1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "security_manager_proxy.h"
17
18 #include "edm_constants.h"
19 #include "edm_log.h"
20 #include "func_code.h"
21
22 namespace OHOS {
23 namespace EDM {
24 std::shared_ptr<SecurityManagerProxy> SecurityManagerProxy::instance_ = nullptr;
25 std::once_flag SecurityManagerProxy::flag_;
26 const std::u16string DESCRIPTOR = u"ohos.edm.IEnterpriseDeviceMgr";
27
GetSecurityManagerProxy()28 std::shared_ptr<SecurityManagerProxy> SecurityManagerProxy::GetSecurityManagerProxy()
29 {
30 std::call_once(flag_, []() {
31 if (instance_ == nullptr) {
32 instance_ = std::make_shared<SecurityManagerProxy>();
33 }
34 });
35 return instance_;
36 }
37
GetSecurityPatchTag(MessageParcel & data,std::string & securityPatchTag)38 int32_t SecurityManagerProxy::GetSecurityPatchTag(MessageParcel &data, std::string &securityPatchTag)
39 {
40 EDMLOGD("SecurityManagerProxy::GetSecurityPatchTag");
41 MessageParcel reply;
42 EnterpriseDeviceMgrProxy::GetInstance()->GetPolicy(EdmInterfaceCode::GET_SECURITY_PATCH_TAG, data, reply);
43 int32_t ret = ERR_INVALID_VALUE;
44 bool blRes = reply.ReadInt32(ret) && (ret == ERR_OK);
45 if (!blRes) {
46 EDMLOGE("EnterpriseDeviceMgrProxy:GetPolicy fail. %{public}d", ret);
47 return ret;
48 }
49 reply.ReadString(securityPatchTag);
50 return ret;
51 }
52
GetSecurityPatchTag(const AppExecFwk::ElementName & admin,std::string & securityPatchTag)53 int32_t SecurityManagerProxy::GetSecurityPatchTag(const AppExecFwk::ElementName &admin, std::string &securityPatchTag)
54 {
55 EDMLOGD("SecurityManagerProxy::GetSecurityPatchTag");
56 MessageParcel data;
57 MessageParcel reply;
58 data.WriteInterfaceToken(DESCRIPTOR);
59 data.WriteInt32(WITHOUT_USERID);
60 data.WriteString(WITHOUT_PERMISSION_TAG);
61 data.WriteInt32(HAS_ADMIN);
62 data.WriteParcelable(&admin);
63 EnterpriseDeviceMgrProxy::GetInstance()->GetPolicy(EdmInterfaceCode::GET_SECURITY_PATCH_TAG, data, reply);
64 int32_t ret = ERR_INVALID_VALUE;
65 bool blRes = reply.ReadInt32(ret) && (ret == ERR_OK);
66 if (!blRes) {
67 EDMLOGE("EnterpriseDeviceMgrProxy:GetPolicy fail. %{public}d", ret);
68 return ret;
69 }
70 reply.ReadString(securityPatchTag);
71 return ret;
72 }
73
GetDeviceEncryptionStatus(const AppExecFwk::ElementName & admin,DeviceEncryptionStatus & deviceEncryptionStatus)74 int32_t SecurityManagerProxy::GetDeviceEncryptionStatus(const AppExecFwk::ElementName &admin,
75 DeviceEncryptionStatus &deviceEncryptionStatus)
76 {
77 EDMLOGD("SecurityManagerProxy::GetDeviceEncryptionStatus");
78 MessageParcel data;
79 MessageParcel reply;
80 data.WriteInterfaceToken(DESCRIPTOR);
81 data.WriteInt32(WITHOUT_USERID);
82 data.WriteString(WITHOUT_PERMISSION_TAG);
83 data.WriteInt32(HAS_ADMIN);
84 data.WriteParcelable(&admin);
85 EnterpriseDeviceMgrProxy::GetInstance()->GetPolicy(EdmInterfaceCode::GET_DEVICE_ENCRYPTION_STATUS, data, reply);
86 int32_t ret = ERR_INVALID_VALUE;
87 bool blRes = reply.ReadInt32(ret) && (ret == ERR_OK);
88 if (!blRes) {
89 EDMLOGW("EnterpriseDeviceMgrProxy:GetPolicy fail. %{public}d", ret);
90 return ret;
