• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *    http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "cm_ipc_service.h"
17 
18 #include "cm_log.h"
19 #include "cm_mem.h"
20 #include "cm_ipc_service_serialization.h"
21 
22 #include "cm_param.h"
23 #include "cm_pfx.h"
24 #include "cm_report_wrapper.h"
25 #include "cm_response.h"
26 #include "cm_security_guard_info.h"
27 #include "cm_type.h"
28 
29 #include "cert_manager.h"
30 #include "cert_manager_check.h"
31 #include "cert_manager_key_operation.h"
32 #include "cert_manager_permission_check.h"
33 #include "cert_manager_query.h"
34 #include "cert_manager_service.h"
35 #include "cert_manager_status.h"
36 #include "cert_manager_uri.h"
37 #include "cert_manager_updateflag.h"
38 #include "cert_manager_storage.h"
39 #include "cert_manager_file_operator.h"
40 
41 #define MAX_LEN_CERTIFICATE     8196
42 #define INIT_INVALID_VALUE      0xFFFFFFFF
43 
GetInputParams(const struct CmBlob * paramSetBlob,struct CmParamSet ** paramSet,struct CmContext * cmContext,struct CmParamOut * params,uint32_t paramsCount)44 static int32_t GetInputParams(const struct CmBlob *paramSetBlob, struct CmParamSet **paramSet,
45     struct CmContext *cmContext, struct CmParamOut *params, uint32_t paramsCount)
46 {
47     int32_t ret = CmGetProcessInfoForIPC(cmContext);
48     if (ret != CM_SUCCESS) {
49         CM_LOG_E("get ipc info failed, ret = %d", ret);
50         return ret;
51     }
52 
53     /* The paramSet blob pointer needs to be refreshed across processes. */
54     ret = CmGetParamSet((struct CmParamSet *)paramSetBlob->data, paramSetBlob->size, paramSet);
55     if (ret != CM_SUCCESS) {
56         CM_LOG_E("get paramSet failed, ret = %d", ret);
57         return ret;
58     }
59 
60     ret = CmParamSetToParams(*paramSet, params, paramsCount);
61     if (ret != CM_SUCCESS) {
62         CM_LOG_E("get params from paramSet failed, ret = %d", ret);
63         CmFreeParamSet(paramSet); /* if success no need free paramSet */
64     }
65 
66     return ret;
67 }
68 
CmIpcServiceGetCertificateList(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)69 void CmIpcServiceGetCertificateList(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
70     const struct CmContext *context)
71 {
72     int32_t ret;
73     uint32_t store;
74     struct CmContext cmContext = {0};
75     struct CmMutableBlob certFileList = { 0, NULL };
76     struct CmParamSet *paramSet = NULL;
77     struct CmParamOut params[] = {
78         { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
79     };
80 
81     do {
82         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
83         if (ret != CM_SUCCESS) {
84             CM_LOG_E("GetCaCertList get input params failed, ret = %d", ret);
85             break;
86         }
87 
88         ret = CmServiceGetSystemCertListCheck(store);
89         if (ret != CM_SUCCESS) {
90             CM_LOG_E("CmIpcServiceGetSystemCertCheck fail, ret = %d", ret);
91             break;
92         }
93 
94         ret = CmServiceGetCertList(&cmContext, store, &certFileList);
95         if (ret != CM_SUCCESS) {
96             CM_LOG_E("get cert list failed, ret = %d", ret);
97             break;
98         }
99 
100         ret = CmServiceGetCertListPack(&cmContext, store, &certFileList, outData);
101         if (ret != CM_SUCCESS) {
102             CM_LOG_E("cert list data pack fail, ret = %d", ret);
103             break;
104         }
105 
106         CmSendResponse(context, ret, outData);
107     } while (0);
108 
109     if (ret != CM_SUCCESS) {
110         CmSendResponse(context, ret, NULL);
111     }
112 
113     if (certFileList.data != NULL) {
114         CmFreeCertFiles((struct CertFileInfo *)certFileList.data, certFileList.size);
115     }
116     CmFreeParamSet(&paramSet);
117 }
118 
CmIpcServiceGetCertificateInfo(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)119 void CmIpcServiceGetCertificateInfo(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
120     const struct CmContext *context)
121 {
122     int32_t ret;
123     uint32_t status = 0;
124     uint32_t store;
125     struct CmContext cmContext = {0};
126     struct CmBlob certificateData = { 0, NULL };
127     struct CmBlob certUri = { 0, NULL };
128     struct CmParamSet *paramSet = NULL;
129     struct CmParamOut params[] = {
130         { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri},
131         { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store},
132     };
133 
134     do {
135         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
136         if (ret != CM_SUCCESS) {
137             CM_LOG_E("GetUserCertInfo get input params failed, ret = %d", ret);
138             break;
139         }
140 
141         ret = CmServiceGetSystemCertCheck(store, &certUri);
142         if (ret != CM_SUCCESS) {
143             CM_LOG_E("CmServiceGetSystemCertCheck failed, ret = %d", ret);
144             break;
145         }
146 
147         ret = CmServiceGetCertInfo(&cmContext, &certUri, store, &certificateData, &status);
148         if (ret != CM_SUCCESS) {
149             CM_LOG_E("get cert info failed, ret = %d", ret);
150             break;
151         }
152 
153         ret = CmServiceGetCertInfoPack(store, &certificateData, status, &certUri, outData);
154         if (ret != CM_SUCCESS) {
155             CM_LOG_E("cert info data pack failed, ret = %d", ret);
156             break;
157         }
158 
159         CmSendResponse(context, ret, outData);
160     } while (0);
161 
162     if (ret != CM_SUCCESS) {
163         CmSendResponse(context, ret, NULL);
164     }
165     CM_FREE_BLOB(certificateData);
166     CmFreeParamSet(&paramSet);
167 }
168 
CmIpcServiceSetCertStatus(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)169 void CmIpcServiceSetCertStatus(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
170     const struct CmContext *context)
171 {
