• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "fingerprint_auth_plugin.h"
17 
18 #include "edm_ipc_interface_code.h"
19 #include "fingerprint_policy_serializer.h"
20 #include "iplugin_manager.h"
21 #include "ipolicy_manager.h"
22 #include "user_auth_client.h"
23 
24 namespace OHOS {
25 namespace EDM {
26 const bool REGISTER_RESULT = IPluginManager::GetInstance()->AddPlugin(std::make_shared<FingerprintAuthPlugin>());
FingerprintAuthPlugin()27 FingerprintAuthPlugin::FingerprintAuthPlugin()
28 {
29     policyCode_ = EdmInterfaceCode::FINGERPRINT_AUTH;
30     policyName_ = PolicyName::POLICY_FINGERPRINT_AUTH;
31     permissionConfig_.typePermissions.emplace(IPlugin::PermissionType::SUPER_DEVICE_ADMIN,
32         EdmPermission::PERMISSION_ENTERPRISE_MANAGE_RESTRICTIONS);
33     permissionConfig_.apiType = IPlugin::ApiType::PUBLIC;
34     needSave_ = true;
35 }
36 
OnHandlePolicy(std::uint32_t funcCode,MessageParcel & data,MessageParcel & reply,HandlePolicyData & policyData,int32_t userId)37 ErrCode FingerprintAuthPlugin::OnHandlePolicy(std::uint32_t funcCode, MessageParcel &data, MessageParcel &reply,
38     HandlePolicyData &policyData, int32_t userId)
39 {
40     EDMLOGI("FingerprintAuthPlugin OnSetPolicy");
41     std::string type = data.ReadString();
42     bool disallow = data.ReadBool();
43     ErrCode ret = ERR_INVALID_VALUE;
44     auto serializer = FingerprintPolicySerializer::GetInstance();
45     FingerprintPolicy currentPolicy;
46     FingerprintPolicy mergePolicy;
47     if (!serializer->Deserialize(policyData.policyData, currentPolicy) ||
48         !serializer->Deserialize(policyData.mergePolicyData, mergePolicy)) {
49         EDMLOGE("FingerprintAuthPlugin::OnHandlePolicy Deserialize current policy and merge policy failed.");
50         return EdmReturnErrCode::SYSTEM_ABNORMALLY;
51     }
52     if (type == EdmConstants::FINGERPRINT_AUTH_TYPE) {
53         ret = HandleFingerprintAuthPolicy(disallow, currentPolicy, mergePolicy);
54     } else if (type == EdmConstants::DISALLOW_FOR_ACCOUNT_TYPE) {
55         int32_t accountId = data.ReadInt32();
56         ret = HandleFingerprintForAccountPolicy(disallow, accountId, currentPolicy, mergePolicy);
57     }
58     if (ret != ERR_OK) {
59         return ret;
60     }
61     ret = SetGlobalConfigParam(mergePolicy);
62     if (ret != ERR_OK) {
63         EDMLOGE("FingerprintAuthPlugin::OnHandlePolicy SetGlobalConfigParam fail.ret: %{public}d", ret);
64         return EdmReturnErrCode::SYSTEM_ABNORMALLY;
65     }
66 
67     std::string afterHandle;
68     std::string afterMerge;
69     if (!serializer->Serialize(currentPolicy, afterHandle) || !serializer->Serialize(mergePolicy, afterMerge)) {
70         EDMLOGE("FingerprintAuthPlugin Serialize current policy and merge policy failed");
71         return EdmReturnErrCode::SYSTEM_ABNORMALLY;
72     }
73     policyData.isChanged = (afterHandle != policyData.policyData);
74     if (policyData.isChanged) {
75         policyData.policyData = afterHandle;
76     }
77     policyData.mergePolicyData = afterMerge;
78     return ERR_OK;
79 }
80 
HandleFingerprintAuthPolicy(bool disallow,FingerprintPolicy & currentPolicy,FingerprintPolicy & mergePolicy)81 ErrCode FingerprintAuthPlugin::HandleFingerprintAuthPolicy(bool disallow, FingerprintPolicy &currentPolicy,
82     FingerprintPolicy &mergePolicy)
83 {
84     if (disallow) {
85         currentPolicy.globalDisallow = true;
86         currentPolicy.accountIds.clear();
87         mergePolicy.globalDisallow = true;
88         mergePolicy.accountIds.clear();
89         return ERR_OK;
90     }
91     if (!currentPolicy.accountIds.empty()) {
92         return EdmReturnErrCode::CONFIGURATION_CONFLICT_FAILED;
93     }
94     currentPolicy.globalDisallow = false;
95     return ERR_OK;
96 }
97 
HandleFingerprintForAccountPolicy(bool disallow,int32_t accountId,FingerprintPolicy & currentPolicy,FingerprintPolicy & mergePolicy)98 ErrCode FingerprintAuthPlugin::HandleFingerprintForAccountPolicy(bool disallow, int32_t accountId,
99     FingerprintPolicy &currentPolicy, FingerprintPolicy &mergePolicy)
100 {
101     if (currentPolicy.globalDisallow) {
102         return EdmReturnErrCode::CONFIGURATION_CONFLICT_FAILED;
103     }
104     if (disallow) {
105         currentPolicy.accountIds.insert(accountId);
106     } else {
107         auto it = currentPolicy.accountIds.find(accountId);
108         if (it != currentPolicy.accountIds.end()) {
109             currentPolicy.accountIds.erase(it);
110         }
111     }
112     if (!mergePolicy.globalDisallow) {
113         for (auto item : currentPolicy.accountIds) {
114             mergePolicy.accountIds.insert(item);
115         }
116     }
117     return ERR_OK;
118 }
119 
SetGlobalConfigParam(FingerprintPolicy policy)120 ErrCode FingerprintAuthPlugin::SetGlobalConfigParam(FingerprintPolicy policy)
