1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "app_control_manager.h"
17
18 #include "ability_manager_helper.h"
19 #include "account_helper.h"
20 #include "app_control_constants.h"
21 #include "app_control_manager_rdb.h"
22 #include "app_jump_interceptor_manager_rdb.h"
23 #include "app_log_wrapper.h"
24 #include "appexecfwk_errors.h"
25 #include "application_info.h"
26 #include "bundle_common_event_mgr.h"
27 #include "bundle_constants.h"
28 #include "bundle_info.h"
29 #include "bundle_mgr_service.h"
30 #include "parameters.h"
31
32 namespace OHOS {
33 namespace AppExecFwk {
34 namespace {
35 const std::string APP_MARKET_CALLING = "app market";
36 const std::string INVALID_MESSAGE = "INVALID_MESSAGE";
37 }
38
AppControlManager()39 AppControlManager::AppControlManager()
40 {
41 appControlManagerDb_ = std::make_shared<AppControlManagerRdb>();
42 bool isAppJumpEnabled = OHOS::system::GetBoolParameter(
43 OHOS::AppExecFwk::PARAMETER_APP_JUMP_INTERCEPTOR_ENABLE, false);
44 APP_LOGE("GetBoolParameter -> isAppJumpEnabled:%{public}s", (isAppJumpEnabled ? "true" : "false"));
45 if (isAppJumpEnabled) {
46 APP_LOGI("App jump intercetor enabled, start init to AppJumpInterceptorManagerRdb");
47 appJumpInterceptorManagerDb_ = std::make_shared<AppJumpInterceptorManagerRdb>();
48 appJumpInterceptorManagerDb_->SubscribeCommonEvent();
49 } else {
50 APP_LOGI("App jump intercetor disabled");
51 }
52 commonEventMgr_ = std::make_shared<BundleCommonEventMgr>();
53 }
54
~AppControlManager()55 AppControlManager::~AppControlManager()
56 {
57 }
58
AddAppInstallControlRule(const std::string & callingName,const std::vector<std::string> & appIds,const std::string & controlRuleType,int32_t userId)59 ErrCode AppControlManager::AddAppInstallControlRule(const std::string &callingName,
60 const std::vector<std::string> &appIds, const std::string &controlRuleType, int32_t userId)
61 {
62 APP_LOGD("AddAppInstallControlRule");
63 auto ret = appControlManagerDb_->AddAppInstallControlRule(callingName, appIds, controlRuleType, userId);
64 if ((ret == ERR_OK) && !isAppInstallControlEnabled_) {
65 isAppInstallControlEnabled_ = true;
66 }
67 return ret;
68 }
69
DeleteAppInstallControlRule(const std::string & callingName,const std::string & controlRuleType,const std::vector<std::string> & appIds,int32_t userId)70 ErrCode AppControlManager::DeleteAppInstallControlRule(const std::string &callingName,
71 const std::string &controlRuleType, const std::vector<std::string> &appIds, int32_t userId)
72 {
73 APP_LOGD("DeleteAppInstallControlRule");
74 auto ret = appControlManagerDb_->DeleteAppInstallControlRule(callingName, controlRuleType, appIds, userId);
75 if ((ret == ERR_OK) && isAppInstallControlEnabled_) {
76 SetAppInstallControlStatus();
77 }
78 return ret;
79 }
80
DeleteAppInstallControlRule(const std::string & callingName,const std::string & controlRuleType,int32_t userId)81 ErrCode AppControlManager::DeleteAppInstallControlRule(const std::string &callingName,
82 const std::string &controlRuleType, int32_t userId)
83 {
84 APP_LOGD("CleanInstallControlRule");
85 auto ret = appControlManagerDb_->DeleteAppInstallControlRule(callingName, controlRuleType, userId);
86 if ((ret == ERR_OK) && isAppInstallControlEnabled_) {
87 SetAppInstallControlStatus();
88 }
89 return ret;
90 }
91
GetAppInstallControlRule(const std::string & callingName,const std::string & controlRuleType,int32_t userId,std::vector<std::string> & appIds)92 ErrCode AppControlManager::GetAppInstallControlRule(const std::string &callingName,
93 const std::string &controlRuleType, int32_t userId, std::vector<std::string> &appIds)
94 {
95 APP_LOGD("GetAppInstallControlRule");
96 return appControlManagerDb_->GetAppInstallControlRule(callingName, controlRuleType, userId, appIds);
97 }
