1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "iservice_registry.h"
16 #include "data_collect_manager.h"
17 #include <chrono>
18 #include "data_collect_manager_idl_proxy.h"
19 #include "data_collect_manager_idl.h"
20 #include "security_event_ruler.h"
21 #include "security_event_query_callback_service.h"
22 #include "security_guard_define.h"
23 #include "acquire_data_manager_callback_service.h"
24 #include "security_guard_log.h"
25 #include "security_guard_utils.h"
26 #include "data_collect_manager_callback_service.h"
27 #include "security_collector_manager_callback_service.h"
28 #include "security_collector_subscribe_info.h"
29
30 namespace {
31 constexpr uint32_t MAX_RESUB_COUNTS = 3;
32 const std::string SECURITY_GROUP = "securityGroup";
33 }
34
35 namespace OHOS::Security::SecurityGuard {
GetInstance()36 DataCollectManager& DataCollectManager::GetInstance()
37 {
38 static DataCollectManager instance;
39 return instance;
40 };
41
DataCollectManager()42 DataCollectManager::DataCollectManager() : callback_(new (std::nothrow) AcquireDataManagerCallbackService())
43 {
44 auto func = [this](const SecurityCollector::Event &event) {
45 std::lock_guard<std::mutex> lock(mutex_);
46 for (const auto &iter : subscribers_) {
47 if (iter->GetSubscribeInfo().GetEvent().eventId == event.eventId) {
48 iter->OnNotify(event);
49 }
50 }
51 };
52 if (callback_ != nullptr) {
53 callback_->RegistCallBack(func);
54 std::string timeStr = std::to_string(std::chrono::steady_clock::now().time_since_epoch().count());
55 std::string ptrStr = std::to_string(reinterpret_cast<int64_t>(callback_.GetRefPtr()));
56 std::size_t hash = std::hash<std::string>{}(timeStr + ptrStr);
57 sdkFlag_ = "sdk" + std::to_string(hash);
58 }
59 }
60
QuerySecurityEvent(std::vector<SecurityCollector::SecurityEventRuler> rulers,std::shared_ptr<SecurityEventQueryCallback> callback)61 int32_t DataCollectManager::QuerySecurityEvent(std::vector<SecurityCollector::SecurityEventRuler> rulers,
62 std::shared_ptr<SecurityEventQueryCallback> callback)
63 {
64 return QuerySecurityEvent(rulers, callback, SECURITY_GROUP);
65 }
66
QuerySecurityEvent(std::vector<SecurityCollector::SecurityEventRuler> rulers,std::shared_ptr<SecurityEventQueryCallback> callback,const std::string & eventGroup)67 int32_t DataCollectManager::QuerySecurityEvent(std::vector<SecurityCollector::SecurityEventRuler> rulers,
68 std::shared_ptr<SecurityEventQueryCallback> callback, const std::string &eventGroup)
69 {
70 if (callback == nullptr) {
71 SGLOGE("callback is null");
72 return NULL_OBJECT;
73 }
74 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
75 if (registry == nullptr) {
76 SGLOGE("GetSystemAbilityManager error");
77 return FAILED;
78 }
79
80 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
81 auto proxy = iface_cast<DataCollectManagerIdl>(object);
82 if (proxy == nullptr) {
83 SGLOGE("proxy is null");
84 return NULL_OBJECT;
85 }
86
87 auto obj = new (std::nothrow) SecurityEventQueryCallbackService(callback);
88 if (obj == nullptr) {
89 SGLOGE("obj is null");
90 return NULL_OBJECT;
91 }
92
93 int32_t ret = proxy->QuerySecurityEvent(rulers, obj, eventGroup);
94 if (ret != 0) {
95 SGLOGE("QuerySecurityEvent error, ret=%{public}d", ret);
96 return ret;
97 }
98 return 0;
99 }
100
QuerySecurityEventById(std::vector<SecurityCollector::SecurityEventRuler> rulers,std::shared_ptr<SecurityEventQueryCallback> callback,const std::string & eventGroup)101 int32_t DataCollectManager::QuerySecurityEventById(std::vector<SecurityCollector::SecurityEventRuler> rulers,
102 std::shared_ptr<SecurityEventQueryCallback> callback, const std::string &eventGroup)
103 {
104 if (callback == nullptr) {
105 SGLOGE("callback is null");
106 return NULL_OBJECT;
107 }
108 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
109 if (registry == nullptr) {
110 SGLOGE("GetSystemAbilityManager error");
111 return FAILED;
112 }
113
114 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
115 auto proxy = iface_cast<DataCollectManagerIdl>(object);
116 if (proxy == nullptr) {
117 SGLOGE("proxy is null");
