• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *    http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "cm_ipc_service.h"
17 
18 #include "cm_log.h"
19 #include "cm_mem.h"
20 #include "cm_ipc_service_serialization.h"
21 
22 #include "cm_param.h"
23 #include "cm_pfx.h"
24 #include "cm_report_wrapper.h"
25 #include "cm_response.h"
26 #include "cm_type.h"
27 
28 #include "cert_manager.h"
29 #include "cert_manager_check.h"
30 #include "cert_manager_key_operation.h"
31 #include "cert_manager_permission_check.h"
32 #include "cert_manager_query.h"
33 #include "cert_manager_service.h"
34 #include "cert_manager_status.h"
35 #include "cert_manager_uri.h"
36 
37 #define MAX_LEN_CERTIFICATE     8196
38 
GetInputParams(const struct CmBlob * paramSetBlob,struct CmParamSet ** paramSet,struct CmContext * cmContext,struct CmParamOut * params,uint32_t paramsCount)39 static int32_t GetInputParams(const struct CmBlob *paramSetBlob, struct CmParamSet **paramSet,
40     struct CmContext *cmContext, struct CmParamOut *params, uint32_t paramsCount)
41 {
42     int32_t ret = CmGetProcessInfoForIPC(cmContext);
43     if (ret != CM_SUCCESS) {
44         CM_LOG_E("get ipc info failed, ret = %d", ret);
45         return ret;
46     }
47 
48     /* The paramSet blob pointer needs to be refreshed across processes. */
49     ret = CmGetParamSet((struct CmParamSet *)paramSetBlob->data, paramSetBlob->size, paramSet);
50     if (ret != CM_SUCCESS) {
51         CM_LOG_E("get paramSet failed, ret = %d", ret);
52         return ret;
53     }
54 
55     ret = CmParamSetToParams(*paramSet, params, paramsCount);
56     if (ret != CM_SUCCESS) {
57         CM_LOG_E("get params from paramSet failed, ret = %d", ret);
58         CmFreeParamSet(paramSet); /* if success no need free paramSet */
59     }
60 
61     return ret;
62 }
63 
CmIpcServiceGetCertificateList(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)64 void CmIpcServiceGetCertificateList(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
65     const struct CmContext *context)
66 {
67     int32_t ret;
68     uint32_t store;
69     struct CmContext cmContext = {0};
70     struct CmMutableBlob certFileList = { 0, NULL };
71     struct CmParamSet *paramSet = NULL;
72     struct CmParamOut params[] = {
73         { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
74     };
75 
76     do {
77         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
78         if (ret != CM_SUCCESS) {
79             CM_LOG_E("GetCaCertList get input params failed, ret = %d", ret);
80             break;
81         }
82 
83         ret = CmServiceGetSystemCertListCheck(store);
84         if (ret != CM_SUCCESS) {
85             CM_LOG_E("CmIpcServiceGetSystemCertCheck fail, ret = %d", ret);
86             break;
87         }
88 
89         ret = CmServiceGetCertList(&cmContext, store, &certFileList);
90         if (ret != CM_SUCCESS) {
91             CM_LOG_E("get cert list failed, ret = %d", ret);
92             break;
93         }
94 
95         ret = CmServiceGetCertListPack(&cmContext, store, &certFileList, outData);
96         if (ret != CM_SUCCESS) {
97             CM_LOG_E("cert list data pack fail, ret = %d", ret);
98             break;
99         }
100 
101         CmSendResponse(context, ret, outData);
102     } while (0);
103 
104     if (ret != CM_SUCCESS) {
105         CmSendResponse(context, ret, NULL);
106     }
107 
108     if (certFileList.data != NULL) {
109         CmFreeCertFiles((struct CertFileInfo *)certFileList.data, certFileList.size);
110     }
111     CmFreeParamSet(&paramSet);
112 }
113 
CmIpcServiceGetCertificateInfo(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)114 void CmIpcServiceGetCertificateInfo(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
115     const struct CmContext *context)
116 {
117     int32_t ret;
118     uint32_t status = 0;
119     uint32_t store;
120     struct CmContext cmContext = {0};
121     struct CmBlob certificateData = { 0, NULL };
122     struct CmBlob certUri = { 0, NULL };
123     struct CmParamSet *paramSet = NULL;
124     struct CmParamOut params[] = {
125         { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri},
126         { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store},
127     };
128 
129     do {
130         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
131         if (ret != CM_SUCCESS) {
132             CM_LOG_E("GetUserCertInfo get input params failed, ret = %d", ret);
133             break;
134         }
135 
136         ret = CmServiceGetSystemCertCheck(store, &certUri);
137         if (ret != CM_SUCCESS) {
138             CM_LOG_E("CmServiceGetSystemCertCheck failed, ret = %d", ret);
139             break;
140         }
141 
142         ret = CmServiceGetCertInfo(&cmContext, &certUri, store, &certificateData, &status);
143         if (ret != CM_SUCCESS) {
144             CM_LOG_E("get cert info failed, ret = %d", ret);
145             break;
146         }
147 
148         ret = CmServiceGetCertInfoPack(store, &certificateData, status, &certUri, outData);
149         if (ret != CM_SUCCESS) {
150             CM_LOG_E("cert info data pack failed, ret = %d", ret);
151             break;
152         }
153 
154         CmSendResponse(context, ret, outData);
155     } while (0);
156 
157     if (ret != CM_SUCCESS) {
158         CmSendResponse(context, ret, NULL);
159     }
160     CM_FREE_BLOB(certificateData);
161     CmFreeParamSet(&paramSet);
162 }
163 
CmIpcServiceSetCertStatus(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)164 void CmIpcServiceSetCertStatus(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
165     const struct CmContext *context)
166 {
167     int32_t ret;
168     uint32_t store;