98
AddAppRunningControlRule(const std::string & callingName,const std::vector<AppRunningControlRule> & controlRules,int32_t userId)99 ErrCode AppControlManager::AddAppRunningControlRule(const std::string &callingName,
100 const std::vector<AppRunningControlRule> &controlRules, int32_t userId)
101 {
102 APP_LOGD("AddAppRunningControlRule");
103 std::lock_guard<std::mutex> lock(appRunningControlMutex_);
104 ErrCode ret = appControlManagerDb_->AddAppRunningControlRule(callingName, controlRules, userId);
105 if (ret == ERR_OK) {
106 for (const auto &rule : controlRules) {
107 std::string key = rule.appId + std::string("_") + std::to_string(userId);
108 auto iter = appRunningControlRuleResult_.find(key);
109 if (iter != appRunningControlRuleResult_.end()) {
110 appRunningControlRuleResult_.erase(iter);
111 }
112 }
113 KillRunningApp(controlRules, userId);
114 }
115 return ret;
116 }
117
DeleteAppRunningControlRule(const std::string & callingName,const std::vector<AppRunningControlRule> & controlRules,int32_t userId)118 ErrCode AppControlManager::DeleteAppRunningControlRule(const std::string &callingName,
119 const std::vector<AppRunningControlRule> &controlRules, int32_t userId)
120 {
121 std::lock_guard<std::mutex> lock(appRunningControlMutex_);
122 auto ret = appControlManagerDb_->DeleteAppRunningControlRule(callingName, controlRules, userId);
123 if (ret == ERR_OK) {
124 for (const auto &rule : controlRules) {
125 std::string key = rule.appId + std::string("_") + std::to_string(userId);
126 auto iter = appRunningControlRuleResult_.find(key);
127 if (iter != appRunningControlRuleResult_.end()) {
128 appRunningControlRuleResult_.erase(iter);
129 }
130 }
131 }
132 return ret;
133 }
134
DeleteAppRunningControlRule(const std::string & callingName,int32_t userId)135 ErrCode AppControlManager::DeleteAppRunningControlRule(const std::string &callingName, int32_t userId)
136 {
137 return appControlManagerDb_->DeleteAppRunningControlRule(callingName, userId);
138 }
139
GetAppRunningControlRule(const std::string & callingName,int32_t userId,std::vector<std::string> & appIds)140 ErrCode AppControlManager::GetAppRunningControlRule(
141 const std::string &callingName, int32_t userId, std::vector<std::string> &appIds)
142 {
143 return appControlManagerDb_->GetAppRunningControlRule(callingName, userId, appIds);
144 }
145
ConfirmAppJumpControlRule(const std::string & callerBundleName,const std::string & targetBundleName,int32_t userId)146 ErrCode AppControlManager::ConfirmAppJumpControlRule(const std::string &callerBundleName,
147 const std::string &targetBundleName, int32_t userId)
148 {
149 if (appJumpInterceptorManagerDb_ == nullptr) {
150 APP_LOGE("DataMgr rdb is not init");
151 return ERR_BUNDLE_MANAGER_INTERNAL_ERROR;
152 }
153 return appJumpInterceptorManagerDb_->ConfirmAppJumpControlRule(callerBundleName, targetBundleName, userId);
154 }
155
AddAppJumpControlRule(const std::vector<AppJumpControlRule> & controlRules,int32_t userId)156 ErrCode AppControlManager::AddAppJumpControlRule(const std::vector<AppJumpControlRule> &controlRules, int32_t userId)
157 {
158 if (appJumpInterceptorManagerDb_ == nullptr) {
159 APP_LOGE("DataMgr rdb is not init");
160 return ERR_BUNDLE_MANAGER_INTERNAL_ERROR;
161 }
162 return appJumpInterceptorManagerDb_->AddAppJumpControlRule(controlRules, userId);
163 }
164
DeleteAppJumpControlRule(const std::vector<AppJumpControlRule> & controlRules,int32_t userId)165 ErrCode AppControlManager::DeleteAppJumpControlRule(const std::vector<AppJumpControlRule> &controlRules, int32_t userId)
166 {
167 if (appJumpInterceptorManagerDb_ == nullptr) {
168 APP_LOGE("DataMgr rdb is not init");
169 return ERR_BUNDLE_MANAGER_INTERNAL_ERROR;
170 }
171 return appJumpInterceptorManagerDb_->DeleteAppJumpControlRule(controlRules, userId);
