1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "app_control_manager_host_impl.h"
17
18 #include "app_log_wrapper.h"
19 #include "appexecfwk_errors.h"
20 #include "app_control_constants.h"
21 #include "bundle_mgr_service.h"
22 #include "bundle_permission_mgr.h"
23 #include "ipc_skeleton.h"
24
25 namespace OHOS {
26 namespace AppExecFwk {
27 namespace {
28 const std::string PERMISSION_DISPOSED_STATUS = "ohos.permission.MANAGE_DISPOSED_APP_STATUS";
29 }
AppControlManagerHostImpl()30 AppControlManagerHostImpl::AppControlManagerHostImpl()
31 {
32 appControlManager_ = DelayedSingleton<AppControlManager>::GetInstance();
33 dataMgr_ = DelayedSingleton<BundleMgrService>::GetInstance()->GetDataMgr();
34 callingNameMap_ = {
35 {AppControlConstants::EDM_UID, AppControlConstants::EDM_CALLING}
36 };
37 ruleTypeMap_ = {
38 {AppInstallControlRuleType::DISALLOWED_UNINSTALL, AppControlConstants::APP_DISALLOWED_UNINSTALL},
39 {AppInstallControlRuleType::ALLOWED_INSTALL, AppControlConstants::APP_ALLOWED_INSTALL},
40 {AppInstallControlRuleType::DISALLOWED_INSTALL, AppControlConstants::APP_DISALLOWED_INSTALL}
41 };
42 }
43
~AppControlManagerHostImpl()44 AppControlManagerHostImpl::~AppControlManagerHostImpl()
45 {
46 }
47
AddAppInstallControlRule(const std::vector<std::string> & appIds,const AppInstallControlRuleType controlRuleType,int32_t userId)48 ErrCode AppControlManagerHostImpl::AddAppInstallControlRule(const std::vector<std::string> &appIds,
49 const AppInstallControlRuleType controlRuleType, int32_t userId)
50 {
51 APP_LOGD("AddAppInstallControlRule start");
52 std::string callingName = GetCallingName();
53 std::string ruleType = GetControlRuleType(controlRuleType);
54 if (callingName.empty()) {
55 APP_LOGE("callingName is invalid");
56 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
57 }
58 if (ruleType.empty()) {
59 APP_LOGE("controlRuleType is invalid");
60 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
61 }
62 auto ret = appControlManager_->AddAppInstallControlRule(callingName, appIds, ruleType, userId);
63 if (ret != ERR_OK) {
64 APP_LOGE("AddAppInstallControlRule failed due to error %{public}d", ret);
65 return ret;
66 }
67 if (ruleType == AppControlConstants::APP_DISALLOWED_UNINSTALL) {
68 UpdateAppControlledInfo(userId);
69 }
70 return ERR_OK;
71 }
72
DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,const std::vector<std::string> & appIds,int32_t userId)73 ErrCode AppControlManagerHostImpl::DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,
74 const std::vector<std::string> &appIds, int32_t userId)
75 {
76 APP_LOGD("DeleteAppInstallControlRule start");
77 std::string ruleType = GetControlRuleType(controlRuleType);
78 if (ruleType.empty()) {
79 APP_LOGE("controlRuleType is invalid");
80 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
81 }
82 std::string callingName = GetCallingName();
83 if (callingName.empty()) {
84 APP_LOGE("callingName is invalid");
85 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
86 }
87 auto ret = appControlManager_->DeleteAppInstallControlRule(callingName, ruleType, appIds, userId);
88 if (ret != ERR_OK) {
89 APP_LOGE("DeleteAppInstallControlRule failed due to error %{public}d", ret);
90 return ret;
91 }
92 if (ruleType == AppControlConstants::APP_DISALLOWED_UNINSTALL) {
93 UpdateAppControlledInfo(userId);
94 }
95 return ERR_OK;
96 }
97
DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,int32_t userId)98 ErrCode AppControlManagerHostImpl::DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,
99 int32_t userId)
100 {
101 APP_LOGD("CleanAppInstallControlRule start");
102 std::string callingName = GetCallingName();
103 std::string ruleType = GetControlRuleType(controlRuleType);
104 if (callingName.empty()) {
105 APP_LOGE("callingName is invalid");
106 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
107 }
108 if (ruleType.empty()) {
109 APP_LOGE("controlRuleType is invalid");
