1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "interceptor/extension_control_interceptor.h"
17
18 #include "ability_manager_constants.h"
19 #include "ability_util.h"
20 #include "app_scheduler.h"
21 #include "extension_config.h"
22 #include "start_ability_utils.h"
23
24 namespace OHOS {
25 namespace AAFwk {
26
DoProcess(AbilityInterceptorParam param)27 ErrCode ExtensionControlInterceptor::DoProcess(AbilityInterceptorParam param)
28 {
29 TAG_LOGD(AAFwkTag::ABILITYMGR, "call.");
30 if (param.callerToken == nullptr) {
31 TAG_LOGD(AAFwkTag::ABILITYMGR, "callerToken is nullptr.");
32 return ERR_OK;
33 }
34 // get caller ability info
35 AppExecFwk::AbilityInfo callerAbilityInfo;
36 if (GetCallerAbilityInfo(param, callerAbilityInfo)) {
37 TAG_LOGD(AAFwkTag::ABILITYMGR, "caller enable.");
38 return ERR_OK;
39 }
40 // get target ability info
41 AppExecFwk::AbilityInfo targetAbilityInfo;
42 if (GetTargetAbilityInfo(param, targetAbilityInfo)) {
43 TAG_LOGD(AAFwkTag::ABILITYMGR, "target enable.");
44 return ERR_OK;
45 }
46
47 if (!DelayedSingleton<ExtensionConfig>::GetInstance()->HasAbilityAccess(callerAbilityInfo.extensionTypeName)) {
48 return ProcessInterceptOld(param, targetAbilityInfo, callerAbilityInfo);
49 }
50 return ProcessInterceptNew(param, targetAbilityInfo, callerAbilityInfo);
51 }
52
ProcessInterceptOld(const AbilityInterceptorParam & param,const AppExecFwk::AbilityInfo & targetAbilityInfo,const AppExecFwk::AbilityInfo & callerAbilityInfo)53 int32_t ExtensionControlInterceptor::ProcessInterceptOld(const AbilityInterceptorParam& param,
54 const AppExecFwk::AbilityInfo &targetAbilityInfo, const AppExecFwk::AbilityInfo &callerAbilityInfo)
55 {
56 // check blocked list
57 if (!targetAbilityInfo.applicationInfo.isSystemApp &&
58 !DelayedSingleton<ExtensionConfig>::GetInstance()->IsExtensionStartThirdPartyAppEnable(
59 callerAbilityInfo.extensionTypeName)) {
60 TAG_LOGE(AAFwkTag::ABILITYMGR, "third party app block extension call, bundleName: %{public}s",
61 callerAbilityInfo.bundleName.c_str());
62 return EXTENSION_BLOCKED_BY_THIRD_PARTY_APP_FLAG;
63 }
64 if ((targetAbilityInfo.extensionAbilityType == AppExecFwk::ExtensionAbilityType::SERVICE ||
65 targetAbilityInfo.extensionAbilityType == AppExecFwk::ExtensionAbilityType::DATASHARE) &&
66 !DelayedSingleton<ExtensionConfig>::GetInstance()->IsExtensionStartServiceEnable(
67 callerAbilityInfo.extensionTypeName, param.want.GetElement().GetURI())) {
68 TAG_LOGE(AAFwkTag::ABILITYMGR, "service list block extension call, bundleName: %{public}s",
69 callerAbilityInfo.bundleName.c_str());
70 return EXTENSION_BLOCKED_BY_SERVICE_LIST;
71 }
72
73 TAG_LOGD(AAFwkTag::ABILITYMGR, "other ok");
74 return ERR_OK;
75 }
76
ProcessInterceptNew(const AbilityInterceptorParam & param,const AppExecFwk::AbilityInfo & targetAbilityInfo,const AppExecFwk::AbilityInfo & callerAbilityInfo)77 int32_t ExtensionControlInterceptor::ProcessInterceptNew(const AbilityInterceptorParam& param,
78 const AppExecFwk::AbilityInfo &targetAbilityInfo, const AppExecFwk::AbilityInfo &callerAbilityInfo)
79 {
80 auto extensionConfig = DelayedSingleton<ExtensionConfig>::GetInstance();
81 if (!extensionConfig) {
82 TAG_LOGE(AAFwkTag::ABILITYMGR, "extensionConfig null");
83 return ERR_OK;
84 }
85
86 auto targetUri = param.want.GetElement().GetURI();
87 if (!targetAbilityInfo.applicationInfo.isSystemApp &&
88 extensionConfig->HasThridPartyAppAccessFlag(callerAbilityInfo.extensionTypeName)) {
89 if (!extensionConfig->IsExtensionStartThirdPartyAppEnableNew(callerAbilityInfo.extensionTypeName, targetUri)) {
