• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "ownerid_utils.h"
17 #include "code_sign_attr_utils.h"
18 #include "parameter.h"
19 #include "log.h"
20 
21 #include <string>
22 #include <unordered_set>
23 
24 #define SECURE_SHIELD_MODE_KEY "ohos.boot.advsecmode.state"
25 #define VALUE_MAX_LEN 32
26 
27 // the list will be removed before 930
28 static const std::unordered_set<std::string> g_tempAllowList {
29 #ifdef SUPPORT_APP_ALLOW_LIST
30 #endif
31 };
32 
33 static const std::unordered_set<std::string> g_secureShieldAllowList {
34 #ifdef SUPPORT_APP_ALLOW_LIST
35 #endif
36 };
37 
IsSecureShieldModeOn()38 static uint32_t IsSecureShieldModeOn()
39 {
40     char secureShieldModeValue[VALUE_MAX_LEN] = {0};
41     (void)GetParameter(SECURE_SHIELD_MODE_KEY, "0", secureShieldModeValue, VALUE_MAX_LEN - 1);
42     return (strcmp(secureShieldModeValue, "0") != 0);
43 }
44 
ConvertIdType(int idType,const char * ownerId)45 uint32_t ConvertIdType(int idType, const char *ownerId)
46 {
47     if (ownerId == nullptr) {
48         return idType;
49     }
50     if ((idType != PROCESS_OWNERID_APP) && (idType != PROCESS_OWNERID_APP_TEMP_ALLOW)) {
51         return idType;
52     }
53     idType = PROCESS_OWNERID_APP;
54     std::string ownerIdStr(ownerId);
55     // check different list on secure shield mode or normal mode
56     if (IsSecureShieldModeOn()) {
57         if (g_secureShieldAllowList.count(ownerIdStr) != 0) {
58             LOG_INFO("Xpm: app in secure shield allow list");
59             return PROCESS_OWNERID_APP_TEMP_ALLOW;
60         }
61     } else {
62         if (g_tempAllowList.count(ownerIdStr) != 0) {
63             LOG_INFO("Xpm: app in temporary allow list");
64             return PROCESS_OWNERID_APP_TEMP_ALLOW;
65         }
66     }
67     return idType;
68 }
69