1 /*
2 * Copyright (c) 2022-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "cm_ipc_service.h"
17
18 #include "cm_log.h"
19 #include "cm_mem.h"
20 #include "cm_ipc_service_serialization.h"
21
22 #include "cm_param.h"
23 #include "cm_pfx.h"
24 #include "cm_report_wrapper.h"
25 #include "cm_response.h"
26 #include "cm_security_guard_info.h"
27 #include "cm_type.h"
28
29 #include "cert_manager.h"
30 #include "cert_manager_check.h"
31 #include "cert_manager_key_operation.h"
32 #include "cert_manager_permission_check.h"
33 #include "cert_manager_query.h"
34 #include "cert_manager_service.h"
35 #include "cert_manager_status.h"
36 #include "cert_manager_uri.h"
37 #include "cert_manager_updateflag.h"
38 #include "cert_manager_storage.h"
39 #include "cert_manager_file_operator.h"
40
41 #define MAX_LEN_CERTIFICATE 8196
42
GetInputParams(const struct CmBlob * paramSetBlob,struct CmParamSet ** paramSet,struct CmContext * cmContext,struct CmParamOut * params,uint32_t paramsCount)43 static int32_t GetInputParams(const struct CmBlob *paramSetBlob, struct CmParamSet **paramSet,
44 struct CmContext *cmContext, struct CmParamOut *params, uint32_t paramsCount)
45 {
46 int32_t ret = CmGetProcessInfoForIPC(cmContext);
47 if (ret != CM_SUCCESS) {
48 CM_LOG_E("get ipc info failed, ret = %d", ret);
49 return ret;
50 }
51
52 /* The paramSet blob pointer needs to be refreshed across processes. */
53 ret = CmGetParamSet((struct CmParamSet *)paramSetBlob->data, paramSetBlob->size, paramSet);
54 if (ret != CM_SUCCESS) {
55 CM_LOG_E("get paramSet failed, ret = %d", ret);
56 return ret;
57 }
58
59 ret = CmParamSetToParams(*paramSet, params, paramsCount);
60 if (ret != CM_SUCCESS) {
61 CM_LOG_E("get params from paramSet failed, ret = %d", ret);
62 }
63
64 return ret;
65 }
66
CmIpcServiceGetCertificateList(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)67 void CmIpcServiceGetCertificateList(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
68 const struct CmContext *context)
69 {
70 int32_t ret;
71 uint32_t store;
72 struct CmContext cmContext = {0};
73 struct CmMutableBlob certFileList = { 0, NULL };
74 struct CmParamSet *paramSet = NULL;
75 struct CmParamOut params[] = {
76 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
77 };
78
79 do {
80 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
81 if (ret != CM_SUCCESS) {
82 CM_LOG_E("GetCaCertList get input params failed, ret = %d", ret);
83 break;
84 }
85
86 ret = CmServiceGetSystemCertListCheck(store);
87 if (ret != CM_SUCCESS) {
88 CM_LOG_E("CmIpcServiceGetSystemCertCheck fail, ret = %d", ret);
89 break;
90 }
91
92 const struct UserCAProperty prop = { INIT_INVALID_VALUE, CM_ALL_USER };
93 ret = CmServiceGetCertList(&cmContext, &prop, store, &certFileList);
94 if (ret != CM_SUCCESS) {
95 CM_LOG_E("get cert list failed, ret = %d", ret);
96 break;
97 }
98
99 ret = CmServiceGetCertListPack(&cmContext, store, &certFileList, outData);
100 if (ret != CM_SUCCESS) {
101 CM_LOG_E("cert list data pack fail, ret = %d", ret);
102 break;
103 }
104
105 CmSendResponse(context, ret, outData);
106 } while (0);
107 CmReport(__func__, &cmContext, NULL, ret);
108
109 if (ret != CM_SUCCESS) {
110 CmSendResponse(context, ret, NULL);
111 }
112
113 if (certFileList.data != NULL) {
114 CmFreeCertFiles((struct CertFileInfo *)certFileList.data, certFileList.size);
115 }
116 CmFreeParamSet(¶mSet);
117
118 CM_LOG_I("leave: ret = %d", ret);
119 }
120
CmIpcServiceGetCertificateInfo(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)121 void CmIpcServiceGetCertificateInfo(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
122 const struct CmContext *context)
123 {
124 int32_t ret;
125 uint32_t status = 0;
126 uint32_t store;
127 struct CmContext cmContext = {0};
128 struct CmBlob certificateData = { 0, NULL };
129 struct CmBlob certUri = { 0, NULL };
130 struct CmParamSet *paramSet = NULL;
131 struct CmParamOut params[] = {
132 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri},
133 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store},
134 };
135
136 do {
137 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
138 if (ret != CM_SUCCESS) {
139 CM_LOG_E("GetUserCertInfo get input params failed, ret = %d", ret);
140 break;
141 }
142
143 ret = CmServiceGetSystemCertCheck(store, &certUri);
144 if (ret != CM_SUCCESS) {
145 CM_LOG_E("CmServiceGetSystemCertCheck failed, ret = %d", ret);
146 break;
147 }
148
149 ret = CmServiceGetCertInfo(&cmContext, &certUri, store, &certificateData, &status);
150 if (ret != CM_SUCCESS) {
151 CM_LOG_E("get cert info failed, ret = %d", ret);
152 break;
153 }
154
155 ret = CmServiceGetCertInfoPack(store, &certificateData, status, &certUri, outData);
156 if (ret != CM_SUCCESS) {
157 CM_LOG_E("cert info data pack failed, ret = %d", ret);
158 break;
159 }
160
161 CmSendResponse(context, ret, outData);
162 } while (0);
163 CmReport(__func__, &cmContext, &certUri, ret);
164
165 if (ret != CM_SUCCESS) {
166 CmSendResponse(context, ret, NULL);
167 }
168 CM_FREE_BLOB(certificateData);
169 CmFreeParamSet(¶mSet);
170
171 CM_LOG_I("leave: ret = %d", ret);
172 }
173
CmIpcServiceSetCertStatus(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)174 void CmIpcServiceSetCertStatus(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
175 const struct CmContext *context)
176 {
177 int32_t ret;
178 uint32_t store = CM_SYSTEM_TRUSTED_STORE;
179 uint32_t status = INIT_INVALID_VALUE;
180 struct CmContext cmContext = {0};
181 struct CmBlob certUri = { 0, NULL };
182 struct CmParamSet *paramSet = NULL;
183 struct CmParamOut params[] = {
184 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri},
185 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store},
