1 /*
2 * Copyright (c) 2021-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "installd/installd_host_impl.h"
17
18 #include <cinttypes>
19 #include <cstdio>
20 #include <fstream>
21 #include <map>
22 #include <memory>
23 #include <sstream>
24 #include <string>
25 #include <sys/stat.h>
26 #include <sys/types.h>
27 #include <sys/xattr.h>
28 #include <unistd.h>
29
30 #include "aot/aot_executor.h"
31 #include "app_log_tag_wrapper.h"
32 #include "bundle_constants.h"
33 #include "bundle_service_constants.h"
34 #if defined(CODE_SIGNATURE_ENABLE)
35 #include "byte_buffer.h"
36 #include "code_sign_utils.h"
37 #endif
38 #include "common_profile.h"
39 #ifdef CONFIG_POLOCY_ENABLE
40 #include "config_policy_utils.h"
41 #endif
42 #include "directory_ex.h"
43 #ifdef WITH_SELINUX
44 #include "hap_restorecon.h"
45 #include "selinux/selinux.h"
46 #ifndef SELINUX_HAP_DEBUGGABLE
47 #define SELINUX_HAP_DEBUGGABLE 2
48 #endif
49 #endif // WITH_SELINUX
50 #include "hitrace_meter.h"
51 #include "installd/installd_operator.h"
52 #include "installd/installd_permission_mgr.h"
53 #include "parameters.h"
54 #include "inner_bundle_clone_common.h"
55 #include "storage_acl.h"
56
57 namespace OHOS {
58 namespace AppExecFwk {
59 namespace {
60 const std::vector<std::string> BUNDLE_DATA_DIR = {
61 "/cache",
62 "/files",
63 "/temp",
64 "/preferences",
65 "/haps"
66 };
67 constexpr const char* CLOUD_FILE_PATH = "/data/service/el2/%/hmdfs/cloud/data/";
68 constexpr const char* BUNDLE_BACKUP_HOME_PATH_EL2 = "/data/service/el2/%/backup/bundles/";
69 constexpr const char* DISTRIBUTED_FILE = "/data/service/el2/%/hmdfs/account/data/";
70 constexpr const char* SHARE_FILE_PATH = "/data/service/el2/%/share/";
71 constexpr const char* SHAREFILES_DATA_PATH_EL2 = "/data/app/el2/%/sharefiles/";
72 constexpr const char* BUNDLE_BACKUP_HOME_PATH_EL1 = "/data/service/el1/%/backup/bundles/";
73 constexpr const char* DISTRIBUTED_FILE_NON_ACCOUNT = "/data/service/el2/%/hmdfs/non_account/data/";
74 constexpr const char* BUNDLE_BACKUP_HOME_PATH_EL2_NEW = "/data/app/el2/%/base/";
75 constexpr const char* BUNDLE_BACKUP_HOME_PATH_EL1_NEW = "/data/app/el1/%/base/";
76 constexpr const char* BUNDLE_BACKUP_INNER_DIR = "/.backup";
77 constexpr const char* EXTENSION_CONFIG_DEFAULT_PATH = "/system/etc/ams_extension_config.json";
78 #ifdef CONFIG_POLOCY_ENABLE
79 constexpr const char* EXTENSION_CONFIG_FILE_PATH = "/etc/ams_extension_config.json";
80 #endif
81 constexpr const char* EXTENSION_CONFIG_NAME = "ams_extension_config";
82 constexpr const char* EXTENSION_TYPE_NAME = "extension_type_name";
83 constexpr const char* EXTENSION_SERVICE_NEED_CREATE_SANDBOX = "need_create_sandbox";
84 constexpr const char* SHELL_ENTRY_TXT = "g:2000:rwx";
85 constexpr uint64_t VECTOR_SIZE_MAX = 200;
86 constexpr int32_t INSTALLS_UID = 3060;
87 constexpr const char* LOG_PATH = "/log/";
88 constexpr const char* FIRST_BOOT_LOG_BACK_UP_PATH = "/log/bms/firstboot/";
89 enum class DirType : uint8_t {
90 DIR_EL1,
91 DIR_EL2,
92 };
93 #if defined(CODE_SIGNATURE_ENABLE)
94 using namespace OHOS::Security::CodeSign;
95 #endif
96 }
97
InstalldHostImpl()98 InstalldHostImpl::InstalldHostImpl()
99 {
100 LOG_NOFUNC_I(BMS_TAG_INSTALLD, "installd service created");
101 }
102
~InstalldHostImpl()103 InstalldHostImpl::~InstalldHostImpl()
104 {
105 LOG_NOFUNC_I(BMS_TAG_INSTALLD, "installd service destroyed");
106 }
107
CreateBundleDir(const std::string & bundleDir)108 ErrCode InstalldHostImpl::CreateBundleDir(const std::string &bundleDir)
109 {
110 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
111 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
112 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
113 }
114 if (bundleDir.empty()) {
115 LOG_E(BMS_TAG_INSTALLD, "Calling the function CreateBundleDir with invalid param");
116 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
117 }
118 if (InstalldOperator::IsExistDir(bundleDir)) {
119 LOG_W(BMS_TAG_INSTALLD, "bundleDir %{public}s is exist", bundleDir.c_str());
120 OHOS::ForceRemoveDirectoryBMS(bundleDir);
121 }
122 if (!InstalldOperator::MkRecursiveDir(bundleDir, true)) {
123 LOG_E(BMS_TAG_INSTALLD, "create bundle dir %{public}s failed, errno:%{public}d", bundleDir.c_str(), errno);
124 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
125 }
126 InstalldOperator::RmvDeleteDfx(bundleDir);
127 return ERR_OK;
128 }
129
ExtractModuleFiles(const std::string & srcModulePath,const std::string & targetPath,const std::string & targetSoPath,const std::string & cpuAbi)130 ErrCode InstalldHostImpl::ExtractModuleFiles(const std::string &srcModulePath, const std::string &targetPath,
131 const std::string &targetSoPath, const std::string &cpuAbi)
132 {
133 LOG_D(BMS_TAG_INSTALLD, "ExtractModuleFiles extract original src %{public}s and target src %{public}s",
134 srcModulePath.c_str(), targetPath.c_str());
135 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
136 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
137 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
138 }
139 if (srcModulePath.empty() || targetPath.empty()) {
140 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractModuleFiles with invalid param");
141 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
142 }
143 if (!InstalldOperator::MkRecursiveDir(targetPath, true)) {
144 LOG_E(BMS_TAG_INSTALLD, "create target dir %{public}s failed, errno:%{public}d", targetPath.c_str(), errno);
145 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
146 }
147 if (!InstalldOperator::ExtractFiles(srcModulePath, targetSoPath, cpuAbi)) {
148 LOG_E(BMS_TAG_INSTALLD, "extract %{public}s to %{public}s failed errno:%{public}d",
149 srcModulePath.c_str(), targetPath.c_str(), errno);
150 InstalldOperator::DeleteDir(targetPath);
151 return ERR_APPEXECFWK_INSTALLD_EXTRACT_FAILED;
152 }
153 return ERR_OK;
154 }
155
ExtractFiles(const ExtractParam & extractParam)156 ErrCode InstalldHostImpl::ExtractFiles(const ExtractParam &extractParam)
157 {
158 LOG_D(BMS_TAG_INSTALLD, "ExtractFiles extractParam %{public}s", extractParam.ToString().c_str());
159 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
160 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
161 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
162 }
163
164 if (extractParam.srcPath.empty() || extractParam.targetPath.empty()) {
165 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractFiles with invalid param");
166 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
167 }
168
169 if (!InstalldOperator::ExtractFiles(extractParam)) {
170 LOG_E(BMS_TAG_INSTALLD, "extract failed errno:%{public}d", errno);
171 return ERR_APPEXECFWK_INSTALLD_EXTRACT_FAILED;
172 }
173
174 return ERR_OK;
175 }
176
177
ExtractHnpFiles(const std::string & hnpPackageInfo,const ExtractParam & extractParam)178 ErrCode InstalldHostImpl::ExtractHnpFiles(const std::string &hnpPackageInfo, const ExtractParam &extractParam)
179 {
180 LOG_D(BMS_TAG_INSTALLD, "ExtractHnpFiles hnpPackageInfo %{public}s", hnpPackageInfo.c_str());
181 LOG_D(BMS_TAG_INSTALLD, "ExtractHnpFiles extractParam %{public}s", extractParam.ToString().c_str());
182 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
183 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
184 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
185 }
186
187 if (extractParam.srcPath.empty() || extractParam.targetPath.empty() || hnpPackageInfo.empty()) {
188 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractFiles with invalid param");
189 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
190 }
191
192 if (!InstalldOperator::ExtractFiles(hnpPackageInfo, extractParam)) {
193 LOG_E(BMS_TAG_INSTALLD, "extract failed errno:%{public}d", errno);
194 return ERR_APPEXECFWK_NATIVE_HNP_EXTRACT_FAILED;
195 }
196
197 return ERR_OK;
198 }
199
ProcessBundleInstallNative(const std::string & userId,const std::string & hnpRootPath,const std::string & hapPath,const std::string & cpuAbi,const std::string & packageName)200 ErrCode InstalldHostImpl::ProcessBundleInstallNative(const std::string &userId, const std::string &hnpRootPath,
201 const std::string &hapPath, const std::string &cpuAbi, const std::string &packageName)
202 {
203 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
204 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
205 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
206 }
207 if (!InstalldOperator::ProcessBundleInstallNative(userId, hnpRootPath, hapPath, cpuAbi, packageName)) {
208 return ERR_APPEXECFWK_NATIVE_INSTALL_FAILED;
209 }
210 return ERR_OK;
211 }
212
ProcessBundleUnInstallNative(const std::string & userId,const std::string & packageName)213 ErrCode InstalldHostImpl::ProcessBundleUnInstallNative(const std::string &userId, const std::string &packageName)
214 {
215 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
216 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
217 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
218 }
219 if (!InstalldOperator::ProcessBundleUnInstallNative(userId, packageName)) {
220 return ERR_APPEXECFWK_NATIVE_UNINSTALL_FAILED;
221 }
222 return ERR_OK;
223 }
224
ExecuteAOT(const AOTArgs & aotArgs,std::vector<uint8_t> & pendSignData)225 ErrCode InstalldHostImpl::ExecuteAOT(const AOTArgs &aotArgs, std::vector<uint8_t> &pendSignData)
226 {
227 LOG_D(BMS_TAG_INSTALLD, "begin to execute AOT, args : %{public}s", aotArgs.ToString().c_str());
228 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
229 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
230 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
231 }
232 ErrCode ret = ERR_OK;
233 AOTExecutor::GetInstance().ExecuteAOT(aotArgs, ret, pendSignData);
234 LOG_D(BMS_TAG_INSTALLD, "execute AOT ret : %{public}d", ret);
235 return ret;
236 }
237
PendSignAOT(const std::string & anFileName,const std::vector<uint8_t> & signData)238 ErrCode InstalldHostImpl::PendSignAOT(const std::string &anFileName, const std::vector<uint8_t> &signData)
239 {
240 LOG_D(BMS_TAG_INSTALLD, "begin to pend sign AOT, anFileName : %{public}s", anFileName.c_str());
241 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
242 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
243 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
244 }
245 ErrCode ret = AOTExecutor::GetInstance().PendSignAOT(anFileName, signData);
246 LOG_D(BMS_TAG_INSTALLD, "pend sign AOT ret : %{public}d", ret);
247 return ret;
248 }
249
StopAOT()250 ErrCode InstalldHostImpl::StopAOT()
251 {
252 LOG_I(BMS_TAG_INSTALLD, "StopAOT begin");
253 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
254 LOG_E(BMS_TAG_INSTALLD, "verify permission failed");
255 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
256 }
257 return AOTExecutor::GetInstance().StopAOT();
258 }
259
DeleteUninstallTmpDirs(const std::vector<std::string> & dirs)260 ErrCode InstalldHostImpl::DeleteUninstallTmpDirs(const std::vector<std::string> &dirs)
261 {
262 LOG_I(BMS_TAG_INSTALLD, "DeleteUninstallTmpDirs begin");
263 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
264 LOG_E(BMS_TAG_INSTALLD, "verify permission failed");
265 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
266 }
267 ErrCode ret = ERR_OK;
268 for (const std::string &dir : dirs) {
269 if (!InstalldOperator::DeleteUninstallTmpDir(dir)) {
270 ret = ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
271 }
272 }
273 return ret;
274 }
275
RenameModuleDir(const std::string & oldPath,const std::string & newPath)276 ErrCode InstalldHostImpl::RenameModuleDir(const std::string &oldPath, const std::string &newPath)
277 {
278 LOG_D(BMS_TAG_INSTALLD, "rename %{public}s to %{public}s", oldPath.c_str(), newPath.c_str());
279 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
280 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
281 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
282 }
283 if (oldPath.empty() || newPath.empty()) {
284 LOG_E(BMS_TAG_INSTALLD, "Calling the function RenameModuleDir with invalid param");
285 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
286 }
287 if (!InstalldOperator::RenameDir(oldPath, newPath)) {
288 LOG_D(BMS_TAG_INSTALLD, "rename module dir %{public}s to %{public}s failed errno:%{public}d",
289 oldPath.c_str(), newPath.c_str(), errno);
290 return ERR_APPEXECFWK_INSTALLD_RNAME_DIR_FAILED;
291 }
292 return ERR_OK;
293 }
294
GetBackupExtDirByType(std::string & bundleBackupDir,const std::string & bundleName,const DirType dirType)295 static void GetBackupExtDirByType(std::string &bundleBackupDir, const std::string &bundleName, const DirType dirType)
296 {
297 switch (dirType) {
298 case DirType::DIR_EL1:
299 bundleBackupDir = BUNDLE_BACKUP_HOME_PATH_EL1 + bundleName;
300 break;
301 case DirType::DIR_EL2:
302 bundleBackupDir = BUNDLE_BACKUP_HOME_PATH_EL2 + bundleName;
303 break;
304 default:
305 break;
306 }
307 }
308
GetNewBackupExtDirByType(std::string & bundleBackupDir,const std::string & bundleName,const DirType dirType)309 static void GetNewBackupExtDirByType(std::string &bundleBackupDir,
310 const std::string &bundleName, const DirType dirType)
311 {
312 switch (dirType) {
313 case DirType::DIR_EL1:
314 bundleBackupDir = BUNDLE_BACKUP_HOME_PATH_EL1_NEW + bundleName + BUNDLE_BACKUP_INNER_DIR;
315 break;
316 case DirType::DIR_EL2:
317 bundleBackupDir = BUNDLE_BACKUP_HOME_PATH_EL2_NEW + bundleName + BUNDLE_BACKUP_INNER_DIR;
318 break;
319 default:
320 break;
321 }
322 }
323
CreateBackupExtHomeDir(const std::string & bundleName,const int32_t userid,const int32_t uid,std::string & bundleBackupDir,const DirType dirType)324 static void CreateBackupExtHomeDir(const std::string &bundleName, const int32_t userid, const int32_t uid,
325 std::string &bundleBackupDir, const DirType dirType)
326 {
327 GetBackupExtDirByType(bundleBackupDir, bundleName, dirType);
328 LOG_D(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir begin, type %{public}d, path %{public}s",
329 static_cast<int32_t>(dirType), bundleBackupDir.c_str());
330 if (bundleBackupDir.empty()) {
331 LOG_W(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir backup dir empty, type %{public}d",
332 static_cast<int32_t>(dirType));
333 return;
334 }
335 // Setup BackupExtensionAbility's home directory in a harmless way
336 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
337 if (!InstalldOperator::MkOwnerDir(
338 bundleBackupDir, S_IRWXU | S_IRWXG | S_ISGID, uid, ServiceConstants::BACKU_HOME_GID)) {
339 static std::once_flag logOnce;
340 std::call_once(logOnce, []() {
341 LOG_W(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir MkOwnerDir(backup's home dir) failed errno:%{public}d",
342 errno);
343 });
344 }
345 }
346
