1 /*
2 * Copyright (c) 2021-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "installd/installd_host_impl.h"
17
18 #include <cinttypes>
19 #include <cstdio>
20 #include <fstream>
21 #include <map>
22 #include <memory>
23 #include <sstream>
24 #include <string>
25 #include <sys/stat.h>
26 #include <sys/types.h>
27 #include <sys/xattr.h>
28 #include <unistd.h>
29
30 #include "aot/aot_executor.h"
31 #include "app_log_tag_wrapper.h"
32 #include "bundle_constants.h"
33 #include "bundle_service_constants.h"
34 #if defined(CODE_SIGNATURE_ENABLE)
35 #include "byte_buffer.h"
36 #include "code_sign_utils.h"
37 #endif
38 #include "common_profile.h"
39 #ifdef CONFIG_POLOCY_ENABLE
40 #include "config_policy_utils.h"
41 #endif
42 #include "directory_ex.h"
43 #ifdef WITH_SELINUX
44 #include "hap_restorecon.h"
45 #include "selinux/selinux.h"
46 #ifndef SELINUX_HAP_DEBUGGABLE
47 #define SELINUX_HAP_DEBUGGABLE 2
48 #endif
49 #endif // WITH_SELINUX
50 #include "hitrace_meter.h"
51 #include "installd/installd_operator.h"
52 #include "installd/installd_permission_mgr.h"
53 #include "parameters.h"
54 #include "inner_bundle_clone_common.h"
55 #include "policycoreutils.h"
56 #include "storage_acl.h"
57
58 namespace OHOS {
59 namespace AppExecFwk {
60 namespace {
61 const std::vector<std::string> BUNDLE_DATA_DIR = {
62 "/cache",
63 "/files",
64 "/temp",
65 "/preferences",
66 "/haps"
67 };
68 constexpr const char* CLOUD_FILE_PATH = "/data/service/el2/%/hmdfs/cloud/data/";
69 constexpr const char* SHARE_FILE_PATH = "/data/service/el2/%/share/";
70 constexpr const char* BUNDLE_BACKUP_HOME_PATH_EL1 = "/data/service/el1/%/backup/bundles/";
71 constexpr const char* BUNDLE_BACKUP_HOME_PATH_EL2 = "/data/service/el2/%/backup/bundles/";
72 constexpr const char* BUNDLE_BACKUP_HOME_PATH_EL1_NEW = "/data/app/el1/%/base/";
73 constexpr const char* BUNDLE_BACKUP_HOME_PATH_EL2_NEW = "/data/app/el2/%/base/";
74 constexpr const char* DISTRIBUTED_FILE = "/data/service/el2/%/hmdfs/account/data/";
75 constexpr const char* DISTRIBUTED_FILE_NON_ACCOUNT = "/data/service/el2/%/hmdfs/non_account/data/";
76 constexpr const char* SHAREFILES_DATA_PATH_EL2 = "/data/app/el2/%/sharefiles/";
77 constexpr const char* BUNDLE_BACKUP_INNER_DIR = "/.backup";
78 constexpr const char* EXTENSION_CONFIG_DEFAULT_PATH = "/system/etc/ams_extension_config.json";
79 #ifdef CONFIG_POLOCY_ENABLE
80 constexpr const char* EXTENSION_CONFIG_FILE_PATH = "/etc/ams_extension_config.json";
81 #endif
82 constexpr const char* EXTENSION_CONFIG_NAME = "ams_extension_config";
83 constexpr const char* EXTENSION_TYPE_NAME = "extension_type_name";
84 constexpr const char* EXTENSION_SERVICE_NEED_CREATE_SANDBOX = "need_create_sandbox";
85 constexpr const char* SHELL_ENTRY_TXT = "g:2000:rwx";
86 constexpr int32_t APP_DATA_SIZE_INDEX = 0;
87 constexpr int32_t BUNDLE_DATA_SIZE_INDEX = 1;
88 constexpr uint64_t VECTOR_SIZE_MAX = 200;
89 constexpr int32_t INSTALLS_UID = 3060;
90 constexpr int64_t EMPTY_FILE_SIZE = 4 * 1024;
91 enum class DirType : uint8_t {
92 DIR_EL1,
93 DIR_EL2,
94 };
95 #if defined(CODE_SIGNATURE_ENABLE)
96 using namespace OHOS::Security::CodeSign;
97 #endif
98 }
99
InstalldHostImpl()100 InstalldHostImpl::InstalldHostImpl()
101 {
102 LOG_NOFUNC_I(BMS_TAG_INSTALLD, "installd service created");
103 }
104
~InstalldHostImpl()105 InstalldHostImpl::~InstalldHostImpl()
106 {
107 LOG_NOFUNC_I(BMS_TAG_INSTALLD, "installd service destroyed");
108 }
109
CreateBundleDir(const std::string & bundleDir)110 ErrCode InstalldHostImpl::CreateBundleDir(const std::string &bundleDir)
111 {
112 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
113 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
114 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
115 }
116 if (bundleDir.empty()) {
117 LOG_E(BMS_TAG_INSTALLD, "Calling the function CreateBundleDir with invalid param");
118 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
119 }
120 if (InstalldOperator::IsExistDir(bundleDir)) {
121 LOG_W(BMS_TAG_INSTALLD, "bundleDir %{public}s is exist", bundleDir.c_str());
122 if (!OHOS::ForceRemoveDirectoryBMS(bundleDir)) {
123 InstalldOperator::DeleteDirFlexible(bundleDir, true);
124 }
125 }
126 if (!InstalldOperator::MkRecursiveDir(bundleDir, true)) {
127 LOG_E(BMS_TAG_INSTALLD, "create bundle dir %{public}s failed, errno:%{public}d", bundleDir.c_str(), errno);
128 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
129 }
130 InstalldOperator::RmvDeleteDfx(bundleDir);
131 return ERR_OK;
132 }
133
ExtractModuleFiles(const std::string & srcModulePath,const std::string & targetPath,const std::string & targetSoPath,const std::string & cpuAbi)134 ErrCode InstalldHostImpl::ExtractModuleFiles(const std::string &srcModulePath, const std::string &targetPath,
135 const std::string &targetSoPath, const std::string &cpuAbi)
136 {
137 LOG_D(BMS_TAG_INSTALLD, "ExtractModuleFiles extract original src %{public}s and target src %{public}s",
138 srcModulePath.c_str(), targetPath.c_str());
139 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
140 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
141 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
142 }
143 if (srcModulePath.empty() || targetPath.empty()) {
144 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractModuleFiles with invalid param");
145 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
146 }
147 if (!InstalldOperator::MkRecursiveDir(targetPath, true)) {
148 LOG_E(BMS_TAG_INSTALLD, "create target dir %{public}s failed, errno:%{public}d", targetPath.c_str(), errno);
149 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
150 }
151 if (!InstalldOperator::ExtractFiles(srcModulePath, targetSoPath, cpuAbi)) {
152 LOG_E(BMS_TAG_INSTALLD, "extract %{public}s to %{public}s failed errno:%{public}d",
153 srcModulePath.c_str(), targetPath.c_str(), errno);
154 InstalldOperator::DeleteDir(targetPath);
155 return ERR_APPEXECFWK_INSTALLD_EXTRACT_FAILED;
156 }
157 return ERR_OK;
158 }
159
ExtractFiles(const ExtractParam & extractParam)160 ErrCode InstalldHostImpl::ExtractFiles(const ExtractParam &extractParam)
161 {
162 LOG_D(BMS_TAG_INSTALLD, "ExtractFiles extractParam %{public}s", extractParam.ToString().c_str());
163 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
164 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
165 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
166 }
167
168 if (extractParam.srcPath.empty() || extractParam.targetPath.empty()) {
169 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractFiles with invalid param");
170 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
171 }
172
173 if (!InstalldOperator::ExtractFiles(extractParam)) {
174 LOG_E(BMS_TAG_INSTALLD, "extract failed errno:%{public}d", errno);
175 return ERR_APPEXECFWK_INSTALLD_EXTRACT_FAILED;
176 }
177
178 return ERR_OK;
179 }
180
181
ExtractHnpFiles(const std::string & hnpPackageInfo,const ExtractParam & extractParam)182 ErrCode InstalldHostImpl::ExtractHnpFiles(const std::string &hnpPackageInfo, const ExtractParam &extractParam)
183 {
184 LOG_D(BMS_TAG_INSTALLD, "ExtractHnpFiles hnpPackageInfo %{public}s", hnpPackageInfo.c_str());
185 LOG_D(BMS_TAG_INSTALLD, "ExtractHnpFiles extractParam %{public}s", extractParam.ToString().c_str());
186 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
187 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
188 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
189 }
190
191 if (extractParam.srcPath.empty() || extractParam.targetPath.empty() || hnpPackageInfo.empty()) {
192 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractFiles with invalid param");
193 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
194 }
195
196 if (!InstalldOperator::ExtractFiles(hnpPackageInfo, extractParam)) {
197 LOG_E(BMS_TAG_INSTALLD, "extract failed errno:%{public}d", errno);
198 return ERR_APPEXECFWK_NATIVE_HNP_EXTRACT_FAILED;
199 }
200
201 return ERR_OK;
202 }
203
ProcessBundleInstallNative(const std::string & userId,const std::string & hnpRootPath,const std::string & hapPath,const std::string & cpuAbi,const std::string & packageName)204 ErrCode InstalldHostImpl::ProcessBundleInstallNative(const std::string &userId, const std::string &hnpRootPath,
205 const std::string &hapPath, const std::string &cpuAbi, const std::string &packageName)
206 {
207 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
208 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
209 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
210 }
211 if (!InstalldOperator::ProcessBundleInstallNative(userId, hnpRootPath, hapPath, cpuAbi, packageName)) {
212 return ERR_APPEXECFWK_NATIVE_INSTALL_FAILED;
213 }
214 return ERR_OK;
215 }
216
ProcessBundleUnInstallNative(const std::string & userId,const std::string & packageName)217 ErrCode InstalldHostImpl::ProcessBundleUnInstallNative(const std::string &userId, const std::string &packageName)
218 {
219 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
220 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
221 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
222 }
223 if (!InstalldOperator::ProcessBundleUnInstallNative(userId, packageName)) {
224 return ERR_APPEXECFWK_NATIVE_UNINSTALL_FAILED;
225 }
226 return ERR_OK;
227 }
228
ExecuteAOT(const AOTArgs & aotArgs,std::vector<uint8_t> & pendSignData)229 ErrCode InstalldHostImpl::ExecuteAOT(const AOTArgs &aotArgs, std::vector<uint8_t> &pendSignData)
230 {
231 LOG_D(BMS_TAG_INSTALLD, "begin to execute AOT, args : %{public}s", aotArgs.ToString().c_str());
232 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
233 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
234 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
235 }
236 ErrCode ret = ERR_OK;
237 AOTExecutor::GetInstance().ExecuteAOT(aotArgs, ret, pendSignData);
238 LOG_D(BMS_TAG_INSTALLD, "execute AOT ret : %{public}d", ret);
239 return ret;
240 }
241
PendSignAOT(const std::string & anFileName,const std::vector<uint8_t> & signData)242 ErrCode InstalldHostImpl::PendSignAOT(const std::string &anFileName, const std::vector<uint8_t> &signData)
243 {
244 LOG_D(BMS_TAG_INSTALLD, "begin to pend sign AOT, anFileName : %{public}s", anFileName.c_str());
245 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
246 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
247 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
248 }
249 ErrCode ret = AOTExecutor::GetInstance().PendSignAOT(anFileName, signData);
250 LOG_D(BMS_TAG_INSTALLD, "pend sign AOT ret : %{public}d", ret);
251 return ret;
252 }
253
StopAOT()254 ErrCode InstalldHostImpl::StopAOT()
255 {
256 LOG_I(BMS_TAG_INSTALLD, "StopAOT begin");
257 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
258 LOG_E(BMS_TAG_INSTALLD, "verify permission failed");
259 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
260 }
261 return AOTExecutor::GetInstance().StopAOT();
262 }
263
DeleteUninstallTmpDirs(const std::vector<std::string> & dirs)264 ErrCode InstalldHostImpl::DeleteUninstallTmpDirs(const std::vector<std::string> &dirs)
265 {
266 LOG_I(BMS_TAG_INSTALLD, "DeleteUninstallTmpDirs begin");
267 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
268 LOG_E(BMS_TAG_INSTALLD, "verify permission failed");
269 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
270 }
271 ErrCode ret = ERR_OK;
272 for (const std::string &dir : dirs) {
273 if (!InstalldOperator::DeleteUninstallTmpDir(dir)) {
274 ret = ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
275 }
276 }
277 return ret;
278 }
279
RenameModuleDir(const std::string & oldPath,const std::string & newPath)280 ErrCode InstalldHostImpl::RenameModuleDir(const std::string &oldPath, const std::string &newPath)
281 {
282 LOG_D(BMS_TAG_INSTALLD, "rename %{public}s to %{public}s", oldPath.c_str(), newPath.c_str());
283 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
284 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
285 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
286 }
287 if (oldPath.empty() || newPath.empty()) {
288 LOG_E(BMS_TAG_INSTALLD, "Calling the function RenameModuleDir with invalid param");
289 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
290 }
291 if (!InstalldOperator::RenameDir(oldPath, newPath)) {
292 LOG_D(BMS_TAG_INSTALLD, "rename module dir %{public}s to %{public}s failed errno:%{public}d",
293 oldPath.c_str(), newPath.c_str(), errno);
294 return ERR_APPEXECFWK_INSTALLD_RNAME_DIR_FAILED;
295 }
296 return ERR_OK;
297 }
298
GetBackupExtDirByType(std::string & bundleBackupDir,const std::string & bundleName,const DirType dirType)299 static void GetBackupExtDirByType(std::string &bundleBackupDir, const std::string &bundleName, const DirType dirType)
300 {
301 switch (dirType) {
302 case DirType::DIR_EL1:
303 bundleBackupDir = BUNDLE_BACKUP_HOME_PATH_EL1 + bundleName;
304 break;
305 case DirType::DIR_EL2:
306 bundleBackupDir = BUNDLE_BACKUP_HOME_PATH_EL2 + bundleName;
307 break;
308 default:
309 break;
310 }
311 }
312
GetNewBackupExtDirByType(std::string & bundleBackupDir,const std::string & bundleName,const DirType dirType)313 static void GetNewBackupExtDirByType(std::string &bundleBackupDir,
314 const std::string &bundleName, const DirType dirType)
315 {
316 switch (dirType) {
317 case DirType::DIR_EL1:
318 bundleBackupDir = BUNDLE_BACKUP_HOME_PATH_EL1_NEW + bundleName + BUNDLE_BACKUP_INNER_DIR;
319 break;
320 case DirType::DIR_EL2:
321 bundleBackupDir = BUNDLE_BACKUP_HOME_PATH_EL2_NEW + bundleName + BUNDLE_BACKUP_INNER_DIR;
322 break;
323 default:
324 break;
325 }
326 }
327
CreateBackupExtHomeDir(const std::string & bundleName,const int32_t userid,const int32_t uid,std::string & bundleBackupDir,const DirType dirType)328 static void CreateBackupExtHomeDir(const std::string &bundleName, const int32_t userid, const int32_t uid,
329 std::string &bundleBackupDir, const DirType dirType)
330 {
331 GetBackupExtDirByType(bundleBackupDir, bundleName, dirType);
332 LOG_D(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir begin, type %{public}d, path %{public}s",
333 static_cast<int32_t>(dirType), bundleBackupDir.c_str());
334 if (bundleBackupDir.empty()) {
335 LOG_W(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir backup dir empty, type %{public}d",
336 static_cast<int32_t>(dirType));
337 return;
338 }
339 // Setup BackupExtensionAbility's home directory in a harmless way
340 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
341 if (!InstalldOperator::MkOwnerDir(
342 bundleBackupDir, S_IRWXU | S_IRWXG | S_ISGID, uid, ServiceConstants::BACKU_HOME_GID)) {
343 static std::once_flag logOnce;
344 std::call_once(logOnce, []() {
345 LOG_W(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir MkOwnerDir(backup's home dir) failed errno:%{public}d",
346 errno);
347 });
348 }
349 }
350
CreateNewBackupExtHomeDir(const std::string & bundleName,const int32_t userid,const int32_t uid,std::string & bundleBackupDir,const DirType dirType)351 static void CreateNewBackupExtHomeDir(const std::string &bundleName, const int32_t userid, const int32_t uid,
352 std::string &bundleBackupDir, const DirType dirType)
353 {
354 GetNewBackupExtDirByType(bundleBackupDir, bundleName, dirType);
355 LOG_D(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir begin, type %{public}d, path %{public}s",
356 static_cast<int32_t>(dirType), bundleBackupDir.c_str());
357 if (bundleBackupDir.empty()) {
358 LOG_W(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir backup dir empty, type %{public}d",
359 static_cast<int32_t>(dirType));
360 return;
361 }
362 // Setup BackupExtensionAbility's home directory in a harmless way
363 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
364 if (!InstalldOperator::MkOwnerDir(
365 bundleBackupDir, S_IRWXU | S_IRWXG | S_ISGID, uid, ServiceConstants::BACKU_HOME_GID)) {
366 static std::once_flag logOnce;
367 std::call_once(logOnce, []() {
368 LOG_W(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir MkOwnerDir(backup's home dir) failed errno:%{public}d",