118 return NULL_OBJECT;
119 }
120
121 auto obj = new (std::nothrow) SecurityEventQueryCallbackService(callback);
122 if (obj == nullptr) {
123 SGLOGE("obj is null");
124 return NULL_OBJECT;
125 }
126
127 int32_t ret = proxy->QuerySecurityEventById(rulers, obj, eventGroup);
128 if (ret != 0) {
129 SGLOGE("QuerySecurityEventById error, ret=%{public}d", ret);
130 return ret;
131 }
132 return 0;
133 }
134
QuerySecurityEventConfig(std::string & result)135 int32_t DataCollectManager::QuerySecurityEventConfig(std::string &result)
136 {
137 SGLOGI("Start DataCollectManager QuerySecurityEventConfig");
138 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
139 if (registry == nullptr) {
140 SGLOGE("GetSystemAbilityManager error");
141 return FAILED;
142 }
143 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
144 if (object == nullptr) {
145 SGLOGE("object is nullptr");
146 return FAILED;
147 }
148 auto proxy = iface_cast<DataCollectManagerIdl>(object);
149 if (proxy == nullptr) {
150 SGLOGE("proxy is null");
151 return FAILED;
152 }
153 return proxy->QuerySecurityEventConfig(result);
154 }
155
156 // LCOV_EXCL_START
OnRemoteDied(const wptr<IRemoteObject> & remote)157 void DataCollectManager::DeathRecipient::OnRemoteDied(const wptr<IRemoteObject> &remote)
158 {
159 if (remote == nullptr) {
160 SGLOGE("remote object is nullptr");
161 return;
162 }
163 sptr<IRemoteObject> object = remote.promote();
164 if (object == nullptr) {
165 SGLOGE("object is nullptr");
166 return;
167 }
168 object->RemoveDeathRecipient(this);
169 DataCollectManager::GetInstance().HandleDecipient();
170 }
171
HandleDecipient()172 void DataCollectManager::HandleDecipient()
173 {
174 std::set<std::shared_ptr<SecurityCollector::ICollectorSubscriber>> tmp {};
175 {
176 std::lock_guard<std::mutex> lock(mutex_);
177 if (count_ >= MAX_RESUB_COUNTS) {
178 SGLOGE("reSubscriber too many times");
179 return;
180 }
181 if (callback_ == nullptr) {
182 SGLOGE("callback is nullptr");
183 return;
184 }
185 subscribers_.swap(tmp);
186 }
187 // wait sg start up
188 sleep(1);
189 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
190 if (registry == nullptr) {
191 SGLOGE("GetSystemAbilityManager error");
192 return;
193 }
194 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
195 auto proxy = iface_cast<DataCollectManagerIdl>(object);
196 if (proxy == nullptr) {
197 SGLOGE("proxy is null");
198 return;
199 }
200 if (deathRecipient_ == nullptr || !object->AddDeathRecipient(deathRecipient_)) {
201 SGLOGE("Failed to add death recipient");
202 return;
203 }
204 for (const auto &iter : tmp) {
205 int32_t ret = Subscribe(iter);
206 if (ret != SUCCESS) {
207 SGLOGE("ReSubscribe fail, ret=%{public}d", ret);
208 }
209 }
210 {
211 std::lock_guard<std::mutex> lock(mutex_);
212 count_++;
213 }
214 }
215
SetDeathRecipient(const sptr<IRemoteObject> & remote)216 int32_t DataCollectManager::SetDeathRecipient(const sptr<IRemoteObject> &remote)
217 {
218 if (deathRecipient_ == nullptr) {
219 deathRecipient_ = new (std::nothrow) DeathRecipient();
220 if (deathRecipient_ == nullptr) {
221 SGLOGE("deathRecipient_ is nullptr.");
222 return NULL_OBJECT;
223 }
224 if (!remote->AddDeathRecipient(deathRecipient_)) {
225 SGLOGE("Failed to add death recipient");
226 }
227 }
228 return SUCCESS;
229 }
230 // LCOV_EXCL_STOP
Subscribe(const std::shared_ptr<SecurityCollector::ICollectorSubscriber> & subscriber)231 int32_t DataCollectManager::Subscribe(const std::shared_ptr<SecurityCollector::ICollectorSubscriber> &subscriber)
232 {
233 SGLOGI("enter DataCollectManager Subscribe");
234 if (subscriber == nullptr) {
235 SGLOGE("subscriber is nullptr");
236 return NULL_OBJECT;
237 }
238 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
239 if (registry == nullptr) {
240 SGLOGE("GetSystemAbilityManager error");
241 return NULL_OBJECT;
242 }
243 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
244 auto proxy = iface_cast<DataCollectManagerIdl>(object);
245 if (proxy == nullptr) {
246 SGLOGE("proxy is null");
247 return NULL_OBJECT;
248 }
249 {
250 std::lock_guard<std::mutex> lock(mutex_);
