1 /*
2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "bundle_installer_host.h"
17
18 #include "app_log_wrapper.h"
19 #include "appexecfwk_errors.h"
20 #include "bundle_constants.h"
21 #include "bundle_framework_core_ipc_interface_code.h"
22 #include "bundle_memory_guard.h"
23 #include "bundle_permission_mgr.h"
24 #include "bundle_sandbox_app_helper.h"
25 #include "bundle_util.h"
26 #include "ffrt.h"
27 #include "installd_client.h"
28 #include "ipc_skeleton.h"
29 #include "ipc_types.h"
30 #include "string_ex.h"
31
32 namespace OHOS {
33 namespace AppExecFwk {
34 namespace {
35 const std::string GET_MANAGER_FAIL = "fail to get bundle installer manager";
36 int32_t INVALID_APP_INDEX = 0;
37 int32_t LOWER_DLP_TYPE_BOUND = 0;
38 int32_t UPPER_DLP_TYPE_BOUND = 3;
39 } // namespace
40
BundleInstallerHost()41 BundleInstallerHost::BundleInstallerHost()
42 {
43 APP_LOGI("create bundle installer host instance");
44 }
45
~BundleInstallerHost()46 BundleInstallerHost::~BundleInstallerHost()
47 {
48 APP_LOGI("destroy bundle installer host instance");
49 }
50
Init()51 bool BundleInstallerHost::Init()
52 {
53 APP_LOGD("begin to init");
54 manager_ = std::make_shared<BundleInstallerManager>();
55 APP_LOGD("init successfully");
56 return true;
57 }
58
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)59 int BundleInstallerHost::OnRemoteRequest(
60 uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option)
61 {
62 BundleMemoryGuard memoryGuard;
63 APP_LOGD("bundle installer host onReceived message, the message code is %{public}u", code);
64
65 std::u16string descripter = GetDescriptor();
66 std::u16string remoteDescripter = data.ReadInterfaceToken();
67 if (descripter != remoteDescripter) {
68 APP_LOGE("fail to write reply message in bundle mgr host due to the reply is nullptr");
69 return OBJECT_NULL;
70 }
71
72 switch (code) {
73 case static_cast<uint32_t>(BundleInstallerInterfaceCode::INSTALL):
74 HandleInstallMessage(data);
75 break;
76 case static_cast<uint32_t>(BundleInstallerInterfaceCode::INSTALL_MULTIPLE_HAPS):
77 HandleInstallMultipleHapsMessage(data);
78 break;
79 case static_cast<uint32_t>(BundleInstallerInterfaceCode::UNINSTALL):
80 HandleUninstallMessage(data);
81 break;
82 case static_cast<uint32_t>(BundleInstallerInterfaceCode::UNINSTALL_MODULE):
83 HandleUninstallModuleMessage(data);
84 break;
85 case static_cast<uint32_t>(BundleInstallerInterfaceCode::UNINSTALL_BY_UNINSTALL_PARAM):
86 HandleUninstallByUninstallParam(data);
87 break;
88 case static_cast<uint32_t>(BundleInstallerInterfaceCode::RECOVER):
89 HandleRecoverMessage(data);
90 break;
91 case static_cast<uint32_t>(BundleInstallerInterfaceCode::INSTALL_SANDBOX_APP):
92 HandleInstallSandboxApp(data, reply);
93 break;
94 case static_cast<uint32_t>(BundleInstallerInterfaceCode::UNINSTALL_SANDBOX_APP):
95 HandleUninstallSandboxApp(data, reply);
96 break;
97 case static_cast<uint32_t>(BundleInstallerInterfaceCode::CREATE_STREAM_INSTALLER):
98 HandleCreateStreamInstaller(data, reply);
99 break;
100 case static_cast<uint32_t>(BundleInstallerInterfaceCode::DESTORY_STREAM_INSTALLER):
101 HandleDestoryBundleStreamInstaller(data, reply);
102 break;
103 default:
104 return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
105 }
106 return NO_ERROR;
107 }
108
HandleInstallMessage(MessageParcel & data)109 void BundleInstallerHost::HandleInstallMessage(MessageParcel &data)
110 {
111 APP_LOGD("handle install message");
112 std::string bundlePath = Str16ToStr8(data.ReadString16());