369 errno);
370 });
371 }
372 }
373
CreateShareDir(const std::string & bundleName,const int32_t userid,const int32_t uid,const int32_t gid)374 static void CreateShareDir(const std::string &bundleName, const int32_t userid, const int32_t uid, const int32_t gid)
375 {
376 std::string bundleShareDir = SHARE_FILE_PATH + bundleName;
377 bundleShareDir = bundleShareDir.replace(bundleShareDir.find("%"), 1, std::to_string(userid));
378 if (!InstalldOperator::MkOwnerDir(bundleShareDir, S_IRWXU | S_IRWXG | S_ISGID, uid, gid)) {
379 static std::once_flag logOnce;
380 std::call_once(logOnce, []() {
381 LOG_W(BMS_TAG_INSTALLD, "CreateShareDir MkOwnerDir(share's home dir) failed errno:%{public}d", errno);
382 });
383 }
384 }
385
CreateCloudDir(const std::string & bundleName,const int32_t userid,const int32_t uid,const int32_t gid)386 static void CreateCloudDir(const std::string &bundleName, const int32_t userid, const int32_t uid, const int32_t gid)
387 {
388 std::string bundleCloudDir = CLOUD_FILE_PATH + bundleName;
389 bundleCloudDir = bundleCloudDir.replace(bundleCloudDir.find("%"), 1, std::to_string(userid));
390 if (!InstalldOperator::MkOwnerDir(bundleCloudDir, S_IRWXU | S_IRWXG | S_ISGID, uid, gid)) {
391 static std::once_flag logOnce;
392 std::call_once(logOnce, []() {
393 LOG_W(BMS_TAG_INSTALLD, "CreateCloudDir MkOwnerDir(cloud's home dir) failed errno:%{public}d", errno);
394 });
395 }
396 }
397
398 /**
399 * @brief Create bundle data dir(BUNDLE_DATA_DIR) in /data/app/el2/userid/sharefiles/
400 * @return ErrCode
401 */
CreateSharefilesDataDirEl2(const CreateDirParam & createDirParam)402 ErrCode InstalldHostImpl::CreateSharefilesDataDirEl2(const CreateDirParam &createDirParam)
403 {
404 std::string bundleName = createDirParam.bundleName;
405 LOG_D(BMS_TAG_INSTALLD, "begin for %{public}s", bundleName.c_str());
406 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
407 LOG_W(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation");
408 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
409 }
410 ErrCode res = ERR_OK;
411 FileStat fileStat;
412 int32_t uid = createDirParam.uid;
413 int32_t gid = createDirParam.gid;
414 std::string shareFilesDataDir = SHAREFILES_DATA_PATH_EL2;
415 shareFilesDataDir.replace(shareFilesDataDir.find("%"), 1, std::to_string(createDirParam.userId));
416 // check /data/app/el2/userid/sharefiles exist or not
417 if (access(shareFilesDataDir.c_str(), F_OK) != 0) {
418 LOG_W(BMS_TAG_INSTALLD, "No %{public}s, bundleName:%{public}s",
419 shareFilesDataDir.c_str(), bundleName.c_str());
420 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
421 }
422 std::string bundleShareFilesDataDir = shareFilesDataDir + bundleName;
423 if (!InstalldOperator::MkOwnerDir(bundleShareFilesDataDir, S_IRWXU, uid, gid)) {
424 LOG_W(BMS_TAG_INSTALLD, "MkOwnerDir %{public}s failed: %{public}d",
425 bundleShareFilesDataDir.c_str(), errno);
426 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
427 }
428 for (const auto &dir : BUNDLE_DATA_DIR) {
429 std::string childBundleDataDir = bundleShareFilesDataDir + dir;
430 if (!InstalldOperator::MkOwnerDir(childBundleDataDir, S_IRWXU, uid, gid)) {
431 LOG_W(BMS_TAG_INSTALLD, "MkOwnerDir [%{public}s] failed: %{public}d",
432 childBundleDataDir.c_str(), errno);
433 }
434 }
435 unsigned int hapFlags = GetHapFlags(createDirParam.isPreInstallApp, createDirParam.debug,
436 createDirParam.isDlpSandbox);
437 res = SetDirApl(bundleShareFilesDataDir, bundleName, createDirParam.apl, hapFlags, createDirParam.uid);
438 if (res != ERR_OK) {
439 LOG_W(BMS_TAG_INSTALLD, "SetDirApl failed: %{public}s, errno: %{public}d",
440 bundleShareFilesDataDir.c_str(), res);
441 return res;
442 }
443 LOG_D(BMS_TAG_INSTALLD, "succeed for %{public}s", bundleName.c_str());
444 return res;
445 }
446
CreateBundleDataDirWithVector(const std::vector<CreateDirParam> & createDirParams)447 ErrCode InstalldHostImpl::CreateBundleDataDirWithVector(const std::vector<CreateDirParam> &createDirParams)
448 {
449 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
450 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
451 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
452 }
453 LOG_I(BMS_TAG_INSTALLD, "begin");
454 ErrCode res = ERR_OK;
455 for (const auto &item : createDirParams) {
456 ErrCode result = ERR_OK;
457 if (item.dataDirEl == DataDirEl::NONE) {
458 result = CreateBundleDataDir(item);
459 } else {
460 result = CreateBundleDataDirWithEl(item);
461 }
462 if (result != ERR_OK) {
463 LOG_E(BMS_TAG_INSTALLD, "CreateBundleDataDir failed in %{public}s, errCode is %{public}d",
464 item.bundleName.c_str(), result);
465 res = result;
466 }
467 }
468 LOG_I(BMS_TAG_INSTALLD, "end");
469 return res;
470 }
471
AddUserDirDeleteDfx(int32_t userId)472 ErrCode InstalldHostImpl::AddUserDirDeleteDfx(int32_t userId)
473 {
474 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
475 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
476 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
477 }
478 std::vector<std::string> elPath(ServiceConstants::BUNDLE_EL);
479 elPath.push_back(ServiceConstants::DIR_EL5);
480 for (const auto &el : elPath) {
481 std::string bundleDataDir = GetBundleDataDir(el, userId) + ServiceConstants::BASE;
482 if (access(bundleDataDir.c_str(), F_OK) != 0) {
483 LOG_W(BMS_TAG_INSTALLD, "Base directory %{public}s does not existed, userId:%{public}d",
484 bundleDataDir.c_str(), userId);
485 return ERR_OK;
486 }
487 InstalldOperator::AddDeleteDfx(bundleDataDir);
488 std::string databaseParentDir = GetBundleDataDir(el, userId) + ServiceConstants::DATABASE;
489 if (access(databaseParentDir.c_str(), F_OK) != 0) {
490 LOG_W(BMS_TAG_INSTALLD, "DataBase directory %{public}s does not existed, userId:%{public}d",
491 databaseParentDir.c_str(), userId);
492 return ERR_OK;
493 }
494 InstalldOperator::AddDeleteDfx(databaseParentDir);
495 }
496 return ERR_OK;
497 }
498
AclSetDir(bool debug,const std::string & dir,bool setAccess,bool setDefault)499 ErrCode InstalldHostImpl::AclSetDir(bool debug, const std::string &dir, bool setAccess, bool setDefault)
500 {
501 if (!debug) {
502 return ERR_OK;
503 }
504 if (setAccess) {
505 int status = StorageDaemon::AclSetAccess(dir, SHELL_ENTRY_TXT);
506 LOG_I(BMS_TAG_INSTALLD, "AclSetAccess: %{public}d, %{private}s", status, dir.c_str());
507 }
508 if (setDefault) {
509 int status = StorageDaemon::AclSetDefault(dir, SHELL_ENTRY_TXT);
510 LOG_I(BMS_TAG_INSTALLD, "AclSetDefault: %{public}d, %{private}s", status, dir.c_str());
511 }
512 return ERR_OK;
513 }
514
AclSetExtensionDirs(bool debug,const std::string & parentDir,const std::vector<std::string> & extensionDirs,bool setAccess,bool setDefault)515 ErrCode InstalldHostImpl::AclSetExtensionDirs(bool debug, const std::string &parentDir,
516 const std::vector<std::string> &extensionDirs, bool setAccess, bool setDefault)
517 {
518 if (!debug) {
519 return ERR_OK;
520 }
521 if (extensionDirs.empty()) {
522 return ERR_OK;
523 }
524 for (const auto &extension : extensionDirs) {
525 std::string extensionDir = parentDir + extension;
526 AclSetDir(debug, extensionDir, setAccess, setDefault);
527 }
528 return ERR_OK;
529 }
530
CreateBundleDataDir(const CreateDirParam & createDirParam)531 ErrCode InstalldHostImpl::CreateBundleDataDir(const CreateDirParam &createDirParam)
532 {
533 const std::string bundleName = createDirParam.bundleName;
534 const int32_t userId = createDirParam.userId;
535 LOG_I(BMS_TAG_INSTALLD, "CreateBundleDataDir %{public}s begin, %{public}d",
536 bundleName.c_str(), userId);
537 HITRACE_METER_NAME_EX(HITRACE_LEVEL_INFO, HITRACE_TAG_APP, __PRETTY_FUNCTION__, nullptr);
538 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
539 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
540 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
541 }
542 if (createDirParam.bundleName.empty() || createDirParam.userId < 0 ||
543 createDirParam.uid < 0 || createDirParam.gid < 0) {
544 LOG_E(BMS_TAG_INSTALLD, "CreateBundleDataDir invalid param, bundleName %{public}s "
545 "userId %{public}d uid %{public}d gid %{public}d", createDirParam.bundleName.c_str(),
546 createDirParam.userId, createDirParam.uid, createDirParam.gid);
547 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
548 }
549 unsigned int hapFlags = GetHapFlags(createDirParam.isPreInstallApp, createDirParam.debug,
550 createDirParam.isDlpSandbox);
551 for (const auto &el : ServiceConstants::BUNDLE_EL) {
552 if ((createDirParam.createDirFlag == CreateDirFlag::CREATE_DIR_UNLOCKED) &&
553 (el == ServiceConstants::BUNDLE_EL[0])) {
554 continue;
555 }
556 std::string bundleDataDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::BASE;
557 if (access(bundleDataDir.c_str(), F_OK) != 0) {
558 LOG_W(BMS_TAG_INSTALLD, "Base directory %{public}s does not existed, bundleName:%{public}s",
559 bundleDataDir.c_str(), createDirParam.bundleName.c_str());
560 return ERR_OK;
561 }
562 // create base extension dir
563 int mode = createDirParam.debug ? (S_IRWXU | S_IRWXG | S_IRWXO) : S_IRWXU;
564 if (CreateExtensionDir(createDirParam, bundleDataDir, mode, createDirParam.gid) != ERR_OK) {
565 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", bundleDataDir.c_str());
566 }
567 AclSetExtensionDirs(createDirParam.debug, bundleDataDir, createDirParam.extensionDirs, true, true);
568 bundleDataDir += createDirParam.bundleName;
569 if (!InstalldOperator::MkOwnerDir(bundleDataDir, mode, createDirParam.uid, createDirParam.gid)) {
570 LOG_E(BMS_TAG_INSTALLD, "CreateBundledatadir MkOwnerDir failed errno:%{public}d", errno);
571 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
572 }
573 AclSetDir(createDirParam.debug, bundleDataDir, true, true);
574 InstalldOperator::RmvDeleteDfx(bundleDataDir);
575 if (el == ServiceConstants::BUNDLE_EL[0]) {
576 std::string el1ShaderCachePath = std::string(ServiceConstants::NEW_SHADER_CACHE_PATH);
577 el1ShaderCachePath = el1ShaderCachePath.replace(el1ShaderCachePath.find("%"), 1,
578 std::to_string(createDirParam.userId));
579 if (access(el1ShaderCachePath.c_str(), F_OK) == 0) {
580 el1ShaderCachePath = el1ShaderCachePath + createDirParam.bundleName;
581 if (!InstalldOperator::MkOwnerDir(el1ShaderCachePath, ServiceConstants::NEW_SHADRE_CACHE_MODE,
582 createDirParam.uid, ServiceConstants::NEW_SHADRE_CACHE_GID)) {
583 LOG_W(BMS_TAG_INSTALLER, "fail to Mkdir el1ShaderCachePath, errno: %{public}d", errno);
584 }
585 }
586
587 // create shadercache in /system_optimize
588 std::string systemOptimizeShaderCachePath = ServiceConstants::SYSTEM_OPTIMIZE_SHADER_CACHE_PATH;
589 systemOptimizeShaderCachePath = systemOptimizeShaderCachePath.replace(
590 systemOptimizeShaderCachePath.find("%"),
591 1, std::to_string(userId));
592 systemOptimizeShaderCachePath = systemOptimizeShaderCachePath +
593 createDirParam.bundleName + ServiceConstants::SHADER_CACHE_SUBDIR;
594 InstalldOperator::MkOwnerDir(systemOptimizeShaderCachePath, ServiceConstants::NEW_SHADRE_CACHE_MODE,
595 createDirParam.uid, ServiceConstants::NEW_SHADRE_CACHE_GID);
596 SetArkStartupCacheApl(systemOptimizeShaderCachePath);
597 }
598 if (el == ServiceConstants::BUNDLE_EL[1]) {
599 for (const auto &dir : BUNDLE_DATA_DIR) {
600 if (!InstalldOperator::MkOwnerDir(bundleDataDir + dir, mode,
601 createDirParam.uid, createDirParam.gid)) {
602 LOG_E(BMS_TAG_INSTALLD, "CreateBundledatadir MkOwnerDir el2 failed errno:%{public}d",
603 errno);
604 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
605 }
606 }
607 std::string el2CacheDir = bundleDataDir + BUNDLE_DATA_DIR[0];
608 if (!InstalldOperator::SetProjectIdForDir(el2CacheDir, static_cast<uint32_t>(createDirParam.uid))) {
609 LOG_E(BMS_TAG_INSTALLD, "SetProjectIdForDir failed, dir %{public}s, errno: %{public}d",
610 el2CacheDir.c_str(), errno);
611 }
612 std::string logParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::LOG;
613 std::string logDir = logParentDir + createDirParam.bundleName;
614 if (!InstalldOperator::MkOwnerDir(
615 logDir, S_IRWXU | S_IRWXG, createDirParam.uid, ServiceConstants::LOG_DIR_GID)) {
616 LOG_E(BMS_TAG_INSTALLD, "create log dir failed errno:%{public}d", errno);
617 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
618 }
619 // create log extension dir
620 if (CreateExtensionDir(createDirParam, logParentDir, S_IRWXU | S_IRWXG,
621 ServiceConstants::LOG_DIR_GID, true) != ERR_OK) {
622 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", logParentDir.c_str());
623 }
624 CreateSharefilesDataDirEl2(createDirParam);
625 }
626 ErrCode ret = SetDirApl(
627 bundleDataDir, createDirParam.bundleName, createDirParam.apl, hapFlags, createDirParam.uid);
628 if (ret != ERR_OK) {
629 LOG_E(BMS_TAG_INSTALLD, "CreateBundleDataDir SetDirApl failed");
630 return ret;
631 }
632
633 std::string databaseParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::DATABASE;
634 std::string databaseDir = databaseParentDir + createDirParam.bundleName;
635 mode = createDirParam.debug ? (S_IRWXU | S_IRWXG | S_ISGID | S_IROTH | S_IXOTH) : (S_IRWXU | S_IRWXG | S_ISGID);
636 if (!InstalldOperator::MkOwnerDir(
637 databaseDir, mode, createDirParam.uid, ServiceConstants::DATABASE_DIR_GID)) {
638 LOG_E(BMS_TAG_INSTALLD, "CreateBundle databaseDir MkOwnerDir failed errno:%{public}d", errno);
639 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
640 }
641 AclSetDir(createDirParam.debug, databaseDir, false, true);
642 InstalldOperator::RmvDeleteDfx(databaseDir);
643 ret = SetDirApl(databaseDir, createDirParam.bundleName, createDirParam.apl, hapFlags, createDirParam.uid);
644 if (ret != ERR_OK) {
645 LOG_E(BMS_TAG_INSTALLD, "CreateBundleDataDir SetDirApl failed");
646 return ret;
647 }
648 // create database extension dir
649 if (CreateExtensionDir(createDirParam, databaseParentDir, mode,
650 ServiceConstants::DATABASE_DIR_GID) != ERR_OK) {
651 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", databaseParentDir.c_str());
652 }
653 AclSetExtensionDirs(createDirParam.debug, databaseParentDir, createDirParam.extensionDirs, false, true);
654 }
655 std::string distributedfile = DISTRIBUTED_FILE;
656 distributedfile = distributedfile.replace(distributedfile.find("%"), 1, std::to_string(createDirParam.userId));
657 if (!InstalldOperator::MkOwnerDir(distributedfile + createDirParam.bundleName,
658 S_IRWXU | S_IRWXG | S_ISGID, createDirParam.uid, ServiceConstants::DFS_GID)) {
659 LOG_E(BMS_TAG_INSTALLD, "Failed to mk dir for distributedfile errno:%{public}d", errno);
660 }
661
662 distributedfile = DISTRIBUTED_FILE_NON_ACCOUNT;
663 distributedfile = distributedfile.replace(distributedfile.find("%"), 1, std::to_string(createDirParam.userId));
664 if (!InstalldOperator::MkOwnerDir(distributedfile + createDirParam.bundleName,
665 S_IRWXU | S_IRWXG | S_ISGID, createDirParam.uid, ServiceConstants::DFS_GID)) {
666 LOG_E(BMS_TAG_INSTALLD, "Failed to mk dir for non account distributedfile errno:%{public}d", errno);
667 }
668
669 std::string bundleBackupDir;
670 CreateBackupExtHomeDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, bundleBackupDir,
671 DirType::DIR_EL2);
672 ErrCode ret = SetDirApl(
673 bundleBackupDir, createDirParam.bundleName, createDirParam.apl, hapFlags, createDirParam.uid);
674 if (ret != ERR_OK) {
675 LOG_E(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir DIR_EL2 SetDirApl failed, errno is %{public}d", ret);
676 }
677
678 CreateBackupExtHomeDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, bundleBackupDir,
679 DirType::DIR_EL1);
680 ret = SetDirApl(bundleBackupDir, createDirParam.bundleName, createDirParam.apl, hapFlags, createDirParam.uid);
681 if (ret != ERR_OK) {
682 LOG_E(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir DIR_EL1 SetDirApl failed, errno is %{public}d", ret);
683 }
684
685 std::string newBundleBackupDir;
686 CreateNewBackupExtHomeDir(createDirParam.bundleName,
687 createDirParam.userId, createDirParam.uid, newBundleBackupDir, DirType::DIR_EL2);
