1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "app_control_manager_host_impl.h"
17
18 #include "app_log_wrapper.h"
19 #include "appexecfwk_errors.h"
20 #include "app_control_constants.h"
21 #include "bundle_mgr_service.h"
22 #include "bundle_permission_mgr.h"
23 #include "ipc_skeleton.h"
24
25 namespace OHOS {
26 namespace AppExecFwk {
27 namespace {
28 const std::string PERMISSION_DISPOSED_STATUS = "ohos.permission.MANAGE_DISPOSED_APP_STATUS";
29 }
AppControlManagerHostImpl()30 AppControlManagerHostImpl::AppControlManagerHostImpl()
31 {
32 appControlManager_ = DelayedSingleton<AppControlManager>::GetInstance();
33 dataMgr_ = DelayedSingleton<BundleMgrService>::GetInstance()->GetDataMgr();
34 callingNameMap_ = {
35 {AppControlConstants::EDM_UID, AppControlConstants::EDM_CALLING}
36 };
37 ruleTypeMap_ = {
38 {AppInstallControlRuleType::DISALLOWED_UNINSTALL, AppControlConstants::APP_DISALLOWED_UNINSTALL},
39 {AppInstallControlRuleType::ALLOWED_INSTALL, AppControlConstants::APP_ALLOWED_INSTALL},
40 {AppInstallControlRuleType::DISALLOWED_INSTALL, AppControlConstants::APP_DISALLOWED_INSTALL}
41 };
42 }
43
~AppControlManagerHostImpl()44 AppControlManagerHostImpl::~AppControlManagerHostImpl()
45 {
46 }
47
AddAppInstallControlRule(const std::vector<std::string> & appIds,const AppInstallControlRuleType controlRuleType,int32_t userId)48 ErrCode AppControlManagerHostImpl::AddAppInstallControlRule(const std::vector<std::string> &appIds,
49 const AppInstallControlRuleType controlRuleType, int32_t userId)
50 {
51 APP_LOGD("AddAppInstallControlRule start");
52 std::string callingName = GetCallingName();
53 std::string ruleType = GetControlRuleType(controlRuleType);
54 if (callingName.empty()) {
55 APP_LOGE("callingName is invalid");
56 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
57 }
58 if (ruleType.empty()) {
59 APP_LOGE("controlRuleType is invalid");
60 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
61 }
62 auto ret = appControlManager_->AddAppInstallControlRule(callingName, appIds, ruleType, userId);
63 if (ret != ERR_OK) {
64 APP_LOGE("AddAppInstallControlRule failed due to error %{public}d", ret);
65 return ret;
66 }
67 if (ruleType == AppControlConstants::APP_DISALLOWED_UNINSTALL) {
68 UpdateAppControlledInfo(userId);
69 }
70 return ERR_OK;
71 }
72
DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,const std::vector<std::string> & appIds,int32_t userId)73 ErrCode AppControlManagerHostImpl::DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,
74 const std::vector<std::string> &appIds, int32_t userId)
75 {
76 APP_LOGD("DeleteAppInstallControlRule start");
77 std::string ruleType = GetControlRuleType(controlRuleType);
78 if (ruleType.empty()) {
79 APP_LOGE("controlRuleType is invalid");
80 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
81 }
82 std::string callingName = GetCallingName();
83 if (callingName.empty()) {
84 APP_LOGE("callingName is invalid");
85 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
86 }
87 auto ret = appControlManager_->DeleteAppInstallControlRule(callingName, ruleType, appIds, userId);
88 if (ret != ERR_OK) {
89 APP_LOGE("DeleteAppInstallControlRule failed due to error %{public}d", ret);
90 return ret;
91 }
92 if (ruleType == AppControlConstants::APP_DISALLOWED_UNINSTALL) {
93 UpdateAppControlledInfo(userId);
94 }
95 return ERR_OK;
96 }
97
DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,int32_t userId)98 ErrCode AppControlManagerHostImpl::DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,
99 int32_t userId)
100 {
101 APP_LOGD("CleanAppInstallControlRule start");
102 std::string callingName = GetCallingName();
103 std::string ruleType = GetControlRuleType(controlRuleType);
104 if (callingName.empty()) {
105 APP_LOGE("callingName is invalid");
106 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
107 }
108 if (ruleType.empty()) {
109 APP_LOGE("controlRuleType is invalid");