91 }
92 reply.ReadBool(deviceEncryptionStatus.isEncrypted);
93 return ERR_OK;
94 }
95
GetDeviceEncryptionStatus(MessageParcel & data,DeviceEncryptionStatus & deviceEncryptionStatus)96 int32_t SecurityManagerProxy::GetDeviceEncryptionStatus(MessageParcel &data,
97 DeviceEncryptionStatus &deviceEncryptionStatus)
98 {
99 EDMLOGD("SecurityManagerProxy::GetDeviceEncryptionStatus");
100 MessageParcel reply;
101 EnterpriseDeviceMgrProxy::GetInstance()->GetPolicy(EdmInterfaceCode::GET_DEVICE_ENCRYPTION_STATUS, data, reply);
102 int32_t ret = ERR_INVALID_VALUE;
103 bool blRes = reply.ReadInt32(ret) && (ret == ERR_OK);
104 if (!blRes) {
105 EDMLOGW("EnterpriseDeviceMgrProxy:GetPolicy fail. %{public}d", ret);
106 return ret;
107 }
108 reply.ReadBool(deviceEncryptionStatus.isEncrypted);
109 return ERR_OK;
110 }
111
SetPasswordPolicy(MessageParcel & data)112 int32_t SecurityManagerProxy::SetPasswordPolicy(MessageParcel &data)
113 {
114 EDMLOGD("SecurityManagerProxy::SetPasswordPolicy");
115 std::uint32_t funcCode =
116 POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::SET, EdmInterfaceCode::PASSWORD_POLICY);
117 return EnterpriseDeviceMgrProxy::GetInstance()->HandleDevicePolicy(funcCode, data);
118 }
119
GetPasswordPolicy(PasswordPolicy & policy)120 int32_t SecurityManagerProxy::GetPasswordPolicy(PasswordPolicy &policy)
121 {
122 EDMLOGD("SecurityManagerProxy::GetPasswordPolicy innerapi");
123 return GetPasswordPolicy(nullptr, policy);
124 }
125
GetPasswordPolicy(const AppExecFwk::ElementName & admin,PasswordPolicy & policy)126 int32_t SecurityManagerProxy::GetPasswordPolicy(const AppExecFwk::ElementName &admin, PasswordPolicy &policy)
127 {
128 EDMLOGD("SecurityManagerProxy::GetPasswordPolicy");
129 return GetPasswordPolicy(&admin, policy);
130 }
131
GetPasswordPolicy(const AppExecFwk::ElementName * admin,PasswordPolicy & policy)132 int32_t SecurityManagerProxy::GetPasswordPolicy(const AppExecFwk::ElementName *admin, PasswordPolicy &policy)
133 {
134 MessageParcel data;
135 MessageParcel reply;
136 data.WriteInterfaceToken(DESCRIPTOR);
137 data.WriteInt32(WITHOUT_USERID);
138 if (admin == nullptr) {
139 data.WriteString(EdmConstants::PERMISSION_TAG_SYSTEM_API);
140 data.WriteInt32(WITHOUT_ADMIN);
141 data.WriteInt32(WITHOUT_ADMIN);
142 } else {
143 data.WriteString(WITHOUT_PERMISSION_TAG);
144 data.WriteInt32(HAS_ADMIN);
145 data.WriteParcelable(admin);
146 data.WriteInt32(HAS_ADMIN);
147 }
148 EnterpriseDeviceMgrProxy::GetInstance()->GetPolicy(EdmInterfaceCode::PASSWORD_POLICY, data, reply);
149 int32_t ret = ERR_INVALID_VALUE;
150 reply.ReadInt32(ret);
151 if (ret != ERR_OK) {
152 EDMLOGW("EnterpriseDeviceMgrProxy:GetPolicy fail. %{public}d", ret);
153 return ret;
154 }
155 policy.complexityReg = reply.ReadString();
156 reply.ReadInt64(policy.validityPeriod);
157 policy.additionalDescription = reply.ReadString();
158 return ERR_OK;
159 }
160
GetRootCheckStatus(const AppExecFwk::ElementName & admin,std::string & info)161 int32_t SecurityManagerProxy::GetRootCheckStatus(const AppExecFwk::ElementName &admin, std::string &info)
