• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef SERVICES_EDM_INCLUDE_EDM_ENTERPRISE_DEVICE_MGR_ABILITY_H
17 #define SERVICES_EDM_INCLUDE_EDM_ENTERPRISE_DEVICE_MGR_ABILITY_H
18 
19 #include <chrono>
20 #include <condition_variable>
21 #include <memory>
22 #include <string>
23 
24 #include "admin_manager.h"
25 #include "app_control_interface.h"
26 #include "common_event_subscriber.h"
27 #include "enterprise_admin_proxy.h"
28 #include "enterprise_device_mgr_stub.h"
29 #include "hilog/log.h"
30 #include "plugin_manager.h"
31 #include "policy_manager.h"
32 #include "policy_struct.h"
33 #include "security_report.h"
34 #include "system_ability.h"
35 #include "watermark_observer_manager.h"
36 
37 namespace OHOS {
38 namespace EDM {
39 class EnterpriseDeviceMgrAbility : public SystemAbility, public EnterpriseDeviceMgrStub {
40     DECLARE_SYSTEM_ABILITY(EnterpriseDeviceMgrAbility);
41 
42 public:
43     EnterpriseDeviceMgrAbility();
44     DISALLOW_COPY_AND_MOVE(EnterpriseDeviceMgrAbility);
45     ~EnterpriseDeviceMgrAbility() override;
46     static sptr<EnterpriseDeviceMgrAbility> GetInstance();
47     ErrCode EnableAdmin(
48         const AppExecFwk::ElementName &admin, const EntInfo &entInfo, AdminType adminType, int32_t userId) override;
49     ErrCode DisableAdmin(const AppExecFwk::ElementName &admin, int32_t userId) override;
50     ErrCode DisableSuperAdmin(const std::string &bundleName) override;
51     ErrCode GetEnabledAdmin(AdminType adminType, std::vector<std::string> &enabledAdminList) override;
52     ErrCode GetEnterpriseInfo(const AppExecFwk::ElementName &admin, EntInfo &entInfo) override;
53     ErrCode SetEnterpriseInfo(const AppExecFwk::ElementName &admin, const EntInfo &entInfo) override;
54     ErrCode IsSuperAdmin(const std::string &bundleName, bool &isSuper) override;
55     ErrCode IsByodAdmin(const AppExecFwk::ElementName &admin, bool &isByod) override;
56     ErrCode IsAdminEnabled(const AppExecFwk::ElementName &admin, int32_t userId, bool &isEnabled) override;
57     ErrCode SubscribeManagedEvent(const AppExecFwk::ElementName &admin, const std::vector<uint32_t> &events) override;
58     ErrCode UnsubscribeManagedEvent(const AppExecFwk::ElementName &admin, const std::vector<uint32_t> &events) override;
59     ErrCode AuthorizeAdmin(const AppExecFwk::ElementName &admin, const std::string &bundleName) override;
60     ErrCode GetSuperAdmin(std::string &bundleName, std::string &abilityName) override;
61     ErrCode SetDelegatedPolicies(const AppExecFwk::ElementName &parentAdmin, const std::string &bundleName,
62         const std::vector<std::string> &policies) override;
63     ErrCode GetDelegatedPolicies(const AppExecFwk::ElementName &parentAdmin, const std::string &bundleName,
64         std::vector<std::string> &policies) override;
65     ErrCode GetDelegatedBundleNames(const AppExecFwk::ElementName &parentAdmin, const std::string &policyName,
66         std::vector<std::string> &bundleNames) override;
67     ErrCode ReplaceSuperAdmin(const AppExecFwk::ElementName &oldAdmin, const AppExecFwk::ElementName &newAdmin,
68         bool keepPolicy) override;
69     ErrCode GetAdmins(std::vector<std::shared_ptr<AAFwk::Want>> &wants) override;
70     ErrCode SetAdminRunningMode(const AppExecFwk::ElementName &admin, uint32_t runningMode) override;
71     ErrCode SetDelegatedPolicies(const std::string &bundleName,
72         const std::vector<std::string> &policies, int32_t userId) override;
73     ErrCode SetBundleInstallPolicies(const std::vector<std::string> &bundles, int32_t userId,
74         int32_t policyType) override;
75 
76     ErrCode HandleDevicePolicy(uint32_t code, AppExecFwk::ElementName &admin, MessageParcel &data, MessageParcel &reply,
77         int32_t userId) override;