172     int32_t ret;
173     uint32_t store = CM_SYSTEM_TRUSTED_STORE;
174     uint32_t status = INIT_INVALID_VALUE;
175     struct CmContext cmContext = {0};
176     struct CmBlob certUri = { 0, NULL };
177     struct CmParamSet *paramSet = NULL;
178     struct CmParamOut params[] = {
179         { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri},
180         { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store},
181         { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &status},
182     };
183 
184     do {
185         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
186         if (ret != CM_SUCCESS) {
187             CM_LOG_E("SetUserCertStatus get input params failed, ret = %d", ret);
188             break;
189         }
190 
191         ret = CmServiceSetCertStatusCheck(store, &certUri, status);
192         if (ret != CM_SUCCESS) {
193             CM_LOG_E("CmServiceSetCertStatusCheck check failed, ret = %d", ret);
194             break;
195         }
196 
197         ret = CmServiceSetCertStatus(&cmContext, &certUri, store, status);
198         if (ret != CM_SUCCESS) {
199             CM_LOG_E("set system cert status failed, ret = %d", ret);
200             break;
201         }
202     } while (0);
203 
204     CmSendResponse(context, ret, NULL);
205     CmReportSGSetCertStatus(&certUri, store, status, ret);
206     CmFreeParamSet(&paramSet);
207     CM_LOG_D("CmIpcServiceSetCertStatus end:%d", ret);
208 }
209 
CmIpcServiceInstallAppCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)210 void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
211     const struct CmContext *context)
212 {
213     struct CmContext cmContext = {0};
214     struct CmParamSet *paramSet = NULL;
215     int32_t ret;
216     struct CmBlob certAlias = { 0, NULL };
217     uint32_t store = CM_CREDENTIAL_STORE;
218 
219     do {
220         struct CmAppCertInfo appCertInfo = { { 0, NULL }, { 0, NULL } };
221         struct CmParamOut params[] = {
222             { .tag = CM_TAG_PARAM0_BUFFER, .blob = &appCertInfo.appCert },
223             { .tag = CM_TAG_PARAM1_BUFFER, .blob = &appCertInfo.appCertPwd },
224             { .tag = CM_TAG_PARAM2_BUFFER, .blob = &certAlias },
225             { .tag = CM_TAG_PARAM3_UINT32, .uint32Param = &store },
226         };
227         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
228         if (ret != CM_SUCCESS) {
229             CM_LOG_E("install app cert get input params failed, ret = %d", ret);
230             break;
231         }
232 
233         ret = CmServicInstallAppCert(&cmContext, &appCertInfo, &certAlias, store, outData);
234         if (ret != CM_SUCCESS) {
235             CM_LOG_E("service install app cert failed, ret = %d", ret);
236             break;
237         }
238     } while (0);
239 
240     struct CmBlob tempBlob = { 0, NULL };
241     CmReport(__func__, &cmContext, &tempBlob, ret);
242 
243     CmSendResponse(context, ret, outData);
244     CmReportSGInstallAppCert(&certAlias, store, ret);
245     CmFreeParamSet(&paramSet);
246     CM_LOG_D("CmIpcServiceInstallAppCert end:%d", ret);
247 }
248 
CmIpcServiceUninstallAppCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)249 void CmIpcServiceUninstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
250     const struct CmContext *context)
251 {
252     int32_t ret;
253     (void)outData;
254     uint32_t store = CM_CREDENTIAL_STORE;
255     struct CmParamSet *paramSet = NULL;
256     struct CmBlob keyUri = { 0, NULL };
257     struct CmContext cmContext = {0};
258 
259     struct CmParamOut params[] = {
260         {
261             .tag = CM_TAG_PARAM0_BUFFER,
262             .blob = &keyUri
263         }, {
264             .tag = CM_TAG_PARAM0_UINT32,
265             .uint32Param = &store
266         },
267     };
268 
269     do {
270         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
271         if (ret != CM_SUCCESS) {
272             CM_LOG_E("UninstallAppCert get input params failed, ret = %d", ret);
273             break;
274         }
275 
276         ret = CmServiceUninstallAppCertCheck(store, &keyUri);
277         if (ret != CM_SUCCESS) {
278             CM_LOG_E("UninstallAppCert CmServiceGetSystemCertCheck failed, ret = %d", ret);
279             break;
280         }
281 
282         ret = CmRemoveAppCert(&cmContext, &keyUri, store);
283         if (ret != CM_SUCCESS) {
284             CM_LOG_E("CmRemoveAppCert fail");
285         }
286     } while (0);
287 
288     CmSendResponse(context, ret, NULL);
289     CmReportSGUninstallAppCert(&keyUri, store, false, ret);
290     CmFreeParamSet(&paramSet);
291     CM_LOG_D("CmIpcServiceUninstallAppCert end:%d", ret);
292 }
293 
CmIpcServiceUninstallAllAppCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)294 void CmIpcServiceUninstallAllAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
295     const struct CmContext *context)
296 {
297     (void)outData;
298     (void)paramSetBlob;
299     int32_t ret = CM_SUCCESS;
300     struct CmContext cmContext = {0};
301 
302     ret = CmGetProcessInfoForIPC(&cmContext);
303     if (ret != CM_SUCCESS) {
304         CM_LOG_E("CmGetProcessInfoForIPC fail, ret = %d", ret);
305     }
306 
307     ret = CmRemoveAllAppCert(&cmContext);
308     if (ret != CM_SUCCESS) {
309         CM_LOG_E("CmRemoveAllAppCert fail");
310     }
311 
312     CmSendResponse(context, ret, NULL);
313     CmReportSGUninstallAppCert(NULL, INIT_INVALID_VALUE, true, ret);
314     CM_LOG_D("CmIpcServiceUninstallAllAppCert end:%d", ret);
315 }
316 
GetAppCertInfo(const struct CmBlob * keyUri,struct CmBlob * certType,struct CmBlob * certUri,struct CmBlob * cerAlias)317 static int32_t GetAppCertInfo(const struct CmBlob *keyUri, struct CmBlob *certType,
318     struct CmBlob *certUri, struct CmBlob *cerAlias)
319 {
320     int32_t ret;
321     struct CMUri uri;
322     (void)memset_s(&uri, sizeof(struct CMUri), 0, sizeof(struct CMUri));