162 {
163 EDMLOGD("SecurityManagerProxy::GetRootCheckStatus");
164 MessageParcel data;
165 MessageParcel reply;
166 data.WriteInterfaceToken(DESCRIPTOR);
167 data.WriteInt32(WITHOUT_USERID);
168 data.WriteString(WITHOUT_PERMISSION_TAG);
169 data.WriteInt32(HAS_ADMIN);
170 data.WriteParcelable(&admin);
171 std::uint32_t funcCode =
172 POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::GET, EdmInterfaceCode::POLICY_CODE_END + 8);
173 EnterpriseDeviceMgrProxy::GetInstance()->GetPolicy(funcCode, data, reply);
174 int32_t ret = ERR_INVALID_VALUE;
175 bool blRes = reply.ReadInt32(ret) && (ret == ERR_OK);
176 if (!blRes) {
177 EDMLOGW("EnterpriseDeviceMgrProxy:GetPolicy fail. %{public}d", ret);
178 return ret;
179 }
180 reply.ReadString(info);
181 return ERR_OK;
182 }
183
SetAppClipboardPolicy(MessageParcel & data)184 int32_t SecurityManagerProxy::SetAppClipboardPolicy(MessageParcel &data)
185 {
186 EDMLOGD("SecurityManagerProxy::SetAppClipboardPolicy");
187 std::uint32_t funcCode =
188 POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::SET, EdmInterfaceCode::CLIPBOARD_POLICY);
189 return EnterpriseDeviceMgrProxy::GetInstance()->HandleDevicePolicy(funcCode, data);
190 }
191
GetAppClipboardPolicy(MessageParcel & data,std::string & policy)192 int32_t SecurityManagerProxy::GetAppClipboardPolicy(MessageParcel &data, std::string &policy)
193 {
194 EDMLOGD("SecurityManagerProxy::GetAppClipboardPolicy");
195 MessageParcel reply;
196 EnterpriseDeviceMgrProxy::GetInstance()->GetPolicy(EdmInterfaceCode::CLIPBOARD_POLICY, data, reply);
197 int32_t ret = ERR_INVALID_VALUE;
198 reply.ReadInt32(ret);
199 if (ret != ERR_OK) {
200 EDMLOGW("EnterpriseDeviceMgrProxy:GetPolicy fail. %{public}d", ret);
201 return ret;
202 }
203 policy = reply.ReadString();
204 return ERR_OK;
205 }
206
SetWatermarkImage(const AppExecFwk::ElementName & admin,std::shared_ptr<WatermarkParam> param)207 int32_t SecurityManagerProxy::SetWatermarkImage(const AppExecFwk::ElementName &admin,
208 std::shared_ptr<WatermarkParam> param)
209 {
210 EDMLOGD("SecurityManagerProxy::SetWatermarkImage");
211 MessageParcel data;
212 std::uint32_t funcCode =
213 POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::SET, EdmInterfaceCode::WATERMARK_IMAGE);
214 data.WriteInterfaceToken(DESCRIPTOR);
215 data.WriteInt32(WITHOUT_USERID);
216 data.WriteParcelable(&admin);
217 data.WriteString(WITHOUT_PERMISSION_TAG);
218 data.WriteString(EdmConstants::SecurityManager::SET_SINGLE_WATERMARK_TYPE);
219 data.WriteString(param->bundleName);
220 data.WriteInt32(param->accountId);
221 data.WriteInt32(param->width);
222 data.WriteInt32(param->height);
223 data.WriteInt32(param->size);
224 data.WriteRawData(reinterpret_cast<const void*>(param->pixels), param->size);
225 return EnterpriseDeviceMgrProxy::GetInstance()->HandleDevicePolicy(funcCode, data);
226 }
227
CancelWatermarkImage(MessageParcel & data)228 int32_t SecurityManagerProxy::CancelWatermarkImage(MessageParcel &data)
229 {
230 EDMLOGD("SecurityManagerProxy::CancelWatermarkImage");
231 std::uint32_t funcCode =
