1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #define LOG_TAG "BundleChecker"
16
17 #include "bundle_checker.h"
18 #include <memory>
19 #include "accesstoken_kit.h"
20 #include "bundlemgr/bundle_mgr_proxy.h"
21 #include "hap_token_info.h"
22 #include "ipc_skeleton.h"
23 #include "iservice_registry.h"
24 #include "log_print.h"
25 #include "system_ability_definition.h"
26 #include "utils/crypto.h"
27
28 namespace OHOS {
29 namespace DistributedData {
30 using namespace Security::AccessToken;
31 __attribute__((used)) BundleChecker BundleChecker::instance_;
BundleChecker()32 BundleChecker::BundleChecker() noexcept
33 {
34 CheckerManager::GetInstance().RegisterPlugin(
35 "BundleChecker", [this]() -> auto { return this; });
36 }
37
~BundleChecker()38 BundleChecker::~BundleChecker()
39 {
40 }
41
Initialize()42 void BundleChecker::Initialize()
43 {
44 }
45
SetTrustInfo(const CheckerManager::Trust & trust)46 bool BundleChecker::SetTrustInfo(const CheckerManager::Trust &trust)
47 {
48 trusts_[trust.bundleName] = trust.appId;
49 return true;
50 }
51
SetDistrustInfo(const CheckerManager::Distrust & distrust)52 bool BundleChecker::SetDistrustInfo(const CheckerManager::Distrust &distrust)
53 {
54 distrusts_[distrust.bundleName] = distrust.appId;
55 return true;
56 }
57
SetSwitchesInfo(const CheckerManager::Switches & switches)58 bool BundleChecker::SetSwitchesInfo(const CheckerManager::Switches &switches)
59 {
60 switches_[switches.bundleName] = switches.appId;
61 return true;
62 }
63
GetBundleAppId(const CheckerManager::StoreInfo & info)64 std::string BundleChecker::GetBundleAppId(const CheckerManager::StoreInfo &info)
65 {
66 auto samgrProxy = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
67 if (samgrProxy == nullptr) {
68 ZLOGE("Failed to get system ability mgr.");
69 return "";
70 }
71 auto bundleMgrProxy = samgrProxy->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
72 if (bundleMgrProxy == nullptr) {
73 ZLOGE("Failed to Get BMS SA.");
74 return "";
75 }
76 auto bundleManager = iface_cast<AppExecFwk::IBundleMgr>(bundleMgrProxy);
77 if (bundleManager == nullptr) {
78 ZLOGE("Failed to get bundle manager");
79 return "";
80 }
81 int32_t userId = info.uid / OHOS::AppExecFwk::Constants::BASE_USER_RANGE;
82 std::string appId = bundleManager->GetAppIdByBundleName(info.bundleName, userId);
83 if (appId.empty()) {
84 ZLOGE("GetAppIdByBundleName failed appId:%{public}s, bundleName:%{public}s, uid:%{public}d",
85 appId.c_str(), info.bundleName.c_str(), userId);
86 }
87 return appId;
88 }
89
GetAppId(const CheckerManager::StoreInfo & info)90 std::string BundleChecker::GetAppId(const CheckerManager::StoreInfo &info)
91 {
92 if (AccessTokenKit::GetTokenTypeFlag(info.tokenId) != TOKEN_HAP) {
93 return "";
94 }
95 auto appId = GetBundleAppId(info);
96 if (appId.empty()) {
97 return "";
98 }
99 auto it = trusts_.find(info.bundleName);
100 if (it != trusts_.end() && (it->second == appId)) {
101 return info.bundleName;
102 }
103 ZLOGD("bundleName:%{public}s, appId:%{public}s", info.bundleName.c_str(), appId.c_str());
104 return Crypto::Sha256(appId);
105 }
106
IsValid(const CheckerManager::StoreInfo & info)107 bool BundleChecker::IsValid(const CheckerManager::StoreInfo &info)
108 {
109 if (AccessTokenKit::GetTokenTypeFlag(info.tokenId) != TOKEN_HAP) {
110 return false;
111 }
112
113 HapTokenInfo tokenInfo;
114 if (AccessTokenKit::GetHapTokenInfo(info.tokenId, tokenInfo) != RET_SUCCESS) {
115 return false;
116 }
117
118 return tokenInfo.bundleName == info.bundleName;
119 }
120
IsDistrust(const CheckerManager::StoreInfo & info)121 bool BundleChecker::IsDistrust(const CheckerManager::StoreInfo &info)
122 {
123 if (AccessTokenKit::GetTokenTypeFlag(info.tokenId) != TOKEN_HAP) {
124 return false;
125 }
126 auto appId = GetBundleAppId(info);
127 if (appId.empty()) {
128 return false;
129 }
130 auto it = distrusts_.find(info.bundleName);
131 if (it != distrusts_.end() && (it->second == appId)) {
132 return true;
133 }
134 return false;
135 }
136
IsSwitches(const CheckerManager::StoreInfo & info)137 bool BundleChecker::IsSwitches(const CheckerManager::StoreInfo &info)
138 {
139 return false;
140 }
141
GetDynamicStores()142 std::vector<CheckerManager::StoreInfo> BundleChecker::GetDynamicStores()
143 {
144 return dynamicStores_;
145 }
146
GetStaticStores()147 std::vector<CheckerManager::StoreInfo> BundleChecker::GetStaticStores()
148 {
149 return staticStores_;
150 }
151
IsDynamic(const CheckerManager::StoreInfo & info)152 bool BundleChecker::IsDynamic(const CheckerManager::StoreInfo &info)
153 {
154 for (const auto &store : dynamicStores_) {
155 if (info.bundleName == store.bundleName && info.storeId == store.storeId) {
156 return true;
157 }
158 }
159 return false;
160 }
161
IsStatic(const CheckerManager::StoreInfo & info)162 bool BundleChecker::IsStatic(const CheckerManager::StoreInfo &info)
163 {
164 for (const auto &store : staticStores_) {
165 if (info.bundleName == store.bundleName && info.storeId == store.storeId) {
166 return true;
167 }
168 }
169 return false;
170 }
171
AddDynamicStore(const CheckerManager::StoreInfo & storeInfo)172 bool BundleChecker::AddDynamicStore(const CheckerManager::StoreInfo &storeInfo)
173 {
174 dynamicStores_.push_back(storeInfo);
175 return true;
176 }
177
AddStaticStore(const CheckerManager::StoreInfo & storeInfo)178 bool BundleChecker::AddStaticStore(const CheckerManager::StoreInfo &storeInfo)
179 {
180 staticStores_.push_back(storeInfo);
181 return true;
182 }
183 } // namespace DistributedData
184 } // namespace OHOS