1 /*
2 * Copyright (C) 2024-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <ipc_skeleton.h>
17 #include <system_ability_definition.h>
18
19 #include "hc_log.h"
20 #include "device_auth.h"
21 #include "device_auth_defines.h"
22 #include "ipc_adapt.h"
23 #include "ipc_sdk_defines.h"
24 #include "common_defs.h"
25 #include "hc_thread.h"
26 #include "securec.h"
27 #include "hc_string_vector.h"
28 #include "hidump_adapter.h"
29 #include "string_ex.h"
30 #include "ipc_service_common.h"
31
32 #include "deviceauth_sa.h"
33 #include "iservice_registry.h"
34 #include "dev_session_mgr.h"
35 #include "critical_handler.h"
36 #include "unload_handler.h"
37
38 #ifdef DEV_AUTH_USE_JEMALLOC
39 #include "malloc.h"
40 #endif
41
42 namespace OHOS {
43 namespace {
44 const uint32_t RESTORE_CODE = 14701;
45 const int32_t SA_REFUSE_TO_UNLOAD = -1;
46 static const uint32_t DEV_AUTH_MAX_THREAD_NUM = 2;
47 }
48
49 using IpcCallMap = struct {
50 int32_t (*func)(const IpcDataInfo*, int32_t, uintptr_t);
51 uint32_t id;
52 };
53
54 static IpcCallMap g_ipcCallMaps[] = {
55 {IpcServiceGmRegCallback, IPC_CALL_ID_REG_CB},
56 {IpcServiceGmUnRegCallback, IPC_CALL_ID_UNREG_CB},
57 {IpcServiceGmRegDataChangeListener, IPC_CALL_ID_REG_LISTENER},
58 {IpcServiceGmUnRegDataChangeListener, IPC_CALL_ID_UNREG_LISTENER},
59 {IpcServiceGmCreateGroup, IPC_CALL_ID_CREATE_GROUP},
60 {IpcServiceGmDelGroup, IPC_CALL_ID_DEL_GROUP},
61 {IpcServiceGmAddMemberToGroup, IPC_CALL_ID_ADD_GROUP_MEMBER},
62 {IpcServiceGmDelMemberFromGroup, IPC_CALL_ID_DEL_GROUP_MEMBER},
63 {IpcServiceGmAddMultiMembersToGroup, IPC_CALL_ID_ADD_MULTI_GROUP_MEMBERS},
64 {IpcServiceGmDelMultiMembersFromGroup, IPC_CALL_ID_DEL_MULTI_GROUP_MEMBERS},
65 {IpcServiceGmProcessData, IPC_CALL_ID_GM_PROC_DATA},
66 {IpcServiceGmApplyRegisterInfo, IPC_CALL_ID_APPLY_REG_INFO},
67 {IpcServiceGmCheckAccessToGroup, IPC_CALL_ID_CHECK_ACCESS_TO_GROUP},
68 {IpcServiceGmGetPkInfoList, IPC_CALL_ID_GET_PK_INFO_LIST},
69 {IpcServiceGmGetGroupInfoById, IPC_CALL_ID_GET_GROUP_INFO},
70 {IpcServiceGmGetGroupInfo, IPC_CALL_ID_SEARCH_GROUPS},
71 {IpcServiceGmGetJoinedGroups, IPC_CALL_ID_GET_JOINED_GROUPS},
72 {IpcServiceGmGetRelatedGroups, IPC_CALL_ID_GET_RELATED_GROUPS},
73 {IpcServiceGmGetDeviceInfoById, IPC_CALL_ID_GET_DEV_INFO_BY_ID},
74 {IpcServiceGmGetTrustedDevices, IPC_CALL_ID_GET_TRUST_DEVICES},
75 {IpcServiceGmIsDeviceInGroup, IPC_CALL_ID_IS_DEV_IN_GROUP},
76 {IpcServiceGmCancelRequest, IPC_CALL_GM_CANCEL_REQUEST},
77 {IpcServiceGaProcessData, IPC_CALL_ID_GA_PROC_DATA},
78 {IpcServiceGaAuthDevice, IPC_CALL_ID_AUTH_DEVICE},
79 {IpcServiceGaCancelRequest, IPC_CALL_GA_CANCEL_REQUEST},
80 {IpcServiceGaGetRealInfo, IPC_CALL_ID_GET_REAL_INFO},
81 {IpcServiceGaGetPseudonymId, IPC_CALL_ID_GET_PSEUDONYM_ID},
82 {IpcServiceDaProcessCredential, IPC_CALL_ID_PROCESS_CREDENTIAL},
83 {IpcServiceDaAuthDevice, IPC_CALL_ID_DA_AUTH_DEVICE},
84 {IpcServiceDaProcessData, IPC_CALL_ID_DA_PROC_DATA},
85 {IpcServiceDaCancelRequest, IPC_CALL_ID_DA_CANCEL_REQUEST},
86 {IpcServiceCmAddCredential, IPC_CALL_ID_CM_ADD_CREDENTIAL},
87 {IpcServiceCmRegCredChangeListener, IPC_CALL_ID_CM_REG_LISTENER},
88 {IpcServiceCmUnRegCredChangeListener, IPC_CALL_ID_CM_UNREG_LISTENER},
89 {IpcServiceCmExportCredential, IPC_CALL_ID_CM_EXPORT_CREDENTIAL},
90 {IpcServiceCmQueryCredentialByParams, IPC_CALL_ID_CM_QUERY_CREDENTIAL_BY_PARAMS},
91 {IpcServiceCmQueryCredentialByCredId, IPC_CALL_ID_CM_QUERY_CREDENTIAL_BY_CRED_ID},