169     uint32_t status = 0;
170     struct CmContext cmContext = {0};
171     struct CmBlob certUri = { 0, NULL };
172     struct CmParamSet *paramSet = NULL;
173     struct CmParamOut params[] = {
174         { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri},
175         { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store},
176         { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &status},
177     };
178 
179     do {
180         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
181         if (ret != CM_SUCCESS) {
182             CM_LOG_E("SetUserCertStatus get input params failed, ret = %d", ret);
183             break;
184         }
185 
186         ret = CmServiceSetCertStatusCheck(store, &certUri, status);
187         if (ret != CM_SUCCESS) {
188             CM_LOG_E("CmServiceSetCertStatusCheck check failed, ret = %d", ret);
189             break;
190         }
191 
192         ret = CmServiceSetCertStatus(&cmContext, &certUri, store, status);
193         if (ret != CM_SUCCESS) {
194             CM_LOG_E("set system cert status failed, ret = %d", ret);
195             break;
196         }
197     } while (0);
198     CmSendResponse(context, ret, NULL);
199     CmFreeParamSet(&paramSet);
200     CM_LOG_I("CmIpcServiceSetCertStatus end:%d", ret);
201 }
202 
CmIpcServiceInstallAppCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)203 void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
204     const struct CmContext *context)
205 {
206     struct CmContext cmContext = {0};
207     struct CmParamSet *paramSet = NULL;
208     int32_t ret;
209 
210     do {
211         struct CmAppCertInfo appCertInfo = { { 0, NULL }, { 0, NULL } };
212         struct CmBlob certAlias = { 0, NULL };
213         uint32_t store;
214         struct CmParamOut params[] = {
215             { .tag = CM_TAG_PARAM0_BUFFER, .blob = &appCertInfo.appCert },
216             { .tag = CM_TAG_PARAM1_BUFFER, .blob = &appCertInfo.appCertPwd },
217             { .tag = CM_TAG_PARAM2_BUFFER, .blob = &certAlias },
218             { .tag = CM_TAG_PARAM3_UINT32, .uint32Param = &store },
219         };
220         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
221         if (ret != CM_SUCCESS) {
222             CM_LOG_E("install app cert get input params failed, ret = %d", ret);
223             break;
224         }
225 
226         ret = CmServicInstallAppCert(&cmContext, &appCertInfo, &certAlias, store, outData);
227         if (ret != CM_SUCCESS) {
228             CM_LOG_E("service install app cert failed, ret = %d", ret);
229             break;
230         }
231     } while (0);
232 
233     struct CmBlob tempBlob = { 0, NULL };
234     CmReport(__func__, &cmContext, &tempBlob, ret);
235 
236     CmSendResponse(context, ret, outData);
237     CmFreeParamSet(&paramSet);
238     CM_LOG_I("CmIpcServiceInstallAppCert end:%d", ret);
239 }
240 
CmIpcServiceUninstallAppCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)241 void CmIpcServiceUninstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
242     const struct CmContext *context)
243 {
244     int32_t ret;
245     (void)outData;
246     uint32_t store;
247     struct CmParamSet *paramSet = NULL;
248     struct CmBlob keyUri = { 0, NULL };
249     struct CmContext cmContext = {0};
250 
251     struct CmParamOut params[] = {
252         {
253             .tag = CM_TAG_PARAM0_BUFFER,
254             .blob = &keyUri
255         }, {
256             .tag = CM_TAG_PARAM0_UINT32,
257             .uint32Param = &store
258         },
259     };
260 
261     do {
262         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
263         if (ret != CM_SUCCESS) {
264             CM_LOG_E("UninstallAppCert get input params failed, ret = %d", ret);
265             break;
266         }
267 
268         ret = CmServiceUninstallAppCertCheck(store, &keyUri);
269         if (ret != CM_SUCCESS) {
270             CM_LOG_E("UninstallAppCert CmServiceGetSystemCertCheck failed, ret = %d", ret);
271             break;
272         }
273 
274         ret = CmRemoveAppCert(&cmContext, &keyUri, store);
275         if (ret != CM_SUCCESS) {
276             CM_LOG_E("CmRemoveAppCert fail");
277         }
278     } while (0);
279 
280     CmSendResponse(context, ret, NULL);
281     CmFreeParamSet(&paramSet);
282     CM_LOG_I("CmIpcServiceUninstallAppCert end:%d", ret);
283 }
284 
CmIpcServiceUninstallAllAppCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)285 void CmIpcServiceUninstallAllAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
286     const struct CmContext *context)
287 {
288     (void)outData;
289     (void)paramSetBlob;
290     int32_t ret = CM_SUCCESS;
291     struct CmContext cmContext = {0};
292 
293     ret = CmGetProcessInfoForIPC(&cmContext);
294     if (ret != CM_SUCCESS) {
295         CM_LOG_E("CmGetProcessInfoForIPC fail, ret = %d", ret);
296     }
297 
298     ret = CmRemoveAllAppCert(&cmContext);
299     if (ret != CM_SUCCESS) {
300         CM_LOG_E("CmRemoveAllAppCert fail");
301     }
302 
303     CmSendResponse(context, ret, NULL);
304     CM_LOG_I("CmIpcServiceUninstallAllAppCert end:%d", ret);
305 }
306 
GetAppCertInfo(const struct CmBlob * keyUri,struct CmBlob * certType,struct CmBlob * certUri,struct CmBlob * cerAlias)307 static int32_t GetAppCertInfo(const struct CmBlob *keyUri, struct CmBlob *certType,
308     struct CmBlob *certUri, struct CmBlob *cerAlias)
309 {
310     int32_t ret;
311     struct CMUri uri;
312     (void)memset_s(&uri, sizeof(struct CMUri), 0, sizeof(struct CMUri));
313 
314     do {
315         ret = CertManagerUriDecode(&uri, (char *)keyUri->data);
316         if (ret != CM_SUCCESS) {
317             CM_LOG_E("CertManagerUriDecode failed");
318             break;