186 { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &status},
187 };
188
189 do {
190 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
191 if (ret != CM_SUCCESS) {
192 CM_LOG_E("SetUserCertStatus get input params failed, ret = %d", ret);
193 break;
194 }
195
196 ret = CmServiceSetCertStatusCheck(store, &certUri, status);
197 if (ret != CM_SUCCESS) {
198 CM_LOG_E("CmServiceSetCertStatusCheck check failed, ret = %d", ret);
199 break;
200 }
201 } while (0);
202 CmReport(__func__, &cmContext, &certUri, ret);
203
204 CmSendResponse(context, ret, NULL);
205 CmReportSGSetCertStatus(&certUri, store, status, ret);
206 CmFreeParamSet(¶mSet);
207
208 CM_LOG_I("leave: ret = %d", ret);
209 }
210
CmIpcServiceInstallAppCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)211 void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
212 const struct CmContext *context)
213 {
214 uint32_t store = CM_CREDENTIAL_STORE;
215 uint32_t userId = 0;
216 struct CmBlob appCert = { 0, NULL };
217 struct CmBlob appCertPwd = { 0, NULL };
218 struct CmBlob certAlias = { 0, NULL };
219 enum CmAuthStorageLevel level;
220 struct CmParamOut params[] = {
221 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &appCert },
222 { .tag = CM_TAG_PARAM1_BUFFER, .blob = &appCertPwd },
223 { .tag = CM_TAG_PARAM2_BUFFER, .blob = &certAlias },
224 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
225 { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &userId },
226 { .tag = CM_TAG_PARAM2_UINT32, .uint32Param = &level },
227 };
228
229 int32_t ret;
230 struct CmContext cmContext = { 0 };
231 struct CmContext oriContext = {0};
232 struct CmParamSet *paramSet = NULL;
233 do {
234 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
235 if (ret != CM_SUCCESS) {
236 CM_LOG_E("install app cert get input params failed, ret = %d", ret);
237 break;
238 }
239 oriContext.userId = cmContext.userId;
240 oriContext.uid = cmContext.uid;
241
242 struct CmAppCertParam certParam = { &appCert, &appCertPwd, &certAlias, store, userId, level };
243 ret = CmServicInstallAppCert(&cmContext, &certParam, outData);
244 if (ret != CM_SUCCESS) {
245 CM_LOG_E("service install app cert failed, ret = %d", ret);
246 break;
247 }
248 } while (0);
249
250 struct CmBlob tempBlob = { 0, NULL };
251 CmReport(__func__, &oriContext, &tempBlob, ret);
252
253 CmSendResponse(context, ret, outData);
254 CmReportSGInstallAppCert(&certAlias, store, ret);
255 CmFreeParamSet(¶mSet);
256
257 CM_LOG_I("leave: ret = %d", ret);
258 }
259
CmIpcServiceUninstallAppCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)260 void CmIpcServiceUninstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
261 const struct CmContext *context)
262 {
263 int32_t ret;
264 (void)outData;
265 uint32_t store = CM_CREDENTIAL_STORE;
266 struct CmParamSet *paramSet = NULL;
267 struct CmBlob keyUri = { 0, NULL };
268 struct CmContext cmContext = {0};
269 struct CmContext oriContext = {0};
270
271 struct CmParamOut params[] = {
272 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri },
273 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
274 };
275
276 do {
277 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
278 if (ret != CM_SUCCESS) {
279 CM_LOG_E("UninstallAppCert get input params failed, ret = %d", ret);
280 break;
281 }
282 oriContext.userId = cmContext.userId;
283 oriContext.uid = cmContext.uid;
284
285 ret = CmServiceUninstallAppCertCheck(&cmContext, store, &keyUri);
286 if (ret != CM_SUCCESS) {
287 CM_LOG_E("UninstallAppCert CmServiceGetSystemCertCheck failed, ret = %d", ret);
288 break;
289 }
290
291 ret = CmRemoveAppCert(&cmContext, &keyUri, store);
292 if (ret != CM_SUCCESS) {
293 CM_LOG_E("CmRemoveAppCert fail");
294 }
295 } while (0);
296
297 CmReport(__func__, &oriContext, &keyUri, ret);
298 CmSendResponse(context, ret, NULL);
299 CmReportSGUninstallAppCert(&keyUri, store, false, ret);
300 CmFreeParamSet(¶mSet);
301
302 CM_LOG_I("leave: ret = %d", ret);
303 }
304
CmIpcServiceUninstallAllAppCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)305 void CmIpcServiceUninstallAllAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
306 const struct CmContext *context)
307 {
308 (void)outData;
309 (void)paramSetBlob;
310 int32_t ret = CM_SUCCESS;
311 struct CmContext cmContext = {0};
312
313 do {
314 ret = CmGetProcessInfoForIPC(&cmContext);
315 if (ret != CM_SUCCESS) {
316 CM_LOG_E("CmGetProcessInfoForIPC fail, ret = %d", ret);
317 break;
318 }
319
320 ret = CmRemoveAllAppCert(&cmContext);
321 if (ret != CM_SUCCESS) {
322 CM_LOG_E("CmRemoveAllAppCert fail");
323 break;
324 }
325 } while (0);
326
327 CmReport(__func__, &cmContext, NULL, ret);
328 CmSendResponse(context, ret, NULL);
329 CmReportSGUninstallAppCert(NULL, INIT_INVALID_VALUE, true, ret);
330
331 CM_LOG_I("leave: ret = %d", ret);
332 }
333
GetAppCertInfo(const struct CmBlob * keyUri,struct CmBlob * certType,struct CmBlob * certUri,struct CmBlob * cerAlias)334 static int32_t GetAppCertInfo(const struct CmBlob *keyUri, struct CmBlob *certType,
335 struct CmBlob *certUri, struct CmBlob *cerAlias)
336 {
337 int32_t ret;
338 struct CMUri uri;
339 (void)memset_s(&uri, sizeof(struct CMUri), 0, sizeof(struct CMUri));
340
341 do {
342 ret = CertManagerUriDecode(&uri, (char *)keyUri->data);
343 if (ret != CM_SUCCESS) {
344 CM_LOG_E("CertManagerUriDecode failed");
345 break;
346 }
347 if ((uri.type >= TYPE_COUNT) || (uri.object == NULL)) {
348 CM_LOG_E("uri's type[%u] or object is invalid after decode", uri.type);
349 ret = CMR_ERROR_INVALID_ARGUMENT_URI;
350 break;
351 }
352
353 if (memcpy_s(certType->data, certType->size, g_types[uri.type], strlen(g_types[uri.type]) + 1) != EOK) {
