1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dlp_file_kits.h"
17 #include <cstdlib>
18 #include <fcntl.h>
19 #include <string>
20 #include <sys/stat.h>
21 #include <sys/types.h>
22 #include <unistd.h>
23 #include <unordered_map>
24 #include "dlp_permission_log.h"
25 #include "dlp_zip.h"
26 #include "file_uri.h"
27 #include "securec.h"
28 #include "dlp_utils.h"
29 #include "dlp_permission.h"
30
31 namespace OHOS {
32 namespace Security {
33 namespace DlpPermission {
34 namespace {
35 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_DLP_PERMISSION, "DlpFileKits"};
36 } // namespace
37 using Want = OHOS::AAFwk::Want;
38 using WantParams = OHOS::AAFwk::WantParams;
39
40 static const std::unordered_map<std::string, std::string> SUFFIX_MIMETYPE_MAP = {
41 {"txt", "text/plain"},
42 {"doc", "application/msword"},
43 {"docx", "application/vnd.openxmlformats-officedocument.wordprocessingml.document"},
44 {"dot", "application/msword"},
45 {"dotx", "application/vnd.openxmlformats-officedocument.wordprocessingml.template"},
46 {"odt", "application/vnd.oasis.opendocument.text"},
47 {"pdf", "application/pdf"},
48 {"pot", "application/vnd.ms-powerpoint"},
49 {"potx", "application/vnd.openxmlformats-officedocument.presentationml.template"},
50 {"pps", "application/vnd.ms-powerpoint"},
51 {"ppsx", "application/vnd.openxmlformats-officedocument.presentationml.slideshow"},
52 {"ppt", "application/vnd.ms-powerpoint"},
53 {"pptx", "application/vnd.openxmlformats-officedocument.presentationml.presentation"},
54 {"rtf", "text/rtf"},
55 {"xls", "application/vnd.ms-excel"},
56 {"xlsx", "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"},
57 {"xlt", "application/vnd.ms-excel"},
58 {"xltx", "application/vnd.openxmlformats-officedocument.spreadsheetml.template"},
59 {"xlam", "application/vnd.ms-excel.addin.macroEnabled.12"},
60 {"xlsb", "application/vnd.ms-excel.sheet.binary.macroEnabled.12"},
61 {"xlsm", "application/vnd.ms-excel.sheet.macroEnabled.12"},
62 {"xltm", "application/vnd.ms-excel.template.macroEnabled.12"},
63 {"xml", "text/xml"},
64 {"ppam", "application/vnd.ms-powerpoint.addin.macroEnabled.12"},
65 {"pptm", "application/vnd.ms-powerpoint.presentation.macroEnabled.12"},
66 {"ppsm", "application/vnd.ms-powerpoint.slideshow.macroEnabled.12"},
67 {"potm", "application/vnd.ms-powerpoint.template.macroEnabled.12"},
68 {"docm", "application/vnd.ms-word.document.macroEnabled.12"},
69 {"dotm", "application/vnd.ms-word.template.macroEnabled.12"},
70 {"odp", "application/vnd.oasis.opendocument.presentation"},
71 };
72
IsDlpFileName(const std::string & dlpFileName)73 static bool IsDlpFileName(const std::string& dlpFileName)
74 {
75 uint32_t dlpSuffixLen = DLP_FILE_SUFFIX.size();
76 uint32_t fileNameLen = dlpFileName.size();
77 if (fileNameLen <= dlpSuffixLen) {
78 return false;
79 }
80
81 if (dlpFileName.substr(fileNameLen - dlpSuffixLen, dlpSuffixLen) != DLP_FILE_SUFFIX) {
82 return false;
83 }
84 return true;
85 }
86
GetMimeTypeBySuffix(const std::string & suffix)87 static std::string GetMimeTypeBySuffix(const std::string& suffix)
88 {
89 auto iter = SUFFIX_MIMETYPE_MAP.find(suffix);
90 if (iter != SUFFIX_MIMETYPE_MAP.end()) {
91 return iter->second;
92 }
93 return DEFAULT_STRING;
94 }
95
IsValidDlpHeader(const struct DlpHeader & head)96 static bool IsValidDlpHeader(const struct DlpHeader& head)
97 {
98 if (head.magic != DLP_FILE_MAGIC || head.certSize == 0 || head.certSize > DLP_MAX_CERT_SIZE ||
