1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dlp_permission_client.h"
17 #include <unistd.h>
18 #include "accesstoken_kit.h"
19 #include "dlp_permission_async_stub.h"
20 #include "dlp_permission_log.h"
21 #include "dlp_permission_service_proxy.h"
22 #include "ipc_skeleton.h"
23 #include "iservice_registry.h"
24 #include "os_account_manager.h"
25 #include "permission_policy.h"
26 #include "token_setproc.h"
27 #include "parameters.h"
28 #include "param_wrapper.h"
29
30 namespace OHOS {
31 namespace Security {
32 namespace DlpPermission {
33 using namespace OHOS::Security::AccessToken;
34 namespace {
35 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_DLP_PERMISSION, "DlpPermissionClient"};
36 static const int32_t DLP_PERMISSION_LOAD_SA_TIMEOUT_MS = 4000;
37 static const uint32_t MAX_CALLBACK_MAP_SIZE = 100;
38 static const std::string GRANT_SENSITIVE_PERMISSIONS = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS";
39 static const std::string DLP_ENABLE = "const.dlp.dlp_enable";
40 static const std::string TRUE_VALUE = "true";
41 static constexpr int32_t DLP_PERMISSION_SERVICE_SA_ID = 3521;
42
CheckSandboxFlag(AccessToken::AccessTokenID tokenId,bool & sandboxFlag)43 static int32_t CheckSandboxFlag(AccessToken::AccessTokenID tokenId, bool& sandboxFlag)
44 {
45 int32_t res = AccessToken::AccessTokenKit::GetHapDlpFlag(tokenId);
46 if (res < 0) {
47 DLP_LOG_ERROR(LABEL, "Invalid tokenId");
48 return res;
49 }
50 sandboxFlag = (res == 1);
51 return DLP_OK;
52 }
53 } // namespace
54
GetInstance()55 DlpPermissionClient& DlpPermissionClient::GetInstance()
56 {
57 static DlpPermissionClient instance;
58 return instance;
59 }
60
DlpPermissionClient()61 DlpPermissionClient::DlpPermissionClient()
62 {}
63
~DlpPermissionClient()64 DlpPermissionClient::~DlpPermissionClient()
65 {
66 CleanUpResource();
67 }
68
CleanUpResource()69 void DlpPermissionClient::CleanUpResource()
70 {
71 DLP_LOG_INFO(LABEL, "start CleanUpResource.");
72 std::unique_lock<std::mutex> lock(proxyMutex_);
73 if (proxy_ == nullptr) {
74 return;
75 }
76 auto remoteObj = proxy_->AsObject();
77 if (remoteObj == nullptr) {
78 return;
79 }
80 if (serviceDeathObserver_ != nullptr) {
81 DLP_LOG_INFO(LABEL, "start removeDeathRecipient.");
82 remoteObj->RemoveDeathRecipient(serviceDeathObserver_);
83 serviceDeathObserver_ = nullptr;
84 }
85 proxy_ = nullptr;
86 DLP_LOG_INFO(LABEL, "CleanUpResource end.");
87 }
88
CleanUp()89 extern "C" __attribute__((destructor)) void CleanUp()
90 {
91 DLP_LOG_INFO(LABEL, "start CleanUpResource with destructor.");
92 DlpPermissionClient::GetInstance().CleanUpResource();
93 }
94
IsFeatureProvidedWithDlp()95 static bool IsFeatureProvidedWithDlp()
96 {
97 std::string value = OHOS::system::GetParameter(DLP_ENABLE, "");
98 return (value == TRUE_VALUE);
99 }
100
GenerateDlpCertificate(const PermissionPolicy & policy,std::shared_ptr<GenerateDlpCertificateCallback> callback)101 int32_t DlpPermissionClient::GenerateDlpCertificate(
102 const PermissionPolicy& policy, std::shared_ptr<GenerateDlpCertificateCallback> callback)
103 {
104 if (!policy.IsValid() || callback == nullptr) {
105 return DLP_SERVICE_ERROR_VALUE_INVALID;
