1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "disallow_export_recovery_key_plugin.h"
17
18 #include <ipc_skeleton.h>
19 #include "bool_serializer.h"
20 #include "edm_constants.h"
21 #include "edm_errors.h"
22 #include "edm_ipc_interface_code.h"
23 #include "edm_log.h"
24 #include "iplugin_manager.h"
25 #include "os_account_manager.h"
26
27
28 namespace OHOS {
29 namespace EDM {
30 const bool REGISTER_RESULT = IPluginManager::GetInstance()->AddPlugin(
31 DisallowExportRecoveryKeyPlugin::GetPlugin());
32 const std::string CONSTRAINT_RECOVERY_KEY = "constraint.recoveryKey";
33
InitPlugin(std::shared_ptr<IPluginTemplate<DisallowExportRecoveryKeyPlugin,bool>> ptr)34 void DisallowExportRecoveryKeyPlugin::InitPlugin(
35 std::shared_ptr<IPluginTemplate<DisallowExportRecoveryKeyPlugin, bool>> ptr)
36 {
37 EDMLOGI("DisallowExportRecoveryKeyPlugin InitPlugin...");
38 ptr->InitAttribute(
39 EdmInterfaceCode::DISALLOWED_EXPORT_RECOVERY_KEY,
40 PolicyName::POLICY_DISALLOWED_EXPORT_RECOVERY_KEY,
41 EdmPermission::PERMISSION_ENTERPRISE_MANAGE_RESTRICTIONS,
42 IPlugin::PermissionType::SUPER_DEVICE_ADMIN,
43 true);
44 ptr->SetSerializer(BoolSerializer::GetInstance());
45 ptr->SetOnHandlePolicyListener(&DisallowExportRecoveryKeyPlugin::OnSetPolicy, FuncOperateType::SET);
46 ptr->SetOnAdminRemoveListener(&DisallowExportRecoveryKeyPlugin::OnAdminRemove);
47 }
48
OnSetPolicy(bool & data,bool & currentData,bool & mergeData,int32_t userId)49 ErrCode DisallowExportRecoveryKeyPlugin::OnSetPolicy(
50 bool &data, bool ¤tData, bool &mergeData, int32_t userId)
51 {
52 EDMLOGI("DisallowExportRecoveryKeyPlugin::OnSetPolicy, data: %{public}d, currentData: %{public}d, "
53 "mergeData: %{public}d", data, currentData, mergeData);
54 if (mergeData) {
55 currentData = data;
56 return ERR_OK;
57 }
58 ErrCode ret = SetExportRecoveryKeyPolicy(data, userId);
59 if (FAILED(ret)) {
60 EDMLOGE("DisallowExportRecoveryKeyPlugin::OnSetPolicy Failed, ret: %{public}d", ret);
61 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
62 }
63 currentData = data;
64 mergeData = data;
65 return ERR_OK;
66 }
67
OnAdminRemove(const std::string & adminName,bool & data,bool & mergeData,int32_t userId)68 ErrCode DisallowExportRecoveryKeyPlugin::OnAdminRemove(
69 const std::string &adminName, bool &data, bool &mergeData, int32_t userId)
70 {
71 EDMLOGI("DisallowExportRecoveryKeyPlugin::OnAdminRemove, adminName: %{public}s, data: %{public}d, "
72 "mergeData: %{public}d", adminName.c_str(), data, mergeData);
73 if (mergeData) {
74 return ERR_OK;
75 }
76 if (data) {
77 ErrCode ret = SetExportRecoveryKeyPolicy(false, userId);
78 if (FAILED(ret)) {
79 EDMLOGE("DisallowExportRecoveryKeyPlugin::OnAdminRemove Failed, ret: %{public}d", ret);
80 }
81 }
82 return ERR_OK;
83 }
84
SetExportRecoveryKeyPolicy(bool policy,int32_t userId)85 ErrCode DisallowExportRecoveryKeyPlugin::SetExportRecoveryKeyPolicy(bool policy, int32_t userId)
86 {
87 EDMLOGI("DisallowExportRecoveryKeyPlugin::SetExportRecoveryKeyPolicy, "
88 "policy: %{public}d", policy);
89 std::vector<std::string> constraints;
90 constraints.emplace_back(CONSTRAINT_RECOVERY_KEY);
91 ErrCode ret = AccountSA::OsAccountManager::SetSpecificOsAccountConstraints(
92 constraints, policy, userId, EdmConstants::DEFAULT_USER_ID, true);
93 EDMLOGI("DisallowExportRecoveryKeyPlugin SetSpecificOsAccountConstraints ret: %{public}d", ret);
94 return ret;
95 }
96 } // namespace EDM
97 } // namespace OHOS
98