1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "usb_read_only_plugin.h"
17
18 #include <algorithm>
19 #include "array_usb_device_type_serializer.h"
20 #include "int_serializer.h"
21 #include "edm_constants.h"
22 #include "edm_ipc_interface_code.h"
23 #include "edm_utils.h"
24 #include "iservice_registry.h"
25 #include "parameters.h"
26 #include "usb_policy_utils.h"
27 #include "usb_srv_client.h"
28 #include "volume_external.h"
29 #include "iplugin_manager.h"
30
31 namespace OHOS {
32 namespace EDM {
33 const bool REGISTER_RESULT = IPluginManager::GetInstance()->AddPlugin(std::make_shared<UsbReadOnlyPlugin>());
34 constexpr int32_t STORAGE_MANAGER_MANAGER_ID = 5003;
35 constexpr int32_t USB_DEVICE_TYPE_BASE_CLASS_STORAGE = 8;
36 const std::string PARAM_USB_READ_ONLY_KEY = "persist.filemanagement.usb.readonly";
37
UsbReadOnlyPlugin()38 UsbReadOnlyPlugin::UsbReadOnlyPlugin()
39 {
40 policyCode_ = EdmInterfaceCode::USB_READ_ONLY;
41 policyName_ = PolicyName::POLICY_USB_READ_ONLY;
42 permissionConfig_.typePermissions.emplace(IPlugin::PermissionType::SUPER_DEVICE_ADMIN,
43 EdmPermission::PERMISSION_ENTERPRISE_MANAGE_USB);
44 permissionConfig_.apiType = IPlugin::ApiType::PUBLIC;
45 needSave_ = true;
46 }
47
OnHandlePolicy(std::uint32_t funcCode,MessageParcel & data,MessageParcel & reply,HandlePolicyData & policyData,int32_t userId)48 ErrCode UsbReadOnlyPlugin::OnHandlePolicy(std::uint32_t funcCode, MessageParcel &data, MessageParcel &reply,
49 HandlePolicyData &policyData, int32_t userId)
50 {
51 uint32_t typeCode = FUNC_TO_OPERATE(funcCode);
52 FuncOperateType type = FuncCodeUtils::ConvertOperateType(typeCode);
53 if (type != FuncOperateType::SET) {
54 EDMLOGE("UsbReadOnlyPlugin OnHandlePolicy can not handle this operate type.");
55 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
56 }
57 int32_t currentPolicy = 0;
58 int32_t mergePolicy = 0;
59 if (!IntSerializer::GetInstance()->Deserialize(policyData.policyData, currentPolicy) ||
60 !IntSerializer::GetInstance()->Deserialize(policyData.mergePolicyData, mergePolicy)) {
61 EDMLOGE("UsbReadOnlyPlugin OnHandlePolicy deserialize current policy and merge policy failed.");
62 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
63 }
64 int32_t accessPolicy = data.ReadInt32();
65 EDMLOGI("UsbReadOnlyPlugin OnHandlePolicy: %{public}d", accessPolicy);
66 if (mergePolicy == 0 || mergePolicy < accessPolicy) {
67 ErrCode ret = SetUsbStorageAccessPolicy(accessPolicy, userId);
68 if (ret != ERR_OK) {
69 return ret;
70 }
71 policyData.mergePolicyData = std::to_string(accessPolicy);
72 }
73 policyData.isChanged = accessPolicy != currentPolicy;
74 policyData.policyData = std::to_string(accessPolicy);
75 return ERR_OK;
76 }
77
SetUsbStorageAccessPolicy(int32_t accessPolicy,int32_t userId)78 ErrCode UsbReadOnlyPlugin::SetUsbStorageAccessPolicy(int32_t accessPolicy, int32_t userId)
79 {
80 auto policyManager = IPolicyManager::GetInstance();
81 std::string allowUsbDevicePolicy;
82 policyManager->GetPolicy("", PolicyName::POLICY_ALLOWED_USB_DEVICES, allowUsbDevicePolicy);
83 bool hasConflict = false;
84 if (FAILED(HasConflictPolicy(accessPolicy, allowUsbDevicePolicy, hasConflict))) {
85 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
86 }
87 if (hasConflict) {
88 return EdmReturnErrCode::CONFIGURATION_CONFLICT_FAILED;
89 }
90 std::vector<USB::UsbDeviceType> usbDeviceTypes;
91 if (!GetDisallowedUsbDeviceTypes(usbDeviceTypes)) {
92 EDMLOGE("UsbReadOnlyPlugin SetUsbStorageAccessPolicy GetDisallowedUsbDeviceTypes failed");
93 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
94 }
95 if (accessPolicy == EdmConstants::STORAGE_USB_POLICY_DISABLED) {
96 return DealDisablePolicy(usbDeviceTypes);