323 
324     do {
325         ret = CertManagerUriDecode(&uri, (char *)keyUri->data);
326         if (ret != CM_SUCCESS) {
327             CM_LOG_E("CertManagerUriDecode failed");
328             break;
329         }
330         if ((uri.type >= TYPE_COUNT) || (uri.object == NULL)) {
331             CM_LOG_E("uri's type[%u] or object is invalid after decode", uri.type);
332             ret = CMR_ERROR;
333             break;
334         }
335 
336         if (memcpy_s(certType->data, certType->size, g_types[uri.type], strlen(g_types[uri.type]) + 1) != EOK) {
337             CM_LOG_E("Failed to copy certType->data");
338             ret = CMR_ERROR;
339             break;
340         }
341         certType->size = strlen(g_types[uri.type]) + 1;
342 
343         if (memcpy_s(certUri->data, certUri->size, keyUri->data, keyUri->size) != EOK) {
344             CM_LOG_E("Failed to copy certUri->data");
345             ret = CMR_ERROR;
346             break;
347         }
348         certUri->size = keyUri->size;
349 
350         if (memcpy_s(cerAlias->data, cerAlias->size, uri.object, strlen(uri.object) + 1) != EOK) {
351             CM_LOG_E("Failed to copy cerAlias->data");
352             ret = CMR_ERROR;
353             break;
354         }
355         cerAlias->size = strlen(uri.object) + 1;
356     } while (0);
357 
358     CertManagerFreeUri(&uri);
359     return ret;
360 }
361 
CmCertListGetAppCertInfo(const struct CmBlob * fileName,struct CmBlob * certType,struct CmBlob * certUri,struct CmBlob * certAlias)362 static int32_t CmCertListGetAppCertInfo(const struct CmBlob *fileName, struct CmBlob *certType,
363     struct CmBlob *certUri,  struct CmBlob *certAlias)
364 {
365     char uriBuf[MAX_LEN_URI] = {0};
366     struct CmBlob keyUri = { sizeof(uriBuf), (uint8_t *)uriBuf };
367 
368     int32_t ret = CmGetUri((char *)fileName->data, &keyUri);
369     if (ret != CM_SUCCESS) {
370         CM_LOG_E("Get uri failed");
371         return ret;
372     }
373 
374     ret = GetAppCertInfo(&keyUri, certType, certUri, certAlias);
375     if (ret != CM_SUCCESS) {
376         CM_LOG_E("GetAppCertInfo failed");
377         return ret;
378     }
379 
380     return ret;
381 }
382 
CmServiceGetAppCertListPack(struct CmBlob * certificateList,const struct CmBlob * fileNames,const uint32_t fileCount)383 static int32_t CmServiceGetAppCertListPack(struct CmBlob *certificateList, const struct CmBlob *fileNames,
384     const uint32_t fileCount)
385 {
386     /* buff struct: cert count + (cert type +  cert uri +  cert alias) * MAX_CERT_COUNT */
387     uint32_t buffSize = sizeof(uint32_t) + (sizeof(uint32_t) + MAX_LEN_SUBJECT_NAME + sizeof(uint32_t) +
388         MAX_LEN_URI + sizeof(uint32_t) + MAX_LEN_CERT_ALIAS) * MAX_COUNT_CERTIFICATE;
389     certificateList->data = (uint8_t *)CmMalloc(buffSize);
390     if (certificateList->data == NULL) {
391         return CMR_ERROR_MALLOC_FAIL;
392     }
393     certificateList->size = buffSize;
394 
395     uint32_t offset = 0;
396     int32_t ret = CopyUint32ToBuffer(fileCount, certificateList, &offset);
397     if (ret != CM_SUCCESS) {
398         CM_LOG_E("Copy certificate count failed");
399         return ret;
400     }
401 
402     for (uint32_t i = 0; i < fileCount; i++) {
403         uint8_t typeBuf[MAX_LEN_SUBJECT_NAME] = {0};
404         struct CmBlob certType = { sizeof(typeBuf), typeBuf };
405         uint8_t certUriBuf[MAX_LEN_URI] = {0};
406         struct CmBlob certUri = { sizeof(certUriBuf), certUriBuf };
407         uint8_t aliasBuf[MAX_LEN_CERT_ALIAS] = {0};
408         struct CmBlob certAlias = { sizeof(aliasBuf), aliasBuf };
409 
410         ret = CmCertListGetAppCertInfo(&fileNames[i], &certType, &certUri, &certAlias);
411         if (ret != CM_SUCCESS) {
412             CM_LOG_E("CmCertListGetAppCertInfo failed");
413             return ret;
414         }
415 
416         ret = CopyBlobToBuffer(&certType, certificateList, &offset);
417         if (ret != CM_SUCCESS) {
418             CM_LOG_E("Copy certType failed");
419             return ret;
420         }
421 
422         ret = CopyBlobToBuffer(&certUri, certificateList, &offset);
423         if (ret != CM_SUCCESS) {
424             CM_LOG_E("Copy certUri failed");
425             return ret;
426         }
427 
428         ret = CopyBlobToBuffer(&certAlias, certificateList, &offset);
429         if (ret != CM_SUCCESS) {
430             CM_LOG_E("Copy certAlies failed");
431             return ret;
432         }
433     }
434 
435     return ret;
436 }
437 
CmIpcServiceGetAppCertList(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)438 void CmIpcServiceGetAppCertList(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
439     const struct CmContext *context)
440 {
441     int32_t ret;
442     (void)outData;
443     uint32_t store;
444     uint32_t fileCount = 0;
445     struct CmContext cmContext = {0};
446     struct CmBlob certificateList = { 0, NULL };
447     struct CmBlob fileNames[MAX_COUNT_CERTIFICATE];
448     uint32_t len = MAX_COUNT_CERTIFICATE * sizeof(struct CmBlob);
449     (void)memset_s(fileNames, len, 0, len);
450     struct CmParamSet *paramSet = NULL;
451     struct CmParamOut params[] = {
452         { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
453     };
454 
455     do {
456         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
457         if (ret != CM_SUCCESS) {
458             CM_LOG_E("CmIpcServiceGetAppCertList get input params failed, ret = %d", ret);
459             break;
460         }
461 
462         ret = CmServiceGetAppCertListCheck(store);
463         if (ret != CM_SUCCESS) {
464             CM_LOG_E("CmServiceGetAppCertListCheck fail, ret = %d", ret);
465             break;
466         }
467 
468         ret = CmServiceGetAppCertList(&cmContext, store, fileNames, MAX_COUNT_CERTIFICATE, &fileCount);
469         if (ret != CM_SUCCESS) {
