1 /*
2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "bundle_installer_host.h"
17
18 #include "app_log_wrapper.h"
19 #include "appexecfwk_errors.h"
20 #include "bundle_constants.h"
21 #include "bundle_framework_core_ipc_interface_code.h"
22 #include "bundle_memory_guard.h"
23 #include "bundle_permission_mgr.h"
24 #include "bundle_sandbox_app_helper.h"
25 #include "bundle_util.h"
26 #include "ffrt.h"
27 #include "installd_client.h"
28 #include "ipc_skeleton.h"
29 #include "ipc_types.h"
30 #include "string_ex.h"
31
32 namespace OHOS {
33 namespace AppExecFwk {
34 namespace {
35 const std::string GET_MANAGER_FAIL = "fail to get bundle installer manager";
36 int32_t INVALID_APP_INDEX = 0;
37 int32_t LOWER_DLP_TYPE_BOUND = 0;
38 int32_t UPPER_DLP_TYPE_BOUND = 3;
39 } // namespace
40
BundleInstallerHost()41 BundleInstallerHost::BundleInstallerHost()
42 {
43 APP_LOGI("create bundle installer host instance");
44 }
45
~BundleInstallerHost()46 BundleInstallerHost::~BundleInstallerHost()
47 {
48 APP_LOGI("destroy bundle installer host instance");
49 }
50
Init()51 bool BundleInstallerHost::Init()
52 {
53 APP_LOGD("begin to init");
54 manager_ = std::make_shared<BundleInstallerManager>();
55 APP_LOGD("init successfully");
56 return true;
57 }
58
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)59 int BundleInstallerHost::OnRemoteRequest(
60 uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option)
61 {
62 BundleMemoryGuard memoryGuard;
63 APP_LOGD("bundle installer host onReceived message, the message code is %{public}u", code);
64
65 std::u16string descripter = GetDescriptor();
66 std::u16string remoteDescripter = data.ReadInterfaceToken();
67 if (descripter != remoteDescripter) {
68 APP_LOGE("fail to write reply message in bundle mgr host due to the reply is nullptr");
69 return OBJECT_NULL;
70 }
71
72 switch (code) {
73 case static_cast<uint32_t>(BundleInstallerInterfaceCode::INSTALL):
74 HandleInstallMessage(data);
75 break;
76 case static_cast<uint32_t>(BundleInstallerInterfaceCode::INSTALL_MULTIPLE_HAPS):
77 HandleInstallMultipleHapsMessage(data);
78 break;
79 case static_cast<uint32_t>(BundleInstallerInterfaceCode::UNINSTALL):
80 HandleUninstallMessage(data);
81 break;
82 case static_cast<uint32_t>(BundleInstallerInterfaceCode::UNINSTALL_MODULE):
83 HandleUninstallModuleMessage(data);
84 break;
85 case static_cast<uint32_t>(BundleInstallerInterfaceCode::UNINSTALL_BY_UNINSTALL_PARAM):
86 HandleUninstallByUninstallParam(data);
87 break;
88 case static_cast<uint32_t>(BundleInstallerInterfaceCode::RECOVER):
89 HandleRecoverMessage(data);
90 break;
91 case static_cast<uint32_t>(BundleInstallerInterfaceCode::INSTALL_SANDBOX_APP):
92 HandleInstallSandboxApp(data, reply);
93 break;
94 case static_cast<uint32_t>(BundleInstallerInterfaceCode::UNINSTALL_SANDBOX_APP):
95 HandleUninstallSandboxApp(data, reply);
96 break;
97 case static_cast<uint32_t>(BundleInstallerInterfaceCode::CREATE_STREAM_INSTALLER):
98 HandleCreateStreamInstaller(data, reply);
99 break;
100 case static_cast<uint32_t>(BundleInstallerInterfaceCode::DESTORY_STREAM_INSTALLER):
101 HandleDestoryBundleStreamInstaller(data, reply);
102 break;
103 default:
104 return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
105 }
106 return NO_ERROR;
107 }
108
HandleInstallMessage(Parcel & data)109 void BundleInstallerHost::HandleInstallMessage(Parcel &data)