688 ret = SetDirApl(newBundleBackupDir, createDirParam.bundleName, createDirParam.apl,
689 createDirParam.isPreInstallApp, createDirParam.debug, createDirParam.uid);
690 if (ret != ERR_OK) {
691 LOG_E(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir DIR_EL2 SetDirApl failed, errno is %{public}d", ret);
692 }
693
694 CreateNewBackupExtHomeDir(createDirParam.bundleName,
695 createDirParam.userId, createDirParam.uid, newBundleBackupDir, DirType::DIR_EL1);
696 ret = SetDirApl(newBundleBackupDir, createDirParam.bundleName, createDirParam.apl,
697 createDirParam.isPreInstallApp, createDirParam.debug, createDirParam.uid);
698 if (ret != ERR_OK) {
699 LOG_E(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir DIR_EL1 SetDirApl failed: %{public}d", ret);
700 }
701
702 CreateShareDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, createDirParam.gid);
703 CreateCloudDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, ServiceConstants::DFS_GID);
704 return ERR_OK;
705 }
706
CreateBundleDataDirWithEl(const CreateDirParam & createDirParam)707 ErrCode InstalldHostImpl::CreateBundleDataDirWithEl(const CreateDirParam &createDirParam)
708 {
709 HITRACE_METER_NAME_EX(HITRACE_LEVEL_INFO, HITRACE_TAG_APP, __PRETTY_FUNCTION__, nullptr);
710 LOG_I(BMS_TAG_INSTALLD, "%{public}s begin, %{public}d, el %{public}" PRIu8 "",
711 createDirParam.bundleName.c_str(), createDirParam.userId, static_cast<uint8_t>(createDirParam.dataDirEl));
712 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
713 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
714 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
715 }
716 if (createDirParam.bundleName.empty() || createDirParam.userId < 0 ||
717 createDirParam.uid < 0 || createDirParam.gid < 0) {
718 LOG_E(BMS_TAG_INSTALLD, "invalid param, bundleName %{public}s userId %{public}d uid %{public}d gid %{public}d",
719 createDirParam.bundleName.c_str(), createDirParam.userId, createDirParam.uid, createDirParam.gid);
720 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
721 }
722 if (createDirParam.dataDirEl == DataDirEl::NONE || createDirParam.dataDirEl == DataDirEl::EL1 ||
723 createDirParam.dataDirEl == DataDirEl::EL5) {
724 LOG_E(BMS_TAG_INSTALLD, "invalid el: %{public}d", static_cast<uint8_t>(createDirParam.dataDirEl));
725 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
726 }
727 uint32_t index = static_cast<uint32_t>(createDirParam.dataDirEl) - 1;
728 if (index >= ServiceConstants::BUNDLE_EL.size()) {
729 LOG_E(BMS_TAG_INSTALLD, "invalid dataDirEl %{public}d", index);
730 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
731 }
732 std::string el = ServiceConstants::BUNDLE_EL[index];
733 std::string bundleDataDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::BASE;
734 if (access(bundleDataDir.c_str(), F_OK) != 0) {
735 LOG_W(BMS_TAG_INSTALLD, "Base directory %{public}s does not existed, bundleName:%{public}s",
736 bundleDataDir.c_str(), createDirParam.bundleName.c_str());
737 return ERR_OK;
738 }
739 ErrCode ret = ERR_OK;
740 // create common dirs for all el: ${bundleName} and ${extension} under base and database
741 ret = CreateCommonDataDir(createDirParam, el);
742 if (ret != ERR_OK) {
743 LOG_E(BMS_TAG_INSTALLD, "CreateCommonDataDir failed %{public}d", ret);
744 return ret;
745 }
746 // create dirs unique to el2
747 if (createDirParam.dataDirEl == DataDirEl::EL2) {
748 ret = CreateEl2DataDir(createDirParam);
749 if (ret != ERR_OK) {
750 LOG_E(BMS_TAG_INSTALLD, "CreateEl2DataDir failed %{public}d", ret);
751 return ret;
752 }
753 }
754 return ret;
755 }
756
CreateCommonDataDir(const CreateDirParam & createDirParam,const std::string & el)757 ErrCode InstalldHostImpl::CreateCommonDataDir(const CreateDirParam &createDirParam, const std::string &el)
758 {
759 if (createDirParam.dataDirEl == DataDirEl::NONE || createDirParam.dataDirEl == DataDirEl::EL5) {
760 LOG_I(BMS_TAG_INSTALLD, "el not support: %{public}" PRIu8 "", static_cast<uint8_t>(createDirParam.dataDirEl));
761 return ERR_OK;
762 }
763 unsigned int hapFlags = GetHapFlags(createDirParam.isPreInstallApp, createDirParam.debug,
764 createDirParam.isDlpSandbox);
765 std::string bundleDataDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::BASE;
766 int mode = createDirParam.debug ? (S_IRWXU | S_IRWXG | S_IRWXO) : S_IRWXU;
767
768 // create base extension dir: /data/app/${elx}/${userId}/base/${extensionDir}
769 if (CreateExtensionDir(createDirParam, bundleDataDir, mode, createDirParam.gid) != ERR_OK) {
770 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", bundleDataDir.c_str());
771 }
772 AclSetExtensionDirs(createDirParam.debug, bundleDataDir, createDirParam.extensionDirs, true, true);
773
774 // create base bundleName dir: /data/app/${elx}/${userId}/base/${bundleName}
775 bundleDataDir += createDirParam.bundleName;
776 if (!InstalldOperator::MkOwnerDir(bundleDataDir, mode, createDirParam.uid, createDirParam.gid)) {
777 LOG_E(BMS_TAG_INSTALLD, "CreateBundledatadir MkOwnerDir failed errno:%{public}d", errno);
778 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
779 }
780 AclSetDir(createDirParam.debug, bundleDataDir, true, true);
781 InstalldOperator::RmvDeleteDfx(bundleDataDir);
782 ErrCode ret = SetDirApl(
783 bundleDataDir, createDirParam.bundleName, createDirParam.apl, hapFlags, createDirParam.uid);
784 if (ret != ERR_OK) {
785 LOG_E(BMS_TAG_INSTALLD, "CreateBundleDataDir SetDirApl failed");
786 return ret;
787 }
788
789 // create database bundleName dir: /data/app/${elx}/${userId}/database/${bundleName}
790 std::string databaseParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::DATABASE;
791 std::string databaseDir = databaseParentDir + createDirParam.bundleName;
792 mode = createDirParam.debug ? (S_IRWXU | S_IRWXG | S_ISGID | S_IROTH | S_IXOTH) : (S_IRWXU | S_IRWXG | S_ISGID);
793 if (!InstalldOperator::MkOwnerDir(
794 databaseDir, mode, createDirParam.uid, ServiceConstants::DATABASE_DIR_GID)) {
795 LOG_E(BMS_TAG_INSTALLD, "CreateBundle databaseDir MkOwnerDir failed errno:%{public}d", errno);
796 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
797 }
798 AclSetDir(createDirParam.debug, databaseDir, false, true);
799 InstalldOperator::RmvDeleteDfx(databaseDir);
800 ret = SetDirApl(databaseDir, createDirParam.bundleName, createDirParam.apl, hapFlags, createDirParam.uid);
801 if (ret != ERR_OK) {
802 LOG_E(BMS_TAG_INSTALLD, "CreateBundleDataDir SetDirApl failed");
803 return ret;
804 }
805
806 // create database extension dir: /data/app/${elx}/${userId}/database/${extensionDir}
807 if (CreateExtensionDir(createDirParam, databaseParentDir, mode,
808 ServiceConstants::DATABASE_DIR_GID) != ERR_OK) {
809 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", databaseParentDir.c_str());
810 }
811 AclSetExtensionDirs(createDirParam.debug, databaseParentDir, createDirParam.extensionDirs, false, true);
812 return ERR_OK;
813 }
814
CreateEl2DataDir(const CreateDirParam & createDirParam)815 ErrCode InstalldHostImpl::CreateEl2DataDir(const CreateDirParam &createDirParam)
816 {
817 std::string el = ServiceConstants::DIR_EL2;
818 std::string bundleDataDir = GetBundleDataDir(el, createDirParam.userId) +
819 ServiceConstants::BASE + createDirParam.bundleName;
820 int mode = createDirParam.debug ? (S_IRWXU | S_IRWXG | S_IRWXO) : S_IRWXU;
821
822 // create el2 sub dir: /data/app/el2/${userId}/base/${bundleName}/cache|files|temp|preferences|haps
823 for (const auto &dir : BUNDLE_DATA_DIR) {
824 if (!InstalldOperator::MkOwnerDir(bundleDataDir + dir, mode,
825 createDirParam.uid, createDirParam.gid)) {
826 LOG_E(BMS_TAG_INSTALLD, "CreateBundledatadir MkOwnerDir el2 failed errno:%{public}d", errno);
827 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
828 }
829 }
830
831 // create log dir: /data/app/el2/${userId}/log/${bundleName}
832 std::string logParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::LOG;
833 std::string logDir = logParentDir + createDirParam.bundleName;
834 if (!InstalldOperator::MkOwnerDir(
835 logDir, S_IRWXU | S_IRWXG, createDirParam.uid, ServiceConstants::LOG_DIR_GID)) {
836 LOG_E(BMS_TAG_INSTALLD, "create log dir failed errno:%{public}d", errno);
837 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
838 }
839
840 // create log extension dir: /data/app/el2/${userId}/log/${extensionDir}
841 if (CreateExtensionDir(createDirParam, logParentDir, S_IRWXU | S_IRWXG,
842 ServiceConstants::LOG_DIR_GID, true) != ERR_OK) {
843 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", logParentDir.c_str());
844 }
845
846 // create sharefiles dir: /data/app/el2/${userId}/sharefiles/${bundleName}
847 CreateSharefilesDataDirEl2(createDirParam);
848
849 // /data/service/el2/${userId}/hmdfs/account/data/${bundleName}
850 std::string distributedfile = DISTRIBUTED_FILE;
851 distributedfile = distributedfile.replace(distributedfile.find("%"), 1, std::to_string(createDirParam.userId));
852 if (!InstalldOperator::MkOwnerDir(distributedfile + createDirParam.bundleName,
853 S_IRWXU | S_IRWXG | S_ISGID, createDirParam.uid, ServiceConstants::DFS_GID)) {
854 LOG_E(BMS_TAG_INSTALLD, "Failed to mk dir for distributedfile errno:%{public}d", errno);
855 }
856
857 // /data/service/el2/${userId}/hmdfs/non_account/data/${bundleName}
858 distributedfile = DISTRIBUTED_FILE_NON_ACCOUNT;
859 distributedfile = distributedfile.replace(distributedfile.find("%"), 1, std::to_string(createDirParam.userId));
860 if (!InstalldOperator::MkOwnerDir(distributedfile + createDirParam.bundleName,
861 S_IRWXU | S_IRWXG | S_ISGID, createDirParam.uid, ServiceConstants::DFS_GID)) {
862 LOG_E(BMS_TAG_INSTALLD, "Failed to mk dir for non account distributedfile errno:%{public}d", errno);
863 }
864
865 // /data/service/el2/${userId}/backup/bundles/${bundleName}
866 std::string bundleBackupDir;
867 CreateBackupExtHomeDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, bundleBackupDir,
868 DirType::DIR_EL2);
869 unsigned int hapFlags = GetHapFlags(createDirParam.isPreInstallApp, createDirParam.debug,
870 createDirParam.isDlpSandbox);
871 ErrCode ret = SetDirApl(
872 bundleBackupDir, createDirParam.bundleName, createDirParam.apl, hapFlags, createDirParam.uid);
873 if (ret != ERR_OK) {
874 LOG_E(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir DIR_EL2 SetDirApl failed, errno is %{public}d", ret);
875 }
876
877 // /data/app/el2/${userId}/base/${bundleName}/.backup
878 std::string newBundleBackupDir;
879 CreateNewBackupExtHomeDir(createDirParam.bundleName,
880 createDirParam.userId, createDirParam.uid, newBundleBackupDir, DirType::DIR_EL2);
881 ret = SetDirApl(newBundleBackupDir, createDirParam.bundleName, createDirParam.apl,
882 createDirParam.isPreInstallApp, createDirParam.debug, createDirParam.uid);
883 if (ret != ERR_OK) {
884 LOG_E(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir DIR_EL2 SetDirApl failed, errno is %{public}d", ret);
885 }
886
887 // /data/service/el2/${userId}/share/${bundleName}
888 CreateShareDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, createDirParam.gid);
889
890 // /data/service/el2/${userId}/hmdfs/cloud/data/${bundleName}
891 CreateCloudDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, ServiceConstants::DFS_GID);
892 return ERR_OK;
893 }
894
CreateExtensionDir(const CreateDirParam & createDirParam,const std::string & parentDir,int32_t mode,int32_t gid,bool isLog)895 ErrCode InstalldHostImpl::CreateExtensionDir(const CreateDirParam &createDirParam, const std::string& parentDir,
896 int32_t mode, int32_t gid, bool isLog)
897 {
898 if (createDirParam.extensionDirs.empty()) {
899 return ERR_OK;
900 }
901 unsigned int hapFlags = GetHapFlags(createDirParam.isPreInstallApp, createDirParam.debug,
902 createDirParam.isDlpSandbox);
903 LOG_I(BMS_TAG_INSTALLD, "CreateExtensionDir parent dir %{public}s for bundle %{public}s",
904 parentDir.c_str(), createDirParam.bundleName.c_str());
905 for (const auto &item : createDirParam.extensionDirs) {
906 std::string extensionDir = parentDir + item;
907 LOG_I(BMS_TAG_INSTALLD, "begin to create extension dir %{public}s", extensionDir.c_str());
908 if (!InstalldOperator::MkOwnerDir(
909 extensionDir, mode, createDirParam.uid, gid)) {
910 LOG_E(BMS_TAG_INSTALLD, "CreateExtension dir %{public}s error %{public}s",
911 extensionDir.c_str(), strerror(errno));
912 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
913 }
914 InstalldOperator::RmvDeleteDfx(extensionDir);
915 if (isLog) {
916 continue;
917 }
918 auto ret = SetDirApl(
919 extensionDir, createDirParam.bundleName, createDirParam.apl, hapFlags, createDirParam.uid);
920 if (ret != ERR_OK) {
921 LOG_E(BMS_TAG_INSTALLD, "dir %{public}s SetDirApl failed", extensionDir.c_str());
922 return ret;
923 }
924 }
925 return ERR_OK;
926 }
927
RemoveBackupExtHomeDir(const std::string & bundleName,const int userid,DirType dirType)928 static ErrCode RemoveBackupExtHomeDir(const std::string &bundleName, const int userid, DirType dirType)
929 {
930 std::string bundleBackupDir;
931 GetBackupExtDirByType(bundleBackupDir, bundleName, dirType);
932 LOG_D(BMS_TAG_INSTALLD, "RemoveBackupExtHomeDir begin, type %{public}d, path %{public}s",
933 static_cast<int32_t>(dirType), bundleBackupDir.c_str());
934 if (bundleBackupDir.empty()) {
935 LOG_W(BMS_TAG_INSTALLD, "RemoveBackupExtHomeDir backup dir empty, type %{public}d",
936 static_cast<int32_t>(dirType));
937 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
938 }
939 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
940 if (!InstalldOperator::DeleteDir(bundleBackupDir)) {
941 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed, errno is %{public}d", bundleBackupDir.c_str(), errno);
942 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
943 }
944 return ERR_OK;
945 }
946
RemoveNewBackupExtHomeDir(const std::string & bundleName,const int userid,DirType dirType)947 static ErrCode RemoveNewBackupExtHomeDir(const std::string &bundleName, const int userid, DirType dirType)
948 {
949 std::string bundleBackupDir;
950 GetNewBackupExtDirByType(bundleBackupDir, bundleName, dirType);
951 LOG_D(BMS_TAG_INSTALLD, "RemoveNewBackupExtHomeDir begin, type %{public}d, path %{public}s",
952 static_cast<int32_t>(dirType), bundleBackupDir.c_str());
953 if (bundleBackupDir.empty()) {
954 LOG_W(BMS_TAG_INSTALLD, "RemoveNewBackupExtHomeDir backup dir empty, type %{public}d",
955 static_cast<int32_t>(dirType));
956 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
957 }
958 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
959 if (!InstalldOperator::DeleteDir(bundleBackupDir)) {
960 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed, errno is %{public}d", bundleBackupDir.c_str(), errno);
961 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
962 }
963 return ERR_OK;
964 }
965
CleanBackupExtHomeDir(const std::string & bundleName,const int userid,DirType dirType)966 static void CleanBackupExtHomeDir(const std::string &bundleName, const int userid, DirType dirType)
967 {
968 std::string bundleBackupDir;
969 GetBackupExtDirByType(bundleBackupDir, bundleName, dirType);
970 LOG_D(BMS_TAG_INSTALLD, "CleanBackupExtHomeDir begin, type %{public}d, path %{public}s",
971 static_cast<int32_t>(dirType), bundleBackupDir.c_str());
972 if (bundleBackupDir.empty()) {
973 LOG_W(BMS_TAG_INSTALLD, "CleanBackupExtHomeDir backup dir empty, type %{public}d",
974 static_cast<int32_t>(dirType));
975 return;
976 }
977 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
978 if (!InstalldOperator::DeleteFiles(bundleBackupDir)) {
979 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed, errno is %{public}d", bundleBackupDir.c_str(), errno);
980 }
981 }
982
CleanNewBackupExtHomeDir(const std::string & bundleName,const int userid,DirType dirType)983 static void CleanNewBackupExtHomeDir(const std::string &bundleName, const int userid, DirType dirType)
984 {
985 std::string bundleBackupDir;
986 GetNewBackupExtDirByType(bundleBackupDir, bundleName, dirType);