232 POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::REMOVE, EdmInterfaceCode::WATERMARK_IMAGE);
233 return EnterpriseDeviceMgrProxy::GetInstance()->HandleDevicePolicy(funcCode, data);
234 }
235
InstallUserCertificate(const AppExecFwk::ElementName & admin,const CertBlobCA & certblobCA,std::string & result,std::string & innerCodeMsg)236 int32_t SecurityManagerProxy::InstallUserCertificate(const AppExecFwk::ElementName &admin,
237 const CertBlobCA &certblobCA, std::string &result, std::string &innerCodeMsg)
238 {
239 EDMLOGD("SecurityManagerProxy::InstallUserCertificate");
240 MessageParcel data;
241 MessageParcel reply;
242 std::uint32_t funcCode =
243 POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::SET, EdmInterfaceCode::INSTALL_CERTIFICATE);
244 data.WriteInterfaceToken(DESCRIPTOR);
245 data.WriteInt32(WITHOUT_USERID);
246 data.WriteParcelable(&admin);
247 data.WriteString(WITHOUT_PERMISSION_TAG);
248 data.WriteUInt8Vector(certblobCA.certArray);
249 data.WriteString(certblobCA.alias);
250 data.WriteInt32(certblobCA.accountId);
251 ErrCode ret = EnterpriseDeviceMgrProxy::GetInstance()->HandleDevicePolicy(funcCode, data, reply);
252 EDMLOGI("DeviceSettingsProxy::InstallUserCertificate : %{public}d.", ret);
253 if (ret == ERR_OK) {
254 result = reply.ReadString();
255 } else if (ret == EdmReturnErrCode::MANAGED_CERTIFICATE_FAILED) {
256 innerCodeMsg = reply.ReadString();
257 }
258 return ret;
259 }
260
GetUserCertificates(MessageParcel & data,std::vector<std::string> & uriList)261 int32_t SecurityManagerProxy::GetUserCertificates(MessageParcel &data, std::vector<std::string> &uriList)
262 {
263 EDMLOGD("SecurityManagerProxy::GetUserCertificates");
264 MessageParcel reply;
265 EnterpriseDeviceMgrProxy::GetInstance()->GetPolicy(EdmInterfaceCode::INSTALL_CERTIFICATE, data, reply);
266 int32_t ret = ERR_INVALID_VALUE;
267 reply.ReadInt32(ret);
268 if (ret == ERR_OK) {
269 reply.ReadStringVector(&uriList);
270 }
271 return ret;
272 }
273
SetPermissionManagedState(MessageParcel & data)274 int32_t SecurityManagerProxy::SetPermissionManagedState(MessageParcel &data)
275 {
276 EDMLOGD("SecurityManagerProxy::SetPermissionManagedState");
277 std::uint32_t funcCode =
278 POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::SET, EdmInterfaceCode::PERMISSION_MANAGED_STATE);
279 return EnterpriseDeviceMgrProxy::GetInstance()->HandleDevicePolicy(funcCode, data);
280 }
281
GetPermissionManagedState(MessageParcel & data,int32_t & policy)282 int32_t SecurityManagerProxy::GetPermissionManagedState(MessageParcel &data, int32_t &policy)
283 {
284 EDMLOGD("SecurityManagerProxy::GetPermissionManagedState");
285 MessageParcel reply;
286 EnterpriseDeviceMgrProxy::GetInstance()->GetPolicy(EdmInterfaceCode::PERMISSION_MANAGED_STATE, data, reply);
287 int32_t ret = ERR_INVALID_VALUE;
288 reply.ReadInt32(ret);
289 if (ret != ERR_OK) {
290 EDMLOGE("SecurityManagerProxy:GetPermissionManagedState fail. %{public}d", ret);
291 return ret;
292 }
293 policy = reply.ReadInt32();
294 return ERR_OK;
295 }
296 } // namespace EDM
297 } // namespace OHOS
298