• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2025 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "risk_event_manager.h"
17 
18 #include "system_ability_definition.h"
19 #include "system_ability.h"
20 
21 #include "context_appstate_observer.h"
22 #include "ipc_common.h"
23 #include "strong_auth_status_manager.h"
24 #include "system_ability_listener.h"
25 #include "resource_node_pool.h"
26 #include "user_idm_database.h"
27 
28 #define LOG_TAG "USER_AUTH_SA"
29 namespace OHOS {
30 namespace UserIam {
31 namespace UserAuth {
GetInstance()32 RiskEventManager &RiskEventManager::GetInstance()
33 {
34     static RiskEventManager instance;
35     return instance;
36 }
37 
SetRiskEventPropertyForAuthType(int32_t userId,const AuthType authType,EventType event)38 void RiskEventManager::SetRiskEventPropertyForAuthType(int32_t userId,
39     const AuthType authType, EventType event)
40 {
41     IAM_LOGI("start");
42     Attributes attributes;
43     int32_t getAttrRet = SetAttributes(userId, authType, event, attributes);
44     if (getAttrRet != SUCCESS) {
45         IAM_LOGE("get attributes fail");
46         return;
47     }
48 
49     std::vector<std::weak_ptr<ResourceNode>> authTypeNodes;
50     ResourceNodePool::Instance().GetResourceNodeByTypeAndRole(authType, ALL_IN_ONE, authTypeNodes);
51     if (authTypeNodes.size() == 0) {
52         IAM_LOGE("authTypeNodes is empty");
53         return;
54     }
55 
56     for (auto &authTypeNode : authTypeNodes) {
57         auto resourceNode = authTypeNode.lock();
58         if (resourceNode != nullptr) {
59             int32_t result = resourceNode->SetProperty(attributes);
60             IAM_LOGI("set authType %{public}d property finish, ret:%{public}d", authType, result);
61         } else {
62             IAM_LOGE("resourceNode already expired");
63         }
64     }
65 }
66 
SetAttributes(int32_t userId,const AuthType authType,EventType event,Attributes & attributes)67 ResultCode RiskEventManager::SetAttributes(int32_t userId, const AuthType authType,
68     EventType event, Attributes &attributes)
69 {
70     IAM_LOGI("start");
71     if (event != EventType::SCREENLOCK_STRONG_AUTH) {
72         IAM_LOGE("unknown event type");
73         return GENERAL_ERROR;
74     }
75 
76     bool setModeRet = attributes.SetUint32Value(Attributes::ATTR_PROPERTY_MODE,
77         PropertyMode::PROPERTY_MODE_RISK_EVENT);
78     if (!setModeRet) {
79         IAM_LOGE("set property mode fail");
80         return GENERAL_ERROR;
81     }
82 
83     std::vector<uint8_t> extraInfo;
84     int32_t getExtraInfoRet = GetStrongAuthExtraInfo(userId, authType, extraInfo);
85     if (getExtraInfoRet != SUCCESS) {
86         IAM_LOGE("getExtraInfoRet fail");
87         return GENERAL_ERROR;
88     }
89     bool setExtraInfoRet = attributes.SetUint8ArrayValue(Attributes::ATTR_EXTRA_INFO, extraInfo);
90     if (!setExtraInfoRet) {
91         IAM_LOGE("set extra info fail");
92         return GENERAL_ERROR;
93     }
94     return SUCCESS;
95 }
96 
GetTemplateIdList(int32_t userId,const AuthType authType,std::vector<uint64_t> & templateIds)97 ResultCode RiskEventManager::GetTemplateIdList(int32_t userId, const AuthType authType,
98     std::vector<uint64_t> &templateIds)
99 {
100     IAM_LOGI("start");
101     std::vector<std::shared_ptr<CredentialInfoInterface>> credentialInfos;
102     int32_t getCredInfoRet = UserIdmDatabase::Instance().GetCredentialInfo(userId, authType,