354 CM_LOG_E("Failed to copy certType->data");
355 ret = CMR_ERROR_MEM_OPERATION_COPY;
356 break;
357 }
358 certType->size = strlen(g_types[uri.type]) + 1;
359
360 if (memcpy_s(certUri->data, certUri->size, keyUri->data, keyUri->size) != EOK) {
361 CM_LOG_E("Failed to copy certUri->data");
362 ret = CMR_ERROR_MEM_OPERATION_COPY;
363 break;
364 }
365 certUri->size = keyUri->size;
366
367 ret = CmGetDisplayNameByURI(keyUri, uri.object, cerAlias);
368 if (ret != CM_SUCCESS) {
369 CM_LOG_E("Failed to CMGetDisplayNameByURI");
370 break;
371 }
372 } while (0);
373
374 CertManagerFreeUri(&uri);
375 return ret;
376 }
377
CmCertListGetAppCertInfo(const struct CmBlob * fileName,struct CmBlob * certType,struct CmBlob * certUri,struct CmBlob * certAlias)378 static int32_t CmCertListGetAppCertInfo(const struct CmBlob *fileName, struct CmBlob *certType,
379 struct CmBlob *certUri, struct CmBlob *certAlias)
380 {
381 char uriBuf[MAX_LEN_URI] = {0};
382 struct CmBlob keyUri = { sizeof(uriBuf), (uint8_t *)uriBuf };
383
384 int32_t ret = CmGetUri((char *)fileName->data, &keyUri);
385 if (ret != CM_SUCCESS) {
386 CM_LOG_E("Get uri failed");
387 return ret;
388 }
389
390 ret = GetAppCertInfo(&keyUri, certType, certUri, certAlias);
391 if (ret != CM_SUCCESS) {
392 CM_LOG_E("GetAppCertInfo failed");
393 return ret;
394 }
395
396 return ret;
397 }
398
CmServiceGetAppCertListPack(struct CmBlob * certificateList,const struct CmBlob * fileNames,const uint32_t fileCount)399 static int32_t CmServiceGetAppCertListPack(struct CmBlob *certificateList, const struct CmBlob *fileNames,
400 const uint32_t fileCount)
401 {
402 /* buff struct: cert count + (cert type + cert uri + cert alias) * MAX_CERT_COUNT */
403 uint32_t buffSize = sizeof(uint32_t) + (sizeof(uint32_t) + MAX_LEN_SUBJECT_NAME + sizeof(uint32_t) +
404 MAX_LEN_URI + sizeof(uint32_t) + MAX_LEN_CERT_ALIAS) * MAX_COUNT_CERTIFICATE;
405 certificateList->data = (uint8_t *)CmMalloc(buffSize);
406 if (certificateList->data == NULL) {
407 return CMR_ERROR_MALLOC_FAIL;
408 }
409 certificateList->size = buffSize;
410
411 uint32_t offset = 0;
412 int32_t ret = CopyUint32ToBuffer(fileCount, certificateList, &offset);
413 if (ret != CM_SUCCESS) {
414 CM_LOG_E("Copy certificate count failed");
415 return ret;
416 }
417
418 for (uint32_t i = 0; i < fileCount; i++) {
419 uint8_t typeBuf[MAX_LEN_SUBJECT_NAME] = {0};
420 struct CmBlob certType = { sizeof(typeBuf), typeBuf };
421 uint8_t certUriBuf[MAX_LEN_URI] = {0};
422 struct CmBlob certUri = { sizeof(certUriBuf), certUriBuf };
423 uint8_t aliasBuf[MAX_LEN_CERT_ALIAS] = {0};
424 struct CmBlob certAlias = { sizeof(aliasBuf), aliasBuf };
425
426 ret = CmCertListGetAppCertInfo(&fileNames[i], &certType, &certUri, &certAlias);
427 if (ret != CM_SUCCESS) {
428 CM_LOG_E("CmCertListGetAppCertInfo failed");
429 return ret;
430 }
431
432 ret = CopyBlobToBuffer(&certType, certificateList, &offset);
433 if (ret != CM_SUCCESS) {
434 CM_LOG_E("Copy certType failed");
435 return ret;
436 }
437
438 ret = CopyBlobToBuffer(&certUri, certificateList, &offset);
439 if (ret != CM_SUCCESS) {
440 CM_LOG_E("Copy certUri failed");
441 return ret;
442 }
443
444 ret = CopyBlobToBuffer(&certAlias, certificateList, &offset);
445 if (ret != CM_SUCCESS) {
446 CM_LOG_E("Copy certAlies failed");
447 return ret;
448 }
449 }
450
451 return ret;
452 }
453
CmIpcServiceGetAppCertList(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)454 void CmIpcServiceGetAppCertList(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
455 const struct CmContext *context)
456 {
457 int32_t ret;
458 (void)outData;
459 uint32_t store;
460 uint32_t fileCount = 0;
461 struct CmContext cmContext = {0};
462 struct CmBlob certificateList = { 0, NULL };
463 struct CmBlob fileNames[MAX_COUNT_CERTIFICATE];
464 uint32_t len = MAX_COUNT_CERTIFICATE * sizeof(struct CmBlob);
465 (void)memset_s(fileNames, len, 0, len);
466 struct CmParamSet *paramSet = NULL;
467 struct CmParamOut params[] = {
468 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
469 };
470
471 do {
472 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
473 if (ret != CM_SUCCESS) {
474 CM_LOG_E("CmIpcServiceGetAppCertList get input params failed, ret = %d", ret);
475 break;
476 }
477
478 ret = CmServiceGetAppCertListCheck(&cmContext, store);
479 if (ret != CM_SUCCESS) {
480 CM_LOG_E("CmServiceGetAppCertListCheck fail, ret = %d", ret);
481 break;
482 }
483
484 ret = CmServiceGetAppCertList(&cmContext, store, fileNames, MAX_COUNT_CERTIFICATE, &fileCount);
485 if (ret != CM_SUCCESS) {
486 CM_LOG_E("Get App cert list fail, ret = %d", ret);
487 break;
488 }
489
490 ret = CmServiceGetAppCertListPack(&certificateList, fileNames, fileCount);
491 if (ret != CM_SUCCESS) {
492 CM_LOG_E("CmServiceGetAppCertListPack pack fail, ret = %d", ret);
493 }
494 } while (0);
495
496 CmReport(__func__, &cmContext, NULL, ret);
497 CmSendResponse(context, ret, &certificateList);
498 CmFreeParamSet(¶mSet);
499 CmFreeFileNames(fileNames, fileCount);
500 CM_FREE_BLOB(certificateList);
501
502 CM_LOG_I("leave: ret = %d", ret);
503 }
504
CmIpcServiceGetCallingAppCertList(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)505 void CmIpcServiceGetCallingAppCertList(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
506 const struct CmContext *context)
507 {
508 int32_t ret;
509 (void)outData;
510 uint32_t store;
511 uint32_t fileCount = 0;
512 struct CmContext cmContext = {0};
513 struct CmBlob certificateList = { 0, NULL };
514 struct CmBlob fileNamesBlob[MAX_COUNT_CERTIFICATE];
515 uint32_t len = MAX_COUNT_CERTIFICATE * sizeof(struct CmBlob);
516 (void)memset_s(fileNamesBlob, len, 0, len);
517 struct CmParamSet *paramSets = NULL;
518 struct CmParamOut params[] = {