106 }
107 auto proxy = GetProxy(true);
108 if (proxy == nullptr) {
109 DLP_LOG_ERROR(LABEL, "Proxy is null");
110 return DLP_SERVICE_ERROR_SERVICE_NOT_EXIST;
111 }
112
113 sptr<DlpPolicyParcel> policyParcel = new (std::nothrow) DlpPolicyParcel();
114 if (policyParcel == nullptr) {
115 DLP_LOG_ERROR(LABEL, "New memory fail");
116 return DLP_SERVICE_ERROR_MEMORY_OPERATE_FAIL;
117 }
118 policyParcel->policyParams_.CopyPermissionPolicy(policy);
119
120 sptr<IDlpPermissionCallback> asyncStub = new (std::nothrow) DlpPermissionAsyncStub(callback);
121 if (asyncStub == nullptr) {
122 DLP_LOG_ERROR(LABEL, "New memory fail");
123 return DLP_SERVICE_ERROR_MEMORY_OPERATE_FAIL;
124 }
125
126 return proxy->GenerateDlpCertificate(policyParcel, asyncStub);
127 }
128
ParseDlpCertificate(sptr<CertParcel> & certParcel,std::shared_ptr<ParseDlpCertificateCallback> callback,const std::string & appId,bool offlineAccess)129 int32_t DlpPermissionClient::ParseDlpCertificate(sptr<CertParcel>& certParcel,
130 std::shared_ptr<ParseDlpCertificateCallback> callback, const std::string& appId, bool offlineAccess)
131 {
132 if (callback == nullptr || certParcel->cert.size() == 0) {
133 return DLP_SERVICE_ERROR_VALUE_INVALID;
134 }
135 auto proxy = GetProxy(true);
136 if (proxy == nullptr) {
137 DLP_LOG_ERROR(LABEL, "Proxy is null");
138 return DLP_SERVICE_ERROR_SERVICE_NOT_EXIST;
139 }
140
141 sptr<IDlpPermissionCallback> asyncStub = new (std::nothrow) DlpPermissionAsyncStub(callback);
142 if (asyncStub == nullptr) {
143 DLP_LOG_ERROR(LABEL, "New memory fail");
144 return DLP_SERVICE_ERROR_MEMORY_OPERATE_FAIL;
145 }
146
147 return proxy->ParseDlpCertificate(certParcel, asyncStub, appId, offlineAccess);
148 }
149
InstallDlpSandbox(const std::string & bundleName,DLPFileAccess dlpFileAccess,int32_t userId,SandboxInfo & sandboxInfo,const std::string & uri)150 int32_t DlpPermissionClient::InstallDlpSandbox(const std::string& bundleName, DLPFileAccess dlpFileAccess,
151 int32_t userId, SandboxInfo& sandboxInfo, const std::string& uri)
152 {
153 if (bundleName.empty() ||
154 dlpFileAccess > DLPFileAccess::FULL_CONTROL || dlpFileAccess <= DLPFileAccess::NO_PERMISSION || uri.empty()) {
155 return DLP_SERVICE_ERROR_VALUE_INVALID;
156 }
157 auto proxy = GetProxy(true);
158 if (proxy == nullptr) {
159 DLP_LOG_ERROR(LABEL, "Proxy is null");
160 return DLP_SERVICE_ERROR_SERVICE_NOT_EXIST;
161 }
162
163 return proxy->InstallDlpSandbox(bundleName, dlpFileAccess, userId, sandboxInfo, uri);
164 }
165
UninstallDlpSandbox(const std::string & bundleName,int32_t appIndex,int32_t userId)166 int32_t DlpPermissionClient::UninstallDlpSandbox(const std::string& bundleName, int32_t appIndex, int32_t userId)
167 {
168 if (bundleName.empty() || appIndex < 0 || userId < 0) {
169 return DLP_SERVICE_ERROR_VALUE_INVALID;
170 }
171 auto proxy = GetProxy(true);
172 if (proxy == nullptr) {
173 DLP_LOG_ERROR(LABEL, "Proxy is null");
174 return DLP_SERVICE_ERROR_SERVICE_NOT_EXIST;
175 }
176
177 return proxy->UninstallDlpSandbox(bundleName, appIndex, userId);
178 }
179
CheckAllowAbilityList(const std::string & bundleName)180 static bool CheckAllowAbilityList(const std::string& bundleName)