110 {
111 APP_LOGD("handle install message");
112 std::string bundlePath = Str16ToStr8(data.ReadString16());
113 std::unique_ptr<InstallParam> installParam(data.ReadParcelable<InstallParam>());
114 if (installParam == nullptr) {
115 APP_LOGE("ReadParcelable<InstallParam> failed");
116 return;
117 }
118 sptr<IRemoteObject> object = data.ReadObject<IRemoteObject>();
119 if (object == nullptr) {
120 APP_LOGE("read failed");
121 return;
122 }
123 sptr<IStatusReceiver> statusReceiver = iface_cast<IStatusReceiver>(object);
124 installParam->withCopyHaps = true;
125 Install(bundlePath, *installParam, statusReceiver);
126 APP_LOGD("handle install message finished");
127 }
128
HandleRecoverMessage(Parcel & data)129 void BundleInstallerHost::HandleRecoverMessage(Parcel &data)
130 {
131 APP_LOGD("handle install message by bundleName");
132 std::string bundleName = Str16ToStr8(data.ReadString16());
133 std::unique_ptr<InstallParam> installParam(data.ReadParcelable<InstallParam>());
134 if (installParam == nullptr) {
135 APP_LOGE("ReadParcelable<InstallParam> failed");
136 return;
137 }
138 sptr<IRemoteObject> object = data.ReadObject<IRemoteObject>();
139 if (object == nullptr) {
140 APP_LOGE("read failed");
141 return;
142 }
143 sptr<IStatusReceiver> statusReceiver = iface_cast<IStatusReceiver>(object);
144
145 Recover(bundleName, *installParam, statusReceiver);
146 APP_LOGD("handle install message by bundleName finished");
147 }
148
HandleInstallMultipleHapsMessage(Parcel & data)149 void BundleInstallerHost::HandleInstallMultipleHapsMessage(Parcel &data)
150 {
151 APP_LOGD("handle install multiple haps message");
152 int32_t size = data.ReadInt32();
153 if (size > Constants::MAX_HAP_NUMBER) {
154 APP_LOGE("bundle path size is greater than the max hap number 128");
155 return;
156 }
157 std::vector<std::string> pathVec;
158 for (int i = 0; i < size; ++i) {
159 pathVec.emplace_back(Str16ToStr8(data.ReadString16()));
160 }
161 if (size == 0 || pathVec.empty()) {
162 APP_LOGE("inputted bundlepath vector is empty");
163 return;
164 }
165 std::unique_ptr<InstallParam> installParam(data.ReadParcelable<InstallParam>());
166 if (installParam == nullptr) {
167 APP_LOGE("ReadParcelable<InstallParam> failed");
168 return;
169 }
170 sptr<IRemoteObject> object = data.ReadObject<IRemoteObject>();
171 if (object == nullptr) {
172 APP_LOGE("read failed");
173 return;
174 }
175 sptr<IStatusReceiver> statusReceiver = iface_cast<IStatusReceiver>(object);
176 installParam->withCopyHaps = true;
177 Install(pathVec, *installParam, statusReceiver);
178 APP_LOGD("handle install multiple haps finished");
179 }
180
HandleUninstallMessage(Parcel & data)181 void BundleInstallerHost::HandleUninstallMessage(Parcel &data)
182 {
183 APP_LOGD("handle uninstall message");
184 std::string bundleName = Str16ToStr8(data.ReadString16());
185 std::unique_ptr<InstallParam> installParam(data.ReadParcelable<InstallParam>());
186 if (installParam == nullptr) {
187 APP_LOGE("ReadParcelable<InstallParam> failed");
188 return;
189 }
190 sptr<IRemoteObject> object = data.ReadObject<IRemoteObject>();
191 if (object == nullptr) {
192 APP_LOGE("read failed");
193 return;
194 }
195 sptr<IStatusReceiver> statusReceiver = iface_cast<IStatusReceiver>(object);
196
197 Uninstall(bundleName, *installParam, statusReceiver);