CreateNewBackupExtHomeDir(const std::string & bundleName,const int32_t userid,const int32_t uid,std::string & bundleBackupDir,const DirType dirType)347 static void CreateNewBackupExtHomeDir(const std::string &bundleName, const int32_t userid, const int32_t uid,
348 std::string &bundleBackupDir, const DirType dirType)
349 {
350 GetNewBackupExtDirByType(bundleBackupDir, bundleName, dirType);
351 LOG_D(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir begin, type %{public}d, path %{public}s",
352 static_cast<int32_t>(dirType), bundleBackupDir.c_str());
353 if (bundleBackupDir.empty()) {
354 LOG_W(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir backup dir empty, type %{public}d",
355 static_cast<int32_t>(dirType));
356 return;
357 }
358 // Setup BackupExtensionAbility's home directory in a harmless way
359 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
360 if (!InstalldOperator::MkOwnerDir(
361 bundleBackupDir, S_IRWXU | S_IRWXG | S_ISGID, uid, ServiceConstants::BACKU_HOME_GID)) {
362 static std::once_flag logOnce;
363 std::call_once(logOnce, []() {
364 LOG_W(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir MkOwnerDir(backup's home dir) failed errno:%{public}d",
365 errno);
366 });
367 }
368 }
369
CreateShareDir(const std::string & bundleName,const int32_t userid,const int32_t uid,const int32_t gid)370 static void CreateShareDir(const std::string &bundleName, const int32_t userid, const int32_t uid, const int32_t gid)
371 {
372 std::string bundleShareDir = SHARE_FILE_PATH + bundleName;
373 bundleShareDir = bundleShareDir.replace(bundleShareDir.find("%"), 1, std::to_string(userid));
374 if (!InstalldOperator::MkOwnerDir(bundleShareDir, S_IRWXU | S_IRWXG | S_ISGID, uid, gid)) {
375 static std::once_flag logOnce;
376 std::call_once(logOnce, []() {
377 LOG_W(BMS_TAG_INSTALLD, "CreateShareDir MkOwnerDir(share's home dir) failed errno:%{public}d", errno);
378 });
379 }
380 }
381
CreateCloudDir(const std::string & bundleName,const int32_t userid,const int32_t uid,const int32_t gid)382 static void CreateCloudDir(const std::string &bundleName, const int32_t userid, const int32_t uid, const int32_t gid)
383 {
384 std::string bundleCloudDir = CLOUD_FILE_PATH + bundleName;
385 bundleCloudDir = bundleCloudDir.replace(bundleCloudDir.find("%"), 1, std::to_string(userid));
386 if (!InstalldOperator::MkOwnerDir(bundleCloudDir, S_IRWXU | S_IRWXG | S_ISGID, uid, gid)) {
387 static std::once_flag logOnce;
388 std::call_once(logOnce, []() {
389 LOG_W(BMS_TAG_INSTALLD, "CreateCloudDir MkOwnerDir(cloud's home dir) failed errno:%{public}d", errno);
390 });
391 }
392 }
393
394 /**
395 * @brief Create bundle data dir(BUNDLE_DATA_DIR) in /data/app/el2/userid/sharefiles/
396 * @return ErrCode
397 */
CreateSharefilesDataDirEl2(const CreateDirParam & createDirParam)398 ErrCode InstalldHostImpl::CreateSharefilesDataDirEl2(const CreateDirParam &createDirParam)
399 {
400 std::string bundleName = createDirParam.bundleName;
401 LOG_D(BMS_TAG_INSTALLD, "begin for %{public}s", bundleName.c_str());
402 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
403 LOG_W(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation");
404 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
405 }
406 ErrCode res = ERR_OK;
407 FileStat fileStat;
408 int32_t uid = createDirParam.uid;
409 int32_t gid = createDirParam.gid;
410 std::string shareFilesDataDir = SHAREFILES_DATA_PATH_EL2;
411 shareFilesDataDir.replace(shareFilesDataDir.find("%"), 1, std::to_string(createDirParam.userId));
412 // check /data/app/el2/userid/sharefiles exist or not
413 if (access(shareFilesDataDir.c_str(), F_OK) != 0) {
414 LOG_W(BMS_TAG_INSTALLD, "No %{public}s, bundleName:%{public}s",
415 shareFilesDataDir.c_str(), bundleName.c_str());
416 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
417 }
418 std::string bundleShareFilesDataDir = shareFilesDataDir + bundleName;
419 if (!InstalldOperator::MkOwnerDir(bundleShareFilesDataDir, S_IRWXU, uid, gid)) {
420 LOG_W(BMS_TAG_INSTALLD, "MkOwnerDir %{public}s failed: %{public}d",
421 bundleShareFilesDataDir.c_str(), errno);
422 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
423 }
424 for (const auto &dir : BUNDLE_DATA_DIR) {
425 std::string childBundleDataDir = bundleShareFilesDataDir + dir;
426 if (!InstalldOperator::MkOwnerDir(childBundleDataDir, S_IRWXU, uid, gid)) {
427 LOG_W(BMS_TAG_INSTALLD, "MkOwnerDir [%{public}s] failed: %{public}d",
428 childBundleDataDir.c_str(), errno);
429 }
430 }
431 unsigned int hapFlags = GetHapFlags(createDirParam.isPreInstallApp, createDirParam.debug,
432 createDirParam.isDlpSandbox);
433 res = SetDirApl(bundleShareFilesDataDir, bundleName, createDirParam.apl, hapFlags);
434 if (res != ERR_OK) {
435 LOG_W(BMS_TAG_INSTALLD, "SetDirApl failed: %{public}s, errno: %{public}d",
436 bundleShareFilesDataDir.c_str(), res);
437 return res;
438 }
439 LOG_D(BMS_TAG_INSTALLD, "succeed for %{public}s", bundleName.c_str());
440 return res;
441 }
442
CreateBundleDataDirWithVector(const std::vector<CreateDirParam> & createDirParams)443 ErrCode InstalldHostImpl::CreateBundleDataDirWithVector(const std::vector<CreateDirParam> &createDirParams)
444 {
445 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
446 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
447 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
448 }
449 LOG_I(BMS_TAG_INSTALLD, "begin");
450 ErrCode res = ERR_OK;
451 for (const auto &item : createDirParams) {
452 ErrCode result = ERR_OK;
453 if (item.dataDirEl == DataDirEl::NONE) {
454 result = CreateBundleDataDir(item);
455 } else {
456 result = CreateBundleDataDirWithEl(item);
457 }
458 if (result != ERR_OK) {
459 LOG_E(BMS_TAG_INSTALLD, "CreateBundleDataDir failed in %{public}s, errCode is %{public}d",
460 item.bundleName.c_str(), result);
461 res = result;
462 }
463 }
464 LOG_I(BMS_TAG_INSTALLD, "end");
465 return res;
466 }
467
AddUserDirDeleteDfx(int32_t userId)468 ErrCode InstalldHostImpl::AddUserDirDeleteDfx(int32_t userId)
469 {
470 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
471 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
472 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
473 }
474 std::vector<std::string> elPath(ServiceConstants::BUNDLE_EL);
475 elPath.push_back(ServiceConstants::DIR_EL5);
476 for (const auto &el : elPath) {
477 std::string bundleDataDir = GetBundleDataDir(el, userId) + ServiceConstants::BASE;
478 if (access(bundleDataDir.c_str(), F_OK) != 0) {
479 LOG_W(BMS_TAG_INSTALLD, "Base directory %{public}s does not existed, userId:%{public}d",
480 bundleDataDir.c_str(), userId);
481 return ERR_OK;
482 }
483 InstalldOperator::AddDeleteDfx(bundleDataDir);
484 std::string databaseParentDir = GetBundleDataDir(el, userId) + ServiceConstants::DATABASE;
485 if (access(databaseParentDir.c_str(), F_OK) != 0) {
486 LOG_W(BMS_TAG_INSTALLD, "DataBase directory %{public}s does not existed, userId:%{public}d",
487 databaseParentDir.c_str(), userId);
488 return ERR_OK;
489 }
490 InstalldOperator::AddDeleteDfx(databaseParentDir);
491 }
492 return ERR_OK;
493 }
494
AclSetDir(bool debug,const std::string & dir,bool setAccess,bool setDefault)495 ErrCode InstalldHostImpl::AclSetDir(bool debug, const std::string &dir, bool setAccess, bool setDefault)
496 {
497 if (!debug) {
498 return ERR_OK;
499 }
500 if (setAccess) {
501 int status = StorageDaemon::AclSetAccess(dir, SHELL_ENTRY_TXT);
502 LOG_I(BMS_TAG_INSTALLD, "AclSetAccess: %{public}d, %{private}s", status, dir.c_str());
503 }
504 if (setDefault) {
505 int status = StorageDaemon::AclSetDefault(dir, SHELL_ENTRY_TXT);
506 LOG_I(BMS_TAG_INSTALLD, "AclSetDefault: %{public}d, %{private}s", status, dir.c_str());
507 }
508 return ERR_OK;
509 }
510
AclSetExtensionDirs(bool debug,const std::string & parentDir,const std::vector<std::string> & extensionDirs,bool setAccess,bool setDefault)511 ErrCode InstalldHostImpl::AclSetExtensionDirs(bool debug, const std::string &parentDir,
512 const std::vector<std::string> &extensionDirs, bool setAccess, bool setDefault)
513 {
514 if (!debug) {
515 return ERR_OK;
516 }
517 if (extensionDirs.empty()) {
518 return ERR_OK;
519 }
520 for (const auto &extension : extensionDirs) {
521 std::string extensionDir = parentDir + extension;
522 AclSetDir(debug, extensionDir, setAccess, setDefault);
523 }
524 return ERR_OK;
525 }
526
CreateBundleDataDir(const CreateDirParam & createDirParam)527 ErrCode InstalldHostImpl::CreateBundleDataDir(const CreateDirParam &createDirParam)
528 {
529 const std::string bundleName = createDirParam.bundleName;
530 const int32_t userId = createDirParam.userId;
531 LOG_I(BMS_TAG_INSTALLD, "CreateBundleDataDir %{public}s begin, %{public}d",
532 bundleName.c_str(), userId);
533 HITRACE_METER_NAME(HITRACE_TAG_APP, __PRETTY_FUNCTION__);
534 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
535 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
536 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
537 }
538 if (createDirParam.bundleName.empty() || createDirParam.userId < 0 ||
539 createDirParam.uid < 0 || createDirParam.gid < 0) {
540 LOG_E(BMS_TAG_INSTALLD, "CreateBundleDataDir invalid param, bundleName %{public}s "
541 "userId %{public}d uid %{public}d gid %{public}d", createDirParam.bundleName.c_str(),
542 createDirParam.userId, createDirParam.uid, createDirParam.gid);
543 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
544 }
545 unsigned int hapFlags = GetHapFlags(createDirParam.isPreInstallApp, createDirParam.debug,
546 createDirParam.isDlpSandbox);
547 for (const auto &el : ServiceConstants::BUNDLE_EL) {
548 if ((createDirParam.createDirFlag == CreateDirFlag::CREATE_DIR_UNLOCKED) &&
549 (el == ServiceConstants::BUNDLE_EL[0])) {
550 continue;
551 }
552 std::string bundleDataDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::BASE;
553 if (access(bundleDataDir.c_str(), F_OK) != 0) {
554 LOG_W(BMS_TAG_INSTALLD, "Base directory %{public}s does not existed, bundleName:%{public}s",
555 bundleDataDir.c_str(), createDirParam.bundleName.c_str());
556 return ERR_OK;
557 }
558 // create base extension dir
559 int mode = createDirParam.debug ? (S_IRWXU | S_IRWXG | S_IRWXO) : S_IRWXU;
560 if (CreateExtensionDir(createDirParam, bundleDataDir, mode, createDirParam.gid) != ERR_OK) {
561 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", bundleDataDir.c_str());
562 }
563 AclSetExtensionDirs(createDirParam.debug, bundleDataDir, createDirParam.extensionDirs, true, true);
564 bundleDataDir += createDirParam.bundleName;
565 if (!InstalldOperator::MkOwnerDir(bundleDataDir, mode, createDirParam.uid, createDirParam.gid)) {
566 LOG_E(BMS_TAG_INSTALLD, "CreateBundledatadir MkOwnerDir failed errno:%{public}d", errno);
567 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
568 }
569 AclSetDir(createDirParam.debug, bundleDataDir, true, true);
570 InstalldOperator::RmvDeleteDfx(bundleDataDir);
571 if (el == ServiceConstants::BUNDLE_EL[0]) {
572 std::string el1ShaderCachePath = std::string(ServiceConstants::NEW_SHADER_CACHE_PATH);
573 el1ShaderCachePath = el1ShaderCachePath.replace(el1ShaderCachePath.find("%"), 1,
574 std::to_string(createDirParam.userId));
575 el1ShaderCachePath = el1ShaderCachePath + createDirParam.bundleName +
576 ServiceConstants::PATH_SEPARATOR + ServiceConstants::SHADER_CACHE;
577 if (!InstalldOperator::MkOwnerDir(el1ShaderCachePath, ServiceConstants::NEW_SHADRE_CACHE_MODE,
578 createDirParam.uid, ServiceConstants::NEW_SHADRE_CACHE_GID)) {
579 LOG_W(BMS_TAG_INSTALLER, "fail to Mkdir el1ShaderCachePath, errno: %{public}d", errno);
580 }
581 }
582 if (el == ServiceConstants::BUNDLE_EL[1]) {
583 for (const auto &dir : BUNDLE_DATA_DIR) {
584 if (!InstalldOperator::MkOwnerDir(bundleDataDir + dir, mode,
585 createDirParam.uid, createDirParam.gid)) {
586 LOG_E(BMS_TAG_INSTALLD, "CreateBundledatadir MkOwnerDir el2 failed errno:%{public}d",
587 errno);
588 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
589 }
590 }
591 std::string logParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::LOG;
592 std::string logDir = logParentDir + createDirParam.bundleName;
593 if (!InstalldOperator::MkOwnerDir(
594 logDir, S_IRWXU | S_IRWXG, createDirParam.uid, ServiceConstants::LOG_DIR_GID)) {
595 LOG_E(BMS_TAG_INSTALLD, "create log dir failed errno:%{public}d", errno);
596 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
597 }
598 // create log extension dir
599 if (CreateExtensionDir(createDirParam, logParentDir, S_IRWXU | S_IRWXG,
600 ServiceConstants::LOG_DIR_GID, true) != ERR_OK) {
601 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", logParentDir.c_str());
602 }
603 CreateSharefilesDataDirEl2(createDirParam);
604 }
605 ErrCode ret = SetDirApl(bundleDataDir, createDirParam.bundleName, createDirParam.apl, hapFlags);
606 if (ret != ERR_OK) {
607 LOG_E(BMS_TAG_INSTALLD, "CreateBundleDataDir SetDirApl failed");
608 return ret;
609 }
610
611 std::string databaseParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::DATABASE;
612 std::string databaseDir = databaseParentDir + createDirParam.bundleName;
613 mode = createDirParam.debug ? (S_IRWXU | S_IRWXG | S_ISGID | S_IROTH | S_IXOTH) : (S_IRWXU | S_IRWXG | S_ISGID);
614 if (!InstalldOperator::MkOwnerDir(
615 databaseDir, mode, createDirParam.uid, ServiceConstants::DATABASE_DIR_GID)) {
616 LOG_E(BMS_TAG_INSTALLD, "CreateBundle databaseDir MkOwnerDir failed errno:%{public}d", errno);
617 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
618 }
619 AclSetDir(createDirParam.debug, databaseDir, false, true);
620 InstalldOperator::RmvDeleteDfx(databaseDir);
621 ret = SetDirApl(databaseDir, createDirParam.bundleName, createDirParam.apl, hapFlags);
622 if (ret != ERR_OK) {
623 LOG_E(BMS_TAG_INSTALLD, "CreateBundleDataDir SetDirApl failed");
624 return ret;
625 }
626 // create database extension dir
627 if (CreateExtensionDir(createDirParam, databaseParentDir, mode,
628 ServiceConstants::DATABASE_DIR_GID) != ERR_OK) {
629 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", databaseParentDir.c_str());
630 }
631 AclSetExtensionDirs(createDirParam.debug, databaseParentDir, createDirParam.extensionDirs, false, true);
632 }
633 std::string distributedfile = DISTRIBUTED_FILE;
634 distributedfile = distributedfile.replace(distributedfile.find("%"), 1, std::to_string(createDirParam.userId));
635 if (!InstalldOperator::MkOwnerDir(distributedfile + createDirParam.bundleName,
636 S_IRWXU | S_IRWXG | S_ISGID, createDirParam.uid, ServiceConstants::DFS_GID)) {
637 LOG_E(BMS_TAG_INSTALLD, "Failed to mk dir for distributedfile errno:%{public}d", errno);
638 }
639
640 distributedfile = DISTRIBUTED_FILE_NON_ACCOUNT;