519 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
520 };
521
522 do {
523 ret = GetInputParams(paramSetBlob, ¶mSets, &cmContext, params, CM_ARRAY_SIZE(params));
524 if (ret != CM_SUCCESS) {
525 CM_LOG_E("CmIpcServiceGetCallingAppCertList get input params failed, ret = %d", ret);
526 break;
527 }
528
529 ret = CmServiceGetCallingAppCertListCheck(&cmContext, store);
530 if (ret != CM_SUCCESS) {
531 CM_LOG_E("CmServiceGetCallingAppCertListCheck fail, ret = %d", ret);
532 break;
533 }
534
535 ret = CmServiceGetCallingAppCertList(&cmContext, store, fileNamesBlob, MAX_COUNT_CERTIFICATE, &fileCount);
536 if (ret != CM_SUCCESS) {
537 CM_LOG_E("Get calling App cert list fail, ret = %d", ret);
538 break;
539 }
540
541 ret = CmServiceGetAppCertListPack(&certificateList, fileNamesBlob, fileCount);
542 if (ret != CM_SUCCESS) {
543 CM_LOG_E("CmServiceGetAppCertListPack pack fail, ret = %d", ret);
544 }
545 } while (0);
546
547 CmReport(__func__, &cmContext, NULL, ret);
548 CmSendResponse(context, ret, &certificateList);
549 CmFreeParamSet(¶mSets);
550 CmFreeFileNames(fileNamesBlob, fileCount);
551 CM_FREE_BLOB(certificateList);
552
553 CM_LOG_I("leave: ret = %d", ret);
554 }
555
CopyCertificateInfoToBuffer(const struct CmBlob * certBlob,const struct CmBlob * certificateInfo,uint32_t * offset)556 static int32_t CopyCertificateInfoToBuffer(const struct CmBlob *certBlob,
557 const struct CmBlob *certificateInfo, uint32_t *offset)
558 {
559 if (certBlob->size < (sizeof(struct AppCert) - MAX_LEN_CERTIFICATE_CHAIN)) {
560 CM_LOG_E("certInfo size[%u] invalid", certBlob->size);
561 return CMR_ERROR_INVALID_ARGUMENT;
562 }
563
564 struct AppCert *appCert = (struct AppCert *)certBlob->data;
565 if ((certBlob->size - (sizeof(struct AppCert) - MAX_LEN_CERTIFICATE_CHAIN)) < appCert->certSize) {
566 CM_LOG_E("certInfo data size[%u] invalid, certSize[%u]", certBlob->size, appCert->certSize);
567 return CMR_ERROR_INVALID_ARGUMENT;
568 }
569
570 int32_t ret = CopyUint32ToBuffer(appCert->certCount, certificateInfo, offset);
571 if (ret != CM_SUCCESS) {
572 CM_LOG_E("copy appcert->certCount failed");
573 return ret;
574 }
575
576 ret = CopyUint32ToBuffer(appCert->keyCount, certificateInfo, offset);
577 if (ret != CM_SUCCESS) {
578 CM_LOG_E("get appcert->keyCount failed");
579 return ret;
580 }
581
582 struct CmBlob appCertBlob = { appCert->certSize, appCert->appCertdata };
583 ret = CopyBlobToBuffer(&appCertBlob, certificateInfo, offset);
584 if (ret != CM_SUCCESS) {
585 CM_LOG_E("Copy appCertBlob failed");
586 }
587
588 return ret;
589 }
590
CopyCertSize(const struct CmBlob * certBlob,const struct CmBlob * certificateInfo,uint32_t * offset)591 static int32_t CopyCertSize(const struct CmBlob *certBlob, const struct CmBlob *certificateInfo,
592 uint32_t *offset)
593 {
594 uint32_t certCount = (((certBlob->size > 0) && (certBlob->data != NULL)) ? 1 : 0);
595
596 int32_t ret = CopyUint32ToBuffer(certCount, certificateInfo, offset);
597 if (ret != CM_SUCCESS) {
598 CM_LOG_E("copy certificateList->size failed");
599 return ret;
600 }
601 if (certCount == 0) {
602 CM_LOG_E("app cert not exist");
603 return CMR_ERROR_NOT_EXIST;
604 }
605 return ret;
606 }
607
CmAppCertificateInfoPack(struct CmBlob * certificateInfo,const struct CmBlob * certBlob,const struct CmBlob * keyUri)608 static int32_t CmAppCertificateInfoPack(struct CmBlob *certificateInfo,
609 const struct CmBlob *certBlob, const struct CmBlob *keyUri)
610 {
611 /* buff struct: certCount + certType + certAlias + certUri + certNum + keyNum + credData */
612 uint32_t buffSize = sizeof(uint32_t) + sizeof(uint32_t) + MAX_LEN_SUBJECT_NAME +
613 sizeof(uint32_t) + MAX_LEN_CERT_ALIAS + sizeof(uint32_t) + MAX_LEN_URI +
614 sizeof(uint32_t) + sizeof(uint32_t) + sizeof(uint32_t) + MAX_LEN_CERTIFICATE_CHAIN;
615 certificateInfo->data = (uint8_t *)CmMalloc(buffSize);
616 if (certificateInfo->data == NULL) {
617 return CMR_ERROR_MALLOC_FAIL;
618 }
619 certificateInfo->size = buffSize;
620
621 uint32_t offset = 0;
622 if (CopyCertSize(certBlob, certificateInfo, &offset) != CM_SUCCESS) {
623 return CMR_ERROR_NOT_EXIST;
624 }
625
626 uint8_t typeBuf[MAX_LEN_SUBJECT_NAME] = {0};
627 uint8_t certUriBuf[MAX_LEN_URI] = {0};
628 uint8_t aliasBuf[MAX_LEN_CERT_ALIAS] = {0};
629 struct CmBlob certType = { sizeof(typeBuf), typeBuf };
630 struct CmBlob certUri = { sizeof(certUriBuf), certUriBuf };
631 struct CmBlob cerAlias = { sizeof(aliasBuf), aliasBuf };
632 int32_t ret = GetAppCertInfo(keyUri, &certType, &certUri, &cerAlias);
633 if (ret != CM_SUCCESS) {
634 CM_LOG_E("GetAppCertInfo failed");
635 return ret;
636 }
637
638 if (CopyBlobToBuffer(&certType, certificateInfo, &offset) != CM_SUCCESS) {
639 CM_LOG_E("Copy certType failed");
640 return CMR_ERROR;
641 }
642
643 if (CopyBlobToBuffer(&certUri, certificateInfo, &offset) != CM_SUCCESS) {
644 CM_LOG_E("Copy certUri failed");
645 return CMR_ERROR;
646 }
647
648 if (CopyBlobToBuffer(&cerAlias, certificateInfo, &offset) != CM_SUCCESS) {
649 CM_LOG_E("Copy cerAlias failed");
650 return CMR_ERROR;
651 }
652
653 ret = CopyCertificateInfoToBuffer(certBlob, certificateInfo, &offset);
654 if (ret != CM_SUCCESS) {
655 CM_LOG_E("Copy CertificateInfo failed");
656 return ret;
657 }
658
659 return ret;
660 }
661
CmIpcServiceGetAppCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)662 void CmIpcServiceGetAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
663 const struct CmContext *context)
664 {
665 int32_t ret;
666 (void)outData;
667 uint32_t store;
668 struct CmBlob keyUri = { 0, NULL };
669 struct CmBlob certificateInfo = { 0, NULL };
670 struct CmBlob certBlob = { 0, NULL };
671 struct CmContext cmContext = {0};
