1 /*
2 * Copyright (c) 2025-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "disable_sudo_plugin.h"
17
18 #include <ipc_skeleton.h>
19 #include "bool_serializer.h"
20 #include "edm_constants.h"
21 #include "edm_errors.h"
22 #include "edm_ipc_interface_code.h"
23 #include "edm_log.h"
24 #include "iplugin_manager.h"
25 #include "os_account_manager.h"
26
27 namespace OHOS {
28 namespace EDM {
29 const bool REGISTER_RESULT = IPluginManager::GetInstance()->AddPlugin(DisableSudoPlugin::GetPlugin());
30 const std::string CONSTRAINT_SUDO = "constraint.sudo";
31
InitPlugin(std::shared_ptr<IPluginTemplate<DisableSudoPlugin,bool>> ptr)32 void DisableSudoPlugin::InitPlugin(std::shared_ptr<IPluginTemplate<DisableSudoPlugin, bool>> ptr)
33 {
34 EDMLOGI("DisableSudoPlugin InitPlugin...");
35 ptr->InitAttribute(EdmInterfaceCode::DISALLOWED_SUDO, PolicyName::POLICY_DISABLED_SUDO,
36 EdmPermission::PERMISSION_ENTERPRISE_MANAGE_RESTRICTIONS, IPlugin::PermissionType::SUPER_DEVICE_ADMIN, true);
37 ptr->SetSerializer(BoolSerializer::GetInstance());
38 ptr->SetOnHandlePolicyListener(&DisableSudoPlugin::OnSetPolicy, FuncOperateType::SET);
39 ptr->SetOnAdminRemoveListener(&DisableSudoPlugin::OnAdminRemove);
40 }
41
OnSetPolicy(bool & data,bool & currentData,bool & mergeData,int32_t userId)42 ErrCode DisableSudoPlugin::OnSetPolicy(bool &data, bool ¤tData, bool &mergeData,
43 int32_t userId)
44 {
45 EDMLOGI("DisableSudoPlugin::OnSetPolicy, data: %{public}d, currentData: %{public}d, "
46 "mergeData: %{public}d", data, currentData, mergeData);
47 if (mergeData) {
48 currentData = data;
49 return ERR_OK;
50 }
51 ErrCode ret = SetSudoPolicy(data, userId);
52 EDMLOGI("DisableSudoPlugin::OnSetPolicy, SetSudoPolicy ret: %{public}d", ret);
53 if (FAILED(ret)) {
54 EDMLOGE("DisableSudoPlugin::OnSetPolicy, SetSudoPolicy failed");
55 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
56 }
57 currentData = data;
58 mergeData = data;
59 return ERR_OK;
60 }
61
OnAdminRemove(const std::string & adminName,bool & data,bool & mergeData,int32_t userId)62 ErrCode DisableSudoPlugin::OnAdminRemove(const std::string &adminName, bool &data, bool &mergeData,
63 int32_t userId)
64 {
65 EDMLOGI("DisableSudoPlugin::OnAdminRemove, adminName: %{public}s, data: %{public}d, "
66 "mergeData: %{public}d", adminName.c_str(), data, mergeData);
67 if (mergeData) {
68 return ERR_OK;
69 }
70 // admin 移除时,综合策略为读写,且移除的策略为只读,则更新策略为读写
71 if (!mergeData && data) {
72 ErrCode ret = SetSudoPolicy(false, userId);
73 EDMLOGI("DisableSudoPlugin::OnAdminRemove, SetSudoPolicy ret: %{public}d", ret);
74 if (FAILED(ret)) {
75 EDMLOGE("DisableSudoPlugin::OnAdminRemove, SetSudoPolicy failed");
76 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
77 }
78 }
79 return ERR_OK;
80 }
81
SetSudoPolicy(bool policy,int32_t userId)82 ErrCode DisableSudoPlugin::SetSudoPolicy(bool policy, int32_t userId)
83 {
84 EDMLOGI("DisableSudoPlugin::SetSudoPolicy, policy: %{public}d", policy);
85 std::vector<std::string> constraints;
86 constraints.emplace_back(CONSTRAINT_SUDO);
87 ErrCode ret = AccountSA::OsAccountManager::SetSpecificOsAccountConstraints(constraints, policy, userId,
88 EdmConstants::DEFAULT_USER_ID, true);
89 EDMLOGI("DisableSudoPlugin::SetSudoPolicy, SetSpecificOsAccountConstraints ret: %{public}d", ret);
90 return ret;
91 }
92 } // namespace EDM
93 } // namespace OHOS