987 LOG_D(BMS_TAG_INSTALLD, "CleanNewBackupExtHomeDir begin, type %{public}d, path %{public}s",
988 static_cast<int32_t>(dirType), bundleBackupDir.c_str());
989 if (bundleBackupDir.empty()) {
990 LOG_W(BMS_TAG_INSTALLD, "CleanNewBackupExtHomeDir backup dir empty, type %{public}d",
991 static_cast<int32_t>(dirType));
992 return;
993 }
994 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
995 if (!InstalldOperator::DeleteFiles(bundleBackupDir)) {
996 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed, errno is %{public}d", bundleBackupDir.c_str(), errno);
997 }
998 }
999
RemoveDistributedDir(const std::string & bundleName,const int userid)1000 static ErrCode RemoveDistributedDir(const std::string &bundleName, const int userid)
1001 {
1002 std::string distributedFile = DISTRIBUTED_FILE + bundleName;
1003 distributedFile = distributedFile.replace(distributedFile.find("%"), 1, std::to_string(userid));
1004 if (!InstalldOperator::DeleteDir(distributedFile)) {
1005 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed, errno is %{public}d", distributedFile.c_str(), errno);
1006 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1007 }
1008 std::string fileNonAccount = DISTRIBUTED_FILE_NON_ACCOUNT + bundleName;
1009 fileNonAccount = fileNonAccount.replace(fileNonAccount.find("%"), 1, std::to_string(userid));
1010 if (!InstalldOperator::DeleteDir(fileNonAccount)) {
1011 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed, errno is %{public}d", fileNonAccount.c_str(), errno);
1012 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1013 }
1014 return ERR_OK;
1015 }
1016
CleanDistributedDir(const std::string & bundleName,const int userid)1017 static void CleanDistributedDir(const std::string &bundleName, const int userid)
1018 {
1019 std::string distributedFile = DISTRIBUTED_FILE + bundleName;
1020 distributedFile = distributedFile.replace(distributedFile.find("%"), 1, std::to_string(userid));
1021 if (!InstalldOperator::DeleteFiles(distributedFile)) {
1022 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed, errno is %{public}d", distributedFile.c_str(), errno);
1023 }
1024 std::string fileNonAccount = DISTRIBUTED_FILE_NON_ACCOUNT + bundleName;
1025 fileNonAccount = fileNonAccount.replace(fileNonAccount.find("%"), 1, std::to_string(userid));
1026 if (!InstalldOperator::DeleteFiles(fileNonAccount)) {
1027 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed, errno is %{public}d", fileNonAccount.c_str(), errno);
1028 }
1029 }
1030
RemoveShareDir(const std::string & bundleName,const int userid)1031 static ErrCode RemoveShareDir(const std::string &bundleName, const int userid)
1032 {
1033 std::string shareFileDir = SHARE_FILE_PATH + bundleName;
1034 shareFileDir = shareFileDir.replace(shareFileDir.find("%"), 1, std::to_string(userid));
1035 if (!InstalldOperator::DeleteDir(shareFileDir)) {
1036 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", shareFileDir.c_str(), errno);
1037 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1038 }
1039 return ERR_OK;
1040 }
1041
CleanShareDir(const std::string & bundleName,const int userid)1042 static void CleanShareDir(const std::string &bundleName, const int userid)
1043 {
1044 std::string shareFileDir = SHARE_FILE_PATH + bundleName;
1045 shareFileDir = shareFileDir.replace(shareFileDir.find("%"), 1, std::to_string(userid));
1046 if (!InstalldOperator::DeleteFiles(shareFileDir)) {
1047 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", shareFileDir.c_str(), errno);
1048 }
1049 }
1050
RemoveCloudDir(const std::string & bundleName,const int userid)1051 static ErrCode RemoveCloudDir(const std::string &bundleName, const int userid)
1052 {
1053 std::string cloudFileDir = CLOUD_FILE_PATH + bundleName;
1054 cloudFileDir = cloudFileDir.replace(cloudFileDir.find("%"), 1, std::to_string(userid));
1055 if (!InstalldOperator::DeleteDir(cloudFileDir)) {
1056 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", cloudFileDir.c_str(), errno);
1057 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1058 }
1059 return ERR_OK;
1060 }
1061
CleanCloudDir(const std::string & bundleName,const int userid)1062 static void CleanCloudDir(const std::string &bundleName, const int userid)
1063 {
1064 std::string cloudFileDir = CLOUD_FILE_PATH + bundleName;
1065 cloudFileDir = cloudFileDir.replace(cloudFileDir.find("%"), 1, std::to_string(userid));
1066 if (!InstalldOperator::DeleteFiles(cloudFileDir)) {
1067 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", cloudFileDir.c_str(), errno);
1068 }
1069 }
1070
CleanBundleDataSubDirs(const std::string & bundleDataDir)1071 static void CleanBundleDataSubDirs(const std::string &bundleDataDir)
1072 {
1073 for (const auto &dir : BUNDLE_DATA_DIR) {
1074 std::string subDir = bundleDataDir + dir;
1075 if (!InstalldOperator::DeleteFiles(subDir)) {
1076 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed: %{public}d", subDir.c_str(), errno);
1077 }
1078 }
1079 if (!InstalldOperator::DeleteFilesExceptDirs(bundleDataDir, BUNDLE_DATA_DIR)) {
1080 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", bundleDataDir.c_str(), errno);
1081 }
1082 }
1083
CleanBundleDataForEl2(const std::string & bundleName,const int userid,const int appIndex)1084 static void CleanBundleDataForEl2(const std::string &bundleName, const int userid, const int appIndex)
1085 {
1086 std::string suffixName = bundleName;
1087 if (appIndex > 0) {
1088 suffixName = BundleCloneCommonHelper::GetCloneDataDir(bundleName, appIndex);
1089 }
1090 std::string dataDir = ServiceConstants::BUNDLE_APP_DATA_BASE_DIR + ServiceConstants::BUNDLE_EL[1] +
1091 ServiceConstants::PATH_SEPARATOR + std::to_string(userid);
1092 std::string databaseDir = dataDir + ServiceConstants::DATABASE + suffixName;
1093 if (!InstalldOperator::DeleteFiles(databaseDir)) {
1094 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", databaseDir.c_str(), errno);
1095 }
1096 std::string logDir = dataDir + ServiceConstants::LOG + suffixName;
1097 if (!InstalldOperator::DeleteFiles(logDir)) {
1098 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", logDir.c_str(), errno);
1099 }
1100 std::string bundleDataDir = dataDir + ServiceConstants::BASE + suffixName;
1101 CleanBundleDataSubDirs(bundleDataDir);
1102
1103 // add data sharefiles bundle dir to be cleaned
1104 std::string dataShareFilesBundleDir = dataDir + ServiceConstants::SHAREFILES + suffixName;
1105 CleanBundleDataSubDirs(dataShareFilesBundleDir);
1106 }
1107
RemoveBundleDataDir(const std::string & bundleName,const int32_t userId,bool isAtomicService,const bool async)1108 ErrCode InstalldHostImpl::RemoveBundleDataDir(const std::string &bundleName, const int32_t userId,
1109 bool isAtomicService, const bool async)
1110 {
1111 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::RemoveBundleDataDir bundleName:%{public}s", bundleName.c_str());
1112 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1113 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1114 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1115 }
1116 if (bundleName.empty() || userId < 0) {
1117 LOG_E(BMS_TAG_INSTALLD, "Calling the function CreateBundleDataDir with invalid param");
1118 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1119 }
1120 if (isAtomicService) {
1121 LOG_I(BMS_TAG_INSTALLD, "bundleName:%{public}s is atomic service, need process", bundleName.c_str());
1122 return InnerRemoveAtomicServiceBundleDataDir(bundleName, userId, async);
1123 }
1124
1125 ErrCode result = InnerRemoveBundleDataDir(bundleName, userId, async);
1126 if (result != ERR_OK) {
1127 return InnerRemoveBundleDataDir(bundleName, userId, async);
1128 }
1129 return ERR_OK;
1130 }
1131
RemoveModuleDataDir(const std::string & ModuleDir,const int userid)1132 ErrCode InstalldHostImpl::RemoveModuleDataDir(const std::string &ModuleDir, const int userid)
1133 {
1134 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::RemoveModuleDataDir ModuleDir:%{public}s", ModuleDir.c_str());
1135 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1136 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1137 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1138 }
1139 if (ModuleDir.empty() || userid < 0) {
1140 LOG_E(BMS_TAG_INSTALLD, "Calling the function CreateModuleDataDir with invalid param");
1141 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1142 }
1143
1144 for (const auto &el : ServiceConstants::BUNDLE_EL) {
1145 std::string moduleDataDir = GetBundleDataDir(el, userid) + ServiceConstants::BASE + ModuleDir;
1146 if (!InstalldOperator::DeleteDir(moduleDataDir)) {
1147 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", moduleDataDir.c_str(), errno);
1148 }
1149 }
1150 return ERR_OK;
1151 }
1152
RemoveDir(const std::string & dir)1153 ErrCode InstalldHostImpl::RemoveDir(const std::string &dir)
1154 {
1155 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::RemoveDir:%{public}s", dir.c_str());
1156 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1157 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1158 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1159 }
1160 if (dir.empty()) {
1161 LOG_E(BMS_TAG_INSTALLD, "Calling the function RemoveDir with invalid param");
1162 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1163 }
1164 if (!InstalldOperator::DeleteDir(dir)) {
1165 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", dir.c_str(), errno);
1166 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1167 }
1168 return ERR_OK;
1169 }
1170
GetDiskUsage(const std::string & dir,int64_t & statSize,bool isRealPath)1171 ErrCode InstalldHostImpl::GetDiskUsage(const std::string &dir, int64_t &statSize, bool isRealPath)
1172 {
1173 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1174 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1175 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1176 }
1177 statSize = InstalldOperator::GetDiskUsage(dir, isRealPath);
1178 return ERR_OK;
1179 }
1180
GetDiskUsageFromPath(const std::vector<std::string> & path,int64_t & statSize)1181 ErrCode InstalldHostImpl::GetDiskUsageFromPath(const std::vector<std::string> &path, int64_t &statSize)
1182 {
1183 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1184 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1185 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1186 }
1187 statSize = InstalldOperator::GetDiskUsageFromPath(path);
1188 return ERR_OK;
1189 }
1190
CleanBundleDataDir(const std::string & dataDir)1191 ErrCode InstalldHostImpl::CleanBundleDataDir(const std::string &dataDir)
1192 {
1193 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::CleanBundleDataDir start");
1194 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1195 LOG_E(BMS_TAG_INSTALLD, "CleanBundleDataDir %{public}s failed for permission denied", dataDir.c_str());
1196 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1197 }
1198 if (dataDir.empty()) {
1199 LOG_E(BMS_TAG_INSTALLD, "CleanBundleDataDir failed with invalid param");
1200 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1201 }
1202
1203 if (!InstalldOperator::DeleteFiles(dataDir)) {
1204 LOG_E(BMS_TAG_INSTALLD, "CleanBundleDataDir delete files failed errno:%{public}d", errno);
1205 return ERR_APPEXECFWK_INSTALLD_CLEAN_DIR_FAILED;
1206 }
1207 return ERR_OK;
1208 }
1209
CleanBundleDataDirByName(const std::string & bundleName,const int userid,const int appIndex)1210 ErrCode InstalldHostImpl::CleanBundleDataDirByName(const std::string &bundleName, const int userid, const int appIndex)
1211 {
1212 LOG_D(BMS_TAG_INSTALLD,
1213 "InstalldHostImpl::CleanBundleDataDirByName bundleName:%{public}s,userid:%{public}d,appIndex:%{public}d",
1214 bundleName.c_str(), userid, appIndex);
1215 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1216 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1217 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1218 }
1219 if (bundleName.empty() || userid < 0 || appIndex < 0 || appIndex > Constants::INITIAL_SANDBOX_APP_INDEX) {
1220 LOG_E(BMS_TAG_INSTALLD, "Calling the function CleanBundleDataDirByName with invalid param");
1221 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1222 }
1223 std::string suffixName = bundleName;
1224 if (appIndex > 0) {
1225 suffixName = BundleCloneCommonHelper::GetCloneDataDir(bundleName, appIndex);
1226 }
1227 std::vector<std::string> elPath(ServiceConstants::BUNDLE_EL);
1228 elPath.push_back(ServiceConstants::DIR_EL5);
1229 for (const auto &el : elPath) {
1230 if (el == ServiceConstants::BUNDLE_EL[1]) {
1231 CleanBundleDataForEl2(bundleName, userid, appIndex);
1232 continue;
1233 }
1234 std::string bundleDataDir = GetBundleDataDir(el, userid) + ServiceConstants::BASE + suffixName;
1235 if (!InstalldOperator::DeleteFiles(bundleDataDir)) {
1236 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", bundleDataDir.c_str(), errno);
1237 }
1238 std::string databaseDir = GetBundleDataDir(el, userid) + ServiceConstants::DATABASE + suffixName;
1239 if (!InstalldOperator::DeleteFiles(databaseDir)) {
1240 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", databaseDir.c_str(), errno);
1241 }
1242 }
1243 CleanShareDir(suffixName, userid);
1244 CleanCloudDir(suffixName, userid);
1245 CleanBackupExtHomeDir(suffixName, userid, DirType::DIR_EL2);
1246 CleanBackupExtHomeDir(suffixName, userid, DirType::DIR_EL1);
1247 CleanNewBackupExtHomeDir(suffixName, userid, DirType::DIR_EL2);
1248 CleanNewBackupExtHomeDir(suffixName, userid, DirType::DIR_EL1);
1249 CleanDistributedDir(suffixName, userid);
1250 return ERR_OK;
1251 }
1252
GetBundleDataDir(const std::string & el,const int userid) const1253 std::string InstalldHostImpl::GetBundleDataDir(const std::string &el, const int userid) const
1254 {
1255 std::string dataDir = ServiceConstants::BUNDLE_APP_DATA_BASE_DIR +
1256 el +
1257 ServiceConstants::PATH_SEPARATOR +
1258 std::to_string(userid);
1259 return dataDir;
1260 }
1261
GetAppDataPath(const std::string & bundleName,const std::string & el,const int32_t userId,const int32_t appIndex)1262 std::string InstalldHostImpl::GetAppDataPath(const std::string &bundleName, const std::string &el,
1263 const int32_t userId, const int32_t appIndex)
1264 {
1265 if (appIndex == 0) {
1266 return ServiceConstants::BUNDLE_APP_DATA_BASE_DIR + el + ServiceConstants::PATH_SEPARATOR +
1267 std::to_string(userId) + ServiceConstants::BASE + bundleName;
1268 } else {
1269 std::string innerDataDir = BundleCloneCommonHelper::GetCloneDataDir(bundleName, appIndex);
1270 return ServiceConstants::BUNDLE_APP_DATA_BASE_DIR + el + ServiceConstants::PATH_SEPARATOR +
1271 std::to_string(userId) + ServiceConstants::BASE + innerDataDir;
1272 }
1273 }
1274
GetAppCacheSize(const std::string & bundleName,const int32_t userId,const int32_t appIndex,const std::vector<std::string> & moduleNameList)1275 int64_t InstalldHostImpl::GetAppCacheSize(const std::string &bundleName,
1276 const int32_t userId, const int32_t appIndex, const std::vector<std::string> &moduleNameList)
1277 {
1278 std::string bundleNameDir = bundleName;
1279 if (appIndex > 0) {
1280 bundleNameDir = BundleCloneCommonHelper::GetCloneDataDir(bundleName, appIndex);
1281 }
1282 std::vector<std::string> cachePaths;
1283 std::vector<std::string> elPath(ServiceConstants::BUNDLE_EL);
1284 elPath.push_back(ServiceConstants::DIR_EL5);
1285 for (const auto &el : elPath) {
1286 if (ServiceConstants::BUNDLE_EL[1] == el) {
1287 cachePaths.push_back(std::string(ServiceConstants::BUNDLE_APP_DATA_BASE_DIR) + el +
1288 ServiceConstants::PATH_SEPARATOR + std::to_string(userId) + ServiceConstants::SHAREFILES +
1289 bundleNameDir + ServiceConstants::PATH_SEPARATOR + Constants::CACHE_DIR);
1290 } else {
1291 cachePaths.push_back(std::string(ServiceConstants::BUNDLE_APP_DATA_BASE_DIR) + el +
1292 ServiceConstants::PATH_SEPARATOR + std::to_string(userId) + ServiceConstants::BASE +
1293 bundleNameDir + ServiceConstants::PATH_SEPARATOR + Constants::CACHE_DIR);
