1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "disable_usb_plugin.h"
17
18 #include "bool_serializer.h"
19 #include "edm_constants.h"
20 #include "edm_ipc_interface_code.h"
21 #include "edm_utils.h"
22 #include "usb_policy_utils.h"
23 #include "iplugin_manager.h"
24 #include "ipolicy_manager.h"
25
26 namespace OHOS {
27 namespace EDM {
28 const bool REGISTER_RESULT = IPluginManager::GetInstance()->AddPlugin(DisableUsbPlugin::GetPlugin());
29
InitPlugin(std::shared_ptr<IPluginTemplate<DisableUsbPlugin,bool>> ptr)30 void DisableUsbPlugin::InitPlugin(std::shared_ptr<IPluginTemplate<DisableUsbPlugin, bool>> ptr)
31 {
32 EDMLOGI("DisableUsbPlugin InitPlugin...");
33 std::map<std::string, std::map<IPlugin::PermissionType, std::string>> tagPermissions;
34 std::map<IPlugin::PermissionType, std::string> typePermissionsForTag11;
35 std::map<IPlugin::PermissionType, std::string> typePermissionsForTag12;
36 typePermissionsForTag11.emplace(IPlugin::PermissionType::SUPER_DEVICE_ADMIN,
37 EdmPermission::PERMISSION_ENTERPRISE_MANAGE_USB);
38 typePermissionsForTag12.emplace(IPlugin::PermissionType::SUPER_DEVICE_ADMIN,
39 EdmPermission::PERMISSION_ENTERPRISE_MANAGE_RESTRICTIONS);
40 typePermissionsForTag12.emplace(IPlugin::PermissionType::BYOD_DEVICE_ADMIN,
41 EdmPermission::PERMISSION_PERSONAL_MANAGE_RESTRICTIONS);
42 tagPermissions.emplace(EdmConstants::PERMISSION_TAG_VERSION_11, typePermissionsForTag11);
43 tagPermissions.emplace(EdmConstants::PERMISSION_TAG_VERSION_12, typePermissionsForTag12);
44
45 IPlugin::PolicyPermissionConfig config = IPlugin::PolicyPermissionConfig(tagPermissions, IPlugin::ApiType::PUBLIC);
46 ptr->InitAttribute(EdmInterfaceCode::DISABLE_USB, PolicyName::POLICY_DISABLE_USB, config, true);
47 ptr->SetSerializer(BoolSerializer::GetInstance());
48 ptr->SetOnHandlePolicyListener(&DisableUsbPlugin::OnSetPolicy, FuncOperateType::SET);
49 ptr->SetOnAdminRemoveListener(&DisableUsbPlugin::OnAdminRemove);
50 ptr->SetOtherServiceStartListener(&DisableUsbPlugin::OnOtherServiceStart);
51 }
52
SetOtherModulePolicy(bool data,int32_t userId)53 ErrCode DisableUsbPlugin::SetOtherModulePolicy(bool data, int32_t userId)
54 {
55 EDMLOGI("DisableUsbPlugin OnSetPolicy...disable = %{public}d", data);
56 bool hasConflict = false;
57 if (FAILED(HasConflictPolicy(hasConflict))) {
58 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
59 }
60 if (data && hasConflict) {
61 return EdmReturnErrCode::CONFIGURATION_CONFLICT_FAILED;
62 }
63 if (FAILED(UsbPolicyUtils::SetUsbDisabled(data))) {
64 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
65 }
66 return ERR_OK;
67 }
68
HasConflictPolicy(bool & hasConflict)69 ErrCode DisableUsbPlugin::HasConflictPolicy(bool &hasConflict)
70 {
71 auto policyManager = IPolicyManager::GetInstance();
72 std::string allowUsbDevice;
73 policyManager->GetPolicy("", PolicyName::POLICY_ALLOWED_USB_DEVICES, allowUsbDevice);
74 if (!allowUsbDevice.empty()) {
75 EDMLOGE("DisableUsbPlugin POLICY CONFLICT! allowedUsbDevice: %{public}s", allowUsbDevice.c_str());
76 hasConflict = true;
77 return ERR_OK;
78 }
79 std::string disallowUsbDevice;
80 policyManager->GetPolicy("", PolicyName::POLICY_DISALLOWED_USB_DEVICES, disallowUsbDevice);
81 if (!disallowUsbDevice.empty()) {
82 EDMLOGE("DisableUsbPlugin POLICY CONFLICT! disallowUsbDevice: %{public}s", disallowUsbDevice.c_str());
83 hasConflict = true;
84 return ERR_OK;
85 }
86 std::string usbStoragePolicy;
87 policyManager->GetPolicy("", PolicyName::POLICY_USB_READ_ONLY, usbStoragePolicy);
88 if (usbStoragePolicy == std::to_string(EdmConstants::STORAGE_USB_POLICY_DISABLED) ||
89 usbStoragePolicy == std::to_string(EdmConstants::STORAGE_USB_POLICY_READ_ONLY)) {
90 EDMLOGE("DisableUsbPlugin POLICY CONFLICT! usbStoragePolicy: %{public}s", usbStoragePolicy.c_str());
91 hasConflict = true;
92 return ERR_OK;
93 }
94 #ifdef FEATURE_PC_ONLY
95 bool isDisallowed = false;
96 if (FAILED(UsbPolicyUtils::IsUsbStorageDeviceWriteDisallowed(isDisallowed))) {
97 EDMLOGE("DisableUsbPlugin HasConflictPolicy, IsUsbStorageDeviceWriteDisallowed failed");
98 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
99 }
100 if (isDisallowed) {
101 EDMLOGE("DisableUsbPlugin POLICY CONFLICT! disalloweStorageDeviceWrite: %{public}d", isDisallowed);
102 hasConflict = true;
103 return ERR_OK;
104 }
105 #endif
106 return ERR_OK;
107 }
108
RemoveOtherModulePolicy(int32_t userId)109 ErrCode DisableUsbPlugin::RemoveOtherModulePolicy(int32_t userId)
110 {
111 return UsbPolicyUtils::SetUsbDisabled(false);
112 }
113
OnOtherServiceStart(int32_t systemAbilityId)114 void DisableUsbPlugin::OnOtherServiceStart(int32_t systemAbilityId)
115 {
116 EDMLOGI("DisableUsbPlugin::OnOtherServiceStart start");
117 std::string disableUsbPolicy;
118 IPolicyManager::GetInstance()->GetPolicy("", PolicyName::POLICY_DISABLE_USB,
119 disableUsbPolicy, EdmConstants::DEFAULT_USER_ID);
120 bool isUsbDisabled = false;
121 BoolSerializer::GetInstance()->Deserialize(disableUsbPolicy, isUsbDisabled);
122 if (isUsbDisabled) {
123 ErrCode disableUsbRet = UsbPolicyUtils::SetUsbDisabled(isUsbDisabled);
124 if (disableUsbRet != ERR_OK) {
125 EDMLOGW("SetUsbDisabled Error: %{public}d", disableUsbRet);
126 }
127 }
128 }
129 } // namespace EDM
130 } // namespace OHOS
131