672 struct CmContext oriContext = {0};
673 struct CmParamSet *paramSet = NULL;
674 struct CmParamOut params[] = {
675 {
676 .tag = CM_TAG_PARAM0_BUFFER,
677 .blob = &keyUri
678 },
679 {
680 .tag = CM_TAG_PARAM0_UINT32,
681 .uint32Param = &store
682 },
683 };
684 do {
685 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
686 if (ret != CM_SUCCESS) {
687 CM_LOG_E("CmIpcServiceGetAppCert get input params failed, ret = %d", ret);
688 break;
689 }
690 oriContext.userId = cmContext.userId;
691 oriContext.uid = cmContext.uid;
692
693 ret = CmServiceGetAppCertCheck(&cmContext, store, &keyUri);
694 if (ret != CM_SUCCESS) {
695 CM_LOG_E("GCmServiceGetAppCertCheck fail, ret = %d", ret);
696 break;
697 }
698
699 ret = CmServiceGetAppCert(&cmContext, store, &keyUri, &certBlob);
700 if (ret != CM_SUCCESS) {
701 CM_LOG_E("Get App cert list fail, ret = %d", ret);
702 break;
703 }
704
705 ret = CmAppCertificateInfoPack(&certificateInfo, &certBlob, &keyUri);
706 if (ret != CM_SUCCESS) {
707 CM_LOG_E("CmAppCertificateInfoPack fail, ret = %d", ret);
708 }
709 } while (0);
710
711 CmReport(__func__, &oriContext, &keyUri, ret);
712 CmSendResponse(context, ret, &certificateInfo);
713 CmFreeParamSet(¶mSet);
714 CM_FREE_BLOB(certBlob);
715 CM_FREE_BLOB(certificateInfo);
716
717 CM_LOG_I("leave: ret = %d", ret);
718 }
719
GetAuthedList(const struct CmContext * context,const struct CmBlob * keyUri,struct CmBlob * outData)720 static int32_t GetAuthedList(const struct CmContext *context, const struct CmBlob *keyUri, struct CmBlob *outData)
721 {
722 if (outData->size < sizeof(uint32_t)) { /* appUidCount size */
723 CM_LOG_E("invalid outData size[%u]", outData->size);
724 return CMR_ERROR_BUFFER_TOO_SMALL;
725 }
726
727 uint32_t count = (outData->size - sizeof(uint32_t)) / sizeof(uint32_t);
728 struct CmAppUidList appUidList = { count, NULL };
729 if (count != 0) {
730 appUidList.appUid = (uint32_t *)(outData->data + sizeof(uint32_t));
731 }
732
733 int32_t ret = CmServiceGetAuthorizedAppList(context, keyUri, &appUidList);
734 if (ret != CM_SUCCESS) {
735 CM_LOG_E("service get authed list failed, ret = %d", ret);
736 return ret;
737 }
738
739 /* refresh outData: 1.refresh appUidCount; 2.appUidCount is no bigger than count */
740 (void)memcpy_s(outData->data, sizeof(uint32_t), &appUidList.appUidCount, sizeof(uint32_t));
741 outData->size = sizeof(uint32_t) + sizeof(uint32_t) * appUidList.appUidCount;
742
743 return CM_SUCCESS;
744 }
745
CmIpcServiceGrantAppCertificate(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)746 void CmIpcServiceGrantAppCertificate(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
747 const struct CmContext *context)
748 {
749 struct CmContext cmContext = { 0, 0, {0} };
750 struct CmParamSet *paramSet = NULL;
751 struct CmBlob keyUri = { 0, NULL };
752 uint32_t grantUid = INIT_INVALID_VALUE;
753 int32_t ret;
754 do {
755 struct CmParamOut params[] = {
756 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri },
757 { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &grantUid },
758 };
759 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
760 if (ret != CM_SUCCESS) {
761 CM_LOG_E("get input params failed, ret = %d", ret);
762 break;
763 }
764
765 ret = CmServiceGrantAppCertificate(&cmContext, &keyUri, grantUid, outData);
766 if (ret != CM_SUCCESS) {
767 CM_LOG_E("service grant app failed, ret = %d", ret);
768 break;
769 }
770 } while (0);
771
772 CmReport(__func__, &cmContext, &keyUri, ret);
773
774 CmSendResponse(context, ret, outData);
775 CmReportSGGrantAppCert(&keyUri, grantUid, false, ret);
776 CmFreeParamSet(¶mSet);
777
778 CM_LOG_I("leave: ret = %d", ret);
779 }
780
CmIpcServiceGetAuthorizedAppList(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)781 void CmIpcServiceGetAuthorizedAppList(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
782 const struct CmContext *context)
783 {
784 struct CmContext cmContext = { 0, 0, {0} };
785 struct CmParamSet *paramSet = NULL;
786 struct CmBlob keyUri = { 0, NULL };
787
788 int32_t ret;
789 do {
790 struct CmParamOut params[] = {
791 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri },
792 };
793 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
794 if (ret != CM_SUCCESS) {
795 CM_LOG_E("get input params failed, ret = %d", ret);
796 break;
797 }
798
799 ret = GetAuthedList(&cmContext, &keyUri, outData);
800 if (ret != CM_SUCCESS) {
801 CM_LOG_E("get authed app list failed, ret = %d", ret);
802 break;
803 }
804 } while (0);
805 CmReport(__func__, &cmContext, &keyUri, ret);
806 CmSendResponse(context, ret, outData);
807 CmFreeParamSet(¶mSet);
808
809 CM_LOG_I("leave: ret = %d", ret);
810 }
811
CmIpcServiceIsAuthorizedApp(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)812 void CmIpcServiceIsAuthorizedApp(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
813 const struct CmContext *context)
814 {
815 (void)outData;
816 struct CmContext cmContext = { 0, 0, {0} };
817 struct CmParamSet *paramSet = NULL;
818 struct CmBlob authUri = { 0, NULL };
819
820 int32_t ret;
821 do {
822 struct CmParamOut params[] = {
823 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &authUri },
824 };
825 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
826 if (ret != CM_SUCCESS) {
827 CM_LOG_E("get input params failed, ret = %d", ret);
828 break;
829 }
830
831 ret = CmServiceIsAuthorizedApp(&cmContext, &authUri);
832 if (ret != CM_SUCCESS) {
833 CM_LOG_E("service check is authed app failed, ret = %d", ret);
834 break;
835 }
836 } while (0);
837
838 CmReport(__func__, &cmContext, &authUri, ret);
839 CmSendResponse(context, ret, NULL);
840 CmFreeParamSet(¶mSet);
841
842 CM_LOG_I("leave: ret = %d", ret);
843 }
844