319         }
320         if ((uri.type >= TYPE_COUNT) || (uri.object == NULL)) {
321             CM_LOG_E("uri's type[%u] or object is invalid after decode", uri.type);
322             ret = CMR_ERROR;
323             break;
324         }
325 
326         if (memcpy_s(certType->data, certType->size, g_types[uri.type], strlen(g_types[uri.type]) + 1) != EOK) {
327             CM_LOG_E("Failed to copy certType->data");
328             ret = CMR_ERROR;
329             break;
330         }
331         certType->size = strlen(g_types[uri.type]) + 1;
332 
333         if (memcpy_s(certUri->data, certUri->size, keyUri->data, keyUri->size) != EOK) {
334             CM_LOG_E("Failed to copy certUri->data");
335             ret = CMR_ERROR;
336             break;
337         }
338         certUri->size = keyUri->size;
339 
340         if (memcpy_s(cerAlias->data, cerAlias->size, uri.object, strlen(uri.object) + 1) != EOK) {
341             CM_LOG_E("Failed to copy cerAlias->data");
342             ret = CMR_ERROR;
343             break;
344         }
345         cerAlias->size = strlen(uri.object) + 1;
346     } while (0);
347 
348     CertManagerFreeUri(&uri);
349     return ret;
350 }
351 
CmCertListGetAppCertInfo(const struct CmBlob * fileName,struct CmBlob * certType,struct CmBlob * certUri,struct CmBlob * certAlias)352 static int32_t CmCertListGetAppCertInfo(const struct CmBlob *fileName, struct CmBlob *certType,
353     struct CmBlob *certUri,  struct CmBlob *certAlias)
354 {
355     char uriBuf[MAX_LEN_URI] = {0};
356     struct CmBlob keyUri = { sizeof(uriBuf), (uint8_t *)uriBuf };
357 
358     int32_t ret = CmGetUri((char *)fileName->data, &keyUri);
359     if (ret != CM_SUCCESS) {
360         CM_LOG_E("Get uri failed");
361         return ret;
362     }
363 
364     ret = GetAppCertInfo(&keyUri, certType, certUri, certAlias);
365     if (ret != CM_SUCCESS) {
366         CM_LOG_E("GetAppCertInfo failed");
367         return ret;
368     }
369 
370     return ret;
371 }
372 
CmServiceGetAppCertListPack(struct CmBlob * certificateList,const struct CmBlob * fileNames,const uint32_t fileCount)373 static int32_t CmServiceGetAppCertListPack(struct CmBlob *certificateList, const struct CmBlob *fileNames,
374     const uint32_t fileCount)
375 {
376     /* buff struct: cert count + (cert type +  cert uri +  cert alias) * MAX_CERT_COUNT */
377     uint32_t buffSize = sizeof(uint32_t) + (sizeof(uint32_t) + MAX_LEN_SUBJECT_NAME + sizeof(uint32_t) +
378         MAX_LEN_URI + sizeof(uint32_t) + MAX_LEN_CERT_ALIAS) * MAX_COUNT_CERTIFICATE;
379     certificateList->data = (uint8_t *)CmMalloc(buffSize);
380     if (certificateList->data == NULL) {
381         return CMR_ERROR_MALLOC_FAIL;
382     }
383     certificateList->size = buffSize;
384 
385     uint32_t offset = 0;
386     int32_t ret = CopyUint32ToBuffer(fileCount, certificateList, &offset);
387     if (ret != CM_SUCCESS) {
388         CM_LOG_E("Copy certificate count failed");
389         return ret;
390     }
391 
392     for (uint32_t i = 0; i < fileCount; i++) {
393         uint8_t typeBuf[MAX_LEN_SUBJECT_NAME] = {0};
394         struct CmBlob certType = { sizeof(typeBuf), typeBuf };
395         uint8_t certUriBuf[MAX_LEN_URI] = {0};
396         struct CmBlob certUri = { sizeof(certUriBuf), certUriBuf };
397         uint8_t aliasBuf[MAX_LEN_CERT_ALIAS] = {0};
398         struct CmBlob certAlias = { sizeof(aliasBuf), aliasBuf };
399 
400         ret = CmCertListGetAppCertInfo(&fileNames[i], &certType, &certUri, &certAlias);
401         if (ret != CM_SUCCESS) {
402             CM_LOG_E("CmCertListGetAppCertInfo failed");
403             return ret;
404         }
405 
406         ret = CopyBlobToBuffer(&certType, certificateList, &offset);
407         if (ret != CM_SUCCESS) {
408             CM_LOG_E("Copy certType failed");
409             return ret;
410         }
411 
412         ret = CopyBlobToBuffer(&certUri, certificateList, &offset);
413         if (ret != CM_SUCCESS) {
414             CM_LOG_E("Copy certUri failed");
415             return ret;
416         }
417 
418         ret = CopyBlobToBuffer(&certAlias, certificateList, &offset);
419         if (ret != CM_SUCCESS) {
420             CM_LOG_E("Copy certAlies failed");
421             return ret;
422         }
423     }
424 
425     return ret;
426 }
427 
CmIpcServiceGetAppCertList(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)428 void CmIpcServiceGetAppCertList(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
429     const struct CmContext *context)
430 {
431     int32_t ret;
432     (void)outData;
433     uint32_t store;
434     uint32_t fileCount = 0;
435     struct CmContext cmContext = {0};
436     struct CmBlob certificateList = { 0, NULL };
437     struct CmBlob fileNames[MAX_COUNT_CERTIFICATE];
438     uint32_t len = MAX_COUNT_CERTIFICATE * sizeof(struct CmBlob);
439     (void)memset_s(fileNames, len, 0, len);
440     struct CmParamSet *paramSet = NULL;
441     struct CmParamOut params[] = {
442         { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
443     };
444 
445     do {
446         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
447         if (ret != CM_SUCCESS) {
448             CM_LOG_E("CmIpcServiceGetAppCertList get input params failed, ret = %d", ret);
449             break;
450         }
451 
452         ret = CmServiceGetAppCertListCheck(store);
453         if (ret != CM_SUCCESS) {
454             CM_LOG_E("CmServiceGetAppCertListCheck fail, ret = %d", ret);
455             break;
456         }
457 
458         ret = CmServiceGetAppCertList(&cmContext, store, fileNames, MAX_COUNT_CERTIFICATE, &fileCount);
459         if (ret != CM_SUCCESS) {
460             CM_LOG_E("Get App cert list fail, ret = %d", ret);
