1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "cm_event_process.h"
17
18 #include <dirent.h>
19 #include <sys/stat.h>
20
21 #include "securec.h"
22
23 #include "cert_manager.h"
24 #include "cert_manager_auth_mgr.h"
25 #include "cert_manager_file_operator.h"
26 #include "cert_manager_key_operation.h"
27 #include "cert_manager_session_mgr.h"
28 #include "cert_manager_status.h"
29 #include "cm_log.h"
30 #include "cm_type.h"
31
DeleteAuth(const struct CmContext * context,const char * fileName,bool isDeleteByUid)32 static void DeleteAuth(const struct CmContext *context, const char *fileName, bool isDeleteByUid)
33 {
34 CM_LOG_I("isDeleteByUid:%d", isDeleteByUid);
35 struct CmBlob keyUri = { strlen(fileName) + 1, (uint8_t *)fileName };
36
37 int32_t ret;
38 if (isDeleteByUid) {
39 ret = CmAuthDeleteAuthInfoByUid(context->userId, context->uid, &keyUri);
40 } else {
41 ret = CmAuthDeleteAuthInfoByUserId(context->userId, &keyUri);
42 }
43 if (ret != CM_SUCCESS) {
44 CM_LOG_E("delete auth info failed ret: %d", ret); /* only record logs */
45 }
46 return;
47 }
48
CmTraversalDirActionCredential(const char * filePath,const char * fileName)49 static int32_t CmTraversalDirActionCredential(const char *filePath, const char *fileName)
50 {
51 int32_t ret = remove(filePath);
52 if (ret != CM_SUCCESS) {
53 CM_LOG_E("App cert delete faild, ret: %d", ret);
54 return ret;
55 }
56
57 struct CmBlob keyUri = { strlen(fileName) + 1, (uint8_t *)fileName };
58 ret = CmKeyOpDeleteKey(&keyUri);
59 if (ret != CM_SUCCESS) { /* ignore the return of delete key */
60 CM_LOG_I("App key delete failed ret: %d", ret);
61 }
62
63 return CM_SUCCESS;
64 }
65
CmTraversalDirActionUserCa(const struct CmContext * context,const char * filePath,const char * fileName,const uint32_t store)66 static int32_t CmTraversalDirActionUserCa(const struct CmContext *context, const char *filePath, const char *fileName,
67 const uint32_t store)
68 {
69 int32_t ret = remove(filePath);
70 if (ret != CM_SUCCESS) {
71 CM_LOG_E("User cert delete faild, ret: %d", ret);
72 return ret;
73 }
74
75 struct CmBlob certUri = { strlen(fileName) + 1, (uint8_t *)fileName }; /* include '\0' at end. */
76 struct CmMutableBlob pathBlob = { strlen(filePath) + 1, (uint8_t *)filePath };
77 ret = CmSetStatusEnable(context, &pathBlob, &certUri, store);
78 if (ret != CM_SUCCESS) {
79 CM_LOG_E("User set status faild, ret: %d", ret);
80 return ret;
81 }
82
83 return CM_SUCCESS;
84 }
85
CmTraversalDirAction(const struct CmContext * context,const char * filePath,const char * fileName,const uint32_t store)86 static int32_t CmTraversalDirAction(const struct CmContext *context, const char *filePath,
87 const char *fileName, const uint32_t store)
88 {
89 int32_t ret = CM_SUCCESS;
90
91 switch (store) {
92 case CM_CREDENTIAL_STORE :
93 DeleteAuth(context, fileName, false); /* fall-through */
94 case CM_PRI_CREDENTIAL_STORE :
95 ret = CmTraversalDirActionCredential(filePath, fileName);
96 break;
97 case CM_USER_TRUSTED_STORE :
98 ret = CmTraversalDirActionUserCa(context, filePath, fileName, store);
99 break;
100 default:
101 break;
102 }
103 if (ret != CM_SUCCESS) {
104 CM_LOG_E("CmTraversalDirAction failed store:%u", store);
105 }
106
107 return CM_SUCCESS;
108 }
109
GetNextLayerPath(const char * path,const char * name,char * outPath,uint32_t outPathLen)110 static int32_t GetNextLayerPath(const char *path, const char *name, char *outPath, uint32_t outPathLen)
111 {
112 if (strncpy_s(outPath, outPathLen, path, strlen(path)) != EOK) {
113 return CMR_ERROR_INVALID_OPERATION;
114 }
115 if (outPath[strlen(outPath) - 1] != '/') {
116 if (strncat_s(outPath, outPathLen, "/", strlen("/")) != EOK) {
117 return CMR_ERROR_INVALID_OPERATION;
118 }
119 }
120 if (strncat_s(outPath, outPathLen, name, strlen(name)) != EOK) {
121 return CMR_ERROR_INVALID_OPERATION;
122 }
123 return CM_SUCCESS;
124 }
125
RemoveDir(const char * dirPath)126 static int32_t RemoveDir(const char *dirPath)
127 {
128 struct stat fileStat;