CmIpcServiceRemoveGrantedApp(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)845 void CmIpcServiceRemoveGrantedApp(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
846 const struct CmContext *context)
847 {
848 struct CmContext cmContext = { 0, 0, {0} };
849 struct CmParamSet *paramSet = NULL;
850 (void)outData;
851 struct CmBlob keyUri = { 0, NULL };
852 uint32_t appUid = INIT_INVALID_VALUE;
853 int32_t ret;
854 do {
855 struct CmParamOut params[] = {
856 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri },
857 { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &appUid },
858 };
859 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
860 if (ret != CM_SUCCESS) {
861 CM_LOG_E("get input params failed, ret = %d", ret);
862 break;
863 }
864
865 ret = CmServiceRemoveGrantedApp(&cmContext, &keyUri, appUid);
866 if (ret != CM_SUCCESS) {
867 CM_LOG_E("service remove grant app failed, ret = %d", ret);
868 break;
869 }
870 } while (0);
871 CmReport(__func__, &cmContext, &keyUri, ret);
872
873 CmSendResponse(context, ret, NULL);
874 CmReportSGGrantAppCert(&keyUri, appUid, true, ret);
875 CmFreeParamSet(¶mSet);
876
877 CM_LOG_I("leave: ret = %d", ret);
878 }
879
CmIpcServiceInit(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)880 void CmIpcServiceInit(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
881 const struct CmContext *context)
882 {
883 struct CmContext cmContext = { 0, 0, {0} };
884 struct CmParamSet *paramSet = NULL;
885 struct CmBlob authUri = { 0, NULL };
886
887 int32_t ret;
888 do {
889 struct CmBlob specBlob = { 0, NULL };
890 struct CmParamOut params[] = {
891 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &authUri },
892 { .tag = CM_TAG_PARAM1_BUFFER, .blob = &specBlob },
893 };
894 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
895 if (ret != CM_SUCCESS) {
896 CM_LOG_E("get input params failed, ret = %d", ret);
897 break;
898 }
899
900 struct CmSignatureSpec spec = { 0 };
901 if (specBlob.size < sizeof(struct CmSignatureSpec)) {
902 CM_LOG_E("invalid input spec size");
903 ret = CMR_ERROR_INVALID_ARGUMENT_SIGN_SPEC;
904 break;
905 }
906 (void)memcpy_s(&spec, sizeof(struct CmSignatureSpec), specBlob.data, sizeof(struct CmSignatureSpec));
907
908 ret = CmServiceInit(&cmContext, &authUri, &spec, outData);
909 if (ret != CM_SUCCESS) {
910 CM_LOG_E("service init failed, ret = %d", ret);
911 break;
912 }
913 } while (0);
914
915 CmReport(__func__, &cmContext, &authUri, ret);
916 CmSendResponse(context, ret, outData);
917 CmFreeParamSet(¶mSet);
918
919 CM_LOG_I("leave: ret = %d", ret);
920 }
921
CmIpcServiceUpdate(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)922 void CmIpcServiceUpdate(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
923 const struct CmContext *context)
924 {
925 (void)outData;
926 struct CmContext cmContext = { 0, 0, {0} };
927 struct CmParamSet *paramSet = NULL;
928
929 int32_t ret;
930 do {
931 struct CmBlob handleUpdate = { 0, NULL };
932 struct CmBlob inDataUpdate = { 0, NULL };
933 struct CmParamOut params[] = {
934 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &handleUpdate },
935 { .tag = CM_TAG_PARAM1_BUFFER, .blob = &inDataUpdate },
936 };
937 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
938 if (ret != CM_SUCCESS) {
939 CM_LOG_E("get input params failed, ret = %d", ret);
940 break;
941 }
942
943 ret = CmServiceUpdate(&cmContext, &handleUpdate, &inDataUpdate);
944 if (ret != CM_SUCCESS) {
945 CM_LOG_E("service update failed, ret = %d", ret);
946 break;
947 }
948 } while (0);
949
950 CmReport(__func__, &cmContext, NULL, ret);
951 CmSendResponse(context, ret, NULL);
952 CmFreeParamSet(¶mSet);
953 CM_LOG_I("leave: ret = %d", ret);
954 }
955
CmIpcServiceFinish(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)956 void CmIpcServiceFinish(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
957 const struct CmContext *context)
958 {
959 struct CmContext cmContext = { 0, 0, {0} };
960 struct CmParamSet *paramSet = NULL;
961
962 int32_t ret;
963 do {
964 struct CmBlob handleFinish = { 0, NULL };
965 struct CmBlob inDataFinish = { 0, NULL };
966 struct CmParamOut params[] = {
967 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &handleFinish },
968 { .tag = CM_TAG_PARAM1_BUFFER, .blob = &inDataFinish },
969 };
970 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
971 if (ret != CM_SUCCESS) {
972 CM_LOG_E("get input params failed, ret = %d", ret);
973 break;
974 }
975
976 ret = CmServiceFinish(&cmContext, &handleFinish, &inDataFinish, outData);
977 if (ret != CM_SUCCESS) {
978 CM_LOG_E("service finish failed, ret = %d", ret);
979 break;
980 }
981 } while (0);
982
983 CmReport(__func__, &cmContext, NULL, ret);
984 CmSendResponse(context, ret, outData);
985 CmFreeParamSet(¶mSet);
986
987 CM_LOG_I("leave: ret = %d", ret);
988 }
989
CmIpcServiceAbort(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)990 void CmIpcServiceAbort(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
991 const struct CmContext *context)
992 {
993 (void)outData;
994 struct CmContext cmContext = { 0, 0, {0} };
995 struct CmParamSet *paramSet = NULL;
996
997 int32_t ret;
998 do {
999 struct CmBlob handle = { 0, NULL };
1000 struct CmParamOut params[] = {
1001 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &handle },
1002 };
1003 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
1004 if (ret != CM_SUCCESS) {
1005 CM_LOG_E("get input params failed, ret = %d", ret);
1006 break;
1007 }
1008
1009 ret = CmServiceAbort(&cmContext, &handle);
1010 if (ret != CM_SUCCESS) {
1011 CM_LOG_E("service abort failed, ret = %d", ret);
1012 break;
1013 }
1014 } while (0);
1015
1016 CmReport(__func__, &cmContext, NULL, ret);