251 if (callback_ == nullptr) {
252 SGLOGE("callback_ is nullptr");
253 return NULL_OBJECT;
254 }
255 if (subscribers_.count(subscriber) != 0) {
256 SGLOGE("Already subscribed");
257 return BAD_PARAM;
258 }
259 int32_t ret = SetDeathRecipient(object);
260 if (ret != SUCCESS) {
261 SGLOGI("SetDeathRecipient fail, ret=%{public}d", ret);
262 return ret;
263 }
264 }
265 if (!IsCurrentSubscriberEventIdExist(subscriber)) {
266 int32_t ret = proxy->Subscribe(subscriber->GetSubscribeInfo(), callback_, sdkFlag_);
267 if (ret != SUCCESS) {
268 SGLOGI("Subscribe result, ret=%{public}d", ret);
269 return ret;
270 }
271 }
272 {
273 std::lock_guard<std::mutex> lock(mutex_);
274 subscribers_.insert(subscriber);
275 SGLOGI("current subscrbe size %{public}zu", subscribers_.size());
276 }
277 return SUCCESS;
278 }
279
Unsubscribe(const std::shared_ptr<SecurityCollector::ICollectorSubscriber> & subscriber)280 int32_t DataCollectManager::Unsubscribe(const std::shared_ptr<SecurityCollector::ICollectorSubscriber> &subscriber)
281 {
282 SGLOGI("enter DataCollectManager UnSubscribe");
283 if (subscriber == nullptr) {
284 SGLOGE("subscriber is nullptr");
285 return NULL_OBJECT;
286 }
287 {
288 std::lock_guard<std::mutex> lock(mutex_);
289 if (callback_ == nullptr) {
290 SGLOGE("callback is null");
291 return NULL_OBJECT;
292 }
293 if (subscribers_.count(subscriber) == 0) {
294 SGLOGE("Not subscribed");
295 return BAD_PARAM;
296 }
297 }
298 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
299 if (registry == nullptr) {
300 SGLOGE("GetSystemAbilityManager error");
301 return NULL_OBJECT;
302 }
303 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
304 auto proxy = iface_cast<DataCollectManagerIdl>(object);
305 if (proxy == nullptr) {
306 SGLOGE("proxy is null");
307 return NULL_OBJECT;
308 }
309 {
310 std::lock_guard<std::mutex> lock(mutex_);
311 subscribers_.erase(subscriber);
312 }
313 if (!IsCurrentSubscriberEventIdExist(subscriber)) {
314 int32_t ret = proxy->Unsubscribe(subscriber->GetSubscribeInfo(), callback_, sdkFlag_);
315 if (ret != SUCCESS) {
316 {
317 std::lock_guard<std::mutex> lock(mutex_);
318 subscribers_.insert(subscriber);
319 }
320 return ret;
321 }
322 SGLOGI("Unsubscribe result, ret=%{public}d", ret);
323 }
324 {
325 std::lock_guard<std::mutex> lock(mutex_);
326 SGLOGI("current subscrbe size %{public}zu", subscribers_.size());
327 }
328 return SUCCESS;
329 }
330
IsCurrentSubscriberEventIdExist(const std::shared_ptr<SecurityCollector::ICollectorSubscriber> & sub)331 bool DataCollectManager::IsCurrentSubscriberEventIdExist(
332 const std::shared_ptr<SecurityCollector::ICollectorSubscriber> &sub)
333 {
334 std::lock_guard<std::mutex> lock(mutex_);
335 for (const auto &i : subscribers_) {
336 if (i->GetSubscribeInfo().GetEvent().eventId == sub->GetSubscribeInfo().GetEvent().eventId) {
337 return true;
338 }
339 }
340 return false;
341 }
342
ReportSecurityEvent(const std::shared_ptr<EventInfo> & info,bool isSync)343 int32_t DataCollectManager::ReportSecurityEvent(const std::shared_ptr<EventInfo> &info, bool isSync)
344 {
345 SGLOGD("enter DataCollectManager ReportSecurityEvent");
346 if (info == nullptr) {
347 return BAD_PARAM;
348 }
349 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
350 if (registry == nullptr) {
351 SGLOGE("GetSystemAbilityManager error");
352 return NULL_OBJECT;
353 }
354 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
355 auto proxy = iface_cast<DataCollectManagerIdl>(object);
356 if (proxy == nullptr) {
357 SGLOGE("proxy is null");
358 return NULL_OBJECT;
359 }
360
361 int64_t eventId = info->GetEventId();
362 std::string version = info->GetVersion();
363 std::string content = info->GetContent();
364 std::string date = SecurityGuardUtils::GetDate();
365 int32_t ret = SUCCESS;
366 if (isSync) {
367 ret = proxy->RequestDataSubmit(eventId, version, date, content);
368 } else {
369 ret = proxy->RequestDataSubmitAsync(eventId, version, date, content);
370 }
371 if (ret != SUCCESS) {
372 SGLOGE("RequestSecurityInfo error, ret=%{public}d", ret);