103         credentialInfos);
104     if (getCredInfoRet == NOT_ENROLLED) {
105         IAM_LOGI("userId:%{public}d, authType:%{public}d not enrolled", userId, authType);
106         return NOT_ENROLLED;
107     }
108 
109     if (getCredInfoRet != SUCCESS) {
110         IAM_LOGE("get credential fail, ret:%{public}d, userId:%{public}d, authType:%{public}d",
111             getCredInfoRet, userId, authType);
112         return GENERAL_ERROR;
113     }
114     for (auto &info : credentialInfos) {
115         if (info == nullptr) {
116             IAM_LOGE("info is null");
117             continue;
118         }
119         templateIds.push_back(info->GetTemplateId());
120     }
121     return SUCCESS;
122 }
123 
GetStrongAuthExtraInfo(int32_t userId,const AuthType authType,std::vector<uint8_t> & extraInfo)124 ResultCode RiskEventManager::GetStrongAuthExtraInfo(int32_t userId, const AuthType authType,
125     std::vector<uint8_t> &extraInfo)
126 {
127     IAM_LOGI("start");
128     std::vector<uint64_t> templateIds;
129     ResultCode getTemplateIdsRet = GetTemplateIdList(userId, authType, templateIds);
130     if (getTemplateIdsRet != SUCCESS) {
131         IAM_LOGE("get template id list fail");
132         return GENERAL_ERROR;
133     }
134     Attributes extraInfoAttr;
135     bool setTemplateIdListRet = extraInfoAttr.SetUint64ArrayValue(Attributes::ATTR_TEMPLATE_ID_LIST,
136         templateIds);
137     if (!setTemplateIdListRet) {
138         IAM_LOGE("set template id list fail");
139         return GENERAL_ERROR;
140     }
141 
142     bool setAuthTypeRet = extraInfoAttr.SetInt32Value(Attributes::ATTR_AUTH_TYPE, authType);
143     if (!setAuthTypeRet) {
144         IAM_LOGE("set auth type fail");
145         return GENERAL_ERROR;
146     }
147     extraInfo = extraInfoAttr.Serialize();
148     return SUCCESS;
149 }
150 
HandleStrongAuthEvent(int32_t userId)151 void RiskEventManager::HandleStrongAuthEvent(int32_t userId)
152 {
153     IAM_LOGI("handle strong auth event for userId:%{public}d", userId);
154     bool screenLockState = ContextAppStateObserverManager::GetInstance().IsScreenLocked();
155     if (!screenLockState) {
156         IAM_LOGI("screen is not locked");
157         return;
158     }
159     SetRiskEventPropertyForAuthType(userId, AuthType::FACE, EventType::SCREENLOCK_STRONG_AUTH);
160     SetRiskEventPropertyForAuthType(userId, AuthType::FINGERPRINT, EventType::SCREENLOCK_STRONG_AUTH);
161 }
162 
SyncRiskEvents()163 void RiskEventManager::SyncRiskEvents()
164 {
165     IAM_LOGI("start");
166     std::vector<int32_t> userIdList;
167     IpcCommon::GetAllUserId(userIdList);
168     for (int32_t &userId : userIdList) {
169         bool isScreenLockStrongAuth = StrongAuthStatusManager::Instance().IsScreenLockStrongAuth(userId);
170         if (isScreenLockStrongAuth) {
171             IAM_LOGI("screenlock in strong auth status for userId:%{public}d", userId);
172             HandleStrongAuthEvent(userId);
173         }
174     }
175 }
176 
OnScreenLock()177 void RiskEventManager::OnScreenLock()
178 {
179     IAM_LOGI("start");
180     auto handler = ThreadHandler::GetSingleThreadInstance();
181     IF_FALSE_LOGE_AND_RETURN(handler != nullptr);
182     handler->PostTask([]() {
183         RiskEventManager::GetInstance().SyncRiskEvents();
184     });
185 }
186 } // namespace UserAuth
187 } // namespace UserIam
188 } // namespace OHOS