181 {
182 int32_t userId;
183 int32_t res = OHOS::AccountSA::OsAccountManager::GetForegroundOsAccountLocalId(userId);
184 if (res != 0) {
185 DLP_LOG_ERROR(LABEL, "GetForegroundOsAccountLocalId failed %{public}d", res);
186 return false;
187 }
188 AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(userId, bundleName, 0);
189 if (tokenId == 0) {
190 DLP_LOG_ERROR(LABEL, "GetHapTokenID is 0");
191 return false;
192 }
193 return PERMISSION_GRANTED == AccessTokenKit::VerifyAccessToken(tokenId, GRANT_SENSITIVE_PERMISSIONS);
194 }
195
GetSandboxExternalAuthorization(int sandboxUid,const AAFwk::Want & want,SandBoxExternalAuthorType & auth)196 int32_t DlpPermissionClient::GetSandboxExternalAuthorization(
197 int sandboxUid, const AAFwk::Want& want, SandBoxExternalAuthorType& auth)
198 {
199 bool sandboxFlag;
200 if (CheckSandboxFlag(IPCSkeleton::GetCallingTokenID(), sandboxFlag) != DLP_OK) {
201 return DLP_SERVICE_ERROR_VALUE_INVALID;
202 }
203 if (!sandboxFlag) {
204 DLP_LOG_ERROR(LABEL, "Forbid called by a non-sandbox app");
205 return DLP_SERVICE_ERROR_API_ONLY_FOR_SANDBOX_ERROR;
206 }
207 if (CheckAllowAbilityList(want.GetBundle())) {
208 auth = SandBoxExternalAuthorType::ALLOW_START_ABILITY;
209 return DLP_OK;
210 }
211 auto proxy = GetProxy(false);
212 if (proxy == nullptr) {
213 DLP_LOG_ERROR(LABEL, "Proxy is null, dlpmanager service no start.");
214 return DLP_SERVICE_ERROR_SERVICE_NOT_EXIST;
215 }
216
217 if (sandboxUid < 0) {
218 return DLP_SERVICE_ERROR_VALUE_INVALID;
219 }
220
221 return proxy->GetSandboxExternalAuthorization(sandboxUid, want, auth);
222 }
223
QueryDlpFileCopyableByTokenId(bool & copyable,uint32_t tokenId)224 int32_t DlpPermissionClient::QueryDlpFileCopyableByTokenId(bool& copyable, uint32_t tokenId)
225 {
226 bool sandboxFlag;
227 if ((tokenId == 0) || (CheckSandboxFlag(tokenId, sandboxFlag) != DLP_OK)) {
228 return DLP_SERVICE_ERROR_VALUE_INVALID;
229 }
230
231 if (!sandboxFlag) {
232 DLP_LOG_INFO(LABEL, "it is not a sandbox app");
233 copyable = true;
234 return DLP_OK;
235 }
236
237 auto proxy = GetProxy(false);
238 if (proxy == nullptr) {
239 DLP_LOG_ERROR(LABEL, "Proxy is null");
240 copyable = false;
241 return DLP_OK;
242 }
243
244 return proxy->QueryDlpFileCopyableByTokenId(copyable, tokenId);
245 }
246
QueryDlpFileAccess(DLPPermissionInfo & permInfo)247 int32_t DlpPermissionClient::QueryDlpFileAccess(DLPPermissionInfo& permInfo)
248 {
249 bool sandboxFlag;
250 if (CheckSandboxFlag(GetSelfTokenID(), sandboxFlag) != DLP_OK) {
251 return DLP_SERVICE_ERROR_VALUE_INVALID;
252 }
253 if (!sandboxFlag) {
254 DLP_LOG_ERROR(LABEL, "Forbid called by a non-sandbox app");
255 return DLP_SERVICE_ERROR_API_ONLY_FOR_SANDBOX_ERROR;
256 }
257
258 auto proxy = GetProxy(false);
259 if (proxy == nullptr) {
260 DLP_LOG_INFO(LABEL, "Proxy is null");
261 return DLP_OK;
262 }
263 sptr<DLPPermissionInfoParcel> permInfoyParcel = new (std::nothrow) DLPPermissionInfoParcel();
264 if (permInfoyParcel == nullptr) {
265 DLP_LOG_ERROR(LABEL, "New memory fail");
266 return DLP_SERVICE_ERROR_MEMORY_OPERATE_FAIL;
267 }
268
269 int32_t result = proxy->QueryDlpFileAccess(*permInfoyParcel);