172 }
173
DeleteRuleByCallerBundleName(const std::string & callerBundleName,int32_t userId)174 ErrCode AppControlManager::DeleteRuleByCallerBundleName(const std::string &callerBundleName, int32_t userId)
175 {
176 if (appJumpInterceptorManagerDb_ == nullptr) {
177 APP_LOGE("DataMgr rdb is not init");
178 return ERR_BUNDLE_MANAGER_INTERNAL_ERROR;
179 }
180 return appJumpInterceptorManagerDb_->DeleteRuleByCallerBundleName(callerBundleName, userId);
181 }
182
DeleteRuleByTargetBundleName(const std::string & targetBundleName,int32_t userId)183 ErrCode AppControlManager::DeleteRuleByTargetBundleName(const std::string &targetBundleName, int32_t userId)
184 {
185 if (appJumpInterceptorManagerDb_ == nullptr) {
186 APP_LOGE("DataMgr rdb is not init");
187 return ERR_BUNDLE_MANAGER_INTERNAL_ERROR;
188 }
189 return appJumpInterceptorManagerDb_->DeleteRuleByTargetBundleName(targetBundleName, userId);
190 }
191
GetAppJumpControlRule(const std::string & callerBundleName,const std::string & targetBundleName,int32_t userId,AppJumpControlRule & controlRule)192 ErrCode AppControlManager::GetAppJumpControlRule(const std::string &callerBundleName,
193 const std::string &targetBundleName, int32_t userId, AppJumpControlRule &controlRule)
194 {
195 if (appJumpInterceptorManagerDb_ == nullptr) {
196 APP_LOGE("DataMgr rdb is not init");
197 return ERR_BUNDLE_MANAGER_INTERNAL_ERROR;
198 }
199 auto ret = appJumpInterceptorManagerDb_->GetAppJumpControlRule(callerBundleName, targetBundleName,
200 userId, controlRule);
201 return ret;
202 }
203
SetDisposedStatus(const std::string & appId,const Want & want,int32_t userId)204 ErrCode AppControlManager::SetDisposedStatus(const std::string &appId, const Want& want, int32_t userId)
205 {
206 auto ret = appControlManagerDb_->SetDisposedStatus(APP_MARKET_CALLING, appId, want, userId);
207 if (ret != ERR_OK) {
208 APP_LOGE("SetDisposedStatus to rdb failed");
209 return ret;
210 }
211 std::string key = appId + std::string("_") + std::to_string(userId);
212 std::lock_guard<std::mutex> lock(appRunningControlMutex_);
213 auto iter = appRunningControlRuleResult_.find(key);
214 if (iter != appRunningControlRuleResult_.end()) {
215 appRunningControlRuleResult_.erase(iter);
216 }
217 commonEventMgr_->NotifySetDiposedRule(appId, userId, want.ToString());
218 return ERR_OK;
219 }
220
DeleteDisposedStatus(const std::string & appId,int32_t userId)221 ErrCode AppControlManager::DeleteDisposedStatus(const std::string &appId, int32_t userId)
222 {
223 auto ret = appControlManagerDb_->DeleteDisposedStatus(APP_MARKET_CALLING, appId, userId);
224 if (ret != ERR_OK) {
225 APP_LOGE("DeleteDisposedStatus to rdb failed");
226 return ret;
227 }
228 std::string key = appId + std::string("_") + std::to_string(userId);
229 std::lock_guard<std::mutex> lock(appRunningControlMutex_);
230 auto iter = appRunningControlRuleResult_.find(key);
231 if (iter != appRunningControlRuleResult_.end()) {
232 appRunningControlRuleResult_.erase(iter);
233 }
234 commonEventMgr_->NotifyDeleteDiposedRule(appId, userId);
235 return ERR_OK;
236 }
237
GetDisposedStatus(const std::string & appId,Want & want,int32_t userId)238 ErrCode AppControlManager::GetDisposedStatus(const std::string &appId, Want& want, int32_t userId)
239 {
240 return appControlManagerDb_->GetDisposedStatus(
241 APP_MARKET_CALLING, appId, want, userId);
242 }
243
GetAppRunningControlRule(const std::string & bundleName,int32_t userId,AppRunningControlRuleResult & controlRuleResult)244 ErrCode AppControlManager::GetAppRunningControlRule(
245 const std::string &bundleName, int32_t userId, AppRunningControlRuleResult &controlRuleResult)
246 {
247 auto dataMgr = DelayedSingleton<BundleMgrService>::GetInstance()->GetDataMgr();
248 if (dataMgr == nullptr) {
