAG_INSTALLER, "bundle parse failed %{public}d", result);
379 return result;
380 }
381 newInfo.SetOrganization(provisionInfo.organization);
382 #ifndef X86_EMULATOR_MODE
383 result = CheckBundleName(provisionInfo.bundleInfo.bundleName, newInfo.GetBundleName());
384 if (result != ERR_OK) {
385 LOG_E(BMS_TAG_INSTALLER, "check provision bundleName failed");
386 return result;
387 }
388 #endif
389 if (newInfo.HasEntry()) {
390 if (isContainEntry_) {
391 LOG_E(BMS_TAG_INSTALLER, "more than one entry hap in the direction");
392 return ERR_APPEXECFWK_INSTALL_INVALID_NUMBER_OF_ENTRY_HAP;
393 }
394 isContainEntry_ = true;
395 }
396
397 SetEntryInstallationFree(packInfo, newInfo);
398 result = CheckMainElement(newInfo);
399 if (result != ERR_OK) {
400 return result;
401 }
402 AppPrivilegeCapability appPrivilegeCapability;
403 // from provision file
404 ParseAppPrivilegeCapability(provisionInfo, appPrivilegeCapability);
405 // form install_list_capability.json, higher priority than provision file
406 // allow appIdentifier/appId/fingerprint
407 newInfo.SetProvisionId(provisionInfo.appId);
408 std::vector<std::string> appSignatures;
409 appSignatures.emplace_back(provisionInfo.bundleInfo.appIdentifier);
410 appSignatures.emplace_back(newInfo.GetAppId());
411 appSignatures.emplace_back(provisionInfo.fingerprint);
412 FetchPrivilegeCapabilityFromPreConfig(
413 newInfo.GetBundleName(), appSignatures, appPrivilegeCapability);
414 // process bundleInfo by appPrivilegeCapability
415 result = ProcessBundleInfoByPrivilegeCapability(appPrivilegeCapability, newInfo);
416 if (result != ERR_OK) {
417 return result;
418 }
419 CollectProvisionInfo(provisionInfo, appPrivilegeCapability, newInfo);
420 #ifdef USE_PRE_BUNDLE_PROFILE
421 GetPrivilegeCapability(checkParam, newInfo);
422 #endif
423 if ((provisionInfo.distributionType == Security::Verify::AppDistType::CROWDTESTING) ||
424 (checkParam.specifiedDistributionType == Constants::APP_DISTRIBUTION_TYPE_CROWDTESTING)) {
425 newInfo.SetAppCrowdtestDeadline((checkParam.crowdtestDeadline >= 0) ? checkParam.crowdtestDeadline :
426 Constants::INHERIT_CROWDTEST_DEADLINE);
427 } else {
428 newInfo.SetAppCrowdtestDeadline(Constants::INVALID_CROWDTEST_DEADLINE);
429 }
430 if (!checkParam.isPreInstallApp) {
431 if ((result = CheckSystemSize(bundlePaths[i], checkParam.appType)) != ERR_OK) {
432 LOG_E(BMS_TAG_INSTALLER, "install failed due to insufficient disk memory");
433 return result;
434 }
435 }
436 infos.emplace(bundlePaths[i], newInfo);
437 }
438 if (!infos.empty()) {
439 const InnerBundleInfo &first = infos.begin()->second;
440 int32_t cloneNum = 0;
441 if (DetermineCloneApp(first, cloneNum)) {
442 for (auto &info : infos) {
443 MultiAppModeData multiAppMode;
444 multiAppMode.multiAppModeType = MultiAppModeType::APP_CLONE;
445 multiAppMode.maxCount = cloneNum;
446 info.second.SetMultiAppMode(multiAppMode);
447 }
448 }
449 result = CheckEnterpriseForAllUser(infos, checkParam, first.GetAppDistributionType());
450 if (result != ERR_OK) {
451 return result;
452 }
453 }
454
455 if ((result = CheckModuleNameForMulitHaps(infos)) != ERR_OK) {
456 LOG_E(BMS_TAG_INSTALLER, "install failed due to duplicated moduleName");
457 return result;
458 }
459 LOG_D(BMS_TAG_INSTALLER, "finish parse hap file");
460 return result;
461 }
462
CheckEnterpriseForAllUser(std::unordered_map<std::string,InnerBundleInfo> & infos,const InstallCheckParam & checkParam,const std::string & distributionType)463 ErrCode BundleInstallChecker::CheckEnterpriseForAllUser(std::unordered_map<std::string, InnerBundleInfo> &infos,
464 const InstallCheckParam &checkParam, const std::string &distributionType)
465 {
466 if (!checkParam.isInstalledForAllUser) {
467 return ERR_OK;
468 }
469 if (Constants::APP_DISTRIBUTION_TYPE_ENTERPRISE_NORMAL != distributionType &&
470 Constants::APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM != distributionType) {
471 LOG_W(BMS_TAG_INSTALLER, "param is true, but not enterprise bundle");
472 return ERR_OK;
473 }
474 if (!OHOS::system::GetBoolParameter(ServiceConstants::IS_ENTERPRISE_DEVICE, false)) {
475 LOG_E(BMS_TAG_INSTALLER, "not enterprise device");
476 return ERR_APPEXECFWK_INSTALL_ENTERPRISE_BUNDLE_NOT_ALLOWED;
477 }
478 for (auto &info : infos) {
479 info.second.SetInstalledForAllUser(checkParam.isInstalledForAllUser);
480 }
481 LOG_I(BMS_TAG_INSTALLER, "install enterprise bundle for all user");
482 return ERR_OK;
483 }
484
CheckHspInstallCondition(std::vector<Security::Verify::HapVerifyResult> & hapVerifyRes)485 ErrCode BundleInstallChecker::CheckHspInstallCondition(
486 std::vector<Security::Verify::HapVerifyResult> &hapVerifyRes)
487 {
488 ErrCode result = ERR_OK;
489 if ((result = CheckDeveloperMode(hapVerifyRes)) != ERR_OK) {
490 LOG_E(BMS_TAG_INSTALLER, "install failed due to debug mode");
491 return result;
492 }
493 if ((result = CheckAllowEnterpriseBundle(hapVerifyRes)) != ERR_OK) {
494 LOG_E(BMS_TAG_INSTALLER, "install failed due to non-enterprise device");
495 return result;
496 }
497 return ERR_OK;
498 }
499
CheckInstallPermission(const InstallCheckParam & checkParam,const std::vector<Security::Verify::HapVerifyResult> & hapVerifyRes)500 ErrCode BundleInstallChecker::CheckInstallPermission(const InstallCheckParam &checkParam,
501 const std::vector<Security::Verify::HapVerifyResult> &hapVerifyRes)
502 {
503 if ((checkParam.installBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS ||
504 checkParam.installEnterpriseBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS ||
505 checkParam.installEtpNormalBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS ||
506 checkParam.installInternaltestingBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS ||
507 checkParam.installEtpMdmBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS) &&
508 !VaildInstallPermissionForShare(checkParam, hapVerifyRes)) {
509 // need vaild permission
510 LOG_E(BMS_TAG_INSTALLER, "install permission denied");
511 return ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED;
512 }
513 return ERR_OK;
514 }
515
VaildInstallPermissionForShare(const InstallCheckParam & checkParam,const std::vector<Security::Verify::HapVerifyResult> & hapVerifyRes)516 bool BundleInstallChecker::VaildInstallPermissionForShare(const InstallCheckParam &checkParam,
517 const std::vector<Security::Verify::HapVerifyResult> &hapVerifyRes)
518 {
519 PermissionStatus installBundleStatus = checkParam.installBundlePermissionStatus;
520 PermissionStatus installEnterpriseBundleStatus = checkParam.installEnterpriseBundlePermissionStatus;
521 PermissionStatus installEtpMdmBundleStatus = checkParam.installEtpMdmBundlePermissionStatus;
522 PermissionStatus installInternaltestingBundleStatus = checkParam.installInternaltestingBundlePermissionStatus;
523 bool isCallByShell = checkParam.isCallByShell;
524 if (!isCallByShell && installBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS &&
525 installEnterpriseBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS &&
526 installEtpMdmBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS &&
527 installInternaltestingBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS) {
528 return true;
529 }
530 for (uint32_t i = 0; i < hapVerifyRes.size(); ++i) {
531 Security::Verify::ProvisionInfo provisionInfo = hapVerifyRes[i].GetProvisionInfo();
532 if (provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE) {
533 if (isCallByShell && provisionInfo.type != Security::Verify::ProvisionType::DEBUG) {
534 LOG_E(BMS_TAG_INSTALLER, "enterprise bundle can not be installed by shell");
535 return false;
536 }
537 if (!isCallByShell && installEnterpriseBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) {
538 LOG_E(BMS_TAG_INSTALLER, "install enterprise bundle permission denied");
539 return false;