99 head.contactAccountSize == 0 || head.contactAccountSize > DLP_MAX_CERT_SIZE ||
100 head.certOffset != sizeof(struct DlpHeader)) {
101 DLP_LOG_ERROR(LABEL, "Parse dlp file header error. certSize=%{public}u, contactAccountSize=%{public}u",
102 head.certSize, head.contactAccountSize);
103 return false;
104 }
105 if (head.contactAccountOffset != (sizeof(struct DlpHeader) + head.certSize) ||
106 head.txtOffset != (sizeof(struct DlpHeader) + head.certSize + head.contactAccountSize + head.offlineCertSize) ||
107 head.txtSize > DLP_MAX_CONTENT_SIZE || head.offlineCertSize > DLP_MAX_CERT_SIZE) {
108 DLP_LOG_ERROR(LABEL, "Parse dlp file header error.");
109 return false;
110 }
111 return true;
112 }
113
IsDlpFile(int32_t dlpFd)114 bool DlpFileKits::IsDlpFile(int32_t dlpFd)
115 {
116 if (dlpFd < 0) {
117 DLP_LOG_ERROR(LABEL, "dlp file fd is invalid");
118 return false;
119 }
120
121 if (IsZipFile(dlpFd)) {
122 return CheckUnzipFileInfo(dlpFd);
123 }
124
125 off_t curPos = lseek(dlpFd, 0, SEEK_CUR);
126 if (curPos < 0) {
127 DLP_LOG_ERROR(LABEL, "seek dlp file current failed, %{public}s", strerror(errno));
128 return false;
129 }
130
131 if (lseek(dlpFd, 0, SEEK_SET) == static_cast<off_t>(-1)) {
132 DLP_LOG_ERROR(LABEL, "seek dlp file start failed, %{public}s", strerror(errno));
133 return false;
134 }
135 struct DlpHeader head;
136 if (read(dlpFd, &head, sizeof(struct DlpHeader)) != sizeof(struct DlpHeader)) {
137 DLP_LOG_ERROR(LABEL, "can not read dlp file head, %{public}s", strerror(errno));
138 return false;
139 }
140
141 if (lseek(dlpFd, curPos, SEEK_SET) < 0) {
142 DLP_LOG_ERROR(LABEL, "seek dlp file back failed, %{public}s", strerror(errno));
143 return false;
144 }
145
146 return IsValidDlpHeader(head);
147 }
148
GetSandboxFlag(Want & want)149 bool DlpFileKits::GetSandboxFlag(Want& want)
150 {
151 std::string action = want.GetAction();
152 if (action != TAG_ACTION_VIEW && action != TAG_ACTION_EDIT) {
153 DLP_LOG_DEBUG(LABEL, "Action %{public}s is not dlp scene", action.c_str());
154 return false;
155 }
156
157 std::string uri = want.GetUriString();
158 AppFileService::ModuleFileUri::FileUri fileUri(uri);
159 std::string fileName = fileUri.GetName();
160 if (fileName.empty() || !IsDlpFileName(fileName)) {
161 DLP_LOG_DEBUG(LABEL, "File name is not exist or not dlp, name=%{private}s", fileName.c_str());
162 return false;
163 }
164 std::string path = fileUri.GetRealPath();
165 int fd = open(path.c_str(), O_RDONLY);
166 if (fd == -1) {
167 DLP_LOG_ERROR(LABEL, "open file error, uri=%{private}s path=%{private}s error=%{public}d", uri.c_str(),
168 path.c_str(), errno);
169 return false;
170 }
171 if (!IsDlpFile(fd)) {
172 DLP_LOG_WARN(LABEL, "Fd %{public}d is not dlp file", fd);
173 close(fd);
174 return false;
175 }
176 close(fd);
177 fd = -1;
178 std::string realSuffix = DlpUtils::GetDlpFileRealSuffix(fileName);
179 if (realSuffix != DEFAULT_STRING) {
180 DLP_LOG_DEBUG(LABEL, "Real suffix is %{public}s", realSuffix.c_str());
181 std::string realType = GetMimeTypeBySuffix(realSuffix);
182 if (realType != DEFAULT_STRING) {
183 want.SetType(realType);
184 } else {
185 DLP_LOG_INFO(LABEL, "Real suffix %{public}s not match known type, using origin type %{public}s",
186 realSuffix.c_str(), want.GetType().c_str());
187 }
188 }
189 DLP_LOG_INFO(LABEL, "Sanbox flag is true");
190 return true;
191 }
192