97 }
98 return DealReadPolicy(accessPolicy, allowUsbDevicePolicy, usbDeviceTypes);
99 }
100
HasConflictPolicy(int32_t accessPolicy,const std::string & allowUsbDevice,bool & hasConflict)101 ErrCode UsbReadOnlyPlugin::HasConflictPolicy(int32_t accessPolicy, const std::string &allowUsbDevice,
102 bool &hasConflict)
103 {
104 if (accessPolicy == EdmConstants::STORAGE_USB_POLICY_DISABLED && !allowUsbDevice.empty()) {
105 EDMLOGE("UsbReadOnlyPlugin policy conflict! AllowedUsbDevice: %{public}s", allowUsbDevice.c_str());
106 hasConflict = true;
107 return ERR_OK;
108 }
109 bool isDisabled = false;
110 if (FAILED(IsStorageDisabledByDisallowedPolicy(isDisabled))) {
111 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
112 }
113 if (isDisabled &&
114 (accessPolicy == EdmConstants::STORAGE_USB_POLICY_READ_WRITE ||
115 accessPolicy == EdmConstants::STORAGE_USB_POLICY_READ_ONLY)) {
116 EDMLOGE("UsbReadOnlyPlugin policy conflict! Storage is disabled by disallowed policy.");
117 hasConflict = true;
118 return ERR_OK;
119 }
120 auto policyManager = IPolicyManager::GetInstance();
121 std::string disableUsb;
122 policyManager->GetPolicy("", PolicyName::POLICY_DISABLE_USB, disableUsb);
123 if (disableUsb == "true") {
124 EDMLOGE("UsbReadOnlyPlugin policy conflict! Usb is disabled.");
125 hasConflict = true;
126 return ERR_OK;
127 }
128 #ifdef FEATURE_PC_ONLY
129 bool isDisallowed = false;
130 if (FAILED(UsbPolicyUtils::IsUsbStorageDeviceWriteDisallowed(isDisallowed))) {
131 EDMLOGE("UsbReadOnlyPlugin HasConflictPolicy, IsUsbStorageDeviceWriteDisallowed failed");
132 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
133 }
134 if (isDisallowed) {
135 EDMLOGE("UsbReadOnlyPlugin policy conflict! usbStorageDeviceWrite is disabled");
136 hasConflict = true;
137 return ERR_OK;
138 }
139 #endif
140 return ERR_OK;
141 }
142
GetDisallowedUsbDeviceTypes(std::vector<USB::UsbDeviceType> & usbDeviceTypes)143 bool UsbReadOnlyPlugin::GetDisallowedUsbDeviceTypes(std::vector<USB::UsbDeviceType> &usbDeviceTypes)
144 {
145 auto policyManager = IPolicyManager::GetInstance();
146 std::string disallowUsbDevicePolicy;
147 policyManager->GetPolicy("", PolicyName::POLICY_DISALLOWED_USB_DEVICES, disallowUsbDevicePolicy);
148 if (!ArrayUsbDeviceTypeSerializer::GetInstance()->Deserialize(disallowUsbDevicePolicy, usbDeviceTypes)) {
149 EDMLOGI("UsbReadOnlyPlugin Deserialize failed");
150 return false;
151 }
152 EDMLOGI("UsbReadOnlyPlugin GetDisallowedUsbDeviceTypes: size: %{public}zu", usbDeviceTypes.size());
153 return true;
154 }
155
DealDisablePolicy(std::vector<USB::UsbDeviceType> usbDeviceTypes)156 ErrCode UsbReadOnlyPlugin::DealDisablePolicy(std::vector<USB::UsbDeviceType> usbDeviceTypes)
157 {
158 USB::UsbDeviceType storageType;
159 storageType.baseClass = USB_DEVICE_TYPE_BASE_CLASS_STORAGE;
160 storageType.subClass = USB_DEVICE_TYPE_BASE_CLASS_STORAGE;
161 storageType.protocol = USB_DEVICE_TYPE_BASE_CLASS_STORAGE;
162 storageType.isDeviceType = false;
163 std::vector<USB::UsbDeviceType> usbStorageTypes;
164 usbStorageTypes.emplace_back(storageType);
165 std::vector<USB::UsbDeviceType> disallowedUsbDeviceTypes =
166 ArrayUsbDeviceTypeSerializer::GetInstance()->SetUnionPolicyData(usbDeviceTypes, usbStorageTypes);
167 EDMLOGI("UsbReadOnlyPlugin OnHandlePolicy: ManageInterfaceType disallowed size: %{public}zu",
168 disallowedUsbDeviceTypes.size());
169 return UsbPolicyUtils::SetDisallowedUsbDevices(disallowedUsbDeviceTypes);
170 }
171
DealReadPolicy(int32_t accessPolicy,const std::string & allowUsbDevice,std::vector<USB::UsbDeviceType> usbDeviceTypes)172 ErrCode UsbReadOnlyPlugin::DealReadPolicy(int32_t accessPolicy, const std::string &allowUsbDevice,
