1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "installd/installd_host_impl.h"
17
18 #include <cinttypes>
19 #include <cstdio>
20 #include <fstream>
21 #include <map>
22 #include <memory>
23 #include <sstream>
24 #include <string>
25 #include <sys/stat.h>
26 #include <sys/types.h>
27 #include <unistd.h>
28
29 #include "aot/aot_executor.h"
30 #include "app_log_tag_wrapper.h"
31 #include "bundle_constants.h"
32 #include "bundle_service_constants.h"
33 #if defined(CODE_SIGNATURE_ENABLE)
34 #include "byte_buffer.h"
35 #include "code_sign_utils.h"
36 #endif
37 #include "common_profile.h"
38 #ifdef CONFIG_POLOCY_ENABLE
39 #include "config_policy_utils.h"
40 #endif
41 #include "directory_ex.h"
42 #ifdef WITH_SELINUX
43 #include "hap_restorecon.h"
44 #include "selinux/selinux.h"
45 #ifndef SELINUX_HAP_DEBUGGABLE
46 #define SELINUX_HAP_DEBUGGABLE 2
47 #endif
48 #endif // WITH_SELINUX
49 #include "installd/installd_operator.h"
50 #include "installd/installd_permission_mgr.h"
51 #include "parameters.h"
52 #include "inner_bundle_clone_common.h"
53
54 namespace OHOS {
55 namespace AppExecFwk {
56 namespace {
57 const std::string ARK_CACHE_PATH = "/data/local/ark-cache/";
58 const std::string ARK_PROFILE_PATH = "/data/local/ark-profile/";
59 const std::vector<std::string> BUNDLE_DATA_DIR = {
60 "/cache",
61 "/files",
62 "/temp",
63 "/preferences",
64 "/haps"
65 };
66 const std::string CLOUD_FILE_PATH = "/data/service/el2/%/hmdfs/cloud/data/";
67 const std::string BUNDLE_BACKUP_HOME_PATH_EL2 = "/data/service/el2/%/backup/bundles/";
68 const std::string DISTRIBUTED_FILE = "/data/service/el2/%/hmdfs/account/data/";
69 const std::string SHARE_FILE_PATH = "/data/service/el2/%/share/";
70 const std::string BUNDLE_BACKUP_HOME_PATH_EL1 = "/data/service/el1/%/backup/bundles/";
71 const std::string DISTRIBUTED_FILE_NON_ACCOUNT = "/data/service/el2/%/hmdfs/non_account/data/";
72 const std::string BUNDLE_BACKUP_HOME_PATH_EL2_NEW = "/data/app/el2/%/base/";
73 const std::string BUNDLE_BACKUP_HOME_PATH_EL1_NEW = "/data/app/el1/%/base/";
74 const std::string BUNDLE_BACKUP_INNER_DIR = "/.backup";
75 constexpr const char* EXTENSION_CONFIG_DEFAULT_PATH = "/system/etc/ams_extension_config.json";
76 #ifdef CONFIG_POLOCY_ENABLE
77 constexpr const char* EXTENSION_CONFIG_FILE_PATH = "/etc/ams_extension_config.json";
78 #endif
79 constexpr const char* EXTENSION_CONFIG_NAME = "ams_extension_config";
80 constexpr const char* EXTENSION_TYPE_NAME = "extension_type_name";
81 constexpr const char* EXTENSION_SERVICE_NEED_CREATE_SANDBOX = "need_create_sandbox";
82 constexpr int32_t INSTALLS_UID = 3060;
83 enum class DirType {
84 DIR_EL1,
85 DIR_EL2,
86 };
87 #if defined(CODE_SIGNATURE_ENABLE)
88 using namespace OHOS::Security::CodeSign;
89 #endif
90 }
91
InstalldHostImpl()92 InstalldHostImpl::InstalldHostImpl()
93 {
94 LOG_I(BMS_TAG_INSTALLD, "installd service instance is created");
95 }
96
~InstalldHostImpl()97 InstalldHostImpl::~InstalldHostImpl()
98 {
99 LOG_I(BMS_TAG_INSTALLD, "installd service instance is destroyed");
100 }
101
CreateBundleDir(const std::string & bundleDir)102 ErrCode InstalldHostImpl::CreateBundleDir(const std::string &bundleDir)
103 {
104 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
105 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
106 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
107 }
108 if (bundleDir.empty()) {
109 LOG_E(BMS_TAG_INSTALLD, "Calling the function CreateBundleDir with invalid param");
110 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
111 }
112 if (InstalldOperator::IsExistDir(bundleDir)) {
113 LOG_W(BMS_TAG_INSTALLD, "bundleDir %{public}s is exist", bundleDir.c_str());
114 OHOS::ForceRemoveDirectory(bundleDir);
115 }
116 if (!InstalldOperator::MkRecursiveDir(bundleDir, true)) {
117 LOG_E(BMS_TAG_INSTALLD, "create bundle dir %{public}s failed, errno:%{public}d", bundleDir.c_str(), errno);
118 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
119 }
120 return ERR_OK;
121 }
122
ExtractModuleFiles(const std::string & srcModulePath,const std::string & targetPath,const std::string & targetSoPath,const std::string & cpuAbi)123 ErrCode InstalldHostImpl::ExtractModuleFiles(const std::string &srcModulePath, const std::string &targetPath,
124 const std::string &targetSoPath, const std::string &cpuAbi)
125 {
126 LOG_D(BMS_TAG_INSTALLD, "ExtractModuleFiles extract original src %{public}s and target src %{public}s",
127 srcModulePath.c_str(), targetPath.c_str());
128 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
129 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
130 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
131 }
132 if (srcModulePath.empty() || targetPath.empty()) {
133 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractModuleFiles with invalid param");
134 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
135 }
136 if (!InstalldOperator::MkRecursiveDir(targetPath, true)) {
137 LOG_E(BMS_TAG_INSTALLD, "create target dir %{public}s failed, errno:%{public}d", targetPath.c_str(), errno);
138 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
139 }
140 if (!InstalldOperator::ExtractFiles(srcModulePath, targetSoPath, cpuAbi)) {
141 LOG_E(BMS_TAG_INSTALLD, "extract %{public}s to %{public}s failed errno:%{public}d",
142 srcModulePath.c_str(), targetPath.c_str(), errno);
143 InstalldOperator::DeleteDir(targetPath);
144 return ERR_APPEXECFWK_INSTALL_DISK_MEM_INSUFFICIENT;
145 }
146 return ERR_OK;
147 }
148
ExtractFiles(const ExtractParam & extractParam)149 ErrCode InstalldHostImpl::ExtractFiles(const ExtractParam &extractParam)
150 {
151 LOG_D(BMS_TAG_INSTALLD, "ExtractFiles extractParam %{public}s", extractParam.ToString().c_str());
152 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
153 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
154 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
155 }
156
157 if (extractParam.srcPath.empty() || extractParam.targetPath.empty()) {
158 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractFiles with invalid param");
159 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
160 }
161
162 if (!InstalldOperator::ExtractFiles(extractParam)) {
163 LOG_E(BMS_TAG_INSTALLD, "extract failed errno:%{public}d", errno);
164 return ERR_APPEXECFWK_INSTALL_DISK_MEM_INSUFFICIENT;
165 }
166
167 return ERR_OK;
168 }
169
170
ExtractHnpFiles(const std::string & hnpPackageInfo,const ExtractParam & extractParam)171 ErrCode InstalldHostImpl::ExtractHnpFiles(const std::string &hnpPackageInfo, const ExtractParam &extractParam)
172 {
173 LOG_D(BMS_TAG_INSTALLD, "ExtractHnpFiles hnpPackageInfo %{public}s", hnpPackageInfo.c_str());
174 LOG_D(BMS_TAG_INSTALLD, "ExtractHnpFiles extractParam %{public}s", extractParam.ToString().c_str());
175 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
176 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
177 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
178 }
179
180 if (extractParam.srcPath.empty() || extractParam.targetPath.empty() || hnpPackageInfo.empty()) {