113 std::unique_ptr<InstallParam> installParam(data.ReadParcelable<InstallParam>());
114 if (installParam == nullptr) {
115 APP_LOGE("ReadParcelable<InstallParam> failed");
116 return;
117 }
118 sptr<IRemoteObject> object = data.ReadRemoteObject();
119 if (object == nullptr) {
120 APP_LOGE("read failed");
121 return;
122 }
123 sptr<IStatusReceiver> statusReceiver = iface_cast<IStatusReceiver>(object);
124 installParam->withCopyHaps = true;
125 Install(bundlePath, *installParam, statusReceiver);
126 APP_LOGD("handle install message finished");
127 }
128
HandleRecoverMessage(MessageParcel & data)129 void BundleInstallerHost::HandleRecoverMessage(MessageParcel &data)
130 {
131 APP_LOGD("handle install message by bundleName");
132 std::string bundleName = Str16ToStr8(data.ReadString16());
133 std::unique_ptr<InstallParam> installParam(data.ReadParcelable<InstallParam>());
134 if (installParam == nullptr) {
135 APP_LOGE("ReadParcelable<InstallParam> failed");
136 return;
137 }
138 sptr<IRemoteObject> object = data.ReadRemoteObject();
139 if (object == nullptr) {
140 APP_LOGE("read failed");
141 return;
142 }
143 sptr<IStatusReceiver> statusReceiver = iface_cast<IStatusReceiver>(object);
144
145 Recover(bundleName, *installParam, statusReceiver);
146 APP_LOGD("handle install message by bundleName finished");
147 }
148
HandleInstallMultipleHapsMessage(MessageParcel & data)149 void BundleInstallerHost::HandleInstallMultipleHapsMessage(MessageParcel &data)
150 {
151 APP_LOGD("handle install multiple haps message");
152 int32_t size = data.ReadInt32();
153 if (size > Constants::MAX_HAP_NUMBER) {
154 APP_LOGE("bundle path size is greater than the max hap number 128");
155 return;
156 }
157 std::vector<std::string> pathVec;
158 for (int i = 0; i < size; ++i) {
159 pathVec.emplace_back(Str16ToStr8(data.ReadString16()));
160 }
161 if (size == 0 || pathVec.empty()) {
162 APP_LOGE("inputted bundlepath vector is empty");
163 return;
164 }
165 std::unique_ptr<InstallParam> installParam(data.ReadParcelable<InstallParam>());
166 if (installParam == nullptr) {
167 APP_LOGE("ReadParcelable<InstallParam> failed");
168 return;
169 }
170 sptr<IRemoteObject> object = data.ReadRemoteObject();
171 if (object == nullptr) {
172 APP_LOGE("read failed");
173 return;
174 }
175 sptr<IStatusReceiver> statusReceiver = iface_cast<IStatusReceiver>(object);
176 installParam->withCopyHaps = true;
177 Install(pathVec, *installParam, statusReceiver);
178 APP_LOGD("handle install multiple haps finished");
179 }
180
HandleUninstallMessage(MessageParcel & data)181 void BundleInstallerHost::HandleUninstallMessage(MessageParcel &data)
182 {
183 APP_LOGD("handle uninstall message");
184 std::string bundleName = Str16ToStr8(data.ReadString16());
185 std::unique_ptr<InstallParam> installParam(data.ReadParcelable<InstallParam>());
186 if (installParam == nullptr) {
187 APP_LOGE("ReadParcelable<InstallParam> failed");
188 return;
189 }
190 sptr<IRemoteObject> object = data.ReadRemoteObject();
191 if (object == nullptr) {
192 APP_LOGE("read failed");
193 return;
194 }
195 sptr<IStatusReceiver> statusReceiver = iface_cast<IStatusReceiver>(object);
196
197 Uninstall(bundleName, *installParam, statusReceiver);
198 APP_LOGD("handle uninstall message finished");
199 }
200
HandleUninstallModuleMessage(MessageParcel & data)201 void BundleInstallerHost::HandleUninstallModuleMessage(MessageParcel &data)
202 {
203 APP_LOGD("handle uninstall module message");
