1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "sec_comp_entity.h"
16
17 #include <chrono>
18 #include "bundle_mgr_client.h"
19 #include "datashare_helper.h"
20 #include "hisysevent.h"
21 #include "ipc_skeleton.h"
22 #include "iservice_registry.h"
23 #include "isec_comp_service.h"
24 #include "sec_comp_err.h"
25 #include "sec_comp_enhance_adapter.h"
26 #include "sec_comp_info_helper.h"
27 #include "sec_comp_log.h"
28 #include "window_info_helper.h"
29
30 namespace OHOS {
31 namespace Security {
32 namespace SecurityComponent {
33 namespace {
34 constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_SECURITY_COMPONENT, "SecCompEntity"};
35 static constexpr uint64_t MAX_TOUCH_INTERVAL = 1000000L; // 1000ms
36 static constexpr uint64_t TIME_CONVERSION_UNIT = 1000;
37 static constexpr uint32_t FOLD_VIRTUAL_DISPLAY_ID = 999;
38 }
39
GrantTempPermission()40 int32_t SecCompEntity::GrantTempPermission()
41 {
42 isGrant_ = true;
43 return SecCompPermManager::GetInstance().GrantTempPermission(tokenId_, componentInfo_);
44 }
45
CompareComponentBasicInfo(SecCompBase * other,bool isRectCheck) const46 bool SecCompEntity::CompareComponentBasicInfo(SecCompBase* other, bool isRectCheck) const
47 {
48 return componentInfo_->CompareComponentBasicInfo(other, isRectCheck);
49 }
50
CheckPointEvent(SecCompClickEvent & clickInfo,int32_t superFoldOffsetY,const CrossAxisState crossAxisState) const51 int32_t SecCompEntity::CheckPointEvent(SecCompClickEvent& clickInfo, int32_t superFoldOffsetY,
52 const CrossAxisState crossAxisState) const
53 {
54 auto current = static_cast<uint64_t>(
55 std::chrono::high_resolution_clock::now().time_since_epoch().count()) / TIME_CONVERSION_UNIT;
56 if (clickInfo.point.timestamp < current - MAX_TOUCH_INTERVAL || clickInfo.point.timestamp > current) {
57 SC_LOG_ERROR(LABEL, "touch timestamp invalid clickInfo. timestamp: %{public}llu, current: %{public}llu",
58 static_cast<unsigned long long>(clickInfo.point.timestamp), static_cast<unsigned long long>(current));
59 return SC_SERVICE_ERROR_CLICK_EVENT_INVALID;
60 }
61
62 if (!componentInfo_->rect_.IsInRect(clickInfo.point.touchX, clickInfo.point.touchY)) {
63 if ((crossAxisState == CrossAxisState::STATE_CROSS) &&
64 componentInfo_->rect_.IsInRect(clickInfo.point.touchX, clickInfo.point.touchY + superFoldOffsetY)) {
65 clickInfo.point.touchY += superFoldOffsetY;
66 SC_LOG_INFO(LABEL, "Fold PC cross state and component is in PC virtual screen.");
67 return SC_OK;
68 }
69 SC_LOG_ERROR(LABEL, "touch point is not in component rect = (%{public}f, %{public}f)" \
70 "left top point of component rect = (%{public}f, %{public}f)" \
71 "right bottom point of component rect = (%{public}f, %{public}f)",
72 clickInfo.point.touchX, clickInfo.point.touchY, componentInfo_->rect_.x_, componentInfo_->rect_.y_,
73 componentInfo_->rect_.x_ + componentInfo_->rect_.width_,
74 componentInfo_->rect_.y_ + componentInfo_->rect_.height_);
75 return SC_SERVICE_ERROR_CLICK_EVENT_INVALID;
76 }
77 return SC_OK;
78 }
79
CheckKeyEvent(const SecCompClickEvent & clickInfo) const80 int32_t SecCompEntity::CheckKeyEvent(const SecCompClickEvent& clickInfo) const
81 {
82 auto current = static_cast<uint64_t>(
83 std::chrono::high_resolution_clock::now().time_since_epoch().count()) / TIME_CONVERSION_UNIT;
84 if (clickInfo.key.timestamp < current - MAX_TOUCH_INTERVAL || clickInfo.key.timestamp > current) {
85 SC_LOG_ERROR(LABEL, "keyboard timestamp invalid clickInfo. timestamp: %{public}llu, current: %{public}llu",