461             break;
462         }
463 
464         ret = CmServiceGetAppCertListPack(&certificateList, fileNames, fileCount);
465         if (ret != CM_SUCCESS) {
466             CM_LOG_E("CmServiceGetAppCertListPack pack fail, ret = %d", ret);
467         }
468     } while (0);
469 
470     CmSendResponse(context, ret, &certificateList);
471     CmFreeParamSet(&paramSet);
472     CmFreeFileNames(fileNames, fileCount);
473     CM_FREE_BLOB(certificateList);
474     CM_LOG_I("CmIpcServiceGetAppCertList end:%d", ret);
475 }
476 
CopyCertificateInfoToBuffer(const struct CmBlob * certBlob,const struct CmBlob * certificateInfo,uint32_t * offset)477 static int32_t CopyCertificateInfoToBuffer(const struct CmBlob *certBlob,
478     const struct CmBlob *certificateInfo, uint32_t *offset)
479 {
480     if (certBlob->size < (sizeof(struct AppCert) - MAX_LEN_CERTIFICATE_CHAIN)) {
481         CM_LOG_E("certInfo size[%u] invalid", certBlob->size);
482         return CMR_ERROR_INVALID_ARGUMENT;
483     }
484 
485     struct AppCert *appCert = (struct AppCert *)certBlob->data;
486     if ((certBlob->size - (sizeof(struct AppCert) - MAX_LEN_CERTIFICATE_CHAIN)) < appCert->certSize) {
487         CM_LOG_E("certInfo data size[%u] invalid, certSize[%u]", certBlob->size, appCert->certSize);
488         return CMR_ERROR_INVALID_ARGUMENT;
489     }
490 
491     int32_t ret = CopyUint32ToBuffer(appCert->certCount, certificateInfo, offset);
492     if (ret != CM_SUCCESS) {
493         CM_LOG_E("copy appcert->certCount failed");
494         return ret;
495     }
496 
497     ret = CopyUint32ToBuffer(appCert->keyCount, certificateInfo, offset);
498     if (ret != CM_SUCCESS) {
499         CM_LOG_E("get appcert->keyCount failed");
500         return ret;
501     }
502 
503     struct CmBlob appCertBlob = { appCert->certSize, appCert->appCertdata };
504     ret = CopyBlobToBuffer(&appCertBlob, certificateInfo, offset);
505     if (ret != CM_SUCCESS) {
506         CM_LOG_E("Copy appCertBlob failed");
507     }
508 
509     return ret;
510 }
511 
CopyCertSize(const struct CmBlob * certBlob,const struct CmBlob * certificateInfo,uint32_t * offset)512 static int32_t CopyCertSize(const struct CmBlob *certBlob, const struct CmBlob *certificateInfo,
513     uint32_t *offset)
514 {
515     uint32_t certCount = (((certBlob->size > 0) && (certBlob->data != NULL)) ? 1 : 0);
516 
517     int32_t ret = CopyUint32ToBuffer(certCount, certificateInfo, offset);
518     if (ret != CM_SUCCESS) {
519         CM_LOG_E("copy certificateList->size failed");
520         return ret;
521     }
522     if (certCount == 0) {
523         CM_LOG_E("app cert not exist");
524         return CMR_ERROR_NOT_EXIST;
525     }
526     return ret;
527 }
528 
CmAppCertificateInfoPack(struct CmBlob * certificateInfo,const struct CmBlob * certBlob,const struct CmBlob * keyUri)529 static int32_t CmAppCertificateInfoPack(struct CmBlob *certificateInfo,
530     const struct CmBlob *certBlob, const struct CmBlob *keyUri)
531 {
532     /* buff struct: certCount + certType + certAlias + certUri + certNum + keyNum + credData */
533     uint32_t buffSize = sizeof(uint32_t) + sizeof(uint32_t) + MAX_LEN_SUBJECT_NAME +
534         sizeof(uint32_t) + MAX_LEN_CERT_ALIAS + sizeof(uint32_t) + MAX_LEN_URI +
535         sizeof(uint32_t) + sizeof(uint32_t) + sizeof(uint32_t) + MAX_LEN_CERTIFICATE_CHAIN;
536     certificateInfo->data = (uint8_t *)CmMalloc(buffSize);
537     if (certificateInfo->data == NULL) {
538         return CMR_ERROR_MALLOC_FAIL;
539     }
540     certificateInfo->size = buffSize;
541 
542     uint32_t offset = 0;
543     if (CopyCertSize(certBlob, certificateInfo, &offset) != CM_SUCCESS) {
544         return CMR_ERROR_NOT_EXIST;
545     }
546 
547     uint8_t typeBuf[MAX_LEN_SUBJECT_NAME] = {0};
548     uint8_t certUriBuf[MAX_LEN_URI] = {0};
549     uint8_t aliasBuf[MAX_LEN_CERT_ALIAS] = {0};
550     struct CmBlob certType = { sizeof(typeBuf), typeBuf };
551     struct CmBlob certUri = { sizeof(certUriBuf), certUriBuf };
552     struct CmBlob cerAlias = { sizeof(aliasBuf), aliasBuf };
553     int32_t ret = GetAppCertInfo(keyUri, &certType, &certUri, &cerAlias);
554     if (ret != CM_SUCCESS) {
555         CM_LOG_E("GetAppCertInfo failed");
556         return ret;
557     }
558 
559     if (CopyBlobToBuffer(&certType, certificateInfo, &offset) != CM_SUCCESS) {
560         CM_LOG_E("Copy certType failed");
561         return CMR_ERROR;
562     }
563 
564     if (CopyBlobToBuffer(&certUri, certificateInfo, &offset) != CM_SUCCESS) {
565         CM_LOG_E("Copy certUri failed");
566         return CMR_ERROR;
567     }
568 
569     if (CopyBlobToBuffer(&cerAlias, certificateInfo, &offset) != CM_SUCCESS) {
570         CM_LOG_E("Copy cerAlias failed");
571         return CMR_ERROR;
572     }
573 
574     ret = CopyCertificateInfoToBuffer(certBlob, certificateInfo, &offset);
575     if (ret != CM_SUCCESS) {
576         CM_LOG_E("Copy CertificateInfo failed");
577         return ret;
578     }
579 
580     return ret;
581 }
582 
CmIpcServiceGetAppCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)583 void CmIpcServiceGetAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
584     const struct CmContext *context)
585 {
586     int32_t ret;
587     (void)outData;
588     uint32_t store;
589     struct CmBlob keyUri = { 0, NULL };
590     struct CmBlob certificateInfo = { 0, NULL };
591     struct CmBlob certBlob = { 0, NULL };
592     struct CmContext cmContext = {0};
593     struct CmParamSet *paramSet = NULL;
594     struct CmParamOut params[] = {
595         {
596             .tag = CM_TAG_PARAM0_BUFFER,
597             .blob = &keyUri
598         },
599         {
600             .tag = CM_TAG_PARAM0_UINT32,