641 distributedfile = distributedfile.replace(distributedfile.find("%"), 1, std::to_string(createDirParam.userId));
642 if (!InstalldOperator::MkOwnerDir(distributedfile + createDirParam.bundleName,
643 S_IRWXU | S_IRWXG | S_ISGID, createDirParam.uid, ServiceConstants::DFS_GID)) {
644 LOG_E(BMS_TAG_INSTALLD, "Failed to mk dir for non account distributedfile errno:%{public}d", errno);
645 }
646
647 std::string bundleBackupDir;
648 CreateBackupExtHomeDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, bundleBackupDir,
649 DirType::DIR_EL2);
650 ErrCode ret = SetDirApl(bundleBackupDir, createDirParam.bundleName, createDirParam.apl, hapFlags);
651 if (ret != ERR_OK) {
652 LOG_E(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir DIR_EL2 SetDirApl failed, errno is %{public}d", ret);
653 }
654
655 CreateBackupExtHomeDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, bundleBackupDir,
656 DirType::DIR_EL1);
657 ret = SetDirApl(bundleBackupDir, createDirParam.bundleName, createDirParam.apl, hapFlags);
658 if (ret != ERR_OK) {
659 LOG_E(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir DIR_EL1 SetDirApl failed, errno is %{public}d", ret);
660 }
661
662 std::string newBundleBackupDir;
663 CreateNewBackupExtHomeDir(createDirParam.bundleName,
664 createDirParam.userId, createDirParam.uid, newBundleBackupDir, DirType::DIR_EL2);
665 ret = SetDirApl(newBundleBackupDir, createDirParam.bundleName, createDirParam.apl,
666 createDirParam.isPreInstallApp, createDirParam.debug);
667 if (ret != ERR_OK) {
668 LOG_E(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir DIR_EL2 SetDirApl failed, errno is %{public}d", ret);
669 }
670
671 CreateNewBackupExtHomeDir(createDirParam.bundleName,
672 createDirParam.userId, createDirParam.uid, newBundleBackupDir, DirType::DIR_EL1);
673 ret = SetDirApl(newBundleBackupDir, createDirParam.bundleName, createDirParam.apl,
674 createDirParam.isPreInstallApp, createDirParam.debug);
675 if (ret != ERR_OK) {
676 LOG_E(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir DIR_EL1 SetDirApl failed: %{public}d", ret);
677 }
678
679 CreateShareDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, createDirParam.gid);
680 CreateCloudDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, ServiceConstants::DFS_GID);
681 return ERR_OK;
682 }
683
CreateBundleDataDirWithEl(const CreateDirParam & createDirParam)684 ErrCode InstalldHostImpl::CreateBundleDataDirWithEl(const CreateDirParam &createDirParam)
685 {
686 HITRACE_METER_NAME(HITRACE_TAG_APP, __PRETTY_FUNCTION__);
687 LOG_I(BMS_TAG_INSTALLD, "%{public}s begin, %{public}d, el %{public}" PRIu8 "",
688 createDirParam.bundleName.c_str(), createDirParam.userId, static_cast<uint8_t>(createDirParam.dataDirEl));
689 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
690 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
691 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
692 }
693 if (createDirParam.bundleName.empty() || createDirParam.userId < 0 ||
694 createDirParam.uid < 0 || createDirParam.gid < 0) {
695 LOG_E(BMS_TAG_INSTALLD, "invalid param, bundleName %{public}s userId %{public}d uid %{public}d gid %{public}d",
696 createDirParam.bundleName.c_str(), createDirParam.userId, createDirParam.uid, createDirParam.gid);
697 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
698 }
699 if (createDirParam.dataDirEl == DataDirEl::NONE || createDirParam.dataDirEl == DataDirEl::EL1 ||
700 createDirParam.dataDirEl == DataDirEl::EL5) {
701 LOG_E(BMS_TAG_INSTALLD, "invalid el: %{public}d", static_cast<uint8_t>(createDirParam.dataDirEl));
702 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
703 }
704 uint32_t index = static_cast<uint32_t>(createDirParam.dataDirEl) - 1;
705 if (index >= ServiceConstants::BUNDLE_EL.size()) {
706 LOG_E(BMS_TAG_INSTALLD, "invalid dataDirEl %{public}d", index);
707 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
708 }
709 std::string el = ServiceConstants::BUNDLE_EL[index];
710 std::string bundleDataDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::BASE;
711 if (access(bundleDataDir.c_str(), F_OK) != 0) {
712 LOG_W(BMS_TAG_INSTALLD, "Base directory %{public}s does not existed, bundleName:%{public}s",
713 bundleDataDir.c_str(), createDirParam.bundleName.c_str());
714 return ERR_OK;
715 }
716 ErrCode ret = ERR_OK;
717 // create common dirs for all el: ${bundleName} and ${extension} under base and database
718 ret = CreateCommonDataDir(createDirParam, el);
719 if (ret != ERR_OK) {
720 LOG_E(BMS_TAG_INSTALLD, "CreateCommonDataDir failed %{public}d", ret);
721 return ret;
722 }
723 // create dirs unique to el2
724 if (createDirParam.dataDirEl == DataDirEl::EL2) {
725 ret = CreateEl2DataDir(createDirParam);
726 if (ret != ERR_OK) {
727 LOG_E(BMS_TAG_INSTALLD, "CreateEl2DataDir failed %{public}d", ret);
728 return ret;
729 }
730 }
731 return ret;
732 }
733
CreateCommonDataDir(const CreateDirParam & createDirParam,const std::string & el)734 ErrCode InstalldHostImpl::CreateCommonDataDir(const CreateDirParam &createDirParam, const std::string &el)
735 {
736 if (createDirParam.dataDirEl == DataDirEl::NONE || createDirParam.dataDirEl == DataDirEl::EL5) {
737 LOG_I(BMS_TAG_INSTALLD, "el not support: %{public}" PRIu8 "", static_cast<uint8_t>(createDirParam.dataDirEl));
738 return ERR_OK;
739 }
740 unsigned int hapFlags = GetHapFlags(createDirParam.isPreInstallApp, createDirParam.debug,
741 createDirParam.isDlpSandbox);
742 std::string bundleDataDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::BASE;
743 int mode = createDirParam.debug ? (S_IRWXU | S_IRWXG | S_IRWXO) : S_IRWXU;
744
745 // create base extension dir: /data/app/${elx}/${userId}/base/${extensionDir}
746 if (CreateExtensionDir(createDirParam, bundleDataDir, mode, createDirParam.gid) != ERR_OK) {
747 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", bundleDataDir.c_str());
748 }
749 AclSetExtensionDirs(createDirParam.debug, bundleDataDir, createDirParam.extensionDirs, true, true);
750
751 // create base bundleName dir: /data/app/${elx}/${userId}/base/${bundleName}
752 bundleDataDir += createDirParam.bundleName;
753 if (!InstalldOperator::MkOwnerDir(bundleDataDir, mode, createDirParam.uid, createDirParam.gid)) {
754 LOG_E(BMS_TAG_INSTALLD, "CreateBundledatadir MkOwnerDir failed errno:%{public}d", errno);
755 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
756 }
757 AclSetDir(createDirParam.debug, bundleDataDir, true, true);
758 InstalldOperator::RmvDeleteDfx(bundleDataDir);
759 ErrCode ret = SetDirApl(bundleDataDir, createDirParam.bundleName, createDirParam.apl, hapFlags);
760 if (ret != ERR_OK) {
761 LOG_E(BMS_TAG_INSTALLD, "CreateBundleDataDir SetDirApl failed");
762 return ret;
763 }
764
765 // create database bundleName dir: /data/app/${elx}/${userId}/database/${bundleName}
766 std::string databaseParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::DATABASE;
767 std::string databaseDir = databaseParentDir + createDirParam.bundleName;
768 mode = createDirParam.debug ? (S_IRWXU | S_IRWXG | S_ISGID | S_IROTH | S_IXOTH) : (S_IRWXU | S_IRWXG | S_ISGID);
769 if (!InstalldOperator::MkOwnerDir(
770 databaseDir, mode, createDirParam.uid, ServiceConstants::DATABASE_DIR_GID)) {
771 LOG_E(BMS_TAG_INSTALLD, "CreateBundle databaseDir MkOwnerDir failed errno:%{public}d", errno);
772 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
773 }
774 AclSetDir(createDirParam.debug, databaseDir, false, true);
775 InstalldOperator::RmvDeleteDfx(databaseDir);
776 ret = SetDirApl(databaseDir, createDirParam.bundleName, createDirParam.apl, hapFlags);
777 if (ret != ERR_OK) {
778 LOG_E(BMS_TAG_INSTALLD, "CreateBundleDataDir SetDirApl failed");
779 return ret;
780 }
781
782 // create database extension dir: /data/app/${elx}/${userId}/database/${extensionDir}
783 if (CreateExtensionDir(createDirParam, databaseParentDir, mode,
784 ServiceConstants::DATABASE_DIR_GID) != ERR_OK) {
785 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", databaseParentDir.c_str());
786 }
787 AclSetExtensionDirs(createDirParam.debug, databaseParentDir, createDirParam.extensionDirs, false, true);
788 return ERR_OK;
789 }
790
CreateEl2DataDir(const CreateDirParam & createDirParam)791 ErrCode InstalldHostImpl::CreateEl2DataDir(const CreateDirParam &createDirParam)
792 {
793 std::string el = ServiceConstants::DIR_EL2;
794 std::string bundleDataDir = GetBundleDataDir(el, createDirParam.userId) +
795 ServiceConstants::BASE + createDirParam.bundleName;
796 int mode = createDirParam.debug ? (S_IRWXU | S_IRWXG | S_IRWXO) : S_IRWXU;
797
798 // create el2 sub dir: /data/app/el2/${userId}/base/${bundleName}/cache|files|temp|preferences|haps
799 for (const auto &dir : BUNDLE_DATA_DIR) {
800 if (!InstalldOperator::MkOwnerDir(bundleDataDir + dir, mode,
801 createDirParam.uid, createDirParam.gid)) {
802 LOG_E(BMS_TAG_INSTALLD, "CreateBundledatadir MkOwnerDir el2 failed errno:%{public}d", errno);
803 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
804 }
805 }
806
807 // create log dir: /data/app/el2/${userId}/log/${bundleName}
808 std::string logParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::LOG;
809 std::string logDir = logParentDir + createDirParam.bundleName;
810 if (!InstalldOperator::MkOwnerDir(
811 logDir, S_IRWXU | S_IRWXG, createDirParam.uid, ServiceConstants::LOG_DIR_GID)) {
812 LOG_E(BMS_TAG_INSTALLD, "create log dir failed errno:%{public}d", errno);
813 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
814 }
815
816 // create log extension dir: /data/app/el2/${userId}/log/${extensionDir}
817 if (CreateExtensionDir(createDirParam, logParentDir, S_IRWXU | S_IRWXG,
818 ServiceConstants::LOG_DIR_GID, true) != ERR_OK) {
819 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", logParentDir.c_str());
820 }
821
822 // create sharefiles dir: /data/app/el2/${userId}/sharefiles/${bundleName}
823 CreateSharefilesDataDirEl2(createDirParam);
824
825 // /data/service/el2/${userId}/hmdfs/account/data/${bundleName}
826 std::string distributedfile = DISTRIBUTED_FILE;
827 distributedfile = distributedfile.replace(distributedfile.find("%"), 1, std::to_string(createDirParam.userId));
828 if (!InstalldOperator::MkOwnerDir(distributedfile + createDirParam.bundleName,
829 S_IRWXU | S_IRWXG | S_ISGID, createDirParam.uid, ServiceConstants::DFS_GID)) {
830 LOG_E(BMS_TAG_INSTALLD, "Failed to mk dir for distributedfile errno:%{public}d", errno);
831 }
832
833 // /data/service/el2/${userId}/hmdfs/non_account/data/${bundleName}
834 distributedfile = DISTRIBUTED_FILE_NON_ACCOUNT;
835 distributedfile = distributedfile.replace(distributedfile.find("%"), 1, std::to_string(createDirParam.userId));
836 if (!InstalldOperator::MkOwnerDir(distributedfile + createDirParam.bundleName,
837 S_IRWXU | S_IRWXG | S_ISGID, createDirParam.uid, ServiceConstants::DFS_GID)) {
838 LOG_E(BMS_TAG_INSTALLD, "Failed to mk dir for non account distributedfile errno:%{public}d", errno);
839 }
840
841 // /data/service/el2/${userId}/backup/bundles/${bundleName}
842 std::string bundleBackupDir;
843 CreateBackupExtHomeDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, bundleBackupDir,
844 DirType::DIR_EL2);
845 unsigned int hapFlags = GetHapFlags(createDirParam.isPreInstallApp, createDirParam.debug,
846 createDirParam.isDlpSandbox);
847 ErrCode ret = SetDirApl(bundleBackupDir, createDirParam.bundleName, createDirParam.apl, hapFlags);
848 if (ret != ERR_OK) {
849 LOG_E(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir DIR_EL2 SetDirApl failed, errno is %{public}d", ret);
850 }
851
852 // /data/app/el2/${userId}/base/${bundleName}/.backup
853 std::string newBundleBackupDir;
854 CreateNewBackupExtHomeDir(createDirParam.bundleName,
855 createDirParam.userId, createDirParam.uid, newBundleBackupDir, DirType::DIR_EL2);
856 ret = SetDirApl(newBundleBackupDir, createDirParam.bundleName, createDirParam.apl,
857 createDirParam.isPreInstallApp, createDirParam.debug);
858 if (ret != ERR_OK) {
859 LOG_E(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir DIR_EL2 SetDirApl failed, errno is %{public}d", ret);
860 }
861
862 // /data/service/el2/${userId}/share/${bundleName}
863 CreateShareDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, createDirParam.gid);
864
865 // /data/service/el2/${userId}/hmdfs/cloud/data/${bundleName}
866 CreateCloudDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, ServiceConstants::DFS_GID);
867 return ERR_OK;
868 }
869
CreateExtensionDir(const CreateDirParam & createDirParam,const std::string & parentDir,int32_t mode,int32_t gid,bool isLog)870 ErrCode InstalldHostImpl::CreateExtensionDir(const CreateDirParam &createDirParam, const std::string& parentDir,
871 int32_t mode, int32_t gid, bool isLog)
872 {
873 if (createDirParam.extensionDirs.empty()) {
874 return ERR_OK;
875 }
876 unsigned int hapFlags = GetHapFlags(createDirParam.isPreInstallApp, createDirParam.debug,
877 createDirParam.isDlpSandbox);
878 LOG_I(BMS_TAG_INSTALLD, "CreateExtensionDir parent dir %{public}s for bundle %{public}s",
879 parentDir.c_str(), createDirParam.bundleName.c_str());
880 for (const auto &item : createDirParam.extensionDirs) {
881 std::string extensionDir = parentDir + item;
882 LOG_I(BMS_TAG_INSTALLD, "begin to create extension dir %{public}s", extensionDir.c_str());
883 if (!InstalldOperator::MkOwnerDir(
884 extensionDir, mode, createDirParam.uid, gid)) {
885 LOG_E(BMS_TAG_INSTALLD, "CreateExtension dir %{public}s error %{public}s",
886 extensionDir.c_str(), strerror(errno));
887 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
888 }
889 InstalldOperator::RmvDeleteDfx(extensionDir);
890 if (isLog) {
891 continue;
892 }
893 auto ret = SetDirApl(extensionDir, createDirParam.bundleName, createDirParam.apl, hapFlags);
894 if (ret != ERR_OK) {
895 LOG_E(BMS_TAG_INSTALLD, "dir %{public}s SetDirApl failed", extensionDir.c_str());
896 return ret;
897 }
898 }
899 return ERR_OK;
900 }
901
RemoveBackupExtHomeDir(const std::string & bundleName,const int userid,DirType dirType)902 static ErrCode RemoveBackupExtHomeDir(const std::string &bundleName, const int userid, DirType dirType)
903 {
904 std::string bundleBackupDir;
905 GetBackupExtDirByType(bundleBackupDir, bundleName, dirType);
906 LOG_D(BMS_TAG_INSTALLD, "RemoveBackupExtHomeDir begin, type %{public}d, path %{public}s",
907 static_cast<int32_t>(dirType), bundleBackupDir.c_str());
908 if (bundleBackupDir.empty()) {
909 LOG_W(BMS_TAG_INSTALLD, "RemoveBackupExtHomeDir backup dir empty, type %{public}d",
910 static_cast<int32_t>(dirType));
911 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
912 }
913 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
914 if (!InstalldOperator::DeleteDir(bundleBackupDir)) {