ConvertAbilityInfoWithBundleName(const std::string & abilityName,const std::string & bundleName,std::vector<AppExecFwk::AbilityInfo> & abilityInfos)193 static int32_t ConvertAbilityInfoWithBundleName(const std::string &abilityName, const std::string &bundleName,
194 std::vector<AppExecFwk::AbilityInfo> &abilityInfos)
195 {
196 Want want;
197 AppExecFwk::ElementName name;
198 name.SetAbilityName(abilityName);
199 name.SetBundleName(bundleName);
200 want.SetElement(name);
201
202 int32_t flags = static_cast<int32_t>(AppExecFwk::GetAbilityInfoFlag::GET_ABILITY_INFO_DEFAULT);
203 int32_t userId = 0;
204 int32_t ret = AccountSA::OsAccountManager::GetForegroundOsAccountLocalId(userId);
205 if (ret != ERR_OK) {
206 DLP_LOG_ERROR(LABEL, "Get os account localId error, %{public}d", ret);
207 return DLP_PARSE_ERROR_GET_ACCOUNT_FAIL;
208 }
209
210 auto bundleMgrProxy = DlpUtils::GetBundleMgrProxy();
211 if (bundleMgrProxy == nullptr) {
212 return DLP_SERVICE_ERROR_IPC_REQUEST_FAIL;
213 }
214 ret = bundleMgrProxy->QueryAbilityInfosV9(want, flags, userId, abilityInfos);
215 if (ret != ERR_OK) {
216 DLP_LOG_ERROR(LABEL, "Get ability info error, %{public}d", ret);
217 return DLP_PARSE_ERROR_BMS_ERROR;
218 }
219 return DLP_OK;
220 }
221
IsSupportDlp(const std::vector<std::string> & whitelist,const std::string & bundleName,const std::string & fileType)222 static bool IsSupportDlp(const std::vector<std::string> &whitelist,
223 const std::string &bundleName, const std::string &fileType)
224 {
225 auto it = std::find(whitelist.begin(), whitelist.end(), bundleName);
226 if (it != whitelist.end()) {
227 return true;
228 }
229 return false;
230 }
231
ConvertAbilityInfoWithSupportDlp(const AAFwk::Want & want,std::vector<AppExecFwk::AbilityInfo> & abilityInfos)232 void DlpFileKits::ConvertAbilityInfoWithSupportDlp(const AAFwk::Want &want,
233 std::vector<AppExecFwk::AbilityInfo> &abilityInfos)
234 {
235 if (abilityInfos.size() == 0) {
236 DLP_LOG_INFO(LABEL, "ability size is zero.");
237 return;
238 }
239
240 std::string uri = want.GetUriString();
241 AppFileService::ModuleFileUri::FileUri fileUri(uri);
242 std::string fileName = fileUri.GetName();
243 if (fileName.empty() || !IsDlpFileName(fileName)) {
244 DLP_LOG_ERROR(LABEL, "File name is not exist or not dlp, name=%{private}s", fileName.c_str());
245 return;
246 }
247
248 std::string realSuffix = DlpUtils::GetDlpFileRealSuffix(fileName);
249 if (realSuffix == DEFAULT_STRING) {
250 return;
251 }
252 std::string fileType = DlpUtils::GetFileTypeBySuffix(realSuffix);
253 if (fileType == DEFAULT_STRING) {
254 DLP_LOG_ERROR(LABEL, "%{public}s is not support dlp.", realSuffix.c_str());
255 return;
256 }
257 std::vector<std::string> whitelist;
258 if (!DlpUtils::GetWhitelistWithType(DLP_WHITELIST, fileType, whitelist)) {
259 return;
260 }
261
262 for (auto it = abilityInfos.begin(); it != abilityInfos.end();) {
263 if (!IsSupportDlp(whitelist, it->bundleName, fileType)) {
264 abilityInfos.erase(it);
265 } else {
266 ++it;
267 }
268 }
269
270 if (abilityInfos.size() != 0) {
271 return;
272 }
273 std::vector<std::string> defalutWhitelist;
274 if (!DlpUtils::GetWhitelistWithType(DLP_WHITELIST, DLP_DEFAULT_WHITELIST, defalutWhitelist) ||
275 defalutWhitelist.size() <= 1) {
276 return;
277 }
278 int32_t ret = ConvertAbilityInfoWithBundleName(defalutWhitelist[0], defalutWhitelist[1], abilityInfos);
279 if (ret != DLP_OK) {
280 DLP_LOG_ERROR(LABEL, "Query ability info with bundleName error.");
281 }
282 }
283 } // namespace DlpPermission
284 } // namespace Security
285 } // namespace OHOS
286