1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "sec_comp_kit.h"
16
17 #include "bundle_mgr_client.h"
18 #include "hisysevent.h"
19 #include "ipc_skeleton.h"
20 #include "sec_comp_caller_authorization.h"
21 #include "sec_comp_client.h"
22 #include "sec_comp_dialog_callback.h"
23 #include "sec_comp_enhance_adapter.h"
24 #include "sec_comp_log.h"
25
26 namespace OHOS {
27 namespace Security {
28 namespace SecurityComponent {
29 namespace {
30 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_SECURITY_COMPONENT, "SecCompKit"};
31 const std::string CUSTOMIZE_SAVE_BUTTON = "ohos.permission.CUSTOMIZE_SAVE_BUTTON";
32 } // namespace
33
RegisterSecurityComponent(SecCompType type,std::string & componentInfo,int32_t & scId)34 int32_t SecCompKit::RegisterSecurityComponent(SecCompType type,
35 std::string& componentInfo, int32_t& scId)
36 {
37 if (!SecCompCallerAuthorization::GetInstance().IsKitCaller(
38 reinterpret_cast<uintptr_t>(__builtin_return_address(0)))) {
39 SC_LOG_ERROR(LABEL, "register security component fail, caller invalid");
40 int32_t uid = IPCSkeleton::GetCallingUid();
41 OHOS::AppExecFwk::BundleMgrClient bmsClient;
42 std::string bundleName = "";
43 bmsClient.GetNameForUid(uid, bundleName);
44 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CALLER_CHECK_FAILED",
45 HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName,
46 "CALLER_PID", IPCSkeleton::GetCallingRealPid(), "CALL_SCENE", "REGISTER");
47 return SC_SERVICE_ERROR_CALLER_INVALID;
48 }
49
50 if (!SecCompEnhanceAdapter::EnhanceDataPreprocess(componentInfo)) {
51 SC_LOG_ERROR(LABEL, "Preprocess security component fail");
52 return SC_ENHANCE_ERROR_VALUE_INVALID;
53 }
54
55 int32_t res = SecCompClient::GetInstance().RegisterSecurityComponent(type, componentInfo, scId);
56 if (res != SC_OK) {
57 SC_LOG_ERROR(LABEL, "register security component fail, error: %{public}d", res);
58 return res;
59 }
60 SecCompEnhanceAdapter::RegisterScIdEnhance(scId);
61 return res;
62 }
63
UpdateSecurityComponent(int32_t scId,std::string & componentInfo)64 int32_t SecCompKit::UpdateSecurityComponent(int32_t scId, std::string& componentInfo)
65 {
66 if (!SecCompCallerAuthorization::GetInstance().IsKitCaller(
67 reinterpret_cast<uintptr_t>(__builtin_return_address(0)))) {
68 SC_LOG_ERROR(LABEL, "update security component fail, caller invalid");
69 int32_t uid = IPCSkeleton::GetCallingUid();
70 OHOS::AppExecFwk::BundleMgrClient bmsClient;
71 std::string bundleName = "";
72 bmsClient.GetNameForUid(uid, bundleName);
73 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CALLER_CHECK_FAILED",
74 HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName,
75 "CALLER_PID", IPCSkeleton::GetCallingRealPid(), "CALL_SCENE", "UPDATE");
76 return SC_SERVICE_ERROR_CALLER_INVALID;
77 }
78
79 if (!SecCompEnhanceAdapter::EnhanceDataPreprocess(scId, componentInfo)) {
80 SC_LOG_ERROR(LABEL, "Preprocess security component fail");
81 return SC_ENHANCE_ERROR_VALUE_INVALID;
82 }
83
84 int32_t res = SecCompClient::GetInstance().UpdateSecurityComponent(scId, componentInfo);
85 if (res != SC_OK) {
86 SC_LOG_ERROR(LABEL, "update security component fail, error: %{public}d", res);
87 }
88 return res;
89 }
90
UnregisterSecurityComponent(int32_t scId)91 int32_t SecCompKit::UnregisterSecurityComponent(int32_t scId)
92 {
93 int32_t res = SecCompClient::GetInstance().UnregisterSecurityComponent(scId);
94 SecCompEnhanceAdapter::UnregisterScIdEnhance(scId);
95 if (res != SC_OK) {
96 SC_LOG_ERROR(LABEL, "unregister security component fail, error: %{public}d", res);
