• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "form_module_checker.h"
17 
18 #include <functional>
19 #include <memory>
20 #include <string>
21 #include <vector>
22 #include <fstream>
23 #include <filesystem>
24 
25 #include "fms_log_wrapper.h"
26 #include "nlohmann/json.hpp"
27 #include "config_policy_utils.h"
28 
29 const std::string FORM_MODULE_WHITE_LIST_PATH = "/etc/form_fwk_module_white_list.json";
30 const std::string KEY_MODULE_ALLOW = "moduleAllowList";
31 
32 std::vector<std::string> FormModuleChecker::modulesFromCfg_ = FormModuleChecker::GetModuleAllowList();
33 
CheckApiAllowList(const std::string & apiPath)34 bool FormModuleChecker::CheckApiAllowList(const std::string& apiPath)
35 {
36     const std::vector<std::string> allowList = {
37         "i18n.System.getSystemLanguage",
38         "i18n.System.is24HourClock",
39         "intl.Locale.*",
40         "intl.DateTimeFormat.*",
41         "effectKit.*",
42         "font.registerFont",
43         "multimedia.image.PixelMapFormat.*",
44         "multimedia.image.Size.*",
45         "multimedia.image.AlphaType.*",
46         "multimedia.image.ScaleMode.*",
47         "multimedia.image.Region.*",
48         "multimedia.image.PositionArea.*",
49         "multimedia.image.ImageInfo.*",
50         "multimedia.image.DecodingOptions.*",
51         "multimedia.image.InitializationOptions.*",
52         "multimedia.image.SourceOptions.*",
53         "multimedia.image.createImageSource",
54         "multimedia.image.PixelMap.*",
55         "multimedia.image.ImageSource.*"
56     };
57 
58     for (const auto& item : allowList) {
59         if (CheckApiWithSuffix(apiPath, item)) {
60             return true;
61         }
62     }
63 
64     return false;
65 }
66 
CheckApiWithSuffix(const std::string & apiPath,const std::string & item)67 bool FormModuleChecker::CheckApiWithSuffix(const std::string& apiPath, const std::string& item)
68 {
69     if (item.compare(0, apiPath.size(), apiPath) == 0) {
70         HILOG_DEBUG("api allowed by allowlist: '%{public}s' matches '%{public}s'", apiPath.c_str(), item.c_str());
71         return true;
72     }
73     const int32_t kSuffixLength = 2;
74     if (item.size() >= kSuffixLength && item.substr(item.size() - kSuffixLength) == ".*") {
75         const std::string path = item.substr(0, item.rfind('.'));
76         if (apiPath.compare(0, path.size(), path) == 0) {
77             HILOG_DEBUG("api allowed by allowlist: '%{public}s' matches '%{public}s'", apiPath.c_str(), item.c_str());
78             return true;
79         }
80     }
81     return false;
82 }
83 
CheckModuleLoadable(const char * moduleName,std::unique_ptr<ApiAllowListChecker> & apiAllowListChecker)84 bool FormModuleChecker::CheckModuleLoadable(const char *moduleName,
85     std::unique_ptr<ApiAllowListChecker> &apiAllowListChecker)
86 {
87     if (std::string(moduleName) == "mediaquery") {
88         HILOG_INFO("load mediaquery");
89         return true;
90     }
91     if (IsModuelAllowToLoad(moduleName)) {
92         HILOG_INFO("module has been allowed by the allowlist in form, module name = %{public}s", moduleName);
93         if (apiAllowListChecker == nullptr) {
94             apiAllowListChecker = std::make_unique<ApiAllowListChecker>([](const std::string& apiPath) {
95                 return CheckApiAllowList(apiPath);
96             });
97         }
98         return true;
99     }
100     HILOG_INFO("module can't load in form,moduleName= %{public}s", moduleName);
101     return false;
102 }
103 
IsModuelAllowToLoad(const std::string & moduleName)104 bool FormModuleChecker::IsModuelAllowToLoad(const std::string& moduleName)
105 {
106     for (const auto& item : modulesFromCfg_) {
107         if (item == moduleName) {
108             return true;
109         }
110     }
111     const std::vector<std::string> moduleAllowList = {
112         "i18n",
113         "intl",
114         "effectKit",
115         "font",
116         "multimedia.image"
117     };
118 
119     for (const auto& item : moduleAllowList) {
120         if (item == moduleName) {
121             return true;
122         }
123     }
124 
125     return false;
126 }
127 
GetModuleAllowList()128 std::vector<std::string> FormModuleChecker::GetModuleAllowList()
129 {
130     HILOG_INFO("read moduleAllowList from config file");
131     std::vector<std::string> result;
132     char buf[MAX_PATH_LEN];
133     char* path = GetOneCfgFile(FORM_MODULE_WHITE_LIST_PATH.c_str(), buf, MAX_PATH_LEN);
134     if (path == nullptr || *path == '\0') {
135         HILOG_ERROR("config file not found");
136         return result;
137     }
138     std::ifstream file(path);
139     if (!file.is_open()) {
140         HILOG_ERROR("failed to open config file");
141         return result;
142     }
143     HILOG_INFO("success to open config file");
144     nlohmann::json jsonData;
145     file >> jsonData;
146     if (jsonData.contains(KEY_MODULE_ALLOW) && jsonData[KEY_MODULE_ALLOW].is_array()) {
147         for (const auto& module : jsonData[KEY_MODULE_ALLOW]) {
148             HILOG_INFO("read moduleAllowList module: %{public}s", std::string(module).c_str());
149             result.push_back(module);
150         }
151     }
152     file.close();
153     return result;
154 }
155