1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "service_router_mgr_service.h"
17
18 #include <memory>
19 #include <string>
20
21 #include "ability_manager_client.h"
22 #include "appexecfwk_errors.h"
23 #include "bundle_constants.h"
24 #include "common_event_manager.h"
25 #include "common_event_support.h"
26 #include "hilog_tag_wrapper.h"
27 #include "if_system_ability_manager.h"
28 #include "in_process_call_wrapper.h"
29 #include "ipc_skeleton.h"
30 #include "iservice_registry.h"
31 #include "service_router_data_mgr.h"
32 #include "string_ex.h"
33 #include "sr_samgr_helper.h"
34 #include "system_ability_definition.h"
35 #include "want.h"
36 #include "accesstoken_kit.h"
37 #include "tokenid_kit.h"
38
39 namespace OHOS {
40 namespace AbilityRuntime {
41 namespace {
42 const std::string NAME_SERVICE_ROUTER_MGR_SERVICE = "ServiceRouterMgrService";
43 const std::string TASK_NAME = "ServiceRouterUnloadTask";
44 const int64_t UNLOAD_DELAY_TIME = 90000;
45 const int CYCLE_LIMIT = 1000;
46 }
47
48 const bool REGISTER_RESULT =
49 SystemAbility::MakeAndRegisterAbility(DelayedSingleton<ServiceRouterMgrService>::GetInstance().get());
50
ServiceRouterMgrService()51 ServiceRouterMgrService::ServiceRouterMgrService() : SystemAbility(SERVICE_ROUTER_MGR_SERVICE_ID, true)
52 {
53 TAG_LOGD(AAFwkTag::SER_ROUTER, "SRMS instance create");
54 }
55
~ServiceRouterMgrService()56 ServiceRouterMgrService::~ServiceRouterMgrService()
57 {
58 TAG_LOGD(AAFwkTag::SER_ROUTER, "SRMS instance destroy");
59 }
60
OnStart()61 void ServiceRouterMgrService::OnStart()
62 {
63 TAG_LOGI(AAFwkTag::SER_ROUTER, "SRMS starting...");
64 Init();
65 bool ret = Publish(this);
66 if (!ret) {
67 TAG_LOGE(AAFwkTag::SER_ROUTER, "Publish SRMS failed");
68 return;
69 }
70 DelayUnloadTask();
71 TAG_LOGI(AAFwkTag::SER_ROUTER, "SRMS start success");
72 }
73
OnStop()74 void ServiceRouterMgrService::OnStop()
75 {
76 TAG_LOGI(AAFwkTag::SER_ROUTER, "Stop SRMS");
77 }
78
Init()79 void ServiceRouterMgrService::Init()
80 {
81 LoadAllBundleInfos();
82 InitEventRunnerAndHandler();
83 SubscribeCommonEvent();
84 }
85
DelayUnloadTask()86 void ServiceRouterMgrService::DelayUnloadTask()
87 {
88 if (handler_ == nullptr) {
89 TAG_LOGI(AAFwkTag::SER_ROUTER, "null handler_");
90 return;
91 }
92
93 std::lock_guard<std::mutex> lock(delayTaskMutex_);
94 handler_->RemoveTask(TASK_NAME);
95 auto task = [this]() {
96 TAG_LOGI(AAFwkTag::SER_ROUTER, "UnloadSA start");
97 sptr<ISystemAbilityManager> saManager =
98 OHOS::SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
99 if (saManager == nullptr) {
100 TAG_LOGE(AAFwkTag::SER_ROUTER, "null saManager");
101 return;
102 }
103 int32_t result = saManager->UnloadSystemAbility(OHOS::SERVICE_ROUTER_MGR_SERVICE_ID);
104 if (result != ERR_OK) {
105 TAG_LOGE(AAFwkTag::SER_ROUTER, "UnloadSystemAbility ret: %{public}d", result);
106 return;
107 }
108 TAG_LOGI(AAFwkTag::SER_ROUTER, "UnloadSA success");
109 };
110 handler_->PostTask(task, TASK_NAME, UNLOAD_DELAY_TIME);
111 }
112
LoadAllBundleInfos()113 bool ServiceRouterMgrService::LoadAllBundleInfos()
114 {
115 TAG_LOGD(AAFwkTag::SER_ROUTER, "start");
116 bool ret = ServiceRouterDataMgr::GetInstance().LoadAllBundleInfos();
117 TAG_LOGD(AAFwkTag::SER_ROUTER, "end");
118 return ret;
119 }
120