915 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed, errno is %{public}d", bundleBackupDir.c_str(), errno);
916 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
917 }
918 return ERR_OK;
919 }
920
RemoveNewBackupExtHomeDir(const std::string & bundleName,const int userid,DirType dirType)921 static ErrCode RemoveNewBackupExtHomeDir(const std::string &bundleName, const int userid, DirType dirType)
922 {
923 std::string bundleBackupDir;
924 GetNewBackupExtDirByType(bundleBackupDir, bundleName, dirType);
925 LOG_D(BMS_TAG_INSTALLD, "RemoveNewBackupExtHomeDir begin, type %{public}d, path %{public}s",
926 static_cast<int32_t>(dirType), bundleBackupDir.c_str());
927 if (bundleBackupDir.empty()) {
928 LOG_W(BMS_TAG_INSTALLD, "RemoveNewBackupExtHomeDir backup dir empty, type %{public}d",
929 static_cast<int32_t>(dirType));
930 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
931 }
932 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
933 if (!InstalldOperator::DeleteDir(bundleBackupDir)) {
934 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed, errno is %{public}d", bundleBackupDir.c_str(), errno);
935 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
936 }
937 return ERR_OK;
938 }
939
CleanBackupExtHomeDir(const std::string & bundleName,const int userid,DirType dirType)940 static void CleanBackupExtHomeDir(const std::string &bundleName, const int userid, DirType dirType)
941 {
942 std::string bundleBackupDir;
943 GetBackupExtDirByType(bundleBackupDir, bundleName, dirType);
944 LOG_D(BMS_TAG_INSTALLD, "CleanBackupExtHomeDir begin, type %{public}d, path %{public}s",
945 static_cast<int32_t>(dirType), bundleBackupDir.c_str());
946 if (bundleBackupDir.empty()) {
947 LOG_W(BMS_TAG_INSTALLD, "CleanBackupExtHomeDir backup dir empty, type %{public}d",
948 static_cast<int32_t>(dirType));
949 return;
950 }
951 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
952 if (!InstalldOperator::DeleteFiles(bundleBackupDir)) {
953 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed, errno is %{public}d", bundleBackupDir.c_str(), errno);
954 }
955 }
956
CleanNewBackupExtHomeDir(const std::string & bundleName,const int userid,DirType dirType)957 static void CleanNewBackupExtHomeDir(const std::string &bundleName, const int userid, DirType dirType)
958 {
959 std::string bundleBackupDir;
960 GetNewBackupExtDirByType(bundleBackupDir, bundleName, dirType);
961 LOG_D(BMS_TAG_INSTALLD, "CleanNewBackupExtHomeDir begin, type %{public}d, path %{public}s",
962 static_cast<int32_t>(dirType), bundleBackupDir.c_str());
963 if (bundleBackupDir.empty()) {
964 LOG_W(BMS_TAG_INSTALLD, "CleanNewBackupExtHomeDir backup dir empty, type %{public}d",
965 static_cast<int32_t>(dirType));
966 return;
967 }
968 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
969 if (!InstalldOperator::DeleteFiles(bundleBackupDir)) {
970 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed, errno is %{public}d", bundleBackupDir.c_str(), errno);
971 }
972 }
973
RemoveDistributedDir(const std::string & bundleName,const int userid)974 static ErrCode RemoveDistributedDir(const std::string &bundleName, const int userid)
975 {
976 std::string distributedFile = DISTRIBUTED_FILE + bundleName;
977 distributedFile = distributedFile.replace(distributedFile.find("%"), 1, std::to_string(userid));
978 if (!InstalldOperator::DeleteDir(distributedFile)) {
979 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed, errno is %{public}d", distributedFile.c_str(), errno);
980 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
981 }
982 std::string fileNonAccount = DISTRIBUTED_FILE_NON_ACCOUNT + bundleName;
983 fileNonAccount = fileNonAccount.replace(fileNonAccount.find("%"), 1, std::to_string(userid));
984 if (!InstalldOperator::DeleteDir(fileNonAccount)) {
985 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed, errno is %{public}d", fileNonAccount.c_str(), errno);
986 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
987 }
988 return ERR_OK;
989 }
990
CleanDistributedDir(const std::string & bundleName,const int userid)991 static void CleanDistributedDir(const std::string &bundleName, const int userid)
992 {
993 std::string distributedFile = DISTRIBUTED_FILE + bundleName;
994 distributedFile = distributedFile.replace(distributedFile.find("%"), 1, std::to_string(userid));
995 if (!InstalldOperator::DeleteFiles(distributedFile)) {
996 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed, errno is %{public}d", distributedFile.c_str(), errno);
997 }
998 std::string fileNonAccount = DISTRIBUTED_FILE_NON_ACCOUNT + bundleName;
999 fileNonAccount = fileNonAccount.replace(fileNonAccount.find("%"), 1, std::to_string(userid));
1000 if (!InstalldOperator::DeleteFiles(fileNonAccount)) {
1001 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed, errno is %{public}d", fileNonAccount.c_str(), errno);
1002 }
1003 }
1004
RemoveShareDir(const std::string & bundleName,const int userid)1005 static ErrCode RemoveShareDir(const std::string &bundleName, const int userid)
1006 {
1007 std::string shareFileDir = SHARE_FILE_PATH + bundleName;
1008 shareFileDir = shareFileDir.replace(shareFileDir.find("%"), 1, std::to_string(userid));
1009 if (!InstalldOperator::DeleteDir(shareFileDir)) {
1010 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", shareFileDir.c_str(), errno);
1011 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1012 }
1013 return ERR_OK;
1014 }
1015
CleanShareDir(const std::string & bundleName,const int userid)1016 static void CleanShareDir(const std::string &bundleName, const int userid)
1017 {
1018 std::string shareFileDir = SHARE_FILE_PATH + bundleName;
1019 shareFileDir = shareFileDir.replace(shareFileDir.find("%"), 1, std::to_string(userid));
1020 if (!InstalldOperator::DeleteFiles(shareFileDir)) {
1021 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", shareFileDir.c_str(), errno);
1022 }
1023 }
1024
RemoveCloudDir(const std::string & bundleName,const int userid)1025 static ErrCode RemoveCloudDir(const std::string &bundleName, const int userid)
1026 {
1027 std::string cloudFileDir = CLOUD_FILE_PATH + bundleName;
1028 cloudFileDir = cloudFileDir.replace(cloudFileDir.find("%"), 1, std::to_string(userid));
1029 if (!InstalldOperator::DeleteDir(cloudFileDir)) {
1030 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", cloudFileDir.c_str(), errno);
1031 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1032 }
1033 return ERR_OK;
1034 }
1035
CleanCloudDir(const std::string & bundleName,const int userid)1036 static void CleanCloudDir(const std::string &bundleName, const int userid)
1037 {
1038 std::string cloudFileDir = CLOUD_FILE_PATH + bundleName;
1039 cloudFileDir = cloudFileDir.replace(cloudFileDir.find("%"), 1, std::to_string(userid));
1040 if (!InstalldOperator::DeleteFiles(cloudFileDir)) {
1041 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", cloudFileDir.c_str(), errno);
1042 }
1043 }
1044
CleanBundleDataSubDirs(const std::string & bundleDataDir)1045 static void CleanBundleDataSubDirs(const std::string &bundleDataDir)
1046 {
1047 for (const auto &dir : BUNDLE_DATA_DIR) {
1048 std::string subDir = bundleDataDir + dir;
1049 if (!InstalldOperator::DeleteFiles(subDir)) {
1050 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed: %{public}d", subDir.c_str(), errno);
1051 }
1052 }
1053 if (!InstalldOperator::DeleteFilesExceptDirs(bundleDataDir, BUNDLE_DATA_DIR)) {
1054 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", bundleDataDir.c_str(), errno);
1055 }
1056 }
1057
CleanBundleDataForEl2(const std::string & bundleName,const int userid,const int appIndex)1058 static void CleanBundleDataForEl2(const std::string &bundleName, const int userid, const int appIndex)
1059 {
1060 std::string suffixName = bundleName;
1061 if (appIndex > 0) {
1062 suffixName = BundleCloneCommonHelper::GetCloneDataDir(bundleName, appIndex);
1063 }
1064 std::string dataDir = ServiceConstants::BUNDLE_APP_DATA_BASE_DIR + ServiceConstants::BUNDLE_EL[1] +
1065 ServiceConstants::PATH_SEPARATOR + std::to_string(userid);
1066 std::string databaseDir = dataDir + ServiceConstants::DATABASE + suffixName;
1067 if (!InstalldOperator::DeleteFiles(databaseDir)) {
1068 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", databaseDir.c_str(), errno);
1069 }
1070 std::string logDir = dataDir + ServiceConstants::LOG + suffixName;
1071 if (!InstalldOperator::DeleteFiles(logDir)) {
1072 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", logDir.c_str(), errno);
1073 }
1074 std::string bundleDataDir = dataDir + ServiceConstants::BASE + suffixName;
1075 CleanBundleDataSubDirs(bundleDataDir);
1076
1077 // add data sharefiles bundle dir to be cleaned
1078 std::string dataShareFilesBundleDir = dataDir + ServiceConstants::SHAREFILES + suffixName;
1079 CleanBundleDataSubDirs(dataShareFilesBundleDir);
1080 }
1081
RemoveBundleDataDir(const std::string & bundleName,const int32_t userId,bool isAtomicService,const bool async)1082 ErrCode InstalldHostImpl::RemoveBundleDataDir(const std::string &bundleName, const int32_t userId,
1083 bool isAtomicService, const bool async)
1084 {
1085 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::RemoveBundleDataDir bundleName:%{public}s", bundleName.c_str());
1086 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1087 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1088 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1089 }
1090 if (bundleName.empty() || userId < 0) {
1091 LOG_E(BMS_TAG_INSTALLD, "Calling the function CreateBundleDataDir with invalid param");
1092 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1093 }
1094 if (isAtomicService) {
1095 LOG_I(BMS_TAG_INSTALLD, "bundleName:%{public}s is atomic service, need process", bundleName.c_str());
1096 return InnerRemoveAtomicServiceBundleDataDir(bundleName, userId, async);
1097 }
1098
1099 ErrCode result = InnerRemoveBundleDataDir(bundleName, userId, async);
1100 if (result != ERR_OK) {
1101 return InnerRemoveBundleDataDir(bundleName, userId, async);
1102 }
1103 return ERR_OK;
1104 }
1105
RemoveModuleDataDir(const std::string & ModuleDir,const int userid)1106 ErrCode InstalldHostImpl::RemoveModuleDataDir(const std::string &ModuleDir, const int userid)
1107 {
1108 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::RemoveModuleDataDir ModuleDir:%{public}s", ModuleDir.c_str());
1109 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1110 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1111 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1112 }
1113 if (ModuleDir.empty() || userid < 0) {
1114 LOG_E(BMS_TAG_INSTALLD, "Calling the function CreateModuleDataDir with invalid param");
1115 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1116 }
1117
1118 for (const auto &el : ServiceConstants::BUNDLE_EL) {
1119 std::string moduleDataDir = GetBundleDataDir(el, userid) + ServiceConstants::BASE + ModuleDir;
1120 if (!InstalldOperator::DeleteDir(moduleDataDir)) {
1121 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", moduleDataDir.c_str(), errno);
1122 }
1123 }
1124 return ERR_OK;
1125 }
1126
RemoveDir(const std::string & dir)1127 ErrCode InstalldHostImpl::RemoveDir(const std::string &dir)
1128 {
1129 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::RemoveDir:%{public}s", dir.c_str());
1130 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1131 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1132 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1133 }
1134 if (dir.empty()) {
1135 LOG_E(BMS_TAG_INSTALLD, "Calling the function RemoveDir with invalid param");
1136 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1137 }
1138 if (!InstalldOperator::DeleteDir(dir)) {
1139 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", dir.c_str(), errno);
1140 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1141 }
1142 return ERR_OK;
1143 }
1144
GetDiskUsage(const std::string & dir,int64_t & statSize,bool isRealPath)1145 ErrCode InstalldHostImpl::GetDiskUsage(const std::string &dir, int64_t &statSize, bool isRealPath)
1146 {
1147 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1148 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1149 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1150 }
1151 statSize = InstalldOperator::GetDiskUsage(dir, isRealPath);
1152 return ERR_OK;
1153 }
1154
GetDiskUsageFromPath(const std::vector<std::string> & path,int64_t & statSize)1155 ErrCode InstalldHostImpl::GetDiskUsageFromPath(const std::vector<std::string> &path, int64_t &statSize)
1156 {
1157 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1158 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1159 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1160 }
1161 statSize = InstalldOperator::GetDiskUsageFromPath(path);
1162 return ERR_OK;
1163 }
1164
CleanBundleDataDir(const std::string & dataDir)1165 ErrCode InstalldHostImpl::CleanBundleDataDir(const std::string &dataDir)
1166 {
1167 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::CleanBundleDataDir start");
1168 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1169 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1170 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1171 }
1172 if (dataDir.empty()) {
1173 LOG_E(BMS_TAG_INSTALLD, "Calling the function CleanBundleDataDir with invalid param");
1174 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1175 }
1176
1177 if (!InstalldOperator::DeleteFiles(dataDir)) {
1178 LOG_E(BMS_TAG_INSTALLD, "CleanBundleDataDir delete files failed errno:%{public}d", errno);
1179 return ERR_APPEXECFWK_INSTALLD_CLEAN_DIR_FAILED;
1180 }
1181 return ERR_OK;
1182 }
1183
CleanBundleDataDirByName(const std::string & bundleName,const int userid,const int appIndex)1184 ErrCode InstalldHostImpl::CleanBundleDataDirByName(const std::string &bundleName, const int userid, const int appIndex)
1185 {
1186 LOG_D(BMS_TAG_INSTALLD,
1187 "InstalldHostImpl::CleanBundleDataDirByName bundleName:%{public}s,userid:%{public}d,appIndex:%{public}d",
1188 bundleName.c_str(), userid, appIndex);
1189 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1190 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1191 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1192 }
1193 if (bundleName.empty() || userid < 0 || appIndex < 0 || appIndex > Constants::INITIAL_SANDBOX_APP_INDEX) {
1194 LOG_E(BMS_TAG_INSTALLD, "Calling the function CleanBundleDataDirByName with invalid param");
1195 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1196 }
1197 std::string suffixName = bundleName;
1198 std::vector<std::string> elPath(ServiceConstants::BUNDLE_EL);
1199 elPath.push_back(ServiceConstants::DIR_EL5);
1200 for (const auto &el : elPath) {
