1 /* 2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef SERVICES_EDM_INCLUDE_EDM_ENTERPRISE_DEVICE_MGR_ABILITY_H 17 #define SERVICES_EDM_INCLUDE_EDM_ENTERPRISE_DEVICE_MGR_ABILITY_H 18 19 #include <chrono> 20 #include <condition_variable> 21 #include <memory> 22 #include <string> 23 24 #include "admin_manager.h" 25 #include "common_event_subscriber.h" 26 #include "enterprise_admin_proxy.h" 27 #include "enterprise_device_mgr_stub.h" 28 #include "hilog/log.h" 29 #include "plugin_manager.h" 30 #include "policy_manager.h" 31 #include "policy_struct.h" 32 #include "security_report.h" 33 #include "system_ability.h" 34 35 namespace OHOS { 36 namespace EDM { 37 class EnterpriseDeviceMgrAbility : public SystemAbility, public EnterpriseDeviceMgrStub { 38 DECLARE_SYSTEM_ABILITY(EnterpriseDeviceMgrAbility); 39 40 public: 41 EnterpriseDeviceMgrAbility(); 42 DISALLOW_COPY_AND_MOVE(EnterpriseDeviceMgrAbility); 43 ~EnterpriseDeviceMgrAbility() override; 44 static sptr<EnterpriseDeviceMgrAbility> GetInstance(); 45 46 ErrCode EnableAdmin(AppExecFwk::ElementName &admin, EntInfo &entInfo, AdminType type, int32_t userId) override; 47 ErrCode DisableAdmin(AppExecFwk::ElementName &admin, int32_t userId) override; 48 ErrCode DisableSuperAdmin(const std::string &bundleName) override; 49 ErrCode HandleDevicePolicy(uint32_t code, AppExecFwk::ElementName &admin, MessageParcel &data, MessageParcel &reply, 50 int32_t userId) override; 51 ErrCode GetDevicePolicy(uint32_t code, MessageParcel &data, MessageParcel &reply, int32_t userId) override; 52 ErrCode GetEnabledAdmin(AdminType type, std::vector<std::string> &enabledAdminList) override; 53 ErrCode GetEnterpriseInfo(AppExecFwk::ElementName &admin, MessageParcel &reply) override; 54 ErrCode SetEnterpriseInfo(AppExecFwk::ElementName &admin, EntInfo &entInfo) override; 55 ErrCode SubscribeManagedEvent(const AppExecFwk::ElementName &admin, const std::vector<uint32_t> &events) override; 56 ErrCode UnsubscribeManagedEvent(const AppExecFwk::ElementName &admin, const std::vector<uint32_t> &events) override; 57 ErrCode AuthorizeAdmin(const AppExecFwk::ElementName &admin, const std::string &bundleName) override; 58 bool IsSuperAdmin(const std::string &bundleName) override; 59 bool IsAdminEnabled(AppExecFwk::ElementName &admin, int32_t userId) override; 60 void ConnectAbilityOnSystemEvent(const std::string &bundleName, ManagedEvent event); 61 std::unordered_map<std::string, 62 std::function<void(EnterpriseDeviceMgrAbility *that, const EventFwk::CommonEventData &data)>> 63 commonEventFuncMap_; 64 std::unordered_map<int32_t, 65 std::function<void(EnterpriseDeviceMgrAbility *that, int32_t systemAbilityId, const std::string &deviceId)>> 66 addSystemAbilityFuncMap_; 67 ErrCode GetSuperAdmin(MessageParcel &reply) override; 68 69 protected: 70 void OnStart() override; 71 void OnStop() override; 72 int32_t Dump(int32_t fd, const std::vector<std::u16string> &args) override; 73 void OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override; 74 void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override; 75 76 private: 77 void AddCommonEventFuncMap(); 78 void AddOnAddSystemAbilityFuncMap(); 79 bool SubscribeAppState(); 80 bool UnsubscribeAppState(); 81 ErrCode CheckCallingUid(const std::string &bundleName); 82 ErrCode RemoveAdminItem(const std::string &adminName, const std::string &policyName, const std::string &policyValue, 83 int32_t userId); 84 ErrCode RemoveAdminAndAdminPolicy(const std::string &adminName, int32_t userId); 85 ErrCode RemoveAdmin(const std::string &adminName, int32_t userId); 86 ErrCode RemoveAdminPolicy(const std::string &adminName, int32_t userId); 87 ErrCode RemoveSubSuperAdminAndAdminPolicy(const std::string &bundleName); 88 ErrCode RemoveSuperAdminAndAdminPolicy(const std::string &bundleName); 