540 }
541 continue;
542 }
543 if (provisionInfo.distributionType == Security::Verify::AppDistType::INTERNALTESTING) {
544 if (!isCallByShell && installInternaltestingBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) {
545 LOG_E(BMS_TAG_INSTALLER, "install internaltesting bundle permission denied");
546 return false;
547 }
548 continue;
549 }
550 if (provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_NORMAL ||
551 provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_MDM) {
552 bool result = VaildEnterpriseInstallPermissionForShare(checkParam, provisionInfo);
553 if (!result) {
554 return false;
555 }
556 continue;
557 }
558 if (installBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) {
559 LOG_E(BMS_TAG_INSTALLER, "install permission denied");
560 return false;
561 }
562 }
563 return true;
564 }
565
VaildEnterpriseInstallPermissionForShare(const InstallCheckParam & checkParam,const Security::Verify::ProvisionInfo & provisionInfo)566 bool BundleInstallChecker::VaildEnterpriseInstallPermissionForShare(const InstallCheckParam &checkParam,
567 const Security::Verify::ProvisionInfo &provisionInfo)
568 {
569 bool isCallByShell = checkParam.isCallByShell;
570 PermissionStatus installEtpNormalBundleStatus = checkParam.installEtpNormalBundlePermissionStatus;
571 PermissionStatus installEtpMdmBundleStatus = checkParam.installEtpMdmBundlePermissionStatus;
572 if (isCallByShell && provisionInfo.type != Security::Verify::ProvisionType::DEBUG) {
573 LOG_E(BMS_TAG_INSTALLER, "enterprise normal/mdm bundle can not be installed by shell");
574 return false;
575 }
576 if (!isCallByShell &&
577 provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_NORMAL &&
578 installEtpNormalBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS &&
579 installEtpMdmBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) {
580 LOG_E(BMS_TAG_INSTALLER, "install enterprise normal bundle permission denied");
581 return false;
582 }
583 if (!isCallByShell &&
584 provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_MDM &&
585 installEtpMdmBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) {
586 LOG_E(BMS_TAG_INSTALLER, "install enterprise mdm bundle permission denied");
587 return false;
588 }
589 return true;
590 }
591
CheckDependency(std::unordered_map<std::string,InnerBundleInfo> & infos)592 ErrCode BundleInstallChecker::CheckDependency(std::unordered_map<std::string, InnerBundleInfo> &infos)
593 {
594 LOG_D(BMS_TAG_INSTALLER, "CheckDependency");
595
596 for (const auto &info : infos) {
597 if (info.second.GetInnerModuleInfos().empty()) {
598 LOG_D(BMS_TAG_INSTALLER, "GetInnerModuleInfos is empty");
599 continue;
600 }
601 // There is only one innerModuleInfo when installing
602 InnerModuleInfo moduleInfo = info.second.GetInnerModuleInfos().begin()->second;
603 LOG_D(BMS_TAG_INSTALLER, "current module:%{public}s, dependencies = %{public}s", moduleInfo.moduleName.c_str(),
604 GetJsonStrFromInfo(moduleInfo.dependencies).c_str());
605 for (const auto &dependency : moduleInfo.dependencies) {
606 if (!NeedCheckDependency(dependency, info.second)) {
607 LOG_D(BMS_TAG_INSTALLER, "deliveryWithInstall is false, do not check whether the dependency exists");
608 continue;
609 }
610 std::string bundleName =
611 dependency.bundleName.empty() ? info.second.GetBundleName() : dependency.bundleName;
612 if (FindModuleInInstallingPackage(dependency.moduleName, bundleName, infos)) {
613 continue;
614 }
615 LOG_W(BMS_TAG_INSTALLER, "The depend module:%{public}s is not exist in installing package",
616 dependency.moduleName.c_str());
617 if (!FindModuleInInstalledPackage(dependency.moduleName, bundleName, info.second.GetVersionCode())) {
618 LOG_E(BMS_TAG_INSTALLER, "The depend :%{public}s is not exist", dependency.moduleName.c_str());
619 SetCheckResultMsg(
620 moduleInfo.moduleName + "'s dependent module: " + dependency.moduleName + " does not exist");
621 return ERR_APPEXECFWK_INSTALL_DEPENDENT_MODULE_NOT_EXIST;
622 }
623 }
624 }
625
626 return ERR_OK;
627 }
628
NeedCheckDependency(const Dependency & dependency,const InnerBundleInfo & info)629 bool BundleInstallChecker::NeedCheckDependency(const Dependency &dependency, const InnerBundleInfo &info)
630 {
631 LOG_D(BMS_TAG_INSTALLER, "NeedCheckDependency the moduleName is %{public}s, the bundleName is %{public}s",
632 dependency.moduleName.c_str(), dependency.bundleName.c_str());
633
634 if (!dependency.bundleName.empty() && dependency.bundleName != info.GetBundleName()) {
635 LOG_D(BMS_TAG_INSTALLER, "Cross-app dependencies, check dependency with shared bundle installer");
636 return false;
637 }
638 std::vector<PackageModule> modules = info.GetBundlePackInfo().summary.modules;
639 if (modules.empty()) {
640 LOG_D(BMS_TAG_INSTALLER, "NeedCheckDependency modules is empty, need check dependency");
641 return true;
642 }
643 for (const auto &module : modules) {
644 if (module.distro.moduleName == dependency.moduleName) {
645 return module.distro.deliveryWithInstall;
646 }
647 }
648
649 LOG_D(BMS_TAG_INSTALLER, "NeedCheckDependency the module not found, need check dependency");
650 return true;
651 }
652
FindModuleInInstallingPackage(const std::string & moduleName,const std::string & bundleName,const std::unordered_map<std::string,InnerBundleInfo> & infos)653 bool BundleInstallChecker::FindModuleInInstallingPackage(
654 const std::string &moduleName,
655 const std::string &bundleName,
656 const std::unordered_map<std::string, InnerBundleInfo> &infos)
657 {
658 LOG_D(BMS_TAG_INSTALLER, "moduleName is %{public}s, the bundleName is %{public}s",
659 moduleName.c_str(), bundleName.c_str());
660 for (const auto &info : infos) {
661 if (info.second.GetBundleName() == bundleName) {
662 if (info.second.GetInnerModuleInfos().empty()) {
663 continue;
664 }
665 // There is only one innerModuleInfo when installing
666 InnerModuleInfo moduleInfo = info.second.GetInnerModuleInfos().begin()->second;
667 if (moduleInfo.moduleName == moduleName) {
668 return true;
669 }
670 }
671 }
672 return false;
673 }
674
FindModuleInInstalledPackage(const std::string & moduleName,const std::string & bundleName,uint32_t versionCode)675 bool BundleInstallChecker::FindModuleInInstalledPackage(
676 const std::string &moduleName,
677 const std::string &bundleName,
678 uint32_t versionCode)
679 {
680 LOG_D(BMS_TAG_INSTALLER, "FindModuleInInstalledPackage the moduleName is %{public}s, the bundleName is %{public}s",
681 moduleName.c_str(), bundleName.c_str());
682 std::shared_ptr<BundleDataMgr> dataMgr = DelayedSingleton<BundleMgrService>::GetInstance()->GetDataMgr();
683 if (dataMgr == nullptr) {
684 LOG_E(BMS_TAG_INSTALLER, "Get dataMgr shared_ptr nullptr");
685 return false;
686 }
687
688 ScopeGuard enableGuard([&dataMgr, &bundleName] { dataMgr->EnableBundle(bundleName); });
689 InnerBundleInfo bundleInfo;
690 bool isBundleExist = dataMgr->FetchInnerBundleInfo(bundleName, bundleInfo);
691 if (!isBundleExist) {
692 LOG_E(BMS_TAG_INSTALLER, "the bundle: %{public}s is not install", bundleName.c_str());
693 return false;
694 }
695 if (!bundleInfo.FindModule(moduleName)) {
696 LOG_E(BMS_TAG_INSTALLER, "the module: %{public}s is not install", moduleName.c_str());
697 return false;
698 }
699 if (bundleInfo.GetVersionCode() != versionCode) {
700 LOG_E(BMS_TAG_INSTALLER, "the versionCode %{public}d of dependency is not consistent with the installed module",
701 bundleInfo.GetVersionCode());
702 return false;
703 }
704 return true;
705 }
706
CheckBundleName(const std::string & provisionBundleName,const std::string & bundleName)707 ErrCode BundleInstallChecker::CheckBundleName(const std::string &provisionBundleName, const std::string &bundleName)
708 {
709 LOG_D(BMS_TAG_INSTALLER, "CheckBundleName provisionBundleName:%{public}s, bundleName:%{public}s",