373 return ret;
374 }
375 return SUCCESS;
376 }
377
SecurityGuardConfigUpdate(int32_t fd,const std::string & name)378 int32_t DataCollectManager::SecurityGuardConfigUpdate(int32_t fd, const std::string &name)
379 {
380 SGLOGI("enter DataCollectManager SecurityGuardConfigUpdate");
381 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
382 if (registry == nullptr) {
383 SGLOGE("GetSystemAbilityManager error");
384 return NULL_OBJECT;
385 }
386 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
387 auto proxy = iface_cast<DataCollectManagerIdl>(object);
388 if (proxy == nullptr) {
389 SGLOGE("proxy is null");
390 return NULL_OBJECT;
391 }
392 int32_t ret = proxy->ConfigUpdate(fd, name);
393 if (ret != SUCCESS) {
394 SGLOGE("ConfigUpdate error, ret=%{public}d", ret);
395 return ret;
396 }
397 return SUCCESS;
398 }
399
StartCollector(const SecurityCollector::Event & event,int64_t duration)400 int32_t DataCollectManager::StartCollector(const SecurityCollector::Event &event,
401 int64_t duration)
402 {
403 SGLOGI("enter DataCollectManager StartCollector");
404 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
405 if (registry == nullptr) {
406 SGLOGE("GetSystemAbilityManager error");
407 return NULL_OBJECT;
408 }
409
410 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
411 auto proxy = iface_cast<DataCollectManagerIdlProxy>(object);
412 if (proxy == nullptr) {
413 SGLOGE("proxy is null");
414 return NULL_OBJECT;
415 }
416
417 SecurityCollector::SecurityCollectorSubscribeInfo subscriberInfo{event, duration, true};
418 sptr<SecurityCollector::SecurityCollectorManagerCallbackService> callback =
419 new (std::nothrow) SecurityCollector::SecurityCollectorManagerCallbackService(nullptr);
420 if (callback == nullptr) {
421 SGLOGE("callback is null");
422 return NULL_OBJECT;
423 }
424
425 int32_t ret = proxy->CollectorStart(subscriberInfo, callback);
426 SGLOGI("StartCollector result, ret=%{public}d", ret);
427 return ret;
428 }
429
StopCollector(const SecurityCollector::Event & event)430 int32_t DataCollectManager::StopCollector(const SecurityCollector::Event &event)
431 {
432 SGLOGI("in DataCollectManager StopCollector");
433 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
434 if (registry == nullptr) {
435 SGLOGE("GetSystemAbilityManager error");
436 return NULL_OBJECT;
437 }
438
439 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
440 auto proxy = iface_cast<DataCollectManagerIdlProxy>(object);
441 if (proxy == nullptr) {
442 SGLOGE("proxy is null");
443 return NULL_OBJECT;
444 }
445
446 SecurityCollector::SecurityCollectorSubscribeInfo subscriberInfo{event, -1, true};
447 sptr<SecurityCollector::SecurityCollectorManagerCallbackService> callback =
448 new (std::nothrow) SecurityCollector::SecurityCollectorManagerCallbackService(nullptr);
449 if (callback == nullptr) {
450 SGLOGE("callback is null");
451 return NULL_OBJECT;
452 }
453
454 int32_t ret = proxy->CollectorStop(subscriberInfo, callback);
455 SGLOGI("StopCollector result, ret=%{public}d", ret);
456 return ret;
457 }
458
RequestSecurityEventInfo(std::string & devId,std::string & eventList,RequestRiskDataCallback callback)459 int32_t DataCollectManager::RequestSecurityEventInfo(std::string &devId, std::string &eventList,
460 RequestRiskDataCallback callback)
461 {
462 auto registry = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
463 if (registry == nullptr) {
464 SGLOGE("GetSystemAbilityManager error");
465 return NULL_OBJECT;
466 }
467
468 auto object = registry->GetSystemAbility(DATA_COLLECT_MANAGER_SA_ID);
469 auto proxy = iface_cast<DataCollectManagerIdlProxy>(object);
470 if (proxy == nullptr) {
471 SGLOGE("proxy is null");
472 return NULL_OBJECT;
473 }
474
475 auto obj = new (std::nothrow) DataCollectManagerCallbackService(callback);
476 if (obj == nullptr) {
477 SGLOGE("stub is null");
478 return NULL_OBJECT;
479 }
480 int32_t ret = proxy->RequestRiskData(devId, eventList, obj);
481 if (ret != 0) {
482 SGLOGE("RequestSecurityEventInfo error, ret=%{public}d", ret);
483 return ret;
484 }
485 return SUCCESS;
486 }
487 }