1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <sys/resource.h>
17 #include <sys/syscall.h>
18
19 #include "utils/storage_radar.h"
20 #include <singleton.h>
21 #ifdef STORAGE_STATISTICS_MANAGER
22 #include <storage/storage_monitor_service.h>
23 #include <storage/storage_status_service.h>
24 #include <storage/storage_total_status_service.h>
25 #include <storage/volume_storage_status_service.h>
26 #endif
27
28 #ifdef USER_CRYPTO_MANAGER
29 #include "account_subscriber/account_subscriber.h"
30 #include "appspawn.h"
31 #include "crypto/filesystem_crypto.h"
32 #include "utils/storage_radar.h"
33 #endif
34 #ifdef EXTERNAL_STORAGE_MANAGER
35 #include "disk/disk_manager_service.h"
36 #include "volume/volume_manager_service.h"
37 #endif
38 #include "ipc/storage_manager_provider.h"
39 #include "storage_daemon_communication/storage_daemon_communication.h"
40 #include "storage_service_constant.h"
41 #include "storage_service_errno.h"
42 #include "storage_service_log.h"
43 #include "system_ability_definition.h"
44 #include "user/multi_user_manager_service.h"
45 #include "utils/storage_utils.h"
46
47 #include "accesstoken_kit.h"
48 #include "ipc_skeleton.h"
49 #include "storage/bundle_manager_connector.h"
50
51 using namespace OHOS::StorageService;
52 namespace OHOS {
53 namespace StorageManager {
54 REGISTER_SYSTEM_ABILITY_BY_ID(StorageManagerProvider, STORAGE_MANAGER_MANAGER_ID, true);
55
56 constexpr pid_t ACCOUNT_UID = 3058;
57 constexpr pid_t BACKUP_SA_UID = 1089;
58 constexpr pid_t FOUNDATION_UID = 5523;
59 constexpr pid_t DFS_UID = 1009;
60 const std::string MEDIALIBRARY_BUNDLE_NAME = "com.ohos.medialibrary.medialibrarydata";
61 const std::string SCENEBOARD_BUNDLE_NAME = "com.ohos.sceneboard";
62 const std::string SYSTEMUI_BUNDLE_NAME = "com.ohos.systemui";
63 const std::string PERMISSION_STORAGE_MANAGER_CRYPT = "ohos.permission.STORAGE_MANAGER_CRYPT";
64 const std::string PERMISSION_STORAGE_MANAGER = "ohos.permission.STORAGE_MANAGER";
65 const std::string PERMISSION_MOUNT_MANAGER = "ohos.permission.MOUNT_UNMOUNT_MANAGER";
66 const std::string PERMISSION_FORMAT_MANAGER = "ohos.permission.MOUNT_FORMAT_MANAGER";
67 const std::string PROCESS_NAME_FOUNDATION = "foundation";
68
CheckClientPermission(const std::string & permissionStr)69 bool CheckClientPermission(const std::string &permissionStr)
70 {
71 Security::AccessToken::AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
72 auto uid = IPCSkeleton::GetCallingUid();
73 auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenCaller);
74 int res;
75 if (tokenType == Security::AccessToken::TOKEN_NATIVE && uid == ACCOUNT_UID) {
76 res = Security::AccessToken::PermissionState::PERMISSION_GRANTED;
77 } else {
78 res = Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenCaller, permissionStr);
79 }
80
81 if (res == Security::AccessToken::PermissionState::PERMISSION_GRANTED) {
82 LOGD("StorageMangaer permissionCheck pass!");
83 return true;
84 }
85 LOGE("StorageManager permissionCheck error, need %{public}s", permissionStr.c_str());
86 return false;
87 }
88
CheckClientPermissionForCrypt(const std::string & permissionStr)89 bool CheckClientPermissionForCrypt(const std::string &permissionStr)
90 {
91 Security::AccessToken::AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
92 int res = Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenCaller, permissionStr);
93 if (res == Security::AccessToken::PermissionState::PERMISSION_GRANTED) {
94 LOGD("StorageMangaer permissionCheck pass!");
95 return true;
96 }
97 LOGE("StorageManager permissionCheck error, need %{public}s", permissionStr.c_str());
98 return false;
99 }
100
CheckClientPermissionForShareFile()101 bool CheckClientPermissionForShareFile()
102 {
103 Security::AccessToken::AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
104 Security::AccessToken::NativeTokenInfo nativeInfo;
105 Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(tokenCaller, nativeInfo);
106
107 auto uid = IPCSkeleton::GetCallingUid();
108 if (nativeInfo.processName != PROCESS_NAME_FOUNDATION || uid != FOUNDATION_UID) {
109 LOGE("CheckClientPermissionForShareFile error, processName is %{public}s, uid is %{public}d",
110 nativeInfo.processName.c_str(), uid);
111 return false;
112 }
113
114 return true;
115 }
116
OnStart()117 void StorageManagerProvider::OnStart()
118 {
119 LOGI("StorageManager::OnStart Begin");
120 bool res = SystemAbility::Publish(this);
121 AddSystemAbilityListener(COMMON_EVENT_SERVICE_ID);
122 (void)SetPriority();
123 #ifdef STORAGE_STATISTICS_MANAGER