470             CM_LOG_E("Get App cert list fail, ret = %d", ret);
471             break;
472         }
473 
474         ret = CmServiceGetAppCertListPack(&certificateList, fileNames, fileCount);
475         if (ret != CM_SUCCESS) {
476             CM_LOG_E("CmServiceGetAppCertListPack pack fail, ret = %d", ret);
477         }
478     } while (0);
479 
480     CmSendResponse(context, ret, &certificateList);
481     CmFreeParamSet(&paramSet);
482     CmFreeFileNames(fileNames, fileCount);
483     CM_FREE_BLOB(certificateList);
484     CM_LOG_D("CmIpcServiceGetAppCertList end:%d", ret);
485 }
486 
CopyCertificateInfoToBuffer(const struct CmBlob * certBlob,const struct CmBlob * certificateInfo,uint32_t * offset)487 static int32_t CopyCertificateInfoToBuffer(const struct CmBlob *certBlob,
488     const struct CmBlob *certificateInfo, uint32_t *offset)
489 {
490     if (certBlob->size < (sizeof(struct AppCert) - MAX_LEN_CERTIFICATE_CHAIN)) {
491         CM_LOG_E("certInfo size[%u] invalid", certBlob->size);
492         return CMR_ERROR_INVALID_ARGUMENT;
493     }
494 
495     struct AppCert *appCert = (struct AppCert *)certBlob->data;
496     if ((certBlob->size - (sizeof(struct AppCert) - MAX_LEN_CERTIFICATE_CHAIN)) < appCert->certSize) {
497         CM_LOG_E("certInfo data size[%u] invalid, certSize[%u]", certBlob->size, appCert->certSize);
498         return CMR_ERROR_INVALID_ARGUMENT;
499     }
500 
501     int32_t ret = CopyUint32ToBuffer(appCert->certCount, certificateInfo, offset);
502     if (ret != CM_SUCCESS) {
503         CM_LOG_E("copy appcert->certCount failed");
504         return ret;
505     }
506 
507     ret = CopyUint32ToBuffer(appCert->keyCount, certificateInfo, offset);
508     if (ret != CM_SUCCESS) {
509         CM_LOG_E("get appcert->keyCount failed");
510         return ret;
511     }
512 
513     struct CmBlob appCertBlob = { appCert->certSize, appCert->appCertdata };
514     ret = CopyBlobToBuffer(&appCertBlob, certificateInfo, offset);
515     if (ret != CM_SUCCESS) {
516         CM_LOG_E("Copy appCertBlob failed");
517     }
518 
519     return ret;
520 }
521 
CopyCertSize(const struct CmBlob * certBlob,const struct CmBlob * certificateInfo,uint32_t * offset)522 static int32_t CopyCertSize(const struct CmBlob *certBlob, const struct CmBlob *certificateInfo,
523     uint32_t *offset)
524 {
525     uint32_t certCount = (((certBlob->size > 0) && (certBlob->data != NULL)) ? 1 : 0);
526 
527     int32_t ret = CopyUint32ToBuffer(certCount, certificateInfo, offset);
528     if (ret != CM_SUCCESS) {
529         CM_LOG_E("copy certificateList->size failed");
530         return ret;
531     }
532     if (certCount == 0) {
533         CM_LOG_E("app cert not exist");
534         return CMR_ERROR_NOT_EXIST;
535     }
536     return ret;
537 }
538 
CmAppCertificateInfoPack(struct CmBlob * certificateInfo,const struct CmBlob * certBlob,const struct CmBlob * keyUri)539 static int32_t CmAppCertificateInfoPack(struct CmBlob *certificateInfo,
540     const struct CmBlob *certBlob, const struct CmBlob *keyUri)
541 {
542     /* buff struct: certCount + certType + certAlias + certUri + certNum + keyNum + credData */
543     uint32_t buffSize = sizeof(uint32_t) + sizeof(uint32_t) + MAX_LEN_SUBJECT_NAME +
544         sizeof(uint32_t) + MAX_LEN_CERT_ALIAS + sizeof(uint32_t) + MAX_LEN_URI +
545         sizeof(uint32_t) + sizeof(uint32_t) + sizeof(uint32_t) + MAX_LEN_CERTIFICATE_CHAIN;
546     certificateInfo->data = (uint8_t *)CmMalloc(buffSize);
547     if (certificateInfo->data == NULL) {
548         return CMR_ERROR_MALLOC_FAIL;
549     }
550     certificateInfo->size = buffSize;
551 
552     uint32_t offset = 0;
553     if (CopyCertSize(certBlob, certificateInfo, &offset) != CM_SUCCESS) {
554         return CMR_ERROR_NOT_EXIST;
555     }
556 
557     uint8_t typeBuf[MAX_LEN_SUBJECT_NAME] = {0};
558     uint8_t certUriBuf[MAX_LEN_URI] = {0};
559     uint8_t aliasBuf[MAX_LEN_CERT_ALIAS] = {0};
560     struct CmBlob certType = { sizeof(typeBuf), typeBuf };
561     struct CmBlob certUri = { sizeof(certUriBuf), certUriBuf };
562     struct CmBlob cerAlias = { sizeof(aliasBuf), aliasBuf };
563     int32_t ret = GetAppCertInfo(keyUri, &certType, &certUri, &cerAlias);
564     if (ret != CM_SUCCESS) {
565         CM_LOG_E("GetAppCertInfo failed");
566         return ret;
567     }
568 
569     if (CopyBlobToBuffer(&certType, certificateInfo, &offset) != CM_SUCCESS) {
570         CM_LOG_E("Copy certType failed");
571         return CMR_ERROR;
572     }
573 
574     if (CopyBlobToBuffer(&certUri, certificateInfo, &offset) != CM_SUCCESS) {
575         CM_LOG_E("Copy certUri failed");
576         return CMR_ERROR;
577     }
578 
579     if (CopyBlobToBuffer(&cerAlias, certificateInfo, &offset) != CM_SUCCESS) {
580         CM_LOG_E("Copy cerAlias failed");
581         return CMR_ERROR;
582     }
583 
584     ret = CopyCertificateInfoToBuffer(certBlob, certificateInfo, &offset);
585     if (ret != CM_SUCCESS) {
586         CM_LOG_E("Copy CertificateInfo failed");
587         return ret;
588     }
589 
590     return ret;
591 }
592 
CmIpcServiceGetAppCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)593 void CmIpcServiceGetAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
594     const struct CmContext *context)
595 {
596     int32_t ret;
597     (void)outData;
598     uint32_t store;
599     struct CmBlob keyUri = { 0, NULL };
600     struct CmBlob certificateInfo = { 0, NULL };
601     struct CmBlob certBlob = { 0, NULL };
602     struct CmContext cmContext = {0};
603     struct CmParamSet *paramSet = NULL;
604     struct CmParamOut params[] = {
605         {
606             .tag = CM_TAG_PARAM0_BUFFER,
607             .blob = &keyUri
608         },
609         {
610             .tag = CM_TAG_PARAM0_UINT32,
611             .uint32Param = &store
612         },
613     };
614     do {