204 std::string bundleName = Str16ToStr8(data.ReadString16());
205 std::string modulePackage = Str16ToStr8(data.ReadString16());
206 std::unique_ptr<InstallParam> installParam(data.ReadParcelable<InstallParam>());
207 if (installParam == nullptr) {
208 APP_LOGE("ReadParcelable<InstallParam> failed");
209 return;
210 }
211 sptr<IRemoteObject> object = data.ReadRemoteObject();
212 if (object == nullptr) {
213 APP_LOGE("read failed");
214 return;
215 }
216 sptr<IStatusReceiver> statusReceiver = iface_cast<IStatusReceiver>(object);
217 Uninstall(bundleName, modulePackage, *installParam, statusReceiver);
218 APP_LOGD("handle uninstall message finished");
219 }
220
HandleUninstallByUninstallParam(MessageParcel & data)221 void BundleInstallerHost::HandleUninstallByUninstallParam(MessageParcel &data)
222 {
223 std::unique_ptr<UninstallParam> uninstallParam(data.ReadParcelable<UninstallParam>());
224 if (uninstallParam == nullptr) {
225 APP_LOGE("ReadParcelable<UninstallParam failed");
226 return;
227 }
228 sptr<IRemoteObject> object = data.ReadRemoteObject();
229 if (object == nullptr) {
230 APP_LOGE("read failed");
231 return;
232 }
233 sptr<IStatusReceiver> statusReceiver = iface_cast<IStatusReceiver>(object);
234 Uninstall(*uninstallParam, statusReceiver);
235 }
236
HandleInstallSandboxApp(MessageParcel & data,MessageParcel & reply)237 void BundleInstallerHost::HandleInstallSandboxApp(MessageParcel &data, MessageParcel &reply)
238 {
239 APP_LOGD("handle install sandbox app message");
240 std::string bundleName = Str16ToStr8(data.ReadString16());
241 int32_t dplType = data.ReadInt32();
242 int32_t userId = data.ReadInt32();
243 int32_t appIndex = Constants::INITIAL_APP_INDEX;
244 auto ret = InstallSandboxApp(bundleName, dplType, userId, appIndex);
245 if (!reply.WriteInt32(ret)) {
246 APP_LOGE("write failed");
247 }
248 if (ret == ERR_OK && !reply.WriteInt32(appIndex)) {
249 APP_LOGE("write failed");
250 }
251 APP_LOGD("handle install sandbox app message finished");
252 }
253
HandleUninstallSandboxApp(MessageParcel & data,MessageParcel & reply)254 void BundleInstallerHost::HandleUninstallSandboxApp(MessageParcel &data, MessageParcel &reply)
255 {
256 APP_LOGD("handle install sandbox app message");
257 std::string bundleName = Str16ToStr8(data.ReadString16());
258 int32_t appIndex = data.ReadInt32();
259 int32_t userId = data.ReadInt32();
260 auto ret = UninstallSandboxApp(bundleName, appIndex, userId);
261 if (!reply.WriteInt32(ret)) {
262 APP_LOGE("write failed");
263 }
264 APP_LOGD("handle install sandbox app message finished");
265 }
266
HandleCreateStreamInstaller(MessageParcel & data,MessageParcel & reply)267 void BundleInstallerHost::HandleCreateStreamInstaller(MessageParcel &data, MessageParcel &reply)
268 {
269 APP_LOGD("handle create stream installer message begin");
270 std::unique_ptr<InstallParam> installParam(data.ReadParcelable<InstallParam>());
271 if (installParam == nullptr) {
272 APP_LOGE("ReadParcelable<InstallParam> failed");
273 return;
274 }
275 sptr<IRemoteObject> object = data.ReadRemoteObject();
276 if (object == nullptr) {
277 reply.WriteBool(false);
278 APP_LOGE("read receiver failed");
279 return;
280 }
281 sptr<IStatusReceiver> statusReceiver = iface_cast<IStatusReceiver>(object);
282 if (statusReceiver == nullptr) {
283 reply.WriteBool(false);
284 APP_LOGE("cast remote object to status receiver error");
285 return;
286 }
287