124 StorageMonitorService::GetInstance().StartStorageMonitorTask();
125 #endif
126 LOGI("StorageManager::OnStart End, res = %{public}d", res);
127 }
128
OnStop()129 void StorageManagerProvider::OnStop()
130 {
131 LOGI("StorageManager::OnStop Done");
132 }
133
OnAddSystemAbility(int32_t systemAbilityId,const std::string & deviceId)134 void StorageManagerProvider::OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId)
135 {
136 (void)systemAbilityId;
137 (void)deviceId;
138 #ifdef USER_CRYPTO_MANAGER
139 AccountSubscriber::Subscriber();
140 #endif
141 }
142
ResetUserEventRecord(int32_t userId)143 void StorageManagerProvider::ResetUserEventRecord(int32_t userId)
144 {
145 #ifdef USER_CRYPTO_MANAGER
146 AccountSubscriber::ResetUserEventRecord(userId);
147 #endif
148 }
149
SetPriority()150 void StorageManagerProvider::SetPriority()
151 {
152 int tid = syscall(SYS_gettid);
153 if (setpriority(PRIO_PROCESS, tid, PRIORITY_LEVEL) != 0) {
154 LOGE("failed to set priority");
155 }
156 LOGW("set storage_manager priority: %{public}d", tid);
157 }
158
PrepareAddUser(int32_t userId,uint32_t flags)159 int32_t StorageManagerProvider::PrepareAddUser(int32_t userId, uint32_t flags)
160 {
161 if (!CheckClientPermissionForCrypt(PERMISSION_STORAGE_MANAGER_CRYPT) &&
162 IPCSkeleton::GetCallingUid() != ACCOUNT_UID) {
163 return E_PERMISSION_DENIED;
164 }
165 return StorageManager::GetInstance().PrepareAddUser(userId, flags);
166 }
167
RemoveUser(int32_t userId,uint32_t flags)168 int32_t StorageManagerProvider::RemoveUser(int32_t userId, uint32_t flags)
169 {
170 if (!CheckClientPermissionForCrypt(PERMISSION_STORAGE_MANAGER_CRYPT) &&
171 IPCSkeleton::GetCallingUid() != ACCOUNT_UID) {
172 return E_PERMISSION_DENIED;
173 }
174 return StorageManager::GetInstance().RemoveUser(userId, flags);
175 }
176
PrepareStartUser(int32_t userId)177 int32_t StorageManagerProvider::PrepareStartUser(int32_t userId)
178 {
179 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
180 return E_PERMISSION_DENIED;
181 }
182 return StorageManager::GetInstance().PrepareStartUser(userId);
183 }
184
StopUser(int32_t userId)185 int32_t StorageManagerProvider::StopUser(int32_t userId)
186 {
187 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
188 return E_PERMISSION_DENIED;
189 }
190 return StorageManager::GetInstance().StopUser(userId);
191 }
192
CompleteAddUser(int32_t userId)193 int32_t StorageManagerProvider::CompleteAddUser(int32_t userId)
194 {
195 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
196 return E_PERMISSION_DENIED;
197 }
198 return StorageManager::GetInstance().CompleteAddUser(userId);
199 }
200
GetFreeSizeOfVolume(const std::string & volumeUuid,int64_t & freeSize)201 int32_t StorageManagerProvider::GetFreeSizeOfVolume(const std::string &volumeUuid, int64_t &freeSize)
202 {
203 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
204 return E_PERMISSION_DENIED;
205 }
206 return StorageManager::GetInstance().GetFreeSizeOfVolume(volumeUuid, freeSize);
207 }
208
GetTotalSizeOfVolume(const std::string & volumeUuid,int64_t & totalSize)209 int32_t StorageManagerProvider::GetTotalSizeOfVolume(const std::string &volumeUuid, int64_t &totalSize)
210 {
211 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
212 return E_PERMISSION_DENIED;
213 }
214 return StorageManager::GetInstance().GetTotalSizeOfVolume(volumeUuid, totalSize);
215 }
216
GetBundleStats(const std::string & pkgName,BundleStats & bundleStats,int32_t appIndex,uint32_t statFlag)217 int32_t StorageManagerProvider::GetBundleStats(const std::string &pkgName,
218 BundleStats &bundleStats,
219 int32_t appIndex,
220 uint32_t statFlag)
221 {
222 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
223 return E_PERMISSION_DENIED;
224 }
225 return StorageManager::GetInstance().GetBundleStats(pkgName, bundleStats, appIndex, statFlag);
226 }
227
GetSystemSize(int64_t & systemSize)228 int32_t StorageManagerProvider::GetSystemSize(int64_t &systemSize)
229 {
230 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
231 return E_PERMISSION_DENIED;
232 }
233 return StorageManager::GetInstance().GetSystemSize(systemSize);
234 }
235
GetTotalSize(int64_t & totalSize)236 int32_t StorageManagerProvider::GetTotalSize(int64_t &totalSize)
237 {
238 return StorageManager::GetInstance().GetTotalSize(totalSize);
239 }
240
GetFreeSize(int64_t & freeSize)241 int32_t StorageManagerProvider::GetFreeSize(int64_t &freeSize)
242 {
243 return StorageManager::GetInstance().GetFreeSize(freeSize);
244 }
245
GetUserStorageStats(StorageStats & storageStats)246 int32_t StorageManagerProvider::GetUserStorageStats(StorageStats &storageStats)