1201 if (el == ServiceConstants::BUNDLE_EL[1]) {
1202 CleanBundleDataForEl2(bundleName, userid, appIndex);
1203 continue;
1204 }
1205 if (appIndex > 0) {
1206 suffixName = BundleCloneCommonHelper::GetCloneDataDir(bundleName, appIndex);
1207 }
1208 std::string bundleDataDir = GetBundleDataDir(el, userid) + ServiceConstants::BASE + suffixName;
1209 if (!InstalldOperator::DeleteFiles(bundleDataDir)) {
1210 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", bundleDataDir.c_str(), errno);
1211 }
1212 std::string databaseDir = GetBundleDataDir(el, userid) + ServiceConstants::DATABASE + suffixName;
1213 if (!InstalldOperator::DeleteFiles(databaseDir)) {
1214 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", databaseDir.c_str(), errno);
1215 }
1216 }
1217 CleanShareDir(bundleName, userid);
1218 CleanCloudDir(bundleName, userid);
1219 CleanBackupExtHomeDir(bundleName, userid, DirType::DIR_EL2);
1220 CleanBackupExtHomeDir(bundleName, userid, DirType::DIR_EL1);
1221 CleanNewBackupExtHomeDir(bundleName, userid, DirType::DIR_EL2);
1222 CleanNewBackupExtHomeDir(bundleName, userid, DirType::DIR_EL1);
1223 CleanDistributedDir(bundleName, userid);
1224 return ERR_OK;
1225 }
1226
GetBundleDataDir(const std::string & el,const int userid) const1227 std::string InstalldHostImpl::GetBundleDataDir(const std::string &el, const int userid) const
1228 {
1229 std::string dataDir = ServiceConstants::BUNDLE_APP_DATA_BASE_DIR +
1230 el +
1231 ServiceConstants::PATH_SEPARATOR +
1232 std::to_string(userid);
1233 return dataDir;
1234 }
1235
GetAppDataPath(const std::string & bundleName,const std::string & el,const int32_t userId,const int32_t appIndex)1236 std::string InstalldHostImpl::GetAppDataPath(const std::string &bundleName, const std::string &el,
1237 const int32_t userId, const int32_t appIndex)
1238 {
1239 if (appIndex == 0) {
1240 return ServiceConstants::BUNDLE_APP_DATA_BASE_DIR + el + ServiceConstants::PATH_SEPARATOR +
1241 std::to_string(userId) + ServiceConstants::BASE + bundleName;
1242 } else {
1243 std::string innerDataDir = BundleCloneCommonHelper::GetCloneDataDir(bundleName, appIndex);
1244 return ServiceConstants::BUNDLE_APP_DATA_BASE_DIR + el + ServiceConstants::PATH_SEPARATOR +
1245 std::to_string(userId) + ServiceConstants::BASE + innerDataDir;
1246 }
1247 }
1248
GetAppCacheSize(const std::string & bundleName,const int32_t userId,const int32_t appIndex,const std::vector<std::string> & moduleNameList)1249 int64_t InstalldHostImpl::GetAppCacheSize(const std::string &bundleName,
1250 const int32_t userId, const int32_t appIndex, const std::vector<std::string> &moduleNameList)
1251 {
1252 std::string bundleNameDir = bundleName;
1253 if (appIndex > 0) {
1254 bundleNameDir = BundleCloneCommonHelper::GetCloneDataDir(bundleName, appIndex);
1255 }
1256 std::vector<std::string> cachePaths;
1257 std::vector<std::string> elPath(ServiceConstants::BUNDLE_EL);
1258 elPath.push_back(ServiceConstants::DIR_EL5);
1259 for (const auto &el : elPath) {
1260 cachePaths.push_back(std::string(ServiceConstants::BUNDLE_APP_DATA_BASE_DIR) + el +
1261 ServiceConstants::PATH_SEPARATOR + std::to_string(userId) + ServiceConstants::BASE +
1262 bundleNameDir + ServiceConstants::PATH_SEPARATOR + Constants::CACHE_DIR);
1263 if (ServiceConstants::BUNDLE_EL[1] == el) {
1264 cachePaths.push_back(std::string(ServiceConstants::BUNDLE_APP_DATA_BASE_DIR) + el +
1265 ServiceConstants::PATH_SEPARATOR + std::to_string(userId) + ServiceConstants::SHAREFILES +
1266 bundleNameDir + ServiceConstants::PATH_SEPARATOR + Constants::CACHE_DIR);
1267 }
1268 for (const auto &moduleName : moduleNameList) {
1269 std::string moduleCachePath = std::string(ServiceConstants::BUNDLE_APP_DATA_BASE_DIR) + el +
1270 ServiceConstants::PATH_SEPARATOR + std::to_string(userId) + ServiceConstants::BASE + bundleNameDir +
1271 ServiceConstants::HAPS + moduleName + ServiceConstants::PATH_SEPARATOR + Constants::CACHE_DIR;
1272 cachePaths.push_back(moduleCachePath);
1273
1274 if (ServiceConstants::BUNDLE_EL[1] == el) {
1275 moduleCachePath = std::string(ServiceConstants::BUNDLE_APP_DATA_BASE_DIR) + el +
1276 ServiceConstants::PATH_SEPARATOR + std::to_string(userId) + ServiceConstants::SHAREFILES +
1277 bundleNameDir + ServiceConstants::HAPS + moduleName + ServiceConstants::PATH_SEPARATOR +
1278 Constants::CACHE_DIR;
1279 cachePaths.push_back(moduleCachePath);
1280 }
1281 }
1282 }
1283 return InstalldOperator::GetDiskUsageFromPath(cachePaths);
1284 }
1285
GetBundleStats(const std::string & bundleName,const int32_t userId,std::vector<int64_t> & bundleStats,const int32_t uid,const int32_t appIndex,const uint32_t statFlag,const std::vector<std::string> & moduleNameList)1286 ErrCode InstalldHostImpl::GetBundleStats(const std::string &bundleName, const int32_t userId,
1287 std::vector<int64_t> &bundleStats, const int32_t uid, const int32_t appIndex,
1288 const uint32_t statFlag, const std::vector<std::string> &moduleNameList)
1289 {
1290 LOG_D(BMS_TAG_INSTALLD,
1291 "bundleName = %{public}s, userId = %{public}d, uid = %{public}d, appIndex = %{public}d",
1292 bundleName.c_str(), userId, uid, appIndex);
1293 LOG_D(BMS_TAG_INSTALLD,
1294 "statFlag = %{public}d", statFlag);
1295 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1296 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1297 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1298 }
1299 if (bundleName.empty()) {
1300 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1301 }
1302 bundleStats = {0, 0, 0, 0, 0};
1303 std::vector<std::string> bundlePath;
1304 bundlePath.push_back(std::string(Constants::BUNDLE_CODE_DIR) + ServiceConstants::PATH_SEPARATOR + bundleName);
1305 int64_t appDataSize = 0;
1306 int64_t bundleDataSize = 0;
1307 int64_t bundleCacheSize = 0;
1308 if ((statFlag & OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_INSTALL_SIZE) !=
1309 OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_INSTALL_SIZE) {
1310 appDataSize = appIndex == 0 ? InstalldOperator::GetDiskUsageFromPath(bundlePath) : 0;
1311 }
1312 if ((statFlag & OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_DATA_SIZE) !=
1313 OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_DATA_SIZE) {
1314 bundleDataSize = InstalldOperator::GetDiskUsageFromQuota(uid);
1315 }
1316 if ((statFlag & OHOS::AppExecFwk::Constants::GET_BUNDLE_WITHOUT_CACHE_SIZE) !=
1317 OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_CACHE_SIZE) {
1318 bundleCacheSize = GetAppCacheSize(bundleName, userId, appIndex, moduleNameList);
1319 }
1320 // index 0 : bundle data size
1321 bundleStats[0] = appDataSize;
1322 // index 1 : local bundle data size
1323 bundleStats[1] = bundleDataSize;
1324 // index 4 : cache size
1325 bundleStats[4] = bundleCacheSize;
1326 return ERR_OK;
1327 }
1328
GetAllBundleStats(const int32_t userId,std::vector<int64_t> & bundleStats,const std::vector<int32_t> & uids)1329 ErrCode InstalldHostImpl::GetAllBundleStats(const int32_t userId,
1330 std::vector<int64_t> &bundleStats, const std::vector<int32_t> &uids)
1331 {
1332 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1333 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1334 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1335 }
1336 if (uids.empty()) {
1337 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1338 }
1339 int64_t totalFileSize = InstalldOperator::GetDiskUsageFromQuota(INSTALLS_UID);
1340 int64_t totalDataSize = 0;
1341 for (size_t index = 0; index < uids.size(); ++index) {
1342 const auto &uid = uids[index];
1343 int64_t bundleDataSize = InstalldOperator::GetDiskUsageFromQuota(uid);
1344 // index 1 : local bundle data size
1345 totalDataSize += bundleDataSize;
1346 }
1347 bundleStats.push_back(totalFileSize);
1348 bundleStats.push_back(totalDataSize);
1349 bundleStats.push_back(0);
1350 bundleStats.push_back(0);
1351 bundleStats.push_back(0);
1352 return ERR_OK;
1353 }
1354
GetHapFlags(const bool isPreInstallApp,const bool debug,const bool isDlpSandbox)1355 unsigned int InstalldHostImpl::GetHapFlags(const bool isPreInstallApp, const bool debug, const bool isDlpSandbox)
1356 {
1357 unsigned int hapFlags = 0;
1358 #ifdef WITH_SELINUX
1359 hapFlags = isPreInstallApp ? SELINUX_HAP_RESTORECON_PREINSTALLED_APP : 0;
1360 hapFlags |= debug ? SELINUX_HAP_DEBUGGABLE : 0;
1361 hapFlags |= isDlpSandbox ? SELINUX_HAP_DLP : 0;
1362 #endif
1363 return hapFlags;
1364 }
1365
SetDirApl(const std::string & dir,const std::string & bundleName,const std::string & apl,bool isPreInstallApp,bool debug)1366 ErrCode InstalldHostImpl::SetDirApl(const std::string &dir, const std::string &bundleName, const std::string &apl,
1367 bool isPreInstallApp, bool debug)
1368 {
1369 unsigned int hapFlags = GetHapFlags(isPreInstallApp, debug, false);
1370 return SetDirApl(dir, bundleName, apl, hapFlags);
1371 }
1372
SetDirApl(const std::string & dir,const std::string & bundleName,const std::string & apl,unsigned int hapFlags)1373 ErrCode InstalldHostImpl::SetDirApl(const std::string &dir, const std::string &bundleName, const std::string &apl,
1374 unsigned int hapFlags)
1375 {
1376 #ifdef WITH_SELINUX
1377 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1378 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1379 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1380 }
1381 if (dir.empty() || bundleName.empty()) {
1382 LOG_E(BMS_TAG_INSTALLD, "Calling the function SetDirApl with invalid param");
1383 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1384 }
1385 HapFileInfo hapFileInfo;
1386 hapFileInfo.pathNameOrig.push_back(dir);
1387 hapFileInfo.apl = apl;
1388 hapFileInfo.packageName = bundleName;
1389 hapFileInfo.flags = SELINUX_HAP_RESTORECON_RECURSE;
1390 hapFileInfo.hapFlags = hapFlags;
1391 HapContext hapContext;
1392 int ret = hapContext.HapFileRestorecon(hapFileInfo);
1393 if (ret != 0) {
1394 LOG_E(BMS_TAG_INSTALLD, "HapFileRestorecon path: %{public}s failed, apl: %{public}s, errcode:%{public}d",
1395 dir.c_str(), apl.c_str(), ret);
1396 return ERR_APPEXECFWK_INSTALLD_SET_SELINUX_LABEL_FAILED;
1397 }
1398 return ret;
1399 #else
1400 return ERR_OK;
1401 #endif // WITH_SELINUX
1402 }
1403
GetBundleCachePath(const std::string & dir,std::vector<std::string> & cachePath)1404 ErrCode InstalldHostImpl::GetBundleCachePath(const std::string &dir, std::vector<std::string> &cachePath)
1405 {
1406 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::GetBundleCachePath start");
1407 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1408 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1409 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1410 }
1411 if (dir.empty()) {
1412 LOG_E(BMS_TAG_INSTALLD, "Calling the function GetBundleCachePath with invalid param");
1413 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1414 }
1415 InstalldOperator::TraverseCacheDirectory(dir, cachePath);
1416 return ERR_OK;
1417 }
1418
ScanDir(const std::string & dir,ScanMode scanMode,ResultMode resultMode,std::vector<std::string> & paths)1419 ErrCode InstalldHostImpl::ScanDir(
1420 const std::string &dir, ScanMode scanMode, ResultMode resultMode, std::vector<std::string> &paths)
1421 {
1422 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::Scan start %{public}s", dir.c_str());
1423 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1424 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1425 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1426 }
1427 if (dir.empty()) {
1428 LOG_E(BMS_TAG_INSTALLD, "Calling the function Scan with invalid param");
1429 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1430 }
1431
1432 InstalldOperator::ScanDir(dir, scanMode, resultMode, paths);
1433 return ERR_OK;
1434 }
1435
MoveFile(const std::string & oldPath,const std::string & newPath)1436 ErrCode InstalldHostImpl::MoveFile(const std::string &oldPath, const std::string &newPath)
1437 {
1438 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1439 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1440 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1441 }
1442 if (!InstalldOperator::MoveFile(oldPath, newPath)) {
1443 LOG_E(BMS_TAG_INSTALLD, "Move file %{public}s to %{public}s failed errno:%{public}d",
1444 oldPath.c_str(), newPath.c_str(), errno);
1445 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
1446 }
1447 return ERR_OK;
1448 }
1449
CopyFile(const std::string & oldPath,const std::string & newPath,const std::string & signatureFilePath)1450 ErrCode InstalldHostImpl::CopyFile(const std::string &oldPath, const std::string &newPath,
1451 const std::string &signatureFilePath)
1452 {
1453 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1454 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1455 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1456 }
1457 if (!InstalldOperator::CopyFileFast(oldPath, newPath)) {
1458 LOG_E(BMS_TAG_INSTALLD, "Copy file %{private}s to %{private}s failed errno:%{public}d",
1459 oldPath.c_str(), newPath.c_str(), errno);
1460 return ERR_APPEXECFWK_INSTALLD_COPY_FILE_FAILED;
1461 }
1462 mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
1463 if (!OHOS::ChangeModeFile(newPath, mode)) {
1464 LOG_E(BMS_TAG_INSTALLD, "change mode failed");
1465 return ERR_APPEXECFWK_INSTALLD_COPY_FILE_FAILED;
1466 }
1467
1468 if (signatureFilePath.empty()) {
1469 LOG_D(BMS_TAG_INSTALLD, "signature file path is empty and no need to process code signature");
1470 return ERR_OK;
1471 }
1472
1473 #if defined(CODE_SIGNATURE_ENABLE)
1474 Security::CodeSign::EntryMap entryMap = {{ ServiceConstants::CODE_SIGNATURE_HAP, newPath }};
1475 ErrCode ret = Security::CodeSign::CodeSignUtils::EnforceCodeSignForApp(entryMap, signatureFilePath);
1476 if (ret != ERR_OK) {
1477 LOG_E(BMS_TAG_INSTALLD, "hap or hsp code signature failed due to %{public}d", ret);
1478 return ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FAILED;
1479 }
1480 #endif
1481 return ERR_OK;
1482 }
1483
Mkdir(const std::string & dir,const int32_t mode,const int32_t uid,const int32_t gid)1484 ErrCode InstalldHostImpl::Mkdir(
1485 const std::string &dir, const int32_t mode, const int32_t uid, const int32_t gid)
1486 {
1487 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1488 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1489 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1490 }
1491 LOG_D(BMS_TAG_INSTALLD, "Mkdir start %{public}s", dir.c_str());
1492 if (dir.empty()) {
1493 LOG_E(BMS_TAG_INSTALLD, "Calling the function Mkdir with invalid param");
1494 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1495 }
1496
1497 if (!InstalldOperator::MkOwnerDir(dir, mode, uid, gid)) {
1498 LOG_E(BMS_TAG_INSTALLD, "Mkdir %{public}s failed errno:%{public}d", dir.c_str(), errno);