129 int32_t ret = stat(dirPath, &fileStat);
130 if (ret != 0) {
131 return CMR_ERROR_INVALID_OPERATION;
132 }
133
134 if (!S_ISDIR(fileStat.st_mode)) {
135 return CMR_ERROR_INVALID_OPERATION;
136 }
137
138 DIR *dir = opendir(dirPath);
139 if (dir == NULL) {
140 return CMR_ERROR_INVALID_OPERATION;
141 }
142
143 struct dirent *dire = readdir(dir);
144 while (dire != NULL) {
145 if (dire->d_type == DT_REG) { /* only care about files. */
146 ret = CmFileRemove(dirPath, dire->d_name);
147 if (ret != CM_SUCCESS) { /* Continue to delete remaining files */
148 CM_LOG_E("remove file failed when remove authlist files, ret = %d.", ret);
149 }
150 }
151 dire = readdir(dir);
152 }
153 (void)closedir(dir);
154 (void)remove(dirPath);
155 return CM_SUCCESS;
156 }
157
RemoveAuthListDir(const char * path,const uint32_t store,bool isSameUid)158 static void RemoveAuthListDir(const char *path, const uint32_t store, bool isSameUid)
159 {
160 if (!isSameUid || (store != CM_CREDENTIAL_STORE)) {
161 return;
162 }
163
164 char authListPath[CM_MAX_FILE_NAME_LEN] = {0};
165 char name[] = "authlist";
166 int32_t ret = GetNextLayerPath(path, name, authListPath, sizeof(authListPath));
167 if (ret != CM_SUCCESS) {
168 return;
169 }
170
171 RemoveDir(authListPath);
172 }
173
TraversalUidLayerDir(const struct CmContext * context,const char * uidPath,const char * direName,const uint32_t store,bool isSameUid)174 static void TraversalUidLayerDir(const struct CmContext *context, const char *uidPath, const char *direName,
175 const uint32_t store, bool isSameUid)
176 {
177 if (!isSameUid) {
178 if (store == CM_CREDENTIAL_STORE) { /* remove deleted uid from authlist */
179 DeleteAuth(context, direName, true);
180 }
181 } else {
182 (void)CmTraversalDirAction(context, uidPath, direName, store);
183 }
184 }
185
CmTraversalUidLayerDir(const struct CmContext * context,const char * path,const uint32_t store,bool isSameUid)186 static int32_t CmTraversalUidLayerDir(const struct CmContext *context, const char *path,
187 const uint32_t store, bool isSameUid)
188 {
189 int32_t ret = CM_SUCCESS;
190 /* do nothing when dir is not exist */
191 if (CmIsDirExist(path) != CMR_OK) {
192 CM_LOG_I("Dir is not exist");
193 return CM_SUCCESS;
194 }
195
196 DIR *dir = opendir(path);
197 if (dir == NULL) {
198 CM_LOG_E("open dir failed");
199 return CMR_ERROR_OPEN_FILE_FAIL;
200 }
201
202 struct dirent *dire = readdir(dir);
203 while (dire != NULL) {
204 char uidPath[CM_MAX_FILE_NAME_LEN] = {0};
205 if (GetNextLayerPath(path, dire->d_name, uidPath, sizeof(uidPath)) != CM_SUCCESS) {
206 closedir(dir);
207 return CMR_ERROR_INVALID_OPERATION;
208 }
209
210 if ((strcmp("..", dire->d_name) != 0) && (strcmp(".", dire->d_name) != 0) && (dire->d_type == DT_REG)) {
211 TraversalUidLayerDir(context, uidPath, dire->d_name, store, isSameUid);
212 }
213 dire = readdir(dir);
214 }
215 closedir(dir);
216
217 /* remove authList Path */
218 RemoveAuthListDir(path, store, isSameUid);
219
220 if (isSameUid) {
221 ret = remove(path);
222 }
223 return ret;
224 }
225
TraversalUserIdLayerDir(const struct CmContext * context,const char * userIdPath,const char * direName,const uint32_t store,bool isUserDeleteEvent)226 static int32_t TraversalUserIdLayerDir(const struct CmContext *context, const char *userIdPath, const char *direName,
227 const uint32_t store, bool isUserDeleteEvent)
228 {
229 uint32_t uid = (uint32_t)atoi(direName);
230 CM_LOG_I("CmTraversalUserIdLayerDir userId:%u, uid:%u", context->userId, uid);
231
232 int32_t ret = CM_SUCCESS;
233 if (isUserDeleteEvent) { /* user delete event */
234 struct CmContext userContext = { context->userId, uid, {0} };
235 ret = CmTraversalUidLayerDir(&userContext, userIdPath, store, true);
236 } else { /* package delete event */
237 if (uid == context->uid) {
238 ret = CmTraversalUidLayerDir(context, userIdPath, store, true);
239 } else if (store == CM_CREDENTIAL_STORE) {
240 ret = CmTraversalUidLayerDir(context, userIdPath, store, false);
241 } else {