247 {
248 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
249 return E_PERMISSION_DENIED;
250 }
251 return StorageManager::GetInstance().GetUserStorageStats(storageStats);
252 }
253
GetUserStorageStats(int32_t userId,StorageStats & storageStats)254 int32_t StorageManagerProvider::GetUserStorageStats(int32_t userId, StorageStats &storageStats)
255 {
256 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
257 return E_PERMISSION_DENIED;
258 }
259 return StorageManager::GetInstance().GetUserStorageStats(userId, storageStats);
260 }
261
GetCurrentBundleStats(BundleStats & bundleStats,uint32_t statFlag)262 int32_t StorageManagerProvider::GetCurrentBundleStats(BundleStats &bundleStats, uint32_t statFlag)
263 {
264 return StorageManager::GetInstance().GetCurrentBundleStats(bundleStats, statFlag);
265 }
266
NotifyVolumeCreated(const VolumeCore & vc)267 int32_t StorageManagerProvider::NotifyVolumeCreated(const VolumeCore &vc)
268 {
269 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
270 return E_PERMISSION_DENIED;
271 }
272 return StorageManager::GetInstance().NotifyVolumeCreated(vc);
273 }
274
NotifyVolumeMounted(const std::string & volumeId,const std::string & fsTypeStr,const std::string & fsUuid,const std::string & path,const std::string & description)275 int32_t StorageManagerProvider::NotifyVolumeMounted(const std::string &volumeId,
276 const std::string &fsTypeStr,
277 const std::string &fsUuid,
278 const std::string &path,
279 const std::string &description)
280 {
281 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
282 return E_PERMISSION_DENIED;
283 }
284 return StorageManager::GetInstance().NotifyVolumeMounted(volumeId, fsTypeStr, fsUuid, path, description);
285 }
286
NotifyVolumeDamaged(const std::string & volumeId,const std::string & fsTypeStr,const std::string & fsUuid,const std::string & path,const std::string & description)287 int32_t StorageManagerProvider::NotifyVolumeDamaged(const std::string &volumeId,
288 const std::string &fsTypeStr,
289 const std::string &fsUuid,
290 const std::string &path,
291 const std::string &description)
292 {
293 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
294 return E_PERMISSION_DENIED;
295 }
296 return StorageManager::GetInstance().NotifyVolumeDamaged(volumeId, fsTypeStr, fsUuid, path, description);
297 }
298
NotifyVolumeStateChanged(const std::string & volumeId,uint32_t state)299 int32_t StorageManagerProvider::NotifyVolumeStateChanged(const std::string &volumeId, uint32_t state)
300 {
301 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
302 return E_PERMISSION_DENIED;
303 }
304 return StorageManager::GetInstance().NotifyVolumeStateChanged(volumeId, state);
305 }
306
Mount(const std::string & volumeId)307 int32_t StorageManagerProvider::Mount(const std::string &volumeId)
308 {
309 if (!CheckClientPermission(PERMISSION_MOUNT_MANAGER)) {
310 return E_PERMISSION_DENIED;
311 }
312 return StorageManager::GetInstance().Mount(volumeId);
313 }
314
Unmount(const std::string & volumeId)315 int32_t StorageManagerProvider::Unmount(const std::string &volumeId)
316 {
317 if (!CheckClientPermission(PERMISSION_MOUNT_MANAGER)) {
318 return E_PERMISSION_DENIED;
319 }
320 return StorageManager::GetInstance().Unmount(volumeId);
321 }
322
TryToFix(const std::string & volumeId)323 int32_t StorageManagerProvider::TryToFix(const std::string &volumeId)
324 {
325 if (!CheckClientPermission(PERMISSION_MOUNT_MANAGER)) {
326 return E_PERMISSION_DENIED;
327 }
328 return StorageManager::GetInstance().TryToFix(volumeId);
329 }
330
GetAllVolumes(std::vector<VolumeExternal> & vecOfVol)331 int32_t StorageManagerProvider::GetAllVolumes(std::vector<VolumeExternal> &vecOfVol)
332 {
333 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
334 return E_PERMISSION_DENIED;
335 }
336 return StorageManager::GetInstance().GetAllVolumes(vecOfVol);
337 }
338
NotifyDiskCreated(const Disk & disk)339 int32_t StorageManagerProvider::NotifyDiskCreated(const Disk &disk)
340 {
341 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
342 return E_PERMISSION_DENIED;
343 }
344 return StorageManager::GetInstance().NotifyDiskCreated(disk);
345 }
346
NotifyDiskDestroyed(const std::string & diskId)347 int32_t StorageManagerProvider::NotifyDiskDestroyed(const std::string &diskId)
348 {
349 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
350 return E_PERMISSION_DENIED;
351 }
352 return StorageManager::GetInstance().NotifyDiskDestroyed(diskId);
353 }
354
Partition(const std::string & diskId,int32_t type)355 int32_t StorageManagerProvider::Partition(const std::string &diskId, int32_t type)