270 if (result != DLP_OK) {
271 return result;
272 }
273 permInfo = permInfoyParcel->permInfo_;
274 return result;
275 }
276
IsInDlpSandbox(bool & inSandbox)277 int32_t DlpPermissionClient::IsInDlpSandbox(bool& inSandbox)
278 {
279 bool sandboxFlag;
280 if (CheckSandboxFlag(GetSelfTokenID(), sandboxFlag) != DLP_OK) {
281 return DLP_SERVICE_ERROR_VALUE_INVALID;
282 }
283
284 if (!sandboxFlag) {
285 DLP_LOG_DEBUG(LABEL, "it is not a sandbox app");
286 inSandbox = false;
287 return DLP_OK;
288 }
289
290 auto proxy = GetProxy(false);
291 if (proxy == nullptr) {
292 DLP_LOG_ERROR(LABEL, "Proxy is null");
293 inSandbox = true;
294 return DLP_OK;
295 }
296
297 return proxy->IsInDlpSandbox(inSandbox);
298 }
299
GetDlpSupportFileType(std::vector<std::string> & supportFileType)300 int32_t DlpPermissionClient::GetDlpSupportFileType(std::vector<std::string>& supportFileType)
301 {
302 auto proxy = GetProxy(true);
303 if (proxy == nullptr) {
304 DLP_LOG_INFO(LABEL, "Proxy is null");
305 return DLP_OK;
306 }
307
308 return proxy->GetDlpSupportFileType(supportFileType);
309 }
310
CreateDlpSandboxChangeCallback(const std::shared_ptr<DlpSandboxChangeCallbackCustomize> & customizedCb,sptr<DlpSandboxChangeCallback> & callback)311 int32_t DlpPermissionClient::CreateDlpSandboxChangeCallback(
312 const std::shared_ptr<DlpSandboxChangeCallbackCustomize> &customizedCb, sptr<DlpSandboxChangeCallback> &callback)
313 {
314 callback = new (std::nothrow) DlpSandboxChangeCallback(customizedCb);
315 if (callback == nullptr) {
316 DLP_LOG_ERROR(LABEL, "memory allocation for callback failed!");
317 return DLP_CALLBACK_SA_WORK_ABNORMAL;
318 }
319 return DLP_OK;
320 }
321
RegisterDlpSandboxChangeCallback(const std::shared_ptr<DlpSandboxChangeCallbackCustomize> & customizedCb)322 int32_t DlpPermissionClient::RegisterDlpSandboxChangeCallback(
323 const std::shared_ptr<DlpSandboxChangeCallbackCustomize> &customizedCb)
324 {
325 if (customizedCb == nullptr) {
326 DLP_LOG_ERROR(LABEL, "customizedCb is nullptr");
327 return DLP_SERVICE_ERROR_VALUE_INVALID;
328 }
329 sptr<DlpSandboxChangeCallback> callback = nullptr;
330 int32_t result = CreateDlpSandboxChangeCallback(customizedCb, callback);
331 if (result != DLP_OK) {
332 return result;
333 }
334 auto proxy = GetProxy(false);
335 if (proxy == nullptr) {
336 DLP_LOG_ERROR(LABEL, "proxy is null");
337 return DLP_CALLBACK_SA_WORK_ABNORMAL;
338 }
339 return proxy->RegisterDlpSandboxChangeCallback(callback->AsObject());
340 }
341
UnregisterDlpSandboxChangeCallback(bool & result)342 int32_t DlpPermissionClient::UnregisterDlpSandboxChangeCallback(bool &result)
343 {
344 auto proxy = GetProxy(false);
345 if (proxy == nullptr) {
346 DLP_LOG_ERROR(LABEL, "proxy is null");
347 return DLP_CALLBACK_SA_WORK_ABNORMAL;
348 }
349
350 return proxy->UnRegisterDlpSandboxChangeCallback(result);
351 }
352
CreateOpenDlpFileCallback(const std::shared_ptr<OpenDlpFileCallbackCustomize> & customizedCb,sptr<OpenDlpFileCallback> & callback)353 int32_t DlpPermissionClient::CreateOpenDlpFileCallback(
354 const std::shared_ptr<OpenDlpFileCallbackCustomize>& customizedCb, sptr<OpenDlpFileCallback>& callback)