710 provisionBundleName.c_str(), bundleName.c_str());
711 if (provisionBundleName.empty() || bundleName.empty()) {
712 LOG_E(BMS_TAG_INSTALLER, "CheckBundleName provisionBundleName:%{public}s, bundleName:%{public}s failed",
713 provisionBundleName.c_str(), bundleName.c_str());
714 return ERR_APPEXECFWK_INSTALL_FAILED_BUNDLE_SIGNATURE_VERIFICATION_FAILURE;
715 }
716 if (provisionBundleName == bundleName) {
717 return ERR_OK;
718 }
719 LOG_E(BMS_TAG_INSTALLER, "CheckBundleName failed provisionBundleName:%{public}s, bundleName:%{public}s",
720 provisionBundleName.c_str(), bundleName.c_str());
721 return ERR_APPEXECFWK_INSTALL_FAILED_BUNDLE_SIGNATURE_VERIFICATION_FAILURE;
722 }
723
CollectProvisionInfo(const Security::Verify::ProvisionInfo & provisionInfo,const AppPrivilegeCapability & appPrivilegeCapability,InnerBundleInfo & newInfo)724 void BundleInstallChecker::CollectProvisionInfo(
725 const Security::Verify::ProvisionInfo &provisionInfo,
726 const AppPrivilegeCapability &appPrivilegeCapability,
727 InnerBundleInfo &newInfo)
728 {
729 newInfo.SetProvisionId(provisionInfo.appId);
730 newInfo.SetAppFeature(provisionInfo.bundleInfo.appFeature);
731 newInfo.SetAppPrivilegeLevel(provisionInfo.bundleInfo.apl);
732 newInfo.SetAllowedAcls(provisionInfo.acls.allowedAcls);
733 newInfo.SetCertificateFingerprint(provisionInfo.fingerprint);
734 newInfo.SetAppDistributionType(GetAppDistributionType(provisionInfo.distributionType));
735 newInfo.SetAppProvisionType(GetAppProvisionType(provisionInfo.type));
736 SetAppProvisionMetadata(provisionInfo.metadatas, newInfo);
737 #ifdef USE_PRE_BUNDLE_PROFILE
738 newInfo.SetUserDataClearable(appPrivilegeCapability.userDataClearable);
739 newInfo.SetHideDesktopIcon(appPrivilegeCapability.hideDesktopIcon);
740 newInfo.SetFormVisibleNotify(appPrivilegeCapability.formVisibleNotify);
741 newInfo.SetAllowMultiProcess(appPrivilegeCapability.allowMultiProcess);
742 #endif
743 newInfo.AddOldAppId(newInfo.GetAppId());
744 newInfo.SetAppIdentifier(provisionInfo.bundleInfo.appIdentifier);
745 if (provisionInfo.type == Security::Verify::ProvisionType::DEBUG) {
746 newInfo.SetCertificate(provisionInfo.bundleInfo.developmentCertificate);
747 } else {
748 newInfo.SetCertificate(provisionInfo.bundleInfo.distributionCertificate);
749 }
750 }
751
SetAppProvisionMetadata(const std::vector<Security::Verify::Metadata> & provisionMetadatas,InnerBundleInfo & newInfo)752 void BundleInstallChecker::SetAppProvisionMetadata(const std::vector<Security::Verify::Metadata> &provisionMetadatas,
753 InnerBundleInfo &newInfo)
754 {
755 if (provisionMetadatas.empty()) {
756 LOG_E(BMS_TAG_INSTALLER, "provisionMetadatas is empty");
757 return;
758 }
759 std::vector<Metadata> metadatas;
760 for (const auto &it : provisionMetadatas) {
761 Metadata metadata;
762 metadata.name = it.name;
763 metadata.value = it.value;
764 metadatas.emplace_back(metadata);
765 }
766 newInfo.SetAppProvisionMetadata(metadatas);
767 }
768
GetPrivilegeCapability(const InstallCheckParam & checkParam,InnerBundleInfo & newInfo)769 void BundleInstallChecker::GetPrivilegeCapability(
770 const InstallCheckParam &checkParam, InnerBundleInfo &newInfo)
771 {
772 // Reset privilege capability
773 newInfo.SetKeepAlive(false);
774 newInfo.SetSingleton(false);
775
776 newInfo.SetRemovable(checkParam.removable);
777 PreBundleConfigInfo preBundleConfigInfo;
778 preBundleConfigInfo.bundleName = newInfo.GetBundleName();
779 if (!BMSEventHandler::GetPreInstallCapability(preBundleConfigInfo)) {
780 LOG_D(BMS_TAG_INSTALLER, "%{public}s not exist in preinstall capability list", newInfo.GetBundleName().c_str());
781 return;
782 }
783
784 if (!MatchSignature(preBundleConfigInfo.appSignature, newInfo.GetCertificateFingerprint()) &&
785 !MatchSignature(preBundleConfigInfo.appSignature, newInfo.GetAppId()) &&
786 !MatchSignature(preBundleConfigInfo.appSignature, newInfo.GetAppIdentifier()) &&
787 !MatchOldSignatures(newInfo.GetBundleName(), preBundleConfigInfo.appSignature)) {
788 LOG_E(BMS_TAG_INSTALLER, "%{public}s signature not match the capability list", newInfo.GetBundleName().c_str());
789 return;
790 }
791
792 newInfo.SetKeepAlive(preBundleConfigInfo.keepAlive);
793 newInfo.SetSingleton(preBundleConfigInfo.singleton);
794 newInfo.SetRunningResourcesApply(preBundleConfigInfo.runningResourcesApply);
795 newInfo.SetAssociatedWakeUp(preBundleConfigInfo.associatedWakeUp);
796 newInfo.SetAllowCommonEvent(preBundleConfigInfo.allowCommonEvent);
797 newInfo.SetResourcesApply(preBundleConfigInfo.resourcesApply);
798 newInfo.SetAllowAppRunWhenDeviceFirstLocked(preBundleConfigInfo.allowAppRunWhenDeviceFirstLocked);
799 newInfo.SetAllowEnableNotification(preBundleConfigInfo.allowEnableNotification);
800 }
801
SetPackInstallationFree(BundlePackInfo & bundlePackInfo,const InnerBundleInfo & innerBundleInfo) const802 void BundleInstallChecker::SetPackInstallationFree(BundlePackInfo &bundlePackInfo,
803 const InnerBundleInfo &innerBundleInfo) const
804 {
805 if (innerBundleInfo.GetIsNewVersion()) {
806 if (innerBundleInfo.GetApplicationBundleType() != BundleType::ATOMIC_SERVICE) {
807 for (auto &item : bundlePackInfo.summary.modules) {
808 item.distro.installationFree = false;
809 }
810 return;
811 }
812 for (auto &item : bundlePackInfo.summary.modules) {
813 item.distro.installationFree = true;
814 }
815 }
816 }
817
ParseBundleInfo(const std::string & bundleFilePath,InnerBundleInfo & info,BundlePackInfo & packInfo) const818 ErrCode BundleInstallChecker::ParseBundleInfo(
819 const std::string &bundleFilePath,
820 InnerBundleInfo &info,
821 BundlePackInfo &packInfo) const
822 {
823 BundleParser bundleParser;
824 ErrCode result = bundleParser.Parse(bundleFilePath, info);
825 if (result != ERR_OK) {
826 LOG_E(BMS_TAG_INSTALLER, "parse bundle info failed, error: %{public}d", result);
827 return result;
828 }
829
830 const auto extensions = info.GetInnerExtensionInfos();
831 for (const auto &item : extensions) {
832 if (item.second.type == ExtensionAbilityType::UNSPECIFIED &&
833 !BMSEventHandler::CheckExtensionTypeInConfig(item.second.extensionTypeName)) {
834 LOG_W(BMS_TAG_INSTALLER, "Parse error, There is no corresponding type in the configuration");
835 }
836 }
837
838 if (!packInfo.GetValid()) {
839 result = bundleParser.ParsePackInfo(bundleFilePath, packInfo);
840 if (result != ERR_OK) {
841 LOG_E(BMS_TAG_INSTALLER, "parse bundle pack info failed, error: %{public}d", result);
842 return result;
843 }
844
845 SetPackInstallationFree(packInfo, info);
846 info.SetBundlePackInfo(packInfo);
847 packInfo.SetValid(true);
848 }
849
850 return ERR_OK;
851 }
852
SetEntryInstallationFree(const BundlePackInfo & bundlePackInfo,InnerBundleInfo & innerBundleInfo)853 void BundleInstallChecker::SetEntryInstallationFree(
854 const BundlePackInfo &bundlePackInfo,
855 InnerBundleInfo &innerBundleInfo)
856 {
857 if (!bundlePackInfo.GetValid()) {
858 LOG_W(BMS_TAG_INSTALLER, "no pack.info in the hap file");
859 return;
860 }
861
862 auto packageModule = bundlePackInfo.summary.modules;
863 auto installationFree = std::any_of(packageModule.begin(), packageModule.end(), [&](const auto &module) {
864 return module.distro.moduleType == "entry" && module.distro.installationFree;
865 });
866 if (installationFree) {
867 LOG_I(BMS_TAG_INSTALLER, "install or update hm service");
868 }
869 if (innerBundleInfo.GetIsNewVersion()) {
870 installationFree = innerBundleInfo.GetApplicationBundleType() == BundleType::ATOMIC_SERVICE;
871 }
872
873 innerBundleInfo.SetEntryInstallationFree(installationFree);
874 if (installationFree && !innerBundleInfo.GetIsNewVersion()) {
875 innerBundleInfo.SetApplicationBundleType(BundleType::ATOMIC_SERVICE);
876 }
877 }
878