356 {
357 if (!CheckClientPermission(PERMISSION_FORMAT_MANAGER)) {
358 return E_PERMISSION_DENIED;
359 }
360 return StorageManager::GetInstance().Partition(diskId, type);
361 }
362
GetAllDisks(std::vector<Disk> & vecOfDisk)363 int32_t StorageManagerProvider::GetAllDisks(std::vector<Disk> &vecOfDisk)
364 {
365 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
366 return E_PERMISSION_DENIED;
367 }
368 return StorageManager::GetInstance().GetAllDisks(vecOfDisk);
369 }
370
GetVolumeByUuid(const std::string & fsUuid,VolumeExternal & vc)371 int32_t StorageManagerProvider::GetVolumeByUuid(const std::string &fsUuid, VolumeExternal &vc)
372 {
373 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
374 return E_PERMISSION_DENIED;
375 }
376 return StorageManager::GetInstance().GetVolumeByUuid(fsUuid, vc);
377 }
378
GetVolumeById(const std::string & volumeId,VolumeExternal & vc)379 int32_t StorageManagerProvider::GetVolumeById(const std::string &volumeId, VolumeExternal &vc)
380 {
381 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
382 return E_PERMISSION_DENIED;
383 }
384 return StorageManager::GetInstance().GetVolumeById(volumeId, vc);
385 }
386
SetVolumeDescription(const std::string & fsUuid,const std::string & description)387 int32_t StorageManagerProvider::SetVolumeDescription(const std::string &fsUuid, const std::string &description)
388 {
389 if (!CheckClientPermission(PERMISSION_MOUNT_MANAGER)) {
390 return E_PERMISSION_DENIED;
391 }
392 return StorageManager::GetInstance().SetVolumeDescription(fsUuid, description);
393 }
394
Format(const std::string & volumeId,const std::string & fsType)395 int32_t StorageManagerProvider::Format(const std::string &volumeId, const std::string &fsType)
396 {
397 if (!CheckClientPermission(PERMISSION_FORMAT_MANAGER)) {
398 return E_PERMISSION_DENIED;
399 }
400 return StorageManager::GetInstance().Format(volumeId, fsType);
401 }
402
GetDiskById(const std::string & diskId,Disk & disk)403 int32_t StorageManagerProvider::GetDiskById(const std::string &diskId, Disk &disk)
404 {
405 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
406 return E_PERMISSION_DENIED;
407 }
408 return StorageManager::GetInstance().GetDiskById(diskId, disk);
409 }
410
GenerateUserKeys(uint32_t userId,uint32_t flags)411 int32_t StorageManagerProvider::GenerateUserKeys(uint32_t userId, uint32_t flags)
412 {
413 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
414 return E_PERMISSION_DENIED;
415 }
416 return StorageManager::GetInstance().GenerateUserKeys(userId, flags);
417 }
418
QueryUsbIsInUse(const std::string & diskPath,bool & isInUse)419 int32_t StorageManagerProvider::QueryUsbIsInUse(const std::string &diskPath, bool &isInUse)
420 {
421 if (!CheckClientPermission(PERMISSION_MOUNT_MANAGER)) {
422 return E_PERMISSION_DENIED;
423 }
424
425 if (IsFilePathInvalid(diskPath)) {
426 return E_PARAMS_INVALID;
427 }
428 isInUse = true;
429 return StorageManager::GetInstance().QueryUsbIsInUse(diskPath, isInUse);
430 }
431
DeleteUserKeys(uint32_t userId)432 int32_t StorageManagerProvider::DeleteUserKeys(uint32_t userId)
433 {
434 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
435 return E_PERMISSION_DENIED;
436 }
437 return StorageManager::GetInstance().DeleteUserKeys(userId);
438 }
439
UpdateUserAuth(uint32_t userId,uint64_t secureUid,const std::vector<uint8_t> & token,const std::vector<uint8_t> & oldSecret,const std::vector<uint8_t> & newSecret)440 int32_t StorageManagerProvider::UpdateUserAuth(uint32_t userId,
441 uint64_t secureUid,
442 const std::vector<uint8_t> &token,
443 const std::vector<uint8_t> &oldSecret,
444 const std::vector<uint8_t> &newSecret)
445 {
446 if (!CheckClientPermissionForCrypt(PERMISSION_STORAGE_MANAGER_CRYPT)) {
447 return E_PERMISSION_DENIED;
448 }
449 return StorageManager::GetInstance().UpdateUserAuth(userId, secureUid, token, oldSecret, newSecret);
450 }
451
UpdateUseAuthWithRecoveryKey(const std::vector<uint8_t> & authToken,const std::vector<uint8_t> & newSecret,uint64_t secureUid,uint32_t userId,const std::vector<std::vector<uint8_t>> & plainText)452 int32_t StorageManagerProvider::UpdateUseAuthWithRecoveryKey(const std::vector<uint8_t> &authToken,
453 const std::vector<uint8_t> &newSecret,
454 uint64_t secureUid,
455 uint32_t userId,
456 const std::vector<std::vector<uint8_t>> &plainText)
457 {
458 if (!CheckClientPermissionForCrypt(PERMISSION_STORAGE_MANAGER_CRYPT)) {
459 return E_PERMISSION_DENIED;
460 }
461 return StorageManager::GetInstance().UpdateUseAuthWithRecoveryKey(authToken, newSecret, secureUid,