288 sptr<IBundleStreamInstaller> streamInstaller = CreateStreamInstaller(*installParam, statusReceiver);
289 if (streamInstaller == nullptr) {
290 if (!reply.WriteBool(false)) {
291 APP_LOGE("write result failed");
292 }
293 return;
294 }
295 if (!reply.WriteBool(true)) {
296 APP_LOGE("write result failed");
297 return;
298 }
299 if (!reply.WriteUint32(streamInstaller->GetInstallerId())) {
300 APP_LOGE("write stream installe id failed");
301 return;
302 }
303 if (!reply.WriteRemoteObject(streamInstaller->AsObject())) {
304 APP_LOGE("write stream installer remote object failed");
305 return;
306 }
307
308 std::lock_guard<std::mutex> lock(streamInstallMutex_);
309 streamInstallers_.emplace_back(streamInstaller);
310 APP_LOGD("handle create stream installer message finish");
311 }
312
HandleDestoryBundleStreamInstaller(MessageParcel & data,MessageParcel & reply)313 void BundleInstallerHost::HandleDestoryBundleStreamInstaller(MessageParcel &data, MessageParcel &reply)
314 {
315 APP_LOGD("handle destory stream installer message begin");
316 uint32_t installeId = data.ReadUint32();
317 DestoryBundleStreamInstaller(installeId);
318 APP_LOGD("handle destoy stream installer message finish");
319 }
320
321
Install(const std::string & bundleFilePath,const InstallParam & installParam,const sptr<IStatusReceiver> & statusReceiver)322 bool BundleInstallerHost::Install(
323 const std::string &bundleFilePath, const InstallParam &installParam, const sptr<IStatusReceiver> &statusReceiver)
324 {
325 if (!CheckBundleInstallerManager(statusReceiver)) {
326 APP_LOGE("statusReceiver invalid");
327 return false;
328 }
329 if (!BundlePermissionMgr::IsSystemApp() &&
330 !BundlePermissionMgr::VerifyCallingBundleSdkVersion(Constants::API_VERSION_NINE)) {
331 APP_LOGE("non-system app calling system api");
332 statusReceiver->OnFinished(ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED, "");
333 return false;
334 }
335 if (!BundlePermissionMgr::IsSelfCalling() &&
336 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_BUNDLE) &&
337 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_BUNDLE) &&
338 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) &&
339 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE)) {
340 APP_LOGE("install permission denied");
341 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
342 return false;
343 }
344
345 manager_->CreateInstallTask(bundleFilePath, installParam, statusReceiver);
346 return true;
347 }
348
Install(const std::vector<std::string> & bundleFilePaths,const InstallParam & installParam,const sptr<IStatusReceiver> & statusReceiver)349 bool BundleInstallerHost::Install(const std::vector<std::string> &bundleFilePaths, const InstallParam &installParam,
350 const sptr<IStatusReceiver> &statusReceiver)
351 {
352 if (!CheckBundleInstallerManager(statusReceiver)) {
353 APP_LOGE("statusReceiver invalid");
354 return false;
355 }
356 if (!BundlePermissionMgr::IsSystemApp() &&
357 !BundlePermissionMgr::VerifyCallingBundleSdkVersion(Constants::API_VERSION_NINE)) {
358 APP_LOGE("non-system app calling system api");
359 statusReceiver->OnFinished(ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED, "");
360 return false;
361 }
362 if (!BundlePermissionMgr::IsSelfCalling() &&
363 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_BUNDLE) &&
364 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_BUNDLE) &&
365 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) &&
366 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE)) {