CheckSystemSize(const std::string & bundlePath,const Constants::AppType appType) const879 ErrCode BundleInstallChecker::CheckSystemSize(
880 const std::string &bundlePath,
881 const Constants::AppType appType) const
882 {
883 if ((appType == Constants::AppType::SYSTEM_APP) &&
884 (BundleUtil::CheckSystemSize(bundlePath, APP_INSTALL_PATH))) {
885 return ERR_OK;
886 }
887
888 if ((appType == Constants::AppType::THIRD_SYSTEM_APP) &&
889 (BundleUtil::CheckSystemSize(bundlePath, APP_INSTALL_PATH))) {
890 return ERR_OK;
891 }
892
893 if ((appType == Constants::AppType::THIRD_PARTY_APP) &&
894 (BundleUtil::CheckSystemSize(bundlePath, APP_INSTALL_PATH))) {
895 return ERR_OK;
896 }
897
898 LOG_E(BMS_TAG_INSTALLER, "install failed due to insufficient disk memory");
899 return ERR_APPEXECFWK_INSTALL_DISK_MEM_INSUFFICIENT;
900 }
901
CheckHapHashParams(std::unordered_map<std::string,InnerBundleInfo> & infos,std::map<std::string,std::string> hashParams)902 ErrCode BundleInstallChecker::CheckHapHashParams(
903 std::unordered_map<std::string, InnerBundleInfo> &infos,
904 std::map<std::string, std::string> hashParams)
905 {
906 if (hashParams.empty()) {
907 LOG_D(BMS_TAG_INSTALLER, "hashParams is empty");
908 return ERR_OK;
909 }
910
911 std::vector<std::string> hapModuleNames;
912 for (auto &info : infos) {
913 std::vector<std::string> moduleNames;
914 info.second.GetModuleNames(moduleNames);
915 if (moduleNames.empty()) {
916 LOG_E(BMS_TAG_INSTALLER, "hap(%{public}s) moduleName is empty", info.first.c_str());
917 return ERR_APPEXECFWK_INSTALL_FAILED_MODULE_NAME_EMPTY;
918 }
919
920 if (std::find(hapModuleNames.begin(), hapModuleNames.end(), moduleNames[0]) != hapModuleNames.end()) {
921 LOG_E(BMS_TAG_INSTALLER, "hap moduleName(%{public}s) duplicate", moduleNames[0].c_str());
922 return ERR_APPEXECFWK_INSTALL_FAILED_MODULE_NAME_DUPLICATE;
923 }
924
925 hapModuleNames.emplace_back(moduleNames[0]);
926 auto hashParamIter = hashParams.find(moduleNames[0]);
927 if (hashParamIter != hashParams.end()) {
928 info.second.SetModuleHashValue(hashParamIter->second);
929 hashParams.erase(hashParamIter);
930 }
931 }
932
933 if (!hashParams.empty()) {
934 LOG_E(BMS_TAG_INSTALLER, "Some hashParam moduleName is not exist in hap moduleNames");
935 return ERR_APPEXECFWK_INSTALL_FAILED_CHECK_HAP_HASH_PARAM;
936 }
937
938 return ERR_OK;
939 }
940
GetValidReleaseType(const std::unordered_map<std::string,InnerBundleInfo> & infos)941 std::tuple<bool, std::string, std::string> BundleInstallChecker::GetValidReleaseType(
942 const std::unordered_map<std::string, InnerBundleInfo> &infos)
943 {
944 if (infos.empty()) {
945 LOG_E(BMS_TAG_INSTALLER, "infos is empty");
946 return std::make_tuple(false, "", "");
947 }
948 for (const auto &info : infos) {
949 if (!info.second.IsHsp()) {
950 return std::make_tuple(false, info.second.GetCurModuleName(), info.second.GetReleaseType());
951 }
952 }
953 return std::make_tuple(true, (infos.begin()->second).GetCurModuleName(),
954 (infos.begin()->second).GetReleaseType());
955 }
956
CheckAppLabelInfo(const std::unordered_map<std::string,InnerBundleInfo> & infos)957 ErrCode BundleInstallChecker::CheckAppLabelInfo(
958 const std::unordered_map<std::string, InnerBundleInfo> &infos)
959 {
960 LOG_D(BMS_TAG_INSTALLER, "Check APP label");
961 ErrCode ret = ERR_OK;
962 std::string bundleName = (infos.begin()->second).GetBundleName();
963 uint32_t versionCode = (infos.begin()->second).GetVersionCode();
964 auto [isHsp, moduleName, releaseType] = GetValidReleaseType(infos);
965 bool singleton = (infos.begin()->second).IsSingleton();
966 Constants::AppType appType = (infos.begin()->second).GetAppType();
967 bool isStage = (infos.begin()->second).GetIsNewVersion();
968 const std::string targetBundleName = (infos.begin()->second).GetTargetBundleName();
969 int32_t targetPriority = (infos.begin()->second).GetTargetPriority();
970 BundleType bundleType = (infos.begin()->second).GetApplicationBundleType();
971 bool isHmService = (infos.begin()->second).GetEntryInstallationFree();
972 bool debug = (infos.begin()->second).GetBaseApplicationInfo().debug;
973 bool hasEntry = (infos.begin()->second).HasEntry();
974 bool isSameDebugType = true;
975 bool entryDebug = hasEntry ? debug : false;
976
977 for (const auto &info : infos) {
978 // check bundleName
979 if (bundleName != info.second.GetBundleName()) {
980 LOG_E(BMS_TAG_INSTALLER, "bundleName not same");
981 return ERR_APPEXECFWK_INSTALL_BUNDLENAME_NOT_SAME;
982 }
983 // check version
984 if (bundleType != BundleType::SHARED) {
985 if (versionCode != info.second.GetVersionCode()) {
986 LOG_E(BMS_TAG_INSTALLER, "versionCode not same");
987 return ERR_APPEXECFWK_INSTALL_VERSIONCODE_NOT_SAME;
988 }
989 }
990 // check release type
991 if (releaseType != info.second.GetReleaseType()) {
992 LOG_W(BMS_TAG_INSTALLER, "releaseType not same: [%{public}s, %{public}s] vs [%{public}s, %{public}s]",
993 moduleName.c_str(), releaseType.c_str(),
994 info.second.GetCurModuleName().c_str(), info.second.GetReleaseType().c_str());
995 if (!isHsp && !info.second.IsHsp()) {
996 LOG_E(BMS_TAG_INSTALLER, "releaseType not same");
997 return ERR_APPEXECFWK_INSTALL_RELEASETYPE_NOT_SAME;
998 }
999 }
1000 if (singleton != info.second.IsSingleton()) {
1001 LOG_E(BMS_TAG_INSTALLER, "singleton not same");
1002 return ERR_APPEXECFWK_INSTALL_SINGLETON_NOT_SAME;
1003 }
1004 if (appType != info.second.GetAppType()) {
1005 LOG_E(BMS_TAG_INSTALLER, "appType not same");
1006 return ERR_APPEXECFWK_INSTALL_APPTYPE_NOT_SAME;
1007 }
1008 // check model type(FA or stage)
1009 if (isStage != info.second.GetIsNewVersion()) {
1010 LOG_E(BMS_TAG_INSTALLER, "must be all FA model or all stage model");
1011 return ERR_APPEXECFWK_INSTALL_STATE_ERROR;
1012 }
1013 if (targetBundleName != info.second.GetTargetBundleName()) {
1014 LOG_E(BMS_TAG_INSTALLER, "targetBundleName not same");
1015 return ERR_BUNDLEMANAGER_OVERLAY_INSTALLATION_FAILED_TARGET_BUNDLE_NAME_NOT_SAME;
1016 }
1017 if (targetPriority != info.second.GetTargetPriority()) {
1018 LOG_E(BMS_TAG_INSTALLER, "targetPriority not same");
1019 return ERR_BUNDLEMANAGER_OVERLAY_INSTALLATION_FAILED_TARGET_PRIORITY_NOT_SAME;
1020 }
1021 if (bundleType != info.second.GetApplicationBundleType()) {
1022 LOG_E(BMS_TAG_INSTALLER, "bundleType not same");
1023 return ERR_APPEXECFWK_BUNDLE_TYPE_NOT_SAME;
1024 }
1025 if (isHmService != info.second.GetEntryInstallationFree()) {
1026 LOG_E(BMS_TAG_INSTALLER, "application and hm service are not allowed installed simultaneously");
1027 return ERR_APPEXECFWK_INSTALL_TYPE_ERROR;
1028 }
1029 if (debug != info.second.GetBaseApplicationInfo().debug) {
1030 LOG_E(BMS_TAG_INSTALLER, "debug not same");
1031 isSameDebugType = false;
1032 }
1033 if (!hasEntry) {
1034 hasEntry = info.second.HasEntry();
1035 entryDebug = info.second.GetBaseApplicationInfo().debug;
1036 }
1037 }
1038
1039 if (hasEntry && !entryDebug && (debug || !isSameDebugType)) {
1040 LOG_E(BMS_TAG_INSTALLER, "debug type not same");
1041 return ERR_APPEXECFWK_INSTALL_DEBUG_NOT_SAME;
1042 }
1043 LOG_D(BMS_TAG_INSTALLER, "finish check APP label");
1044 return ret;
1045 }
1046
CheckMultiNativeFile(std::unordered_map<std::string,InnerBundleInfo> & infos)1047 ErrCode BundleInstallChecker::CheckMultiNativeFile(
1048 std::unordered_map<std::string, InnerBundleInfo> &infos)
1049 {
1050 ErrCode result = CheckMultiNativeSo(infos);
1051 if (result != ERR_OK) {
1052 LOG_E(BMS_TAG_INSTALLER, "Check multi nativeSo failed, result: %{public}d", result);
1053 return result;
1054 }
1055
1056 result = CheckMultiArkNativeFile(infos);
1057 if (result != ERR_OK) {
1058 LOG_E(BMS_TAG_INSTALLER, "Check multi arkNativeFile failed, result: %{public}d", result);
1059 return result;
1060 }
1061
1062 return ERR_OK;
1063 }
1064
CheckMultiArkNativeFile(std::unordered_map<std::string,InnerBundleInfo> & infos)1065 ErrCode BundleInstallChecker::CheckMultiArkNativeFile(