90 TAG_LOGE(AAFwkTag::ABILITYMGR, "start third party app controlled by extension, bundleName: %{public}s",
91 callerAbilityInfo.bundleName.c_str());
92 return EXTENSION_BLOCKED_BY_THIRD_PARTY_APP_FLAG;
93 }
94 return ERR_OK;
95 }
96
97 auto isServiceOrDataShare = targetAbilityInfo.extensionAbilityType == AppExecFwk::ExtensionAbilityType::SERVICE ||
98 targetAbilityInfo.extensionAbilityType == AppExecFwk::ExtensionAbilityType::DATASHARE;
99 if (isServiceOrDataShare && extensionConfig->HasServiceAccessFlag(callerAbilityInfo.extensionTypeName)) {
100 if (!extensionConfig->IsExtensionStartServiceEnableNew(callerAbilityInfo.extensionTypeName, targetUri)) {
101 TAG_LOGE(AAFwkTag::ABILITYMGR,
102 "start service or datashare controlled by extension, bundleName: %{public}s",
103 callerAbilityInfo.bundleName.c_str());
104 return EXTENSION_BLOCKED_BY_SERVICE_LIST;
105 }
106 return ERR_OK;
107 }
108
109 if (extensionConfig->HasDefaultAccessFlag(callerAbilityInfo.extensionTypeName)) {
110 if (!extensionConfig->IsExtensionStartDefaultEnable(callerAbilityInfo.extensionTypeName, targetUri)) {
111 TAG_LOGE(AAFwkTag::ABILITYMGR, "start ability controlled by extension, bundleName: %{public}s",
112 callerAbilityInfo.bundleName.c_str());
113 return ERR_EXTENSION_START_ABILITY_CONTROLEED;
114 }
115 return ERR_OK;
116 }
117
118 return ERR_OK;
119 }
120
GetCallerAbilityInfo(const AbilityInterceptorParam & param,AppExecFwk::AbilityInfo & callerAbilityInfo)121 bool ExtensionControlInterceptor::GetCallerAbilityInfo(const AbilityInterceptorParam& param,
122 AppExecFwk::AbilityInfo& callerAbilityInfo)
123 {
124 if (StartAbilityUtils::GetCallerAbilityInfo(param.callerToken, callerAbilityInfo)) {
125 if (callerAbilityInfo.type != AppExecFwk::AbilityType::EXTENSION ||
126 callerAbilityInfo.extensionAbilityType == AppExecFwk::ExtensionAbilityType::SERVICE ||
127 callerAbilityInfo.bundleName == param.want.GetElement().GetBundleName()) {
128 TAG_LOGD(AAFwkTag::ABILITYMGR, "not other extension.");
129 return true;
130 }
131 auto appScheduler = DelayedSingleton<AppScheduler>::GetInstance();
132 AppExecFwk::RunningProcessInfo processInfo;
133 if (appScheduler != nullptr) {
134 appScheduler->GetRunningProcessInfoByToken(param.callerToken, processInfo);
135 if (!processInfo.isStrictMode && !param.want.GetBoolParam(STRICT_MODE, false)) {
136 TAG_LOGD(AAFwkTag::ABILITYMGR, "caller and want not strict mode");
137 return true;
138 }
139 }
140 }
141 return false;
142 }
143
GetTargetAbilityInfo(const AbilityInterceptorParam & param,AppExecFwk::AbilityInfo & targetAbilityInfo)144 bool ExtensionControlInterceptor::GetTargetAbilityInfo(const AbilityInterceptorParam& param,
145 AppExecFwk::AbilityInfo& targetAbilityInfo)
146 {
147 if (StartAbilityUtils::startAbilityInfo != nullptr &&
148 StartAbilityUtils::startAbilityInfo->abilityInfo.bundleName == param.want.GetBundle() &&
149 StartAbilityUtils::startAbilityInfo->abilityInfo.name == param.want.GetElement().GetAbilityName()) {
150 TAG_LOGD(AAFwkTag::ABILITYMGR, "targetAbilityInfo get from startAbiiltyInfo");
151 targetAbilityInfo = StartAbilityUtils::startAbilityInfo->abilityInfo;
152 } else {
153 auto bundleMgrHelper = AbilityUtil::GetBundleManagerHelper();
154 if (bundleMgrHelper == nullptr) {
155 TAG_LOGE(AAFwkTag::ABILITYMGR, "null bundleMgrHelper");
156 return true;
157 }
158 IN_PROCESS_CALL_WITHOUT_RET(bundleMgrHelper->QueryAbilityInfo(param.want,
159 AppExecFwk::AbilityInfoFlag::GET_ABILITY_INFO_WITH_APPLICATION, param.userId, targetAbilityInfo));
160 }
161 return false;
162 }
163 } // namespace AAFwk
164 } // namespace OHOS