78     ErrCode GetDevicePolicy(uint32_t code, MessageParcel &data, MessageParcel &reply, int32_t userId,
79         int32_t hasUserId = 1) override;
80     ErrCode CheckAndGetAdminProvisionInfo(uint32_t code, MessageParcel &data, MessageParcel &reply, int32_t userId)
81         override;
82     void ConnectAbilityOnSystemEvent(const std::string &bundleName, ManagedEvent event, int32_t userId = 100);
83     void ConnectAbility(const int32_t accountId, std::shared_ptr<Admin> admin);
84     std::unordered_map<std::string,
85         std::function<void(EnterpriseDeviceMgrAbility *that, const EventFwk::CommonEventData &data)>>
86         commonEventFuncMap_;
87     std::unordered_map<int32_t,
88         std::function<void(EnterpriseDeviceMgrAbility *that, int32_t systemAbilityId, const std::string &deviceId)>>
89         addSystemAbilityFuncMap_;
90 
91     virtual std::shared_ptr<PermissionChecker> GetPermissionChecker();
92 protected:
93     void OnStart() override;
94     void OnStop() override;
95     int32_t Dump(int32_t fd, const std::vector<std::u16string> &args) override;
96     void OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override;
97     void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override;
98 
99 private:
100     void AddCommonEventFuncMap();
101     void AddOnAddSystemAbilityFuncMap();
102     void AddOnAddSystemAbilityFuncMapSecond();
103     bool SubscribeAppState();
104     bool UnsubscribeAppState();
105     void NotifyAdminEnabled(bool isEnabled);
106     void CheckAndUpdateByodSettingsData();
107     void UpdateClipboardInfo(const std::string &bundleName, int32_t userId);
108     ErrCode RemoveAdminItem(const std::string &adminName, const std::string &policyName, const std::string &policyValue,
109         int32_t userId);
110     ErrCode RemoveAdminAndAdminPolicy(const std::string &adminName, int32_t userId);
111     ErrCode RemoveAdmin(const std::string &adminName, int32_t userId);
112     ErrCode RemoveAdminPolicy(const std::string &adminName, int32_t userId);
113     ErrCode RemoveSubSuperAdminAndAdminPolicy(const std::string &bundleName);
114     ErrCode RemoveSuperAdminAndAdminPolicy(const std::string &bundleName);
115     ErrCode RemoveSubOrSuperAdminAndAdminPolicy(const std::string &bundleName,
116         const std::vector<int32_t> &nonDefaultUserIds);
117     ErrCode GetDevicePolicyFromPlugin(uint32_t code, MessageParcel &data, MessageParcel &reply, int32_t userId);
118     ErrCode CheckGetPolicyParam(MessageParcel &data, std::shared_ptr<IPlugin> &plugin,
119         AppExecFwk::ElementName &elementName, const std::string &permissionTag, int32_t userId);
120     int32_t GetCurrentUserId();
121     ErrCode HandleApplicationEvent(const std::vector<uint32_t> &events, bool subscribe);
122     ErrCode VerifyEnableAdminCondition(const AppExecFwk::ElementName &admin, AdminType type, int32_t userId,
123         bool isDebug);
124     ErrCode VerifyEnableAdminConditionCheckExistAdmin(const AppExecFwk::ElementName &admin, AdminType type,
125         int32_t userId, bool isDebug);
126     ErrCode VerifyManagedEvent(const AppExecFwk::ElementName &admin, const std::vector<uint32_t> &events);
127     ErrCode UpdateDevicePolicy(uint32_t code, const std::string &bundleName, MessageParcel &data, MessageParcel &reply,
128         int32_t userId);
129     ErrCode CheckDelegatedPolicies(std::shared_ptr<Admin> admin, const std::vector<std::string> &policies);
130     ErrCode CheckReplaceAdmins(const AppExecFwk::ElementName &oldAdmin, const AppExecFwk::ElementName &newAdmin,
131         std::vector<AppExecFwk::ExtensionAbilityInfo> &abilityInfo, std::vector<std::string> &permissionList);
132     ErrCode HandleKeepPolicy(std::string &adminName, std::string &newAdminName, const Admin &edmAdmin,