1066 std::unordered_map<std::string, InnerBundleInfo> &infos)
1067 {
1068 std::string arkNativeFileAbi = (infos.begin()->second).GetArkNativeFileAbi();
1069 for (const auto &info : infos) {
1070 if (info.second.GetArkNativeFileAbi().empty()) {
1071 continue;
1072 }
1073 if (arkNativeFileAbi.empty()) {
1074 arkNativeFileAbi = info.second.GetArkNativeFileAbi();
1075 continue;
1076 }
1077 }
1078
1079 // Ensure the an is consistent in multiple haps
1080 if (!arkNativeFileAbi.empty()) {
1081 for (auto &info : infos) {
1082 info.second.SetArkNativeFileAbi(arkNativeFileAbi);
1083 }
1084 }
1085
1086 return ERR_OK;
1087 }
1088
CheckMultiNativeSo(std::unordered_map<std::string,InnerBundleInfo> & infos)1089 ErrCode BundleInstallChecker::CheckMultiNativeSo(
1090 std::unordered_map<std::string, InnerBundleInfo> &infos)
1091 {
1092 std::string nativeLibraryPath = (infos.begin()->second).GetNativeLibraryPath();
1093 std::string cpuAbi = (infos.begin()->second).GetCpuAbi();
1094 for (const auto &info : infos) {
1095 if (info.second.GetNativeLibraryPath().empty()) {
1096 continue;
1097 }
1098 if (nativeLibraryPath.empty()) {
1099 nativeLibraryPath = info.second.GetNativeLibraryPath();
1100 cpuAbi = info.second.GetCpuAbi();
1101 continue;
1102 }
1103 }
1104
1105 // Ensure the so is consistent in multiple haps
1106 if (!nativeLibraryPath.empty()) {
1107 for (auto &info : infos) {
1108 info.second.SetNativeLibraryPath(nativeLibraryPath);
1109 info.second.SetCpuAbi(cpuAbi);
1110 }
1111 }
1112
1113 return ERR_OK;
1114 }
1115
ResetProperties()1116 void BundleInstallChecker::ResetProperties()
1117 {
1118 isContainEntry_ = false;
1119 }
1120
ParseAppPrivilegeCapability(const Security::Verify::ProvisionInfo & provisionInfo,AppPrivilegeCapability & appPrivilegeCapability)1121 void BundleInstallChecker::ParseAppPrivilegeCapability(
1122 const Security::Verify::ProvisionInfo &provisionInfo,
1123 AppPrivilegeCapability &appPrivilegeCapability)
1124 {
1125 for (const auto &appPrivilege : provisionInfo.appPrivilegeCapabilities) {
1126 auto iter = PRIVILEGE_MAP.find(appPrivilege);
1127 if (iter != PRIVILEGE_MAP.end()) {
1128 iter->second(appPrivilegeCapability);
1129 }
1130 }
1131 LOG_D(BMS_TAG_INSTALLER, "AppPrivilegeCapability %{public}s",
1132 appPrivilegeCapability.ToString().c_str());
1133 #ifndef USE_PRE_BUNDLE_PROFILE
1134 appPrivilegeCapability.allowMultiProcess = true;
1135 appPrivilegeCapability.allowUsePrivilegeExtension = true;
1136 #endif
1137 }
1138
CheckModuleNameForMulitHaps(const std::unordered_map<std::string,InnerBundleInfo> & infos)1139 ErrCode BundleInstallChecker::CheckModuleNameForMulitHaps(
1140 const std::unordered_map<std::string, InnerBundleInfo> &infos)
1141 {
1142 std::set<std::string> moduleSet;
1143 for (const auto &info : infos) {
1144 std::vector<std::string> moduleVec = info.second.GetDistroModuleName();
1145 if (moduleVec.empty()) {
1146 LOG_E(BMS_TAG_INSTALLER, "moduleName vector is empty");
1147 return ERR_APPEXECFWK_INSTALL_INTERNAL_ERROR;
1148 }
1149 if (moduleSet.count(moduleVec[0])) {
1150 LOG_E(BMS_TAG_INSTALLER, "the moduleName: %{public}s is not unique in the haps", moduleVec[0].c_str());
1151 SetCheckResultMsg("the moduleName: " + moduleVec[0] + " is not unique in the haps");
1152 return ERR_APPEXECFWK_INSTALL_NOT_UNIQUE_DISTRO_MODULE_NAME;
1153 }
1154 moduleSet.insert(moduleVec[0]);
1155 }
1156 return ERR_OK;
1157 }
1158
IsExistedDistroModule(const InnerBundleInfo & newInfo,const InnerBundleInfo & info) const1159 bool BundleInstallChecker::IsExistedDistroModule(const InnerBundleInfo &newInfo, const InnerBundleInfo &info) const
1160 {
1161 std::string moduleName = newInfo.GetCurModuleName();
1162 std::string packageName = newInfo.GetCurrentModulePackage();
1163 if (packageName.empty() || moduleName.empty()) {
1164 LOG_E(BMS_TAG_INSTALLER, "IsExistedDistroModule failed due to invalid packageName or moduleName");
1165 return false;
1166 }
1167 std::string oldModuleName = info.GetModuleNameByPackage(packageName);
1168 // if FA update to Stage, allow module name inconsistent
1169 bool isFAToStage = !info.GetIsNewVersion() && newInfo.GetIsNewVersion();
1170 if (!isFAToStage) {
1171 // if not FA update to Stage, check consistency of module name
1172 if (moduleName.compare(oldModuleName) != 0) {
1173 LOG_E(BMS_TAG_INSTALLER, "no moduleName in the innerModuleInfo");
1174 return false;
1175 }
1176 }
1177 // check consistency of module type
1178 std::string newModuleType = newInfo.GetModuleTypeByPackage(packageName);
1179 std::string oldModuleType = info.GetModuleTypeByPackage(packageName);
1180 if (newModuleType.compare(oldModuleType) != 0) {
1181 LOG_E(BMS_TAG_INSTALLER, "moduleType is different between the new hap and the original hap");
1182 return false;
1183 }
1184
1185 return true;
1186 }
1187
IsContainModuleName(const InnerBundleInfo & newInfo,const InnerBundleInfo & info) const1188 bool BundleInstallChecker::IsContainModuleName(const InnerBundleInfo &newInfo, const InnerBundleInfo &info) const
1189 {
1190 std::string moduleName = newInfo.GetCurModuleName();
1191 std::vector<std::string> moduleVec = info.GetDistroModuleName();
1192 if (moduleName.empty() || moduleVec.empty()) {
1193 LOG_E(BMS_TAG_INSTALLER, "IsContainModuleName failed due to invalid moduleName or modulevec");
1194 return false;
1195 }
1196 return (find(moduleVec.cbegin(), moduleVec.cend(), moduleName) == moduleVec.cend()) ? false : true;
1197 }
1198
CheckMainElement(const InnerBundleInfo & info)1199 ErrCode BundleInstallChecker::CheckMainElement(const InnerBundleInfo &info)
1200 {
1201 const std::map<std::string, InnerModuleInfo> &innerModuleInfos = info.GetInnerModuleInfos();
1202 if (innerModuleInfos.empty()) {
1203 return ERR_OK;
1204 }
1205 if (innerModuleInfos.cbegin()->second.distro.moduleType == Profile::MODULE_TYPE_SHARED) {
1206 return ERR_OK;
1207 }
1208 if (info.GetEntryInstallationFree() && innerModuleInfos.cbegin()->second.mainAbility.empty()) {
1209 LOG_E(BMS_TAG_INSTALLER, "atomic service's mainElement can't be empty");
1210 return ERR_APPEXECFWK_PARSE_PROFILE_PROP_CHECK_ERROR;
1211 }
1212 return ERR_OK;
1213 }
1214
GetPrivilegeCapabilityValue(const std::vector<std::string> & existInJson,const std::string & key,bool existInPreJson,bool existInProvision)1215 bool BundleInstallChecker::GetPrivilegeCapabilityValue(
1216 const std::vector<std::string> &existInJson,
1217 const std::string &key,
1218 bool existInPreJson,
1219 bool existInProvision)
1220 {
1221 if (find(existInJson.cbegin(), existInJson.cend(), key) != existInJson.cend()) {
1222 return existInPreJson;
1223 }
1224 return existInProvision;
1225 }
1226
FetchPrivilegeCapabilityFromPreConfig(const std::string & bundleName,const std::vector<std::string> & appSignatures,AppPrivilegeCapability & appPrivilegeCapability)1227 void BundleInstallChecker::FetchPrivilegeCapabilityFromPreConfig(
1228 const std::string &bundleName,
1229 const std::vector<std::string> &appSignatures,
1230 AppPrivilegeCapability &appPrivilegeCapability)
1231 {
1232 #ifdef USE_PRE_BUNDLE_PROFILE
1233 LOG_D(BMS_TAG_INSTALLER, "bundleName: %{public}s, FetchPrivilegeCapabilityFromPreConfig start", bundleName.c_str());
1234 PreBundleConfigInfo configInfo;
1235 configInfo.bundleName = bundleName;
1236 if (!BMSEventHandler::GetPreInstallCapability(configInfo)) {
1237 LOG_D(BMS_TAG_INSTALLER, "bundleName: %{public}s is not exist in pre install capability list",
1238 bundleName.c_str());
1239 return;
1240 }
1241 bool match = false;
1242 for (const auto &signature : appSignatures) {
1243 if (MatchSignature(configInfo.appSignature, signature)) {
1244 match = true;
1245 break;
1246 }
1247 }
1248 if (!match && !MatchOldSignatures(bundleName, configInfo.appSignature)) {