181 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractFiles with invalid param");
182 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
183 }
184
185 if (!InstalldOperator::ExtractFiles(hnpPackageInfo, extractParam)) {
186 LOG_E(BMS_TAG_INSTALLD, "extract failed errno:%{public}d", errno);
187 return ERR_APPEXECFWK_NATIVE_HNP_EXTRACT_FAILED;
188 }
189
190 return ERR_OK;
191 }
192
ProcessBundleInstallNative(const std::string & userId,const std::string & hnpRootPath,const std::string & hapPath,const std::string & cpuAbi,const std::string & packageName)193 ErrCode InstalldHostImpl::ProcessBundleInstallNative(const std::string &userId, const std::string &hnpRootPath,
194 const std::string &hapPath, const std::string &cpuAbi, const std::string &packageName)
195 {
196 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
197 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
198 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
199 }
200 if (!InstalldOperator::ProcessBundleInstallNative(userId, hnpRootPath, hapPath, cpuAbi, packageName)) {
201 return ERR_APPEXECFWK_NATIVE_INSTALL_FAILED;
202 }
203 return ERR_OK;
204 }
205
ProcessBundleUnInstallNative(const std::string & userId,const std::string & packageName)206 ErrCode InstalldHostImpl::ProcessBundleUnInstallNative(const std::string &userId, const std::string &packageName)
207 {
208 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
209 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
210 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
211 }
212 if (!InstalldOperator::ProcessBundleUnInstallNative(userId, packageName)) {
213 return ERR_APPEXECFWK_NATIVE_UNINSTALL_FAILED;
214 }
215 return ERR_OK;
216 }
217
ExecuteAOT(const AOTArgs & aotArgs,std::vector<uint8_t> & pendSignData)218 ErrCode InstalldHostImpl::ExecuteAOT(const AOTArgs &aotArgs, std::vector<uint8_t> &pendSignData)
219 {
220 LOG_D(BMS_TAG_INSTALLD, "begin to execute AOT, args : %{public}s", aotArgs.ToString().c_str());
221 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
222 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
223 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
224 }
225 ErrCode ret = ERR_OK;
226 AOTExecutor::GetInstance().ExecuteAOT(aotArgs, ret, pendSignData);
227 LOG_D(BMS_TAG_INSTALLD, "execute AOT ret : %{public}d", ret);
228 return ret;
229 }
230
PendSignAOT(const std::string & anFileName,const std::vector<uint8_t> & signData)231 ErrCode InstalldHostImpl::PendSignAOT(const std::string &anFileName, const std::vector<uint8_t> &signData)
232 {
233 LOG_D(BMS_TAG_INSTALLD, "begin to pend sign AOT, anFileName : %{public}s", anFileName.c_str());
234 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
235 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
236 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
237 }
238 ErrCode ret = AOTExecutor::GetInstance().PendSignAOT(anFileName, signData);
239 LOG_D(BMS_TAG_INSTALLD, "pend sign AOT ret : %{public}d", ret);
240 return ret;
241 }
242
StopAOT()243 ErrCode InstalldHostImpl::StopAOT()
244 {
245 LOG_I(BMS_TAG_INSTALLD, "StopAOT begin");
246 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
247 LOG_E(BMS_TAG_INSTALLD, "verify permission failed");
248 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
249 }
250 return AOTExecutor::GetInstance().StopAOT();
251 }
252
RenameModuleDir(const std::string & oldPath,const std::string & newPath)253 ErrCode InstalldHostImpl::RenameModuleDir(const std::string &oldPath, const std::string &newPath)
254 {
255 LOG_D(BMS_TAG_INSTALLD, "rename %{public}s to %{public}s", oldPath.c_str(), newPath.c_str());
256 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
257 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
258 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
259 }
260 if (oldPath.empty() || newPath.empty()) {
261 LOG_E(BMS_TAG_INSTALLD, "Calling the function RenameModuleDir with invalid param");
262 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
263 }
264 if (!InstalldOperator::RenameDir(oldPath, newPath)) {
265 LOG_D(BMS_TAG_INSTALLD, "rename module dir %{public}s to %{public}s failed errno:%{public}d",
266 oldPath.c_str(), newPath.c_str(), errno);
267 return ERR_APPEXECFWK_INSTALLD_RNAME_DIR_FAILED;
268 }
269 return ERR_OK;
270 }
271
GetBackupExtDirByType(std::string & bundleBackupDir,const std::string & bundleName,const DirType dirType)272 static void GetBackupExtDirByType(std::string &bundleBackupDir, const std::string &bundleName, const DirType dirType)
273 {
274 switch (dirType) {
275 case DirType::DIR_EL1:
276 bundleBackupDir = BUNDLE_BACKUP_HOME_PATH_EL1 + bundleName;
277 break;
278 case DirType::DIR_EL2:
279 bundleBackupDir = BUNDLE_BACKUP_HOME_PATH_EL2 + bundleName;
280 break;
281 default:
282 break;
283 }
284 }
285
GetNewBackupExtDirByType(std::string & bundleBackupDir,const std::string & bundleName,const DirType dirType)286 static void GetNewBackupExtDirByType(std::string &bundleBackupDir,
287 const std::string &bundleName, const DirType dirType)
288 {
289 switch (dirType) {
290 case DirType::DIR_EL1:
291 bundleBackupDir = BUNDLE_BACKUP_HOME_PATH_EL1_NEW + bundleName + BUNDLE_BACKUP_INNER_DIR;
292 break;
293 case DirType::DIR_EL2:
294 bundleBackupDir = BUNDLE_BACKUP_HOME_PATH_EL2_NEW + bundleName + BUNDLE_BACKUP_INNER_DIR;
295 break;
296 default:
297 break;
298 }
299 }
300
CreateBackupExtHomeDir(const std::string & bundleName,const int32_t userid,const int32_t uid,std::string & bundleBackupDir,const DirType dirType)301 static void CreateBackupExtHomeDir(const std::string &bundleName, const int32_t userid, const int32_t uid,
302 std::string &bundleBackupDir, const DirType dirType)
303 {
304 GetBackupExtDirByType(bundleBackupDir, bundleName, dirType);
305 LOG_D(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir begin, type %{public}d, path %{public}s",
306 dirType, bundleBackupDir.c_str());
307 if (bundleBackupDir.empty()) {
308 LOG_W(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir backup dir empty, type %{public}d", dirType);
309 return;
310 }
311 // Setup BackupExtensionAbility's home directory in a harmless way
312 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
313 if (!InstalldOperator::MkOwnerDir(
314 bundleBackupDir, S_IRWXU | S_IRWXG | S_ISGID, uid, ServiceConstants::BACKU_HOME_GID)) {
315 static std::once_flag logOnce;
316 std::call_once(logOnce, []() {
317 LOG_W(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir MkOwnerDir(backup's home dir) failed errno:%{public}d",
318 errno);
319 });
320 }
321 }
322
CreateNewBackupExtHomeDir(const std::string & bundleName,const int32_t userid,const int32_t uid,std::string & bundleBackupDir,const DirType dirType)323 static void CreateNewBackupExtHomeDir(const std::string &bundleName, const int32_t userid, const int32_t uid,
324 std::string &bundleBackupDir, const DirType dirType)
325 {
326 GetNewBackupExtDirByType(bundleBackupDir, bundleName, dirType);