615         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
616         if (ret != CM_SUCCESS) {
617             CM_LOG_E("CmIpcServiceGetAppCert get input params failed, ret = %d", ret);
618             break;
619         }
620 
621         ret = CmServiceGetAppCertCheck(store, &keyUri);
622         if (ret != CM_SUCCESS) {
623             CM_LOG_E("GCmServiceGetAppCertCheck fail, ret = %d", ret);
624             break;
625         }
626 
627         ret = CmServiceGetAppCert(&cmContext, store, &keyUri, &certBlob);
628         if (ret != CM_SUCCESS) {
629             CM_LOG_E("Get App cert list fail, ret = %d", ret);
630             break;
631         }
632 
633         ret = CmAppCertificateInfoPack(&certificateInfo, &certBlob, &keyUri);
634         if (ret != CM_SUCCESS) {
635             CM_LOG_E("CmAppCertificateInfoPack fail, ret = %d", ret);
636         }
637     } while (0);
638 
639     CmSendResponse(context, ret, &certificateInfo);
640     CmFreeParamSet(&paramSet);
641     CM_FREE_BLOB(certBlob);
642     CM_FREE_BLOB(certificateInfo);
643     CM_LOG_D("CmIpcServiceGetAppCert end:%d", ret);
644 }
645 
GetAuthedList(const struct CmContext * context,const struct CmBlob * keyUri,struct CmBlob * outData)646 static int32_t GetAuthedList(const struct CmContext *context, const struct CmBlob *keyUri, struct CmBlob *outData)
647 {
648     if (outData->size < sizeof(uint32_t)) { /* appUidCount size */
649         CM_LOG_E("invalid outData size[%u]", outData->size);
650         return CMR_ERROR_INVALID_ARGUMENT;
651     }
652 
653     uint32_t count = (outData->size - sizeof(uint32_t)) / sizeof(uint32_t);
654     struct CmAppUidList appUidList = { count, NULL };
655     if (count != 0) {
656         appUidList.appUid = (uint32_t *)(outData->data + sizeof(uint32_t));
657     }
658 
659     int32_t ret = CmServiceGetAuthorizedAppList(context, keyUri, &appUidList);
660     if (ret != CM_SUCCESS) {
661         CM_LOG_E("service get authed list failed, ret = %d", ret);
662         return ret;
663     }
664 
665     /* refresh outData:  1.refresh appUidCount; 2.appUidCount is no bigger than count */
666     (void)memcpy_s(outData->data, sizeof(uint32_t), &appUidList.appUidCount, sizeof(uint32_t));
667     outData->size = sizeof(uint32_t) + sizeof(uint32_t) * appUidList.appUidCount;
668 
669     return CM_SUCCESS;
670 }
671 
CmIpcServiceGrantAppCertificate(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)672 void CmIpcServiceGrantAppCertificate(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
673     const struct CmContext *context)
674 {
675     struct CmContext cmContext = { 0, 0, {0} };
676     struct CmParamSet *paramSet = NULL;
677     struct CmBlob keyUri = { 0, NULL };
678     uint32_t grantUid = INIT_INVALID_VALUE;
679     int32_t ret;
680     do {
681         struct CmParamOut params[] = {
682             { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri },
683             { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &grantUid },
684         };
685         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
686         if (ret != CM_SUCCESS) {
687             CM_LOG_E("get input params failed, ret = %d", ret);
688             break;
689         }
690 
691         ret = CmServiceGrantAppCertificate(&cmContext, &keyUri, grantUid, outData);
692         if (ret != CM_SUCCESS) {
693             CM_LOG_E("service grant app failed, ret = %d", ret);
694             break;
695         }
696     } while (0);
697 
698     CmReport(__func__, &cmContext, &keyUri, ret);
699 
700     CM_LOG_D("CmIpcServiceGrantAppCertificate end:%d", ret);
701     CmSendResponse(context, ret, outData);
702     CmReportSGGrantAppCert(&keyUri, grantUid, false, ret);
703     CmFreeParamSet(&paramSet);
704 }
705 
CmIpcServiceGetAuthorizedAppList(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)706 void CmIpcServiceGetAuthorizedAppList(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
707     const struct CmContext *context)
708 {
709     struct CmContext cmContext = { 0, 0, {0} };
710     struct CmParamSet *paramSet = NULL;
711     struct CmBlob keyUri = { 0, NULL };
712 
713     int32_t ret;
714     do {
715         struct CmParamOut params[] = {
716             { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri },
717         };
718         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
719         if (ret != CM_SUCCESS) {
720             CM_LOG_E("get input params failed, ret = %d", ret);
721             break;
722         }
723 
724         ret = GetAuthedList(&cmContext, &keyUri, outData);
725         if (ret != CM_SUCCESS) {
726             CM_LOG_E("get authed app list failed, ret = %d", ret);
727             break;
728         }
729     } while (0);
730     CmReport(__func__, &cmContext, &keyUri, ret);
731 
732     CM_LOG_D("CmIpcServiceGetAuthorizedAppList end:%d", ret);
733     CmSendResponse(context, ret, outData);
734     CmFreeParamSet(&paramSet);
735 }
736 
CmIpcServiceIsAuthorizedApp(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)737 void CmIpcServiceIsAuthorizedApp(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
738     const struct CmContext *context)
739 {
740     (void)outData;
741     struct CmContext cmContext = { 0, 0, {0} };
742     struct CmParamSet *paramSet = NULL;
743     struct CmBlob authUri = { 0, NULL };
744 
745     int32_t ret;
746     do {
747         struct CmParamOut params[] = {
748             { .tag = CM_TAG_PARAM0_BUFFER, .blob = &authUri },
749         };
750         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
751         if (ret != CM_SUCCESS) {
752             CM_LOG_E("get input params failed, ret = %d", ret);
753             break;
754         }
755 
756         ret = CmServiceIsAuthorizedApp(&cmContext, &authUri);
757         if (ret != CM_SUCCESS) {
758             CM_LOG_E("service check is authed app failed, ret = %d", ret);
759             break;