110 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
111 }
112 auto ret = appControlManager_->DeleteAppInstallControlRule(callingName, ruleType, userId);
113 if (ret != ERR_OK) {
114 APP_LOGE("CleanAppInstallControlRule failed due to error %{public}d", ret);
115 return ret;
116 }
117 if (ruleType == AppControlConstants::APP_DISALLOWED_UNINSTALL) {
118 UpdateAppControlledInfo(userId);
119 }
120 return ERR_OK;
121 }
122
GetAppInstallControlRule(const AppInstallControlRuleType controlRuleType,int32_t userId,std::vector<std::string> & appIds)123 ErrCode AppControlManagerHostImpl::GetAppInstallControlRule(
124 const AppInstallControlRuleType controlRuleType, int32_t userId, std::vector<std::string> &appIds)
125 {
126 APP_LOGD("GetAppInstallControlRule start");
127 std::string callingName = GetCallingName();
128 std::string ruleType = GetControlRuleType(controlRuleType);
129 if (callingName.empty()) {
130 APP_LOGE("callingName is invalid");
131 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
132 }
133 if (ruleType.empty()) {
134 APP_LOGE("controlRuleType is invalid");
135 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
136 }
137
138 return appControlManager_->GetAppInstallControlRule(callingName, ruleType, userId, appIds);
139 }
140
AddAppRunningControlRule(const std::vector<AppRunningControlRule> & controlRules,int32_t userId)141 ErrCode AppControlManagerHostImpl::AddAppRunningControlRule(
142 const std::vector<AppRunningControlRule> &controlRules, int32_t userId)
143 {
144 std::string callingName = GetCallingName();
145 if (callingName.empty()) {
146 APP_LOGE("callingName is invalid");
147 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
148 }
149 return appControlManager_->AddAppRunningControlRule(callingName, controlRules, userId);
150 }
151
DeleteAppRunningControlRule(const std::vector<AppRunningControlRule> & controlRules,int32_t userId)152 ErrCode AppControlManagerHostImpl::DeleteAppRunningControlRule(
153 const std::vector<AppRunningControlRule> &controlRules, int32_t userId)
154 {
155 std::string callingName = GetCallingName();
156 if (callingName.empty()) {
157 APP_LOGE("callingName is invalid");
158 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
159 }
160 return appControlManager_->DeleteAppRunningControlRule(callingName, controlRules, userId);
161 }
162
DeleteAppRunningControlRule(int32_t userId)163 ErrCode AppControlManagerHostImpl::DeleteAppRunningControlRule(int32_t userId)
164 {
165 std::string callingName = GetCallingName();
166 if (callingName.empty()) {
167 APP_LOGE("callingName is invalid");
168 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
169 }
170 return appControlManager_->DeleteAppRunningControlRule(callingName, userId);
171 }
172
GetAppRunningControlRule(int32_t userId,std::vector<std::string> & appIds)173 ErrCode AppControlManagerHostImpl::GetAppRunningControlRule(int32_t userId, std::vector<std::string> &appIds)
174 {
175 std::string callingName = GetCallingName();
176 if (callingName.empty()) {
177 APP_LOGE("callingName is invalid");
178 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
179 }
180 return appControlManager_->GetAppRunningControlRule(callingName, userId, appIds);
181 }
182
GetAppRunningControlRule(const std::string & bundleName,int32_t userId,AppRunningControlRuleResult & controlRuleResult)183 ErrCode AppControlManagerHostImpl::GetAppRunningControlRule(
184 const std::string &bundleName, int32_t userId, AppRunningControlRuleResult &controlRuleResult)
185 {
186 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
187 if (uid != AppControlConstants::FOUNDATION_UID) {
188 APP_LOGW("calling permission denied");
189 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
190 }
191 return appControlManager_->GetAppRunningControlRule(bundleName, userId, controlRuleResult);
192 }
193