1017 CmSendResponse(context, ret, NULL);
1018 CmFreeParamSet(¶mSet);
1019
1020 CM_LOG_I("leave: ret = %d", ret);
1021 }
1022
CmIpcServiceGetUserCertList(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1023 void CmIpcServiceGetUserCertList(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1024 const struct CmContext *context)
1025 {
1026 int32_t ret = CM_SUCCESS;
1027 uint32_t store;
1028 uint32_t userId;
1029 enum CmCertScope scope;
1030 struct CmContext cmContext = {0};
1031 struct CmParamSet *paramSet = NULL;
1032 struct CmMutableBlob certFileList = { 0, NULL };
1033 struct CmParamOut params[] = {
1034 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
1035 { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &userId },
1036 { .tag = CM_TAG_PARAM2_UINT32, .uint32Param = &scope },
1037 };
1038
1039 do {
1040 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
1041 if (ret != CM_SUCCESS) {
1042 CM_LOG_E("GetUserCertList get input params failed, ret = %d", ret);
1043 break;
1044 }
1045
1046 if (!CmHasCommonPermission()) {
1047 CM_LOG_E("caller no permission");
1048 ret = CMR_ERROR_PERMISSION_DENIED;
1049 break;
1050 }
1051
1052 struct UserCAProperty prop = { userId, scope };
1053 ret = CmServiceGetCertList(&cmContext, &prop, store, &certFileList);
1054 if (ret != CM_SUCCESS) {
1055 CM_LOG_E("GetCertList failed, ret = %d", ret);
1056 break;
1057 }
1058
1059 ret = CmServiceGetCertListPack(&cmContext, store, &certFileList, outData);
1060 if (ret != CM_SUCCESS) {
1061 CM_LOG_E("CmServiceGetCertListPack pack fail, ret = %d", ret);
1062 break;
1063 }
1064
1065 CmSendResponse(context, ret, outData);
1066 } while (0);
1067
1068 struct CmBlob tempBlob = { 0, NULL };
1069 CmReport(__func__, &cmContext, &tempBlob, ret);
1070
1071 if (ret != CM_SUCCESS) {
1072 CmSendResponse(context, ret, NULL);
1073 }
1074
1075 if (certFileList.data != NULL) {
1076 CmFreeCertFiles((struct CertFileInfo *)certFileList.data, certFileList.size);
1077 }
1078 CmFreeParamSet(¶mSet);
1079
1080 CM_LOG_I("leave: ret = %d", ret);
1081 }
1082
CmIpcServiceGetUserCertInfo(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1083 void CmIpcServiceGetUserCertInfo(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1084 const struct CmContext *context)
1085 {
1086 int32_t ret = CM_SUCCESS;
1087 uint32_t store;
1088 uint32_t status = 0;
1089 struct CmBlob certUri = { 0, NULL };
1090 struct CmBlob certificateData = { 0, NULL };
1091 struct CmContext cmContext = {0};
1092 struct CmContext oriContext = {0};
1093 struct CmParamSet *paramSet = NULL;
1094 struct CmParamOut params[] = {
1095 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri},
1096 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store},
1097 };
1098
1099 do {
1100 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
1101 if (ret != CM_SUCCESS) {
1102 CM_LOG_E("GetUserCertInfo get input params failed, ret = %d", ret);
1103 break;
1104 }
1105 oriContext.userId = cmContext.userId;
1106 oriContext.uid = cmContext.uid;
1107
1108 if (!CmHasCommonPermission()) {
1109 CM_LOG_E("caller no permission");
1110 ret = CMR_ERROR_PERMISSION_DENIED;
1111 break;
1112 }
1113
1114 ret = CmServiceGetCertInfo(&cmContext, &certUri, store, &certificateData, &status);
1115 if (ret != CM_SUCCESS) {
1116 CM_LOG_E("GetCertInfo failed, ret = %d", ret);
1117 break;
1118 }
1119
1120 ret = CmServiceGetCertInfoPack(store, &certificateData, status, &certUri, outData);
1121 if (ret != CM_SUCCESS) {
1122 CM_LOG_E("CmServiceGetCertInfoPack pack failed, ret = %d", ret);
1123 break;
1124 }
1125 CmSendResponse(context, ret, outData);
1126 } while (0);
1127 CmReport(__func__, &oriContext, &certUri, ret);
1128 if (ret != CM_SUCCESS) {
1129 CmSendResponse(context, ret, NULL);
1130 }
1131 CM_FREE_BLOB(certificateData);
1132 CmFreeParamSet(¶mSet);
1133
1134 CM_LOG_I("leave: ret = %d", ret);
1135 }
1136
CmIpcServiceSetUserCertStatus(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1137 void CmIpcServiceSetUserCertStatus(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1138 const struct CmContext *context)
1139 {
1140 int32_t ret = CM_SUCCESS;
1141 uint32_t store = CM_USER_TRUSTED_STORE;
1142 uint32_t status = INIT_INVALID_VALUE;
1143 struct CmContext oriContext = {0};
1144 struct CmBlob certUri = { 0, NULL };
1145 struct CmContext cmContext = {0};
1146 struct CmParamSet *paramSet = NULL;
1147 struct CmParamOut params[] = {
1148 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri },
1149 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
1150 { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &status },
1151 };
1152
1153 do {
1154 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
1155 if (ret != CM_SUCCESS) {
1156 CM_LOG_E("SetUserCertStatus get input params failed, ret = %d", ret);
1157 break;
1158 }
1159 oriContext.userId = cmContext.userId;
1160 oriContext.uid = cmContext.uid;
1161
1162 ret = CmServiceSetUserCertStatusCheck(&cmContext, &certUri);
1163 if (ret != CM_SUCCESS) {
1164 CM_LOG_E("CmServiceSetUserCertStatusCheck fail, ret = %d", ret);
1165 break;
1166 }
1167
1168 ret = CmSetStatusBackupCert(&cmContext, &certUri, store, status);
1169 if (ret != CM_SUCCESS) {
1170 CM_LOG_E("CmSetStatusBackupCert failed, ret = %d", ret);
1171 break;
1172 }
1173 } while (0);
1174
1175 CmReport(__func__, &oriContext, &certUri, ret);
1176 CmSendResponse(context, ret, NULL);
1177 CmReportSGSetCertStatus(&certUri, store, status, ret);
1178 CmFreeParamSet(¶mSet);
1179
1180 CM_LOG_I("leave: ret = %d", ret);
1181 }
1182
CmInstallUserCertExecute(const struct InstallUserCertParams * installCertParams,const enum CmCertFileFormat certFormat)1183 static int32_t CmInstallUserCertExecute(const struct InstallUserCertParams *installCertParams,
