1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "sec_comp_stub.h"
16
17 #include "accesstoken_kit.h"
18 #include "ipc_skeleton.h"
19 #include "sec_comp_click_event_parcel.h"
20 #include "sec_comp_err.h"
21 #include "sec_comp_log.h"
22
23 namespace OHOS {
24 namespace Security {
25 namespace SecurityComponent {
26 namespace {
27 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_SECURITY_COMPONENT, "SecCompStub"};
28 static constexpr int32_t ROOT_UID = 0;
29 static constexpr int32_t BASE_USER_RANGE = 200000;
30 } // namespace
31
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)32 int32_t SecCompStub::OnRemoteRequest(
33 uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option)
34 {
35 std::u16string descripter = SecCompStub::GetDescriptor();
36 std::u16string remoteDescripter = data.ReadInterfaceToken();
37 if (descripter != remoteDescripter) {
38 SC_LOG_ERROR(LABEL, "Deal remote request fail, descriptor is not matched");
39 return SC_SERVICE_ERROR_IPC_REQUEST_FAIL;
40 }
41
42 auto funcIter = requestFuncMap_.find(code);
43 if (funcIter != requestFuncMap_.end()) {
44 auto func = funcIter->second;
45 if (func != nullptr) {
46 return (this->*func)(data, reply);
47 }
48 }
49 return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
50 }
51
RegisterSecurityComponentInner(MessageParcel & data,MessageParcel & reply)52 int32_t SecCompStub::RegisterSecurityComponentInner(MessageParcel& data, MessageParcel& reply)
53 {
54 uint32_t type;
55 if (!data.ReadUint32(type)) {
56 SC_LOG_ERROR(LABEL, "Register read component type fail");
57 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
58 }
59
60 if (type <= UNKNOWN_SC_TYPE || type >= MAX_SC_TYPE) {
61 SC_LOG_ERROR(LABEL, "Register security component type invalid");
62 return SC_SERVICE_ERROR_VALUE_INVALID;
63 }
64
65 std::string componentInfo;
66 if (!data.ReadString(componentInfo)) {
67 SC_LOG_ERROR(LABEL, "Register read component info fail");
68 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
69 }
70
71 int32_t scId = INVALID_SC_ID;
72 int32_t res = this->RegisterSecurityComponent(static_cast<SecCompType>(type), componentInfo, scId);
73 if (!reply.WriteInt32(res)) {
74 SC_LOG_ERROR(LABEL, "Register security component result fail");
75 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
76 }
77
78 if (!reply.WriteInt32(scId)) {
79 SC_LOG_ERROR(LABEL, "Register security component result fail");
80 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
81 }
82
83 return SC_OK;
84 }
85
UpdateSecurityComponentInner(MessageParcel & data,MessageParcel & reply)86 int32_t SecCompStub::UpdateSecurityComponentInner(MessageParcel& data, MessageParcel& reply)
87 {
88 int32_t scId;
89 if (!data.ReadInt32(scId)) {
90 SC_LOG_ERROR(LABEL, "Update read component id fail");
91 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
92 }
93
94 if (scId < 0) {
95 SC_LOG_ERROR(LABEL, "Update security component id invalid");
96 return SC_SERVICE_ERROR_VALUE_INVALID;
97 }
98
99 std::string componentInfo;
100 if (!data.ReadString(componentInfo)) {
101 SC_LOG_ERROR(LABEL, "Update read component info fail");
102 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
103 }
104
105 int32_t res = this->UpdateSecurityComponent(scId, componentInfo);
106 if (!reply.WriteInt32(res)) {
107 SC_LOG_ERROR(LABEL, "Update security component result fail");
108 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
109 }
110
111 return res;
112 }
113
UnregisterSecurityComponentInner(MessageParcel & data,MessageParcel & reply)114 int32_t SecCompStub::UnregisterSecurityComponentInner(MessageParcel& data, MessageParcel& reply)
115 {
116 int32_t scId;
117 if (!data.ReadInt32(scId)) {
118 SC_LOG_ERROR(LABEL, "Unreigster read component id fail");
119 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
120 }
121
122 if (scId < 0) {
123 SC_LOG_ERROR(LABEL, "Unreigster security component id invalid");
124 return SC_SERVICE_ERROR_VALUE_INVALID;
125 }
126
127 int32_t res = this->UnregisterSecurityComponent(scId);
128 if (!reply.WriteInt32(res)) {
129 SC_LOG_ERROR(LABEL, "Unregister security component result fail");
130 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
131 }
132 return SC_OK;
133 }
134
ReportSecurityComponentClickEventInner(MessageParcel & data,MessageParcel & reply)135 int32_t SecCompStub::ReportSecurityComponentClickEventInner(MessageParcel& data, MessageParcel& reply)
136 {
137 int32_t scId;
138 if (!data.ReadInt32(scId)) {
139 SC_LOG_ERROR(LABEL, "Report read component id fail");
140 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
141 }
142
143 if (scId < 0) {
144 SC_LOG_ERROR(LABEL, "Report security component id invalid");
145 return SC_SERVICE_ERROR_VALUE_INVALID;
146 }
147