198 APP_LOGD("handle uninstall message finished");
199 }
200
HandleUninstallModuleMessage(Parcel & data)201 void BundleInstallerHost::HandleUninstallModuleMessage(Parcel &data)
202 {
203 APP_LOGD("handle uninstall module message");
204 std::string bundleName = Str16ToStr8(data.ReadString16());
205 std::string modulePackage = Str16ToStr8(data.ReadString16());
206 std::unique_ptr<InstallParam> installParam(data.ReadParcelable<InstallParam>());
207 if (installParam == nullptr) {
208 APP_LOGE("ReadParcelable<InstallParam> failed");
209 return;
210 }
211 sptr<IRemoteObject> object = data.ReadObject<IRemoteObject>();
212 if (object == nullptr) {
213 APP_LOGE("read failed");
214 return;
215 }
216 sptr<IStatusReceiver> statusReceiver = iface_cast<IStatusReceiver>(object);
217 Uninstall(bundleName, modulePackage, *installParam, statusReceiver);
218 APP_LOGD("handle uninstall message finished");
219 }
220
HandleUninstallByUninstallParam(Parcel & data)221 void BundleInstallerHost::HandleUninstallByUninstallParam(Parcel &data)
222 {
223 std::unique_ptr<UninstallParam> uninstallParam(data.ReadParcelable<UninstallParam>());
224 if (uninstallParam == nullptr) {
225 APP_LOGE("ReadParcelable<UninstallParam failed");
226 return;
227 }
228 sptr<IRemoteObject> object = data.ReadObject<IRemoteObject>();
229 if (object == nullptr) {
230 APP_LOGE("read failed");
231 return;
232 }
233 sptr<IStatusReceiver> statusReceiver = iface_cast<IStatusReceiver>(object);
234 Uninstall(*uninstallParam, statusReceiver);
235 }
236
HandleInstallSandboxApp(Parcel & data,Parcel & reply)237 void BundleInstallerHost::HandleInstallSandboxApp(Parcel &data, Parcel &reply)
238 {
239 APP_LOGD("handle install sandbox app message");
240 std::string bundleName = Str16ToStr8(data.ReadString16());
241 int32_t dplType = data.ReadInt32();
242 int32_t userId = data.ReadInt32();
243 int32_t appIndex = Constants::INITIAL_APP_INDEX;
244 auto ret = InstallSandboxApp(bundleName, dplType, userId, appIndex);
245 if (!reply.WriteInt32(ret)) {
246 APP_LOGE("write failed");
247 }
248 if (ret == ERR_OK && !reply.WriteInt32(appIndex)) {
249 APP_LOGE("write failed");
250 }
251 APP_LOGD("handle install sandbox app message finished");
252 }
253
HandleUninstallSandboxApp(Parcel & data,Parcel & reply)254 void BundleInstallerHost::HandleUninstallSandboxApp(Parcel &data, Parcel &reply)
255 {
256 APP_LOGD("handle install sandbox app message");
257 std::string bundleName = Str16ToStr8(data.ReadString16());
258 int32_t appIndex = data.ReadInt32();
259 int32_t userId = data.ReadInt32();
260 auto ret = UninstallSandboxApp(bundleName, appIndex, userId);
261 if (!reply.WriteInt32(ret)) {
262 APP_LOGE("write failed");
263 }
264 APP_LOGD("handle install sandbox app message finished");
265 }
266
HandleCreateStreamInstaller(Parcel & data,Parcel & reply)267 void BundleInstallerHost::HandleCreateStreamInstaller(Parcel &data, Parcel &reply)
268 {
269 APP_LOGD("handle create stream installer message begin");
270 std::unique_ptr<InstallParam> installParam(data.ReadParcelable<InstallParam>());
271 if (installParam == nullptr) {
272 APP_LOGE("ReadParcelable<InstallParam> failed");
273 return;
274 }
275 sptr<IRemoteObject> object = data.ReadObject<IRemoteObject>();
276 if (object == nullptr) {
277 reply.WriteBool(false);