1294 }
1295 for (const auto &moduleName : moduleNameList) {
1296 std::string moduleCachePath = std::string(ServiceConstants::BUNDLE_APP_DATA_BASE_DIR) + el +
1297 ServiceConstants::PATH_SEPARATOR + std::to_string(userId) + ServiceConstants::BASE + bundleNameDir +
1298 ServiceConstants::HAPS + moduleName + ServiceConstants::PATH_SEPARATOR + Constants::CACHE_DIR;
1299 cachePaths.push_back(moduleCachePath);
1300
1301 if (ServiceConstants::BUNDLE_EL[1] == el) {
1302 moduleCachePath = std::string(ServiceConstants::BUNDLE_APP_DATA_BASE_DIR) + el +
1303 ServiceConstants::PATH_SEPARATOR + std::to_string(userId) + ServiceConstants::SHAREFILES +
1304 bundleNameDir + ServiceConstants::HAPS + moduleName + ServiceConstants::PATH_SEPARATOR +
1305 Constants::CACHE_DIR;
1306 cachePaths.push_back(moduleCachePath);
1307 }
1308 }
1309 }
1310 return InstalldOperator::GetDiskUsageFromPath(cachePaths);
1311 }
1312
GetEl2CacheSize(const int32_t projectId,const std::string & bundleName,const int32_t userId,const int32_t appIndex)1313 int64_t InstalldHostImpl::GetEl2CacheSize(const int32_t projectId, const std::string &bundleName,
1314 const int32_t userId, const int32_t appIndex)
1315 {
1316 std::string bundleNameDir = bundleName;
1317 if (appIndex > 0) {
1318 bundleNameDir = BundleCloneCommonHelper::GetCloneDataDir(bundleName, appIndex);
1319 }
1320 std::string cachePath = std::string(ServiceConstants::BUNDLE_APP_DATA_BASE_DIR) + ServiceConstants::DIR_EL2 +
1321 ServiceConstants::PATH_SEPARATOR + std::to_string(userId) + ServiceConstants::BASE + bundleNameDir +
1322 ServiceConstants::PATH_SEPARATOR + Constants::CACHE_DIR;
1323 if (InstalldOperator::IsDirEmptyFast(cachePath)) {
1324 LOG_I(BMS_TAG_INSTALLD, "%{public}s el2 cache dir empty", bundleNameDir.c_str());
1325 return 0;
1326 }
1327 // quota result contains the size of base dir
1328 int64_t projectQuotaSize = InstalldOperator::GetProjectUsage(projectId) - EMPTY_FILE_SIZE;
1329 if (projectQuotaSize >= 0) {
1330 return projectQuotaSize;
1331 }
1332 return InstalldOperator::GetDiskUsage(cachePath);
1333 }
1334
GetBundleStats(const std::string & bundleName,const int32_t userId,std::vector<int64_t> & bundleStats,const int32_t uid,const int32_t appIndex,const uint32_t statFlag,const std::vector<std::string> & moduleNameList)1335 ErrCode InstalldHostImpl::GetBundleStats(const std::string &bundleName, const int32_t userId,
1336 std::vector<int64_t> &bundleStats, const int32_t uid, const int32_t appIndex,
1337 const uint32_t statFlag, const std::vector<std::string> &moduleNameList)
1338 {
1339 LOG_D(BMS_TAG_INSTALLD,
1340 "bundleName = %{public}s, userId = %{public}d, uid = %{public}d, appIndex = %{public}d",
1341 bundleName.c_str(), userId, uid, appIndex);
1342 LOG_D(BMS_TAG_INSTALLD,
1343 "statFlag = %{public}d", statFlag);
1344 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1345 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1346 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1347 }
1348 if (bundleName.empty()) {
1349 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1350 }
1351 bundleStats = {0, 0, 0, 0, 0};
1352 std::vector<std::string> bundlePath;
1353 bundlePath.push_back(std::string(Constants::BUNDLE_CODE_DIR) + ServiceConstants::PATH_SEPARATOR + bundleName);
1354 int64_t appDataSize = 0;
1355 int64_t bundleDataSize = 0;
1356 int64_t bundleCacheSize = 0;
1357 if ((statFlag & OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_INSTALL_SIZE) !=
1358 OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_INSTALL_SIZE) {
1359 appDataSize = appIndex == 0 ? InstalldOperator::GetDiskUsageFromPath(bundlePath) : 0;
1360 }
1361 if ((statFlag & OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_DATA_SIZE) !=
1362 OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_DATA_SIZE) {
1363 bundleDataSize = InstalldOperator::GetDiskUsageFromQuota(uid);
1364 }
1365 if ((statFlag & OHOS::AppExecFwk::Constants::GET_BUNDLE_WITHOUT_CACHE_SIZE) !=
1366 OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_CACHE_SIZE) {
1367 bundleCacheSize = GetAppCacheSize(bundleName, userId, appIndex, moduleNameList) +
1368 GetEl2CacheSize(uid, bundleName, userId, appIndex);
1369 }
1370 // index 0 : bundle data size
1371 bundleStats[0] = appDataSize;
1372 // index 1 : local bundle data size
1373 bundleStats[1] = bundleDataSize;
1374 // index 4 : cache size
1375 bundleStats[4] = bundleCacheSize;
1376 return ERR_OK;
1377 }
1378
BatchGetBundleStats(const std::vector<std::string> & bundleNames,const int32_t userId,const std::unordered_map<std::string,int32_t> & uidMap,std::vector<BundleStorageStats> & bundleStats)1379 ErrCode InstalldHostImpl::BatchGetBundleStats(const std::vector<std::string> &bundleNames, const int32_t userId,
1380 const std::unordered_map<std::string, int32_t> &uidMap,
1381 std::vector<BundleStorageStats> &bundleStats)
1382 {
1383 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1384 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1385 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1386 }
1387 if (bundleNames.size() == 0) {
1388 LOG_E(BMS_TAG_INSTALLD, "bundleNames is empty impl");
1389 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1390 }
1391 if (bundleNames.size() != uidMap.size()) {
1392 LOG_E(BMS_TAG_INSTALLD, "bundleNames and bundleModulesListMap size not equal impl");
1393 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1394 }
1395 for (auto &name : bundleNames) {
1396 BundleStorageStats stats;
1397 stats.bundleName = name;
1398 stats.bundleStats = {0, 0, 0, 0, 0};
1399 std::vector<std::string> bundlePath;
1400 bundlePath.push_back(
1401 std::string(Constants::BUNDLE_CODE_DIR) + ServiceConstants::PATH_SEPARATOR + stats.bundleName);
1402 int64_t appDataSize = 0;
1403 int64_t bundleDataSize = 0;
1404 appDataSize = InstalldOperator::GetDiskUsageFromPath(bundlePath);
1405 auto uid = uidMap.find(name);
1406 if (uid != uidMap.end()) {
1407 bundleDataSize = InstalldOperator::GetDiskUsageFromQuota(uid->second);
1408 }
1409 // index 0 : bundle data size
1410 stats.bundleStats[APP_DATA_SIZE_INDEX] = appDataSize;
1411 // index 1 : local bundle data size
1412 stats.bundleStats[BUNDLE_DATA_SIZE_INDEX] = bundleDataSize;
1413 bundleStats.emplace_back(stats);
1414 }
1415 return ERR_OK;
1416 }
1417
GetAllBundleStats(const int32_t userId,std::vector<int64_t> & bundleStats,const std::vector<int32_t> & uids)1418 ErrCode InstalldHostImpl::GetAllBundleStats(const int32_t userId,
1419 std::vector<int64_t> &bundleStats, const std::vector<int32_t> &uids)
1420 {
1421 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1422 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1423 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1424 }
1425 if (uids.empty()) {
1426 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1427 }
1428 int64_t totalFileSize = InstalldOperator::GetDiskUsageFromQuota(INSTALLS_UID);
1429 int64_t totalDataSize = 0;
1430 for (size_t index = 0; index < uids.size(); ++index) {
1431 const auto &uid = uids[index];
1432 int64_t bundleDataSize = InstalldOperator::GetDiskUsageFromQuota(uid);
1433 // index 1 : local bundle data size
1434 totalDataSize += bundleDataSize;
1435 }
1436 bundleStats.push_back(totalFileSize);
1437 bundleStats.push_back(totalDataSize);
1438 bundleStats.push_back(0);
1439 bundleStats.push_back(0);
1440 bundleStats.push_back(0);
1441 return ERR_OK;
1442 }
1443
GetHapFlags(const bool isPreInstallApp,const bool debug,const bool isDlpSandbox)1444 unsigned int InstalldHostImpl::GetHapFlags(const bool isPreInstallApp, const bool debug, const bool isDlpSandbox)
1445 {
1446 unsigned int hapFlags = 0;
1447 #ifdef WITH_SELINUX
1448 hapFlags = isPreInstallApp ? SELINUX_HAP_RESTORECON_PREINSTALLED_APP : 0;
1449 hapFlags |= debug ? SELINUX_HAP_DEBUGGABLE : 0;
1450 hapFlags |= isDlpSandbox ? SELINUX_HAP_DLP : 0;
1451 #endif
1452 return hapFlags;
1453 }
1454
SetDirApl(const std::string & dir,const std::string & bundleName,const std::string & apl,bool isPreInstallApp,bool debug,int32_t uid)1455 ErrCode InstalldHostImpl::SetDirApl(const std::string &dir, const std::string &bundleName, const std::string &apl,
1456 bool isPreInstallApp, bool debug, int32_t uid)
1457 {
1458 unsigned int hapFlags = GetHapFlags(isPreInstallApp, debug, false);
1459 return SetDirApl(dir, bundleName, apl, hapFlags, uid);
1460 }
1461
SetDirApl(const std::string & dir,const std::string & bundleName,const std::string & apl,unsigned int hapFlags,int32_t uid)1462 ErrCode InstalldHostImpl::SetDirApl(const std::string &dir, const std::string &bundleName, const std::string &apl,
1463 unsigned int hapFlags, int32_t uid)
1464 {
1465 #ifdef WITH_SELINUX
1466 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1467 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1468 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1469 }
1470 if (dir.empty() || bundleName.empty() || uid <= Constants::INVALID_UID) {
1471 LOG_E(BMS_TAG_INSTALLD, "Calling the function SetDirApl with invalid param");
1472 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1473 }
1474 HapFileInfo hapFileInfo;
1475 hapFileInfo.pathNameOrig.push_back(dir);
1476 hapFileInfo.apl = apl;
1477 hapFileInfo.packageName = bundleName;
1478 hapFileInfo.flags = SELINUX_HAP_RESTORECON_RECURSE;
1479 hapFileInfo.hapFlags = hapFlags;
1480 hapFileInfo.uid = static_cast<uint32_t>(uid);
1481 HapContext hapContext;
1482 int ret = hapContext.HapFileRestorecon(hapFileInfo);
1483 if (ret != 0) {
1484 LOG_E(BMS_TAG_INSTALLD, "HapFileRestorecon path: %{public}s failed, apl: %{public}s, errcode:%{public}d",
1485 dir.c_str(), apl.c_str(), ret);
1486 return ERR_APPEXECFWK_INSTALLD_SET_SELINUX_LABEL_FAILED;
1487 }
1488 return ret;
1489 #else
1490 return ERR_OK;
1491 #endif // WITH_SELINUX
1492 }
1493
SetArkStartupCacheApl(const std::string & dir)1494 ErrCode InstalldHostImpl::SetArkStartupCacheApl(const std::string &dir)
1495 {
1496 #ifdef WITH_SELINUX
1497 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1498 LOG_E(BMS_TAG_INSTALLD, "Mkdir %{public}s failed for permission denied", dir.c_str());
1499 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1500 }
1501 if (dir.empty()) {
1502 LOG_E(BMS_TAG_INSTALLD, "Mkdir failed for empty param");
1503 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1504 }
1505 int ret = Restorecon(dir.c_str());
1506 if (ret != 0) {
1507 LOG_E(BMS_TAG_INSTALLD, "Restorecon path: %{public}s failed, errcode:%{public}d",
1508 dir.c_str(), ret);
1509 return ERR_APPEXECFWK_INSTALLD_SET_SELINUX_LABEL_FAILED;
1510 }
1511 return ret;
1512 #else
1513 return ERR_OK;
1514 #endif // WITH_SELINUX
1515 }
1516
GetBundleCachePath(const std::string & dir,std::vector<std::string> & cachePath)1517 ErrCode InstalldHostImpl::GetBundleCachePath(const std::string &dir, std::vector<std::string> &cachePath)
1518 {
1519 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::GetBundleCachePath start");
1520 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1521 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1522 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1523 }
1524 if (dir.empty()) {
1525 LOG_E(BMS_TAG_INSTALLD, "Calling the function GetBundleCachePath with invalid param");
1526 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1527 }
1528 InstalldOperator::TraverseCacheDirectory(dir, cachePath);
1529 return ERR_OK;
1530 }
1531
ScanDir(const std::string & dir,ScanMode scanMode,ResultMode resultMode,std::vector<std::string> & paths)1532 ErrCode InstalldHostImpl::ScanDir(
1533 const std::string &dir, ScanMode scanMode, ResultMode resultMode, std::vector<std::string> &paths)
1534 {
1535 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::Scan start %{public}s", dir.c_str());
1536 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1537 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1538 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1539 }
1540 if (dir.empty()) {
1541 LOG_E(BMS_TAG_INSTALLD, "Calling the function Scan with invalid param");
1542 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1543 }
1544
1545 InstalldOperator::ScanDir(dir, scanMode, resultMode, paths);
1546 return ERR_OK;
1547 }
1548
MoveFile(const std::string & oldPath,const std::string & newPath)1549 ErrCode InstalldHostImpl::MoveFile(const std::string &oldPath, const std::string &newPath)
1550 {
1551 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1552 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1553 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1554 }
1555 if (!InstalldOperator::MoveFile(oldPath, newPath)) {
1556 LOG_E(BMS_TAG_INSTALLD, "Move file %{public}s to %{public}s failed errno:%{public}d",
1557 oldPath.c_str(), newPath.c_str(), errno);
1558 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
1559 }
1560 return ERR_OK;
1561 }
1562
CopyFile(const std::string & oldPath,const std::string & newPath,const std::string & signatureFilePath)1563 ErrCode InstalldHostImpl::CopyFile(const std::string &oldPath, const std::string &newPath,
1564 const std::string &signatureFilePath)
1565 {
1566 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1567 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1568 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1569 }
1570 if (!InstalldOperator::CopyFileFast(oldPath, newPath)) {
1571 LOG_E(BMS_TAG_INSTALLD, "Copy file %{private}s to %{private}s failed errno:%{public}d",
1572 oldPath.c_str(), newPath.c_str(), errno);
1573 return ERR_APPEXECFWK_INSTALLD_COPY_FILE_FAILED;
1574 }
1575 mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
1576 if (!OHOS::ChangeModeFile(newPath, mode)) {
1577 LOG_E(BMS_TAG_INSTALLD, "change mode failed");
1578 return ERR_APPEXECFWK_INSTALLD_COPY_FILE_FAILED;
1579 }
1580
1581 if (signatureFilePath.empty()) {
1582 LOG_D(BMS_TAG_INSTALLD, "signature file path is empty and no need to process code signature");
1583 return ERR_OK;
1584 }
1585
1586 #if defined(CODE_SIGNATURE_ENABLE)
1587 Security::CodeSign::EntryMap entryMap = {{ ServiceConstants::CODE_SIGNATURE_HAP, newPath }};
1588 ErrCode ret = Security::CodeSign::CodeSignUtils::EnforceCodeSignForApp(entryMap, signatureFilePath);
1589 if (ret != ERR_OK) {
1590 LOG_E(BMS_TAG_INSTALLD, "hap or hsp code signature failed due to %{public}d", ret);
1591 return ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FAILED;
1592 }
1593 #endif
1594 return ERR_OK;
1595 }
1596
Mkdir(const std::string & dir,const int32_t mode,const int32_t uid,const int32_t gid)1597 ErrCode InstalldHostImpl::Mkdir(
1598 const std::string &dir, const int32_t mode, const int32_t uid, const int32_t gid)
1599 {
1600 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1601 LOG_E(BMS_TAG_INSTALLD, "Mkdir %{public}s failed for permission denied", dir.c_str());
1602 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1603 }
1604 LOG_D(BMS_TAG_INSTALLD, "Mkdir start %{public}s", dir.c_str());
1605 if (dir.empty()) {
1606 LOG_E(BMS_TAG_INSTALLD, "Mkdir %{public}s failed for invalid param", dir.c_str());
1607 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1608 }
1609
1610 if (!InstalldOperator::MkOwnerDir(dir, mode, uid, gid)) {
1611 LOG_E(BMS_TAG_INSTALLD, "Mkdir %{public}s failed errno:%{public}d", dir.c_str(), errno);
1612 return ERR_APPEXECFWK_INSTALLD_MKDIR_FAILED;
1613 }
1614 if (dir.find(ServiceConstants::SCREEN_LOCK_FILE_DATA_PATH) == 0) {
1615 InstalldOperator::RmvDeleteDfx(dir);
1616 }
1617 return ERR_OK;
1618 }
1619
GetFileStat(const std::string & file,FileStat & fileStat)1620 ErrCode InstalldHostImpl::GetFileStat(const std::string &file, FileStat &fileStat)
1621 {
1622 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1623 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1624 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1625 }
1626
1627 LOG_D(BMS_TAG_INSTALLD, "GetFileStat start %{public}s", file.c_str());
1628 struct stat s;