462 userId, plainText);
463 }
464
ActiveUserKey(uint32_t userId,const std::vector<uint8_t> & token,const std::vector<uint8_t> & secret)465 int32_t StorageManagerProvider::ActiveUserKey(uint32_t userId,
466 const std::vector<uint8_t> &token,
467 const std::vector<uint8_t> &secret)
468 {
469 if (!CheckClientPermissionForCrypt(PERMISSION_STORAGE_MANAGER_CRYPT) &&
470 IPCSkeleton::GetCallingUid() != ACCOUNT_UID) {
471 return E_PERMISSION_DENIED;
472 }
473 return StorageManager::GetInstance().ActiveUserKey(userId, token, secret);
474 }
475
InactiveUserKey(uint32_t userId)476 int32_t StorageManagerProvider::InactiveUserKey(uint32_t userId)
477 {
478 if (!CheckClientPermissionForCrypt(PERMISSION_STORAGE_MANAGER_CRYPT)) {
479 return E_PERMISSION_DENIED;
480 }
481 return StorageManager::GetInstance().InactiveUserKey(userId);
482 }
483
LockUserScreen(uint32_t userId)484 int32_t StorageManagerProvider::LockUserScreen(uint32_t userId)
485 {
486 std::string bundleName;
487 int32_t uid = IPCSkeleton::GetCallingUid();
488 auto bundleMgr = BundleMgrConnector::GetInstance().GetBundleMgrProxy();
489 if (bundleMgr == nullptr) {
490 LOGE("Connect bundle manager sa proxy failed.");
491 return E_SERVICE_IS_NULLPTR;
492 }
493 if (!bundleMgr->GetBundleNameForUid(uid, bundleName)) {
494 LOGE("Invoke bundleMgr interface to get bundle name failed.");
495 StorageService::StorageRadar::ReportBundleMgrResult(
496 "StorageManagerStub::HandleLockUserScreen", E_BUNDLEMGR_ERROR, userId, "pkgName=" + SCENEBOARD_BUNDLE_NAME);
497 return E_BUNDLEMGR_ERROR;
498 }
499
500 if (bundleName != SCENEBOARD_BUNDLE_NAME && bundleName != SYSTEMUI_BUNDLE_NAME) {
501 LOGE("permissionCheck error, caller is %{public}s(%{public}d), should be %{public}s", bundleName.c_str(), uid,
502 SCENEBOARD_BUNDLE_NAME.c_str());
503 return E_PERMISSION_DENIED;
504 }
505 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER_CRYPT)) {
506 return E_PERMISSION_DENIED;
507 }
508 return StorageManager::GetInstance().LockUserScreen(userId);
509 }
510
IsFilePathInvalid(const std::string & filePath)511 bool StorageManagerProvider::IsFilePathInvalid(const std::string &filePath)
512 {
513 size_t pos = filePath.find(PATH_INVALID_FLAG1);
514 while (pos != std::string::npos) {
515 if (pos == 0 || filePath[pos - 1] == FILE_SEPARATOR_CHAR) {
516 LOGE("Relative path is not allowed, path contain ../");
517 return true;
518 }
519 pos = filePath.find(PATH_INVALID_FLAG1, pos + PATH_INVALID_FLAG_LEN);
520 }
521 pos = filePath.rfind(PATH_INVALID_FLAG2);
522 if ((pos != std::string::npos) && (filePath.size() - pos == PATH_INVALID_FLAG_LEN)) {
523 LOGE("Relative path is not allowed, path tail is /..");
524 return true;
525 }
526 return false;
527 }
GetFileEncryptStatus(uint32_t userId,bool & isEncrypted,bool needCheckDirMount)528 int32_t StorageManagerProvider::GetFileEncryptStatus(uint32_t userId, bool &isEncrypted, bool needCheckDirMount)
529 {
530 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
531 return E_PERMISSION_DENIED;
532 }
533 isEncrypted = true;
534 return StorageManager::GetInstance().GetFileEncryptStatus(userId, isEncrypted, needCheckDirMount);
535 }
536
GetUserNeedActiveStatus(uint32_t userId,bool & needActive)537 int32_t StorageManagerProvider::GetUserNeedActiveStatus(uint32_t userId, bool &needActive)
538 {
539 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
540 return E_PERMISSION_DENIED;
541 }
542 needActive = false;
543 return StorageManager::GetInstance().GetUserNeedActiveStatus(userId, needActive);
544 }
545
UnlockUserScreen(uint32_t userId,const std::vector<uint8_t> & token,const std::vector<uint8_t> & secret)546 int32_t StorageManagerProvider::UnlockUserScreen(uint32_t userId,
547 const std::vector<uint8_t> &token,
548 const std::vector<uint8_t> &secret)
549 {
550 if (!CheckClientPermissionForCrypt(PERMISSION_STORAGE_MANAGER_CRYPT)) {
551 return E_PERMISSION_DENIED;
552 }
553 return StorageManager::GetInstance().UnlockUserScreen(userId, token, secret);
554 }
555
GetLockScreenStatus(uint32_t userId,bool & lockScreenStatus)556 int32_t StorageManagerProvider::GetLockScreenStatus(uint32_t userId, bool &lockScreenStatus)
557 {
558 if (!CheckClientPermissionForCrypt(PERMISSION_STORAGE_MANAGER)) {
559 return E_PERMISSION_DENIED;
560 }
561 lockScreenStatus = false;
562 return StorageManager::GetInstance().GetLockScreenStatus(userId, lockScreenStatus);
563 }
564
GenerateAppkey(uint32_t hashId,uint32_t userId,std::string & keyId,bool needReSet)565 int32_t StorageManagerProvider::GenerateAppkey(uint32_t hashId, uint32_t userId, std::string &keyId, bool needReSet)