327 LOG_D(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir begin, type %{public}d, path %{public}s",
328 dirType, bundleBackupDir.c_str());
329 if (bundleBackupDir.empty()) {
330 LOG_W(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir backup dir empty, type %{public}d", dirType);
331 return;
332 }
333 // Setup BackupExtensionAbility's home directory in a harmless way
334 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
335 if (!InstalldOperator::MkOwnerDir(
336 bundleBackupDir, S_IRWXU | S_IRWXG | S_ISGID, uid, ServiceConstants::BACKU_HOME_GID)) {
337 static std::once_flag logOnce;
338 std::call_once(logOnce, []() {
339 LOG_W(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir MkOwnerDir(backup's home dir) failed errno:%{public}d",
340 errno);
341 });
342 }
343 }
344
CreateShareDir(const std::string & bundleName,const int32_t userid,const int32_t uid,const int32_t gid)345 static void CreateShareDir(const std::string &bundleName, const int32_t userid, const int32_t uid, const int32_t gid)
346 {
347 std::string bundleShareDir = SHARE_FILE_PATH + bundleName;
348 bundleShareDir = bundleShareDir.replace(bundleShareDir.find("%"), 1, std::to_string(userid));
349 if (!InstalldOperator::MkOwnerDir(bundleShareDir, S_IRWXU | S_IRWXG | S_ISGID, uid, gid)) {
350 static std::once_flag logOnce;
351 std::call_once(logOnce, []() {
352 LOG_W(BMS_TAG_INSTALLD, "CreateShareDir MkOwnerDir(share's home dir) failed errno:%{public}d", errno);
353 });
354 }
355 }
356
CreateCloudDir(const std::string & bundleName,const int32_t userid,const int32_t uid,const int32_t gid)357 static void CreateCloudDir(const std::string &bundleName, const int32_t userid, const int32_t uid, const int32_t gid)
358 {
359 std::string bundleCloudDir = CLOUD_FILE_PATH + bundleName;
360 bundleCloudDir = bundleCloudDir.replace(bundleCloudDir.find("%"), 1, std::to_string(userid));
361 if (!InstalldOperator::MkOwnerDir(bundleCloudDir, S_IRWXU | S_IRWXG | S_ISGID, uid, gid)) {
362 static std::once_flag logOnce;
363 std::call_once(logOnce, []() {
364 LOG_W(BMS_TAG_INSTALLD, "CreateCloudDir MkOwnerDir(cloud's home dir) failed errno:%{public}d", errno);
365 });
366 }
367 }
CreateBundleDataDirWithVector(const std::vector<CreateDirParam> & createDirParams)368 ErrCode InstalldHostImpl::CreateBundleDataDirWithVector(const std::vector<CreateDirParam> &createDirParams)
369 {
370 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
371 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
372 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
373 }
374 ErrCode res = ERR_OK;
375 for (const auto &item : createDirParams) {
376 auto result = CreateBundleDataDir(item);
377 if (result != ERR_OK) {
378 LOG_E(BMS_TAG_INSTALLD, "CreateBundleDataDir failed in %{public}s, errCode is %{public}d",
379 item.bundleName.c_str(), result);
380 res = result;
381 }
382 }
383 return res;
384 }
385
CreateBundleDataDir(const CreateDirParam & createDirParam)386 ErrCode InstalldHostImpl::CreateBundleDataDir(const CreateDirParam &createDirParam)
387 {
388 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
389 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
390 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
391 }
392 if (createDirParam.bundleName.empty() || createDirParam.userId < 0 ||
393 createDirParam.uid < 0 || createDirParam.gid < 0) {
394 LOG_E(BMS_TAG_INSTALLD, "Calling the function CreateBundleDataDir with invalid param, bundleName %{public}s "
395 "userId %{public}d uid %{public}d gid %{public}d", createDirParam.bundleName.c_str(),
396 createDirParam.userId, createDirParam.uid, createDirParam.gid);
397 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
398 }
399 unsigned int hapFlags = GetHapFlags(createDirParam.isPreInstallApp, createDirParam.debug,
400 createDirParam.isDlpSandbox);
401 for (const auto &el : ServiceConstants::BUNDLE_EL) {
402 if ((createDirParam.createDirFlag == CreateDirFlag::CREATE_DIR_UNLOCKED) &&
403 (el == ServiceConstants::BUNDLE_EL[0])) {
404 continue;
405 }
406
407 std::string bundleDataDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::BASE;
408 if (access(bundleDataDir.c_str(), F_OK) != 0) {
409 LOG_W(BMS_TAG_INSTALLD, "Base directory %{public}s does not existed, bundleName:%{public}s",
410 bundleDataDir.c_str(), createDirParam.bundleName.c_str());
411 return ERR_OK;
412 }
413 // create base extension dir
414 if (CreateExtensionDir(createDirParam, bundleDataDir, S_IRWXU, createDirParam.gid) != ERR_OK) {
415 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", bundleDataDir.c_str());
416 }
417 bundleDataDir += createDirParam.bundleName;
418 if (!InstalldOperator::MkOwnerDir(bundleDataDir, S_IRWXU, createDirParam.uid, createDirParam.gid)) {
419 LOG_E(BMS_TAG_INSTALLD, "CreateBundledatadir MkOwnerDir failed errno:%{public}d", errno);
420 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
421 }
422 if (el == ServiceConstants::BUNDLE_EL[1]) {
423 for (const auto &dir : BUNDLE_DATA_DIR) {
424 if (!InstalldOperator::MkOwnerDir(bundleDataDir + dir, S_IRWXU,
425 createDirParam.uid, createDirParam.gid)) {
426 LOG_E(BMS_TAG_INSTALLD, "CreateBundledatadir MkOwnerDir el2 failed errno:%{public}d", errno);
427 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
428 }
429 }
430 std::string logParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::LOG;
431 std::string logDir = logParentDir + createDirParam.bundleName;
432 if (!InstalldOperator::MkOwnerDir(
433 logDir, S_IRWXU | S_IRWXG, createDirParam.uid, ServiceConstants::LOG_DIR_GID)) {
434 LOG_E(BMS_TAG_INSTALLD, "create log dir failed errno:%{public}d", errno);
435 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
436 }
437 // create log extension dir
438 if (CreateExtensionDir(createDirParam, logParentDir, S_IRWXU | S_IRWXG,
439 ServiceConstants::LOG_DIR_GID, true) != ERR_OK) {
440 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", logParentDir.c_str());
441 }
442 }
443 ErrCode ret = SetDirApl(bundleDataDir, createDirParam.bundleName, createDirParam.apl, hapFlags);
444 if (ret != ERR_OK) {
445 LOG_E(BMS_TAG_INSTALLD, "CreateBundleDataDir SetDirApl failed");
446 return ret;
447 }
448 std::string databaseParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::DATABASE;
449 std::string databaseDir = databaseParentDir + createDirParam.bundleName;
450 if (!InstalldOperator::MkOwnerDir(
451 databaseDir, S_IRWXU | S_IRWXG | S_ISGID, createDirParam.uid, ServiceConstants::DATABASE_DIR_GID)) {
452 LOG_E(BMS_TAG_INSTALLD, "CreateBundle databaseDir MkOwnerDir failed errno:%{public}d", errno);
453 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
454 }
455 ret = SetDirApl(databaseDir, createDirParam.bundleName, createDirParam.apl, hapFlags);
456 if (ret != ERR_OK) {
457 LOG_E(BMS_TAG_INSTALLD, "CreateBundleDataDir SetDirApl failed");
458 return ret;
459 }
460 // create database extension dir
461 if (CreateExtensionDir(createDirParam, databaseParentDir, S_IRWXU | S_IRWXG | S_ISGID,
462 ServiceConstants::DATABASE_DIR_GID) != ERR_OK) {
463 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", databaseParentDir.c_str());