367 APP_LOGE("install permission denied");
368 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
369 return false;
370 }
371
372 manager_->CreateInstallTask(bundleFilePaths, installParam, statusReceiver);
373 return true;
374 }
375
Recover(const std::string & bundleName,const InstallParam & installParam,const sptr<IStatusReceiver> & statusReceiver)376 bool BundleInstallerHost::Recover(
377 const std::string &bundleName, const InstallParam &installParam, const sptr<IStatusReceiver> &statusReceiver)
378 {
379 if (!CheckBundleInstallerManager(statusReceiver)) {
380 APP_LOGE("statusReceiver invalid");
381 return false;
382 }
383 if (!BundlePermissionMgr::IsSystemApp() &&
384 !BundlePermissionMgr::VerifyCallingBundleSdkVersion(Constants::API_VERSION_NINE)) {
385 APP_LOGE("non-system app calling system api");
386 statusReceiver->OnFinished(ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED, "");
387 return false;
388 }
389 if (!BundlePermissionMgr::VerifyRecoverPermission()) {
390 APP_LOGE("Recover permission denied");
391 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
392 return false;
393 }
394 manager_->CreateRecoverTask(bundleName, CheckInstallParam(installParam), statusReceiver);
395 return true;
396 }
397
Uninstall(const std::string & bundleName,const InstallParam & installParam,const sptr<IStatusReceiver> & statusReceiver)398 bool BundleInstallerHost::Uninstall(
399 const std::string &bundleName, const InstallParam &installParam, const sptr<IStatusReceiver> &statusReceiver)
400 {
401 if (!CheckBundleInstallerManager(statusReceiver)) {
402 APP_LOGE("statusReceiver invalid");
403 return false;
404 }
405 if (!BundlePermissionMgr::IsSystemApp() &&
406 !BundlePermissionMgr::VerifyCallingBundleSdkVersion(Constants::API_VERSION_NINE)) {
407 APP_LOGE("non-system app calling system api");
408 statusReceiver->OnFinished(ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED, "");
409 return false;
410 }
411 if (!BundlePermissionMgr::VerifyUninstallPermission()) {
412 APP_LOGE("uninstall permission denied");
413 statusReceiver->OnFinished(ERR_APPEXECFWK_UNINSTALL_PERMISSION_DENIED, "");
414 return false;
415 }
416 manager_->CreateUninstallTask(bundleName, CheckInstallParam(installParam), statusReceiver);
417 return true;
418 }
419
Uninstall(const std::string & bundleName,const std::string & modulePackage,const InstallParam & installParam,const sptr<IStatusReceiver> & statusReceiver)420 bool BundleInstallerHost::Uninstall(const std::string &bundleName, const std::string &modulePackage,
421 const InstallParam &installParam, const sptr<IStatusReceiver> &statusReceiver)
422 {
423 if (!CheckBundleInstallerManager(statusReceiver)) {
424 APP_LOGE("statusReceiver invalid");
425 return false;
426 }
427 if (!BundlePermissionMgr::IsSystemApp() &&
428 !BundlePermissionMgr::VerifyCallingBundleSdkVersion(Constants::API_VERSION_NINE)) {
429 APP_LOGE("non-system app calling system api");
430 statusReceiver->OnFinished(ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED, "");
431 return false;
432 }
433 if (!BundlePermissionMgr::VerifyUninstallPermission()) {
434 APP_LOGE("uninstall permission denied");
435 statusReceiver->OnFinished(ERR_APPEXECFWK_UNINSTALL_PERMISSION_DENIED, "");
436 return false;
437 }
438 manager_->CreateUninstallTask(
439 bundleName, modulePackage, CheckInstallParam(installParam), statusReceiver);
440 return true;
441 }
442