760         }
761     } while (0);
762 
763     CmReport(__func__, &cmContext, &authUri, ret);
764     CM_LOG_D("CmIpcServiceIsAuthorizedApp end:%d", ret);
765     CmSendResponse(context, ret, NULL);
766     CmFreeParamSet(&paramSet);
767 }
768 
CmIpcServiceRemoveGrantedApp(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)769 void CmIpcServiceRemoveGrantedApp(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
770     const struct CmContext *context)
771 {
772     struct CmContext cmContext = { 0, 0, {0} };
773     struct CmParamSet *paramSet = NULL;
774     (void)outData;
775     struct CmBlob keyUri = { 0, NULL };
776     uint32_t appUid = INIT_INVALID_VALUE;
777     int32_t ret;
778     do {
779         struct CmParamOut params[] = {
780             { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri },
781             { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &appUid },
782         };
783         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
784         if (ret != CM_SUCCESS) {
785             CM_LOG_E("get input params failed, ret = %d", ret);
786             break;
787         }
788 
789         ret = CmServiceRemoveGrantedApp(&cmContext, &keyUri, appUid);
790         if (ret != CM_SUCCESS) {
791             CM_LOG_E("service remove grant app failed, ret = %d", ret);
792             break;
793         }
794     } while (0);
795     CmReport(__func__, &cmContext, &keyUri, ret);
796 
797     CM_LOG_D("CmIpcServiceRemoveGrantedApp end:%d", ret);
798     CmSendResponse(context, ret, NULL);
799     CmReportSGGrantAppCert(&keyUri, appUid, true, ret);
800     CmFreeParamSet(&paramSet);
801 }
802 
CmIpcServiceInit(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)803 void CmIpcServiceInit(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
804     const struct CmContext *context)
805 {
806     struct CmContext cmContext = { 0, 0, {0} };
807     struct CmParamSet *paramSet = NULL;
808 
809     int32_t ret;
810     do {
811         struct CmBlob authUri = { 0, NULL };
812         struct CmBlob specBlob = { 0, NULL };
813         struct CmParamOut params[] = {
814             { .tag = CM_TAG_PARAM0_BUFFER, .blob = &authUri },
815             { .tag = CM_TAG_PARAM1_BUFFER, .blob = &specBlob },
816         };
817         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
818         if (ret != CM_SUCCESS) {
819             CM_LOG_E("get input params failed, ret = %d", ret);
820             break;
821         }
822 
823         struct CmSignatureSpec spec = { 0 };
824         if (specBlob.size < sizeof(struct CmSignatureSpec)) {
825             CM_LOG_E("invalid input spec size");
826             ret = CMR_ERROR_INVALID_ARGUMENT;
827             break;
828         }
829         (void)memcpy_s(&spec, sizeof(struct CmSignatureSpec), specBlob.data, sizeof(struct CmSignatureSpec));
830 
831         ret = CmServiceInit(&cmContext, &authUri, &spec, outData);
832         if (ret != CM_SUCCESS) {
833             CM_LOG_E("service init failed, ret = %d", ret);
834             break;
835         }
836     } while (0);
837 
838     CM_LOG_D("CmIpcServiceInit end:%d", ret);
839     CmSendResponse(context, ret, outData);
840     CmFreeParamSet(&paramSet);
841 }
842 
CmIpcServiceUpdate(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)843 void CmIpcServiceUpdate(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
844     const struct CmContext *context)
845 {
846     (void)outData;
847     struct CmContext cmContext = { 0, 0, {0} };
848     struct CmParamSet *paramSet = NULL;
849 
850     int32_t ret;
851     do {
852         struct CmBlob handleUpdate = { 0, NULL };
853         struct CmBlob inDataUpdate = { 0, NULL };
854         struct CmParamOut params[] = {
855             { .tag = CM_TAG_PARAM0_BUFFER, .blob = &handleUpdate },
856             { .tag = CM_TAG_PARAM1_BUFFER, .blob = &inDataUpdate },
857         };
858         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
859         if (ret != CM_SUCCESS) {
860             CM_LOG_E("get input params failed, ret = %d", ret);
861             break;
862         }
863 
864         ret = CmServiceUpdate(&cmContext, &handleUpdate, &inDataUpdate);
865         if (ret != CM_SUCCESS) {
866             CM_LOG_E("service update failed, ret = %d", ret);
867             break;
868         }
869     } while (0);
870 
871     CM_LOG_D("CmIpcServiceUpdate end:%d", ret);
872     CmSendResponse(context, ret, NULL);
873     CmFreeParamSet(&paramSet);
874 }
875 
CmIpcServiceFinish(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)876 void CmIpcServiceFinish(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
877     const struct CmContext *context)
878 {
879     struct CmContext cmContext = { 0, 0, {0} };
880     struct CmParamSet *paramSet = NULL;
881 
882     int32_t ret;
883     do {
884         struct CmBlob handleFinish = { 0, NULL };
885         struct CmBlob inDataFinish = { 0, NULL };
886         struct CmParamOut params[] = {
887             { .tag = CM_TAG_PARAM0_BUFFER, .blob = &handleFinish },
888             { .tag = CM_TAG_PARAM1_BUFFER, .blob = &inDataFinish },
889         };
890         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
891         if (ret != CM_SUCCESS) {
892             CM_LOG_E("get input params failed, ret = %d", ret);
893             break;
894         }
895 
896         ret = CmServiceFinish(&cmContext, &handleFinish, &inDataFinish, outData);
897         if (ret != CM_SUCCESS) {
898             CM_LOG_E("service finish failed, ret = %d", ret);
899             break;
900         }
901     } while (0);
902 
903     CM_LOG_D("CmIpcServiceFinish end:%d", ret);
904     CmSendResponse(context, ret, outData);
905     CmFreeParamSet(&paramSet);
906 }
907 
CmIpcServiceAbort(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)908 void CmIpcServiceAbort(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