89 ErrCode RemoveSubOrSuperAdminAndAdminPolicy(const std::string &bundleName, 90 const std::vector<int32_t> &nonDefaultUserIds); 91 ErrCode GetAllPermissionsByAdmin(const std::string &bundleInfoName, std::vector<std::string> &permissionList, 92 int32_t userId); 93 int32_t GetCurrentUserId(); 94 ErrCode HandleApplicationEvent(const std::vector<uint32_t> &events, bool subscribe); 95 ErrCode UpdateDeviceAdmin(AppExecFwk::ElementName &admin); 96 ErrCode VerifyEnableAdminCondition(AppExecFwk::ElementName &admin, AdminType type, int32_t userId, bool isDebug); 97 ErrCode VerifyManagedEvent(const AppExecFwk::ElementName &admin, const std::vector<uint32_t> &events); 98 ErrCode UpdateDevicePolicy(uint32_t code, AppExecFwk::ElementName &admin, MessageParcel &data, MessageParcel &reply, 99 int32_t userId); 100 ErrCode CheckGetPolicyPermission(MessageParcel &data, MessageParcel &reply, const std::string &getPermission, 101 const int32_t userId, AppExecFwk::ElementName &elementName); 102 #ifdef COMMON_EVENT_SERVICE_EDM_ENABLE 103 std::shared_ptr<EventFwk::CommonEventSubscriber> CreateEnterpriseDeviceEventSubscriber( 104 EnterpriseDeviceMgrAbility &listener); 105 #endif 106 void OnCommonEventUserRemoved(const EventFwk::CommonEventData &data); 107 void OnCommonEventPackageAdded(const EventFwk::CommonEventData &data); 108 void OnCommonEventPackageRemoved(const EventFwk::CommonEventData &data); 109 bool ShouldUnsubscribeAppState(const std::string &adminName, int32_t userId); 110 bool CheckManagedEvent(uint32_t event); 111 void OnAppManagerServiceStart(); 112 void OnAbilityManagerServiceStart(); 113 void OnCommonEventServiceStart(); 114 #ifdef PASTEBOARD_EDM_ENABLE 115 void OnPasteboardServiceStart(); 116 #endif 117 void OnUserAuthFrameworkStart(); 118 #ifdef USB_EDM_ENABLE 119 void OnUsbServiceStart(); 120 #endif 121 void CreateSecurityContent(const std::string &bundleName, const std::string &abilityName, 122 uint32_t code, const std::string &policyName, ErrCode errorCode); 123 void InitAllAdmins(); 124 void InitAllPlugins(); 125 void InitAllPolices(); 126 void RemoveAllDebugAdmin(); 127 void AddSystemAbilityListeners(); 128 void ConnectAbilityOnSystemUpdate(const UpdateInfo &updateInfo); 129 void OnCommonEventSystemUpdate(const EventFwk::CommonEventData &data); 130 std::shared_ptr<IEdmBundleManager> GetBundleMgr(); 131 std::shared_ptr<IEdmAppManager> GetAppMgr(); 132 std::shared_ptr<IEdmOsAccountManager> GetOsAccountMgr(); 133 ErrCode DoDisableAdmin(const std::string &bundleName, int32_t userId, AdminType adminType); 134 void UnloadPluginTask(); 135 136 static std::mutex mutexLock_; 137 static sptr<EnterpriseDeviceMgrAbility> instance_; 138 std::shared_ptr<PolicyManager> policyMgr_; 139 std::shared_ptr<AdminManager> adminMgr_; 140 std::shared_ptr<PluginManager> pluginMgr_; 141 bool registerToService_ = false; 142 std::shared_ptr<EventFwk::CommonEventSubscriber> commonEventSubscriber = nullptr; 143 sptr<AppExecFwk::IApplicationStateObserver> appStateObserver_; 144 bool pluginHasInit_ = false; 145 bool notifySignal_ = false; 146 std::chrono::system_clock::time_point lastCallTime_; 147 std::condition_variable waitSignal_; 148 std::mutex waitMutex_; 149 }; 150 #ifdef COMMON_EVENT_SERVICE_EDM_ENABLE 151 class EnterpriseDeviceEventSubscriber : public EventFwk::CommonEventSubscriber { 152 public: 153 EnterpriseDeviceEventSubscriber(const EventFwk::CommonEventSubscribeInfo &subscribeInfo, 154 EnterpriseDeviceMgrAbility &listener); 155 ~EnterpriseDeviceEventSubscriber() override = default; 156 157 void OnReceiveEvent(const EventFwk::CommonEventData &data) override; 158 159 private: 160 EnterpriseDeviceMgrAbility &listener_; 161 }; 162 #endif 163 } // namespace EDM 164 } // namespace OHOS 165 #endif // SERVICES_EDM_INCLUDE_EDM_ENTERPRISE_DEVICE_MGR_ABILITY_H 166