1249 LOG_NOFUNC_E(BMS_TAG_INSTALLER, "bundleName: %{public}s signature verify failed in capability list",
1250 bundleName.c_str());
1251 return;
1252 }
1253
1254 appPrivilegeCapability.allowUsePrivilegeExtension = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
1255 ALLOW_APP_USE_PRIVILEGE_EXTENSION,
1256 configInfo.allowUsePrivilegeExtension, appPrivilegeCapability.allowUsePrivilegeExtension);
1257
1258 appPrivilegeCapability.allowMultiProcess = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
1259 ALLOW_APP_MULTI_PROCESS, configInfo.allowMultiProcess, appPrivilegeCapability.allowMultiProcess);
1260
1261 appPrivilegeCapability.hideDesktopIcon = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
1262 ALLOW_APP_DESKTOP_ICON_HIDE, configInfo.hideDesktopIcon, appPrivilegeCapability.hideDesktopIcon);
1263
1264 appPrivilegeCapability.allowQueryPriority = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
1265 ALLOW_ABILITY_PRIORITY_QUERIED, configInfo.allowQueryPriority, appPrivilegeCapability.allowQueryPriority);
1266
1267 appPrivilegeCapability.allowExcludeFromMissions = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
1268 ALLOW_ABILITY_EXCLUDE_FROM_MISSIONS,
1269 configInfo.allowExcludeFromMissions, appPrivilegeCapability.allowExcludeFromMissions);
1270
1271 appPrivilegeCapability.allowMissionNotCleared = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
1272 ALLOW_MISSION_NOT_CLEARED, configInfo.allowMissionNotCleared, appPrivilegeCapability.allowMissionNotCleared);
1273
1274 appPrivilegeCapability.formVisibleNotify = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
1275 ALLOW_FORM_VISIBLE_NOTIFY, configInfo.formVisibleNotify, appPrivilegeCapability.formVisibleNotify);
1276
1277 appPrivilegeCapability.userDataClearable = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
1278 ALLOW_APP_DATA_NOT_CLEARED, configInfo.userDataClearable, appPrivilegeCapability.userDataClearable);
1279
1280 appPrivilegeCapability.appShareLibrary = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
1281 ALLOW_APP_SHARE_LIBRARY, configInfo.appShareLibrary, appPrivilegeCapability.appShareLibrary);
1282
1283 appPrivilegeCapability.allowEnableNotification = GetPrivilegeCapabilityValue(configInfo.existInJsonFile,
1284 ALLOW_ENABLE_NOTIFICATION, configInfo.allowEnableNotification, appPrivilegeCapability.allowEnableNotification);
1285 LOG_D(BMS_TAG_INSTALLER, "AppPrivilegeCapability %{public}s", appPrivilegeCapability.ToString().c_str());
1286 #endif
1287 }
1288
MatchOldSignatures(const std::string & bundleName,const std::vector<std::string> & appSignatures)1289 bool BundleInstallChecker::MatchOldSignatures(const std::string &bundleName,
1290 const std::vector<std::string> &appSignatures)
1291 {
1292 std::vector<std::string> oldAppIds;
1293 std::shared_ptr<BundleDataMgr> dataMgr = DelayedSingleton<BundleMgrService>::GetInstance()->GetDataMgr();
1294 if (!dataMgr->GetOldAppIds(bundleName, oldAppIds)) {
1295 LOG_D(BMS_TAG_INSTALLER, "Get OldAppIds failed");
1296 return false;
1297 }
1298 for (const auto &signature : appSignatures) {
1299 if (std::find(oldAppIds.begin(), oldAppIds.end(), signature) != oldAppIds.end()) {
1300 return true;
1301 }
1302 }
1303
1304 return false;
1305 }
1306
MatchSignature(const std::vector<std::string> & appSignatures,const std::string & signature)1307 bool BundleInstallChecker::MatchSignature(
1308 const std::vector<std::string> &appSignatures, const std::string &signature)
1309 {
1310 if (appSignatures.empty() || signature.empty()) {
1311 LOG_NOFUNC_W(BMS_TAG_INSTALLER, "appSignature of signature is empty");
1312 return false;
1313 }
1314
1315 return std::find(
1316 appSignatures.begin(), appSignatures.end(), signature) != appSignatures.end();
1317 }
1318
ProcessBundleInfoByPrivilegeCapability(const AppPrivilegeCapability & appPrivilegeCapability,InnerBundleInfo & innerBundleInfo)1319 ErrCode BundleInstallChecker::ProcessBundleInfoByPrivilegeCapability(
1320 const AppPrivilegeCapability &appPrivilegeCapability,
1321 InnerBundleInfo &innerBundleInfo)
1322 {
1323 // process application
1324 ApplicationInfo applicationInfo = innerBundleInfo.GetBaseApplicationInfo();
1325 if (!appPrivilegeCapability.allowMultiProcess || applicationInfo.process.empty()) {
1326 applicationInfo.process = applicationInfo.bundleName;
1327 }
1328 applicationInfo.allowEnableNotification = appPrivilegeCapability.allowEnableNotification;
1329 innerBundleInfo.SetBaseApplicationInfo(applicationInfo);
1330 BundleInfo bundleInfo = innerBundleInfo.GetBaseBundleInfo();
1331 // process allow app share library
1332 if (applicationInfo.bundleType == BundleType::SHARED && !appPrivilegeCapability.appShareLibrary) {
1333 LOG_E(BMS_TAG_INSTALLER, "not allow app share library");
1334 return ERR_APPEXECFWK_INSTALL_SHARE_APP_LIBRARY_NOT_ALLOWED;
1335 }
1336 // process ability
1337 auto &abilityInfos = innerBundleInfo.FetchAbilityInfos();
1338 for (auto iter = abilityInfos.begin(); iter != abilityInfos.end(); ++iter) {
1339 #ifdef USE_PRE_BUNDLE_PROFILE
1340 if (!appPrivilegeCapability.allowQueryPriority) {
1341 iter->second.priority = 0;
1342 }
1343 if (!appPrivilegeCapability.allowExcludeFromMissions) {
1344 iter->second.excludeFromMissions = false;
1345 }
1346 if (!appPrivilegeCapability.allowMissionNotCleared) {
1347 iter->second.unclearableMission = false;
1348 }
1349 #else
1350 if (!applicationInfo.isSystemApp || !bundleInfo.isPreInstallApp) {
1351 iter->second.priority = 0;
1352 iter->second.excludeFromMissions = false;
1353 }
1354 #endif
1355 }
1356 // process ExtensionAbility
1357 auto &extensionAbilityInfos = innerBundleInfo.FetchInnerExtensionInfos();
1358 for (auto iter = extensionAbilityInfos.begin(); iter != extensionAbilityInfos.end(); ++iter) {
1359 bool privilegeType = IsPrivilegeExtensionAbilityType(iter->second.type);
1360 if (privilegeType && !appPrivilegeCapability.allowUsePrivilegeExtension) {
1361 LOG_E(BMS_TAG_INSTALLER, "not allow use privilege extension");
1362 return ERR_APPEXECFWK_PARSE_PROFILE_PROP_CHECK_ERROR;
1363 }
1364
1365 bool systemType = IsSystemExtensionAbilityType(iter->second.type);
1366 if (systemType && !applicationInfo.isSystemApp) {
1367 LOG_E(BMS_TAG_INSTALLER, "not allow use system extension");
1368 return ERR_APPEXECFWK_PARSE_PROFILE_PROP_CHECK_ERROR;
1369 }
1370
1371 #ifdef USE_PRE_BUNDLE_PROFILE
1372 if (!appPrivilegeCapability.allowQueryPriority) {
1373 iter->second.priority = 0;
1374 }
1375 #else
1376 if (!applicationInfo.isSystemApp || !bundleInfo.isPreInstallApp) {
1377 iter->second.priority = 0;
1378 }
1379 #endif
1380 if (appPrivilegeCapability.allowMultiProcess) {
1381 LOG_D(BMS_TAG_INSTALLER, "%{public}s support allowMultiProcess", iter->second.bundleName.c_str());
1382 auto hapModuleInfo = innerBundleInfo.GetInnerModuleInfoByModuleName(iter->second.moduleName);
1383 if (hapModuleInfo && !hapModuleInfo->process.empty()) {
1384 iter->second.process = hapModuleInfo->process;
1385 }
1386 }
1387 }
1388 // process InnerModuleInfo
1389 auto &innerModuleInfos = innerBundleInfo.FetchInnerModuleInfos();
1390 for (auto iter = innerModuleInfos.begin(); iter != innerModuleInfos.end(); ++iter) {
1391 if (iter->second.isModuleJson && (!appPrivilegeCapability.allowMultiProcess || iter->second.process.empty())) {
1392 iter->second.process = applicationInfo.bundleName;
1393 }
1394 }
1395 return ERR_OK;
1396 }
1397
CheckSupportAppTypes(const std::unordered_map<std::string,InnerBundleInfo> & infos,const std::string & supportAppTypes) const1398 bool BundleInstallChecker::CheckSupportAppTypes(
1399 const std::unordered_map<std::string, InnerBundleInfo> &infos, const std::string &supportAppTypes) const
1400 {
1401 LOG_D(BMS_TAG_INSTALLER, "CheckSupportAppTypes begin, supportAppTypes: %{public}s", supportAppTypes.c_str());