464 }
465 }
466 std::string distributedfile = DISTRIBUTED_FILE;
467 distributedfile = distributedfile.replace(distributedfile.find("%"), 1, std::to_string(createDirParam.userId));
468 if (!InstalldOperator::MkOwnerDir(distributedfile + createDirParam.bundleName,
469 S_IRWXU | S_IRWXG | S_ISGID, createDirParam.uid, ServiceConstants::DFS_GID)) {
470 LOG_E(BMS_TAG_INSTALLD, "Failed to mk dir for distributedfile errno:%{public}d", errno);
471 }
472
473 distributedfile = DISTRIBUTED_FILE_NON_ACCOUNT;
474 distributedfile = distributedfile.replace(distributedfile.find("%"), 1, std::to_string(createDirParam.userId));
475 if (!InstalldOperator::MkOwnerDir(distributedfile + createDirParam.bundleName,
476 S_IRWXU | S_IRWXG | S_ISGID, createDirParam.uid, ServiceConstants::DFS_GID)) {
477 LOG_E(BMS_TAG_INSTALLD, "Failed to mk dir for non account distributedfile errno:%{public}d", errno);
478 }
479
480 std::string bundleBackupDir;
481 CreateBackupExtHomeDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, bundleBackupDir,
482 DirType::DIR_EL2);
483 ErrCode ret = SetDirApl(bundleBackupDir, createDirParam.bundleName, createDirParam.apl, hapFlags);
484 if (ret != ERR_OK) {
485 LOG_E(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir DIR_EL2 SetDirApl failed, errno is %{public}d", ret);
486 }
487
488 CreateBackupExtHomeDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, bundleBackupDir,
489 DirType::DIR_EL1);
490 ret = SetDirApl(bundleBackupDir, createDirParam.bundleName, createDirParam.apl, hapFlags);
491 if (ret != ERR_OK) {
492 LOG_E(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir DIR_EL1 SetDirApl failed, errno is %{public}d", ret);
493 }
494
495 std::string newBundleBackupDir;
496 CreateNewBackupExtHomeDir(createDirParam.bundleName,
497 createDirParam.userId, createDirParam.uid, newBundleBackupDir, DirType::DIR_EL2);
498 ret = SetDirApl(newBundleBackupDir, createDirParam.bundleName, createDirParam.apl,
499 createDirParam.isPreInstallApp, createDirParam.debug);
500 if (ret != ERR_OK) {
501 LOG_E(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir DIR_EL2 SetDirApl failed, errno is %{public}d", ret);
502 }
503 CreateNewBackupExtHomeDir(createDirParam.bundleName,
504 createDirParam.userId, createDirParam.uid, newBundleBackupDir, DirType::DIR_EL1);
505 ret = SetDirApl(newBundleBackupDir, createDirParam.bundleName, createDirParam.apl,
506 createDirParam.isPreInstallApp, createDirParam.debug);
507 if (ret != ERR_OK) {
508 LOG_E(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir DIR_EL1 SetDirApl failed, errno is %{public}d", ret);
509 }
510
511 CreateShareDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, createDirParam.gid);
512 CreateCloudDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, ServiceConstants::DFS_GID);
513 return ERR_OK;
514 }
515
CreateExtensionDir(const CreateDirParam & createDirParam,const std::string & parentDir,int32_t mode,int32_t gid,bool isLog)516 ErrCode InstalldHostImpl::CreateExtensionDir(const CreateDirParam &createDirParam, const std::string& parentDir,
517 int32_t mode, int32_t gid, bool isLog)
518 {
519 if (createDirParam.extensionDirs.empty()) {
520 return ERR_OK;
521 }
522 unsigned int hapFlags = GetHapFlags(createDirParam.isPreInstallApp, createDirParam.debug,
523 createDirParam.isDlpSandbox);
524 LOG_I(BMS_TAG_INSTALLD, "CreateExtensionDir parent dir %{public}s for bundle %{public}s",
525 parentDir.c_str(), createDirParam.bundleName.c_str());
526 for (const auto &item : createDirParam.extensionDirs) {
527 std::string extensionDir = parentDir + item;
528 LOG_I(BMS_TAG_INSTALLD, "begin to create extension dir %{public}s", extensionDir.c_str());
529 if (!InstalldOperator::MkOwnerDir(
530 extensionDir, mode, createDirParam.uid, gid)) {
531 LOG_E(BMS_TAG_INSTALLD, "CreateExtension dir %{public}s error %{public}s",
532 extensionDir.c_str(), strerror(errno));
533 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
534 }
535 if (isLog) {
536 continue;
537 }
538 auto ret = SetDirApl(extensionDir, createDirParam.bundleName, createDirParam.apl, hapFlags);
539 if (ret != ERR_OK) {
540 LOG_E(BMS_TAG_INSTALLD, "dir %{public}s SetDirApl failed", extensionDir.c_str());
541 return ret;
542 }
543 }
544 return ERR_OK;
545 }
546
RemoveBackupExtHomeDir(const std::string & bundleName,const int userid,DirType dirType)547 static ErrCode RemoveBackupExtHomeDir(const std::string &bundleName, const int userid, DirType dirType)
548 {
549 std::string bundleBackupDir;
550 GetBackupExtDirByType(bundleBackupDir, bundleName, dirType);
551 LOG_D(BMS_TAG_INSTALLD, "RemoveBackupExtHomeDir begin, type %{public}d, path %{public}s",
552 dirType, bundleBackupDir.c_str());
553 if (bundleBackupDir.empty()) {
554 LOG_W(BMS_TAG_INSTALLD, "RemoveBackupExtHomeDir backup dir empty, type %{public}d", dirType);
555 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
556 }
557 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
558 if (!InstalldOperator::DeleteDir(bundleBackupDir)) {
559 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed, errno is %{public}d", bundleBackupDir.c_str(), errno);
560 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
561 }
562 return ERR_OK;
563 }
564
RemoveNewBackupExtHomeDir(const std::string & bundleName,const int userid,DirType dirType)565 static ErrCode RemoveNewBackupExtHomeDir(const std::string &bundleName, const int userid, DirType dirType)
566 {
567 std::string bundleBackupDir;
568 GetNewBackupExtDirByType(bundleBackupDir, bundleName, dirType);
569 LOG_D(BMS_TAG_INSTALLD, "RemoveNewBackupExtHomeDir begin, type %{public}d, path %{public}s",
570 dirType, bundleBackupDir.c_str());
571 if (bundleBackupDir.empty()) {
572 LOG_W(BMS_TAG_INSTALLD, "RemoveNewBackupExtHomeDir backup dir empty, type %{public}d", dirType);
573 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
574 }
575 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
576 if (!InstalldOperator::DeleteDir(bundleBackupDir)) {
577 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed, errno is %{public}d", bundleBackupDir.c_str(), errno);
578 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
579 }
580 return ERR_OK;
581 }
582
CleanBackupExtHomeDir(const std::string & bundleName,const int userid,DirType dirType)583 static void CleanBackupExtHomeDir(const std::string &bundleName, const int userid, DirType dirType)
584 {
585 std::string bundleBackupDir;
586 GetBackupExtDirByType(bundleBackupDir, bundleName, dirType);
587 LOG_D(BMS_TAG_INSTALLD, "CleanBackupExtHomeDir begin, type %{public}d, path %{public}s",
588 dirType, bundleBackupDir.c_str());
589 if (bundleBackupDir.empty()) {
590 LOG_W(BMS_TAG_INSTALLD, "CleanBackupExtHomeDir backup dir empty, type %{public}d", dirType);
591 return;
592 }
593 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
594 if (!InstalldOperator::DeleteFiles(bundleBackupDir)) {
595 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed, errno is %{public}d", bundleBackupDir.c_str(), errno);
596 }