133         std::shared_ptr<Admin> adminPtr);
134     ErrCode AddDisallowUninstallApp(const std::string &bundleName, int32_t userId = EdmConstants::DEFAULT_USER_ID);
135     ErrCode DelDisallowUninstallApp(const std::string &bundleName);
136     void AfterEnableAdmin(const AppExecFwk::ElementName &admin, AdminType type, int32_t userId);
137     void ReportFuncEvent(uint32_t code);
138 #ifdef COMMON_EVENT_SERVICE_EDM_ENABLE
139     std::shared_ptr<EventFwk::CommonEventSubscriber> CreateEnterpriseDeviceEventSubscriber(
140         EnterpriseDeviceMgrAbility &listener);
141 #endif
142     void OnCommonEventUserAdded(const EventFwk::CommonEventData &data);
143     void OnCommonEventUserSwitched(const EventFwk::CommonEventData &data);
144     void OnCommonEventUserRemoved(const EventFwk::CommonEventData &data);
145     void OnCommonEventPackageAdded(const EventFwk::CommonEventData &data);
146     void OnCommonEventPackageRemoved(const EventFwk::CommonEventData &data);
147     void OnCommonEventPackageChanged(const EventFwk::CommonEventData &data);
148     void OnCommonEventBmsReady(const EventFwk::CommonEventData &data);
149     void OnCommonEventKioskMode(const EventFwk::CommonEventData &data, bool isModeOn);
150     bool ShouldUnsubscribeAppState(const std::string &adminName, int32_t userId);
151     bool CheckManagedEvent(uint32_t event);
152     void OnAppManagerServiceStart();
153     void OnAbilityManagerServiceStart();
154     void OnCommonEventServiceStart();
155     void ConnectAbilityOnSystemAccountEvent(const int32_t accountId, ManagedEvent event);
156     bool CheckRunningMode(uint32_t runningMode);
157     void ConnectEnterpriseAbility();
158     void CallOnOtherServiceStart(uint32_t interfaceCode);
159     void CallOnOtherServiceStart(uint32_t interfaceCode, int32_t systemAbilityId);
160     bool OnAdminEnabled(const std::string &bundleName, const std::string &abilityName, uint32_t code, int32_t userId,
161         bool isAdminEnabled);
162     bool CheckDisableAdmin(const std::string &bundleName, AdminType adminType, bool isDebug);
163     void InitAllAdmins();
164     void InitAllPolices();
165     void RemoveAllDebugAdmin();
166     void AddSystemAbilityListeners();
167     void ConnectAbilityOnSystemUpdate(const UpdateInfo &updateInfo);
168     void OnCommonEventSystemUpdate(const EventFwk::CommonEventData &data);
169     std::shared_ptr<IEdmBundleManager> GetBundleMgr();
170     std::shared_ptr<IEdmAppManager> GetAppMgr();
171     std::shared_ptr<IEdmOsAccountManager> GetOsAccountMgr();
172     // non-thread-safe function
173     ErrCode DoDisableAdmin(const std::string &bundleName, int32_t userId, AdminType adminType);
174 
175     static std::shared_mutex adminLock_;
176     static sptr<EnterpriseDeviceMgrAbility> instance_;
177     std::shared_ptr<PolicyManager> policyMgr_;
178     bool registerToService_ = false;
179     std::shared_ptr<EventFwk::CommonEventSubscriber> commonEventSubscriber = nullptr;
180     sptr<AppExecFwk::IApplicationStateObserver> appStateObserver_;
181     bool hasConnect_ = false;
182 };
183 #ifdef COMMON_EVENT_SERVICE_EDM_ENABLE
184 class EnterpriseDeviceEventSubscriber : public EventFwk::CommonEventSubscriber {
185 public:
186     EnterpriseDeviceEventSubscriber(const EventFwk::CommonEventSubscribeInfo &subscribeInfo,
187         EnterpriseDeviceMgrAbility &listener);
188     ~EnterpriseDeviceEventSubscriber() override = default;
189 
190     void OnReceiveEvent(const EventFwk::CommonEventData &data) override;
191 
192 private:
193     EnterpriseDeviceMgrAbility &listener_;
194 };
195 #endif
196 } // namespace EDM
197 } // namespace OHOS
198 #endif // SERVICES_EDM_INCLUDE_EDM_ENTERPRISE_DEVICE_MGR_ABILITY_H
199