566 {
567 if (!CheckClientPermissionForCrypt(PERMISSION_STORAGE_MANAGER_CRYPT)) {
568 return E_PERMISSION_DENIED;
569 }
570 return StorageManager::GetInstance().GenerateAppkey(hashId, userId, keyId, needReSet);
571 }
572
DeleteAppkey(const std::string & keyId)573 int32_t StorageManagerProvider::DeleteAppkey(const std::string &keyId)
574 {
575 if (!CheckClientPermissionForCrypt(PERMISSION_STORAGE_MANAGER_CRYPT)) {
576 return E_PERMISSION_DENIED;
577 }
578 return StorageManager::GetInstance().DeleteAppkey(keyId);
579 }
580
CreateRecoverKey(uint32_t userId,uint32_t userType,const std::vector<uint8_t> & token,const std::vector<uint8_t> & secret)581 int32_t StorageManagerProvider::CreateRecoverKey(uint32_t userId,
582 uint32_t userType,
583 const std::vector<uint8_t> &token,
584 const std::vector<uint8_t> &secret)
585 {
586 if (!CheckClientPermissionForCrypt(PERMISSION_STORAGE_MANAGER_CRYPT)) {
587 return E_PERMISSION_DENIED;
588 }
589 return StorageManager::GetInstance().CreateRecoverKey(userId, userType, token, secret);
590 }
591
SetRecoverKey(const std::vector<uint8_t> & key)592 int32_t StorageManagerProvider::SetRecoverKey(const std::vector<uint8_t> &key)
593 {
594 if (!CheckClientPermissionForCrypt(PERMISSION_STORAGE_MANAGER_CRYPT)) {
595 return E_PERMISSION_DENIED;
596 }
597 return StorageManager::GetInstance().SetRecoverKey(key);
598 }
599
UpdateKeyContext(uint32_t userId,bool needRemoveTmpKey)600 int32_t StorageManagerProvider::UpdateKeyContext(uint32_t userId, bool needRemoveTmpKey)
601 {
602 if (!CheckClientPermissionForCrypt(PERMISSION_STORAGE_MANAGER_CRYPT)) {
603 return E_PERMISSION_DENIED;
604 }
605 return StorageManager::GetInstance().UpdateKeyContext(userId, needRemoveTmpKey);
606 }
607
CreateShareFile(const StorageFileRawData & rawData,uint32_t tokenId,uint32_t flag,std::vector<int32_t> & funcResult)608 int32_t StorageManagerProvider::CreateShareFile(const StorageFileRawData &rawData,
609 uint32_t tokenId,
610 uint32_t flag,
611 std::vector<int32_t> &funcResult)
612 {
613 if (!CheckClientPermissionForShareFile()) {
614 return E_PERMISSION_DENIED;
615 }
616
617 funcResult = StorageManager::GetInstance().CreateShareFile(rawData, tokenId, flag);
618 LOGI("StorageManagerProvider::CreateShareFile end. result is %{public}zu", funcResult.size());
619 return E_OK;
620 }
621
DeleteShareFile(uint32_t tokenId,const StorageFileRawData & rawData)622 int32_t StorageManagerProvider::DeleteShareFile(uint32_t tokenId, const StorageFileRawData &rawData)
623 {
624 if (!CheckClientPermissionForShareFile()) {
625 return E_PERMISSION_DENIED;
626 }
627 return StorageManager::GetInstance().DeleteShareFile(tokenId, rawData);
628 }
629
SetBundleQuota(const std::string & bundleName,int32_t uid,const std::string & bundleDataDirPath,int32_t limitSizeMb)630 int32_t StorageManagerProvider::SetBundleQuota(const std::string &bundleName,
631 int32_t uid,
632 const std::string &bundleDataDirPath,
633 int32_t limitSizeMb)
634 {
635 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
636 return E_PERMISSION_DENIED;
637 }
638 return StorageManager::GetInstance().SetBundleQuota(bundleName, uid, bundleDataDirPath, limitSizeMb);
639 }
640
GetUserStorageStatsByType(int32_t userId,StorageStats & storageStats,const std::string & type)641 int32_t StorageManagerProvider::GetUserStorageStatsByType(int32_t userId,
642 StorageStats &storageStats,
643 const std::string &type)
644 {
645 if (IPCSkeleton::GetCallingUid() != BACKUP_SA_UID) {
646 LOGE("StorageManager permissionCheck error, calling uid is invalid, need backup_sa uid.");
647 return E_PERMISSION_DENIED;
648 }
649 return StorageManager::GetInstance().GetUserStorageStatsByType(userId, storageStats, type);
650 }
651
UpdateMemoryPara(int32_t size,int32_t & oldSize)652 int32_t StorageManagerProvider::UpdateMemoryPara(int32_t size, int32_t &oldSize)
653 {
654 if (IPCSkeleton::GetCallingUid() != BACKUP_SA_UID) {
655 LOGE("StorageManager permissionCheck error, calling uid is invalid, need backup_sa uid.");
656 return E_PERMISSION_DENIED;
657 }
658 oldSize = 0;
659 return StorageManager::GetInstance().UpdateMemoryPara(size, oldSize);
660 }
661
MountDfsDocs(int32_t userId,const std::string & relativePath,const std::string & networkId,const std::string & deviceId)662 int32_t StorageManagerProvider::MountDfsDocs(int32_t userId,
663 const std::string &relativePath,
664 const std::string &networkId,
665 const std::string &deviceId)
666 {
667 // Only for dfs create device dir and bind mount from DFS Docs.
