• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "local_code_sign_service.h"
17 
18 #include "directory_ex.h"
19 #include "fsverity_utils_helper.h"
20 #include "ipc_skeleton.h"
21 #include "iservice_registry.h"
22 #include "local_sign_key.h"
23 #include "log.h"
24 #include "pkcs7_generator.h"
25 
26 namespace OHOS {
27 namespace Security {
28 namespace CodeSign {
29 const std::string DEFAULT_HASH_ALGORITHM = "sha256";
30 const std::string TASK_ID = "unload";
31 constexpr int32_t DELAY_TIME = 180000;
32 
33 const bool REGISTER_RESULT =
34     SystemAbility::MakeAndRegisterAbility(DelayedSingleton<LocalCodeSignService>::GetInstance().get());
35 
LocalCodeSignService()36 LocalCodeSignService::LocalCodeSignService()
37     : SystemAbility(LOCAL_CODE_SIGN_SA_ID, false), state_(ServiceRunningState::STATE_NOT_START)
38 {
39 }
40 
~LocalCodeSignService()41 LocalCodeSignService::~LocalCodeSignService()
42 {
43 }
44 
OnStart()45 void LocalCodeSignService::OnStart()
46 {
47     LOG_INFO(LABEL, "LocalCodeSignService OnStart");
48     if (state_ == ServiceRunningState::STATE_RUNNING) {
49         LOG_INFO(LABEL, "LocalCodeSignService has already started.");
50         return;
51     }
52     if (!Init()) {
53         LOG_ERROR(LABEL, "Init LocalCodeSignService failed.");
54         return;
55     }
56     bool ret = Publish(DelayedSingleton<LocalCodeSignService>::GetInstance().get());
57     if (!ret) {
58         LOG_ERROR(LABEL, "Publish service failed.");
59         return;
60     }
61     state_ = ServiceRunningState::STATE_RUNNING;
62     DelayUnloadTask();
63 }
64 
Init()65 bool LocalCodeSignService::Init()
66 {
67     auto runner = AppExecFwk::EventRunner::Create(TASK_ID);
68     if (unloadHandler_ == nullptr) {
69         unloadHandler_ = std::make_shared<AppExecFwk::EventHandler>(runner);
70     }
71     return true;
72 }
73 
DelayUnloadTask()74 void LocalCodeSignService::DelayUnloadTask()
75 {
76     auto task = [this]() {
77         sptr<ISystemAbilityManager> samgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
78         if (samgr == nullptr) {
79             LOG_ERROR(LABEL, "Get system ability mgr failed.");
80             return;
81         }
82         int32_t ret = samgr->UnloadSystemAbility(LOCAL_CODE_SIGN_SA_ID);
83         if (ret != ERR_OK) {
84             LOG_ERROR(LABEL, "Remove system ability failed.");
85             return;
86         }
87     };
88     unloadHandler_->RemoveTask(TASK_ID);
89     unloadHandler_->PostTask(task, TASK_ID, DELAY_TIME);
90 }
91 
OnStop()92 void LocalCodeSignService::OnStop()
93 {
94     LOG_INFO(LABEL, "LocalCodeSignService OnStop");
95     state_ = ServiceRunningState::STATE_NOT_START;
96 }
97 
InitLocalCertificate(ByteBuffer & cert)98 int32_t LocalCodeSignService::InitLocalCertificate(ByteBuffer &cert)
99 {
100     LocalSignKey &key = LocalSignKey::GetInstance();
101     if (!key.InitKey()) {
102         LOG_ERROR(LABEL, "Init key failed.");
103         return CS_ERR_HUKS_INIT_KEY;
104     }
105     const ByteBuffer *keyCert = key.GetSignCert();
106     if (keyCert == nullptr) {
107         LOG_ERROR(LABEL, "Get cert failed.");
108         return CS_ERR_HUKS_OBTAIN_CERT;
109     }
110     if (!cert.CopyFrom(keyCert->GetBuffer(), keyCert->GetSize())) {
111         return CS_ERR_MEMORY;
112     }
113     return CS_SUCCESS;
114 }
115 
SignLocalCode(const std::string & filePath,ByteBuffer & signature)116 int32_t LocalCodeSignService::SignLocalCode(const std::string &filePath, ByteBuffer &signature)
117 {
118     ByteBuffer digest;
119     std::string realPath;
120     if (!OHOS::PathToRealPath(filePath, realPath)) {
121         LOG_INFO(LABEL, "Get real path failed, path = %{public}s", filePath.c_str());
122         return CS_ERR_FILE_PATH;
123     }
124     if (!FsverityUtilsHelper::GetInstance().GenerateFormattedDigest(realPath.c_str(), digest)) {
125         LOG_ERROR(LABEL, "Generate formatted fsverity digest failed.");
126         return CS_ERR_COMPUTE_DIGEST;
127     }
128     return PKCS7Generator::GenerateSignature(LocalSignKey::GetInstance(), DEFAULT_HASH_ALGORITHM.c_str(),
129         digest, signature);
130 }
131 }
132 }
133 }
134