1402 std::vector<std::string> appTypesVec;
1403 OHOS::SplitStr(supportAppTypes, SUPPORT_APP_TYPES_SEPARATOR, appTypesVec);
1404 if (find(appTypesVec.begin(), appTypesVec.end(), DEVICE_TYPE_OF_DEFAULT) != appTypesVec.end() &&
1405 find(appTypesVec.begin(), appTypesVec.end(), DEVICE_TYPE_OF_PHONE) == appTypesVec.end()) {
1406 appTypesVec.emplace_back(DEVICE_TYPE_OF_PHONE);
1407 }
1408 sort(appTypesVec.begin(), appTypesVec.end());
1409 for (const auto &info : infos) {
1410 std::vector<std::string> devVec = info.second.GetDeviceType(info.second.GetCurrentModulePackage());
1411 if (find(devVec.begin(), devVec.end(), DEVICE_TYPE_OF_DEFAULT) != devVec.end() &&
1412 find(devVec.begin(), devVec.end(), DEVICE_TYPE_OF_PHONE) == devVec.end()) {
1413 devVec.emplace_back(DEVICE_TYPE_OF_PHONE);
1414 }
1415 sort(devVec.begin(), devVec.end());
1416 std::vector<std::string> intersectionVec;
1417 set_intersection(appTypesVec.begin(), appTypesVec.end(),
1418 devVec.begin(), devVec.end(), back_inserter(intersectionVec));
1419 if (intersectionVec.empty()) {
1420 LOG_W(BMS_TAG_INSTALLER, "check supportAppTypes failed");
1421 return false;
1422 }
1423 }
1424 return true;
1425 }
1426
CheckDeviceType(std::unordered_map<std::string,InnerBundleInfo> & infos) const1427 ErrCode BundleInstallChecker::CheckDeviceType(std::unordered_map<std::string, InnerBundleInfo> &infos) const
1428 {
1429 std::string supportAppTypes = OHOS::system::GetParameter(SUPPORT_APP_TYPES, "");
1430 if (!supportAppTypes.empty() && CheckSupportAppTypes(infos, supportAppTypes)) {
1431 return ERR_OK;
1432 }
1433 std::string deviceType = GetDeviceType();
1434 LOG_D(BMS_TAG_INSTALLER, "deviceType is %{public}s", deviceType.c_str());
1435 for (const auto &info : infos) {
1436 std::vector<std::string> devVec = info.second.GetDeviceType(info.second.GetCurrentModulePackage());
1437 if (devVec.empty()) {
1438 LOG_NOFUNC_W(BMS_TAG_INSTALLER, "deviceTypes is empty");
1439 continue;
1440 }
1441
1442 if ((deviceType == DEVICE_TYPE_OF_PHONE) &&
1443 (find(devVec.begin(), devVec.end(), DEVICE_TYPE_OF_DEFAULT) != devVec.end())) {
1444 LOG_NOFUNC_W(BMS_TAG_INSTALLER, "current deviceType is phone and bundle is matched with default");
1445 continue;
1446 }
1447
1448 if ((deviceType == DEVICE_TYPE_OF_DEFAULT) &&
1449 (find(devVec.begin(), devVec.end(), DEVICE_TYPE_OF_PHONE) != devVec.end())) {
1450 LOG_NOFUNC_W(BMS_TAG_INSTALLER, "current deviceType is default and bundle is matched with phone");
1451 continue;
1452 }
1453
1454 if (find(devVec.begin(), devVec.end(), deviceType) == devVec.end()) {
1455 LOG_NOFUNC_E(BMS_TAG_INSTALLER, "%{public}s is not supported", deviceType.c_str());
1456 return ERR_APPEXECFWK_INSTALL_DEVICE_TYPE_NOT_SUPPORTED;
1457 }
1458 }
1459 return ERR_OK;
1460 }
1461
ConvertToAppProvisionInfo(const Security::Verify::ProvisionInfo & provisionInfo) const1462 AppProvisionInfo BundleInstallChecker::ConvertToAppProvisionInfo(
1463 const Security::Verify::ProvisionInfo &provisionInfo) const
1464 {
1465 AppProvisionInfo appProvisionInfo;
1466 appProvisionInfo.versionCode = provisionInfo.versionCode;
1467 appProvisionInfo.versionName = provisionInfo.versionName;
1468 if (provisionInfo.type == Security::Verify::ProvisionType::DEBUG) {
1469 appProvisionInfo.type = Constants::APP_PROVISION_TYPE_DEBUG;
1470 appProvisionInfo.certificate = provisionInfo.bundleInfo.developmentCertificate;
1471 } else {
1472 appProvisionInfo.type = Constants::APP_PROVISION_TYPE_RELEASE;
1473 appProvisionInfo.certificate = provisionInfo.bundleInfo.distributionCertificate;
1474 }
1475 appProvisionInfo.appDistributionType = GetAppDistributionType(provisionInfo.distributionType);
1476 appProvisionInfo.apl = provisionInfo.bundleInfo.apl.empty() ? APL_NORMAL : provisionInfo.bundleInfo.apl;
1477 appProvisionInfo.developerId = provisionInfo.bundleInfo.developerId;
1478 appProvisionInfo.issuer = provisionInfo.issuer;
1479 appProvisionInfo.uuid = provisionInfo.uuid;
1480 appProvisionInfo.validity.notBefore = provisionInfo.validity.notBefore;
1481 appProvisionInfo.validity.notAfter = provisionInfo.validity.notAfter;
1482 appProvisionInfo.appIdentifier = provisionInfo.bundleInfo.appIdentifier;
1483 appProvisionInfo.appServiceCapabilities = provisionInfo.appServiceCapabilities;
1484 appProvisionInfo.organization = provisionInfo.organization;
1485 return appProvisionInfo;
1486 }
1487
GetBundleNameFromUri(const std::string & uri)1488 std::string GetBundleNameFromUri(const std::string &uri)
1489 {
1490 std::size_t firstSlashPos = uri.find(DOUBLE_SLASH);
1491 if (firstSlashPos == std::string::npos) {
1492 LOG_E(BMS_TAG_INSTALLER, "dataproxy uri is invalid");
1493 return Constants::EMPTY_STRING;
1494 }
1495
1496 std::size_t secondSlashPos = uri.find(SLASH, firstSlashPos + SLAH_OFFSET);
1497 if (secondSlashPos == std::string::npos) {
1498 LOG_E(BMS_TAG_INSTALLER, "dataproxy uri is invalid");
1499 return Constants::EMPTY_STRING;
1500 }
1501
1502 std::string bundleName = uri.substr(firstSlashPos + SLAH_OFFSET, secondSlashPos - firstSlashPos - SLAH_OFFSET);
1503 return bundleName;
1504 }
1505
CheckProxyPermissionLevel(const std::string & permissionName) const1506 bool BundleInstallChecker::CheckProxyPermissionLevel(const std::string &permissionName) const
1507 {
1508 // no permission name, only for self usage
1509 if (permissionName.empty()) {
1510 return true;
1511 }
1512 PermissionDef permissionDef;
1513 ErrCode ret = BundlePermissionMgr::GetPermissionDef(permissionName, permissionDef);
1514 if (ret != ERR_OK) {
1515 LOG_E(BMS_TAG_INSTALLER, "getPermissionDef failed");
1516 return false;
1517 }
1518 if (permissionDef.availableLevel < Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC) {
1519 LOG_E(BMS_TAG_INSTALLER, "permission %{public}s level too low", permissionName.c_str());
1520 return false;
1521 }
1522 return true;
1523 }
1524
CheckProxyDatas(const InnerBundleInfo & innerBundleInfo) const1525 ErrCode BundleInstallChecker::CheckProxyDatas(const InnerBundleInfo &innerBundleInfo) const
1526 {
1527 auto bundleName = innerBundleInfo.GetBundleName();
1528 auto moduleInfos = innerBundleInfo.GetInnerModuleInfos();
1529 if (moduleInfos.empty()) {
1530 return ERR_OK;
1531 }
1532 for (const auto &moduleInfo : moduleInfos) {
1533 for (const auto &proxyData : moduleInfo.second.proxyDatas) {
1534 auto name = GetBundleNameFromUri(proxyData.uri);
1535 if (bundleName != name) {
1536 LOG_E(BMS_TAG_INSTALLER, "bundleName from uri %{public}s different from origin bundleName %{public}s",
1537 name.c_str(), bundleName.c_str());
1538 return ERR_APPEXECFWK_INSTALL_CHECK_PROXY_DATA_URI_FAILED;
1539 }
1540 if (innerBundleInfo.IsSystemApp()) {
1541 continue;
1542 }
1543 if (!CheckProxyPermissionLevel(proxyData.requiredReadPermission)
1544 || !CheckProxyPermissionLevel(proxyData.requiredWritePermission)) {
1545 return ERR_APPEXECFWK_INSTALL_CHECK_PROXY_DATA_PERMISSION_FAILED;
1546 }
1547 }
1548 }
1549 return ERR_OK;
1550 }
1551
CheckSupportIsolation(const char * szIsolationModeThresholdMb,const std::string & isolationMode)1552 bool CheckSupportIsolation(const char *szIsolationModeThresholdMb, const std::string &isolationMode)
1553 {
1554 if ((std::strcmp(szIsolationModeThresholdMb, VALUE_TRUE) == 0) ||
1555 (std::strcmp(szIsolationModeThresholdMb, VALUE_TRUE_BOOL) == 0)) {
1556 if (isolationMode == NONISOLATION_ONLY) {
1557 LOG_E(BMS_TAG_INSTALLER, "check isolation mode failed");
1558 return false;
1559 }
1560 } else {
1561 if (isolationMode == ISOLATION_ONLY) {
1562 LOG_E(BMS_TAG_INSTALLER, "check isolation mode failed");
1563 return false;
1564 }
1565 }
1566 return true;
1567 }
1568
CheckIsolationMode(const std::unordered_map<std::string,InnerBundleInfo> & infos) const1569 ErrCode BundleInstallChecker::CheckIsolationMode(const std::unordered_map<std::string, InnerBundleInfo> &infos) const