909     const struct CmContext *context)
910 {
911     (void)outData;
912     struct CmContext cmContext = { 0, 0, {0} };
913     struct CmParamSet *paramSet = NULL;
914 
915     int32_t ret;
916     do {
917         struct CmBlob handle = { 0, NULL };
918         struct CmParamOut params[] = {
919             { .tag = CM_TAG_PARAM0_BUFFER, .blob = &handle },
920         };
921         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
922         if (ret != CM_SUCCESS) {
923             CM_LOG_E("get input params failed, ret = %d", ret);
924             break;
925         }
926 
927         ret = CmServiceAbort(&cmContext, &handle);
928         if (ret != CM_SUCCESS) {
929             CM_LOG_E("service abort failed, ret = %d", ret);
930             break;
931         }
932     } while (0);
933 
934     CM_LOG_D("CmIpcServiceAbort end:%d", ret);
935     CmSendResponse(context, ret, NULL);
936     CmFreeParamSet(&paramSet);
937 }
938 
CmIpcServiceGetUserCertList(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)939 void CmIpcServiceGetUserCertList(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
940     const struct CmContext *context)
941 {
942     int32_t ret = CM_SUCCESS;
943     uint32_t store;
944     struct CmContext cmContext = {0};
945     struct CmParamSet *paramSet = NULL;
946     struct CmMutableBlob certFileList = { 0, NULL };
947     struct CmParamOut params[] = {
948         { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
949     };
950 
951     do {
952         if (!CmHasCommonPermission()) {
953             CM_LOG_E("caller no permission");
954             ret = CMR_ERROR_PERMISSION_DENIED;
955             break;
956         }
957 
958         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
959         if (ret != CM_SUCCESS) {
960             CM_LOG_E("GetUserCertList get input params failed, ret = %d", ret);
961             break;
962         }
963 
964         ret = CmServiceGetCertList(&cmContext, store, &certFileList);
965         if (ret != CM_SUCCESS) {
966             CM_LOG_E("GetCertList failed, ret = %d", ret);
967             break;
968         }
969 
970         ret = CmServiceGetCertListPack(&cmContext, store, &certFileList, outData);
971         if (ret != CM_SUCCESS) {
972             CM_LOG_E("CmServiceGetCertListPack pack fail, ret = %d", ret);
973             break;
974         }
975 
976         CmSendResponse(context, ret, outData);
977     } while (0);
978 
979     struct CmBlob tempBlob = { 0, NULL };
980     CmReport(__func__, &cmContext, &tempBlob, ret);
981 
982     if (ret != CM_SUCCESS) {
983         CmSendResponse(context, ret, NULL);
984     }
985 
986     if (certFileList.data != NULL) {
987         CmFreeCertFiles((struct CertFileInfo *)certFileList.data, certFileList.size);
988     }
989     CmFreeParamSet(&paramSet);
990 }
991 
CmIpcServiceGetUserCertInfo(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)992 void CmIpcServiceGetUserCertInfo(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
993     const struct CmContext *context)
994 {
995     int32_t ret = CM_SUCCESS;
996     uint32_t store;
997     uint32_t status = 0;
998     struct CmBlob certUri = { 0, NULL };
999     struct CmBlob certificateData = { 0, NULL };
1000     struct CmContext cmContext = {0};
1001     struct CmParamSet *paramSet = NULL;
1002     struct CmParamOut params[] = {
1003         { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri},
1004         { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store},
1005     };
1006 
1007     do {
1008         if (!CmHasCommonPermission()) {
1009             CM_LOG_E("caller no permission");
1010             ret = CMR_ERROR_PERMISSION_DENIED;
1011             break;
1012         }
1013 
1014         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
1015         if (ret != CM_SUCCESS) {
1016             CM_LOG_E("GetUserCertInfo get input params failed, ret = %d", ret);
1017             break;
1018         }
1019 
1020         ret = CmServiceGetCertInfo(&cmContext, &certUri, store, &certificateData, &status);
1021         if (ret != CM_SUCCESS) {
1022             CM_LOG_E("GetCertInfo failed, ret = %d", ret);
1023             break;
1024         }
1025 
1026         ret = CmServiceGetCertInfoPack(store, &certificateData, status, &certUri, outData);
1027         if (ret != CM_SUCCESS) {
1028             CM_LOG_E("CmServiceGetCertInfoPack pack failed, ret = %d", ret);
1029             break;
1030         }
1031         CmSendResponse(context, ret, outData);
1032     } while (0);
1033     CmReport(__func__, &cmContext, &certUri, ret);
1034     if (ret != CM_SUCCESS) {
1035         CmSendResponse(context, ret, NULL);
1036     }
1037     CM_FREE_BLOB(certificateData);
1038     CmFreeParamSet(&paramSet);
1039 }
1040 
CmIpcServiceSetUserCertStatus(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1041 void CmIpcServiceSetUserCertStatus(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1042     const struct CmContext *context)
1043 {
1044     int32_t ret = CM_SUCCESS;
1045     uint32_t store = CM_USER_TRUSTED_STORE;
1046     uint32_t status = INIT_INVALID_VALUE;
1047     struct CmBlob certUri = { 0, NULL };
1048     struct CmContext cmContext = {0};
1049     struct CmParamSet *paramSet = NULL;
1050     struct CmParamOut params[] = {
1051         { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri },
1052         { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
1053         { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &status },
1054     };
1055 
1056     do {
1057         if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) {
1058             CM_LOG_E("caller no permission");
1059             ret = CMR_ERROR_PERMISSION_DENIED;
1060             break;
1061         }
1062         if (!CmIsSystemApp()) {
1063             CM_LOG_E("set user status: caller is not system app");