278 APP_LOGE("read receiver failed");
279 return;
280 }
281 sptr<IStatusReceiver> statusReceiver = iface_cast<IStatusReceiver>(object);
282 if (statusReceiver == nullptr) {
283 reply.WriteBool(false);
284 APP_LOGE("cast remote object to status receiver error");
285 return;
286 }
287
288 sptr<IBundleStreamInstaller> streamInstaller = CreateStreamInstaller(*installParam, statusReceiver);
289 if (streamInstaller == nullptr) {
290 if (!reply.WriteBool(false)) {
291 APP_LOGE("write result failed");
292 }
293 return;
294 }
295 if (!reply.WriteBool(true)) {
296 APP_LOGE("write result failed");
297 return;
298 }
299 if (!reply.WriteUint32(streamInstaller->GetInstallerId())) {
300 APP_LOGE("write stream installe id failed");
301 return;
302 }
303 if (!reply.WriteRemoteObject(streamInstaller->AsObject())) {
304 APP_LOGE("write stream installer remote object failed");
305 return;
306 }
307
308 std::lock_guard<std::mutex> lock(streamInstallMutex_);
309 streamInstallers_.emplace_back(streamInstaller);
310 APP_LOGD("handle create stream installer message finish");
311 }
312
HandleDestoryBundleStreamInstaller(Parcel & data,Parcel & reply)313 void BundleInstallerHost::HandleDestoryBundleStreamInstaller(Parcel &data, Parcel &reply)
314 {
315 APP_LOGD("handle destory stream installer message begin");
316 uint32_t installeId = data.ReadUint32();
317 DestoryBundleStreamInstaller(installeId);
318 APP_LOGD("handle destoy stream installer message finish");
319 }
320
321
Install(const std::string & bundleFilePath,const InstallParam & installParam,const sptr<IStatusReceiver> & statusReceiver)322 bool BundleInstallerHost::Install(
323 const std::string &bundleFilePath, const InstallParam &installParam, const sptr<IStatusReceiver> &statusReceiver)
324 {
325 if (!CheckBundleInstallerManager(statusReceiver)) {
326 APP_LOGE("statusReceiver invalid");
327 return false;
328 }
329 if (!BundlePermissionMgr::VerifySystemApp(Constants::API_VERSION_NINE)) {
330 APP_LOGE("non-system app calling system api");
331 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
332 return false;
333 }
334 if (!BundlePermissionMgr::IsSelfCalling() &&
335 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_BUNDLE) &&
336 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_BUNDLE) &&
337 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) &&
338 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE)) {
339 APP_LOGE("install permission denied");
340 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
341 return false;
342 }
343
344 manager_->CreateInstallTask(bundleFilePath, installParam, statusReceiver);
345 return true;
346 }
347
Install(const std::vector<std::string> & bundleFilePaths,const InstallParam & installParam,const sptr<IStatusReceiver> & statusReceiver)348 bool BundleInstallerHost::Install(const std::vector<std::string> &bundleFilePaths, const InstallParam &installParam,
349 const sptr<IStatusReceiver> &statusReceiver)
350 {
351 if (!CheckBundleInstallerManager(statusReceiver)) {
352 APP_LOGE("statusReceiver invalid");
353 return false;
354 }
355 if (!BundlePermissionMgr::VerifySystemApp(Constants::API_VERSION_NINE)) {
356 APP_LOGE("non-system app calling system api");
357 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
358 return false;
359 }
360 if (!BundlePermissionMgr::IsSelfCalling() &&