355 {
356 std::lock_guard<std::mutex> lock(callbackMutex_);
357 if (callbackMap_.size() == MAX_CALLBACK_MAP_SIZE) {
358 DLP_LOG_ERROR(LABEL, "the maximum number of callback has been reached");
359 return DLP_SERVICE_ERROR_VALUE_INVALID;
360 }
361
362 auto goalCallback = callbackMap_.find(customizedCb);
363 if (goalCallback != callbackMap_.end()) {
364 DLP_LOG_ERROR(LABEL, "already has the same callback");
365 return DLP_SERVICE_ERROR_VALUE_INVALID;
366 } else {
367 callback = new (std::nothrow) OpenDlpFileCallback(customizedCb);
368 if (!callback) {
369 DLP_LOG_ERROR(LABEL, "memory allocation for callback failed!");
370 return DLP_SERVICE_ERROR_MEMORY_OPERATE_FAIL;
371 }
372 }
373 return DLP_OK;
374 }
375
RegisterOpenDlpFileCallback(const std::shared_ptr<OpenDlpFileCallbackCustomize> & callback)376 int32_t DlpPermissionClient::RegisterOpenDlpFileCallback(const std::shared_ptr<OpenDlpFileCallbackCustomize>& callback)
377 {
378 bool sandboxFlag;
379 if (CheckSandboxFlag(GetSelfTokenID(), sandboxFlag) != DLP_OK) {
380 return DLP_SERVICE_ERROR_VALUE_INVALID;
381 }
382 if (sandboxFlag) {
383 DLP_LOG_ERROR(LABEL, "Forbid called by a sandbox app");
384 return DLP_SERVICE_ERROR_API_NOT_FOR_SANDBOX_ERROR;
385 }
386 if (callback == nullptr) {
387 DLP_LOG_ERROR(LABEL, "callback is nullptr");
388 return DLP_SERVICE_ERROR_VALUE_INVALID;
389 }
390 sptr<OpenDlpFileCallback> cb = nullptr;
391 int32_t result = CreateOpenDlpFileCallback(callback, cb);
392 if (result != DLP_OK) {
393 return result;
394 }
395 auto proxy = GetProxy(true);
396 if (proxy == nullptr) {
397 DLP_LOG_ERROR(LABEL, "proxy is null");
398 return DLP_SERVICE_ERROR_SERVICE_NOT_EXIST;
399 }
400 result = proxy->RegisterOpenDlpFileCallback(cb->AsObject());
401 if (result == DLP_OK) {
402 std::lock_guard<std::mutex> lock(callbackMutex_);
403 callbackMap_[callback] = cb;
404 }
405 return result;
406 }
407
UnRegisterOpenDlpFileCallback(const std::shared_ptr<OpenDlpFileCallbackCustomize> & callback)408 int32_t DlpPermissionClient::UnRegisterOpenDlpFileCallback(
409 const std::shared_ptr<OpenDlpFileCallbackCustomize>& callback)
410 {
411 bool sandboxFlag;
412 if (CheckSandboxFlag(GetSelfTokenID(), sandboxFlag) != DLP_OK) {
413 return DLP_SERVICE_ERROR_VALUE_INVALID;
414 }
415 if (sandboxFlag) {
416 DLP_LOG_ERROR(LABEL, "Forbid called by a sandbox app");
417 return DLP_SERVICE_ERROR_API_NOT_FOR_SANDBOX_ERROR;
418 }
419 if (callback == nullptr) {
420 DLP_LOG_ERROR(LABEL, "callback is nullptr");
421 return DLP_SERVICE_ERROR_VALUE_INVALID;
422 }
423 std::lock_guard<std::mutex> lock(callbackMutex_);
424 auto goalCallback = callbackMap_.find(callback);
425 if (goalCallback == callbackMap_.end()) {
426 DLP_LOG_ERROR(LABEL, "goalCallback already is not exist");
427 return DLP_SERVICE_ERROR_VALUE_INVALID;
428 }
429
430 auto proxy = GetProxy(false);
431 if (proxy == nullptr) {
432 DLP_LOG_ERROR(LABEL, "proxy is null");
433 return DLP_SERVICE_ERROR_SERVICE_NOT_EXIST;
434 }
435
436 int32_t result = proxy->UnRegisterOpenDlpFileCallback(goalCallback->second->AsObject());
437 if (result == DLP_OK) {
438 callbackMap_.erase(goalCallback);
439 }
440 return result;