249 APP_LOGE("DataMgr is nullptr");
250 return ERR_BUNDLE_MANAGER_INTERNAL_ERROR;
251 }
252 BundleInfo bundleInfo;
253 ErrCode ret = dataMgr->GetBundleInfoV9(bundleName,
254 static_cast<int32_t>(GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_DISABLE), bundleInfo, userId);
255 if (ret != ERR_OK) {
256 APP_LOGW("DataMgr GetBundleInfoV9 failed");
257 return ret;
258 }
259 std::string key = bundleInfo.appId + std::string("_") + std::to_string(userId);
260 std::lock_guard<std::mutex> lock(appRunningControlMutex_);
261 if (appRunningControlRuleResult_.find(key) != appRunningControlRuleResult_.end()) {
262 controlRuleResult = appRunningControlRuleResult_[key];
263 if (controlRuleResult.controlMessage == INVALID_MESSAGE) {
264 controlRuleResult.controlMessage = std::string();
265 return ERR_BUNDLE_MANAGER_BUNDLE_NOT_SET_CONTROL;
266 }
267 return ERR_OK;
268 }
269 ret = appControlManagerDb_->GetAppRunningControlRule(bundleInfo.appId, userId, controlRuleResult);
270 if (ret != ERR_OK) {
271 controlRuleResult.controlMessage = INVALID_MESSAGE;
272 }
273 appRunningControlRuleResult_.emplace(key, controlRuleResult);
274 return ret;
275 }
276
KillRunningApp(const std::vector<AppRunningControlRule> & rules,int32_t userId) const277 void AppControlManager::KillRunningApp(const std::vector<AppRunningControlRule> &rules, int32_t userId) const
278 {
279 auto dataMgr = DelayedSingleton<BundleMgrService>::GetInstance()->GetDataMgr();
280 if (dataMgr == nullptr) {
281 APP_LOGE("dataMgr is null");
282 return;
283 }
284 std::for_each(rules.cbegin(), rules.cend(), [&dataMgr, userId](const auto &rule) {
285 std::string bundleName = dataMgr->GetBundleNameByAppId(rule.appId);
286 if (bundleName.empty()) {
287 APP_LOGW("GetBundleNameByAppId failed");
288 return;
289 }
290 BundleInfo bundleInfo;
291 ErrCode ret = dataMgr->GetBundleInfoV9(
292 bundleName, static_cast<int32_t>(GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_DISABLE), bundleInfo, userId);
293 if (ret != ERR_OK) {
294 APP_LOGW("GetBundleInfoV9 failed");
295 return;
296 }
297 AbilityManagerHelper::UninstallApplicationProcesses(bundleName, bundleInfo.uid);
298 });
299 }
300
IsAppInstallControlEnabled() const301 bool AppControlManager::IsAppInstallControlEnabled() const
302 {
303 return isAppInstallControlEnabled_;
304 }
305
SetAppInstallControlStatus()306 void AppControlManager::SetAppInstallControlStatus()
307 {
308 isAppInstallControlEnabled_ = false;
309 std::vector<std::string> appIds;
310 int32_t currentUserId = AccountHelper::GetCurrentActiveUserId();
311 if (currentUserId == Constants::INVALID_USERID) {
312 currentUserId = Constants::START_USERID;
313 }
314 ErrCode ret = appControlManagerDb_->GetAppInstallControlRule(AppControlConstants::EDM_CALLING,
315 AppControlConstants::APP_DISALLOWED_UNINSTALL, currentUserId, appIds);
316 if ((ret == ERR_OK) && !appIds.empty()) {
317 isAppInstallControlEnabled_ = true;
318 }
319 }
320
SetDisposedRule(const std::string & callerName,const std::string & appId,const DisposedRule & rule,int32_t userId)321 ErrCode AppControlManager::SetDisposedRule(
322 const std::string &callerName, const std::string &appId, const DisposedRule& rule, int32_t userId)
323 {
324 auto ret = appControlManagerDb_->SetDisposedRule(callerName, appId, rule, userId);
325 if (ret != ERR_OK) {
326 APP_LOGE("SetDisposedStatus to rdb failed");
327 return ret;
328 }
329 std::string key = appId + std::string("_") + std::to_string(userId);
330 {
331 std::lock_guard<std::mutex> lock(abilityRunningControlRuleMutex_);
332 auto iter = abilityRunningControlRuleCache_.find(key);
333 if (iter != abilityRunningControlRuleCache_.end()) {
334 abilityRunningControlRuleCache_.erase(iter);
335 }
336 }
337 commonEventMgr_->NotifySetDiposedRule(appId, userId, rule.ToString());