Uninstall(const UninstallParam & uninstallParam,const sptr<IStatusReceiver> & statusReceiver)443 bool BundleInstallerHost::Uninstall(const UninstallParam &uninstallParam,
444 const sptr<IStatusReceiver> &statusReceiver)
445 {
446 if (!CheckBundleInstallerManager(statusReceiver)) {
447 APP_LOGE("statusReceiver invalid");
448 return false;
449 }
450 if (!BundlePermissionMgr::IsSystemApp()) {
451 APP_LOGE("non-system app calling system api");
452 statusReceiver->OnFinished(ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED, "");
453 return false;
454 }
455 if (!BundlePermissionMgr::VerifyUninstallPermission()) {
456 APP_LOGE("uninstall permission denied");
457 statusReceiver->OnFinished(ERR_APPEXECFWK_UNINSTALL_PERMISSION_DENIED, "");
458 return false;
459 }
460 manager_->CreateUninstallTask(uninstallParam, statusReceiver);
461 return true;
462 }
463
InstallByBundleName(const std::string & bundleName,const InstallParam & installParam,const sptr<IStatusReceiver> & statusReceiver)464 bool BundleInstallerHost::InstallByBundleName(const std::string &bundleName,
465 const InstallParam &installParam, const sptr<IStatusReceiver> &statusReceiver)
466 {
467 if (!CheckBundleInstallerManager(statusReceiver)) {
468 APP_LOGE("statusReceiver invalid");
469 return false;
470 }
471 if (!BundlePermissionMgr::IsSystemApp() &&
472 !BundlePermissionMgr::VerifyCallingBundleSdkVersion(Constants::API_VERSION_NINE)) {
473 APP_LOGE("non-system app calling system api");
474 statusReceiver->OnFinished(ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED, "");
475 return false;
476 }
477 if (!BundlePermissionMgr::IsSelfCalling() &&
478 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_BUNDLE) &&
479 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_BUNDLE) &&
480 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) &&
481 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE)) {
482 APP_LOGE("install permission denied");
483 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
484 return false;
485 }
486
487 manager_->CreateInstallByBundleNameTask(bundleName, CheckInstallParam(installParam), statusReceiver);
488 return true;
489 }
490
InstallSandboxApp(const std::string & bundleName,int32_t dplType,int32_t userId,int32_t & appIndex)491 ErrCode BundleInstallerHost::InstallSandboxApp(const std::string &bundleName, int32_t dplType, int32_t userId,
492 int32_t &appIndex)
493 {
494 if (bundleName.empty() || dplType <= LOWER_DLP_TYPE_BOUND || dplType >= UPPER_DLP_TYPE_BOUND) {
495 APP_LOGE("install sandbox failed due to error parameters");
496 return ERR_APPEXECFWK_SANDBOX_INSTALL_PARAM_ERROR;
497 }
498 if (!BundlePermissionMgr::IsSystemApp()) {
499 APP_LOGE("vnon-system app calling system api");
500 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
501 }
502 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_BUNDLE) &&
503 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_SANDBOX_BUNDLE)) {
504 APP_LOGE("InstallSandboxApp permission denied");
505 return ERR_APPEXECFWK_PERMISSION_DENIED;
506 }
507 auto helper = DelayedSingleton<BundleSandboxAppHelper>::GetInstance();
508 if (helper == nullptr) {
509 return ERR_APPEXECFWK_SANDBOX_INSTALL_INTERNAL_ERROR;
510 }
511 auto res = helper->InstallSandboxApp(bundleName, dplType, userId, appIndex);
512 if (res != ERR_OK) {
513 APP_LOGE("install sandbox failed due to error code : %{public}d", res);
514 }
515 return res;
516 }
517
UninstallSandboxApp(const std::string & bundleName,int32_t appIndex,int32_t userId)518 ErrCode BundleInstallerHost::UninstallSandboxApp(const std::string &bundleName, int32_t appIndex, int32_t userId)