441 }
442
GetDlpGatheringPolicy(bool & isGathering)443 int32_t DlpPermissionClient::GetDlpGatheringPolicy(bool& isGathering)
444 {
445 auto proxy = GetProxy(false);
446 if (proxy == nullptr) {
447 DLP_LOG_ERROR(LABEL, "Proxy is null");
448 return DLP_OK;
449 }
450
451 return proxy->GetDlpGatheringPolicy(isGathering);
452 }
453
SetRetentionState(const std::vector<std::string> & docUriVec)454 int32_t DlpPermissionClient::SetRetentionState(const std::vector<std::string>& docUriVec)
455 {
456 bool sandboxFlag;
457 if (CheckSandboxFlag(GetSelfTokenID(), sandboxFlag) != DLP_OK) {
458 return DLP_SERVICE_ERROR_VALUE_INVALID;
459 }
460 if (!sandboxFlag) {
461 DLP_LOG_ERROR(LABEL, "Forbid called by a non-sandbox app");
462 return DLP_SERVICE_ERROR_API_ONLY_FOR_SANDBOX_ERROR;
463 }
464 auto proxy = GetProxy(false);
465 if (proxy == nullptr) {
466 DLP_LOG_INFO(LABEL, "Proxy is null");
467 return DLP_CALLBACK_SA_WORK_ABNORMAL;
468 }
469
470 return proxy->SetRetentionState(docUriVec);
471 }
472
CancelRetentionState(const std::vector<std::string> & docUriVec)473 int32_t DlpPermissionClient::CancelRetentionState(const std::vector<std::string>& docUriVec)
474 {
475 auto proxy = GetProxy(true);
476 if (proxy == nullptr) {
477 DLP_LOG_INFO(LABEL, "Proxy is null");
478 return DLP_CALLBACK_SA_WORK_ABNORMAL;
479 }
480
481 return proxy->CancelRetentionState(docUriVec);
482 }
483
GetRetentionSandboxList(const std::string & bundleName,std::vector<RetentionSandBoxInfo> & retentionSandBoxInfoVec)484 int32_t DlpPermissionClient::GetRetentionSandboxList(const std::string& bundleName,
485 std::vector<RetentionSandBoxInfo>& retentionSandBoxInfoVec)
486 {
487 bool sandboxFlag;
488 if (CheckSandboxFlag(GetSelfTokenID(), sandboxFlag) != DLP_OK) {
489 return DLP_SERVICE_ERROR_VALUE_INVALID;
490 }
491 if (sandboxFlag) {
492 DLP_LOG_ERROR(LABEL, "Forbid called by a sandbox app");
493 return DLP_SERVICE_ERROR_API_NOT_FOR_SANDBOX_ERROR;
494 }
495 auto proxy = GetProxy(true);
496 if (proxy == nullptr) {
497 DLP_LOG_INFO(LABEL, "Proxy is null");
498 return DLP_CALLBACK_SA_WORK_ABNORMAL;
499 }
500
501 return proxy->GetRetentionSandboxList(bundleName, retentionSandBoxInfoVec);
502 }
503
ClearUnreservedSandbox()504 int32_t DlpPermissionClient::ClearUnreservedSandbox()
505 {
506 auto proxy = GetProxy(true);
507 if (proxy == nullptr) {
508 DLP_LOG_INFO(LABEL, "Proxy is null");
509 return DLP_CALLBACK_SA_WORK_ABNORMAL;
510 }
511
512 return proxy->ClearUnreservedSandbox();
513 }
514
GetDLPFileVisitRecord(std::vector<VisitedDLPFileInfo> & infoVec)515 int32_t DlpPermissionClient::GetDLPFileVisitRecord(std::vector<VisitedDLPFileInfo>& infoVec)
516 {
517 bool sandboxFlag;
518 if (CheckSandboxFlag(GetSelfTokenID(), sandboxFlag) != DLP_OK) {
519 return DLP_SERVICE_ERROR_VALUE_INVALID;
520 }
521 if (sandboxFlag) {
522 DLP_LOG_ERROR(LABEL, "Forbid called by a sandbox app");
523 return DLP_SERVICE_ERROR_API_NOT_FOR_SANDBOX_ERROR;
524 }
525 auto proxy = GetProxy(true);
526 if (proxy == nullptr) {
527 DLP_LOG_INFO(LABEL, "Proxy is null");
528 return DLP_CALLBACK_SA_WORK_ABNORMAL;
529 }
530
531 return proxy->GetDLPFileVisitRecord(infoVec);
532 }
533