601             .uint32Param = &store
602         },
603     };
604     do {
605         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
606         if (ret != CM_SUCCESS) {
607             CM_LOG_E("CmIpcServiceGetAppCert get input params failed, ret = %d", ret);
608             break;
609         }
610 
611         ret = CmServiceGetAppCertCheck(store, &keyUri);
612         if (ret != CM_SUCCESS) {
613             CM_LOG_E("GCmServiceGetAppCertCheck fail, ret = %d", ret);
614             break;
615         }
616 
617         ret = CmServiceGetAppCert(&cmContext, store, &keyUri, &certBlob);
618         if (ret != CM_SUCCESS) {
619             CM_LOG_E("Get App cert list fail, ret = %d", ret);
620             break;
621         }
622 
623         ret = CmAppCertificateInfoPack(&certificateInfo, &certBlob, &keyUri);
624         if (ret != CM_SUCCESS) {
625             CM_LOG_E("CmAppCertificateInfoPack fail, ret = %d", ret);
626         }
627     } while (0);
628 
629     CmSendResponse(context, ret, &certificateInfo);
630     CmFreeParamSet(&paramSet);
631     CM_FREE_BLOB(certBlob);
632     CM_FREE_BLOB(certificateInfo);
633     CM_LOG_I("CmIpcServiceGetAppCert end:%d", ret);
634 }
635 
GetAuthedList(const struct CmContext * context,const struct CmBlob * keyUri,struct CmBlob * outData)636 static int32_t GetAuthedList(const struct CmContext *context, const struct CmBlob *keyUri, struct CmBlob *outData)
637 {
638     if (outData->size < sizeof(uint32_t)) { /* appUidCount size */
639         CM_LOG_E("invalid outData size[%u]", outData->size);
640         return CMR_ERROR_INVALID_ARGUMENT;
641     }
642 
643     uint32_t count = (outData->size - sizeof(uint32_t)) / sizeof(uint32_t);
644     struct CmAppUidList appUidList = { count, NULL };
645     if (count != 0) {
646         appUidList.appUid = (uint32_t *)(outData->data + sizeof(uint32_t));
647     }
648 
649     int32_t ret = CmServiceGetAuthorizedAppList(context, keyUri, &appUidList);
650     if (ret != CM_SUCCESS) {
651         CM_LOG_E("service get authed list failed, ret = %d", ret);
652         return ret;
653     }
654 
655     /* refresh outData:  1.refresh appUidCount; 2.appUidCount is no bigger than count */
656     (void)memcpy_s(outData->data, sizeof(uint32_t), &appUidList.appUidCount, sizeof(uint32_t));
657     outData->size = sizeof(uint32_t) + sizeof(uint32_t) * appUidList.appUidCount;
658 
659     return CM_SUCCESS;
660 }
661 
CmIpcServiceGrantAppCertificate(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)662 void CmIpcServiceGrantAppCertificate(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
663     const struct CmContext *context)
664 {
665     struct CmContext cmContext = { 0, 0, {0} };
666     struct CmParamSet *paramSet = NULL;
667     struct CmBlob keyUri = { 0, NULL };
668     int32_t ret;
669     do {
670         uint32_t grantUid = 0;
671         struct CmParamOut params[] = {
672             { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri },
673             { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &grantUid },
674         };
675         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
676         if (ret != CM_SUCCESS) {
677             CM_LOG_E("get input params failed, ret = %d", ret);
678             break;
679         }
680 
681         ret = CmServiceGrantAppCertificate(&cmContext, &keyUri, grantUid, outData);
682         if (ret != CM_SUCCESS) {
683             CM_LOG_E("service grant app failed, ret = %d", ret);
684             break;
685         }
686     } while (0);
687 
688     CmReport(__func__, &cmContext, &keyUri, ret);
689 
690     CM_LOG_I("CmIpcServiceGrantAppCertificate end:%d", ret);
691     CmSendResponse(context, ret, outData);
692     CmFreeParamSet(&paramSet);
693 }
694 
CmIpcServiceGetAuthorizedAppList(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)695 void CmIpcServiceGetAuthorizedAppList(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
696     const struct CmContext *context)
697 {
698     struct CmContext cmContext = { 0, 0, {0} };
699     struct CmParamSet *paramSet = NULL;
700     struct CmBlob keyUri = { 0, NULL };
701 
702     int32_t ret;
703     do {
704         struct CmParamOut params[] = {
705             { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri },
706         };
707         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
708         if (ret != CM_SUCCESS) {
709             CM_LOG_E("get input params failed, ret = %d", ret);
710             break;
711         }
712 
713         ret = GetAuthedList(&cmContext, &keyUri, outData);
714         if (ret != CM_SUCCESS) {
715             CM_LOG_E("get authed app list failed, ret = %d", ret);
716             break;
717         }
718     } while (0);
719     CmReport(__func__, &cmContext, &keyUri, ret);
720 
721     CM_LOG_I("CmIpcServiceGetAuthorizedAppList end:%d", ret);
722     CmSendResponse(context, ret, outData);
723     CmFreeParamSet(&paramSet);
724 }
725 
CmIpcServiceIsAuthorizedApp(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)726 void CmIpcServiceIsAuthorizedApp(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
727     const struct CmContext *context)
728 {
729     (void)outData;
730     struct CmContext cmContext = { 0, 0, {0} };
731     struct CmParamSet *paramSet = NULL;
732     struct CmBlob authUri = { 0, NULL };
733 
734     int32_t ret;
735     do {
736         struct CmParamOut params[] = {
737             { .tag = CM_TAG_PARAM0_BUFFER, .blob = &authUri },
738         };
739         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
740         if (ret != CM_SUCCESS) {
741             CM_LOG_E("get input params failed, ret = %d", ret);
742             break;
743         }
744 
745         ret = CmServiceIsAuthorizedApp(&cmContext, &authUri);