173 std::vector<USB::UsbDeviceType> usbDeviceTypes)
174 {
175 std::string usbValue = (accessPolicy == EdmConstants::STORAGE_USB_POLICY_READ_ONLY) ? "true" : "false";
176 bool ret = OHOS::system::SetParameter(PARAM_USB_READ_ONLY_KEY, usbValue);
177 if (!ret) {
178 EDMLOGE("UsbReadOnlyPlugin OnHandlePolicy failed! readonly value: %{public}s", usbValue.c_str());
179 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
180 }
181
182 int32_t usbRet = ERR_OK;
183 if (allowUsbDevice.empty()) {
184 usbDeviceTypes.erase(std::remove_if(usbDeviceTypes.begin(), usbDeviceTypes.end(),
185 [&](const auto usbDeviceType) { return usbDeviceType.baseClass == USB_DEVICE_TYPE_BASE_CLASS_STORAGE; }),
186 usbDeviceTypes.end());
187 EDMLOGI("UsbReadOnlyPlugin OnHandlePolicy: ManageInterfaceType disallowed size: %{public}zu",
188 usbDeviceTypes.size());
189 usbRet = USB::UsbSrvClient::GetInstance().ManageInterfaceType(usbDeviceTypes, true);
190 }
191 EDMLOGI("UsbReadOnlyPlugin OnHandlePolicy sysParam: readonly value:%{public}s ret:%{public}d usbRet:%{public}d",
192 usbValue.c_str(), ret, usbRet);
193 if (usbRet == EdmConstants::USB_ERRCODE_INTERFACE_NO_INIT) {
194 EDMLOGW("UsbReadOnlyPlugin OnHandlePolicy: ManageInterfaceType failed! USB interface not init!");
195 }
196 if (usbRet != ERR_OK && usbRet != EdmConstants::USB_ERRCODE_INTERFACE_NO_INIT) {
197 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
198 }
199 std::string value = system::GetParameter(
200 EdmConstants::CONST_ENTERPRISE_EXTERNAL_STORAGE_DEVICE_MANAGE_ENABLE, "false");
201 if (value == "true") {
202 EDMLOGI("UsbReadOnlyPlugin OnHandlePolicy: not need execute ReloadUsbDevice");
203 return ERR_OK;
204 }
205 ErrCode reloadRet = ReloadUsbDevice();
206 if (reloadRet != ERR_OK) {
207 return reloadRet;
208 }
209 return ERR_OK;
210 }
211
GetStorageManager()212 OHOS::sptr<OHOS::StorageManager::IStorageManager> UsbReadOnlyPlugin::GetStorageManager()
213 {
214 auto saMgr = OHOS::SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
215 if (saMgr == nullptr) {
216 EDMLOGE("UsbReadOnlyPlugin GetStorageManager:get saMgr fail");
217 return nullptr;
218 }
219 sptr<IRemoteObject> obj = saMgr->GetSystemAbility(STORAGE_MANAGER_MANAGER_ID);
220 if (obj == nullptr) {
221 EDMLOGE("UsbReadOnlyPlugin GetStorageManager:get storage manager client fail");
222 return nullptr;
223 }
224 auto storageMgrProxy = iface_cast<OHOS::StorageManager::IStorageManager>(obj);
225 if (storageMgrProxy == nullptr) {
226 EDMLOGE("UsbReadOnlyPlugin GetStorageManager:get storageMgrProxy fail");
227 }
228 return storageMgrProxy;
229 }
230
ReloadUsbDevice()231 ErrCode UsbReadOnlyPlugin::ReloadUsbDevice()
232 {
233 auto storageMgrProxy = GetStorageManager();
234 if (storageMgrProxy == nullptr) {
235 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
236 }
237 std::vector<StorageManager::VolumeExternal> volList;
238 int32_t storageRet = storageMgrProxy->GetAllVolumes(volList);
239 if (storageRet != ERR_OK) {
240 EDMLOGE("UsbReadOnlyPlugin SetPolicy storageMgrProxy GetAllVolumes failed! ret:%{public}d", storageRet);
241 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
242 }
243 if (volList.empty()) {
244 return ERR_OK;
245 }
246 for (auto &vol : volList) {
247 if (storageMgrProxy->Unmount(vol.GetId()) != ERR_OK) {
248 EDMLOGE("UsbReadOnlyPlugin SetPolicy storageMgrProxy Unmount failed!");
249 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
250 }
251 if (storageMgrProxy->Mount(vol.GetId()) != ERR_OK) {
252 EDMLOGE("UsbReadOnlyPlugin SetPolicy storageMgrProxy Mount failed!");
253 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
254 }
255 }
256 return ERR_OK;
257 }
258