1499 return ERR_APPEXECFWK_INSTALLD_MKDIR_FAILED;
1500 }
1501 if (dir.find(ServiceConstants::SCREEN_LOCK_FILE_DATA_PATH) == 0) {
1502 InstalldOperator::RmvDeleteDfx(dir);
1503 }
1504 return ERR_OK;
1505 }
1506
GetFileStat(const std::string & file,FileStat & fileStat)1507 ErrCode InstalldHostImpl::GetFileStat(const std::string &file, FileStat &fileStat)
1508 {
1509 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1510 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1511 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1512 }
1513
1514 LOG_D(BMS_TAG_INSTALLD, "GetFileStat start %{public}s", file.c_str());
1515 struct stat s;
1516 if (stat(file.c_str(), &s) != 0) {
1517 LOG_E(BMS_TAG_INSTALLD, "Stat file(%{public}s) failed", file.c_str());
1518 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1519 }
1520
1521 fileStat.uid = static_cast<int32_t>(s.st_uid);
1522 fileStat.gid = static_cast<int32_t>(s.st_gid);
1523 fileStat.lastModifyTime = static_cast<int64_t>(s.st_mtime);
1524 fileStat.isDir = s.st_mode & S_IFDIR;
1525 fileStat.mode = static_cast<int32_t>(s.st_mode);
1526 return ERR_OK;
1527 }
1528
ExtractDiffFiles(const std::string & filePath,const std::string & targetPath,const std::string & cpuAbi)1529 ErrCode InstalldHostImpl::ExtractDiffFiles(const std::string &filePath, const std::string &targetPath,
1530 const std::string &cpuAbi)
1531 {
1532 if (filePath.empty() || targetPath.empty()) {
1533 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractDiffFiles with invalid param");
1534 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1535 }
1536 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1537 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1538 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1539 }
1540 if (!InstalldOperator::ExtractDiffFiles(filePath, targetPath, cpuAbi)) {
1541 LOG_E(BMS_TAG_INSTALLD, "fail to ExtractDiffFiles errno:%{public}d", errno);
1542 return ERR_BUNDLEMANAGER_QUICK_FIX_EXTRACT_DIFF_FILES_FAILED;
1543 }
1544 return ERR_OK;
1545 }
1546
ApplyDiffPatch(const std::string & oldSoPath,const std::string & diffFilePath,const std::string & newSoPath,int32_t uid)1547 ErrCode InstalldHostImpl::ApplyDiffPatch(const std::string &oldSoPath, const std::string &diffFilePath,
1548 const std::string &newSoPath, int32_t uid)
1549 {
1550 if (oldSoPath.empty() || diffFilePath.empty() || newSoPath.empty()) {
1551 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractDiffFiles with invalid param");
1552 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1553 }
1554 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1555 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1556 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1557 }
1558 if (!InstalldOperator::ApplyDiffPatch(oldSoPath, diffFilePath, newSoPath, uid)) {
1559 LOG_E(BMS_TAG_INSTALLD, "fail to ApplyDiffPatch errno:%{public}d", errno);
1560 return ERR_BUNDLEMANAGER_QUICK_FIX_APPLY_DIFF_PATCH_FAILED;
1561 }
1562 return ERR_OK;
1563 }
1564
IsExistDir(const std::string & dir,bool & isExist)1565 ErrCode InstalldHostImpl::IsExistDir(const std::string &dir, bool &isExist)
1566 {
1567 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1568 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1569 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1570 }
1571 isExist = InstalldOperator::IsExistDir(dir);
1572 return ERR_OK;
1573 }
1574
IsExistFile(const std::string & path,bool & isExist)1575 ErrCode InstalldHostImpl::IsExistFile(const std::string &path, bool &isExist)
1576 {
1577 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1578 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1579 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1580 }
1581 isExist = InstalldOperator::IsExistFile(path);
1582 return ERR_OK;
1583 }
1584
IsExistApFile(const std::string & path,bool & isExist)1585 ErrCode InstalldHostImpl::IsExistApFile(const std::string &path, bool &isExist)
1586 {
1587 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1588 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1589 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1590 }
1591 isExist = InstalldOperator::IsExistApFile(path);
1592 return ERR_OK;
1593 }
1594
IsDirEmpty(const std::string & dir,bool & isDirEmpty)1595 ErrCode InstalldHostImpl::IsDirEmpty(const std::string &dir, bool &isDirEmpty)
1596 {
1597 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1598 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1599 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1600 }
1601 isDirEmpty = InstalldOperator::IsDirEmpty(dir);
1602 return ERR_OK;
1603 }
1604
ObtainQuickFixFileDir(const std::string & dir,std::vector<std::string> & dirVec)1605 ErrCode InstalldHostImpl::ObtainQuickFixFileDir(const std::string &dir, std::vector<std::string> &dirVec)
1606 {
1607 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1608 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1609 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1610 }
1611 InstalldOperator::ObtainQuickFixFileDir(dir, dirVec);
1612 return ERR_OK;
1613 }
1614
CopyFiles(const std::string & sourceDir,const std::string & destinationDir)1615 ErrCode InstalldHostImpl::CopyFiles(const std::string &sourceDir, const std::string &destinationDir)
1616 {
1617 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1618 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1619 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1620 }
1621
1622 InstalldOperator::CopyFiles(sourceDir, destinationDir);
1623 return ERR_OK;
1624 }
1625
GetNativeLibraryFileNames(const std::string & filePath,const std::string & cpuAbi,std::vector<std::string> & fileNames)1626 ErrCode InstalldHostImpl::GetNativeLibraryFileNames(const std::string &filePath, const std::string &cpuAbi,
1627 std::vector<std::string> &fileNames)
1628 {
1629 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1630 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1631 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1632 }
1633 if (filePath.empty()) {
1634 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractDiffFiles with invalid param");
1635 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1636 }
1637 InstalldOperator::GetNativeLibraryFileNames(filePath, cpuAbi, fileNames);
1638 return ERR_OK;
1639 }
1640
VerifyCodeSignature(const CodeSignatureParam & codeSignatureParam)1641 ErrCode InstalldHostImpl::VerifyCodeSignature(const CodeSignatureParam &codeSignatureParam)
1642 {
1643 LOG_D(BMS_TAG_INSTALLD, "start to process the code signature for so files");
1644 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1645 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1646 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1647 }
1648 LOG_D(BMS_TAG_INSTALLD, "code sign param is %{public}s", codeSignatureParam.ToString().c_str());
1649 if (codeSignatureParam.modulePath.empty()) {
1650 LOG_E(BMS_TAG_INSTALLD, "Calling the function VerifyCodeSignature with invalid param");
1651 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1652 }
1653 if (!InstalldOperator::VerifyCodeSignature(codeSignatureParam)) {
1654 LOG_E(BMS_TAG_INSTALLD, "verify code signature failed");
1655 return ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FAILED;
1656 }
1657 return ERR_OK;
1658 }
1659
CheckEncryption(const CheckEncryptionParam & checkEncryptionParam,bool & isEncryption)1660 ErrCode InstalldHostImpl::CheckEncryption(const CheckEncryptionParam &checkEncryptionParam, bool &isEncryption)
1661 {
1662 LOG_D(BMS_TAG_INSTALLD, "start to process check encryption");
1663 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1664 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1665 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1666 }
1667
1668 if (checkEncryptionParam.modulePath.empty()) {
1669 LOG_E(BMS_TAG_INSTALLD, "Calling the function CheckEncryption with invalid param");
1670 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1671 }
1672 auto ret = InstalldOperator::CheckEncryption(checkEncryptionParam, isEncryption);
1673 if (ret != ERR_OK) {
1674 LOG_E(BMS_TAG_INSTALLD, "check encryption failed due to %{public}d", ret);
1675 return ret;
1676 }
1677 return ERR_OK;
1678 }
1679
MoveFiles(const std::string & srcDir,const std::string & desDir)1680 ErrCode InstalldHostImpl::MoveFiles(const std::string &srcDir, const std::string &desDir)
1681 {
1682 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1683 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1684 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1685 }
1686
1687 if (srcDir.empty() || desDir.empty()) {
1688 LOG_E(BMS_TAG_INSTALLD, "Calling the function MoveFiles with invalid param");
1689 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1690 }
1691 if (!InstalldOperator::MoveFiles(srcDir, desDir)) {
1692 LOG_E(BMS_TAG_INSTALLD, "move files failed errno:%{public}d", errno);
1693 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
1694 }
1695 return ERR_OK;
1696 }
1697
ExtractDriverSoFiles(const std::string & srcPath,const std::unordered_multimap<std::string,std::string> & dirMap)1698 ErrCode InstalldHostImpl::ExtractDriverSoFiles(const std::string &srcPath,
1699 const std::unordered_multimap<std::string, std::string> &dirMap)
1700 {
1701 LOG_D(BMS_TAG_INSTALLD, "start to copy driver so files");
1702 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1703 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1704 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1705 }
1706 if (dirMap.empty()) {
1707 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractDriverSoFiles with invalid param");
1708 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1709 }
1710
1711 if (!InstalldOperator::ExtractDriverSoFiles(srcPath, dirMap)) {
1712 LOG_E(BMS_TAG_INSTALLD, "copy driver so files failed errno:%{public}d", errno);
1713 return ERR_APPEXECFWK_INSTALLD_COPY_FILE_FAILED;
1714 }
1715 return ERR_OK;
1716 }
1717
ExtractEncryptedSoFiles(const std::string & hapPath,const std::string & realSoFilesPath,const std::string & cpuAbi,const std::string & tmpSoPath,int32_t uid)1718 ErrCode InstalldHostImpl::ExtractEncryptedSoFiles(const std::string &hapPath, const std::string &realSoFilesPath,
1719 const std::string &cpuAbi, const std::string &tmpSoPath, int32_t uid)
1720 {
1721 LOG_D(BMS_TAG_INSTALLD, "start to obtain decoded so files");
1722 #if defined(CODE_ENCRYPTION_ENABLE)
1723 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1724 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1725 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1726 }
1727
1728 if (hapPath.empty() || tmpSoPath.empty()) {
1729 LOG_E(BMS_TAG_INSTALLD, "hapPath %{public}s or tmpSoPath %{public}s is empty",
1730 hapPath.c_str(), tmpSoPath.c_str());
1731 return ERR_BUNDLEMANAGER_QUICK_FIX_INVALID_PATH;
1732 }
1733
1734 if (!CheckPathValid(hapPath, Constants::BUNDLE_CODE_DIR) ||
1735 !CheckPathValid(realSoFilesPath, Constants::BUNDLE_CODE_DIR) ||
1736 !CheckPathValid(tmpSoPath, ServiceConstants::HAP_COPY_PATH)) {
1737 return ERR_BUNDLEMANAGER_QUICK_FIX_INVALID_PATH;
1738 }
1739 if (realSoFilesPath.empty()) {
1740 /* obtain the decoded so files from hapPath*/
1741 return InstalldOperator::ExtractSoFilesToTmpHapPath(hapPath, cpuAbi, tmpSoPath, uid);
1742 } else {
1743 /* obtain the decoded so files from realSoFilesPath*/
1744 return InstalldOperator::ExtractSoFilesToTmpSoPath(hapPath, realSoFilesPath, cpuAbi, tmpSoPath, uid);
1745 }
1746 #else
1747 LOG_D(BMS_TAG_INSTALLD, "code encryption is not supported");
1748 return ERR_BUNDLEMANAGER_QUICK_FIX_NOT_SUPPORT_CODE_ENCRYPTION;
1749 #endif
1750 }
1751
1752 #if defined(CODE_SIGNATURE_ENABLE)
PrepareEntryMap(const CodeSignatureParam & codeSignatureParam,Security::CodeSign::EntryMap & entryMap)1753 ErrCode InstalldHostImpl::PrepareEntryMap(const CodeSignatureParam &codeSignatureParam,
1754 Security::CodeSign::EntryMap &entryMap)
1755 {
1756 LOG_D(BMS_TAG_INSTALLD, "PrepareEntryMap target so path is %{public}s", codeSignatureParam.targetSoPath.c_str());
1757 if (codeSignatureParam.modulePath.empty()) {
1758 LOG_E(BMS_TAG_INSTALLD, "real path of the installed hap is empty");
1759 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1760 }
1761 if (codeSignatureParam.targetSoPath.empty()) {
1762 LOG_W(BMS_TAG_INSTALLD, "target so path is empty");
1763 return ERR_OK;
1764 }
1765 std::vector<std::string> fileNames;
1766 if (!InstalldOperator::GetNativeLibraryFileNames(
1767 codeSignatureParam.modulePath, codeSignatureParam.cpuAbi, fileNames)) {
1768 LOG_E(BMS_TAG_INSTALLD, "get native library file names failed");
1769 return ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FAILED;
1770 }
1771 const std::string prefix = ServiceConstants::LIBS + codeSignatureParam.cpuAbi + ServiceConstants::PATH_SEPARATOR;
1772 for (const auto &fileName : fileNames) {
1773 std::string entryName = prefix + fileName;
1774 std::string path = codeSignatureParam.targetSoPath;
1775 if (path.back() != ServiceConstants::FILE_SEPARATOR_CHAR) {
1776 path += ServiceConstants::FILE_SEPARATOR_CHAR;
1777 }
1778 entryMap.emplace(entryName, path + fileName);
1779 LOG_D(BMS_TAG_INSTALLD, "entryMap add soEntry %{public}s: %{public}s",
1780 entryName.c_str(), (path + fileName).c_str());
1781 }
1782 return ERR_OK;
1783 }
1784 #endif
1785
VerifyCodeSignatureForHap(const CodeSignatureParam & codeSignatureParam)1786 ErrCode InstalldHostImpl::VerifyCodeSignatureForHap(const CodeSignatureParam &codeSignatureParam)
1787 {
1788 LOG_D(BMS_TAG_INSTALLD, "code sign param is %{public}s", codeSignatureParam.ToString().c_str());
1789 #if defined(CODE_SIGNATURE_ENABLE)
1790 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1791 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1792 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1793 }
1794 ErrCode ret = ERR_OK;
1795 if (codeSignatureParam.isCompileSdkOpenHarmony && !Security::CodeSign::CodeSignUtils::IsSupportOHCodeSign()) {
1796 LOG_D(BMS_TAG_INSTALLD, "code signature is not supported");
1797 return ret;
1798 }
1799 Security::CodeSign::EntryMap entryMap;
1800 if ((ret = PrepareEntryMap(codeSignatureParam, entryMap)) != ERR_OK) {
1801 LOG_E(BMS_TAG_INSTALLD, "prepare entry map failed");
1802 return ret;
1803 }
1804 uint32_t codeSignFlag = 0;
1805 if (!codeSignatureParam.isCompressNativeLibrary) {
1806 codeSignFlag |= Security::CodeSign::CodeSignInfoFlag::IS_UNCOMPRESSED_NATIVE_LIBS;
1807 }
1808 if (codeSignatureParam.signatureFileDir.empty()) {
1809 std::shared_ptr<CodeSignHelper> codeSignHelper = std::make_shared<CodeSignHelper>();