746         if (ret != CM_SUCCESS) {
747             CM_LOG_E("service check is authed app failed, ret = %d", ret);
748             break;
749         }
750     } while (0);
751 
752     CmReport(__func__, &cmContext, &authUri, ret);
753     CM_LOG_I("CmIpcServiceIsAuthorizedApp end:%d", ret);
754     CmSendResponse(context, ret, NULL);
755     CmFreeParamSet(&paramSet);
756 }
757 
CmIpcServiceRemoveGrantedApp(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)758 void CmIpcServiceRemoveGrantedApp(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
759     const struct CmContext *context)
760 {
761     struct CmContext cmContext = { 0, 0, {0} };
762     struct CmParamSet *paramSet = NULL;
763     (void)outData;
764     struct CmBlob keyUri = { 0, NULL };
765 
766     int32_t ret;
767     do {
768         uint32_t appUid = 0;
769         struct CmParamOut params[] = {
770             { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri },
771             { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &appUid },
772         };
773         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
774         if (ret != CM_SUCCESS) {
775             CM_LOG_E("get input params failed, ret = %d", ret);
776             break;
777         }
778 
779         ret = CmServiceRemoveGrantedApp(&cmContext, &keyUri, appUid);
780         if (ret != CM_SUCCESS) {
781             CM_LOG_E("service remove grant app failed, ret = %d", ret);
782             break;
783         }
784     } while (0);
785     CmReport(__func__, &cmContext, &keyUri, ret);
786 
787     CM_LOG_I("CmIpcServiceRemoveGrantedApp end:%d", ret);
788     CmSendResponse(context, ret, NULL);
789     CmFreeParamSet(&paramSet);
790 }
791 
CmIpcServiceInit(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)792 void CmIpcServiceInit(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
793     const struct CmContext *context)
794 {
795     struct CmContext cmContext = { 0, 0, {0} };
796     struct CmParamSet *paramSet = NULL;
797 
798     int32_t ret;
799     do {
800         struct CmBlob authUri = { 0, NULL };
801         struct CmBlob specBlob = { 0, NULL };
802         struct CmParamOut params[] = {
803             { .tag = CM_TAG_PARAM0_BUFFER, .blob = &authUri },
804             { .tag = CM_TAG_PARAM1_BUFFER, .blob = &specBlob },
805         };
806         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
807         if (ret != CM_SUCCESS) {
808             CM_LOG_E("get input params failed, ret = %d", ret);
809             break;
810         }
811 
812         struct CmSignatureSpec spec = { 0 };
813         if (specBlob.size < sizeof(struct CmSignatureSpec)) {
814             CM_LOG_E("invalid input spec size");
815             ret = CMR_ERROR_INVALID_ARGUMENT;
816             break;
817         }
818         (void)memcpy_s(&spec, sizeof(struct CmSignatureSpec), specBlob.data, sizeof(struct CmSignatureSpec));
819 
820         ret = CmServiceInit(&cmContext, &authUri, &spec, outData);
821         if (ret != CM_SUCCESS) {
822             CM_LOG_E("service init failed, ret = %d", ret);
823             break;
824         }
825     } while (0);
826 
827     CM_LOG_I("CmIpcServiceInit end:%d", ret);
828     CmSendResponse(context, ret, outData);
829     CmFreeParamSet(&paramSet);
830 }
831 
CmIpcServiceUpdate(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)832 void CmIpcServiceUpdate(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
833     const struct CmContext *context)
834 {
835     (void)outData;
836     struct CmContext cmContext = { 0, 0, {0} };
837     struct CmParamSet *paramSet = NULL;
838 
839     int32_t ret;
840     do {
841         struct CmBlob handleUpdate = { 0, NULL };
842         struct CmBlob inDataUpdate = { 0, NULL };
843         struct CmParamOut params[] = {
844             { .tag = CM_TAG_PARAM0_BUFFER, .blob = &handleUpdate },
845             { .tag = CM_TAG_PARAM1_BUFFER, .blob = &inDataUpdate },
846         };
847         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
848         if (ret != CM_SUCCESS) {
849             CM_LOG_E("get input params failed, ret = %d", ret);
850             break;
851         }
852 
853         ret = CmServiceUpdate(&cmContext, &handleUpdate, &inDataUpdate);
854         if (ret != CM_SUCCESS) {
855             CM_LOG_E("service update failed, ret = %d", ret);
856             break;
857         }
858     } while (0);
859 
860     CM_LOG_I("CmIpcServiceUpdate end:%d", ret);
861     CmSendResponse(context, ret, NULL);
862     CmFreeParamSet(&paramSet);
863 }
864 
CmIpcServiceFinish(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)865 void CmIpcServiceFinish(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
866     const struct CmContext *context)
867 {
868     struct CmContext cmContext = { 0, 0, {0} };
869     struct CmParamSet *paramSet = NULL;
870 
871     int32_t ret;
872     do {
873         struct CmBlob handleFinish = { 0, NULL };
874         struct CmBlob inDataFinish = { 0, NULL };
875         struct CmParamOut params[] = {
876             { .tag = CM_TAG_PARAM0_BUFFER, .blob = &handleFinish },
877             { .tag = CM_TAG_PARAM1_BUFFER, .blob = &inDataFinish },
878         };
879         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
880         if (ret != CM_SUCCESS) {
881             CM_LOG_E("get input params failed, ret = %d", ret);
882             break;
883         }
884 
885         ret = CmServiceFinish(&cmContext, &handleFinish, &inDataFinish, outData);
886         if (ret != CM_SUCCESS) {
887             CM_LOG_E("service finish failed, ret = %d", ret);
888             break;
889         }
890     } while (0);
891 
892     CM_LOG_I("CmIpcServiceFinish end:%d", ret);