519 {
520 // check bundle name
521 if (bundleName.empty()) {
522 APP_LOGE("uninstall sandbox failed due to empty bundleName");
523 return ERR_APPEXECFWK_SANDBOX_INSTALL_PARAM_ERROR;
524 }
525 // check appIndex
526 if (appIndex <= INVALID_APP_INDEX || appIndex > Constants::MAX_APP_INDEX) {
527 APP_LOGE("the appIndex %{public}d is invalid", appIndex);
528 return ERR_APPEXECFWK_SANDBOX_INSTALL_PARAM_ERROR;
529 }
530 if (!BundlePermissionMgr::IsSystemApp()) {
531 APP_LOGE("non-system app calling system api");
532 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
533 }
534 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_BUNDLE) &&
535 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_UNINSTALL_SANDBOX_BUNDLE)) {
536 APP_LOGE("UninstallSandboxApp permission denied");
537 return ERR_APPEXECFWK_PERMISSION_DENIED;
538 }
539 auto helper = DelayedSingleton<BundleSandboxAppHelper>::GetInstance();
540 if (helper == nullptr) {
541 return ERR_APPEXECFWK_SANDBOX_INSTALL_INTERNAL_ERROR;
542 }
543 auto res = helper->UninstallSandboxApp(bundleName, appIndex, userId);
544 if (res != ERR_OK) {
545 APP_LOGE("uninstall sandbox failed due to error code : %{public}d", res);
546 }
547 return res;
548 }
549
StreamInstall(const std::vector<std::string> & bundleFilePaths,const InstallParam & installParam,const sptr<IStatusReceiver> & statusReceiver)550 ErrCode BundleInstallerHost::StreamInstall(const std::vector<std::string> &bundleFilePaths,
551 const InstallParam &installParam, const sptr<IStatusReceiver> &statusReceiver)
552 {
553 return ERR_OK;
554 }
555
CreateStreamInstaller(const InstallParam & installParam,const sptr<IStatusReceiver> & statusReceiver)556 sptr<IBundleStreamInstaller> BundleInstallerHost::CreateStreamInstaller(const InstallParam &installParam,
557 const sptr<IStatusReceiver> &statusReceiver)
558 {
559 if (!CheckBundleInstallerManager(statusReceiver)) {
560 APP_LOGE("statusReceiver invalid");
561 return nullptr;
562 }
563 if (!BundlePermissionMgr::IsSystemApp()) {
564 APP_LOGE("non-system app calling system api");
565 statusReceiver->OnFinished(ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED, "");
566 return nullptr;
567 }
568 InstallParam verifiedInstallParam = installParam;
569 if (!IsPermissionVaild(installParam, verifiedInstallParam)) {
570 APP_LOGE("install permission denied");
571 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
572 return nullptr;
573 }
574 auto uid = IPCSkeleton::GetCallingUid();
575 sptr<BundleStreamInstallerHostImpl> streamInstaller(new (std::nothrow) BundleStreamInstallerHostImpl(
576 ++streamInstallerIds_, uid));
577 if (streamInstaller == nullptr) {
578 APP_LOGE("streamInstaller is nullptr, uid : %{public}d", uid);
579 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_INTERNAL_ERROR, "");
580 return nullptr;
581 }
582 bool res = streamInstaller->Init(verifiedInstallParam, statusReceiver);
583 if (!res) {
584 APP_LOGE("stream installer init failed");
585 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_INTERNAL_ERROR, "");
586 return nullptr;
587 }
588 return streamInstaller;
589 }
590
IsPermissionVaild(const InstallParam & installParam,InstallParam & verifiedInstallParam)591 bool BundleInstallerHost::IsPermissionVaild(const InstallParam &installParam, InstallParam &verifiedInstallParam)
592 {
593 verifiedInstallParam.isCallByShell = BundlePermissionMgr::IsNativeTokenType();