InitEventRunnerAndHandler()121 bool ServiceRouterMgrService::InitEventRunnerAndHandler()
122 {
123 std::lock_guard<std::mutex> lock(mutex_);
124 runner_ = EventRunner::Create(NAME_SERVICE_ROUTER_MGR_SERVICE);
125 if (runner_ == nullptr) {
126 TAG_LOGE(AAFwkTag::SER_ROUTER, "null runner_");
127 return false;
128 }
129 handler_ = std::make_shared<EventHandler>(runner_);
130 if (handler_ == nullptr) {
131 TAG_LOGE(AAFwkTag::SER_ROUTER, "null handler_");
132 return false;
133 }
134 return true;
135 }
136
SubscribeCommonEvent()137 bool ServiceRouterMgrService::ServiceRouterMgrService::SubscribeCommonEvent()
138 {
139 if (eventSubscriber_ != nullptr) {
140 TAG_LOGI(AAFwkTag::SER_ROUTER, "Already subscribed");
141 return true;
142 }
143 EventFwk::MatchingSkills matchingSkills;
144 matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_PACKAGE_ADDED);
145 matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_PACKAGE_CHANGED);
146 matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_PACKAGE_REMOVED);
147 matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_USER_SWITCHED);
148 EventFwk::CommonEventSubscribeInfo subscribeInfo(matchingSkills);
149 subscribeInfo.SetThreadMode(EventFwk::CommonEventSubscribeInfo::COMMON);
150
151 eventSubscriber_ = std::make_shared<SrCommonEventSubscriber>(subscribeInfo);
152 eventSubscriber_->SetEventHandler(handler_);
153 if (!EventFwk::CommonEventManager::SubscribeCommonEvent(eventSubscriber_)) {
154 TAG_LOGE(AAFwkTag::SER_ROUTER, "Subscribed failed");
155 return false;
156 };
157 TAG_LOGI(AAFwkTag::SER_ROUTER, "Subscribed success");
158 return true;
159 }
160
QueryBusinessAbilityInfos(const BusinessAbilityFilter & filter,std::vector<BusinessAbilityInfo> & businessAbilityInfos,int32_t & funcResult)161 ErrCode ServiceRouterMgrService::QueryBusinessAbilityInfos(const BusinessAbilityFilter& filter,
162 std::vector<BusinessAbilityInfo>& businessAbilityInfos, int32_t& funcResult)
163 {
164 TAG_LOGD(AAFwkTag::SER_ROUTER, "CheckPermission is supported");
165 if (!VerifySystemApp()) {
166 TAG_LOGE(AAFwkTag::SER_ROUTER, "verify system app failed");
167 funcResult = ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
168 return funcResult;
169 }
170 if (!VerifyCallingPermission(Constants::PERMISSION_GET_BUNDLE_INFO_PRIVILEGED)) {
171 TAG_LOGE(AAFwkTag::SER_ROUTER, "verify GET_BUNDLE_INFO_PRIVILEGED failed");
172 funcResult = ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
173 return funcResult;
174 }
175 if (funcResult > CYCLE_LIMIT) {
176 TAG_LOGE(AAFwkTag::SER_ROUTER, "funcResult size too large");
177 funcResult = ERR_APPEXECFWK_PARCEL_ERROR;
178 return funcResult;
179 }
180 QueryBusinessAbilityInfosInner(filter, businessAbilityInfos, funcResult);
181 return ERR_OK;
182 }
183
QueryBusinessAbilityInfosInner(const BusinessAbilityFilter & filter,std::vector<BusinessAbilityInfo> & businessAbilityInfos,int32_t & funcResult)184 void ServiceRouterMgrService::QueryBusinessAbilityInfosInner(const BusinessAbilityFilter& filter,
185 std::vector<BusinessAbilityInfo>& businessAbilityInfos, int32_t& funcResult)
186 {
187 TAG_LOGD(AAFwkTag::SER_ROUTER, "coldStart");
188 DelayUnloadTask();
189 funcResult = ServiceRouterDataMgr::GetInstance().QueryBusinessAbilityInfos(filter, businessAbilityInfos);
190 }
191