597 }
598
CleanNewBackupExtHomeDir(const std::string & bundleName,const int userid,DirType dirType)599 static void CleanNewBackupExtHomeDir(const std::string &bundleName, const int userid, DirType dirType)
600 {
601 std::string bundleBackupDir;
602 GetNewBackupExtDirByType(bundleBackupDir, bundleName, dirType);
603 LOG_D(BMS_TAG_INSTALLD, "CleanNewBackupExtHomeDir begin, type %{public}d, path %{public}s",
604 dirType, bundleBackupDir.c_str());
605 if (bundleBackupDir.empty()) {
606 LOG_W(BMS_TAG_INSTALLD, "CleanNewBackupExtHomeDir backup dir empty, type %{public}d", dirType);
607 return;
608 }
609 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
610 if (!InstalldOperator::DeleteFiles(bundleBackupDir)) {
611 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed, errno is %{public}d", bundleBackupDir.c_str(), errno);
612 }
613 }
614
RemoveDistributedDir(const std::string & bundleName,const int userid)615 static ErrCode RemoveDistributedDir(const std::string &bundleName, const int userid)
616 {
617 std::string distributedFile = DISTRIBUTED_FILE + bundleName;
618 distributedFile = distributedFile.replace(distributedFile.find("%"), 1, std::to_string(userid));
619 if (!InstalldOperator::DeleteDir(distributedFile)) {
620 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed, errno is %{public}d", distributedFile.c_str(), errno);
621 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
622 }
623 std::string fileNonAccount = DISTRIBUTED_FILE_NON_ACCOUNT + bundleName;
624 fileNonAccount = fileNonAccount.replace(fileNonAccount.find("%"), 1, std::to_string(userid));
625 if (!InstalldOperator::DeleteDir(fileNonAccount)) {
626 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed, errno is %{public}d", fileNonAccount.c_str(), errno);
627 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
628 }
629 return ERR_OK;
630 }
631
CleanDistributedDir(const std::string & bundleName,const int userid)632 static void CleanDistributedDir(const std::string &bundleName, const int userid)
633 {
634 std::string distributedFile = DISTRIBUTED_FILE + bundleName;
635 distributedFile = distributedFile.replace(distributedFile.find("%"), 1, std::to_string(userid));
636 if (!InstalldOperator::DeleteFiles(distributedFile)) {
637 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed, errno is %{public}d", distributedFile.c_str(), errno);
638 }
639 std::string fileNonAccount = DISTRIBUTED_FILE_NON_ACCOUNT + bundleName;
640 fileNonAccount = fileNonAccount.replace(fileNonAccount.find("%"), 1, std::to_string(userid));
641 if (!InstalldOperator::DeleteFiles(fileNonAccount)) {
642 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed, errno is %{public}d", fileNonAccount.c_str(), errno);
643 }
644 }
645
RemoveShareDir(const std::string & bundleName,const int userid)646 static ErrCode RemoveShareDir(const std::string &bundleName, const int userid)
647 {
648 std::string shareFileDir = SHARE_FILE_PATH + bundleName;
649 shareFileDir = shareFileDir.replace(shareFileDir.find("%"), 1, std::to_string(userid));
650 if (!InstalldOperator::DeleteDir(shareFileDir)) {
651 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", shareFileDir.c_str(), errno);
652 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
653 }
654 return ERR_OK;
655 }
656
CleanShareDir(const std::string & bundleName,const int userid)657 static void CleanShareDir(const std::string &bundleName, const int userid)
658 {
659 std::string shareFileDir = SHARE_FILE_PATH + bundleName;
660 shareFileDir = shareFileDir.replace(shareFileDir.find("%"), 1, std::to_string(userid));
661 if (!InstalldOperator::DeleteFiles(shareFileDir)) {
662 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", shareFileDir.c_str(), errno);
663 }
664 }
665
RemoveCloudDir(const std::string & bundleName,const int userid)666 static ErrCode RemoveCloudDir(const std::string &bundleName, const int userid)
667 {
668 std::string cloudFileDir = CLOUD_FILE_PATH + bundleName;
669 cloudFileDir = cloudFileDir.replace(cloudFileDir.find("%"), 1, std::to_string(userid));
670 if (!InstalldOperator::DeleteDir(cloudFileDir)) {
671 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", cloudFileDir.c_str(), errno);
672 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
673 }
674 return ERR_OK;
675 }
676
CleanCloudDir(const std::string & bundleName,const int userid)677 static void CleanCloudDir(const std::string &bundleName, const int userid)
678 {
679 std::string cloudFileDir = CLOUD_FILE_PATH + bundleName;
680 cloudFileDir = cloudFileDir.replace(cloudFileDir.find("%"), 1, std::to_string(userid));
681 if (!InstalldOperator::DeleteFiles(cloudFileDir)) {
682 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", cloudFileDir.c_str(), errno);
683 }
684 }
685
CleanBundleDataForEl2(const std::string & bundleName,const int userid,const int appIndex)686 static void CleanBundleDataForEl2(const std::string &bundleName, const int userid, const int appIndex)
687 {
688 std::string suffixName = bundleName;
689 if (appIndex > 0) {
690 suffixName = BundleCloneCommonHelper::GetCloneDataDir(bundleName, appIndex);
691 }
692 std::string dataDir = ServiceConstants::BUNDLE_APP_DATA_BASE_DIR + ServiceConstants::BUNDLE_EL[1] +
693 ServiceConstants::PATH_SEPARATOR + std::to_string(userid);
694 std::string databaseDir = dataDir + ServiceConstants::DATABASE + suffixName;
695 if (!InstalldOperator::DeleteFiles(databaseDir)) {
696 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", databaseDir.c_str(), errno);
697 }
698 std::string logDir = dataDir + ServiceConstants::LOG + suffixName;
699 if (!InstalldOperator::DeleteFiles(logDir)) {
700 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", logDir.c_str(), errno);
701 }
702 std::string bundleDataDir = dataDir + ServiceConstants::BASE + suffixName;
703 for (const auto &dir : BUNDLE_DATA_DIR) {
704 std::string subDir = bundleDataDir + dir;
705 if (!InstalldOperator::DeleteFiles(subDir)) {
706 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", subDir.c_str(), errno);
707 }
708 }
709 if (!InstalldOperator::DeleteFilesExceptDirs(bundleDataDir, BUNDLE_DATA_DIR)) {
710 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", bundleDataDir.c_str(), errno);
711 }
712 }
713
RemoveBundleDataDir(const std::string & bundleName,const int32_t userId,bool isAtomicService)714 ErrCode InstalldHostImpl::RemoveBundleDataDir(const std::string &bundleName, const int32_t userId,
715 bool isAtomicService)
716 {
717 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::RemoveBundleDataDir bundleName:%{public}s", bundleName.c_str());
718 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
719 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
720 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
721 }
722 if (bundleName.empty() || userId < 0) {
723 LOG_E(BMS_TAG_INSTALLD, "Calling the function CreateBundleDataDir with invalid param");
724 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
725 }
726 if (isAtomicService) {
727 LOG_I(BMS_TAG_INSTALLD, "bundleName:%{public}s is atomic service, need process", bundleName.c_str());