ConfirmAppJumpControlRule(const std::string & callerBundleName,const std::string & targetBundleName,int32_t userId)194 ErrCode AppControlManagerHostImpl::ConfirmAppJumpControlRule(const std::string &callerBundleName,
195 const std::string &targetBundleName, int32_t userId)
196 {
197 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
198 if (uid != AppControlConstants::FOUNDATION_UID) {
199 APP_LOGE("callingName is invalid");
200 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
201 }
202 return appControlManager_->ConfirmAppJumpControlRule(callerBundleName, targetBundleName, userId);
203 }
204
AddAppJumpControlRule(const std::vector<AppJumpControlRule> & controlRules,int32_t userId)205 ErrCode AppControlManagerHostImpl::AddAppJumpControlRule(const std::vector<AppJumpControlRule> &controlRules,
206 int32_t userId)
207 {
208 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
209 if (uid != AppControlConstants::FOUNDATION_UID) {
210 APP_LOGE("callingName is invalid");
211 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
212 }
213 return appControlManager_->AddAppJumpControlRule(controlRules, userId);
214 }
215
DeleteAppJumpControlRule(const std::vector<AppJumpControlRule> & controlRules,int32_t userId)216 ErrCode AppControlManagerHostImpl::DeleteAppJumpControlRule(const std::vector<AppJumpControlRule> &controlRules,
217 int32_t userId)
218 {
219 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
220 if (uid != AppControlConstants::FOUNDATION_UID) {
221 APP_LOGE("callingName is invalid");
222 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
223 }
224 return appControlManager_->DeleteAppJumpControlRule(controlRules, userId);
225 }
226
DeleteRuleByCallerBundleName(const std::string & callerBundleName,int32_t userId)227 ErrCode AppControlManagerHostImpl::DeleteRuleByCallerBundleName(const std::string &callerBundleName, int32_t userId)
228 {
229 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
230 if (uid != AppControlConstants::FOUNDATION_UID) {
231 APP_LOGE("callingName is invalid");
232 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
233 }
234 return appControlManager_->DeleteRuleByCallerBundleName(callerBundleName, userId);
235 }
236
DeleteRuleByTargetBundleName(const std::string & targetBundleName,int32_t userId)237 ErrCode AppControlManagerHostImpl::DeleteRuleByTargetBundleName(const std::string &targetBundleName, int32_t userId)
238 {
239 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
240 if (uid != AppControlConstants::FOUNDATION_UID) {
241 APP_LOGE("callingName is invalid");
242 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
243 }
244 return appControlManager_->DeleteRuleByTargetBundleName(targetBundleName, userId);
245 }
246
GetAppJumpControlRule(const std::string & callerBundleName,const std::string & targetBundleName,int32_t userId,AppJumpControlRule & controlRule)247 ErrCode AppControlManagerHostImpl::GetAppJumpControlRule(const std::string &callerBundleName,
248 const std::string &targetBundleName, int32_t userId, AppJumpControlRule &controlRule)
249 {
250 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
251 if (uid != AppControlConstants::FOUNDATION_UID) {
252 APP_LOGW("calling permission denied");
253 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
254 }
255 return appControlManager_->GetAppJumpControlRule(callerBundleName, targetBundleName, userId, controlRule);
256 }
257
GetCallingName()258 std::string AppControlManagerHostImpl::GetCallingName()
259 {
260 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
261 auto item = callingNameMap_.find(uid);
262 if (item == callingNameMap_.end()) {
263 APP_LOGW("calling uid is invalid");
264 return "";
265 }
266 return item->second;
267 }
268
GetControlRuleType(const AppInstallControlRuleType controlRuleType)269 std::string AppControlManagerHostImpl::GetControlRuleType(const AppInstallControlRuleType controlRuleType)
270 {
271 auto item = ruleTypeMap_.find(controlRuleType);
272 if (item == ruleTypeMap_.end()) {