QueryPurposeInfos(const Want & want,const std::string & purposeName,std::vector<PurposeInfo> & purposeInfos,int32_t & funcResult)192 ErrCode ServiceRouterMgrService::QueryPurposeInfos(const Want& want, const std::string& purposeName,
193 std::vector<PurposeInfo>& purposeInfos, int32_t& funcResult)
194 {
195 TAG_LOGD(AAFwkTag::SER_ROUTER, "coldStart");
196 DelayUnloadTask();
197 funcResult = ServiceRouterDataMgr::GetInstance().QueryPurposeInfos(want, purposeName, purposeInfos);
198 return ERR_OK;
199 }
200
StartUIExtensionAbility(const SessionInfo & sessionInfo,int32_t userId,int32_t & funcResult)201 ErrCode ServiceRouterMgrService::StartUIExtensionAbility(const SessionInfo& sessionInfo, int32_t userId,
202 int32_t& funcResult)
203 {
204 TAG_LOGD(AAFwkTag::SER_ROUTER, "Called");
205 DelayUnloadTask();
206 auto shard_sessionInfo = sptr<SessionInfo>::MakeSptr(sessionInfo);
207 funcResult = IN_PROCESS_CALL(AbilityManagerClient::GetInstance()->StartUIExtensionAbility(shard_sessionInfo,
208 userId));
209 return ERR_OK;
210 }
211
ConnectUIExtensionAbility(const Want & want,const sptr<IAbilityConnection> & connect,const SessionInfo & sessionInfo,int32_t userId,int32_t & funcResult)212 ErrCode ServiceRouterMgrService::ConnectUIExtensionAbility(const Want& want, const sptr<IAbilityConnection>& connect,
213 const SessionInfo& sessionInfo, int32_t userId, int32_t& funcResult)
214 {
215 TAG_LOGD(AAFwkTag::SER_ROUTER, "Called");
216 DelayUnloadTask();
217 auto shard_sessionInfo = sptr<SessionInfo>::MakeSptr(sessionInfo);
218 funcResult = IN_PROCESS_CALL(AbilityManagerClient::GetInstance()->
219 ConnectUIExtensionAbility(want, connect, shard_sessionInfo, userId));
220 return ERR_OK;
221 }
222
VerifySystemApp()223 bool ServiceRouterMgrService::VerifySystemApp()
224 {
225 TAG_LOGD(AAFwkTag::SER_ROUTER, "Called");
226 Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID();
227 Security::AccessToken::ATokenTypeEnum tokenType =
228 Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken);
229 if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE
230 || IPCSkeleton::GetCallingUid() == Constants::ROOT_UID) {
231 return true;
232 }
233 uint64_t accessTokenIdEx = IPCSkeleton::GetCallingFullTokenID();
234 if (!Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(accessTokenIdEx)) {
235 TAG_LOGE(AAFwkTag::SER_ROUTER, "non-system app calling system api");
236 return false;
237 }
238 return true;
239 }
240
VerifyCallingPermission(const std::string & permissionName)241 bool ServiceRouterMgrService::VerifyCallingPermission(const std::string &permissionName)
242 {
243 TAG_LOGD(AAFwkTag::SER_ROUTER, "Verify: %{public}s", permissionName.c_str());
244 OHOS::Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID();
245 OHOS::Security::AccessToken::ATokenTypeEnum tokenType =
246 OHOS::Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken);
247 if (tokenType == OHOS::Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) {
248 return true;
249 }
250 int32_t ret = OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName);
251 if (ret == OHOS::Security::AccessToken::PermissionState::PERMISSION_DENIED) {
252 TAG_LOGE(AAFwkTag::SER_ROUTER, "PERMISSION_DENIED: %{public}s", permissionName.c_str());
253 return false;
254 }
255 return true;
256 }
257 } // namespace AbilityRuntime
258 } // namespace OHOS
259