1184 const enum CmCertFileFormat certFormat)
1185 {
1186 if (installCertParams == NULL || CmCheckBlob(installCertParams->outData) != CM_SUCCESS) {
1187 CM_LOG_E("check out data invalid");
1188 return CMR_ERROR_INVALID_ARGUMENT;
1189 }
1190 int32_t ret = CM_SUCCESS;
1191 if (certFormat == PEM_DER) {
1192 ret = CmInstallUserCert(installCertParams->cmContext, installCertParams->userCert,
1193 installCertParams->certAlias, installCertParams->status, installCertParams->outData);
1194 } else if (certFormat == P7B) {
1195 ret = CmInstallMultiUserCert(installCertParams->cmContext, installCertParams->userCert,
1196 installCertParams->certAlias, installCertParams->status, installCertParams->outData);
1197 } else {
1198 ret = CMR_ERROR_NOT_SUPPORTED;
1199 }
1200 if (ret != CM_SUCCESS) {
1201 CM_LOG_E("install user cert failed, certFormat = %u, ret = %d", certFormat, ret);
1202 }
1203 return ret;
1204 }
1205
CmIpcServiceInstallUserCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1206 void CmIpcServiceInstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1207 const struct CmContext *context)
1208 {
1209 int32_t ret = CM_SUCCESS;
1210 struct CmBlob userCert = { 0, NULL };
1211 struct CmBlob certAlias = { 0, NULL };
1212 uint32_t userId = 0;
1213 uint32_t status = CERT_STATUS_ENANLED;
1214 uint32_t certFormat = PEM_DER;
1215 struct CmContext cmContext = {0};
1216 struct CmContext oriContext = {0};
1217 struct CmParamSet *paramSet = NULL;
1218 struct CmParamOut params[] = {
1219 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &userCert },
1220 { .tag = CM_TAG_PARAM1_BUFFER, .blob = &certAlias },
1221 { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &userId },
1222 { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &status },
1223 { .tag = CM_TAG_PARAM2_UINT32, .uint32Param = &certFormat },
1224 };
1225
1226 do {
1227 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
1228 if (ret != CM_SUCCESS) {
1229 CM_LOG_E("InstallUserCert get input params failed, ret = %d", ret);
1230 break;
1231 }
1232 oriContext.userId = cmContext.userId;
1233 oriContext.uid = cmContext.uid;
1234
1235 ret = CmServiceInstallUserCertCheck(&cmContext, &userCert, &certAlias, userId, certFormat);
1236 if (ret != CM_SUCCESS) {
1237 CM_LOG_E("CmServiceInstallUserCertCheck fail, ret = %d", ret);
1238 break;
1239 }
1240
1241 struct InstallUserCertParams installUserCertParams = { &cmContext, &userCert, &certAlias, outData, status };
1242 ret = CmInstallUserCertExecute(&installUserCertParams, certFormat);
1243 if (ret != CM_SUCCESS) {
1244 CM_LOG_E("CertManagerInstallUserCert fail, ret = %d", ret);
1245 break;
1246 }
1247
1248 CmSendResponse(context, ret, outData);
1249 } while (0);
1250
1251 struct CmBlob tempBlob = { 0, NULL };
1252 CmReport(__func__, &oriContext, &tempBlob, ret);
1253
1254 if (ret != CM_SUCCESS) {
1255 CmSendResponse(context, ret, NULL);
1256 }
1257 CmReportSGInstallUserCert(&certAlias, outData, ret);
1258 CmFreeParamSet(¶mSet);
1259
1260 CM_LOG_I("leave: ret = %d", ret);
1261 }
1262
CmIpcServiceUninstallUserCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1263 void CmIpcServiceUninstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1264 const struct CmContext *context)
1265 {
1266 (void)outData;
1267 int32_t ret = CM_SUCCESS;
1268 struct CmBlob certUri = { 0, NULL };
1269 struct CmContext cmContext = {0};
1270 struct CmContext oriContext = {0};
1271 struct CmParamSet *paramSet = NULL;
1272 struct CmParamOut params[] = {
1273 { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri },
1274 };
1275
1276 do {
1277 ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
1278 if (ret != CM_SUCCESS) {
1279 CM_LOG_E("UninstallUserCert get input params failed, ret = %d", ret);
1280 break;
1281 }
1282 oriContext.userId = cmContext.userId;
1283 oriContext.uid = cmContext.uid;
1284
1285 ret = CmServiceUninstallUserCertCheck(&cmContext, &certUri);
1286 if (ret != CM_SUCCESS) {
1287 CM_LOG_E("CmServiceUninstallUserCertCheck fail, ret = %d", ret);
1288 break;
1289 }
1290
1291 ret = CmUninstallUserCert(&cmContext, &certUri);
1292 if (ret != CM_SUCCESS) {
1293 CM_LOG_E("CertManagerUninstallUserCert fail, ret = %d", ret);
1294 break;
1295 }
1296 } while (0);
1297
1298 CmReport(__func__, &oriContext, &certUri, ret);
1299 CmSendResponse(context, ret, NULL);
1300 CmReportSGUninstallUserCert(&certUri, false, ret);
1301 CmFreeParamSet(¶mSet);
1302
1303 CM_LOG_I("leave: ret = %d", ret);
1304 }
1305
CmIpcServiceUninstallAllUserCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1306 void CmIpcServiceUninstallAllUserCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1307 const struct CmContext *context)
1308 {
1309 (void)outData;
1310 int32_t ret = CM_SUCCESS;
1311 struct CmContext cmContext = {0};
1312
1313 do {
1314 ret = CmGetProcessInfoForIPC(&cmContext);
1315 if (ret != CM_SUCCESS) {
1316 CM_LOG_E("CmGetProcessInfoForIPC fail, ret = %d", ret);
1317 break;
1318 }
1319
1320 if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) {
1321 CM_LOG_E("caller no permission");
1322 ret = CMR_ERROR_PERMISSION_DENIED;
1323 break;
1324 }
1325 if (!CmIsSystemApp()) {
1326 CM_LOG_E("uninstall all user cert: caller is not system app");
1327 ret = CMR_ERROR_NOT_SYSTEMP_APP;
1328 break;
1329 }
1330 ret = CmUninstallAllUserCert(&cmContext);
1331 if (ret != CM_SUCCESS) {
1332 CM_LOG_E("CertManagerUninstallAllUserCert fail, ret = %d", ret);
1333 break;
1334 }
1335 } while (0);
1336 CmReport(__func__, &cmContext, NULL, ret);
1337 CmSendResponse(context, ret, NULL);
1338 CmReportSGUninstallUserCert(NULL, true, ret);
1339
1340 CM_LOG_I("leave: ret = %d", ret);
1341 }
1342
1343