1064             ret = CMR_ERROR_NOT_SYSTEMP_APP;
1065             break;
1066         }
1067 
1068         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
1069         if (ret != CM_SUCCESS) {
1070             CM_LOG_E("SetUserCertStatus get input params failed, ret = %d", ret);
1071             break;
1072         }
1073 
1074         ret = CmServiceSetCertStatus(&cmContext, &certUri, store, status);
1075         if (ret != CM_SUCCESS) {
1076             CM_LOG_E("set user cert status failed, ret = %d", ret);
1077             break;
1078         }
1079         ret = CmSetStatusBakeupCert(&cmContext, &certUri, store, status);
1080         if (ret != CM_SUCCESS) {
1081             CM_LOG_E("CmSetStatusBakeupCert failed, ret = %d", ret);
1082             break;
1083         }
1084     } while (0);
1085 
1086     CmSendResponse(context, ret, NULL);
1087     CmReportSGSetCertStatus(&certUri, store, status, ret);
1088     CmFreeParamSet(&paramSet);
1089 }
1090 
CmIpcServiceInstallUserCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1091 void CmIpcServiceInstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1092     const struct CmContext *context)
1093 {
1094     int32_t ret = CM_SUCCESS;
1095     struct CmBlob userCert = { 0, NULL };
1096     struct CmBlob certAlias = { 0, NULL };
1097     struct CmContext cmContext = {0};
1098     struct CmParamSet *paramSet = NULL;
1099     struct CmParamOut params[] = {
1100         { .tag = CM_TAG_PARAM0_BUFFER, .blob = &userCert },
1101         { .tag = CM_TAG_PARAM1_BUFFER, .blob = &certAlias },
1102     };
1103 
1104     do {
1105         if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) {
1106             CM_LOG_E("caller no permission");
1107             ret = CMR_ERROR_PERMISSION_DENIED;
1108             break;
1109         }
1110         if (!CmIsSystemApp()) {
1111             CM_LOG_E("install user cert: caller is not system app");
1112             ret = CMR_ERROR_NOT_SYSTEMP_APP;
1113             break;
1114         }
1115 
1116         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
1117         if (ret != CM_SUCCESS) {
1118             CM_LOG_E("InstallUserCert get input params failed, ret = %d", ret);
1119             break;
1120         }
1121 
1122         ret = CmInstallUserCert(&cmContext, &userCert, &certAlias, outData);
1123         if (ret != CM_SUCCESS) {
1124             CM_LOG_E("CertManagerInstallUserCert fail, ret = %d", ret);
1125             break;
1126         }
1127 
1128         CmSendResponse(context, ret, outData);
1129     } while (0);
1130 
1131     struct CmBlob tempBlob = { 0, NULL };
1132     CmReport(__func__, &cmContext, &tempBlob, ret);
1133 
1134     if (ret != CM_SUCCESS) {
1135         CmSendResponse(context, ret, NULL);
1136     }
1137     CmReportSGInstallUserCert(&certAlias, ret);
1138     CmFreeParamSet(&paramSet);
1139 }
1140 
CmIpcServiceUninstallUserCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1141 void CmIpcServiceUninstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1142     const struct CmContext *context)
1143 {
1144     (void)outData;
1145     int32_t ret = CM_SUCCESS;
1146     struct CmBlob certUri = { 0, NULL };
1147     struct CmContext cmContext = {0};
1148     struct CmParamSet *paramSet = NULL;
1149     struct CmParamOut params[] = {
1150         { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri },
1151     };
1152 
1153     do {
1154         if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) {
1155             CM_LOG_E("caller no permission");
1156             ret = CMR_ERROR_PERMISSION_DENIED;
1157             break;
1158         }
1159         if (!CmIsSystemApp()) {
1160             CM_LOG_E("uninstall user cert: caller is not system app");
1161             ret = CMR_ERROR_NOT_SYSTEMP_APP;
1162             break;
1163         }
1164 
1165         ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
1166         if (ret != CM_SUCCESS) {
1167             CM_LOG_E("UninstallUserCert get input params failed, ret = %d", ret);
1168             break;
1169         }
1170 
1171         ret = CmUninstallUserCert(&cmContext, &certUri);
1172         if (ret != CM_SUCCESS) {
1173             CM_LOG_E("CertManagerUninstallUserCert fail, ret = %d", ret);
1174             break;
1175         }
1176     } while (0);
1177 
1178     CmReport(__func__, &cmContext, &certUri, ret);
1179     CmSendResponse(context, ret, NULL);
1180     CmReportSGUninstallUserCert(&certUri, false, ret);
1181     CmFreeParamSet(&paramSet);
1182 }
1183 
CmIpcServiceUninstallAllUserCert(const struct CmBlob * paramSetBlob,struct CmBlob * outData,const struct CmContext * context)1184 void CmIpcServiceUninstallAllUserCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
1185     const struct CmContext *context)
1186 {
1187     (void)outData;
1188     int32_t ret = CM_SUCCESS;
1189     struct CmContext cmContext = {0};
1190 
1191     do {
1192         if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) {
1193             CM_LOG_E("caller no permission");
1194             ret = CMR_ERROR_PERMISSION_DENIED;
1195             break;
1196         }
1197         if (!CmIsSystemApp()) {
1198             CM_LOG_E("uninstall all user cert: caller is not system app");
1199             ret = CMR_ERROR_NOT_SYSTEMP_APP;
1200             break;
1201         }
1202 
1203         ret = CmGetProcessInfoForIPC(&cmContext);
1204         if (ret != CM_SUCCESS) {
1205             CM_LOG_E("CmGetProcessInfoForIPC fail, ret = %d", ret);
1206             break;
1207         }
1208 
1209         ret = CmUninstallAllUserCert(&cmContext);
1210         if (ret != CM_SUCCESS) {
1211             CM_LOG_E("CertManagerUninstallAllUserCert fail, ret = %d", ret);
1212             break;
1213         }
1214     } while (0);
1215     CmSendResponse(context, ret, NULL);
1216     CmReportSGUninstallUserCert(NULL, true, ret);
1217 }
1218 
1219