728 return InnerRemoveAtomicServiceBundleDataDir(bundleName, userId);
729 }
730
731 ErrCode result = InnerRemoveBundleDataDir(bundleName, userId);
732 if (result != ERR_OK) {
733 return InnerRemoveBundleDataDir(bundleName, userId);
734 }
735 return ERR_OK;
736 }
737
RemoveModuleDataDir(const std::string & ModuleDir,const int userid)738 ErrCode InstalldHostImpl::RemoveModuleDataDir(const std::string &ModuleDir, const int userid)
739 {
740 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::RemoveModuleDataDir ModuleDir:%{public}s", ModuleDir.c_str());
741 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
742 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
743 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
744 }
745 if (ModuleDir.empty() || userid < 0) {
746 LOG_E(BMS_TAG_INSTALLD, "Calling the function CreateModuleDataDir with invalid param");
747 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
748 }
749
750 for (const auto &el : ServiceConstants::BUNDLE_EL) {
751 std::string moduleDataDir = GetBundleDataDir(el, userid) + ServiceConstants::BASE + ModuleDir;
752 if (!InstalldOperator::DeleteDir(moduleDataDir)) {
753 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", moduleDataDir.c_str(), errno);
754 }
755 }
756 return ERR_OK;
757 }
758
RemoveDir(const std::string & dir)759 ErrCode InstalldHostImpl::RemoveDir(const std::string &dir)
760 {
761 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::RemoveDir:%{public}s", dir.c_str());
762 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
763 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
764 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
765 }
766 if (dir.empty()) {
767 LOG_E(BMS_TAG_INSTALLD, "Calling the function RemoveDir with invalid param");
768 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
769 }
770 if (!InstalldOperator::DeleteDir(dir)) {
771 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", dir.c_str(), errno);
772 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
773 }
774 return ERR_OK;
775 }
776
GetDiskUsage(const std::string & dir,bool isRealPath)777 int64_t InstalldHostImpl::GetDiskUsage(const std::string &dir, bool isRealPath)
778 {
779 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
780 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
781 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
782 }
783
784 return InstalldOperator::GetDiskUsage(dir, isRealPath);
785 }
786
CleanBundleDataDir(const std::string & dataDir)787 ErrCode InstalldHostImpl::CleanBundleDataDir(const std::string &dataDir)
788 {
789 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::CleanBundleDataDir start");
790 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
791 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
792 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
793 }
794 if (dataDir.empty()) {
795 LOG_E(BMS_TAG_INSTALLD, "Calling the function CleanBundleDataDir with invalid param");
796 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
797 }
798
799 if (!InstalldOperator::DeleteFiles(dataDir)) {
800 LOG_E(BMS_TAG_INSTALLD, "CleanBundleDataDir delete files failed errno:%{public}d", errno);
801 return ERR_APPEXECFWK_INSTALLD_CLEAN_DIR_FAILED;
802 }
803 return ERR_OK;
804 }
805
CleanBundleDataDirByName(const std::string & bundleName,const int userid,const int appIndex)806 ErrCode InstalldHostImpl::CleanBundleDataDirByName(const std::string &bundleName, const int userid, const int appIndex)
807 {
808 LOG_D(BMS_TAG_INSTALLD,
809 "InstalldHostImpl::CleanBundleDataDirByName bundleName:%{public}s,userid:%{public}d,appIndex:%{public}d",
810 bundleName.c_str(), userid, appIndex);
811 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
812 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
813 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
814 }
815 if (bundleName.empty() || userid < 0 || appIndex < 0 || appIndex > Constants::INITIAL_SANDBOX_APP_INDEX) {
816 LOG_E(BMS_TAG_INSTALLD, "Calling the function CleanBundleDataDirByName with invalid param");
817 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
818 }
819 std::string suffixName = bundleName;
820 std::vector<std::string> elPath(ServiceConstants::BUNDLE_EL);
821 elPath.push_back(ServiceConstants::DIR_EL5);
822 for (const auto &el : elPath) {
823 if (el == ServiceConstants::BUNDLE_EL[1]) {
824 CleanBundleDataForEl2(bundleName, userid, appIndex);
825 continue;
826 }
827 if (appIndex > 0) {
828 suffixName = BundleCloneCommonHelper::GetCloneDataDir(bundleName, appIndex);
829 }
830 std::string bundleDataDir = GetBundleDataDir(el, userid) + ServiceConstants::BASE + suffixName;
831 if (!InstalldOperator::DeleteFiles(bundleDataDir)) {
832 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", bundleDataDir.c_str(), errno);
833 }
834 std::string databaseDir = GetBundleDataDir(el, userid) + ServiceConstants::DATABASE + suffixName;
835 if (!InstalldOperator::DeleteFiles(databaseDir)) {
836 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", databaseDir.c_str(), errno);
837 }
838 }
839 CleanShareDir(bundleName, userid);
840 CleanCloudDir(bundleName, userid);
841 CleanBackupExtHomeDir(bundleName, userid, DirType::DIR_EL2);
842 CleanBackupExtHomeDir(bundleName, userid, DirType::DIR_EL1);
843 CleanNewBackupExtHomeDir(bundleName, userid, DirType::DIR_EL2);
844 CleanNewBackupExtHomeDir(bundleName, userid, DirType::DIR_EL1);
845 CleanDistributedDir(bundleName, userid);
846 return ERR_OK;
847 }
848
GetBundleDataDir(const std::string & el,const int userid) const849 std::string InstalldHostImpl::GetBundleDataDir(const std::string &el, const int userid) const
850 {
851 std::string dataDir = ServiceConstants::BUNDLE_APP_DATA_BASE_DIR +
852 el +
853 ServiceConstants::PATH_SEPARATOR +
854 std::to_string(userid);
855 return dataDir;
856 }
857
GetAppDataPath(const std::string & bundleName,const std::string & el,const int32_t userId,const int32_t appIndex)858 std::string InstalldHostImpl::GetAppDataPath(const std::string &bundleName, const std::string &el,
859 const int32_t userId, const int32_t appIndex)
860 {
861 if (appIndex == 0) {
862 return ServiceConstants::BUNDLE_APP_DATA_BASE_DIR + el + ServiceConstants::PATH_SEPARATOR +
863 std::to_string(userId) + ServiceConstants::BASE + bundleName;
864 } else {
865 std::string innerDataDir = BundleCloneCommonHelper::GetCloneDataDir(bundleName, appIndex);
866 return ServiceConstants::BUNDLE_APP_DATA_BASE_DIR + el + ServiceConstants::PATH_SEPARATOR +
867 std::to_string(userId) + ServiceConstants::BASE + innerDataDir;
868 }
869 }
870
GetAppCacheSize(const std::string & bundleName,const int32_t userId,const int32_t appIndex,const std::vector<std::string> & moduleNameList)871 int64_t InstalldHostImpl::GetAppCacheSize(const std::string &bundleName,
872 const int32_t userId, const int32_t appIndex, const std::vector<std::string> &moduleNameList)
873 {
874 std::string bundleNameDir = bundleName;
875 if (appIndex > 0) {