OnGetPolicy(std::string & policyData,MessageParcel & data,MessageParcel & reply,int32_t userId)259 ErrCode UsbReadOnlyPlugin::OnGetPolicy(std::string &policyData, MessageParcel &data, MessageParcel &reply,
260 int32_t userId)
261 {
262 return ERR_OK;
263 }
264
IsStorageDisabledByDisallowedPolicy(bool & isDisallowed)265 ErrCode UsbReadOnlyPlugin::IsStorageDisabledByDisallowedPolicy(bool &isDisallowed)
266 {
267 std::vector<USB::UsbDeviceType> usbDeviceTypes;
268 if (!GetDisallowedUsbDeviceTypes(usbDeviceTypes)) {
269 EDMLOGE("UsbReadOnlyPlugin IsStorageDisabledByDisallowedPolicy GetDisallowedUsbDeviceTypes failed");
270 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
271 }
272 isDisallowed = usbDeviceTypes.size() <= EdmConstants::DISALLOWED_USB_DEVICES_TYPES_MAX_SIZE &&
273 (std::find_if(usbDeviceTypes.begin(), usbDeviceTypes.end(), [&](USB::UsbDeviceType disallowedType) {
274 return disallowedType.baseClass == USB_DEVICE_TYPE_BASE_CLASS_STORAGE;
275 }) != usbDeviceTypes.end());
276 return ERR_OK;
277 }
278
OnAdminRemove(const std::string & adminName,const std::string & policyData,const std::string & mergeData,int32_t userId)279 ErrCode UsbReadOnlyPlugin::OnAdminRemove(const std::string &adminName, const std::string &policyData,
280 const std::string &mergeData, int32_t userId)
281 {
282 EDMLOGI("UsbReadOnlyPlugin OnAdminRemove adminName: %{public}s, value: %{public}s",
283 adminName.c_str(), policyData.c_str());
284 int32_t adminPolicy = 0;
285 int32_t mergePolicy = 0;
286 if (!IntSerializer::GetInstance()->Deserialize(policyData, adminPolicy) ||
287 !IntSerializer::GetInstance()->Deserialize(mergeData, mergePolicy)) {
288 EDMLOGE("UsbReadOnlyPlugin OnHandlePolicy deserialize admin policy and merge policy failed.");
289 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
290 }
291 if (adminPolicy > mergePolicy) {
292 std::vector<USB::UsbDeviceType> usbDeviceTypes;
293 if (!GetDisallowedUsbDeviceTypes(usbDeviceTypes)) {
294 EDMLOGE("UsbReadOnlyPlugin OnAdminRemove GetDisallowedUsbDeviceTypes failed.");
295 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
296 }
297 std::string allowUsbDevicePolicy;
298 IPolicyManager::GetInstance()->GetPolicy("", PolicyName::POLICY_ALLOWED_USB_DEVICES, allowUsbDevicePolicy);
299 return DealReadPolicy(mergePolicy, allowUsbDevicePolicy, usbDeviceTypes);
300 }
301 return ERR_OK;
302 }
303
GetOthersMergePolicyData(const std::string & adminName,int32_t userId,std::string & othersMergePolicyData)304 ErrCode UsbReadOnlyPlugin::GetOthersMergePolicyData(const std::string &adminName, int32_t userId,
305 std::string &othersMergePolicyData)
306 {
307 AdminValueItemsMap adminValues;
308 IPolicyManager::GetInstance()->GetAdminByPolicyName(GetPolicyName(), adminValues);
309 EDMLOGD("UsbReadOnlyPlugin::GetOthersMergePolicyData %{public}s value size %{public}d.", GetPolicyName().c_str(),
310 (uint32_t)adminValues.size());
311 if (adminValues.empty()) {
312 return ERR_OK;
313 }
314 auto entry = adminValues.find(adminName);
315 if (entry != adminValues.end()) {
316 adminValues.erase(entry);
317 }
318 if (adminValues.empty()) {
319 return ERR_OK;
320 }
321 int32_t result = 0;
322 for (const auto &item : adminValues) {
323 int32_t dataItem = 0;
324 if (!item.second.empty()) {
325 if (!IntSerializer::GetInstance()->Deserialize(item.second, dataItem)) {
326 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
327 }
328 if (dataItem > result) {
329 result = dataItem;
330 }
331 }
332 }
333 if (!IntSerializer::GetInstance()->Serialize(result, othersMergePolicyData)) {
334 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
335 }
336 return ERR_OK;
337 }
338 } // namespace EDM
339 } // namespace OHOS
340