361 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_BUNDLE) &&
362 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_BUNDLE) &&
363 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) &&
364 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE)) {
365 APP_LOGE("install permission denied");
366 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
367 return false;
368 }
369
370 manager_->CreateInstallTask(bundleFilePaths, installParam, statusReceiver);
371 return true;
372 }
373
Recover(const std::string & bundleName,const InstallParam & installParam,const sptr<IStatusReceiver> & statusReceiver)374 bool BundleInstallerHost::Recover(
375 const std::string &bundleName, const InstallParam &installParam, const sptr<IStatusReceiver> &statusReceiver)
376 {
377 if (!CheckBundleInstallerManager(statusReceiver)) {
378 APP_LOGE("statusReceiver invalid");
379 return false;
380 }
381 if (!BundlePermissionMgr::VerifySystemApp(Constants::API_VERSION_NINE)) {
382 APP_LOGE("non-system app calling system api");
383 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
384 return false;
385 }
386 if (!BundlePermissionMgr::VerifyRecoverPermission()) {
387 APP_LOGE("Recover permission denied");
388 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
389 return false;
390 }
391 manager_->CreateRecoverTask(bundleName, CheckInstallParam(installParam), statusReceiver);
392 return true;
393 }
394
Uninstall(const std::string & bundleName,const InstallParam & installParam,const sptr<IStatusReceiver> & statusReceiver)395 bool BundleInstallerHost::Uninstall(
396 const std::string &bundleName, const InstallParam &installParam, const sptr<IStatusReceiver> &statusReceiver)
397 {
398 if (!CheckBundleInstallerManager(statusReceiver)) {
399 APP_LOGE("statusReceiver invalid");
400 return false;
401 }
402 if (!BundlePermissionMgr::VerifySystemApp(Constants::API_VERSION_NINE)) {
403 APP_LOGE("non-system app calling system api");
404 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
405 return false;
406 }
407 if (!BundlePermissionMgr::VerifyUninstallPermission()) {
408 APP_LOGE("uninstall permission denied");
409 statusReceiver->OnFinished(ERR_APPEXECFWK_UNINSTALL_PERMISSION_DENIED, "");
410 return false;
411 }
412 manager_->CreateUninstallTask(bundleName, CheckInstallParam(installParam), statusReceiver);
413 return true;
414 }
415
Uninstall(const std::string & bundleName,const std::string & modulePackage,const InstallParam & installParam,const sptr<IStatusReceiver> & statusReceiver)416 bool BundleInstallerHost::Uninstall(const std::string &bundleName, const std::string &modulePackage,
417 const InstallParam &installParam, const sptr<IStatusReceiver> &statusReceiver)
418 {
419 if (!CheckBundleInstallerManager(statusReceiver)) {
420 APP_LOGE("statusReceiver invalid");
421 return false;
422 }
423 if (!BundlePermissionMgr::VerifySystemApp(Constants::API_VERSION_NINE)) {
424 APP_LOGE("non-system app calling system api");
425 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
426 return false;
427 }
428 if (!BundlePermissionMgr::VerifyUninstallPermission()) {
429 APP_LOGE("uninstall permission denied");
430 statusReceiver->OnFinished(ERR_APPEXECFWK_UNINSTALL_PERMISSION_DENIED, "");
431 return false;
432 }
433 manager_->CreateUninstallTask(
434 bundleName, modulePackage, CheckInstallParam(installParam), statusReceiver);