893     CmSendResponse(context, ret, outData);
894     CmFreeParamSet(&paramSet);
895 }
896 
CmIpcServiceAbort(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)897 void CmIpcServiceAbort(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
898     const struct CmContext *context)
899 {
900     (void)outData;
901     struct CmContext cmContext = { 0, 0, {0} };
902     struct CmParamSet *paramSet = NULL;
903 
904     int32_t ret;
905     do {
906         struct CmBlob handle = { 0, NULL };
907         struct CmParamOut params[] = {
908             { .tag = CM_TAG_PARAM0_BUFFER, .blob = &handle },
909         };
910         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
911         if (ret != CM_SUCCESS) {
912             CM_LOG_E("get input params failed, ret = %d", ret);
913             break;
914         }
915 
916         ret = CmServiceAbort(&cmContext, &handle);
917         if (ret != CM_SUCCESS) {
918             CM_LOG_E("service abort failed, ret = %d", ret);
919             break;
920         }
921     } while (0);
922 
923     CM_LOG_I("CmIpcServiceAbort end:%d", ret);
924     CmSendResponse(context, ret, NULL);
925     CmFreeParamSet(&paramSet);
926 }
927 
CmIpcServiceGetUserCertList(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)928 void CmIpcServiceGetUserCertList(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
929     const struct CmContext *context)
930 {
931     int32_t ret = CM_SUCCESS;
932     uint32_t store;
933     struct CmContext cmContext = {0};
934     struct CmParamSet *paramSet = NULL;
935     struct CmMutableBlob certFileList = { 0, NULL };
936     struct CmParamOut params[] = {
937         { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
938     };
939 
940     do {
941         if (!CmHasCommonPermission()) {
942             CM_LOG_E("caller no permission");
943             ret = CMR_ERROR_PERMISSION_DENIED;
944             break;
945         }
946 
947         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
948         if (ret != CM_SUCCESS) {
949             CM_LOG_E("GetUserCertList get input params failed, ret = %d", ret);
950             break;
951         }
952 
953         ret = CmServiceGetCertList(&cmContext, store, &certFileList);
954         if (ret != CM_SUCCESS) {
955             CM_LOG_E("GetCertList failed, ret = %d", ret);
956             break;
957         }
958 
959         ret = CmServiceGetCertListPack(&cmContext, store, &certFileList, outData);
960         if (ret != CM_SUCCESS) {
961             CM_LOG_E("CmServiceGetCertListPack pack fail, ret = %d", ret);
962             break;
963         }
964 
965         CmSendResponse(context, ret, outData);
966     } while (0);
967 
968     struct CmBlob tempBlob = { 0, NULL };
969     CmReport(__func__, &cmContext, &tempBlob, ret);
970 
971     if (ret != CM_SUCCESS) {
972         CmSendResponse(context, ret, NULL);
973     }
974 
975     if (certFileList.data != NULL) {
976         CmFreeCertFiles((struct CertFileInfo *)certFileList.data, certFileList.size);
977     }
978     CmFreeParamSet(&paramSet);
979 }
980 
CmIpcServiceGetUserCertInfo(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)981 void CmIpcServiceGetUserCertInfo(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
982     const struct CmContext *context)
983 {
984     int32_t ret = CM_SUCCESS;
985     uint32_t store;
986     uint32_t status = 0;
987     struct CmBlob certUri = { 0, NULL };
988     struct CmBlob certificateData = { 0, NULL };
989     struct CmContext cmContext = {0};
990     struct CmParamSet *paramSet = NULL;
991     struct CmParamOut params[] = {
992         { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri},
993         { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store},
994     };
995 
996     do {
997         if (!CmHasCommonPermission()) {
998             CM_LOG_E("caller no permission");
999             ret = CMR_ERROR_PERMISSION_DENIED;
1000             break;
1001         }
1002 
1003         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
1004         if (ret != CM_SUCCESS) {
1005             CM_LOG_E("GetUserCertInfo get input params failed, ret = %d", ret);
1006             break;
1007         }
1008 
1009         ret = CmServiceGetCertInfo(&cmContext, &certUri, store, &certificateData, &status);
1010         if (ret != CM_SUCCESS) {
1011             CM_LOG_E("GetCertInfo failed, ret = %d", ret);
1012             break;
1013         }
1014 
1015         ret = CmServiceGetCertInfoPack(store, &certificateData, status, &certUri, outData);
1016         if (ret != CM_SUCCESS) {
1017             CM_LOG_E("CmServiceGetCertInfoPack pack failed, ret = %d", ret);
1018             break;
1019         }
1020         CmSendResponse(context, ret, outData);
1021     } while (0);
1022     CmReport(__func__, &cmContext, &certUri, ret);
1023     if (ret != CM_SUCCESS) {
1024         CmSendResponse(context, ret, NULL);
1025     }
1026     CM_FREE_BLOB(certificateData);
1027     CmFreeParamSet(&paramSet);
1028 }
1029 
CmIpcServiceSetUserCertStatus(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1030 void CmIpcServiceSetUserCertStatus(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1031     const struct CmContext *context)
1032 {
1033     int32_t ret = CM_SUCCESS;
1034     uint32_t store;
1035     uint32_t status;
1036     struct CmBlob certUri = { 0, NULL };
1037     struct CmContext cmContext = {0};
1038     struct CmParamSet *paramSet = NULL;
1039     struct CmParamOut params[] = {
1040         { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri},
1041         { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store},
1042         { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &status},