876 bundleNameDir = BundleCloneCommonHelper::GetCloneDataDir(bundleName, appIndex);
877 }
878 std::vector<std::string> cachePaths;
879 std::vector<std::string> elPath(ServiceConstants::BUNDLE_EL);
880 elPath.push_back(ServiceConstants::DIR_EL5);
881 for (const auto &el : elPath) {
882 cachePaths.push_back(std::string(ServiceConstants::BUNDLE_APP_DATA_BASE_DIR) + el +
883 ServiceConstants::PATH_SEPARATOR + std::to_string(userId) + ServiceConstants::BASE +
884 bundleNameDir + ServiceConstants::PATH_SEPARATOR + Constants::CACHE_DIR);
885 for (const auto &moduleName : moduleNameList) {
886 std::string moduleCachePath = std::string(ServiceConstants::BUNDLE_APP_DATA_BASE_DIR) + el +
887 ServiceConstants::PATH_SEPARATOR + std::to_string(userId) + ServiceConstants::BASE + bundleNameDir +
888 ServiceConstants::HAPS + moduleName + ServiceConstants::PATH_SEPARATOR + Constants::CACHE_DIR;
889 cachePaths.push_back(moduleCachePath);
890 LOG_D(BMS_TAG_INSTALLD, "GetBundleStats, add module cache path: %{public}s", moduleCachePath.c_str());
891 }
892 }
893 return InstalldOperator::GetDiskUsageFromPath(cachePaths);
894 }
895
GetBundleStats(const std::string & bundleName,const int32_t userId,std::vector<int64_t> & bundleStats,const int32_t uid,const int32_t appIndex,const uint32_t statFlag,const std::vector<std::string> & moduleNameList)896 ErrCode InstalldHostImpl::GetBundleStats(const std::string &bundleName, const int32_t userId,
897 std::vector<int64_t> &bundleStats, const int32_t uid, const int32_t appIndex,
898 const uint32_t statFlag, const std::vector<std::string> &moduleNameList)
899 {
900 LOG_D(BMS_TAG_INSTALLD,
901 "GetBundleStats, bundleName = %{public}s, userId = %{public}d, uid = %{public}d, appIndex = %{public}d",
902 bundleName.c_str(), userId, uid, appIndex);
903 LOG_D(BMS_TAG_INSTALLD,
904 "GetBundleStats, statFlag = %{public}d", statFlag);
905 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
906 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
907 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
908 }
909 if (bundleName.empty()) {
910 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
911 }
912 bundleStats = {0, 0, 0, 0, 0};
913 std::vector<std::string> bundlePath;
914 bundlePath.push_back(std::string(Constants::BUNDLE_CODE_DIR) + ServiceConstants::PATH_SEPARATOR + bundleName);
915 int64_t appDataSize = 0;
916 int64_t bundleDataSize = 0;
917 int64_t bundleCacheSize = 0;
918 if ((statFlag & OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_INSTALL_SIZE) !=
919 OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_INSTALL_SIZE) {
920 appDataSize = appIndex == 0 ? InstalldOperator::GetDiskUsageFromPath(bundlePath) : 0;
921 }
922 if ((statFlag & OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_DATA_SIZE) !=
923 OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_DATA_SIZE) {
924 bundleDataSize = InstalldOperator::GetDiskUsageFromQuota(uid);
925 }
926 if ((statFlag & OHOS::AppExecFwk::Constants::GET_BUNDLE_WITHOUT_CACHE_SIZE) !=
927 OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_CACHE_SIZE) {
928 bundleCacheSize = GetAppCacheSize(bundleName, userId, appIndex, moduleNameList);
929 }
930 // index 0 : bundle data size
931 bundleStats[0] = appDataSize;
932 // index 1 : local bundle data size
933 bundleStats[1] = bundleDataSize;
934 // index 4 : cache size
935 bundleStats[4] = bundleCacheSize;
936 return ERR_OK;
937 }
938
GetAllBundleStats(const int32_t userId,std::vector<int64_t> & bundleStats,const std::vector<int32_t> & uids)939 ErrCode InstalldHostImpl::GetAllBundleStats(const int32_t userId,
940 std::vector<int64_t> &bundleStats, const std::vector<int32_t> &uids)
941 {
942 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
943 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
944 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
945 }
946 if (uids.empty()) {
947 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
948 }
949 int64_t totalFileSize = InstalldOperator::GetDiskUsageFromQuota(INSTALLS_UID);
950 int64_t totalDataSize = 0;
951 for (size_t index = 0; index < uids.size(); ++index) {
952 const auto &uid = uids[index];
953 int64_t bundleDataSize = InstalldOperator::GetDiskUsageFromQuota(uid);
954 // index 1 : local bundle data size
955 totalDataSize += bundleDataSize;
956 }
957 bundleStats.push_back(totalFileSize);
958 bundleStats.push_back(totalDataSize);
959 bundleStats.push_back(0);
960 bundleStats.push_back(0);
961 bundleStats.push_back(0);
962 return ERR_OK;
963 }
964
GetHapFlags(const bool isPreInstallApp,const bool debug,const bool isDlpSandbox)965 unsigned int InstalldHostImpl::GetHapFlags(const bool isPreInstallApp, const bool debug, const bool isDlpSandbox)
966 {
967 unsigned int hapFlags = 0;
968 #ifdef WITH_SELINUX
969 hapFlags = isPreInstallApp ? SELINUX_HAP_RESTORECON_PREINSTALLED_APP : 0;
970 hapFlags |= debug ? SELINUX_HAP_DEBUGGABLE : 0;
971 hapFlags |= isDlpSandbox ? SELINUX_HAP_DLP : 0;
972 #endif
973 return hapFlags;
974 }
975
SetDirApl(const std::string & dir,const std::string & bundleName,const std::string & apl,bool isPreInstallApp,bool debug)976 ErrCode InstalldHostImpl::SetDirApl(const std::string &dir, const std::string &bundleName, const std::string &apl,
977 bool isPreInstallApp, bool debug)
978 {
979 unsigned int hapFlags = GetHapFlags(isPreInstallApp, debug, false);
980 return SetDirApl(dir, bundleName, apl, hapFlags);
981 }
982
SetDirApl(const std::string & dir,const std::string & bundleName,const std::string & apl,unsigned int hapFlags)983 ErrCode InstalldHostImpl::SetDirApl(const std::string &dir, const std::string &bundleName, const std::string &apl,
984 unsigned int hapFlags)
985 {
986 #ifdef WITH_SELINUX
987 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
988 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
989 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
990 }
991 if (dir.empty() || bundleName.empty()) {
992 LOG_E(BMS_TAG_INSTALLD, "Calling the function SetDirApl with invalid param");
993 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
994 }
995 HapFileInfo hapFileInfo;
996 hapFileInfo.pathNameOrig.push_back(dir);
997 hapFileInfo.apl = apl;
998 hapFileInfo.packageName = bundleName;
999 hapFileInfo.flags = SELINUX_HAP_RESTORECON_RECURSE;
1000 hapFileInfo.hapFlags = hapFlags;
1001 HapContext hapContext;
1002 int ret = hapContext.HapFileRestorecon(hapFileInfo);
1003 if (ret != 0) {
1004 LOG_E(BMS_TAG_INSTALLD, "HapFileRestorecon path: %{public}s failed, apl: %{public}s, errcode:%{public}d",
1005 dir.c_str(), apl.c_str(), ret);
1006 return ERR_APPEXECFWK_INSTALLD_SET_SELINUX_LABEL_FAILED;
1007 }
1008 return ret;
1009 #else
1010 return ERR_OK;
1011 #endif // WITH_SELINUX
1012 }
1013
GetBundleCachePath(const std::string & dir,std::vector<std::string> & cachePath)1014 ErrCode InstalldHostImpl::GetBundleCachePath(const std::string &dir, std::vector<std::string> &cachePath)
1015 {
1016 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::GetBundleCachePath start");