148 std::string componentInfo;
149 if (!data.ReadString(componentInfo)) {
150 SC_LOG_ERROR(LABEL, "Report read component info fail");
151 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
152 }
153 sptr<SecCompClickEventParcel> clickInfoParcel = data.ReadParcelable<SecCompClickEventParcel>();
154 if (clickInfoParcel == nullptr) {
155 SC_LOG_ERROR(LABEL, "Report read clickInfo info fail");
156 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
157 }
158
159 sptr<IRemoteObject> callerToken = data.ReadRemoteObject();
160 if (callerToken == nullptr) {
161 SC_LOG_ERROR(LABEL, "callerToken is nullptr");
162 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
163 }
164 int32_t res =
165 this->ReportSecurityComponentClickEvent(scId, componentInfo, clickInfoParcel->clickInfoParams_, callerToken);
166 if (!reply.WriteInt32(res)) {
167 SC_LOG_ERROR(LABEL, "Report security component result fail");
168 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
169 }
170 return SC_OK;
171 }
172
VerifySavePermissionInner(MessageParcel & data,MessageParcel & reply)173 int32_t SecCompStub::VerifySavePermissionInner(MessageParcel& data, MessageParcel& reply)
174 {
175 if (!IsMediaLibraryCalling()) {
176 SC_LOG_ERROR(LABEL, "Not medialibrary called");
177 return SC_SERVICE_ERROR_CALLER_INVALID;
178 }
179 uint32_t tokenId;
180 if (!data.ReadUint32(tokenId)) {
181 SC_LOG_ERROR(LABEL, "Verify read component id fail");
182 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
183 }
184
185 if (tokenId == 0) {
186 SC_LOG_ERROR(LABEL, "Verify AccessTokenId invalid");
187 return SC_SERVICE_ERROR_VALUE_INVALID;
188 }
189
190 bool res = this->VerifySavePermission(tokenId);
191 if (!reply.WriteBool(res)) {
192 SC_LOG_ERROR(LABEL, "Verify temp save permission result fail");
193 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
194 }
195 return SC_OK;
196 }
197
GetEnhanceRemoteObjectInner(MessageParcel & data,MessageParcel & reply)198 int32_t SecCompStub::GetEnhanceRemoteObjectInner(MessageParcel& data, MessageParcel& reply)
199 {
200 auto res = this->GetEnhanceRemoteObject();
201 if (!reply.WriteRemoteObject(res)) {
202 SC_LOG_ERROR(LABEL, "Security component enhance remote object fail");
203 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
204 }
205 return SC_OK;
206 }
207
PreRegisterSecCompProcessInner(MessageParcel & data,MessageParcel & reply)208 int32_t SecCompStub::PreRegisterSecCompProcessInner(MessageParcel& data, MessageParcel& reply)
209 {
210 int32_t res = this->PreRegisterSecCompProcess();
211 if (!reply.WriteInt32(res)) {
212 SC_LOG_ERROR(LABEL, "preRegister write result fail");
213 return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
214 }
215 return SC_OK;
216 }
217
IsMediaLibraryCalling()218 bool SecCompStub::IsMediaLibraryCalling()
219 {
220 int32_t uid = IPCSkeleton::GetCallingUid();
221 if (uid == ROOT_UID) {
222 return true;
223 }
224 int32_t userId = uid / BASE_USER_RANGE;
225 uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID();
226 if (mediaLibraryTokenId_ == 0) {
227 mediaLibraryTokenId_ = AccessToken::AccessTokenKit::GetHapTokenID(
228 userId, "com.ohos.medialibrary.medialibrarydata", 0);
229 }
230 return tokenCaller == mediaLibraryTokenId_;
231 }
232
SecCompStub()233 SecCompStub::SecCompStub()
234 {
235 requestFuncMap_[static_cast<uint32_t>(SecurityComponentServiceInterfaceCode::REGISTER_SECURITY_COMPONENT)] =
236 &SecCompStub::RegisterSecurityComponentInner;
237 requestFuncMap_[static_cast<uint32_t>(SecurityComponentServiceInterfaceCode::UPDATE_SECURITY_COMPONENT)] =
238 &SecCompStub::UpdateSecurityComponentInner;
239 requestFuncMap_[static_cast<uint32_t>(SecurityComponentServiceInterfaceCode::UNREGISTER_SECURITY_COMPONENT)] =
240 &SecCompStub::UnregisterSecurityComponentInner;
241 requestFuncMap_[static_cast<uint32_t>(
242 SecurityComponentServiceInterfaceCode::REPORT_SECURITY_COMPONENT_CLICK_EVENT)] =
243 &SecCompStub::ReportSecurityComponentClickEventInner;
244 requestFuncMap_[static_cast<uint32_t>(SecurityComponentServiceInterfaceCode::VERIFY_TEMP_SAVE_PERMISSION)] =
245 &SecCompStub::VerifySavePermissionInner;
246 requestFuncMap_[static_cast<uint32_t>(
247 SecurityComponentServiceInterfaceCode::GET_SECURITY_COMPONENT_ENHANCE_OBJECT)] =
248 &SecCompStub::GetEnhanceRemoteObjectInner;
249 requestFuncMap_[static_cast<uint32_t>(
250 SecurityComponentServiceInterfaceCode::PRE_REGISTER_PROCESS)] =
251 &SecCompStub::PreRegisterSecCompProcessInner;
252 }
253
~SecCompStub()254 SecCompStub::~SecCompStub()
255 {
256 SC_LOG_ERROR(LABEL, "~SecCompStub");
257 requestFuncMap_.clear();
258 SC_LOG_ERROR(LABEL, "~SecCompStub end");
259 }
260 } // namespace SecurityComponent
261 } // namespace Security
262 } // namespace OHOS
263