110 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
111 }
112 auto ret = appControlManager_->DeleteAppInstallControlRule(callingName, ruleType, userId);
113 if (ret != ERR_OK) {
114 APP_LOGE("CleanAppInstallControlRule failed due to error %{public}d", ret);
115 return ret;
116 }
117 if (ruleType == AppControlConstants::APP_DISALLOWED_UNINSTALL) {
118 UpdateAppControlledInfo(userId);
119 }
120 return ERR_OK;
121 }
122
GetAppInstallControlRule(const AppInstallControlRuleType controlRuleType,int32_t userId,std::vector<std::string> & appIds)123 ErrCode AppControlManagerHostImpl::GetAppInstallControlRule(
124 const AppInstallControlRuleType controlRuleType, int32_t userId, std::vector<std::string> &appIds)
125 {
126 APP_LOGD("GetAppInstallControlRule start");
127 std::string callingName = GetCallingName();
128 std::string ruleType = GetControlRuleType(controlRuleType);
129 if (callingName.empty()) {
130 APP_LOGE("callingName is invalid");
131 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
132 }
133 if (ruleType.empty()) {
134 APP_LOGE("controlRuleType is invalid");
135 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
136 }
137
138 return appControlManager_->GetAppInstallControlRule(callingName, ruleType, userId, appIds);
139 }
140
AddAppRunningControlRule(const std::vector<AppRunningControlRule> & controlRules,int32_t userId)141 ErrCode AppControlManagerHostImpl::AddAppRunningControlRule(
142 const std::vector<AppRunningControlRule> &controlRules, int32_t userId)
143 {
144 std::string callingName = GetCallingName();
145 if (callingName.empty()) {
146 APP_LOGE("callingName is invalid");
147 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
148 }
149 return appControlManager_->AddAppRunningControlRule(callingName, controlRules, userId);
150 }
151
DeleteAppRunningControlRule(const std::vector<AppRunningControlRule> & controlRules,int32_t userId)152 ErrCode AppControlManagerHostImpl::DeleteAppRunningControlRule(
153 const std::vector<AppRunningControlRule> &controlRules, int32_t userId)
154 {
155 std::string callingName = GetCallingName();
156 if (callingName.empty()) {
157 APP_LOGE("callingName is invalid");
158 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
159 }
160 return appControlManager_->DeleteAppRunningControlRule(callingName, controlRules, userId);
161 }
162
DeleteAppRunningControlRule(int32_t userId)163 ErrCode AppControlManagerHostImpl::DeleteAppRunningControlRule(int32_t userId)
164 {
165 std::string callingName = GetCallingName();
166 if (callingName.empty()) {
167 APP_LOGE("callingName is invalid");
168 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
169 }
170 return appControlManager_->DeleteAppRunningControlRule(callingName, userId);
171 }
172
GetAppRunningControlRule(int32_t userId,std::vector<std::string> & appIds)173 ErrCode AppControlManagerHostImpl::GetAppRunningControlRule(int32_t userId, std::vector<std::string> &appIds)
174 {
175 std::string callingName = GetCallingName();
176 if (callingName.empty()) {
177 APP_LOGE("callingName is invalid");
178 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
179 }
180 return appControlManager_->GetAppRunningControlRule(callingName, userId, appIds);
181 }
182
GetAppRunningControlRule(const std::string & bundleName,int32_t userId,AppRunningControlRuleResult & controlRuleResult)183 ErrCode AppControlManagerHostImpl::GetAppRunningControlRule(
184 const std::string &bundleName, int32_t userId, AppRunningControlRuleResult &controlRuleResult)
185 {
186 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
187 if (uid != AppControlConstants::FOUNDATION_UID) {
188 APP_LOGW("calling permission denied, uid : %{public}d", uid);
189 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
190 }
191 return appControlManager_->GetAppRunningControlRule(bundleName, userId, controlRuleResult);
192 }
193