1043     };
1044 
1045     do {
1046         if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) {
1047             CM_LOG_E("caller no permission");
1048             ret = CMR_ERROR_PERMISSION_DENIED;
1049             break;
1050         }
1051         if (!CmIsSystemApp()) {
1052             CM_LOG_E("set user status: caller is not system app");
1053             ret = CMR_ERROR_NOT_SYSTEMP_APP;
1054             break;
1055         }
1056 
1057         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
1058         if (ret != CM_SUCCESS) {
1059             CM_LOG_E("SetUserCertStatus get input params failed, ret = %d", ret);
1060             break;
1061         }
1062 
1063         ret = CmServiceSetCertStatus(&cmContext, &certUri, store, status);
1064         if (ret != CM_SUCCESS) {
1065             CM_LOG_E("set user cert status failed, ret = %d", ret);
1066             break;
1067         }
1068     } while (0);
1069     CmSendResponse(context, ret, NULL);
1070     CmFreeParamSet(&paramSet);
1071 }
1072 
CmIpcServiceInstallUserCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1073 void CmIpcServiceInstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1074     const struct CmContext *context)
1075 {
1076     int32_t ret = CM_SUCCESS;
1077     struct CmBlob userCert = { 0, NULL };
1078     struct CmBlob certAlias = { 0, NULL };
1079     struct CmContext cmContext = {0};
1080     struct CmParamSet *paramSet = NULL;
1081     struct CmParamOut params[] = {
1082         { .tag = CM_TAG_PARAM0_BUFFER, .blob = &userCert },
1083         { .tag = CM_TAG_PARAM1_BUFFER, .blob = &certAlias },
1084     };
1085 
1086     do {
1087         if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) {
1088             CM_LOG_E("caller no permission");
1089             ret = CMR_ERROR_PERMISSION_DENIED;
1090             break;
1091         }
1092         if (!CmIsSystemApp()) {
1093             CM_LOG_E("install user cert: caller is not system app");
1094             ret = CMR_ERROR_NOT_SYSTEMP_APP;
1095             break;
1096         }
1097 
1098         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
1099         if (ret != CM_SUCCESS) {
1100             CM_LOG_E("InstallUserCert get input params failed, ret = %d", ret);
1101             break;
1102         }
1103 
1104         ret = CmInstallUserCert(&cmContext, &userCert, &certAlias, outData);
1105         if (ret != CM_SUCCESS) {
1106             CM_LOG_E("CertManagerInstallUserCert fail, ret = %d", ret);
1107             break;
1108         }
1109 
1110         CmSendResponse(context, ret, outData);
1111     } while (0);
1112 
1113     struct CmBlob tempBlob = { 0, NULL };
1114     CmReport(__func__, &cmContext, &tempBlob, ret);
1115 
1116     if (ret != CM_SUCCESS) {
1117         CmSendResponse(context, ret, NULL);
1118     }
1119     CmFreeParamSet(&paramSet);
1120 }
1121 
CmIpcServiceUninstallUserCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1122 void CmIpcServiceUninstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1123     const struct CmContext *context)
1124 {
1125     (void)outData;
1126     int32_t ret = CM_SUCCESS;
1127     struct CmBlob certUri = { 0, NULL };
1128     struct CmContext cmContext = {0};
1129     struct CmParamSet *paramSet = NULL;
1130     struct CmParamOut params[] = {
1131         { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri },
1132     };
1133 
1134     do {
1135         if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) {
1136             CM_LOG_E("caller no permission");
1137             ret = CMR_ERROR_PERMISSION_DENIED;
1138             break;
1139         }
1140         if (!CmIsSystemApp()) {
1141             CM_LOG_E("uninstall user cert: caller is not system app");
1142             ret = CMR_ERROR_NOT_SYSTEMP_APP;
1143             break;
1144         }
1145 
1146         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
1147         if (ret != CM_SUCCESS) {
1148             CM_LOG_E("UninstallUserCert get input params failed, ret = %d", ret);
1149             break;
1150         }
1151 
1152         ret = CmUninstallUserCert(&cmContext, &certUri);
1153         if (ret != CM_SUCCESS) {
1154             CM_LOG_E("CertManagerUninstallUserCert fail, ret = %d", ret);
1155             break;
1156         }
1157     } while (0);
1158     CmReport(__func__, &cmContext, &certUri, ret);
1159     CmSendResponse(context, ret, NULL);
1160     CmFreeParamSet(&paramSet);
1161 }
1162 
CmIpcServiceUninstallAllUserCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1163 void CmIpcServiceUninstallAllUserCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1164     const struct CmContext *context)
1165 {
1166     (void)outData;
1167     int32_t ret = CM_SUCCESS;
1168     struct CmContext cmContext = {0};
1169 
1170     do {
1171         if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) {
1172             CM_LOG_E("caller no permission");
1173             ret = CMR_ERROR_PERMISSION_DENIED;
1174             break;
1175         }
1176         if (!CmIsSystemApp()) {
1177             CM_LOG_E("uninstall all user cert: caller is not system app");
1178             ret = CMR_ERROR_NOT_SYSTEMP_APP;
1179             break;
1180         }
1181 
1182         ret = CmGetProcessInfoForIPC(&cmContext);
1183         if (ret != CM_SUCCESS) {
1184             CM_LOG_E("CmGetProcessInfoForIPC fail, ret = %d", ret);
1185             break;
1186         }
1187 
1188         ret = CmUninstallAllUserCert(&cmContext);
1189         if (ret != CM_SUCCESS) {
1190             CM_LOG_E("CertManagerUninstallAllUserCert fail, ret = %d", ret);
1191             break;
1192         }
1193     } while (0);
1194     CmSendResponse(context, ret, NULL);
1195 }
1196 
1197