SetMDMPolicy(const std::vector<std::string> & appIdList)534 int32_t DlpPermissionClient::SetMDMPolicy(const std::vector<std::string>& appIdList)
535 {
536 if (!IsFeatureProvidedWithDlp()) {
537 DLP_LOG_WARN(LABEL, "dlp not enable.");
538 return DLP_OK;
539 }
540 auto proxy = GetProxy(true);
541 if (proxy == nullptr) {
542 DLP_LOG_ERROR(LABEL, "Proxy is null");
543 return DLP_OK;
544 }
545
546 return proxy->SetMDMPolicy(appIdList);
547 }
548
GetMDMPolicy(std::vector<std::string> & appIdList)549 int32_t DlpPermissionClient::GetMDMPolicy(std::vector<std::string>& appIdList)
550 {
551 if (!IsFeatureProvidedWithDlp()) {
552 DLP_LOG_WARN(LABEL, "dlp not enable.");
553 return DLP_OK;
554 }
555 auto proxy = GetProxy(true);
556 if (proxy == nullptr) {
557 DLP_LOG_ERROR(LABEL, "Proxy is null");
558 return DLP_OK;
559 }
560
561 return proxy->GetMDMPolicy(appIdList);
562 }
563
RemoveMDMPolicy()564 int32_t DlpPermissionClient::RemoveMDMPolicy()
565 {
566 if (!IsFeatureProvidedWithDlp()) {
567 DLP_LOG_WARN(LABEL, "dlp not enable.");
568 return DLP_OK;
569 }
570 auto proxy = GetProxy(true);
571 if (proxy == nullptr) {
572 DLP_LOG_ERROR(LABEL, "Proxy is null");
573 return DLP_OK;
574 }
575
576 return proxy->RemoveMDMPolicy();
577 }
578
SetSandboxAppConfig(const std::string & configInfo)579 int32_t DlpPermissionClient::SetSandboxAppConfig(const std::string& configInfo)
580 {
581 auto proxy = GetProxy(true);
582 if (proxy == nullptr) {
583 DLP_LOG_ERROR(LABEL, "Proxy is null");
584 return DLP_CALLBACK_SA_WORK_ABNORMAL;
585 }
586 return proxy->SetSandboxAppConfig(configInfo);
587 }
588
CleanSandboxAppConfig()589 int32_t DlpPermissionClient::CleanSandboxAppConfig()
590 {
591 auto proxy = GetProxy(true);
592 if (proxy == nullptr) {
593 DLP_LOG_ERROR(LABEL, "Proxy is null");
594 return DLP_CALLBACK_SA_WORK_ABNORMAL;
595 }
596 return proxy->CleanSandboxAppConfig();
597 }
598
GetSandboxAppConfig(std::string & configInfo)599 int32_t DlpPermissionClient::GetSandboxAppConfig(std::string& configInfo)
600 {
601 auto proxy = GetProxy(true);
602 if (proxy == nullptr) {
603 DLP_LOG_ERROR(LABEL, "Proxy is null");
604 return DLP_CALLBACK_SA_WORK_ABNORMAL;
605 }
606 return proxy->GetSandboxAppConfig(configInfo);
607 }
608
IsDLPFeatureProvided(bool & isProvideDLPFeature)609 int32_t DlpPermissionClient::IsDLPFeatureProvided(bool& isProvideDLPFeature)
610 {
611 auto proxy = GetProxy(true);
612 if (proxy == nullptr) {
613 DLP_LOG_ERROR(LABEL, "Proxy is null.");
614 return DLP_SERVICE_ERROR_SERVICE_NOT_EXIST;
615 }
616 return proxy->IsDLPFeatureProvided(isProvideDLPFeature);
617 }
618
SetReadFlag(uint32_t uid)619 int32_t DlpPermissionClient::SetReadFlag(uint32_t uid)
620 {
621 auto proxy = GetProxy(false);
622 if (proxy == nullptr) {
623 DLP_LOG_ERROR(LABEL, "Proxy is null");
624 return DLP_CALLBACK_SA_WORK_ABNORMAL;
625 }
626 return proxy->SetReadFlag(uid);
627 }
628
SetDlpFeature(uint32_t dlpFeatureInfo,bool & statusSetInfo)629 int32_t DlpPermissionClient::SetDlpFeature(uint32_t dlpFeatureInfo, bool& statusSetInfo)
630 {
631 auto proxy = GetProxy(true);
632 if (proxy == nullptr) {
633 DLP_LOG_ERROR(LABEL, "Proxy is null");
