1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "sec_comp_monitor.h"
16
17 #include "access_token.h"
18 #include "access_token_error.h"
19 #include "accesstoken_kit.h"
20 #include "accesstoken_common_log.h"
21 #include "accesstoken_info_manager.h"
22 #include "app_manager_access_client.h"
23 #include "ipc_skeleton.h"
24 #include "securec.h"
25 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
26 #include "sec_comp_enhance_agent.h"
27 #endif
28
29 namespace OHOS {
30 namespace Security {
31 namespace AccessToken {
32 namespace {
33 static std::mutex g_instanceMutex;
34 constexpr int32_t APP_STATE_CACHED = 100;
35 }
OnProcessDied(const ProcessData & processData)36 void SecCompUsageObserver::OnProcessDied(const ProcessData &processData)
37 {
38 LOGI(ATM_DOMAIN, ATM_TAG, "OnProcessDied pid %{public}d", processData.pid);
39 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
40 SecCompEnhanceAgent::GetInstance().RemoveSecCompEnhance(processData.pid);
41 #endif
42 SecCompMonitor::GetInstance().RemoveProcessFromForegroundList(processData.pid);
43 }
44
OnProcessStateChanged(const ProcessData & processData)45 void SecCompUsageObserver::OnProcessStateChanged(const ProcessData &processData)
46 {
47 LOGI(ATM_DOMAIN, ATM_TAG, "OnChange pid=%{public}d.", processData.pid);
48
49 if (processData.state != AppProcessState::APP_STATE_BACKGROUND) {
50 return;
51 }
52 SecCompMonitor::GetInstance().RemoveProcessFromForegroundList(processData.pid);
53 }
54
OnAppCacheStateChanged(const AppStateData & appStateData)55 void SecCompUsageObserver::OnAppCacheStateChanged(const AppStateData &appStateData)
56 {
57 LOGI(ATM_DOMAIN, ATM_TAG, "OnAppCacheStateChanged pid %{public}d", appStateData.pid);
58 if (appStateData.state != APP_STATE_CACHED) {
59 return;
60 }
61
62 SecCompMonitor::GetInstance().RemoveProcessFromForegroundList(appStateData.pid);
63 }
64
NotifyAppManagerDeath()65 void SecCompAppManagerDeathCallback::NotifyAppManagerDeath()
66 {
67 LOGI(ATM_DOMAIN, ATM_TAG, "AppManagerDeath called");
68
69 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
70 SecCompEnhanceAgent::GetInstance().OnAppMgrRemoteDiedHandle();
71 #endif
72 SecCompMonitor::GetInstance().OnAppMgrRemoteDiedHandle();
73 }
74
IsToastShownNeeded(int32_t pid)75 bool SecCompMonitor::IsToastShownNeeded(int32_t pid)
76 {
77 std::lock_guard<std::mutex> lock(appfgLock_);
78 InitAppObserver();
79 auto iter = appsInForeground_.find(pid);
80 if (iter != appsInForeground_.end()) {
81 return false;
82 }
83
84 appsInForeground_.insert(pid);
85 return true;
86 }
87
RemoveProcessFromForegroundList(int32_t pid)88 void SecCompMonitor::RemoveProcessFromForegroundList(int32_t pid)
89 {
90 std::lock_guard<std::mutex> lock(appfgLock_);
91 auto iter = appsInForeground_.find(pid);
92 if (iter == appsInForeground_.end()) {
93 return;
94 }
95 LOGI(ATM_DOMAIN, ATM_TAG, "Process pid=%{public}d removed from foreground list.", pid);
96 appsInForeground_.erase(pid);
97 }
98
GetInstance()99 SecCompMonitor& SecCompMonitor::GetInstance()
100 {
101 static SecCompMonitor* instance = nullptr;
102 if (instance == nullptr) {
103 std::lock_guard<std::mutex> lock(g_instanceMutex);
104 if (instance == nullptr) {
105 SecCompMonitor* tmp = new (std::nothrow) SecCompMonitor();
106 instance = std::move(tmp);
107 }
108 }
109 return *instance;
110 }
111
InitAppObserver()112 void SecCompMonitor::InitAppObserver()
113 {
114 {
115 std::lock_guard<std::mutex> lock(observerMutex_);
116 if (observer_ != nullptr) {
117 return;
118 }
119 observer_ = new (std::nothrow) SecCompUsageObserver();
120 if (observer_ == nullptr) {
121 LOGE(ATM_DOMAIN, ATM_TAG, "New observer failed.");
122 return;
123 }
124 if (AppManagerAccessClient::GetInstance().RegisterApplicationStateObserver(observer_) != 0) {
125 LOGE(ATM_DOMAIN, ATM_TAG, "Register observer failed.");
126 observer_ = nullptr;
127 return;
128 }
129 }
130 {
131 std::lock_guard<std::mutex> lock(appManagerDeathMutex_);
132 if (appManagerDeathCallback_ == nullptr) {
133 appManagerDeathCallback_ = std::make_shared<SecCompAppManagerDeathCallback>();
134 AppManagerAccessClient::GetInstance().RegisterDeathCallback(appManagerDeathCallback_);
135 }
136 }
137 }
138
SecCompMonitor()139 SecCompMonitor::SecCompMonitor()
140 {
141 InitAppObserver();
142 }
143
~SecCompMonitor()144 SecCompMonitor::~SecCompMonitor()
145 {
146 std::lock_guard<std::mutex> lock(observerMutex_);
147 if (observer_ != nullptr) {
148 (void)AppManagerAccessClient::GetInstance().UnregisterApplicationStateObserver(observer_);
149 observer_ = nullptr;
150 }
151 }
152
OnAppMgrRemoteDiedHandle()153 void SecCompMonitor::OnAppMgrRemoteDiedHandle()
154 {
155 LOGI(ATM_DOMAIN, ATM_TAG, "OnAppMgrRemoteDiedHandle.");
156 std::lock_guard<std::mutex> lock(observerMutex_);
157 if (observer_ != nullptr) {
158 (void)AppManagerAccessClient::GetInstance().UnregisterApplicationStateObserver(observer_);
159 observer_ = nullptr;
160 }
161 }
162 } // namespace AccessToken
163 } // namespace Security
164 } // namespace OHOS
165