435 return true;
436 }
437
Uninstall(const UninstallParam & uninstallParam,const sptr<IStatusReceiver> & statusReceiver)438 bool BundleInstallerHost::Uninstall(const UninstallParam &uninstallParam,
439 const sptr<IStatusReceiver> &statusReceiver)
440 {
441 if (!CheckBundleInstallerManager(statusReceiver)) {
442 APP_LOGE("statusReceiver invalid");
443 return false;
444 }
445 if (!BundlePermissionMgr::VerifySystemApp()) {
446 APP_LOGE("non-system app calling system api");
447 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
448 return false;
449 }
450 if (!BundlePermissionMgr::VerifyUninstallPermission()) {
451 APP_LOGE("uninstall permission denied");
452 statusReceiver->OnFinished(ERR_APPEXECFWK_UNINSTALL_PERMISSION_DENIED, "");
453 return false;
454 }
455 manager_->CreateUninstallTask(uninstallParam, statusReceiver);
456 return true;
457 }
458
InstallByBundleName(const std::string & bundleName,const InstallParam & installParam,const sptr<IStatusReceiver> & statusReceiver)459 bool BundleInstallerHost::InstallByBundleName(const std::string &bundleName,
460 const InstallParam &installParam, const sptr<IStatusReceiver> &statusReceiver)
461 {
462 if (!CheckBundleInstallerManager(statusReceiver)) {
463 APP_LOGE("statusReceiver invalid");
464 return false;
465 }
466 if (!BundlePermissionMgr::VerifySystemApp(Constants::API_VERSION_NINE)) {
467 APP_LOGE("install permission denied");
468 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
469 return false;
470 }
471 if (!BundlePermissionMgr::IsSelfCalling() &&
472 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_BUNDLE) &&
473 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_BUNDLE) &&
474 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) &&
475 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE)) {
476 APP_LOGE("install permission denied");
477 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
478 return false;
479 }
480
481 manager_->CreateInstallByBundleNameTask(bundleName, CheckInstallParam(installParam), statusReceiver);
482 return true;
483 }
484
InstallSandboxApp(const std::string & bundleName,int32_t dplType,int32_t userId,int32_t & appIndex)485 ErrCode BundleInstallerHost::InstallSandboxApp(const std::string &bundleName, int32_t dplType, int32_t userId,
486 int32_t &appIndex)
487 {
488 if (bundleName.empty() || dplType <= LOWER_DLP_TYPE_BOUND || dplType >= UPPER_DLP_TYPE_BOUND) {
489 APP_LOGE("install sandbox failed due to error parameters");
490 return ERR_APPEXECFWK_SANDBOX_INSTALL_PARAM_ERROR;
491 }
492 if (!BundlePermissionMgr::IsNativeTokenType()) {
493 APP_LOGE("verify token type failed");
494 return false;
495 }
496 if (!BundlePermissionMgr::VerifyCallingPermission(Constants::PERMISSION_INSTALL_BUNDLE)) {
497 APP_LOGE("InstallSandboxApp permission denied");
498 return ERR_APPEXECFWK_PERMISSION_DENIED;
499 }
500 auto helper = DelayedSingleton<BundleSandboxAppHelper>::GetInstance();
501 if (helper == nullptr) {
502 return ERR_APPEXECFWK_SANDBOX_INSTALL_INTERNAL_ERROR;
503 }
504 auto res = helper->InstallSandboxApp(bundleName, dplType, userId, appIndex);
505 if (res != ERR_OK) {
506 APP_LOGE("install sandbox failed due to error code : %{public}d", res);
507 }
508 return res;
509 }
510