634 return DLP_CALLBACK_SA_WORK_ABNORMAL;
635 }
636 return proxy->SetDlpFeature(dlpFeatureInfo, statusSetInfo);
637 }
638
GetDlpPermissionSa()639 void DlpPermissionClient::GetDlpPermissionSa()
640 {
641 auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
642 if (sam == nullptr) {
643 DLP_LOG_ERROR(LABEL, "GetSystemAbilityManager return null");
644 return;
645 }
646
647 auto dlpPermissionSa = sam->GetSystemAbility(DLP_PERMISSION_SERVICE_SA_ID);
648 if (dlpPermissionSa == nullptr) {
649 DLP_LOG_ERROR(LABEL, "GetSystemAbility %{public}d is null", DLP_PERMISSION_SERVICE_SA_ID);
650 return;
651 }
652
653 GetProxyFromRemoteObject(dlpPermissionSa);
654 }
655
LoadDlpPermissionSa()656 void DlpPermissionClient::LoadDlpPermissionSa()
657 {
658 DLP_LOG_INFO(LABEL, "start loadSystemAbility %{public}d.", DLP_PERMISSION_SERVICE_SA_ID);
659
660 auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
661 if (sam == nullptr) {
662 DLP_LOG_ERROR(LABEL, "GetSystemAbilityManager return null");
663 return;
664 }
665
666 auto dlpPermissionSa = sam->LoadSystemAbility(DLP_PERMISSION_SERVICE_SA_ID, DLP_PERMISSION_LOAD_SA_TIMEOUT_MS);
667 if (dlpPermissionSa == nullptr) {
668 DLP_LOG_ERROR(LABEL, "LoadSystemAbility %{public}d failed", DLP_PERMISSION_SERVICE_SA_ID);
669 return;
670 }
671 GetProxyFromRemoteObject(dlpPermissionSa);
672 DLP_LOG_INFO(LABEL, "LoadSystemAbility %{public}d success.", DLP_PERMISSION_SERVICE_SA_ID);
673 }
674
OnRemoteDiedHandle()675 void DlpPermissionClient::OnRemoteDiedHandle()
676 {
677 DLP_LOG_ERROR(LABEL, "Remote service died");
678 std::unique_lock<std::mutex> lock(proxyMutex_);
679 proxy_ = nullptr;
680 serviceDeathObserver_ = nullptr;
681 }
682
GetProxyFromRemoteObject(const sptr<IRemoteObject> & remoteObject)683 void DlpPermissionClient::GetProxyFromRemoteObject(const sptr<IRemoteObject>& remoteObject)
684 {
685 if (remoteObject == nullptr) {
686 return;
687 }
688
689 sptr<DlpPermissionDeathRecipient> serviceDeathObserver = new (std::nothrow) DlpPermissionDeathRecipient();
690 if (serviceDeathObserver == nullptr) {
691 DLP_LOG_ERROR(LABEL, "Alloc service death observer fail");
692 return;
693 }
694
695 if (!remoteObject->AddDeathRecipient(serviceDeathObserver)) {
696 DLP_LOG_ERROR(LABEL, "Add service death observer fail");
697 return;
698 }
699
700 auto proxy = iface_cast<IDlpPermissionService>(remoteObject);
701 if (proxy == nullptr) {
702 DLP_LOG_ERROR(LABEL, "iface_cast get null");
703 return;
704 }
705 std::unique_lock<std::mutex> lock(proxyMutex_);
706 proxy_ = proxy;
707 serviceDeathObserver_ = serviceDeathObserver;
708 DLP_LOG_INFO(LABEL, "GetSystemAbility %{public}d success", DLP_PERMISSION_SERVICE_SA_ID);
709 return;
710 }
711
GetProxy(bool doLoadSa)712 sptr<IDlpPermissionService> DlpPermissionClient::GetProxy(bool doLoadSa)
713 {
714 {
715 std::unique_lock<std::mutex> lock(proxyMutex_);
716 if (proxy_ != nullptr) {
717 return proxy_;
718 }
719 }
720 if (doLoadSa) {
721 LoadDlpPermissionSa();
722 } else {
723 GetDlpPermissionSa();
724 }
725 std::unique_lock<std::mutex> lock(proxyMutex_);
726 return proxy_;
727 }
728 } // namespace DlpPermission
729 } // namespace Security
730 } // namespace OHOS
731