92 {IpcServiceCmDeleteCredential, IPC_CALL_ID_CM_DEL_CREDENTIAL},
93 {IpcServiceCmUpdateCredInfo, IPC_CALL_ID_CM_UPDATE_CRED_INFO},
94 {IpcServiceCmAgreeCredential, IPC_CALL_ID_CM_AGREE_CREDENTIAL},
95 {IpcServiceCmDelCredByParams, IPC_CALL_ID_CM_DEL_CRED_BY_PARAMS},
96 {IpcServiceCmBatchUpdateCredentials, IPC_CALL_ID_CM_BATCH_UPDATE_CREDENTIALS},
97 {IpcServiceCaAuthCredential, IPC_CALL_ID_CA_AUTH_CREDENTIAL},
98 {IpcServiceCaProcessCredData, IPC_CALL_ID_CA_PROCESS_CRED_DATA},
99 {IpcServiceAvGetClientSharedKey, IPC_CALL_ID_AV_GET_CLIENT_SHARED_KEY},
100 {IpcServiceAvGetServerSharedKey, IPC_CALL_ID_AV_GET_SERVER_SHARED_KEY},
101 {IpcServiceLaStartLightAccountAuth, IPC_CALL_ID_LA_START_LIGHT_ACCOUNT_AUTH},
102 {IpcServiceLaProcessLightAccountAuth, IPC_CALL_ID_LA_PROCESS_LIGHT_ACCOUNT_AUTH},
103 };
104
105 REGISTER_SYSTEM_ABILITY_BY_ID(DeviceAuthAbility, SA_ID_DEVAUTH_SERVICE, true);
106
DeviceAuthAbility(int saId,bool runOnCreate)107 DeviceAuthAbility::DeviceAuthAbility(int saId, bool runOnCreate) : SystemAbility(saId, runOnCreate)
108 {
109 LOGI("DeviceAuthAbility");
110 }
111
~DeviceAuthAbility()112 DeviceAuthAbility::~DeviceAuthAbility()
113 {
114 LOGI("~DeviceAuthAbility");
115 }
116
SaSetIpcCallMap(uintptr_t ipcInstance,IpcServiceCall method,int32_t methodId)117 __attribute__((no_sanitize("cfi"))) static uint32_t SaSetIpcCallMap(
118 uintptr_t ipcInstance, IpcServiceCall method, int32_t methodId)
119 {
120 if ((method == nullptr) || (methodId <= 0)) {
121 return static_cast<uint32_t>(HC_ERR_INVALID_PARAMS);
122 }
123
124 DeviceAuthAbility *service = reinterpret_cast<DeviceAuthAbility *>(ipcInstance);
125 return static_cast<uint32_t>(service->SetCallMap(method, methodId));
126 }
127
SaAddMethodMap(uintptr_t ipcInstance)128 static int32_t SaAddMethodMap(uintptr_t ipcInstance)
129 {
130 uint32_t ret = 0;
131 for (uint32_t i = 0; i < sizeof(g_ipcCallMaps)/sizeof(g_ipcCallMaps[0]); i++) {
132 ret &= SaSetIpcCallMap(ipcInstance, g_ipcCallMaps[i].func, g_ipcCallMaps[i].id);
133 }
134 return ret;
135 }
136
Dump(int32_t fd,const std::vector<std::u16string> & args)137 int32_t DeviceAuthAbility::Dump(int32_t fd, const std::vector<std::u16string> &args)
138 {
139 std::vector<std::string> strArgs;
140 for (auto arg : args) {
141 strArgs.emplace_back(Str16ToStr8(arg));
142 }
143 uint32_t argc = strArgs.size();
144 StringVector strArgVec = CreateStrVector();
145 for (uint32_t i = 0; i < argc; i++) {
146 HcString strArg = CreateString();
147 if (!StringSetPointer(&strArg, strArgs[i].c_str())) {
148 LOGE("Failed to set strArg!");
149 DeleteString(&strArg);
150 continue;
151 }
152 if (strArgVec.pushBackT(&strArgVec, strArg) == nullptr) {
153 LOGE("Failed to push strArg to strArgVec!");
154 DeleteString(&strArg);
155 }
156 }
157 DEV_AUTH_DUMP(fd, &strArgVec);
158 DestroyStrVector(&strArgVec);
159 return 0;
160 }
161
OnStart()162 void DeviceAuthAbility::OnStart()
163 {
164 LOGI("DeviceAuthAbility starting ...");
165
166 IPCSkeleton::SetMaxWorkThreadNum(DEV_AUTH_MAX_THREAD_NUM);
167
168 int32_t ret = InitDeviceAuthService();
169 if (ret != HC_SUCCESS) {
170 LOGE("DeviceAuthAbility InitDeviceAuthService failed, ret %" LOG_PUB "d", ret);
171 return;
172 }
173
174 ret = MainRescInit();
175 if (ret != HC_SUCCESS) {
176 DestroyDeviceAuthService();
177 LOGE("device auth service main, init work failed");
178 return;
179 }
180
181 uintptr_t serviceInstanceAddress = reinterpret_cast<uintptr_t>(this);
182 ret = SaAddMethodMap(serviceInstanceAddress);