1810 Security::CodeSign::FileType fileType = codeSignatureParam.isPreInstalledBundle ?
1811 FILE_ENTRY_ONLY : FILE_ALL;
1812 if (codeSignatureParam.isEnterpriseBundle) {
1813 LOG_D(BMS_TAG_INSTALLD, "Verify code signature for enterprise bundle");
1814 ret = codeSignHelper->EnforceCodeSignForAppWithOwnerId(codeSignatureParam.appIdentifier,
1815 codeSignatureParam.modulePath, entryMap, fileType, codeSignFlag);
1816 } else if (codeSignatureParam.isInternaltestingBundle) {
1817 LOG_D(BMS_TAG_INSTALLD, "Verify code signature for internaltesting bundle");
1818 ret = codeSignHelper->EnforceCodeSignForAppWithOwnerId(codeSignatureParam.appIdentifier,
1819 codeSignatureParam.modulePath, entryMap, fileType, codeSignFlag);
1820 } else {
1821 LOG_D(BMS_TAG_INSTALLD, "Verify code signature for non-enterprise bundle");
1822 ret = codeSignHelper->EnforceCodeSignForApp(
1823 codeSignatureParam.modulePath, entryMap, fileType, codeSignFlag);
1824 }
1825 LOG_I(BMS_TAG_INSTALLD, "Verify code signature %{public}s", codeSignatureParam.modulePath.c_str());
1826 } else {
1827 LOG_D(BMS_TAG_INSTALLD, "Verify code signature with: %{public}s", codeSignatureParam.signatureFileDir.c_str());
1828 ret = Security::CodeSign::CodeSignUtils::EnforceCodeSignForApp(entryMap, codeSignatureParam.signatureFileDir);
1829 }
1830 if (ret != ERR_OK) {
1831 LOG_E(BMS_TAG_INSTALLD, "hap or hsp code signature failed due to %{public}d", ret);
1832 return ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FAILED;
1833 }
1834 #else
1835 LOG_W(BMS_TAG_INSTALLD, "code signature feature is not supported");
1836 #endif
1837 return ERR_OK;
1838 }
1839
DeliverySignProfile(const std::string & bundleName,int32_t profileBlockLength,const unsigned char * profileBlock)1840 ErrCode InstalldHostImpl::DeliverySignProfile(const std::string &bundleName, int32_t profileBlockLength,
1841 const unsigned char *profileBlock)
1842 {
1843 #if defined(CODE_SIGNATURE_ENABLE)
1844 LOG_I(BMS_TAG_INSTALLD, "start");
1845 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1846 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1847 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1848 }
1849
1850 if (bundleName.empty() || profileBlock == nullptr || profileBlockLength == 0) {
1851 LOG_E(BMS_TAG_INSTALLD, "Calling the function DeliverySignProfile with invalid param");
1852 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1853 }
1854
1855 LOG_D(BMS_TAG_INSTALLD, "delivery profile of bundle %{public}s and profile size is %{public}d", bundleName.c_str(),
1856 profileBlockLength);
1857 Security::CodeSign::ByteBuffer byteBuffer;
1858 byteBuffer.CopyFrom(reinterpret_cast<const uint8_t *>(profileBlock), profileBlockLength);
1859 ErrCode ret = Security::CodeSign::CodeSignUtils::EnableKeyInProfile(bundleName, byteBuffer);
1860 if (ret != ERR_OK) {
1861 LOG_E(BMS_TAG_INSTALLD, "delivery code sign profile failed due to error %{public}d", ret);
1862 return ERR_BUNDLE_MANAGER_CODE_SIGNATURE_DELIVERY_FILE_FAILED;
1863 }
1864 LOG_I(BMS_TAG_INSTALLD, "end");
1865 #else
1866 LOG_W(BMS_TAG_INSTALLD, "code signature feature is not supported");
1867 #endif
1868 return ERR_OK;
1869 }
1870
RemoveSignProfile(const std::string & bundleName)1871 ErrCode InstalldHostImpl::RemoveSignProfile(const std::string &bundleName)
1872 {
1873 LOG_D(BMS_TAG_INSTALLD, "start to remove sign profile");
1874 #if defined(CODE_SIGNATURE_ENABLE)
1875 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1876 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1877 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1878 }
1879
1880 if (bundleName.empty()) {
1881 LOG_E(BMS_TAG_INSTALLD, "Calling the function RemoveSignProfile with invalid param");
1882 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1883 }
1884
1885 ErrCode ret = Security::CodeSign::CodeSignUtils::RemoveKeyInProfile(bundleName);
1886 if (ret != ERR_OK) {
1887 LOG_E(BMS_TAG_INSTALLD, "remove code sign profile failed due to error %{public}d", ret);
1888 return ERR_BUNDLE_MANAGER_CODE_SIGNATURE_REMOVE_FILE_FAILED;
1889 }
1890 #else
1891 LOG_W(BMS_TAG_INSTALLD, "code signature feature is not supported");
1892 #endif
1893 return ERR_OK;
1894 }
1895
CheckPathValid(const std::string & path,const std::string & prefix)1896 bool InstalldHostImpl::CheckPathValid(const std::string &path, const std::string &prefix)
1897 {
1898 if (path.empty()) {
1899 return true;
1900 }
1901 if (path.find(ServiceConstants::RELATIVE_PATH) != std::string::npos) {
1902 LOG_E(BMS_TAG_INSTALLD, "path(%{public}s) contain relevant path", path.c_str());
1903 return false;
1904 }
1905 if (path.find(prefix) == std::string::npos) {
1906 LOG_E(BMS_TAG_INSTALLD, "prefix(%{public}s) cannot be found", prefix.c_str());
1907 return false;
1908 }
1909 return true;
1910 }
1911
SetEncryptionPolicy(const EncryptionParam & encryptionParam,std::string & keyId)1912 ErrCode InstalldHostImpl::SetEncryptionPolicy(const EncryptionParam &encryptionParam, std::string &keyId)
1913 {
1914 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1915 LOG_E(BMS_TAG_INSTALLD, "permission denied");
1916 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1917 }
1918 if (encryptionParam.bundleName.empty() && encryptionParam.groupId.empty()) {
1919 LOG_E(BMS_TAG_INSTALLD, "invalid param");
1920 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1921 }
1922 if (!InstalldOperator::GenerateKeyIdAndSetPolicy(encryptionParam, keyId)) {
1923 LOG_E(BMS_TAG_INSTALLD, "EncryptionPaths fail");
1924 return ERR_APPEXECFWK_INSTALLD_GENERATE_KEY_FAILED;
1925 }
1926 return ERR_OK;
1927 }
1928
DeleteEncryptionKeyId(const EncryptionParam & encryptionParam)1929 ErrCode InstalldHostImpl::DeleteEncryptionKeyId(const EncryptionParam &encryptionParam)
1930 {
1931 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1932 LOG_E(BMS_TAG_INSTALLD, "permission denied");
1933 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1934 }
1935 if (encryptionParam.bundleName.empty() && encryptionParam.groupId.empty()) {
1936 LOG_E(BMS_TAG_INSTALLD, "invalid param");
1937 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1938 }
1939 if (!InstalldOperator::DeleteKeyId(encryptionParam)) {
1940 LOG_E(BMS_TAG_INSTALLD, "EncryptionPaths fail");
1941 return ERR_APPEXECFWK_INSTALLD_DELETE_KEY_FAILED;
1942 }
1943 return ERR_OK;
1944 }
1945
RemoveExtensionDir(int32_t userId,const std::vector<std::string> & extensionBundleDirs)1946 ErrCode InstalldHostImpl::RemoveExtensionDir(int32_t userId, const std::vector<std::string> &extensionBundleDirs)
1947 {
1948 LOG_I(BMS_TAG_INSTALLD, "RemoveExtensionDir userId: %{public}d, extensionBundleDir size: %{public}zu",
1949 userId, extensionBundleDirs.size());
1950 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1951 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1952 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1953 }
1954 if (extensionBundleDirs.empty() || userId < 0) {
1955 LOG_E(BMS_TAG_INSTALLD, "Calling the function RemoveExtensionDir with invalid param");
1956 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1957 }
1958
1959 for (const std::string &extensionBundleDir : extensionBundleDirs) {
1960 if (extensionBundleDir.empty()) {
1961 LOG_E(BMS_TAG_INSTALLD, "RemoveExtensionDir failed for param invalid");
1962 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1963 }
1964 auto ret = RemoveExtensionDir(userId, extensionBundleDir);
1965 if (ret != ERR_OK) {
1966 LOG_E(BMS_TAG_INSTALLD, "remove dir failed: %{public}s", extensionBundleDir.c_str());
1967 return ret;
1968 }
1969 }
1970 return ERR_OK;
1971 }
1972
RemoveExtensionDir(int32_t userId,const std::string & extensionBundleDir)1973 ErrCode InstalldHostImpl::RemoveExtensionDir(int32_t userId, const std::string &extensionBundleDir)
1974 {
1975 LOG_I(BMS_TAG_INSTALLD, "begin RemoveExtensionDir dir %{public}s", extensionBundleDir.c_str());
1976 for (const auto &el : ServiceConstants::BUNDLE_EL) {
1977 const std::string bundleDataDir = GetBundleDataDir(el, userId);
1978 std::string baseDir = bundleDataDir + ServiceConstants::BASE + extensionBundleDir;
1979 if (!InstalldOperator::DeleteDir(baseDir)) {
1980 LOG_E(BMS_TAG_INSTALLD, "remove base dir %{public}s failed errno:%{public}d", baseDir.c_str(), errno);
1981 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1982 }
1983
1984 std::string databaseDir = bundleDataDir + ServiceConstants::DATABASE + extensionBundleDir;
1985 if (!InstalldOperator::DeleteDir(databaseDir)) {
1986 LOG_E(BMS_TAG_INSTALLD, "remove database dir %{public}s failed errno:%{public}d",
1987 databaseDir.c_str(), errno);
1988 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1989 }
1990
1991 if (el == ServiceConstants::BUNDLE_EL[1]) {
1992 std::string logDir = bundleDataDir + ServiceConstants::LOG + extensionBundleDir;
1993 if (!InstalldOperator::DeleteDir(logDir)) {
1994 LOG_E(BMS_TAG_INSTALLD, "remove log dir %{public}s failed errno:%{public}d", logDir.c_str(), errno);
1995 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1996 }
1997 }
1998 }
1999 return ERR_OK;
2000 }
2001
IsExistExtensionDir(int32_t userId,const std::string & extensionBundleDir,bool & isExist)2002 ErrCode InstalldHostImpl::IsExistExtensionDir(int32_t userId, const std::string &extensionBundleDir, bool &isExist)
2003 {
2004 LOG_I(BMS_TAG_INSTALLD, "IsExistExtensionDir called, userId %{public}d dir %{public}s",
2005 userId, extensionBundleDir.c_str());
2006 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2007 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
2008 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2009 }
2010 for (const auto &el : ServiceConstants::BUNDLE_EL) {
2011 const std::string bundleDataDir = GetBundleDataDir(el, userId);
2012 std::string baseDir = bundleDataDir + ServiceConstants::BASE + extensionBundleDir;
2013 if (!InstalldOperator::IsExistDir(baseDir)) {
2014 LOG_I(BMS_TAG_INSTALLD, "dir %{public}s is not existed", baseDir.c_str());
2015 isExist = false;
2016 return ERR_OK;
2017 }
2018
2019 std::string databaseDir = bundleDataDir + ServiceConstants::DATABASE + extensionBundleDir;
2020 if (!InstalldOperator::IsExistDir(databaseDir)) {
2021 LOG_I(BMS_TAG_INSTALLD, "dir %{public}s is not existed", databaseDir.c_str());
2022 isExist = false;
2023 return ERR_OK;
2024 }
2025
2026 if (el == ServiceConstants::BUNDLE_EL[1]) {
2027 std::string logDir = bundleDataDir + ServiceConstants::LOG + extensionBundleDir;
2028 if (!InstalldOperator::IsExistDir(logDir)) {
2029 LOG_I(BMS_TAG_INSTALLD, "dir %{public}s is not existed", logDir.c_str());
2030 isExist = false;
2031 return ERR_OK;
2032 }
2033 }
2034 }
2035 isExist = true;
2036 return ERR_OK;
2037 }
2038
CreateExtensionDataDir(const CreateDirParam & createDirParam)2039 ErrCode InstalldHostImpl::CreateExtensionDataDir(const CreateDirParam &createDirParam)
2040 {
2041 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2042 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
2043 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2044 }
2045 if (createDirParam.bundleName.empty() || createDirParam.userId < 0 ||
2046 createDirParam.uid < 0 || createDirParam.gid < 0 || createDirParam.extensionDirs.empty()) {
2047 LOG_E(BMS_TAG_INSTALLD, "Calling the function CreateExtensionDataDir with invalid param");
2048 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
2049 }
2050 LOG_I(BMS_TAG_INSTALLD, "begin to create extension dir for bundle %{public}s, which has %{public}zu extension dir",
2051 createDirParam.bundleName.c_str(), createDirParam.extensionDirs.size());
2052 for (const auto &el : ServiceConstants::BUNDLE_EL) {
2053 if ((createDirParam.createDirFlag == CreateDirFlag::CREATE_DIR_UNLOCKED) &&
2054 (el == ServiceConstants::BUNDLE_EL[0])) {
2055 continue;
2056 }
2057
2058 std::string bundleDataDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::BASE;
2059 if (access(bundleDataDir.c_str(), F_OK) != 0) {
2060 LOG_W(BMS_TAG_INSTALLD, "Base directory %{public}s does not existed, bundleName:%{public}s",
2061 bundleDataDir.c_str(), createDirParam.bundleName.c_str());
2062 return ERR_OK;
2063 }
2064 int mode = createDirParam.debug ? (S_IRWXU | S_IRWXG | S_IRWXO) : S_IRWXU;
2065 if (CreateExtensionDir(createDirParam, bundleDataDir, mode, createDirParam.gid) != ERR_OK) {
2066 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", bundleDataDir.c_str());
2067 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
2068 }
2069 AclSetExtensionDirs(createDirParam.debug, bundleDataDir, createDirParam.extensionDirs, true, true);
2070 if (el == ServiceConstants::BUNDLE_EL[1]) {
2071 std::string logParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::LOG;
2072 if (CreateExtensionDir(createDirParam, logParentDir, S_IRWXU | S_IRWXG,
2073 ServiceConstants::LOG_DIR_GID, true) != ERR_OK) {
2074 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", logParentDir.c_str());
2075 }
2076 }
2077 mode = createDirParam.debug ? (S_IRWXU | S_IRWXG | S_ISGID | S_IROTH | S_IXOTH) : (S_IRWXU | S_IRWXG | S_ISGID);
2078 std::string databaseParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::DATABASE;
2079 if (CreateExtensionDir(createDirParam, databaseParentDir, mode,
2080 ServiceConstants::DATABASE_DIR_GID) != ERR_OK) {
2081 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", databaseParentDir.c_str());
2082 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
2083 }
2084 AclSetExtensionDirs(createDirParam.debug, databaseParentDir, createDirParam.extensionDirs, false, true);
2085 }
2086 return ERR_OK;
2087 }
2088
GetExtensionSandboxTypeList(std::vector<std::string> & typeList)2089 ErrCode InstalldHostImpl::GetExtensionSandboxTypeList(std::vector<std::string> &typeList)
2090 {
2091 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2092 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
2093 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2094 }
2095 nlohmann::json jsonBuf;
2096 std::string extensionConfigPath = GetExtensionConfigPath();
2097 if (!ReadFileIntoJson(extensionConfigPath, jsonBuf)) {
2098 LOG_I(BMS_TAG_INSTALLD, "Parse file %{public}s failed", extensionConfigPath.c_str());
2099 return ERR_APPEXECFWK_INSTALL_FAILED_PROFILE_PARSE_FAIL;
2100 }
2101 LoadNeedCreateSandbox(jsonBuf, typeList);
2102 return ERR_OK;
2103 }
2104
GetExtensionConfigPath() const2105 std::string InstalldHostImpl::GetExtensionConfigPath() const
2106 {
2107 #ifdef CONFIG_POLOCY_ENABLE
2108 char buf[MAX_PATH_LEN] = { 0 };
2109 char *configPath = GetOneCfgFile(EXTENSION_CONFIG_FILE_PATH, buf, MAX_PATH_LEN);
2110 if (configPath == nullptr || configPath[0] == '\0') {
2111 LOG_E(BMS_TAG_INSTALLD, "GetOneCfgFile failed");
2112 return EXTENSION_CONFIG_DEFAULT_PATH;
2113 }
2114 if (strlen(configPath) > MAX_PATH_LEN) {
2115 LOG_E(BMS_TAG_INSTALLD, "configPath length exceeds");
2116 return EXTENSION_CONFIG_DEFAULT_PATH;
2117 }
2118 return configPath;
2119 #else
2120 return EXTENSION_CONFIG_DEFAULT_PATH;
2121 #endif
2122 }
2123
LoadNeedCreateSandbox(const nlohmann::json & object,std::vector<std::string> & typeList)2124 void InstalldHostImpl::LoadNeedCreateSandbox(const nlohmann::json &object, std::vector<std::string> &typeList)
2125 {
2126 if (!object.contains(EXTENSION_CONFIG_NAME) || !object.at(EXTENSION_CONFIG_NAME).is_array()) {
2127 LOG_E(BMS_TAG_INSTALLD, "Extension config not existed");
2128 return;
2129 }
2130
2131 for (auto &item : object.at(EXTENSION_CONFIG_NAME).items()) {
2132 const nlohmann::json& jsonObject = item.value();
2133 if (!jsonObject.contains(EXTENSION_TYPE_NAME) || !jsonObject.at(EXTENSION_TYPE_NAME).is_string()) {
2134 continue;
2135 }
2136 std::string extensionType = jsonObject.at(EXTENSION_TYPE_NAME).get<std::string>();
2137 if (LoadExtensionNeedCreateSandbox(jsonObject, extensionType)) {