121 {
122     std::vector<int32_t> userIds(policy.accountIds.size());
123     std::copy(policy.accountIds.begin(), policy.accountIds.end(), userIds.begin());
124     UserIam::UserAuth::GlobalConfigParam param;
125     param.userIds = userIds;
126     param.authTypes.push_back(UserIam::UserAuth::AuthType::FINGERPRINT);
127     param.type = UserIam::UserAuth::GlobalConfigType::ENABLE_STATUS;
128     param.value.enableStatus = !policy.globalDisallow && userIds.size() == 0;
129     return UserIam::UserAuth::UserAuthClient::GetInstance().SetGlobalConfigParam(param);
130 }
131 
OnGetPolicy(std::string & policyData,MessageParcel & data,MessageParcel & reply,int32_t userId)132 ErrCode FingerprintAuthPlugin::OnGetPolicy(std::string &policyData, MessageParcel &data,
133     MessageParcel &reply, int32_t userId)
134 {
135     EDMLOGI("FingerprintAuthPlugin OnGetPolicy");
136     auto serializer_ = FingerprintPolicySerializer::GetInstance();
137     FingerprintPolicy policy;
138     serializer_->Deserialize(policyData, policy);
139     std::string type = data.ReadString();
140     bool isDisallow = false;
141     if (type == EdmConstants::FINGERPRINT_AUTH_TYPE) {
142         isDisallow = policy.globalDisallow;
143     } else if (type == EdmConstants::DISALLOW_FOR_ACCOUNT_TYPE) {
144         int32_t accountId = data.ReadInt32();
145         auto it = policy.accountIds.find(accountId);
146         isDisallow = (it != policy.accountIds.end());
147     }
148     reply.WriteInt32(ERR_OK);
149     reply.WriteBool(isDisallow);
150     EDMLOGI("FingerprintAuthPlugin OnGetPolicy result %{public}d", isDisallow);
151     return ERR_OK;
152 }
153 
GetOthersMergePolicyData(const std::string & adminName,int32_t userId,std::string & othersMergePolicyData)154 ErrCode FingerprintAuthPlugin::GetOthersMergePolicyData(const std::string &adminName, int32_t userId,
155     std::string &othersMergePolicyData)
156 {
157     std::unordered_map<std::string, std::string> adminValues;
158     IPolicyManager::GetInstance()->GetAdminByPolicyName(GetPolicyName(), adminValues);
159     EDMLOGI("FingerprintAuthPlugin::GetOthersMergePolicyData %{public}s value size %{public}d.",
160         GetPolicyName().c_str(), (uint32_t)adminValues.size());
161     if (adminValues.empty()) {
162         return ERR_OK;
163     }
164     auto entry = adminValues.find(adminName);
165     // Remove the current admin policy value from the cache map.
166     if (entry != adminValues.end()) {
167         adminValues.erase(entry);
168     }
169     if (adminValues.empty()) {
170         return ERR_OK;
171     }
172     auto serializer = FingerprintPolicySerializer::GetInstance();
173     std::vector<FingerprintPolicy> data;
174     for (const auto &item : adminValues) {
175         FingerprintPolicy dataItem;
176         if (!item.second.empty()) {
177             if (!serializer->Deserialize(item.second, dataItem)) {
178                 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
179             }
180             data.push_back(dataItem);
181         }
182     }
183     FingerprintPolicy result;
184     if (!serializer->MergePolicy(data, result)) {
185         return EdmReturnErrCode::SYSTEM_ABNORMALLY;
186     }
187     if (!serializer->Serialize(result, othersMergePolicyData)) {
188         return EdmReturnErrCode::SYSTEM_ABNORMALLY;
189     }
190     return ERR_OK;
191 }
192 
OnAdminRemove(const std::string & adminName,const std::string & policyData,const std::string & mergeData,int32_t userId)193 ErrCode FingerprintAuthPlugin::OnAdminRemove(const std::string &adminName, const std::string &policyData,
194     const std::string &mergeData, int32_t userId)
195 {
196     FingerprintPolicy policy;
197     FingerprintPolicySerializer::GetInstance()->Deserialize(mergeData, policy);
198     ErrCode ret = SetGlobalConfigParam(policy);
199     if (ret != ERR_OK) {
200         EDMLOGE("FingerprintAuthPlugin OnAdminRemove set global config param failed.");
201         return EdmReturnErrCode::SYSTEM_ABNORMALLY;
202     }
203     return ERR_OK;
204 }
205 
OnOtherServiceStart(int32_t systemAbilityId)206 void FingerprintAuthPlugin::OnOtherServiceStart(int32_t systemAbilityId)
207 {
208     std::string policyData;
209     IPolicyManager::GetInstance()->GetPolicy("", PolicyName::POLICY_FINGERPRINT_AUTH,
210         policyData, EdmConstants::DEFAULT_USER_ID);
211     auto serializer_ = FingerprintPolicySerializer::GetInstance();
212     FingerprintPolicy policy;
213     serializer_->Deserialize(policyData, policy);
214     int32_t ret = SetGlobalConfigParam(policy);
215     if (ret != ERR_OK) {
216         EDMLOGE("FingerprintAuthPlugin::OnOtherServiceStart SetGlobalConfigParam fail.ret: %{public}d", ret);
217     }
218 }
219 } // namespace EDM
220 } // namespace OHOS
221