ConfirmAppJumpControlRule(const std::string & callerBundleName,const std::string & targetBundleName,int32_t userId)194 ErrCode AppControlManagerHostImpl::ConfirmAppJumpControlRule(const std::string &callerBundleName,
195 const std::string &targetBundleName, int32_t userId)
196 {
197 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
198 if (uid != AppControlConstants::FOUNDATION_UID) {
199 APP_LOGE("callingName is invalid, uid : %{public}d", uid);
200 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
201 }
202 return appControlManager_->ConfirmAppJumpControlRule(callerBundleName, targetBundleName, userId);
203 }
204
AddAppJumpControlRule(const std::vector<AppJumpControlRule> & controlRules,int32_t userId)205 ErrCode AppControlManagerHostImpl::AddAppJumpControlRule(const std::vector<AppJumpControlRule> &controlRules,
206 int32_t userId)
207 {
208 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
209 if (uid != AppControlConstants::FOUNDATION_UID) {
210 APP_LOGE("callingName is invalid, uid : %{public}d", uid);
211 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
212 }
213 return appControlManager_->AddAppJumpControlRule(controlRules, userId);
214 }
215
DeleteAppJumpControlRule(const std::vector<AppJumpControlRule> & controlRules,int32_t userId)216 ErrCode AppControlManagerHostImpl::DeleteAppJumpControlRule(const std::vector<AppJumpControlRule> &controlRules,
217 int32_t userId)
218 {
219 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
220 if (uid != AppControlConstants::FOUNDATION_UID) {
221 APP_LOGE("callingName is invalid, uid : %{public}d", uid);
222 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
223 }
224 return appControlManager_->DeleteAppJumpControlRule(controlRules, userId);
225 }
226
DeleteRuleByCallerBundleName(const std::string & callerBundleName,int32_t userId)227 ErrCode AppControlManagerHostImpl::DeleteRuleByCallerBundleName(const std::string &callerBundleName, int32_t userId)
228 {
229 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
230 if (uid != AppControlConstants::FOUNDATION_UID) {
231 APP_LOGE("callingName is invalid, uid : %{public}d", uid);
232 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
233 }
234 return appControlManager_->DeleteRuleByCallerBundleName(callerBundleName, userId);
235 }
236
DeleteRuleByTargetBundleName(const std::string & targetBundleName,int32_t userId)237 ErrCode AppControlManagerHostImpl::DeleteRuleByTargetBundleName(const std::string &targetBundleName, int32_t userId)
238 {
239 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
240 if (uid != AppControlConstants::FOUNDATION_UID) {
241 APP_LOGE("callingName is invalid, uid : %{public}d", uid);
242 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
243 }
244 return appControlManager_->DeleteRuleByTargetBundleName(targetBundleName, userId);
245 }
246
GetAppJumpControlRule(const std::string & callerBundleName,const std::string & targetBundleName,int32_t userId,AppJumpControlRule & controlRule)247 ErrCode AppControlManagerHostImpl::GetAppJumpControlRule(const std::string &callerBundleName,
248 const std::string &targetBundleName, int32_t userId, AppJumpControlRule &controlRule)
249 {
250 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
251 if (uid != AppControlConstants::FOUNDATION_UID) {
252 APP_LOGW("calling permission denied, uid : %{public}d", uid);
253 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
254 }
255 return appControlManager_->GetAppJumpControlRule(callerBundleName, targetBundleName, userId, controlRule);
256 }
257
GetCallingName()258 std::string AppControlManagerHostImpl::GetCallingName()
259 {
260 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
261 auto item = callingNameMap_.find(uid);
262 if (item == callingNameMap_.end()) {
263 APP_LOGW("calling uid is invalid, uid : %{public}d", uid);
264 return "";
265 }
266 return item->second;
267 }
268
GetControlRuleType(const AppInstallControlRuleType controlRuleType)269 std::string AppControlManagerHostImpl::GetControlRuleType(const AppInstallControlRuleType controlRuleType)