273 APP_LOGW("controlRuleType:%{public}d is invalid", static_cast<int32_t>(controlRuleType));
274 return "";
275 }
276 return item->second;
277 }
278
GetCallingUserId()279 int32_t AppControlManagerHostImpl::GetCallingUserId()
280 {
281 return OHOS::IPCSkeleton::GetCallingUid() / Constants::BASE_USER_RANGE;
282 }
283
SetDisposedStatus(const std::string & appId,const Want & want)284 ErrCode AppControlManagerHostImpl::SetDisposedStatus(const std::string &appId, const Want &want)
285 {
286 APP_LOGD("host begin to SetDisposedStatus");
287 if (!BundlePermissionMgr::VerifySystemApp()) {
288 APP_LOGE("non-system app calling system api");
289 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
290 }
291 if (!BundlePermissionMgr::VerifyCallingPermission(PERMISSION_DISPOSED_STATUS)) {
292 APP_LOGW("verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
293 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
294 }
295 ErrCode ret = appControlManager_->SetDisposedStatus(appId, want, GetCallingUserId());
296 if (ret != ERR_OK) {
297 APP_LOGW("host SetDisposedStatus error:%{public}d", ret);
298 }
299 return ret;
300 }
301
DeleteDisposedStatus(const std::string & appId)302 ErrCode AppControlManagerHostImpl::DeleteDisposedStatus(const std::string &appId)
303 {
304 APP_LOGD("host begin to DeleteDisposedStatus");
305 if (!BundlePermissionMgr::VerifySystemApp()) {
306 APP_LOGE("non-system app calling system api");
307 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
308 }
309 if (!BundlePermissionMgr::VerifyCallingPermission(PERMISSION_DISPOSED_STATUS)) {
310 APP_LOGW("verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
311 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
312 }
313 ErrCode ret = appControlManager_->DeleteDisposedStatus(appId, GetCallingUserId());
314 if (ret != ERR_OK) {
315 APP_LOGW("host DeletetDisposedStatus error:%{public}d", ret);
316 }
317 return ret;
318 }
319
GetDisposedStatus(const std::string & appId,Want & want)320 ErrCode AppControlManagerHostImpl::GetDisposedStatus(const std::string &appId, Want &want)
321 {
322 APP_LOGD("host begin to GetDisposedStatus");
323 if (!BundlePermissionMgr::VerifySystemApp()) {
324 APP_LOGE("non-system app calling system api");
325 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
326 }
327 if (!BundlePermissionMgr::VerifyCallingPermission(PERMISSION_DISPOSED_STATUS)) {
328 APP_LOGW("verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
329 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
330 }
331 ErrCode ret = appControlManager_->GetDisposedStatus(appId, want, GetCallingUserId());
332 if (ret != ERR_OK) {
333 APP_LOGW("host GetDisposedStatus error:%{public}d", ret);
334 }
335 return ret;
336 }
337
UpdateAppControlledInfo(int32_t userId) const338 void AppControlManagerHostImpl::UpdateAppControlledInfo(int32_t userId) const
339 {
340 APP_LOGD("start to UpdateAppControlledInfo under userId %{public}d", userId);
341 std::vector<std::string> appIds;
342 ErrCode ret = appControlManager_->GetAppInstallControlRule(AppControlConstants::EDM_CALLING,
343 AppControlConstants::APP_DISALLOWED_UNINSTALL, userId, appIds);
344 if (ret != ERR_OK) {
345 APP_LOGW("no need to update app controlled info due to GetAppInstallControlRule failed code:%{public}d", ret);
346 return;
347 }
348 auto bundleInfos = dataMgr_->GetAllInnerBundleInfos();
349 for (const auto &info : bundleInfos) {
350 InnerBundleUserInfo userInfo;
351 if (!info.second.GetInnerBundleUserInfo(userId, userInfo)) {
352 APP_LOGW("current bundle (%{public}s) is not installed at current userId (%{public}d)",
353 info.first.c_str(), userId);
354 continue;
355 }
356 auto iterator = std::find(appIds.begin(), appIds.end(), info.second.GetAppId());
357 userInfo.isRemovable = (iterator != appIds.end()) ? false : true;
358 dataMgr_->AddInnerBundleUserInfo(info.first, userInfo);
359 }
360 }
361 } // AppExecFwk
362 } // OHOS