594 verifiedInstallParam.installBundlePermissionStatus =
595 BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_BUNDLE) ?
596 PermissionStatus::HAVE_PERMISSION_STATUS : PermissionStatus::NON_HAVE_PERMISSION_STATUS;
597 verifiedInstallParam.installEnterpriseBundlePermissionStatus =
598 BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_BUNDLE) ?
599 PermissionStatus::HAVE_PERMISSION_STATUS : PermissionStatus::NON_HAVE_PERMISSION_STATUS;
600 verifiedInstallParam.installEtpNormalBundlePermissionStatus =
601 BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) ?
602 PermissionStatus::HAVE_PERMISSION_STATUS : PermissionStatus::NON_HAVE_PERMISSION_STATUS;
603 verifiedInstallParam.installEtpMdmBundlePermissionStatus =
604 BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE) ?
605 PermissionStatus::HAVE_PERMISSION_STATUS : PermissionStatus::NON_HAVE_PERMISSION_STATUS;
606 verifiedInstallParam.installUpdateSelfBundlePermissionStatus =
607 BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_SELF_BUNDLE) ?
608 PermissionStatus::HAVE_PERMISSION_STATUS : PermissionStatus::NON_HAVE_PERMISSION_STATUS;
609 return (verifiedInstallParam.installBundlePermissionStatus == PermissionStatus::HAVE_PERMISSION_STATUS ||
610 verifiedInstallParam.installEnterpriseBundlePermissionStatus == PermissionStatus::HAVE_PERMISSION_STATUS ||
611 verifiedInstallParam.installEtpNormalBundlePermissionStatus == PermissionStatus::HAVE_PERMISSION_STATUS ||
612 verifiedInstallParam.installEtpMdmBundlePermissionStatus == PermissionStatus::HAVE_PERMISSION_STATUS ||
613 verifiedInstallParam.installUpdateSelfBundlePermissionStatus == PermissionStatus::HAVE_PERMISSION_STATUS ||
614 BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_QUICK_FIX_BUNDLE));
615 }
616
DestoryBundleStreamInstaller(uint32_t streamInstallerId)617 bool BundleInstallerHost::DestoryBundleStreamInstaller(uint32_t streamInstallerId)
618 {
619 if (!BundlePermissionMgr::IsSystemApp()) {
620 APP_LOGE("non-system app calling system api");
621 return false;
622 }
623 if (!BundlePermissionMgr::IsSelfCalling() &&
624 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_BUNDLE) &&
625 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_BUNDLE) &&
626 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) &&
627 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE) &&
628 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_QUICK_FIX_BUNDLE)) {
629 APP_LOGE("install permission denied");
630 return false;
631 }
632 std::lock_guard<std::mutex> lock(streamInstallMutex_);
633 for (auto it = streamInstallers_.begin(); it != streamInstallers_.end();) {
634 if ((*it)->GetInstallerId() == streamInstallerId) {
635 (*it)->UnInit();
636 it = streamInstallers_.erase(it);
637 } else {
638 it++;
639 }
640 }
641 return true;
642 }
643
CheckBundleInstallerManager(const sptr<IStatusReceiver> & statusReceiver) const644 bool BundleInstallerHost::CheckBundleInstallerManager(const sptr<IStatusReceiver> &statusReceiver) const
645 {
646 if (statusReceiver == nullptr) {
647 APP_LOGE("the receiver is nullptr");
648 return false;
649 }
650 if (manager_ == nullptr) {
651 APP_LOGE("the bundle installer manager is nullptr");
652 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_INTERNAL_ERROR, GET_MANAGER_FAIL);
653 return false;
654 }
655 return true;
656 }
657
CheckInstallParam(const InstallParam & installParam)658 InstallParam BundleInstallerHost::CheckInstallParam(const InstallParam &installParam)
659 {
660 if (installParam.userId == Constants::UNSPECIFIED_USERID) {
661 APP_LOGI("installParam userId is unspecified and get calling userId by callingUid");
662 InstallParam callInstallParam = installParam;
663 callInstallParam.userId = BundleUtil::GetUserIdByCallingUid();
664 return callInstallParam;
665 }
666
667 return installParam;
668 }
669
UpdateBundleForSelf(const std::vector<std::string> & bundleFilePaths,const InstallParam & installParam,const sptr<IStatusReceiver> & statusReceiver)670 bool BundleInstallerHost::UpdateBundleForSelf(const std::vector<std::string> &bundleFilePaths,
671 const InstallParam &installParam, const sptr<IStatusReceiver> &statusReceiver)
672 {
673 if (!CheckBundleInstallerManager(statusReceiver)) {
674 APP_LOGE("statusReceiver invalid");
675 return false;
676 }
677 if (!BundlePermissionMgr::IsSystemApp()) {
678 APP_LOGE("non-system app calling system api");
679 statusReceiver->OnFinished(ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED, "");
680 return false;
681 }
682 if (!BundlePermissionMgr::IsSelfCalling() &&
683 !BundlePermissionMgr::VerifyCallingPermissionForAll(Constants::PERMISSION_INSTALL_SELF_BUNDLE)) {
684 APP_LOGE("install permission denied");
685 statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, "");
686 return false;
687 }
688 manager_->CreateInstallTask(bundleFilePaths, installParam, statusReceiver);
689 return true;
690 }
691
AddTask(const ThreadPoolTask & task,const std::string & taskName)692 void BundleInstallerHost::AddTask(const ThreadPoolTask &task, const std::string &taskName)
693 {
694 manager_->AddTask(task, taskName);
695 }
696
GetThreadsNum()697 int32_t BundleInstallerHost::GetThreadsNum()
698 {
699 return manager_->GetThreadsNum();
700 }
701
GetCurTaskNum()702 size_t BundleInstallerHost::GetCurTaskNum()
703 {
704 return manager_->GetCurTaskNum();
705 }
706 } // namespace AppExecFwk
707 } // namespace OHOS