270 {
271 auto item = ruleTypeMap_.find(controlRuleType);
272 if (item == ruleTypeMap_.end()) {
273 APP_LOGW("controlRuleType:%{public}d is invalid", static_cast<int32_t>(controlRuleType));
274 return "";
275 }
276 return item->second;
277 }
278
GetCallingUserId()279 int32_t AppControlManagerHostImpl::GetCallingUserId()
280 {
281 return OHOS::IPCSkeleton::GetCallingUid() / Constants::BASE_USER_RANGE;
282 }
283
SetDisposedStatus(const std::string & appId,const Want & want,int32_t userId)284 ErrCode AppControlManagerHostImpl::SetDisposedStatus(const std::string &appId, const Want &want, int32_t userId)
285 {
286 APP_LOGD("host begin to SetDisposedStatus");
287 if (!BundlePermissionMgr::IsSystemApp()) {
288 APP_LOGE("non-system app calling system api");
289 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
290 }
291 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
292 APP_LOGW("verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
293 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
294 }
295 if (userId == Constants::UNSPECIFIED_USERID) {
296 userId = GetCallingUserId();
297 }
298 ErrCode ret = appControlManager_->SetDisposedStatus(appId, want, userId);
299 if (ret != ERR_OK) {
300 APP_LOGW("host SetDisposedStatus error:%{public}d", ret);
301 }
302 return ret;
303 }
304
DeleteDisposedStatus(const std::string & appId,int32_t userId)305 ErrCode AppControlManagerHostImpl::DeleteDisposedStatus(const std::string &appId, int32_t userId)
306 {
307 APP_LOGD("host begin to DeleteDisposedStatus");
308 if (!BundlePermissionMgr::IsSystemApp()) {
309 APP_LOGE("non-system app calling system api");
310 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
311 }
312 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
313 APP_LOGW("verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
314 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
315 }
316 if (userId == Constants::UNSPECIFIED_USERID) {
317 userId = GetCallingUserId();
318 }
319 ErrCode ret = appControlManager_->DeleteDisposedStatus(appId, userId);
320 if (ret != ERR_OK) {
321 APP_LOGW("host DeletetDisposedStatus error:%{public}d", ret);
322 }
323 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
324 std::string callerName;
325 GetCallerByUid(uid, callerName);
326 if (userId == Constants::UNSPECIFIED_USERID) {
327 userId = GetCallingUserId();
328 }
329 ret = appControlManager_->DeleteDisposedRule(callerName, appId, userId);
330
331 return ret;
332 }
333
GetDisposedStatus(const std::string & appId,Want & want,int32_t userId)334 ErrCode AppControlManagerHostImpl::GetDisposedStatus(const std::string &appId, Want &want, int32_t userId)
335 {
336 APP_LOGD("host begin to GetDisposedStatus");
337 if (!BundlePermissionMgr::IsSystemApp()) {
338 APP_LOGE("non-system app calling system api");
339 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
340 }
341 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
342 APP_LOGW("verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
343 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
344 }
345 if (userId == Constants::UNSPECIFIED_USERID) {
346 userId = GetCallingUserId();
347 }
348 ErrCode ret = appControlManager_->GetDisposedStatus(appId, want, userId);
349 if (ret != ERR_OK) {
350 APP_LOGW("host GetDisposedStatus error:%{public}d", ret);
351 }
352 return ret;
353 }
354
UpdateAppControlledInfo(int32_t userId) const355 void AppControlManagerHostImpl::UpdateAppControlledInfo(int32_t userId) const
356 {
357 APP_LOGD("start to UpdateAppControlledInfo under userId %{public}d", userId);
358 std::vector<std::string> appIds;
359 ErrCode ret = appControlManager_->GetAppInstallControlRule(AppControlConstants::EDM_CALLING,
360 AppControlConstants::APP_DISALLOWED_UNINSTALL, userId, appIds);
361 if (ret != ERR_OK) {