1570 {
1571 for (const auto &info : infos) {
1572 auto moduleInfos = info.second.GetInnerModuleInfos();
1573 for (const auto &moduleInfo : moduleInfos) {
1574 std::string isolationMode = moduleInfo.second.isolationMode;
1575 char szIsolationModeThresholdMb[THRESHOLD_VAL_LEN] = {0};
1576 int32_t ret = GetParameter(SUPPORT_ISOLATION_MODE, "",
1577 szIsolationModeThresholdMb, THRESHOLD_VAL_LEN);
1578 if (ret <= 0) {
1579 LOG_D(BMS_TAG_INSTALLER, "GetParameter failed");
1580 }
1581 if (!CheckSupportIsolation(szIsolationModeThresholdMb, isolationMode)) {
1582 LOG_E(BMS_TAG_INSTALLER, "check isolation mode failed");
1583 return ERR_APPEXECFWK_INSTALL_ISOLATION_MODE_FAILED;
1584 }
1585 }
1586 }
1587 return ERR_OK;
1588 }
1589
CheckSignatureFileDir(const std::string & signatureFileDir) const1590 ErrCode BundleInstallChecker::CheckSignatureFileDir(const std::string &signatureFileDir) const
1591 {
1592 if (!BundleUtil::CheckFileName(signatureFileDir)) {
1593 LOG_E(BMS_TAG_INSTALLER, "code signature file dir is invalid");
1594 return ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FILE_IS_INVALID;
1595 }
1596 if (!BundleUtil::CheckFileType(signatureFileDir, ServiceConstants::CODE_SIGNATURE_FILE_SUFFIX)) {
1597 LOG_E(BMS_TAG_INSTALLER, "signatureFileDir is not suffixed with .sig");
1598 return ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FILE_IS_INVALID;
1599 }
1600 // signatureFileDir not support relevant dir
1601 if (signatureFileDir.find(ServiceConstants::RELATIVE_PATH) != std::string::npos) {
1602 LOG_E(BMS_TAG_INSTALLER, "signatureFileDir is invalid");
1603 return ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FILE_IS_INVALID;
1604 }
1605 return ERR_OK;
1606 }
1607
CheckDeveloperMode(const std::vector<Security::Verify::HapVerifyResult> & hapVerifyRes) const1608 ErrCode BundleInstallChecker::CheckDeveloperMode(
1609 const std::vector<Security::Verify::HapVerifyResult> &hapVerifyRes) const
1610 {
1611 if (system::GetBoolParameter(ServiceConstants::DEVELOPERMODE_STATE, true)) {
1612 return ERR_OK;
1613 }
1614 for (uint32_t i = 0; i < hapVerifyRes.size(); ++i) {
1615 Security::Verify::ProvisionInfo provisionInfo = hapVerifyRes[i].GetProvisionInfo();
1616 if (provisionInfo.type == Security::Verify::ProvisionType::DEBUG) {
1617 LOG_E(BMS_TAG_INSTALLER, "debug bundle can only be installed in developer mode");
1618 return ERR_APPEXECFWK_INSTALL_DEBUG_BUNDLE_NOT_ALLOWED;
1619 }
1620 }
1621 return ERR_OK;
1622 }
1623
CheckAllowEnterpriseBundle(const std::vector<Security::Verify::HapVerifyResult> & hapVerifyRes) const1624 ErrCode BundleInstallChecker::CheckAllowEnterpriseBundle(
1625 const std::vector<Security::Verify::HapVerifyResult> &hapVerifyRes) const
1626 {
1627 if (system::GetBoolParameter(ServiceConstants::ALLOW_ENTERPRISE_BUNDLE, false) ||
1628 system::GetBoolParameter(ServiceConstants::IS_ENTERPRISE_DEVICE, false) ||
1629 system::GetBoolParameter(ServiceConstants::DEVELOPERMODE_STATE, false)) {
1630 return ERR_OK;
1631 }
1632 for (uint32_t i = 0; i < hapVerifyRes.size(); ++i) {
1633 Security::Verify::ProvisionInfo provisionInfo = hapVerifyRes[i].GetProvisionInfo();
1634 if (provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_NORMAL ||
1635 provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_MDM) {
1636 LOG_E(BMS_TAG_INSTALLER, "enterprise normal/mdm bundle cannot be installed on non-enterprise device");
1637 return ERR_APPEXECFWK_INSTALL_ENTERPRISE_BUNDLE_NOT_ALLOWED;
1638 }
1639 }
1640 return ERR_OK;
1641 }
1642
CheckAppDistributionType(const Security::Verify::AppDistType type)1643 ErrCode BundleInstallChecker::CheckAppDistributionType(const Security::Verify::AppDistType type)
1644 {
1645 return CheckAppDistributionType(GetAppDistributionType(type));
1646 }
1647
CheckAppDistributionType(const std::string distributionType)1648 ErrCode BundleInstallChecker::CheckAppDistributionType(const std::string distributionType)
1649 {
1650 if (distributionType == Constants::APP_DISTRIBUTION_TYPE_OS_INTEGRATION) {
1651 APP_LOGD("os_integration is pass");
1652 return ERR_OK;
1653 }
1654 auto bmsPara = DelayedSingleton<BundleMgrService>::GetInstance()->GetBmsParam();
1655 if (bmsPara == nullptr) {
1656 APP_LOGW("bmsPara is nullptr");
1657 return ERR_OK;
1658 }
1659 std::string val;
1660 bmsPara->GetBmsParam(Constants::APP_DISTRIBUTION_TYPE_WHITE_LIST, val);
1661 if (val.length() <= 0) {
1662 APP_LOGE("GetBmsParam is null or exsit");
1663 return ERR_OK;
1664 }
1665 int32_t appDisnTypeEnum = GetAppDistributionTypeEnum(distributionType);
1666 std::vector<std::string> appDistributionTypeEnums;
1667 OHOS::SplitStr(val, Constants::SUPPORT_APP_TYPES_SEPARATOR, appDistributionTypeEnums);
1668 if (std::find(appDistributionTypeEnums.begin(), appDistributionTypeEnums.end(), std::to_string(appDisnTypeEnum))
1669 == appDistributionTypeEnums.end()) {
1670 APP_LOGE("bmsParam %{public}s not allow %{public}s install", val.c_str(), distributionType.c_str());
1671 return ERR_APP_DISTRIBUTION_TYPE_NOT_ALLOW_INSTALL;
1672 }
1673 return ERR_OK;
1674 }
1675
GetAppDistributionTypeEnum(const std::string distributionType) const1676 int32_t BundleInstallChecker::GetAppDistributionTypeEnum(const std::string distributionType) const
1677 {
1678 if (AppDistributionTypeEnumMap.find(distributionType) != AppDistributionTypeEnumMap.end()) {
1679 return static_cast<int32_t>(AppDistributionTypeEnumMap[distributionType]);
1680 }
1681 return 0;
1682 }
1683
CheckEnterpriseBundle(Security::Verify::HapVerifyResult & hapVerifyRes) const1684 bool BundleInstallChecker::CheckEnterpriseBundle(Security::Verify::HapVerifyResult &hapVerifyRes) const
1685 {
1686 Security::Verify::ProvisionInfo provisionInfo = hapVerifyRes.GetProvisionInfo();
1687 if (provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_NORMAL ||
1688 provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_MDM ||
1689 provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE) {
1690 return true;
1691 }
1692 return false;
1693 }
1694
CheckInternaltestingBundle(Security::Verify::HapVerifyResult & hapVerifyRes) const1695 bool BundleInstallChecker::CheckInternaltestingBundle(Security::Verify::HapVerifyResult &hapVerifyRes) const
1696 {
1697 Security::Verify::ProvisionInfo provisionInfo = hapVerifyRes.GetProvisionInfo();
1698 if (provisionInfo.distributionType == Security::Verify::AppDistType::INTERNALTESTING) {
1699 return true;
1700 }
1701 return false;
1702 }
1703
GetCheckResultMsg() const1704 std::string BundleInstallChecker::GetCheckResultMsg() const
1705 {
1706 return checkResultMsg_;
1707 }
1708
SetCheckResultMsg(const std::string checkResultMsg)1709 void BundleInstallChecker::SetCheckResultMsg(const std::string checkResultMsg)
1710 {
1711 checkResultMsg_ = checkResultMsg;
1712 }
1713
DetermineCloneApp(const InnerBundleInfo & innerBundleInfo,int32_t & cloneNum)1714 bool BundleInstallChecker::DetermineCloneApp(const InnerBundleInfo &innerBundleInfo, int32_t &cloneNum)
1715 {
1716 const ApplicationInfo applicationInfo = innerBundleInfo.GetBaseApplicationInfo();
1717 if (applicationInfo.multiAppMode.multiAppModeType != MultiAppModeType::APP_CLONE
1718 || applicationInfo.multiAppMode.maxCount == 0) {
1719 BmsExtensionDataMgr bmsExtensionDataMgr;
1720 const std::string appIdentifier = innerBundleInfo.GetAppIdentifier();
1721 if (!bmsExtensionDataMgr.DetermineCloneNum(applicationInfo.bundleName, appIdentifier, cloneNum)) {
1722 return false;
1723 }
1724 if (cloneNum == 0) {
1725 return false;
1726 }
1727 LOG_I(BMS_TAG_INSTALLER, "install -n %{public}s -c %{public}d",
1728 applicationInfo.bundleName.c_str(), cloneNum);
1729 return true;
1730 }
1731 return false;
1732 }
1733 } // namespace AppExecFwk
1734 } // namespace OHOS