UninstallSandboxApp(const std::string & bundleName,int32_t appIndex,int32_t userId)511 ErrCode BundleInstallerHost::UninstallSandboxApp(const std::string &bundleName, int32_t appIndex, int32_t userId)
512 {
513 // check bundle name
514 if (bundleName.empty()) {
515 APP_LOGE("uninstall sandbox failed due to empty bundleName");
516 return ERR_APPEXECFWK_SANDBOX_INSTALL_PARAM_ERROR;
517 }
518 // check appIndex
519 if (appIndex <= INVALID_APP_INDEX || appIndex > Constants::MAX_APP_INDEX) {
520 APP_LOGE("the appIndex %{public}d is invalid", appIndex);
521 return ERR_APPEXECFWK_SANDBOX_INSTALL_PARAM_ERROR;
522 }
523 if (!BundlePermissionMgr::IsNativeTokenType()) {
524 APP_LOGE("verify token type failed");
525 return false;
526 }
527 if (!BundlePermissionMgr::VerifyCallingPermission(Constants::PERMISSION_INSTALL_BUNDLE)) {
528 APP_LOGE("UninstallSandboxApp permission denied");
529 return ERR_APPEXECFWK_PERMISSION_DENIED;
530 }
531 auto helper = DelayedSingleton<BundleSandboxAppHelper>::GetInstance();
532 if (helper == nullptr) {
533 return ERR_APPEXECFWK_SANDBOX_INSTALL_INTERNAL_ERROR;
534 }
535 auto res = helper->UninstallSandboxApp(bundleName, appIndex, userId);
536 if (res != ERR_OK) {
537 APP_LOGE("uninstall sandbox failed due to error code : %{public}d", res);
538 }
539 return res;
540 }
541
StreamInstall(const std::vector<std::string> & bundleFilePaths,const InstallParam & installParam,const sptr<IStatusReceiver> & statusReceiver)542 ErrCode BundleInstallerHost::StreamInstall(const std::vector<std::string> &bundleFilePaths,
543 const InstallParam &installParam, const sptr<IStatusReceiver> &statusReceiver)
544 {
545 return ERR_OK;
546 }
547
CreateStreamInstaller(const InstallParam & installParam,const sptr<IStatusReceiver> & statusReceiver)548 sptr<IBundleStreamInstaller> BundleInstallerHost::CreateStreamInstaller(const InstallParam &installParam,
549 const sptr<IStatusReceiver> &statusReceiver)
550 {
551 if (!CheckBundleInstallerManager(statusReceiver)) {
552 APP_LOGE("statusReceiver invalid");
553 return nullptr;
554 }
555 if (!BundlePermissionMgr::VerifySystemApp()) {
556 APP_LOGE("Uninstall permission denied");
557 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
558 return nullptr;
559 }
560 InstallParam verifiedInstallParam = installParam;
561 if (!IsPermissionVaild(installParam, verifiedInstallParam)) {
562 APP_LOGE("install permission denied");
563 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
564 return nullptr;
565 }
566 auto uid = IPCSkeleton::GetCallingUid();
567 sptr<BundleStreamInstallerHostImpl> streamInstaller(new (std::nothrow) BundleStreamInstallerHostImpl(
568 ++streamInstallerIds_, uid));
569 if (streamInstaller == nullptr) {
570 APP_LOGE("streamInstaller is nullptr");
571 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_INTERNAL_ERROR, "");
572 return nullptr;
573 }
574 bool res = streamInstaller->Init(verifiedInstallParam, statusReceiver);
575 if (!res) {
576 APP_LOGE("stream installer init failed");
577 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_INTERNAL_ERROR, "");
578 return nullptr;
579 }
580 return streamInstaller;
581 }
582
IsPermissionVaild(const InstallParam & installParam,InstallParam & verifiedInstallParam)583 bool BundleInstallerHost::IsPermissionVaild(const InstallParam &installParam, InstallParam &verifiedInstallParam)
584 {
585 verifiedInstallParam.isCallByShell = BundlePermissionMgr::IsNativeTokenType();