362 APP_LOGW("no need to update app controlled info due to GetAppInstallControlRule failed code:%{public}d", ret);
363 return;
364 }
365 auto bundleInfos = dataMgr_->GetAllInnerBundleInfos();
366 for (const auto &info : bundleInfos) {
367 InnerBundleUserInfo userInfo;
368 if (!info.second.GetInnerBundleUserInfo(userId, userInfo)) {
369 APP_LOGW("current bundle (%{public}s) is not installed at current userId (%{public}d)",
370 info.first.c_str(), userId);
371 continue;
372 }
373 auto iterator = std::find(appIds.begin(), appIds.end(), info.second.GetAppId());
374 userInfo.isRemovable = (iterator != appIds.end()) ? false : true;
375 dataMgr_->AddInnerBundleUserInfo(info.first, userInfo);
376 }
377 }
378
GetCallerByUid(const int32_t uid,std::string & callerName)379 void AppControlManagerHostImpl::GetCallerByUid(const int32_t uid, std::string &callerName)
380 {
381 auto item = callingNameMap_.find(uid);
382 if (item != callingNameMap_.end()) {
383 callerName = item->second;
384 return;
385 }
386 auto ret = dataMgr_->GetNameForUid(uid, callerName);
387 if (ret != ERR_OK) {
388 APP_LOGW("caller not recognized");
389 callerName = std::to_string(uid);
390 }
391 }
392
GetDisposedRule(const std::string & appId,DisposedRule & rule,int32_t userId)393 ErrCode AppControlManagerHostImpl::GetDisposedRule(const std::string &appId, DisposedRule &rule, int32_t userId)
394 {
395 APP_LOGD("host begin to GetDisposedRule");
396 if (!BundlePermissionMgr::IsSystemApp()) {
397 APP_LOGE("non-system app calling system api");
398 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
399 }
400 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
401 APP_LOGW("verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
402 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
403 }
404
405 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
406 std::string callerName;
407 GetCallerByUid(uid, callerName);
408 if (userId == Constants::UNSPECIFIED_USERID) {
409 userId = GetCallingUserId();
410 }
411 auto ret = appControlManager_->GetDisposedRule(callerName, appId, rule, userId);
412 if (ret != ERR_OK) {
413 APP_LOGW("host GetDisposedStatus error:%{public}d", ret);
414 }
415 return ret;
416 }
417
SetDisposedRule(const std::string & appId,DisposedRule & rule,int32_t userId)418 ErrCode AppControlManagerHostImpl::SetDisposedRule(const std::string &appId, DisposedRule &rule, int32_t userId)
419 {
420 APP_LOGD("host begin to SetDisposedRule");
421 if (!BundlePermissionMgr::IsSystemApp()) {
422 APP_LOGE("non-system app calling system api");
423 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
424 }
425 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
426 APP_LOGW("verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
427 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
428 }
429
430 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
431 std::string callerName;
432 GetCallerByUid(uid, callerName);
433 if (uid == AppControlConstants::EDM_UID) {
434 rule.isEdm = true;
435 }
436 if (userId == Constants::UNSPECIFIED_USERID) {
437 userId = GetCallingUserId();
438 }
439 auto ret = appControlManager_->SetDisposedRule(callerName, appId, rule, userId);
440 if (ret != ERR_OK) {
441 APP_LOGW("host GetDisposedStatus error:%{public}d", ret);
442 }
443 return ret;
444 }
445
GetAbilityRunningControlRule(const std::string & bundleName,int32_t userId,std::vector<DisposedRule> & disposedRules)446 ErrCode AppControlManagerHostImpl::GetAbilityRunningControlRule(
447 const std::string &bundleName, int32_t userId, std::vector<DisposedRule>& disposedRules)
448 {
449 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
450 if (uid != AppControlConstants::FOUNDATION_UID) {
451 APP_LOGE("callingName is invalid, uid : %{public}d", uid);
452 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
453 }
454 return appControlManager_->GetAbilityRunningControlRule(bundleName, userId, disposedRules);
455 }
456 } // AppExecFwk
457 } // OHOS