1629 if (stat(file.c_str(), &s) != 0) {
1630 LOG_E(BMS_TAG_INSTALLD, "Stat file(%{public}s) failed", file.c_str());
1631 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1632 }
1633
1634 fileStat.uid = static_cast<int32_t>(s.st_uid);
1635 fileStat.gid = static_cast<int32_t>(s.st_gid);
1636 fileStat.lastModifyTime = static_cast<int64_t>(s.st_mtime);
1637 fileStat.isDir = s.st_mode & S_IFDIR;
1638 fileStat.mode = static_cast<int32_t>(s.st_mode);
1639 return ERR_OK;
1640 }
1641
ChangeFileStat(const std::string & file,FileStat & fileStat)1642 ErrCode InstalldHostImpl::ChangeFileStat(const std::string &file, FileStat &fileStat)
1643 {
1644 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1645 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1646 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1647 }
1648
1649 LOG_I(BMS_TAG_INSTALLD, "path: %{public}s, mode: %{public}d, uid: %{public}d, gid: %{public}d",
1650 file.c_str(), fileStat.mode, fileStat.uid, fileStat.gid);
1651 std::string filePath = "";
1652 if (!PathToRealPath(file, filePath)) {
1653 LOG_E(BMS_TAG_INSTALLD, "not real path: %{public}s", file.c_str());
1654 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1655 }
1656 struct stat s;
1657 if (stat(filePath.c_str(), &s) != 0) {
1658 LOG_E(BMS_TAG_INSTALLD, "Stat filePath(%{public}s) failed errno %{public}d", filePath.c_str(), errno);
1659 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1660 }
1661 if (fileStat.mode < 0 || fileStat.mode > ServiceConstants::MODE_BASE || fileStat.uid < 0 || fileStat.gid < 0) {
1662 LOG_E(BMS_TAG_INSTALLD, "ChangeFileStat with invalid param mode:%{public}d, uid:%{public}d, gid:%{public}d",
1663 fileStat.mode, fileStat.uid, fileStat.gid);
1664 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1665 }
1666 if (fileStat.mode != static_cast<int32_t>(s.st_mode)) {
1667 if (chmod(filePath.c_str(), fileStat.mode) != 0) {
1668 LOG_E(BMS_TAG_INSTALLD, "ChangeFileStat chmod failed errno %{public}d", errno);
1669 return ERR_APPEXECFWK_INSTALLD_CHANGE_FILE_STAT_FAILED;
1670 }
1671 }
1672 if (fileStat.uid != static_cast<int32_t>(s.st_uid) || fileStat.gid != static_cast<int32_t>(s.st_gid)) {
1673 if (chown(filePath.c_str(), fileStat.uid, fileStat.gid) != 0) {
1674 LOG_E(BMS_TAG_INSTALLD, "ChangeFileStat chown failed errno %{public}d", errno);
1675 return ERR_APPEXECFWK_INSTALLD_CHANGE_FILE_STAT_FAILED;
1676 }
1677 }
1678
1679 return ERR_OK;
1680 }
1681
ExtractDiffFiles(const std::string & filePath,const std::string & targetPath,const std::string & cpuAbi)1682 ErrCode InstalldHostImpl::ExtractDiffFiles(const std::string &filePath, const std::string &targetPath,
1683 const std::string &cpuAbi)
1684 {
1685 if (filePath.empty() || targetPath.empty()) {
1686 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractDiffFiles with invalid param");
1687 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1688 }
1689 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1690 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1691 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1692 }
1693 if (!InstalldOperator::ExtractDiffFiles(filePath, targetPath, cpuAbi)) {
1694 LOG_E(BMS_TAG_INSTALLD, "fail to ExtractDiffFiles errno:%{public}d", errno);
1695 return ERR_BUNDLEMANAGER_QUICK_FIX_EXTRACT_DIFF_FILES_FAILED;
1696 }
1697 return ERR_OK;
1698 }
1699
ApplyDiffPatch(const std::string & oldSoPath,const std::string & diffFilePath,const std::string & newSoPath,int32_t uid)1700 ErrCode InstalldHostImpl::ApplyDiffPatch(const std::string &oldSoPath, const std::string &diffFilePath,
1701 const std::string &newSoPath, int32_t uid)
1702 {
1703 if (oldSoPath.empty() || diffFilePath.empty() || newSoPath.empty()) {
1704 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractDiffFiles with invalid param");
1705 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1706 }
1707 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1708 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1709 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1710 }
1711 if (!InstalldOperator::ApplyDiffPatch(oldSoPath, diffFilePath, newSoPath, uid)) {
1712 LOG_E(BMS_TAG_INSTALLD, "fail to ApplyDiffPatch errno:%{public}d", errno);
1713 return ERR_BUNDLEMANAGER_QUICK_FIX_APPLY_DIFF_PATCH_FAILED;
1714 }
1715 return ERR_OK;
1716 }
1717
IsExistDir(const std::string & dir,bool & isExist)1718 ErrCode InstalldHostImpl::IsExistDir(const std::string &dir, bool &isExist)
1719 {
1720 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1721 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1722 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1723 }
1724 isExist = InstalldOperator::IsExistDir(dir);
1725 return ERR_OK;
1726 }
1727
IsExistFile(const std::string & path,bool & isExist)1728 ErrCode InstalldHostImpl::IsExistFile(const std::string &path, bool &isExist)
1729 {
1730 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1731 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1732 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1733 }
1734 isExist = InstalldOperator::IsExistFile(path);
1735 return ERR_OK;
1736 }
1737
IsExistApFile(const std::string & path,bool & isExist)1738 ErrCode InstalldHostImpl::IsExistApFile(const std::string &path, bool &isExist)
1739 {
1740 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1741 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1742 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1743 }
1744 isExist = InstalldOperator::IsExistApFile(path);
1745 return ERR_OK;
1746 }
1747
IsDirEmpty(const std::string & dir,bool & isDirEmpty)1748 ErrCode InstalldHostImpl::IsDirEmpty(const std::string &dir, bool &isDirEmpty)
1749 {
1750 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1751 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1752 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1753 }
1754 isDirEmpty = InstalldOperator::IsDirEmpty(dir);
1755 return ERR_OK;
1756 }
1757
ObtainQuickFixFileDir(const std::string & dir,std::vector<std::string> & dirVec)1758 ErrCode InstalldHostImpl::ObtainQuickFixFileDir(const std::string &dir, std::vector<std::string> &dirVec)
1759 {
1760 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1761 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1762 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1763 }
1764 InstalldOperator::ObtainQuickFixFileDir(dir, dirVec);
1765 return ERR_OK;
1766 }
1767
CopyFiles(const std::string & sourceDir,const std::string & destinationDir)1768 ErrCode InstalldHostImpl::CopyFiles(const std::string &sourceDir, const std::string &destinationDir)
1769 {
1770 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1771 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1772 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1773 }
1774
1775 InstalldOperator::CopyFiles(sourceDir, destinationDir);
1776 return ERR_OK;
1777 }
1778
GetNativeLibraryFileNames(const std::string & filePath,const std::string & cpuAbi,std::vector<std::string> & fileNames)1779 ErrCode InstalldHostImpl::GetNativeLibraryFileNames(const std::string &filePath, const std::string &cpuAbi,
1780 std::vector<std::string> &fileNames)
1781 {
1782 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1783 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1784 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1785 }
1786 if (filePath.empty()) {
1787 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractDiffFiles with invalid param");
1788 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1789 }
1790 InstalldOperator::GetNativeLibraryFileNames(filePath, cpuAbi, fileNames);
1791 return ERR_OK;
1792 }
1793
VerifyCodeSignature(const CodeSignatureParam & codeSignatureParam)1794 ErrCode InstalldHostImpl::VerifyCodeSignature(const CodeSignatureParam &codeSignatureParam)
1795 {
1796 LOG_D(BMS_TAG_INSTALLD, "start to process the code signature for so files");
1797 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1798 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1799 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1800 }
1801 LOG_D(BMS_TAG_INSTALLD, "code sign param is %{public}s", codeSignatureParam.ToString().c_str());
1802 if (codeSignatureParam.modulePath.empty()) {
1803 LOG_E(BMS_TAG_INSTALLD, "Calling the function VerifyCodeSignature with invalid param");
1804 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1805 }
1806 ErrCode ret = InstalldOperator::VerifyCodeSignature(codeSignatureParam);
1807 if (ret != ERR_OK) {
1808 LOG_E(BMS_TAG_INSTALLD, "verify code signature failed: %{public}d", ret);
1809 return ret;
1810 }
1811 return ERR_OK;
1812 }
1813
CheckEncryption(const CheckEncryptionParam & checkEncryptionParam,bool & isEncryption)1814 ErrCode InstalldHostImpl::CheckEncryption(const CheckEncryptionParam &checkEncryptionParam, bool &isEncryption)
1815 {
1816 LOG_D(BMS_TAG_INSTALLD, "start to process check encryption");
1817 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1818 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1819 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1820 }
1821
1822 if (checkEncryptionParam.modulePath.empty()) {
1823 LOG_E(BMS_TAG_INSTALLD, "Calling the function CheckEncryption with invalid param");
1824 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1825 }
1826 auto ret = InstalldOperator::CheckEncryption(checkEncryptionParam, isEncryption);
1827 if (ret != ERR_OK) {
1828 LOG_E(BMS_TAG_INSTALLD, "check encryption failed due to %{public}d", ret);
1829 return ret;
1830 }
1831 return ERR_OK;
1832 }
1833
MoveFiles(const std::string & srcDir,const std::string & desDir)1834 ErrCode InstalldHostImpl::MoveFiles(const std::string &srcDir, const std::string &desDir)
1835 {
1836 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1837 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1838 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1839 }
1840
1841 if (srcDir.empty() || desDir.empty()) {
1842 LOG_E(BMS_TAG_INSTALLD, "Calling the function MoveFiles with invalid param");
1843 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1844 }
1845 if (!InstalldOperator::MoveFiles(srcDir, desDir)) {
1846 LOG_E(BMS_TAG_INSTALLD, "move files failed errno:%{public}d", errno);
1847 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
1848 }
1849 return ERR_OK;
1850 }
1851
ExtractDriverSoFiles(const std::string & srcPath,const std::unordered_multimap<std::string,std::string> & dirMap)1852 ErrCode InstalldHostImpl::ExtractDriverSoFiles(const std::string &srcPath,
1853 const std::unordered_multimap<std::string, std::string> &dirMap)
1854 {
1855 LOG_D(BMS_TAG_INSTALLD, "start to copy driver so files");
1856 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1857 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1858 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1859 }
1860 if (dirMap.empty()) {
1861 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractDriverSoFiles with invalid param");
1862 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1863 }
1864
1865 if (!InstalldOperator::ExtractDriverSoFiles(srcPath, dirMap)) {
1866 LOG_E(BMS_TAG_INSTALLD, "copy driver so files failed errno:%{public}d", errno);
1867 return ERR_APPEXECFWK_INSTALLD_COPY_FILE_FAILED;
1868 }
1869 return ERR_OK;
1870 }
1871
ExtractEncryptedSoFiles(const std::string & hapPath,const std::string & realSoFilesPath,const std::string & cpuAbi,const std::string & tmpSoPath,int32_t uid)1872 ErrCode InstalldHostImpl::ExtractEncryptedSoFiles(const std::string &hapPath, const std::string &realSoFilesPath,
1873 const std::string &cpuAbi, const std::string &tmpSoPath, int32_t uid)
1874 {
1875 LOG_D(BMS_TAG_INSTALLD, "start to obtain decoded so files");
1876 #if defined(CODE_ENCRYPTION_ENABLE)
1877 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1878 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1879 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1880 }
1881
1882 if (hapPath.empty() || tmpSoPath.empty()) {
1883 LOG_E(BMS_TAG_INSTALLD, "hapPath %{public}s or tmpSoPath %{public}s is empty",
1884 hapPath.c_str(), tmpSoPath.c_str());
1885 return ERR_BUNDLEMANAGER_QUICK_FIX_INVALID_PATH;
1886 }
1887
1888 if (!CheckPathValid(hapPath, Constants::BUNDLE_CODE_DIR) ||
1889 !CheckPathValid(realSoFilesPath, Constants::BUNDLE_CODE_DIR) ||
1890 !CheckPathValid(tmpSoPath, ServiceConstants::HAP_COPY_PATH)) {
1891 return ERR_BUNDLEMANAGER_QUICK_FIX_INVALID_PATH;
1892 }
1893 if (realSoFilesPath.empty()) {
1894 /* obtain the decoded so files from hapPath*/
1895 return InstalldOperator::ExtractSoFilesToTmpHapPath(hapPath, cpuAbi, tmpSoPath, uid);
1896 } else {
1897 /* obtain the decoded so files from realSoFilesPath*/
1898 return InstalldOperator::ExtractSoFilesToTmpSoPath(hapPath, realSoFilesPath, cpuAbi, tmpSoPath, uid);
1899 }
1900 #else
1901 LOG_D(BMS_TAG_INSTALLD, "code encryption is not supported");
1902 return ERR_BUNDLEMANAGER_QUICK_FIX_NOT_SUPPORT_CODE_ENCRYPTION;
1903 #endif
1904 }
1905
1906 #if defined(CODE_SIGNATURE_ENABLE)
PrepareEntryMap(const CodeSignatureParam & codeSignatureParam,Security::CodeSign::EntryMap & entryMap)1907 ErrCode InstalldHostImpl::PrepareEntryMap(const CodeSignatureParam &codeSignatureParam,
1908 Security::CodeSign::EntryMap &entryMap)
1909 {
1910 LOG_D(BMS_TAG_INSTALLD, "PrepareEntryMap target so path is %{public}s", codeSignatureParam.targetSoPath.c_str());
1911 if (codeSignatureParam.modulePath.empty()) {
1912 LOG_E(BMS_TAG_INSTALLD, "real path of the installed hap is empty");
1913 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1914 }
1915 if (codeSignatureParam.targetSoPath.empty()) {
1916 LOG_W(BMS_TAG_INSTALLD, "target so path is empty");
1917 return ERR_OK;
1918 }
1919 std::vector<std::string> fileNames;
1920 if (!InstalldOperator::GetNativeLibraryFileNames(
1921 codeSignatureParam.modulePath, codeSignatureParam.cpuAbi, fileNames)) {
1922 LOG_E(BMS_TAG_INSTALLD, "get native library file names failed");
1923 return ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FAILED;
1924 }
1925 const std::string prefix = ServiceConstants::LIBS + codeSignatureParam.cpuAbi + ServiceConstants::PATH_SEPARATOR;
1926 for (const auto &fileName : fileNames) {
1927 std::string entryName = prefix + fileName;
1928 std::string path = codeSignatureParam.targetSoPath;
1929 if (path.back() != ServiceConstants::FILE_SEPARATOR_CHAR) {
1930 path += ServiceConstants::FILE_SEPARATOR_CHAR;
1931 }
1932 entryMap.emplace(entryName, path + fileName);
1933 LOG_D(BMS_TAG_INSTALLD, "entryMap add soEntry %{public}s: %{public}s",
1934 entryName.c_str(), (path + fileName).c_str());
1935 }
1936 return ERR_OK;
1937 }
1938 #endif
1939
VerifyCodeSignatureForHap(const CodeSignatureParam & codeSignatureParam)1940 ErrCode InstalldHostImpl::VerifyCodeSignatureForHap(const CodeSignatureParam &codeSignatureParam)
1941 {
1942 LOG_D(BMS_TAG_INSTALLD, "code sign param is %{public}s", codeSignatureParam.ToString().c_str());
1943 #if defined(CODE_SIGNATURE_ENABLE)
1944 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1945 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1946 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1947 }
1948 ErrCode ret = ERR_OK;
1949 if (codeSignatureParam.isCompileSdkOpenHarmony && !Security::CodeSign::CodeSignUtils::IsSupportOHCodeSign()) {
1950 LOG_D(BMS_TAG_INSTALLD, "code signature is not supported");
1951 return ret;
1952 }
1953 Security::CodeSign::EntryMap entryMap;
1954 if ((ret = PrepareEntryMap(codeSignatureParam, entryMap)) != ERR_OK) {
1955 LOG_E(BMS_TAG_INSTALLD, "prepare entry map failed");
1956 return ret;
1957 }
1958 uint32_t codeSignFlag = 0;
1959 if (!codeSignatureParam.isCompressNativeLibrary) {
1960 codeSignFlag |= Security::CodeSign::CodeSignInfoFlag::IS_UNCOMPRESSED_NATIVE_LIBS;
1961 }
1962 if (codeSignatureParam.signatureFileDir.empty()) {
1963 std::shared_ptr<CodeSignHelper> codeSignHelper = std::make_shared<CodeSignHelper>();