586 verifiedInstallParam.installBundlePermissionStatus =
587 BundlePermissionMgr::VerifyCallingPermission(Constants::PERMISSION_INSTALL_BUNDLE) ?
588 PermissionStatus::HAVE_PERMISSION_STATUS : PermissionStatus::NON_HAVE_PERMISSION_STATUS;
589 verifiedInstallParam.installEnterpriseBundlePermissionStatus =
590 BundlePermissionMgr::VerifyCallingPermission(Constants::PERMISSION_INSTALL_ENTERPRISE_BUNDLE) ?
591 PermissionStatus::HAVE_PERMISSION_STATUS : PermissionStatus::NON_HAVE_PERMISSION_STATUS;
592 verifiedInstallParam.installEtpNormalBundlePermissionStatus =
593 BundlePermissionMgr::VerifyCallingPermission(Constants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) ?
594 PermissionStatus::HAVE_PERMISSION_STATUS : PermissionStatus::NON_HAVE_PERMISSION_STATUS;
595 verifiedInstallParam.installEtpMdmBundlePermissionStatus =
596 BundlePermissionMgr::VerifyCallingPermission(Constants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE) ?
597 PermissionStatus::HAVE_PERMISSION_STATUS : PermissionStatus::NON_HAVE_PERMISSION_STATUS;
598 verifiedInstallParam.installUpdateSelfBundlePermissionStatus =
599 BundlePermissionMgr::VerifyCallingPermission(Constants::PERMISSION_INSTALL_SELF_BUNDLE) ?
600 PermissionStatus::HAVE_PERMISSION_STATUS : PermissionStatus::NON_HAVE_PERMISSION_STATUS;
601 return (verifiedInstallParam.installBundlePermissionStatus == PermissionStatus::HAVE_PERMISSION_STATUS ||
602 verifiedInstallParam.installEnterpriseBundlePermissionStatus == PermissionStatus::HAVE_PERMISSION_STATUS ||
603 verifiedInstallParam.installEtpNormalBundlePermissionStatus == PermissionStatus::HAVE_PERMISSION_STATUS ||
604 verifiedInstallParam.installEtpMdmBundlePermissionStatus == PermissionStatus::HAVE_PERMISSION_STATUS ||
605 verifiedInstallParam.installUpdateSelfBundlePermissionStatus == PermissionStatus::HAVE_PERMISSION_STATUS);
606 }
607
DestoryBundleStreamInstaller(uint32_t streamInstallerId)608 bool BundleInstallerHost::DestoryBundleStreamInstaller(uint32_t streamInstallerId)
609 {
610 if (!BundlePermissionMgr::VerifySystemApp()) {
611 APP_LOGE("Uninstall permission denied");
612 return false;
613 }
614 if (!BundlePermissionMgr::VerifyCallingPermission(Constants::PERMISSION_INSTALL_BUNDLE) &&
615 !BundlePermissionMgr::VerifyCallingPermission(Constants::PERMISSION_INSTALL_ENTERPRISE_BUNDLE) &&
616 !BundlePermissionMgr::VerifyCallingPermission(Constants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) &&
617 !BundlePermissionMgr::VerifyCallingPermission(Constants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE)) {
618 APP_LOGE("install permission denied");
619 return false;
620 }
621 std::lock_guard<std::mutex> lock(streamInstallMutex_);
622 for (auto it = streamInstallers_.begin(); it != streamInstallers_.end();) {
623 if ((*it)->GetInstallerId() == streamInstallerId) {
624 (*it)->UnInit();
625 it = streamInstallers_.erase(it);
626 } else {
627 it++;
628 }
629 }
630 return true;
631 }
632
CheckBundleInstallerManager(const sptr<IStatusReceiver> & statusReceiver) const633 bool BundleInstallerHost::CheckBundleInstallerManager(const sptr<IStatusReceiver> &statusReceiver) const
634 {
635 if (statusReceiver == nullptr) {
636 APP_LOGE("the receiver is nullptr");
637 return false;
638 }
639 if (manager_ == nullptr) {
640 APP_LOGE("the bundle installer manager is nullptr");
641 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_INTERNAL_ERROR, GET_MANAGER_FAIL);
642 return false;
643 }
644 return true;
645 }
646
CheckInstallParam(const InstallParam & installParam)647 InstallParam BundleInstallerHost::CheckInstallParam(const InstallParam &installParam)
648 {
649 if (installParam.userId == Constants::UNSPECIFIED_USERID) {
650 APP_LOGI("installParam userId is unspecified and get calling userId by callingUid");
651 InstallParam callInstallParam = installParam;
652 callInstallParam.userId = BundleUtil::GetUserIdByCallingUid();
653 return callInstallParam;
654 }
655
656 return installParam;
657 }
658
UpdateBundleForSelf(const std::vector<std::string> & bundleFilePaths,const InstallParam & installParam,const sptr<IStatusReceiver> & statusReceiver)659 bool BundleInstallerHost::UpdateBundleForSelf(const std::vector<std::string> &bundleFilePaths,
660 const InstallParam &installParam, const sptr<IStatusReceiver> &statusReceiver)
661 {
662 if (!CheckBundleInstallerManager(statusReceiver)) {
663 APP_LOGE("statusReceiver invalid");
664 return false;
665 }
666 if (!BundlePermissionMgr::VerifySystemApp()) {
667 APP_LOGE("install permission denied");
668 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
669 return false;
670 }
671 if (!BundlePermissionMgr::IsSelfCalling() &&
672 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_SELF_BUNDLE)) {
673 APP_LOGE("install permission denied");
674 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
675 return false;
676 }
677 manager_->CreateInstallTask(bundleFilePaths, installParam, statusReceiver);
678 return true;
679 }
680 } // namespace AppExecFwk
681 } // namespace OHOS