97 return res;
98 }
99 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "UNREGISTER_SUCCESS",
100 HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "CALLER_UID", IPCSkeleton::GetCallingUid(),
101 "CALLER_PID", IPCSkeleton::GetCallingRealPid(), "SC_ID", scId);
102 return res;
103 }
104
ReportSecurityComponentClickEvent(SecCompInfo & secCompInfo,sptr<IRemoteObject> callerToken,OnFirstUseDialogCloseFunc && callback,std::string & message)105 int32_t SecCompKit::ReportSecurityComponentClickEvent(SecCompInfo& secCompInfo,
106 sptr<IRemoteObject> callerToken, OnFirstUseDialogCloseFunc&& callback, std::string& message)
107 {
108 if (!SecCompCallerAuthorization::GetInstance().IsKitCaller(
109 reinterpret_cast<uintptr_t>(__builtin_return_address(0)))) {
110 SC_LOG_ERROR(LABEL, "report click event fail, caller invalid");
111 int32_t uid = IPCSkeleton::GetCallingUid();
112 OHOS::AppExecFwk::BundleMgrClient bmsClient;
113 std::string bundleName = "";
114 bmsClient.GetNameForUid(uid, bundleName);
115 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CALLER_CHECK_FAILED",
116 HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName,
117 "CALLER_PID", IPCSkeleton::GetCallingRealPid(), "CALL_SCENE", "CLICK");
118 return SC_SERVICE_ERROR_CALLER_INVALID;
119 }
120
121 if (callback == nullptr) {
122 SC_LOG_ERROR(LABEL, "DialogCloseCallback is null");
123 return SC_ENHANCE_ERROR_VALUE_INVALID;
124 }
125
126 sptr<IRemoteObject> callbackRemote = new (std::nothrow) SecCompDialogCallback(std::move(callback));
127 if (callbackRemote == nullptr) {
128 SC_LOG_ERROR(LABEL, "New SecCompDialogCallback fail");
129 return SC_SERVICE_ERROR_MEMORY_OPERATE_FAIL;
130 }
131
132 if (!SecCompEnhanceAdapter::EnhanceDataPreprocess(secCompInfo.scId, secCompInfo.componentInfo)) {
133 SC_LOG_ERROR(LABEL, "Preprocess security component fail");
134 return SC_ENHANCE_ERROR_VALUE_INVALID;
135 }
136
137 int32_t res = SecCompClient::GetInstance().ReportSecurityComponentClickEvent(secCompInfo,
138 callerToken, callbackRemote, message);
139 if (res != SC_OK) {
140 SC_LOG_ERROR(LABEL, "report click event fail, error: %{public}d", res);
141 }
142 return res;
143 }
144
VerifySavePermission(AccessToken::AccessTokenID tokenId)145 bool SecCompKit::VerifySavePermission(AccessToken::AccessTokenID tokenId)
146 {
147 bool res =
148 SecCompClient::GetInstance().VerifySavePermission(tokenId);
149 if (!res) {
150 SC_LOG_ERROR(LABEL, "verify temp save permission, error: %{public}d", res);
151 }
152 return res;
153 }
154
PreRegisterSecCompProcess()155 int32_t SecCompKit::PreRegisterSecCompProcess()
156 {
157 return SecCompClient::GetInstance().PreRegisterSecCompProcess();
158 }
159
IsServiceExist()160 bool SecCompKit::IsServiceExist()
161 {
162 return SecCompClient::GetInstance().IsServiceExist();
163 }
164
LoadService()165 bool SecCompKit::LoadService()
166 {
167 return SecCompClient::GetInstance().LoadService();
168 }
169
IsSystemAppCalling()170 bool SecCompKit::IsSystemAppCalling()
171 {
172 return SecCompClient::GetInstance().IsSystemAppCalling();
173 }
174
HasCustomPermissionForSecComp()175 bool SecCompKit::HasCustomPermissionForSecComp()
176 {
177 auto selfToken = IPCSkeleton::GetSelfTokenID();
178 int32_t res = AccessToken::AccessTokenKit::VerifyAccessToken(selfToken, CUSTOMIZE_SAVE_BUTTON);
179 return (res == AccessToken::TypePermissionState::PERMISSION_GRANTED) ? true : false;
180 }
181 } // namespace SecurityComponent
182 } // namespace Security
183 } // namespace OHOS
184