1964 Security::CodeSign::FileType fileType = codeSignatureParam.isPreInstalledBundle ?
1965 FILE_ENTRY_ONLY : FILE_ALL;
1966 if (codeSignatureParam.isEnterpriseBundle) {
1967 LOG_D(BMS_TAG_INSTALLD, "Verify code signature for enterprise bundle");
1968 ret = codeSignHelper->EnforceCodeSignForAppWithOwnerId(codeSignatureParam.appIdentifier,
1969 codeSignatureParam.modulePath, entryMap, fileType, codeSignFlag);
1970 } else if (codeSignatureParam.isInternaltestingBundle) {
1971 LOG_D(BMS_TAG_INSTALLD, "Verify code signature for internaltesting bundle");
1972 ret = codeSignHelper->EnforceCodeSignForAppWithOwnerId(codeSignatureParam.appIdentifier,
1973 codeSignatureParam.modulePath, entryMap, fileType, codeSignFlag);
1974 } else if (codeSignatureParam.isPlugin) {
1975 LOG_D(BMS_TAG_INSTALLD, "Verify code signature for plugin");
1976 ret = codeSignHelper->EnforceCodeSignForAppWithPluginId(codeSignatureParam.appIdentifier,
1977 codeSignatureParam.pluginId, codeSignatureParam.modulePath, entryMap, fileType, codeSignFlag);
1978 } else {
1979 LOG_D(BMS_TAG_INSTALLD, "Verify code signature for non-enterprise bundle");
1980 ret = codeSignHelper->EnforceCodeSignForApp(
1981 codeSignatureParam.modulePath, entryMap, fileType, codeSignFlag);
1982 }
1983 LOG_I(BMS_TAG_INSTALLD, "Verify code signature %{public}s", codeSignatureParam.modulePath.c_str());
1984 } else {
1985 LOG_D(BMS_TAG_INSTALLD, "Verify code signature with: %{public}s", codeSignatureParam.signatureFileDir.c_str());
1986 ret = Security::CodeSign::CodeSignUtils::EnforceCodeSignForApp(entryMap, codeSignatureParam.signatureFileDir);
1987 }
1988 if (ret != ERR_OK) {
1989 LOG_E(BMS_TAG_INSTALLD, "hap or hsp code signature failed due to %{public}d", ret);
1990 if (CODE_SIGNATURE_ERR_MAP.find(ret) != CODE_SIGNATURE_ERR_MAP.end()) {
1991 return CODE_SIGNATURE_ERR_MAP.at(ret);
1992 }
1993 return ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FAILED;
1994 }
1995 #else
1996 LOG_W(BMS_TAG_INSTALLD, "code signature feature is not supported");
1997 #endif
1998 return ERR_OK;
1999 }
2000
DeliverySignProfile(const std::string & bundleName,int32_t profileBlockLength,const unsigned char * profileBlock)2001 ErrCode InstalldHostImpl::DeliverySignProfile(const std::string &bundleName, int32_t profileBlockLength,
2002 const unsigned char *profileBlock)
2003 {
2004 #if defined(CODE_SIGNATURE_ENABLE)
2005 LOG_I(BMS_TAG_INSTALLD, "start");
2006 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2007 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
2008 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2009 }
2010
2011 if (bundleName.empty() || profileBlock == nullptr || profileBlockLength == 0) {
2012 LOG_E(BMS_TAG_INSTALLD, "Calling the function DeliverySignProfile with invalid param");
2013 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
2014 }
2015
2016 LOG_D(BMS_TAG_INSTALLD, "delivery profile of bundle %{public}s and profile size is %{public}d", bundleName.c_str(),
2017 profileBlockLength);
2018 Security::CodeSign::ByteBuffer byteBuffer;
2019 byteBuffer.CopyFrom(reinterpret_cast<const uint8_t *>(profileBlock), profileBlockLength);
2020 ErrCode ret = Security::CodeSign::CodeSignUtils::EnableKeyInProfile(bundleName, byteBuffer);
2021 if (ret != ERR_OK) {
2022 LOG_E(BMS_TAG_INSTALLD, "delivery code sign profile failed due to error %{public}d", ret);
2023 return ERR_BUNDLE_MANAGER_CODE_SIGNATURE_DELIVERY_FILE_FAILED;
2024 }
2025 LOG_I(BMS_TAG_INSTALLD, "end");
2026 #else
2027 LOG_W(BMS_TAG_INSTALLD, "code signature feature is not supported");
2028 #endif
2029 return ERR_OK;
2030 }
2031
RemoveSignProfile(const std::string & bundleName)2032 ErrCode InstalldHostImpl::RemoveSignProfile(const std::string &bundleName)
2033 {
2034 LOG_D(BMS_TAG_INSTALLD, "start to remove sign profile");
2035 #if defined(CODE_SIGNATURE_ENABLE)
2036 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2037 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
2038 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2039 }
2040
2041 if (bundleName.empty()) {
2042 LOG_E(BMS_TAG_INSTALLD, "Calling the function RemoveSignProfile with invalid param");
2043 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
2044 }
2045
2046 ErrCode ret = Security::CodeSign::CodeSignUtils::RemoveKeyInProfile(bundleName);
2047 if (ret != ERR_OK) {
2048 LOG_E(BMS_TAG_INSTALLD, "remove code sign profile failed due to error %{public}d", ret);
2049 return ERR_BUNDLE_MANAGER_CODE_SIGNATURE_REMOVE_FILE_FAILED;
2050 }
2051 #else
2052 LOG_W(BMS_TAG_INSTALLD, "code signature feature is not supported");
2053 #endif
2054 return ERR_OK;
2055 }
2056
CheckPathValid(const std::string & path,const std::string & prefix)2057 bool InstalldHostImpl::CheckPathValid(const std::string &path, const std::string &prefix)
2058 {
2059 if (path.empty()) {
2060 return true;
2061 }
2062 if (path.find(ServiceConstants::RELATIVE_PATH) != std::string::npos) {
2063 LOG_E(BMS_TAG_INSTALLD, "path(%{public}s) contain relevant path", path.c_str());
2064 return false;
2065 }
2066 if (path.find(prefix) == std::string::npos) {
2067 LOG_E(BMS_TAG_INSTALLD, "prefix(%{public}s) cannot be found", prefix.c_str());
2068 return false;
2069 }
2070 return true;
2071 }
2072
SetEncryptionPolicy(const EncryptionParam & encryptionParam,std::string & keyId)2073 ErrCode InstalldHostImpl::SetEncryptionPolicy(const EncryptionParam &encryptionParam, std::string &keyId)
2074 {
2075 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2076 LOG_E(BMS_TAG_INSTALLD, "permission denied");
2077 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2078 }
2079 if (encryptionParam.bundleName.empty() && encryptionParam.groupId.empty()) {
2080 LOG_E(BMS_TAG_INSTALLD, "invalid param");
2081 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
2082 }
2083 if (!InstalldOperator::GenerateKeyIdAndSetPolicy(encryptionParam, keyId)) {
2084 LOG_E(BMS_TAG_INSTALLD, "EncryptionPaths fail");
2085 return ERR_APPEXECFWK_INSTALLD_GENERATE_KEY_FAILED;
2086 }
2087 return ERR_OK;
2088 }
2089
DeleteEncryptionKeyId(const EncryptionParam & encryptionParam)2090 ErrCode InstalldHostImpl::DeleteEncryptionKeyId(const EncryptionParam &encryptionParam)
2091 {
2092 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2093 LOG_E(BMS_TAG_INSTALLD, "permission denied");
2094 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2095 }
2096 if (encryptionParam.bundleName.empty() && encryptionParam.groupId.empty()) {
2097 LOG_E(BMS_TAG_INSTALLD, "invalid param");
2098 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
2099 }
2100 if (!InstalldOperator::DeleteKeyId(encryptionParam)) {
2101 LOG_E(BMS_TAG_INSTALLD, "EncryptionPaths fail");
2102 return ERR_APPEXECFWK_INSTALLD_DELETE_KEY_FAILED;
2103 }
2104 return ERR_OK;
2105 }
2106
RemoveExtensionDir(int32_t userId,const std::vector<std::string> & extensionBundleDirs)2107 ErrCode InstalldHostImpl::RemoveExtensionDir(int32_t userId, const std::vector<std::string> &extensionBundleDirs)
2108 {
2109 LOG_I(BMS_TAG_INSTALLD, "RemoveExtensionDir userId: %{public}d, extensionBundleDir size: %{public}zu",
2110 userId, extensionBundleDirs.size());
2111 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2112 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
2113 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2114 }
2115 if (extensionBundleDirs.empty() || userId < 0) {
2116 LOG_E(BMS_TAG_INSTALLD, "Calling the function RemoveExtensionDir with invalid param");
2117 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
2118 }
2119
2120 for (const std::string &extensionBundleDir : extensionBundleDirs) {
2121 if (extensionBundleDir.empty()) {
2122 LOG_E(BMS_TAG_INSTALLD, "RemoveExtensionDir failed for param invalid");
2123 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
2124 }
2125 auto ret = RemoveExtensionDir(userId, extensionBundleDir);
2126 if (ret != ERR_OK) {
2127 LOG_E(BMS_TAG_INSTALLD, "remove dir failed: %{public}s", extensionBundleDir.c_str());
2128 return ret;
2129 }
2130 }
2131 return ERR_OK;
2132 }
2133
RemoveExtensionDir(int32_t userId,const std::string & extensionBundleDir)2134 ErrCode InstalldHostImpl::RemoveExtensionDir(int32_t userId, const std::string &extensionBundleDir)
2135 {
2136 LOG_I(BMS_TAG_INSTALLD, "begin RemoveExtensionDir dir %{public}s", extensionBundleDir.c_str());
2137 for (const auto &el : ServiceConstants::BUNDLE_EL) {
2138 const std::string bundleDataDir = GetBundleDataDir(el, userId);
2139 std::string baseDir = bundleDataDir + ServiceConstants::BASE + extensionBundleDir;
2140 if (!InstalldOperator::DeleteDir(baseDir)) {
2141 LOG_E(BMS_TAG_INSTALLD, "remove base dir %{public}s failed errno:%{public}d", baseDir.c_str(), errno);
2142 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2143 }
2144
2145 std::string databaseDir = bundleDataDir + ServiceConstants::DATABASE + extensionBundleDir;
2146 if (!InstalldOperator::DeleteDir(databaseDir)) {
2147 LOG_E(BMS_TAG_INSTALLD, "remove database dir %{public}s failed errno:%{public}d",
2148 databaseDir.c_str(), errno);
2149 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2150 }
2151
2152 if (el == ServiceConstants::BUNDLE_EL[1]) {
2153 std::string logDir = bundleDataDir + ServiceConstants::LOG + extensionBundleDir;
2154 if (!InstalldOperator::DeleteDir(logDir)) {
2155 LOG_E(BMS_TAG_INSTALLD, "remove log dir %{public}s failed errno:%{public}d", logDir.c_str(), errno);
2156 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2157 }
2158 }
2159 }
2160 return ERR_OK;
2161 }
2162
IsExistExtensionDir(int32_t userId,const std::string & extensionBundleDir,bool & isExist)2163 ErrCode InstalldHostImpl::IsExistExtensionDir(int32_t userId, const std::string &extensionBundleDir, bool &isExist)
2164 {
2165 LOG_I(BMS_TAG_INSTALLD, "IsExistExtensionDir called, userId %{public}d dir %{public}s",
2166 userId, extensionBundleDir.c_str());
2167 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2168 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
2169 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2170 }
2171 for (const auto &el : ServiceConstants::BUNDLE_EL) {
2172 const std::string bundleDataDir = GetBundleDataDir(el, userId);
2173 std::string baseDir = bundleDataDir + ServiceConstants::BASE + extensionBundleDir;
2174 if (!InstalldOperator::IsExistDir(baseDir)) {
2175 LOG_I(BMS_TAG_INSTALLD, "dir %{public}s is not existed", baseDir.c_str());
2176 isExist = false;
2177 return ERR_OK;
2178 }
2179
2180 std::string databaseDir = bundleDataDir + ServiceConstants::DATABASE + extensionBundleDir;
2181 if (!InstalldOperator::IsExistDir(databaseDir)) {
2182 LOG_I(BMS_TAG_INSTALLD, "dir %{public}s is not existed", databaseDir.c_str());
2183 isExist = false;
2184 return ERR_OK;
2185 }
2186
2187 if (el == ServiceConstants::BUNDLE_EL[1]) {
2188 std::string logDir = bundleDataDir + ServiceConstants::LOG + extensionBundleDir;
2189 if (!InstalldOperator::IsExistDir(logDir)) {
2190 LOG_I(BMS_TAG_INSTALLD, "dir %{public}s is not existed", logDir.c_str());
2191 isExist = false;
2192 return ERR_OK;
2193 }
2194 }
2195 }
2196 isExist = true;
2197 return ERR_OK;
2198 }
2199
CreateExtensionDataDir(const CreateDirParam & createDirParam)2200 ErrCode InstalldHostImpl::CreateExtensionDataDir(const CreateDirParam &createDirParam)
2201 {
2202 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2203 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
2204 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2205 }
2206 if (createDirParam.bundleName.empty() || createDirParam.userId < 0 ||
2207 createDirParam.uid < 0 || createDirParam.gid < 0 || createDirParam.extensionDirs.empty()) {
2208 LOG_E(BMS_TAG_INSTALLD, "Calling the function CreateExtensionDataDir with invalid param");
2209 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
2210 }
2211 LOG_I(BMS_TAG_INSTALLD, "begin to create extension dir for bundle %{public}s, which has %{public}zu extension dir",
2212 createDirParam.bundleName.c_str(), createDirParam.extensionDirs.size());
2213 for (const auto &el : ServiceConstants::BUNDLE_EL) {
2214 if ((createDirParam.createDirFlag == CreateDirFlag::CREATE_DIR_UNLOCKED) &&
2215 (el == ServiceConstants::BUNDLE_EL[0])) {
2216 continue;
2217 }
2218
2219 std::string bundleDataDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::BASE;
2220 if (access(bundleDataDir.c_str(), F_OK) != 0) {
2221 LOG_W(BMS_TAG_INSTALLD, "Base directory %{public}s does not existed, bundleName:%{public}s",
2222 bundleDataDir.c_str(), createDirParam.bundleName.c_str());
2223 return ERR_OK;
2224 }
2225 int mode = createDirParam.debug ? (S_IRWXU | S_IRWXG | S_IRWXO) : S_IRWXU;
2226 if (CreateExtensionDir(createDirParam, bundleDataDir, mode, createDirParam.gid) != ERR_OK) {
2227 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", bundleDataDir.c_str());
2228 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
2229 }
2230 AclSetExtensionDirs(createDirParam.debug, bundleDataDir, createDirParam.extensionDirs, true, true);
2231 if (el == ServiceConstants::BUNDLE_EL[1]) {
2232 std::string logParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::LOG;
2233 if (CreateExtensionDir(createDirParam, logParentDir, S_IRWXU | S_IRWXG,
2234 ServiceConstants::LOG_DIR_GID, true) != ERR_OK) {
2235 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", logParentDir.c_str());
2236 }
2237 }
2238 mode = createDirParam.debug ? (S_IRWXU | S_IRWXG | S_ISGID | S_IROTH | S_IXOTH) : (S_IRWXU | S_IRWXG | S_ISGID);
2239 std::string databaseParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::DATABASE;
2240 if (CreateExtensionDir(createDirParam, databaseParentDir, mode,
2241 ServiceConstants::DATABASE_DIR_GID) != ERR_OK) {
2242 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", databaseParentDir.c_str());
2243 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
2244 }
2245 AclSetExtensionDirs(createDirParam.debug, databaseParentDir, createDirParam.extensionDirs, false, true);
2246 }
2247 return ERR_OK;
2248 }
2249
GetExtensionSandboxTypeList(std::vector<std::string> & typeList)2250 ErrCode InstalldHostImpl::GetExtensionSandboxTypeList(std::vector<std::string> &typeList)
2251 {
2252 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2253 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
2254 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2255 }
2256 nlohmann::json jsonBuf;
2257 std::string extensionConfigPath = GetExtensionConfigPath();
2258 if (!ReadFileIntoJson(extensionConfigPath, jsonBuf)) {
2259 LOG_I(BMS_TAG_INSTALLD, "Parse file %{public}s failed", extensionConfigPath.c_str());
2260 return ERR_APPEXECFWK_INSTALL_FAILED_PROFILE_PARSE_FAIL;
2261 }
2262 LoadNeedCreateSandbox(jsonBuf, typeList);
2263 return ERR_OK;
2264 }
2265
GetExtensionConfigPath() const2266 std::string InstalldHostImpl::GetExtensionConfigPath() const
2267 {
2268 #ifdef CONFIG_POLOCY_ENABLE
2269 char buf[MAX_PATH_LEN] = { 0 };
2270 char *configPath = GetOneCfgFile(EXTENSION_CONFIG_FILE_PATH, buf, MAX_PATH_LEN);
2271 if (configPath == nullptr || configPath[0] == '\0') {
2272 LOG_E(BMS_TAG_INSTALLD, "GetOneCfgFile failed");
2273 return EXTENSION_CONFIG_DEFAULT_PATH;
2274 }
2275 if (strlen(configPath) > MAX_PATH_LEN) {
2276 LOG_E(BMS_TAG_INSTALLD, "configPath length exceeds");
2277 return EXTENSION_CONFIG_DEFAULT_PATH;
2278 }
2279 return configPath;
2280 #else
2281 return EXTENSION_CONFIG_DEFAULT_PATH;
2282 #endif
2283 }
2284
LoadNeedCreateSandbox(const nlohmann::json & object,std::vector<std::string> & typeList)2285 void InstalldHostImpl::LoadNeedCreateSandbox(const nlohmann::json &object, std::vector<std::string> &typeList)
2286 {
2287 if (!object.contains(EXTENSION_CONFIG_NAME) || !object.at(EXTENSION_CONFIG_NAME).is_array()) {
2288 LOG_E(BMS_TAG_INSTALLD, "Extension config not existed");
2289 return;
2290 }
2291
2292 for (auto &item : object.at(EXTENSION_CONFIG_NAME).items()) {
2293 const nlohmann::json& jsonObject = item.value();
2294 if (!jsonObject.contains(EXTENSION_TYPE_NAME) || !jsonObject.at(EXTENSION_TYPE_NAME).is_string()) {
2295 continue;
2296 }
2297 std::string extensionType = jsonObject.at(EXTENSION_TYPE_NAME).get<std::string>();
2298 if (LoadExtensionNeedCreateSandbox(jsonObject, extensionType)) {
2299 typeList.emplace_back(extensionType);
2300 }
2301 }
2302 }
2303
LoadExtensionNeedCreateSandbox(const nlohmann::json & object,std::string extensionTypeName)2304 bool InstalldHostImpl::LoadExtensionNeedCreateSandbox(const nlohmann::json &object, std::string extensionTypeName)