183 if (ret != HC_SUCCESS) {
184 LOGW("DeviceAuthAbility SaAddMethodMap failed at least once.");
185 }
186 if (!Publish(this)) {
187 LOGE("DeviceAuthAbility Publish failed");
188 DeMainRescInit();
189 DestroyDeviceAuthService();
190 return;
191 }
192 AddSystemAbilityListener(MEMORY_MANAGER_SA_ID);
193 DelayUnload();
194 LOGI("DeviceAuthAbility start success.");
195 }
196
DevAuthInitMemoryPolicy(void)197 static void DevAuthInitMemoryPolicy(void)
198 {
199 #ifdef DEV_AUTH_USE_JEMALLOC
200 (void)mallopt(M_SET_THREAD_CACHE, M_THREAD_CACHE_DISABLE);
201 (void)mallopt(M_DELAYED_FREE, M_DELAYED_FREE_DISABLE);
202 #endif
203 }
204
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)205 int32_t DeviceAuthAbility::OnRemoteRequest(uint32_t code, MessageParcel &data, MessageParcel &reply,
206 MessageOption &option)
207 {
208 std::lock_guard<std::recursive_mutex> lock(instanceMutex_);
209 DelayUnload();
210 DevAuthInitMemoryPolicy();
211 std::u16string readToken = data.ReadInterfaceToken();
212
213 bool isRestoreCall = ((code == RESTORE_CODE) && (readToken == std::u16string(u"OHOS.Updater.RestoreData")));
214 if (readToken != GetDescriptor() && !isRestoreCall) {
215 LOGE("DeviceAuthAbility [IPC][C->S]: The proxy interface token is invalid!");
216 return -1;
217 }
218 if (isUnloading_) {
219 LOGW("sa is unloading, need to retry.");
220 return HC_ERR_IPC_SA_IS_UNLOADING;
221 }
222 int32_t ret;
223 if (isRestoreCall) {
224 ret = HandleRestoreCall(data, reply);
225 } else {
226 ret = HandleDeviceAuthCall(code, data, reply, option);
227 }
228 return ret;
229 }
230
OnActive(const SystemAbilityOnDemandReason & activeReason)231 void DeviceAuthAbility::OnActive(const SystemAbilityOnDemandReason &activeReason)
232 {
233 std::lock_guard<std::recursive_mutex> lock(instanceMutex_);
234 LOGI("OnActive, activeReason name is %" LOG_PUB "s, isUnloading is %" LOG_PUB "s.",
235 activeReason.GetName().c_str(), isUnloading_ ? "YES" : "NO");
236 isUnloading_ = false;
237 }
238
OnIdle(const SystemAbilityOnDemandReason & idleReason)239 int32_t DeviceAuthAbility::OnIdle(const SystemAbilityOnDemandReason &idleReason)
240 {
241 std::lock_guard<std::recursive_mutex> lock(instanceMutex_);
242 isUnloading_ = GetCriticalCnt() > 0 ? false : true;
243 LOGI("OnIdle, idleReason name is %" LOG_PUB "s, isUnloading is %" LOG_PUB "s.",
244 idleReason.GetName().c_str(), isUnloading_ ? "YES" : "NO");
245 if (isUnloading_) {
246 return HC_SUCCESS;
247 }
248 return SA_REFUSE_TO_UNLOAD;
249 }
250
OnStop()251 void DeviceAuthAbility::OnStop()
252 {
253 std::lock_guard<std::recursive_mutex> lock(instanceMutex_);
254 LOGI("DeviceAuthAbility OnStop");
255 DestroyUnloadHandler();
256 RemoveTimeoutSession();
257 DeMainRescInit();
258 DestroyDeviceAuthService();
259 NotifyProcessIsStop();
260 }
261
OnAddSystemAbility(int32_t systemAbilityId,const std::string & deviceId)262 void DeviceAuthAbility::OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId)
263 {
264 LOGI("OnAddSystemAbility systemAbilityId: %" LOG_PUB "d add.", systemAbilityId);
265 if (systemAbilityId == MEMORY_MANAGER_SA_ID) {
266 NotifyProcessIsActive();
267 }
268 }
269
OnRemoveSystemAbility(int32_t systemAbilityId,const std::string & deviceId)270 void DeviceAuthAbility::OnRemoveSystemAbility(int32_t systemAbilityId, const std::string &deviceId)
271 {
272 LOGI("OnRemoveSystemAbility systemAbilityId: %" LOG_PUB "d add.", systemAbilityId);
273 }
274
275 } // namespace OHOS