86 static_cast<unsigned long long>(clickInfo.key.timestamp), static_cast<unsigned long long>(current));
87 return SC_SERVICE_ERROR_CLICK_EVENT_INVALID;
88 }
89 if ((clickInfo.key.keyCode != KEY_SPACE) && (clickInfo.key.keyCode != KEY_ENTER) &&
90 (clickInfo.key.keyCode != KEY_NUMPAD_ENTER)) {
91 SC_LOG_ERROR(LABEL, "keyboard keyCode invalid.");
92 return SC_SERVICE_ERROR_CLICK_EVENT_INVALID;
93 }
94
95 return SC_OK;
96 }
97
IsInPCVirtualScreen(const CrossAxisState crossAxisState) const98 bool SecCompEntity::IsInPCVirtualScreen(const CrossAxisState crossAxisState) const
99 {
100 bool isInPCVirtualScreen = false;
101 if (componentInfo_->displayId_ == FOLD_VIRTUAL_DISPLAY_ID) {
102 if (crossAxisState == CrossAxisState::STATE_NO_CROSS) {
103 isInPCVirtualScreen = true;
104 } else {
105 SC_LOG_WARN(LABEL, "Security component maybe in PC virtual screen, the cross axis state is %{public}d",
106 static_cast<int32_t>(crossAxisState));
107 }
108 }
109 return isInPCVirtualScreen;
110 }
111
CheckClickInfo(SecCompClickEvent & clickInfo,int32_t superFoldOffsetY,const CrossAxisState crossAxisState,std::string & message)112 int32_t SecCompEntity::CheckClickInfo(SecCompClickEvent& clickInfo, int32_t superFoldOffsetY,
113 const CrossAxisState crossAxisState, std::string& message)
114 {
115 bool isInPCVirtualScreen = IsInPCVirtualScreen(crossAxisState);
116 SC_LOG_INFO(LABEL, "The cross axis state: %{public}d, the fold offset y: %{public}d.",
117 static_cast<int32_t>(crossAxisState), superFoldOffsetY);
118 if (isInPCVirtualScreen && clickInfo.type == ClickEventType::POINT_EVENT_TYPE) {
119 clickInfo.point.touchY += superFoldOffsetY;
120 componentInfo_->rect_.y_ += superFoldOffsetY;
121 }
122 message.clear();
123 if ((GetType() != SecCompType::SAVE_COMPONENT) &&
124 !WindowInfoHelper::CheckOtherWindowCoverComp(componentInfo_->windowId_, componentInfo_->rect_, message)) {
125 SC_LOG_ERROR(LABEL, "Component may be covered by other window");
126 if (!AllowToBypassSecurityCheck(message)) {
127 return SC_SERVICE_ERROR_CLICK_EVENT_INVALID;
128 }
129 }
130
131 int32_t res = SC_SERVICE_ERROR_CLICK_EVENT_INVALID;
132 if (clickInfo.type == ClickEventType::POINT_EVENT_TYPE) {
133 res = CheckPointEvent(clickInfo, superFoldOffsetY, crossAxisState);
134 } else if (clickInfo.type == ClickEventType::ACCESSIBILITY_EVENT_TYPE) {
135 SC_LOG_WARN(LABEL, "Device is in screen read mode.");
136 res = SC_OK;
137 } else if (clickInfo.type == ClickEventType::KEY_EVENT_TYPE) {
138 res = CheckKeyEvent(clickInfo);
139 }
140 if (res != SC_OK) {
141 return res;
142 }
143
144 res = SecCompEnhanceAdapter::CheckExtraInfo(clickInfo);
145 if (res == SC_SERVICE_ERROR_CLICK_EVENT_INVALID) {
146 SC_LOG_ERROR(LABEL, "Click ExtraInfo is invalid");
147 return res;
148 }
149
150 if ((res != SC_OK) && (res != SC_ENHANCE_ERROR_NOT_EXIST_ENHANCE)) {
151 SC_LOG_ERROR(LABEL, "HMAC checkout failed");
152 int32_t uid = IPCSkeleton::GetCallingUid();
153 OHOS::AppExecFwk::BundleMgrClient bmsClient;
154 std::string bundleName = "";
155 bmsClient.GetNameForUid(uid, bundleName);
156 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CLICK_INFO_CHECK_FAILED",
157 HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName,
158 "CALLER_PID", IPCSkeleton::GetCallingPid(), "SC_ID", scId_, "SC_TYPE", componentInfo_->type_);
159 return SC_ENHANCE_ERROR_CLICK_EXTRA_CHECK_FAIL;
160 }
161 return SC_OK;
162 }
163 } // namespace SecurityComponent
164 } // namespace Security
165 } // namespace OHOS
166