2305 {
2306 if (!object.contains(EXTENSION_SERVICE_NEED_CREATE_SANDBOX) ||
2307 !object.at(EXTENSION_SERVICE_NEED_CREATE_SANDBOX).is_boolean()) {
2308 LOG_NOFUNC_E(BMS_TAG_INSTALLD, "need create sandbox config not existed");
2309 return false;
2310 }
2311 return object.at(EXTENSION_SERVICE_NEED_CREATE_SANDBOX).get<bool>();
2312 }
2313
ReadFileIntoJson(const std::string & filePath,nlohmann::json & jsonBuf)2314 bool InstalldHostImpl::ReadFileIntoJson(const std::string &filePath, nlohmann::json &jsonBuf)
2315 {
2316 if (filePath.length() > PATH_MAX) {
2317 LOG_E(BMS_TAG_INSTALLD, "path length(%{public}u) longer than max length(%{public}d)",
2318 static_cast<unsigned int>(filePath.length()), PATH_MAX);
2319 return false;
2320 }
2321 std::string realPath;
2322 realPath.reserve(PATH_MAX);
2323 realPath.resize(PATH_MAX - 1);
2324 if (realpath(filePath.c_str(), &(realPath[0])) == nullptr) {
2325 LOG_E(BMS_TAG_INSTALLD, "transform real path: %{public}s error: %{public}d", filePath.c_str(), errno);
2326 return false;
2327 }
2328 if (access(filePath.c_str(), F_OK) != 0) {
2329 LOG_D(BMS_TAG_INSTALLD, "access file %{public}s failed, error: %{public}s", filePath.c_str(), strerror(errno));
2330 return false;
2331 }
2332
2333 std::fstream in;
2334 char errBuf[256];
2335 errBuf[0] = '\0';
2336 in.open(filePath, std::ios_base::in);
2337 if (!in.is_open()) {
2338 strerror_r(errno, errBuf, sizeof(errBuf));
2339 LOG_E(BMS_TAG_INSTALLD, "the file cannot be open due to %{public}s, errno:%{public}d", errBuf, errno);
2340 return false;
2341 }
2342
2343 in.seekg(0, std::ios::end);
2344 int64_t size = in.tellg();
2345 if (size <= 0) {
2346 LOG_E(BMS_TAG_INSTALLD, "the file is an empty file, errno:%{public}d", errno);
2347 in.close();
2348 return false;
2349 }
2350
2351 in.seekg(0, std::ios::beg);
2352 jsonBuf = nlohmann::json::parse(in, nullptr, false);
2353 in.close();
2354 if (jsonBuf.is_discarded()) {
2355 LOG_E(BMS_TAG_INSTALLD, "bad profile file");
2356 return false;
2357 }
2358
2359 return true;
2360 }
2361
InnerRemoveAtomicServiceBundleDataDir(const std::string & bundleName,const int32_t userId,const bool async)2362 ErrCode InstalldHostImpl::InnerRemoveAtomicServiceBundleDataDir(
2363 const std::string &bundleName, const int32_t userId, const bool async)
2364 {
2365 LOG_D(BMS_TAG_INSTALLD, "process atomic service bundleName:%{public}s", bundleName.c_str());
2366 std::vector<std::string> pathName;
2367 if (!InstalldOperator::GetAtomicServiceBundleDataDir(bundleName, userId, pathName)) {
2368 LOG_W(BMS_TAG_INSTALLD, "atomic bundle %{public}s no other path", bundleName.c_str());
2369 }
2370 pathName.emplace_back(bundleName);
2371 LOG_I(BMS_TAG_INSTALLD, "bundle %{public}s need delete path size:%{public}zu", bundleName.c_str(), pathName.size());
2372 ErrCode result = ERR_OK;
2373 for (const auto &name : pathName) {
2374 ErrCode tmpResult = InnerRemoveBundleDataDir(name, userId, async);
2375 if (tmpResult != ERR_OK) {
2376 result = tmpResult;
2377 }
2378 }
2379 return result;
2380 }
2381
InnerRemoveBundleDataDir(const std::string & bundleName,const int32_t userId,const bool async)2382 ErrCode InstalldHostImpl::InnerRemoveBundleDataDir(
2383 const std::string &bundleName, const int32_t userId, const bool async)
2384 {
2385 for (const auto &el : ServiceConstants::BUNDLE_EL) {
2386 std::string dataDir = GetBundleDataDir(el, userId);
2387 std::string bundleDataDir = dataDir + ServiceConstants::BASE + bundleName;
2388 if (!InstalldOperator::DeleteDirFlexible(bundleDataDir, async)) {
2389 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", bundleDataDir.c_str(), errno);
2390 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2391 }
2392 std::string databaseDir = dataDir + ServiceConstants::DATABASE + bundleName;
2393 if (!InstalldOperator::DeleteDirFlexible(databaseDir, async)) {
2394 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", databaseDir.c_str(), errno);
2395 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2396 }
2397 if (el == ServiceConstants::BUNDLE_EL[0]) {
2398 std::string el1ShaderCachePath = std::string(ServiceConstants::NEW_SHADER_CACHE_PATH);
2399 el1ShaderCachePath = el1ShaderCachePath.replace(el1ShaderCachePath.find("%"), 1,
2400 std::to_string(userId));
2401 el1ShaderCachePath = el1ShaderCachePath + bundleName;
2402 if (!InstalldOperator::DeleteDir(el1ShaderCachePath)) {
2403 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d",
2404 el1ShaderCachePath.c_str(), errno);
2405 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2406 }
2407 // remove shadercache in /system_optimize
2408 std::string systemOptimizeShaderCachePath = ServiceConstants::SYSTEM_OPTIMIZE_SHADER_CACHE_PATH;
2409 systemOptimizeShaderCachePath = systemOptimizeShaderCachePath.replace(
2410 systemOptimizeShaderCachePath.find("%"),
2411 1, std::to_string(userId));
2412 systemOptimizeShaderCachePath = systemOptimizeShaderCachePath +
2413 bundleName;
2414 if (!InstalldOperator::DeleteDir(systemOptimizeShaderCachePath)) {
2415 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d",
2416 systemOptimizeShaderCachePath.c_str(), errno);
2417 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2418 }
2419
2420 // remove ark_startup_cache/bundlename
2421 std::string arkStartupCacheDir = ServiceConstants::SYSTEM_OPTIMIZE_PATH +
2422 bundleName + ServiceConstants::ARK_STARTUP_CACHE_DIR;
2423 arkStartupCacheDir = arkStartupCacheDir.replace(arkStartupCacheDir.find("%"), 1,
2424 std::to_string(userId));
2425 if (!InstalldOperator::DeleteDir(arkStartupCacheDir)) {
2426 LOG_W(BMS_TAG_INSTALLD, "remove dir %{public}s failed, errno:%{public}d",
2427 arkStartupCacheDir.c_str(), errno);
2428 }
2429 }
2430 if (el == ServiceConstants::BUNDLE_EL[1]) {
2431 std::string logDir = dataDir + ServiceConstants::LOG + bundleName;
2432 if (!InstalldOperator::DeleteDir(logDir)) {
2433 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", logDir.c_str(), errno);
2434 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2435 }
2436
2437 // remove SHAREFILES_DATA_PATH_EL2
2438 std::string shareFilesDataDir = dataDir + ServiceConstants::SHAREFILES + bundleName;
2439 if (!InstalldOperator::DeleteDir(shareFilesDataDir)) {
2440 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed: %{public}d", shareFilesDataDir.c_str(), errno);
2441 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2442 }
2443 }
2444 }
2445 if (RemoveShareDir(bundleName, userId) != ERR_OK) {
2446 LOG_E(BMS_TAG_INSTALLD, "failed to remove share dir");
2447 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2448 }
2449 if (RemoveCloudDir(bundleName, userId) != ERR_OK) {
2450 LOG_E(BMS_TAG_INSTALLD, "failed to remove cloud dir");
2451 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2452 }
2453 if (RemoveBackupExtHomeDir(bundleName, userId, DirType::DIR_EL2) != ERR_OK ||
2454 RemoveBackupExtHomeDir(bundleName, userId, DirType::DIR_EL1) != ERR_OK) {
2455 LOG_E(BMS_TAG_INSTALLD, "failed to remove backup ext home dir");
2456 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2457 }
2458 if (RemoveNewBackupExtHomeDir(bundleName, userId, DirType::DIR_EL2) != ERR_OK ||
2459 RemoveNewBackupExtHomeDir(bundleName, userId, DirType::DIR_EL1) != ERR_OK) {
2460 LOG_E(BMS_TAG_INSTALLD, "failed to remove new backup ext home dir");
2461 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2462 }
2463 if (RemoveDistributedDir(bundleName, userId) != ERR_OK) {
2464 LOG_E(BMS_TAG_INSTALLD, "failed to remove distributed file dir");
2465 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2466 }
2467 return ERR_OK;
2468 }
2469
MigrateData(const std::vector<std::string> & sourcePaths,const std::string & destinationPath)2470 ErrCode InstalldHostImpl::MigrateData(const std::vector<std::string> &sourcePaths, const std::string &destinationPath)
2471 {
2472 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2473 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
2474 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2475 }
2476 if (sourcePaths.size() > VECTOR_SIZE_MAX) {
2477 LOG_E(BMS_TAG_INSTALLD, "source paths size out of range");
2478 return ERR_BUNDLE_MANAGER_MIGRATE_DATA_SOURCE_PATH_INVALID;
2479 }
2480 auto checkPath = [](const auto &path) { return path.find(ServiceConstants::RELATIVE_PATH) != std::string::npos; };
2481 if (sourcePaths.empty() || std::any_of(sourcePaths.begin(), sourcePaths.end(), checkPath)) {
2482 return ERR_BUNDLE_MANAGER_MIGRATE_DATA_SOURCE_PATH_INVALID;
2483 }
2484 if (destinationPath.empty() || checkPath(destinationPath)) {
2485 return ERR_BUNDLE_MANAGER_MIGRATE_DATA_DESTINATION_PATH_INVALID;
2486 }
2487 return InstalldOperator::MigrateData(sourcePaths, destinationPath);
2488 }
2489
MoveHapToCodeDir(const std::string & originPath,const std::string & targetPath)2490 ErrCode InstalldHostImpl::MoveHapToCodeDir(const std::string &originPath, const std::string &targetPath)
2491 {
2492 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2493 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
2494 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2495 }
2496 if (!InstalldOperator::MoveFile(originPath, targetPath)) {
2497 LOG_E(BMS_TAG_INSTALLD, "move file %{public}s to %{public}s failed errno:%{public}d",
2498 originPath.c_str(), targetPath.c_str(), errno);
2499 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
2500 }
2501 mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
2502 if (!OHOS::ChangeModeFile(targetPath, mode)) {
2503 LOG_E(BMS_TAG_INSTALLD, "change mode failed");
2504 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
2505 }
2506 if (!InstalldOperator::ChangeFileAttr(targetPath, INSTALLS_UID, INSTALLS_UID)) {
2507 LOG_E(BMS_TAG_INSTALLD, "ChangeAttr %{public}s failed errno:%{public}d", targetPath.c_str(), errno);
2508 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
2509 }
2510
2511 #ifdef WITH_SELINUX
2512 const char *context = "u:object_r:data_app_el1_file:s0";
2513 if (lsetfilecon(targetPath.c_str(), context) < 0) {
2514 LOG_E(BMS_TAG_INSTALLD, "setcon %{public}s failed errno:%{public}d", targetPath.c_str(), errno);
2515 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
2516 }
2517 #endif
2518 return ERR_OK;
2519 }
2520
GetGroupDirPath(const std::string & el,int32_t userId,const std::string & uuid)2521 std::string InstalldHostImpl::GetGroupDirPath(const std::string &el, int32_t userId, const std::string &uuid)
2522 {
2523 return ServiceConstants::BUNDLE_APP_DATA_BASE_DIR + el + ServiceConstants::PATH_SEPARATOR + std::to_string(userId)
2524 + ServiceConstants::DATA_GROUP_PATH + uuid;
2525 }
2526
CreateDataGroupDirs(const std::vector<CreateDirParam> & params)2527 ErrCode InstalldHostImpl::CreateDataGroupDirs(const std::vector<CreateDirParam> ¶ms)
2528 {
2529 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2530 LOG_E(BMS_TAG_INSTALLD, "permission denied");
2531 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2532 }
2533 ErrCode result = ERR_OK;
2534 for (const CreateDirParam ¶m : params) {
2535 if (CreateDataGroupDir(param) != ERR_OK) {
2536 LOG_E(BMS_TAG_INSTALLD, "create group dir %{private}s failed", param.uuid.c_str());
2537 result = ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
2538 }
2539 }
2540 return result;
2541 }
2542
CreateDataGroupDir(const CreateDirParam & param)2543 ErrCode InstalldHostImpl::CreateDataGroupDir(const CreateDirParam ¶m)
2544 {
2545 if (param.uuid.empty() || param.userId < 0 ||
2546 param.uid < 0 || param.gid < 0) {
2547 LOG_E(BMS_TAG_INSTALLD, "invalid param, uuid %{private}s "
2548 "-u %{public}d uid %{public}d gid %{public}d", param.uuid.c_str(),
2549 param.userId, param.uid, param.gid);
2550 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
2551 }
2552 // create el2~el4 group dirs
2553 ErrCode result = ERR_OK;
2554 const std::vector<std::string> elList { "el2", "el3", "el4" };
2555 for (const auto &el : elList) {
2556 std::string userDir = ServiceConstants::BUNDLE_APP_DATA_BASE_DIR +
2557 el + ServiceConstants::PATH_SEPARATOR + std::to_string(param.userId);
2558 if (access(userDir.c_str(), F_OK) != 0) {
2559 LOG_W(BMS_TAG_INSTALLD, "user directory %{public}s does not existed", userDir.c_str());
2560 result = ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
2561 continue;
2562 }
2563 std::string groupDir = userDir + ServiceConstants::DATA_GROUP_PATH + param.uuid;
2564 if (!InstalldOperator::MkOwnerDir(
2565 groupDir, ServiceConstants::DATA_GROUP_DIR_MODE, param.uid, param.gid)) {
2566 LOG_E(BMS_TAG_INSTALLD, "create group dir failed error %{public}s", strerror(errno));
2567 result = ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
2568 continue;
2569 }
2570 }
2571 return result;
2572 }
2573
DeleteDataGroupDirs(const std::vector<std::string> & uuidList,int32_t userId)2574 ErrCode InstalldHostImpl::DeleteDataGroupDirs(const std::vector<std::string> &uuidList, int32_t userId)
2575 {
2576 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2577 LOG_E(BMS_TAG_INSTALLD, "permission denied");
2578 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2579 }
2580 if (uuidList.empty() || userId < 0) {
2581 LOG_E(BMS_TAG_INSTALLD, "invalid param, uuidList size %{public}zu "
2582 "-u %{public}d", uuidList.size(), userId);
2583 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
2584 }
2585 // remove el2~el4 group dirs
2586 ErrCode result = ERR_OK;
2587 for (const auto &el : ServiceConstants::BUNDLE_EL) {
2588 if (el == ServiceConstants::BUNDLE_EL[0]) {
2589 continue;
2590 }
2591 for (const std::string &uuid : uuidList) {
2592 std::string groupDir = GetGroupDirPath(el, userId, uuid);
2593 if (!InstalldOperator::DeleteDir(groupDir)) {
2594 LOG_E(BMS_TAG_INSTALLD, "remove dir %{private}s failed, errno is %{public}d", groupDir.c_str(), errno);
2595 result = ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2596 }
2597 }
2598 }
2599
2600 auto el5Res = DeleteEl5DataGroupDirs(uuidList, userId);
2601 if (el5Res != ERR_OK) {
2602 LOG_W(BMS_TAG_INSTALLD, "el5 group directory del failed, res %{public}d", el5Res);
2603 result = el5Res;
2604 }
2605 return result;
2606 }
2607
DeleteEl5DataGroupDirs(const std::vector<std::string> & uuidList,int32_t userId)2608 ErrCode InstalldHostImpl::DeleteEl5DataGroupDirs(const std::vector<std::string> &uuidList, int32_t userId)
2609 {
2610 ErrCode result = ERR_OK;
2611 for (const std::string &uuid : uuidList) {
2612 std::string groupDir = GetGroupDirPath(ServiceConstants::DIR_EL5, userId, uuid);
2613 if (access(groupDir.c_str(), F_OK) != 0) {
2614 LOG_D(BMS_TAG_INSTALLD, "group directory %{private}s does not existed", groupDir.c_str());
2615 continue;
2616 }
2617 // delete dir
2618 if (!InstalldOperator::DeleteDir(groupDir)) {
2619 LOG_E(BMS_TAG_INSTALLD, "remove dir %{private}s failed, errno is %{public}d", groupDir.c_str(), errno);
2620 result = ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
2621 continue;
2622 }
2623 // delete key id
2624 EncryptionParam encryptionParam("", uuid, 0, userId, EncryptionDirType::GROUP);
2625 if (!InstalldOperator::DeleteKeyId(encryptionParam)) {
2626 LOG_E(BMS_TAG_INSTALLD, "delete keyId fail");
2627 result = ERR_APPEXECFWK_INSTALLD_DELETE_KEY_FAILED;
2628 }
2629 }
2630 return result;
2631 }
2632
ClearDir(const std::string & dir)2633 ErrCode InstalldHostImpl::ClearDir(const std::string &dir)
2634 {
2635 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2636 LOG_E(BMS_TAG_INSTALLD, "permission denied");
2637 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2638 }
2639 if (dir.empty()) {
2640 LOG_E(BMS_TAG_INSTALLD, "empty dir");
2641 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
2642 }
2643 if (!InstalldOperator::ClearDir(dir)) {
2644 LOG_E(BMS_TAG_INSTALLD, "ClearDir failed");
2645 return ERR_APPEXECFWK_INSTALLD_CLEAN_DIR_FAILED;
2646 }
2647 return ERR_OK;
2648 }
2649
RestoreconPath(const std::string & path)2650 ErrCode InstalldHostImpl::RestoreconPath(const std::string &path)
2651 {
2652 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
2653 LOG_E(BMS_TAG_INSTALLD, "permission denied");
2654 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
2655 }
2656
2657 if (!InstalldOperator::RestoreconPath(path)) {
2658 LOG_E(BMS_TAG_INSTALLD, "RestoreconPath failed");
2659 return ERR_APPEXECFWK_RESTORECON_PATH_FAILED;
2660 }
2661 return ERR_OK;
2662 }
2663 } // namespace AppExecFwk
2664 } // namespace OHOS
2665