668 if (IPCSkeleton::GetCallingUid() != DFS_UID) {
669 LOGE("HandleMountDfsDocs permissionCheck error, calling uid now is %{public}d, should be DFS_UID: %{public}d",
670 IPCSkeleton::GetCallingUid(), DFS_UID);
671 return E_PERMISSION_DENIED;
672 }
673 return StorageManager::GetInstance().MountDfsDocs(userId, relativePath, networkId, deviceId);
674 }
675
UMountDfsDocs(int32_t userId,const std::string & relativePath,const std::string & networkId,const std::string & deviceId)676 int32_t StorageManagerProvider::UMountDfsDocs(int32_t userId,
677 const std::string &relativePath,
678 const std::string &networkId,
679 const std::string &deviceId)
680 {
681 // Only for dfs create device dir and bind mount from DFS Docs.
682 if (IPCSkeleton::GetCallingUid() != DFS_UID) {
683 LOGE("HandleUMountDfsDocs permissionCheck error, calling uid now is %{public}d, should be DFS_UID: %{public}d",
684 IPCSkeleton::GetCallingUid(), DFS_UID);
685 return E_PERMISSION_DENIED;
686 }
687 return StorageManager::GetInstance().UMountDfsDocs(userId, relativePath, networkId, deviceId);
688 }
689
NotifyMtpMounted(const std::string & id,const std::string & path,const std::string & desc,const std::string & uuid)690 int32_t StorageManagerProvider::NotifyMtpMounted(const std::string &id,
691 const std::string &path,
692 const std::string &desc,
693 const std::string &uuid)
694 {
695 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
696 return E_PERMISSION_DENIED;
697 }
698 return StorageManager::GetInstance().NotifyMtpMounted(id, path, desc, uuid);
699 }
700
NotifyMtpUnmounted(const std::string & id,const std::string & path,bool isBadRemove)701 int32_t StorageManagerProvider::NotifyMtpUnmounted(const std::string &id, const std::string &path, bool isBadRemove)
702 {
703 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
704 return E_PERMISSION_DENIED;
705 }
706 return StorageManager::GetInstance().NotifyMtpUnmounted(id, path, isBadRemove);
707 }
708
MountMediaFuse(int32_t userId,int32_t & devFd)709 int32_t StorageManagerProvider::MountMediaFuse(int32_t userId, int32_t &devFd)
710 {
711 #ifdef STORAGE_SERVICE_MEDIA_FUSE
712 LOGI("StorageManagerProvider::MountMediaFuse start.");
713
714 // Only for medialibrary to mount fuse.
715 std::string bundleName;
716 int32_t uid = IPCSkeleton::GetCallingUid();
717 auto bundleMgr = BundleMgrConnector::GetInstance().GetBundleMgrProxy();
718 if (bundleMgr == nullptr) {
719 LOGE("Connect bundle manager sa proxy failed.");
720 return E_SERVICE_IS_NULLPTR;
721 }
722 if (!bundleMgr->GetBundleNameForUid(uid, bundleName)) {
723 LOGE("Invoke bundleMgr interface to get bundle name failed.");
724 return E_BUNDLEMGR_ERROR;
725 }
726 if (bundleName != MEDIALIBRARY_BUNDLE_NAME) {
727 LOGE("permissionCheck error, caller is %{public}s(%{public}d), should be %{public}s", bundleName.c_str(), uid,
728 MEDIALIBRARY_BUNDLE_NAME.c_str());
729 return E_PERMISSION_DENIED;
730 }
731 devFd = -1;
732 return StorageManager::GetInstance().MountMediaFuse(userId, devFd);
733 #endif
734 return E_OK;
735 }
736
UMountMediaFuse(int32_t userId)737 int32_t StorageManagerProvider::UMountMediaFuse(int32_t userId)
738 {
739 #ifdef STORAGE_SERVICE_MEDIA_FUSE
740 LOGI("StorageManagerStub::HandleUMountMediaFuse start.");
741
742 // Only for medialibrary to mount fuse.