2138 typeList.emplace_back(extensionType);
2139 }
2140 }
2141 }
2142
LoadExtensionNeedCreateSandbox(const nlohmann::json & object,std::string extensionTypeName)2143 bool InstalldHostImpl::LoadExtensionNeedCreateSandbox(const nlohmann::json &object, std::string extensionTypeName)
2144 {
2145 if (!object.contains(EXTENSION_SERVICE_NEED_CREATE_SANDBOX) ||
2146 !object.at(EXTENSION_SERVICE_NEED_CREATE_SANDBOX).is_boolean()) {
2147 LOG_NOFUNC_E(BMS_TAG_INSTALLD, "need create sandbox config not existed");
2148 return false;
2149 }
2150 return object.at(EXTENSION_SERVICE_NEED_CREATE_SANDBOX).get<bool>();
2151 }
2152
ReadFileIntoJson(const std::string & filePath,nlohmann::json & jsonBuf)2153 bool InstalldHostImpl::ReadFileIntoJson(const std::string &filePath, nlohmann::json &jsonBuf)
2154 {
2155 if (filePath.length() > PATH_MAX) {
2156 LOG_E(BMS_TAG_INSTALLD, "path length(%{public}u) longer than max length(%{public}d)",
2157 static_cast<unsigned int>(filePath.length()), PATH_MAX);
2158 return false;
2159 }
2160 std::string realPath;
2161 realPath.reserve(PATH_MAX);
2162 realPath.resize(PATH_MAX - 1);
2163 if (realpath(filePath.c_str(), &(realPath[0])) == nullptr) {
2164 LOG_E(BMS_TAG_INSTALLD, "transform real path: %{public}s error: %{public}d", filePath.c_str(), errno);
2165 return false;
2166 }
2167 if (access(filePath.c_str(), F_OK) != 0) {
2168 LOG_D(BMS_TAG_INSTALLD, "access file %{public}s failed, error: %{public}s", filePath.c_str(), strerror(errno));
2169 return false;
2170 }
2171
2172 std::fstream in;
2173 char errBuf[256];
2174 errBuf[0] = '\0';
2175 in.open(filePath, std::ios_base::in);
2176 if (!in.is_open()) {
2177 strerror_r(errno, errBuf, sizeof(errBuf));
2178 LOG_E(BMS_TAG_INSTALLD, "the file cannot be open due to %{public}s, errno:%{public}d", errBuf, errno);
2179 return false;
2180 }
2181
2182 in.seekg(0, std::ios::end);
2183 int64_t size = in.tellg();
2184 if (size <= 0) {
2185 LOG_E(BMS_TAG_INSTALLD, "the file is an empty file, errno:%{public}d", errno);
2186 in.close();
2187 return false;
2188 }
2189
2190 in.seekg(0, std::ios::beg);
2191 jsonBuf = nlohmann::json::parse(in, nullptr, false);
2192 in.close();
2193 if (jsonBuf.is_discarded()) {
2194 LOG_E(BMS_TAG_INSTALLD, "bad profile file");
2195 return false;
2196 }
2197
2198 return true;
2199 }
2200
InnerRemoveAtomicServiceBundleDataDir(const std::string & bundleName,const int32_t userId,const bool async)2201 ErrCode InstalldHostImpl::InnerRemoveAtomicServiceBundleDataDir(
2202 const std::string &bundleName, const int32_t userId, const bool async)
2203 {
2204 LOG_D(BMS_TAG_INSTALLD, "process atomic service bundleName:%{public}s", bundleName.c_str());
2205 std::vector<std::string> pathName;
2206 if (!InstalldOperator::GetAtomicServiceBundleDataDir(bundleName, userId, pathName)) {
2207 LOG_W(BMS_TAG_INSTALLD, "atomic bundle %{public}s no other path", bundleName.c_str());
2208 }
2209 pathName.emplace_back(bundleName);
2210 LOG_I(BMS_TAG_INSTALLD, "bundle %{public}s need delete path size:%{public}zu", bundleName.c_str(), pathName.size());
2211 ErrCode result = ERR_OK;
2212 for (const auto &name : pathName) {
2213 ErrCode tmpResult = InnerRemoveBundleDataDir(name, userId, async);
2214 if (tmpResult != ERR_OK) {
2215 result = tmpResult;
2216 }
2217 }
2218 return result;
2219 }
2220
InnerRemoveBundleDataDir(const std::string & bundleName,const int32_t userId,const bool async)2221 ErrCode InstalldHostImpl::InnerRemoveBundleDataDir(
2222 const std::string &bundleName, const int32_t userId, const bool async)
2223 {
2224 for (const auto &el : ServiceConstants::BUNDLE_EL) {
2225 std::string dataDir = GetBundleDataDir(el, userId);
2226 std::string bundleDataDir = dataDir + ServiceConstants::BASE + bundleName;
2227 if (!InstalldOperator::DeleteDirFlexible(bundleDataDir, async)) {
2228 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", bundleDataDir.c_str(), errno);
2229 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2230 }
2231 std::string databaseDir = dataDir + ServiceConstants::DATABASE + bundleName;
2232 if (!InstalldOperator::DeleteDirFlexible(databaseDir, async)) {
2233 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", databaseDir.c_str(), errno);
2234 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2235 }
2236 if (el == ServiceConstants::BUNDLE_EL[1]) {
2237 std::string logDir = dataDir + ServiceConstants::LOG + bundleName;
2238 if (!InstalldOperator::DeleteDir(logDir)) {
2239 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", logDir.c_str(), errno);
2240 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2241 }
2242
2243 // remove SHAREFILES_DATA_PATH_EL2
2244 std::string shareFilesDataDir = dataDir + ServiceConstants::SHAREFILES + bundleName;
2245 if (!InstalldOperator::DeleteDir(shareFilesDataDir)) {
2246 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed: %{public}d", shareFilesDataDir.c_str(), errno);
2247 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2248 }
2249 }
2250 }
2251 if (RemoveShareDir(bundleName, userId) != ERR_OK) {
2252 LOG_E(BMS_TAG_INSTALLD, "failed to remove share dir");
2253 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2254 }
2255 if (RemoveCloudDir(bundleName, userId) != ERR_OK) {
2256 LOG_E(BMS_TAG_INSTALLD, "failed to remove cloud dir");
2257 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2258 }
2259 if (RemoveBackupExtHomeDir(bundleName, userId, DirType::DIR_EL2) != ERR_OK ||
2260 RemoveBackupExtHomeDir(bundleName, userId, DirType::DIR_EL1) != ERR_OK) {
2261 LOG_E(BMS_TAG_INSTALLD, "failed to remove backup ext home dir");
2262 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2263 }
2264 if (RemoveNewBackupExtHomeDir(bundleName, userId, DirType::DIR_EL2) != ERR_OK ||
2265 RemoveNewBackupExtHomeDir(bundleName, userId, DirType::DIR_EL1) != ERR_OK) {
2266 LOG_E(BMS_TAG_INSTALLD, "failed to remove new backup ext home dir");
2267 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2268 }
2269 if (RemoveDistributedDir(bundleName, userId) != ERR_OK) {
2270 LOG_E(BMS_TAG_INSTALLD, "failed to remove distributed file dir");
2271 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2272 }
2273 return ERR_OK;
2274 }
2275
MigrateData(const std::vector<std::string> & sourcePaths,const std::string & destinationPath)2276 ErrCode InstalldHostImpl::MigrateData(const std::vector<std::string> &sourcePaths, const std::string &destinationPath)
2277 {
2278 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2279 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
2280 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2281 }
2282 if (sourcePaths.size() > VECTOR_SIZE_MAX) {
2283 LOG_E(BMS_TAG_INSTALLD, "source paths size out of range");
2284 return ERR_BUNDLE_MANAGER_MIGRATE_DATA_SOURCE_PATH_INVALID;
2285 }
2286 auto checkPath = [](const auto &path) { return path.find(ServiceConstants::RELATIVE_PATH) != std::string::npos; };
2287 if (sourcePaths.empty() || std::any_of(sourcePaths.begin(), sourcePaths.end(), checkPath)) {
2288 return ERR_BUNDLE_MANAGER_MIGRATE_DATA_SOURCE_PATH_INVALID;
2289 }
2290 if (destinationPath.empty() || checkPath(destinationPath)) {
2291 return ERR_BUNDLE_MANAGER_MIGRATE_DATA_DESTINATION_PATH_INVALID;
2292 }
2293 return InstalldOperator::MigrateData(sourcePaths, destinationPath);
2294 }
2295
MoveHapToCodeDir(const std::string & originPath,const std::string & targetPath)2296 ErrCode InstalldHostImpl::MoveHapToCodeDir(const std::string &originPath, const std::string &targetPath)
2297 {
2298 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2299 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
2300 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2301 }
2302 if (!InstalldOperator::MoveFile(originPath, targetPath)) {
2303 LOG_E(BMS_TAG_INSTALLD, "move file %{public}s to %{public}s failed errno:%{public}d",
2304 originPath.c_str(), targetPath.c_str(), errno);
2305 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
2306 }
2307 mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
2308 if (!OHOS::ChangeModeFile(targetPath, mode)) {
2309 LOG_E(BMS_TAG_INSTALLD, "change mode failed");
2310 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
2311 }
2312 if (!InstalldOperator::ChangeFileAttr(targetPath, INSTALLS_UID, INSTALLS_UID)) {
2313 LOG_E(BMS_TAG_INSTALLD, "ChangeAttr %{public}s failed errno:%{public}d", targetPath.c_str(), errno);
2314 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
2315 }
2316
2317 #ifdef WITH_SELINUX
2318 const char *context = "u:object_r:data_app_el1_file:s0";
2319 if (lsetfilecon(targetPath.c_str(), context) < 0) {
2320 LOG_E(BMS_TAG_INSTALLD, "setcon %{public}s failed errno:%{public}d", targetPath.c_str(), errno);
2321 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
2322 }
2323 #endif
2324 return ERR_OK;
2325 }
2326
GetGroupDirPath(const std::string & el,int32_t userId,const std::string & uuid)2327 std::string InstalldHostImpl::GetGroupDirPath(const std::string &el, int32_t userId, const std::string &uuid)
2328 {
2329 return ServiceConstants::BUNDLE_APP_DATA_BASE_DIR + el + ServiceConstants::PATH_SEPARATOR + std::to_string(userId)
2330 + ServiceConstants::DATA_GROUP_PATH + uuid;
2331 }
2332
CreateDataGroupDirs(const std::vector<CreateDirParam> & params)2333 ErrCode InstalldHostImpl::CreateDataGroupDirs(const std::vector<CreateDirParam> ¶ms)
2334 {
2335 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2336 LOG_E(BMS_TAG_INSTALLD, "permission denied");
2337 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2338 }
2339 ErrCode result = ERR_OK;
2340 for (const CreateDirParam ¶m : params) {
2341 if (CreateDataGroupDir(param) != ERR_OK) {
2342 LOG_E(BMS_TAG_INSTALLD, "create group dir %{private}s failed", param.uuid.c_str());
2343 result = ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
2344 }
2345 }
2346 return result;
2347 }
2348
CreateDataGroupDir(const CreateDirParam & param)2349 ErrCode InstalldHostImpl::CreateDataGroupDir(const CreateDirParam ¶m)
2350 {
2351 if (param.uuid.empty() || param.userId < 0 ||
2352 param.uid < 0 || param.gid < 0) {
2353 LOG_E(BMS_TAG_INSTALLD, "invalid param, uuid %{private}s "
2354 "-u %{public}d uid %{public}d gid %{public}d", param.uuid.c_str(),
2355 param.userId, param.uid, param.gid);
2356 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
2357 }
2358 // create el2~el4 group dirs
2359 ErrCode result = ERR_OK;
2360 const std::vector<std::string> elList { "el2", "el3", "el4" };
2361 for (const auto &el : elList) {
2362 std::string userDir = ServiceConstants::BUNDLE_APP_DATA_BASE_DIR +
2363 el + ServiceConstants::PATH_SEPARATOR + std::to_string(param.userId);
2364 if (access(userDir.c_str(), F_OK) != 0) {
2365 LOG_W(BMS_TAG_INSTALLD, "user directory %{public}s does not existed", userDir.c_str());
2366 result = ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
2367 continue;
2368 }
2369 std::string groupDir = userDir + ServiceConstants::DATA_GROUP_PATH + param.uuid;
2370 if (!InstalldOperator::MkOwnerDir(
2371 groupDir, ServiceConstants::DATA_GROUP_DIR_MODE, param.uid, param.gid)) {
2372 LOG_E(BMS_TAG_INSTALLD, "create group dir failed error %{public}s", strerror(errno));
2373 result = ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
2374 continue;
2375 }
2376 }
2377 return result;
2378 }
2379
DeleteDataGroupDirs(const std::vector<std::string> & uuidList,int32_t userId)2380 ErrCode InstalldHostImpl::DeleteDataGroupDirs(const std::vector<std::string> &uuidList, int32_t userId)
2381 {
2382 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2383 LOG_E(BMS_TAG_INSTALLD, "permission denied");
2384 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2385 }
2386 if (uuidList.empty() || userId < 0) {
2387 LOG_E(BMS_TAG_INSTALLD, "invalid param, uuidList size %{public}zu "
2388 "-u %{public}d", uuidList.size(), userId);
2389 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
2390 }
2391 // remove el2~el4 group dirs
2392 ErrCode result = ERR_OK;
2393 for (const auto &el : ServiceConstants::BUNDLE_EL) {
2394 if (el == ServiceConstants::BUNDLE_EL[0]) {
2395 continue;
2396 }
2397 for (const std::string &uuid : uuidList) {
2398 std::string groupDir = GetGroupDirPath(el, userId, uuid);
2399 if (!InstalldOperator::DeleteDir(groupDir)) {
2400 LOG_E(BMS_TAG_INSTALLD, "remove dir %{private}s failed, errno is %{public}d", groupDir.c_str(), errno);
2401 result = ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2402 }
2403 }
2404 }
2405
2406 auto el5Res = DeleteEl5DataGroupDirs(uuidList, userId);
2407 if (el5Res != ERR_OK) {
2408 LOG_W(BMS_TAG_INSTALLD, "el5 group directory del failed, res %{public}d", el5Res);
2409 result = el5Res;
2410 }
2411 return result;
2412 }
2413
DeleteEl5DataGroupDirs(const std::vector<std::string> & uuidList,int32_t userId)2414 ErrCode InstalldHostImpl::DeleteEl5DataGroupDirs(const std::vector<std::string> &uuidList, int32_t userId)
2415 {
2416 ErrCode result = ERR_OK;
2417 for (const std::string &uuid : uuidList) {
2418 std::string groupDir = GetGroupDirPath(ServiceConstants::DIR_EL5, userId, uuid);
2419 if (access(groupDir.c_str(), F_OK) != 0) {
2420 LOG_D(BMS_TAG_INSTALLD, "group directory %{private}s does not existed", groupDir.c_str());
2421 continue;
2422 }
2423 // delete dir
2424 if (!InstalldOperator::DeleteDir(groupDir)) {
2425 LOG_E(BMS_TAG_INSTALLD, "remove dir %{private}s failed, errno is %{public}d", groupDir.c_str(), errno);
2426 result = ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2427 continue;
2428 }
2429 // delete key id
2430 EncryptionParam encryptionParam("", uuid, 0, userId, EncryptionDirType::GROUP);
2431 if (!InstalldOperator::DeleteKeyId(encryptionParam)) {
2432 LOG_E(BMS_TAG_INSTALLD, "delete keyId fail");
2433 result = ERR_APPEXECFWK_INSTALLD_DELETE_KEY_FAILED;
2434 }
2435 }
2436 return result;
2437 }
2438
BackUpFirstBootLog()2439 ErrCode InstalldHostImpl::BackUpFirstBootLog()
2440 {
2441 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2442 LOG_E(BMS_TAG_INSTALLD, "permission denied");
2443 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2444 }
2445 std::string realLogPath;
2446 if (!PathToRealPath(LOG_PATH, realLogPath)) {
2447 LOG_E(BMS_TAG_INSTALLER, "not real path: %{public}s", LOG_PATH);
2448 return ERR_APPEXECFWK_INSTALL_FILE_PATH_INVALID;
2449 }
2450 if (!InstalldOperator::IsExistDir(realLogPath)) {
2451 APP_LOGE("No /log path");
2452 return ERR_APPEXECFWK_INSTALLD_LOG_PATH_NOT_EXIST;
2453 }
2454 std::vector<std::string> logFiles = InstalldOperator::GetFirstBootLogFile();
2455 if (logFiles.empty()) {
2456 LOG_E(BMS_TAG_INSTALLD, "no log found");
2457 return ERR_APPEXECFWK_INSTALLD_NO_LOG_FILE_FOUND;
2458 }
2459 InstalldOperator::DeleteDir(FIRST_BOOT_LOG_BACK_UP_PATH);
2460 if (!InstalldOperator::MkOwnerDir(FIRST_BOOT_LOG_BACK_UP_PATH,
2461 S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH, INSTALLS_UID, INSTALLS_UID)) {
2462 LOG_E(BMS_TAG_INSTALLD, "make %{public}s failed", FIRST_BOOT_LOG_BACK_UP_PATH);
2463 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
2464 }
2465 for (const auto& file : logFiles) {
2466 std::string realFilePath;
2467 if (!PathToRealPath(file, realFilePath)) {
2468 LOG_E(BMS_TAG_INSTALLER, "not real path: %{public}s", file.c_str());
2469 continue;
2470 }
2471 std::string filename = InstalldOperator::GetFileName(file);
2472 LOG_D(BMS_TAG_INSTALLD, "FilePath:%{public}s, filename:%{public}s", file.c_str(), filename.c_str());
2473 std::string desFile = std::string(FIRST_BOOT_LOG_BACK_UP_PATH) + "/" + filename;
2474 if (!InstalldOperator::CopyFileFast(file, desFile)) {
2475 LOG_E(BMS_TAG_INSTALLD, "copy file error No: %{public}d:%{public}s", errno, strerror(errno));
2476 }
2477 }
2478
2479 return ERR_OK;
2480 }
2481 } // namespace AppExecFwk
2482 } // namespace OHOS
2483