338 return ERR_OK;
339 }
340
GetDisposedRule(const std::string & callerName,const std::string & appId,DisposedRule & rule,int32_t userId)341 ErrCode AppControlManager::GetDisposedRule(
342 const std::string &callerName, const std::string &appId, DisposedRule& rule, int32_t userId)
343 {
344 auto ret = appControlManagerDb_->GetDisposedRule(callerName, appId, rule, userId);
345 if (ret != ERR_OK) {
346 APP_LOGE("GetDisposedRule to rdb failed");
347 return ret;
348 }
349 return ERR_OK;
350 }
351
DeleteDisposedRule(const std::string & callerName,const std::string & appId,int32_t userId)352 ErrCode AppControlManager::DeleteDisposedRule(
353 const std::string &callerName, const std::string &appId, int32_t userId)
354 {
355 auto ret = appControlManagerDb_->DeleteDisposedRule(callerName, appId, userId);
356 if (ret != ERR_OK) {
357 APP_LOGE("DeleteDisposedRule to rdb failed");
358 return ret;
359 }
360 std::string key = appId + std::string("_") + std::to_string(userId);
361 {
362 std::lock_guard<std::mutex> lock(abilityRunningControlRuleMutex_);
363 auto iter = abilityRunningControlRuleCache_.find(key);
364 if (iter != abilityRunningControlRuleCache_.end()) {
365 abilityRunningControlRuleCache_.erase(iter);
366 }
367 }
368 commonEventMgr_->NotifyDeleteDiposedRule(appId, userId);
369 return ERR_OK;
370 }
371
DeleteAllDisposedRuleByBundle(const std::string & appId,int32_t userId)372 ErrCode AppControlManager::DeleteAllDisposedRuleByBundle(const std::string &appId, int32_t userId)
373 {
374 auto ret = appControlManagerDb_->DeleteAllDisposedRuleByBundle(appId, userId);
375 if (ret != ERR_OK) {
376 APP_LOGE("DeleteAllDisposedRuleByBundle to rdb failed");
377 return ret;
378 }
379 std::string key = appId + std::string("_") + std::to_string(userId);
380 std::lock_guard<std::mutex> lock(appRunningControlMutex_);
381 auto iter = appRunningControlRuleResult_.find(key);
382 if (iter != appRunningControlRuleResult_.end()) {
383 appRunningControlRuleResult_.erase(iter);
384 }
385 {
386 std::lock_guard<std::mutex> cacheLock(abilityRunningControlRuleMutex_);
387 auto cacheIter = abilityRunningControlRuleCache_.find(key);
388 if (cacheIter != abilityRunningControlRuleCache_.end()) {
389 abilityRunningControlRuleCache_.erase(cacheIter);
390 }
391 }
392 commonEventMgr_->NotifyDeleteDiposedRule(appId, userId);
393 return ERR_OK;
394 }
395
GetAbilityRunningControlRule(const std::string & bundleName,int32_t userId,std::vector<DisposedRule> & disposedRules)396 ErrCode AppControlManager::GetAbilityRunningControlRule(
397 const std::string &bundleName, int32_t userId, std::vector<DisposedRule>& disposedRules)
398 {
399 auto dataMgr = DelayedSingleton<BundleMgrService>::GetInstance()->GetDataMgr();
400 if (dataMgr == nullptr) {
401 APP_LOGE("DataMgr is nullptr");
402 return ERR_BUNDLE_MANAGER_INTERNAL_ERROR;
403 }
404 BundleInfo bundleInfo;
405 ErrCode ret = dataMgr->GetBundleInfoV9(bundleName,
406 static_cast<int32_t>(GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_DISABLE), bundleInfo, userId);
407 if (ret != ERR_OK) {
408 APP_LOGW("DataMgr GetBundleInfoV9 failed");
409 return ret;
410 }
411 std::string key = bundleInfo.appId + std::string("_") + std::to_string(userId);
412 std::lock_guard<std::mutex> lock(abilityRunningControlRuleMutex_);
413 auto iter = abilityRunningControlRuleCache_.find(key);
414 if (iter != abilityRunningControlRuleCache_.end()) {
415 disposedRules = iter->second;
416 return ERR_OK;
417 }
418 ret = appControlManagerDb_->GetAbilityRunningControlRule(bundleInfo.appId, userId, disposedRules);
419 if (ret != ERR_OK) {
420 APP_LOGW("GetAbilityRunningControlRule from rdb failed");
421 return ret;
422 }
423 abilityRunningControlRuleCache_[key] = disposedRules;
424 return ret;
425 }
426 }
427 }