242 /* do nothing */
243 }
244 }
245 return ret;
246 }
247
CmTraversalUserIdLayerDir(const struct CmContext * context,const char * path,const uint32_t store)248 static int32_t CmTraversalUserIdLayerDir(const struct CmContext *context, const char *path, const uint32_t store)
249 {
250 bool isUserDeleteEvent = (context->uid == INVALID_VALUE);
251 int32_t ret = CM_SUCCESS;
252
253 /* do nothing when dir is not exist */
254 if (CmIsDirExist(path) != CMR_OK) {
255 CM_LOG_I("UserId dir is not exist");
256 return CM_SUCCESS;
257 }
258
259 DIR *dir = opendir(path);
260 if (dir == NULL) {
261 CM_LOG_E("Open userId dir failed");
262 return CMR_ERROR_OPEN_FILE_FAIL;
263 }
264
265 struct dirent *dire = readdir(dir);
266 while (dire != NULL) {
267 char userIdPath[CM_MAX_FILE_NAME_LEN] = {0};
268 if (GetNextLayerPath(path, dire->d_name, userIdPath, sizeof(userIdPath)) != CM_SUCCESS) {
269 closedir(dir);
270 return CMR_ERROR_INVALID_OPERATION;
271 }
272
273 if (dire->d_type == DT_DIR && (strcmp("..", dire->d_name) != 0) && (strcmp(".", dire->d_name) != 0)) {
274 (void)TraversalUserIdLayerDir(context, userIdPath, dire->d_name, store, isUserDeleteEvent);
275 } else if (dire->d_type != DT_DIR) {
276 (void)remove(userIdPath);
277 }
278 dire = readdir(dir);
279 }
280 closedir(dir);
281
282 /* delete userId directory only in user remove event */
283 if (isUserDeleteEvent) {
284 ret = remove(path);
285 }
286
287 return ret;
288 }
289
CmTraversalDir(const struct CmContext * context,const char * path,const uint32_t store)290 static int32_t CmTraversalDir(const struct CmContext *context, const char *path, const uint32_t store)
291 {
292 int32_t ret = CM_SUCCESS;
293 /* do nothing when dir is not exist */
294 if (CmIsDirExist(path) != CMR_OK) {
295 CM_LOG_I("Root dir is not exist");
296 return CM_SUCCESS;
297 }
298
299 DIR *dir = opendir(path);
300 if (dir == NULL) {
301 CM_LOG_E("open dir failed");
302 return CMR_ERROR_OPEN_FILE_FAIL;
303 }
304
305 struct dirent *dire = readdir(dir);
306 while (dire != NULL) {
307 char deletePath[CM_MAX_FILE_NAME_LEN] = { 0 };
308 if (GetNextLayerPath(path, dire->d_name, deletePath, sizeof(deletePath)) != CM_SUCCESS) {
309 closedir(dir);
310 return CMR_ERROR_INVALID_OPERATION;
311 }
312
313 if (dire->d_type == DT_DIR && (strcmp("..", dire->d_name) != 0) && (strcmp(".", dire->d_name) != 0) &&
314 ((uint32_t)atoi(dire->d_name) == context->userId)) {
315 ret = CmTraversalUserIdLayerDir(context, deletePath, store);
316 } else if (dire->d_type != DT_DIR) {
317 (void)remove(deletePath);
318 }
319 dire = readdir(dir);
320 }
321 closedir(dir);
322
323 return ret;
324 }
325
RemoveSessionInfo(const struct CmContext * context)326 static void RemoveSessionInfo(const struct CmContext *context)
327 {
328 bool isUserDeleteEvent = (context->uid == INVALID_VALUE);
329
330 if (isUserDeleteEvent) {
331 /* remove session node by user id */
332 struct CmSessionNodeInfo info = { context->userId, 0, { 0, NULL } };
333 CmDeleteSessionByNodeInfo(DELETE_SESSION_BY_USERID, &info);
334 } else {
335 /* remove session node by uid */
336 struct CmSessionNodeInfo info = { context->userId, context->uid, { 0, NULL } };
337 CmDeleteSessionByNodeInfo(DELETE_SESSION_BY_UID, &info);
338 }
339 }
340
CmDeleteProcessInfo(const struct CmContext * context)341 int32_t CmDeleteProcessInfo(const struct CmContext *context)
342 {
343 RemoveSessionInfo(context);
344
345 /* Delete user ca */
346 int32_t ret = CmTraversalDir(context, USER_CA_STORE, CM_USER_TRUSTED_STORE);
347 if (ret != CM_SUCCESS) {
348 CM_LOG_E("CmDeleteUserCa faild");
349 }
350
351 /* Delete private credentail */
352 ret = CmTraversalDir(context, APP_CA_STORE, CM_PRI_CREDENTIAL_STORE);
353 if (ret != CM_SUCCESS) {
354 CM_LOG_E("CmDeletePrivateCredential faild");
355 }
356
357 /* Delete public credentail */
358 ret = CmTraversalDir(context, CREDNTIAL_STORE, CM_CREDENTIAL_STORE);
359 if (ret != CM_SUCCESS) {
360 CM_LOG_E("CmDeletePublicCredential faild");
361 }
362 return ret;
363 }
364