743 std::string bundleName;
744 int32_t uid = IPCSkeleton::GetCallingUid();
745 auto bundleMgr = BundleMgrConnector::GetInstance().GetBundleMgrProxy();
746 if (bundleMgr == nullptr) {
747 LOGE("Connect bundle manager sa proxy failed.");
748 return E_SERVICE_IS_NULLPTR;
749 }
750 if (!bundleMgr->GetBundleNameForUid(uid, bundleName)) {
751 LOGE("Invoke bundleMgr interface to get bundle name failed.");
752 return E_BUNDLEMGR_ERROR;
753 }
754 if (bundleName != MEDIALIBRARY_BUNDLE_NAME) {
755 LOGE("permissionCheck error, caller is %{public}s(%{public}d), should be %{public}s", bundleName.c_str(), uid,
756 MEDIALIBRARY_BUNDLE_NAME.c_str());
757 return E_PERMISSION_DENIED;
758 }
759 return StorageManager::GetInstance().UMountMediaFuse(userId);
760 #endif
761 return E_OK;
762 }
763
MountFileMgrFuse(int32_t userId,const std::string & path,int32_t & fuseFd)764 int32_t StorageManagerProvider::MountFileMgrFuse(int32_t userId, const std::string &path, int32_t &fuseFd)
765 {
766 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
767 return E_PERMISSION_DENIED;
768 }
769
770 if (IsFilePathInvalid(path)) {
771 return E_PARAMS_INVALID;
772 }
773 fuseFd = -1;
774 return StorageManager::GetInstance().MountFileMgrFuse(userId, path, fuseFd);
775 }
776
UMountFileMgrFuse(int32_t userId,const std::string & path)777 int32_t StorageManagerProvider::UMountFileMgrFuse(int32_t userId, const std::string &path)
778 {
779 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
780 return E_PERMISSION_DENIED;
781 }
782
783 if (IsFilePathInvalid(path)) {
784 return E_PARAMS_INVALID;
785 }
786 return StorageManager::GetInstance().UMountFileMgrFuse(userId, path);
787 }
788
IsFileOccupied(const std::string & path,const std::vector<std::string> & inputList,std::vector<std::string> & outputList,bool & isOccupy)789 int32_t StorageManagerProvider::IsFileOccupied(const std::string &path,
790 const std::vector<std::string> &inputList,
791 std::vector<std::string> &outputList,
792 bool &isOccupy)
793 {
794 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER)) {
795 return E_PERMISSION_DENIED;
796 }
797
798 if (IsFilePathInvalid(path)) {
799 return E_PARAMS_INVALID;
800 }
801 isOccupy = false;
802 return StorageManager::GetInstance().IsFileOccupied(path, inputList, outputList, isOccupy);
803 }
804
ResetSecretWithRecoveryKey(uint32_t userId,uint32_t rkType,const std::vector<uint8_t> & key)805 int32_t StorageManagerProvider::ResetSecretWithRecoveryKey(uint32_t userId,
806 uint32_t rkType,
807 const std::vector<uint8_t> &key)
808 {
809 if (!CheckClientPermissionForCrypt(PERMISSION_STORAGE_MANAGER_CRYPT)) {
810 return E_PERMISSION_DENIED;
811 }
812 return StorageManager::GetInstance().ResetSecretWithRecoveryKey(userId, rkType, key);
813 }
814
MountDisShareFile(int32_t userId,const std::map<std::string,std::string> & shareFiles)815 int32_t StorageManagerProvider::MountDisShareFile(int32_t userId, const std::map<std::string, std::string> &shareFiles)
816 {
817 int32_t uid = IPCSkeleton::GetCallingUid();
818 if (uid != DFS_UID) {
819 LOGE("MountDisShareFile permissionCheck error, calling uid is %{public}d", uid);
820 return E_PERMISSION_DENIED;
821 }
822 return StorageManager::GetInstance().MountDisShareFile(userId, shareFiles);
823 }
824
UMountDisShareFile(int32_t userId,const std::string & networkId)825 int32_t StorageManagerProvider::UMountDisShareFile(int32_t userId, const std::string &networkId)
826 {
827 int32_t uid = IPCSkeleton::GetCallingUid();
828 if (uid != DFS_UID) {
829 LOGE("UMountDisShareFile permissionCheck error, calling uid is %{public}d", uid);
830 return E_PERMISSION_DENIED;
831 }
832 return StorageManager::GetInstance().UMountDisShareFile(userId, networkId);
833 }
834
InactiveUserPublicDirKey(uint32_t userId)835 int32_t StorageManagerProvider::InactiveUserPublicDirKey(uint32_t userId)
836 {
837 if (!CheckClientPermissionForCrypt(PERMISSION_STORAGE_MANAGER_CRYPT)) {
838 return E_PERMISSION_DENIED;
839 }
840 return StorageManager::GetInstance().InactiveUserPublicDirKey(userId);
841 }
842
RegisterUeceActivationCallback(const sptr<IUeceActivationCallback> & ueceCallback)843 int32_t StorageManagerProvider::RegisterUeceActivationCallback(const sptr<IUeceActivationCallback> &ueceCallback)
844 {
845 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER_CRYPT)) {
846 LOGE("Permission check failed, for storage_manager_crypt");
847 return E_PERMISSION_DENIED;
848 }
849 return StorageManager::GetInstance().RegisterUeceActivationCallback(ueceCallback);
850 }
851
UnregisterUeceActivationCallback()852 int32_t StorageManagerProvider::UnregisterUeceActivationCallback()
853 {
854 if (!CheckClientPermission(PERMISSION_STORAGE_MANAGER_CRYPT)) {
855 LOGE("Permission check failed, for storage_manager_crypt");
856 return E_PERMISSION_DENIED;
857 }
858 return StorageManager::GetInstance().UnregisterUeceActivationCallback();
859 }
860 } // namespace StorageManager
861 } // namespace OHOS
862