1017 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1018 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1019 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1020 }
1021 if (dir.empty()) {
1022 LOG_E(BMS_TAG_INSTALLD, "Calling the function GetBundleCachePath with invalid param");
1023 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1024 }
1025 InstalldOperator::TraverseCacheDirectory(dir, cachePath);
1026 return ERR_OK;
1027 }
1028
ScanDir(const std::string & dir,ScanMode scanMode,ResultMode resultMode,std::vector<std::string> & paths)1029 ErrCode InstalldHostImpl::ScanDir(
1030 const std::string &dir, ScanMode scanMode, ResultMode resultMode, std::vector<std::string> &paths)
1031 {
1032 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::Scan start %{public}s", dir.c_str());
1033 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1034 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1035 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1036 }
1037 if (dir.empty()) {
1038 LOG_E(BMS_TAG_INSTALLD, "Calling the function Scan with invalid param");
1039 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1040 }
1041
1042 InstalldOperator::ScanDir(dir, scanMode, resultMode, paths);
1043 return ERR_OK;
1044 }
1045
MoveFile(const std::string & oldPath,const std::string & newPath)1046 ErrCode InstalldHostImpl::MoveFile(const std::string &oldPath, const std::string &newPath)
1047 {
1048 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1049 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1050 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1051 }
1052 if (!InstalldOperator::MoveFile(oldPath, newPath)) {
1053 LOG_E(BMS_TAG_INSTALLD, "Move file %{public}s to %{public}s failed errno:%{public}d",
1054 oldPath.c_str(), newPath.c_str(), errno);
1055 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
1056 }
1057 return ERR_OK;
1058 }
1059
CopyFile(const std::string & oldPath,const std::string & newPath,const std::string & signatureFilePath)1060 ErrCode InstalldHostImpl::CopyFile(const std::string &oldPath, const std::string &newPath,
1061 const std::string &signatureFilePath)
1062 {
1063 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1064 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1065 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1066 }
1067 if (!InstalldOperator::CopyFileFast(oldPath, newPath)) {
1068 LOG_E(BMS_TAG_INSTALLD, "Copy file %{public}s to %{public}s failed errno:%{public}d",
1069 oldPath.c_str(), newPath.c_str(), errno);
1070 return ERR_APPEXECFWK_INSTALLD_COPY_FILE_FAILED;
1071 }
1072 mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
1073 if (!OHOS::ChangeModeFile(newPath, mode)) {
1074 LOG_E(BMS_TAG_INSTALLD, "change mode failed");
1075 return ERR_APPEXECFWK_INSTALLD_COPY_FILE_FAILED;
1076 }
1077
1078 if (signatureFilePath.empty()) {
1079 LOG_D(BMS_TAG_INSTALLD, "signature file path is empty and no need to process code signature");
1080 return ERR_OK;
1081 }
1082
1083 #if defined(CODE_SIGNATURE_ENABLE)
1084 Security::CodeSign::EntryMap entryMap = {{ ServiceConstants::CODE_SIGNATURE_HAP, newPath }};
1085 ErrCode ret = Security::CodeSign::CodeSignUtils::EnforceCodeSignForApp(entryMap, signatureFilePath);
1086 if (ret != ERR_OK) {
1087 LOG_E(BMS_TAG_INSTALLD, "hap or hsp code signature failed due to %{public}d", ret);
1088 return ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FAILED;
1089 }
1090 #endif
1091 return ERR_OK;
1092 }
1093
Mkdir(const std::string & dir,const int32_t mode,const int32_t uid,const int32_t gid)1094 ErrCode InstalldHostImpl::Mkdir(
1095 const std::string &dir, const int32_t mode, const int32_t uid, const int32_t gid)
1096 {
1097 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1098 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1099 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1100 }
1101 LOG_D(BMS_TAG_INSTALLD, "Mkdir start %{public}s", dir.c_str());
1102 if (dir.empty()) {
1103 LOG_E(BMS_TAG_INSTALLD, "Calling the function Mkdir with invalid param");
1104 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1105 }
1106
1107 if (!InstalldOperator::MkOwnerDir(dir, mode, uid, gid)) {
1108 LOG_E(BMS_TAG_INSTALLD, "Mkdir %{public}s failed errno:%{public}d", dir.c_str(), errno);
1109 return ERR_APPEXECFWK_INSTALLD_MKDIR_FAILED;
1110 }
1111
1112 return ERR_OK;
1113 }
1114
GetFileStat(const std::string & file,FileStat & fileStat)1115 ErrCode InstalldHostImpl::GetFileStat(const std::string &file, FileStat &fileStat)
1116 {
1117 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1118 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1119 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1120 }
1121
1122 LOG_D(BMS_TAG_INSTALLD, "GetFileStat start %{public}s", file.c_str());
1123 struct stat s;
1124 if (stat(file.c_str(), &s) != 0) {
1125 LOG_E(BMS_TAG_INSTALLD, "Stat file(%{public}s) failed", file.c_str());
1126 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1127 }
1128
1129 fileStat.uid = static_cast<int32_t>(s.st_uid);
1130 fileStat.gid = static_cast<int32_t>(s.st_gid);
1131 fileStat.lastModifyTime = static_cast<int64_t>(s.st_mtime);
1132 fileStat.isDir = s.st_mode & S_IFDIR;
1133 fileStat.mode = static_cast<int32_t>(s.st_mode);
1134 return ERR_OK;
1135 }
1136
ExtractDiffFiles(const std::string & filePath,const std::string & targetPath,const std::string & cpuAbi)1137 ErrCode InstalldHostImpl::ExtractDiffFiles(const std::string &filePath, const std::string &targetPath,
1138 const std::string &cpuAbi)
1139 {
1140 if (filePath.empty() || targetPath.empty()) {
1141 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractDiffFiles with invalid param");
1142 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1143 }
1144 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1145 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1146 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1147 }
1148 if (!InstalldOperator::ExtractDiffFiles(filePath, targetPath, cpuAbi)) {
1149 LOG_E(BMS_TAG_INSTALLD, "fail to ExtractDiffFiles errno:%{public}d", errno);
1150 return ERR_BUNDLEMANAGER_QUICK_FIX_EXTRACT_DIFF_FILES_FAILED;
1151 }
1152 return ERR_OK;
1153 }
1154
ApplyDiffPatch(const std::string & oldSoPath,const std::string & diffFilePath,const std::string & newSoPath,int32_t uid)1155 ErrCode InstalldHostImpl::ApplyDiffPatch(const std::string &oldSoPath, const std::string &diffFilePath,
1156 const std::string &newSoPath, int32_t uid)
1157 {
1158 if (oldSoPath.empty() || diffFilePath.empty() || newSoPath.empty()) {
1159 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractDiffFiles with invalid param");
1160 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1161 }
1162 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1163 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1164 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1165 }
1166 if (!InstalldOperator::ApplyDiffPatch(oldSoPath, diffFilePath, newSoPath, uid)) {
1167 LOG_E(BMS_TAG_INSTALLD, "fail to ApplyDiffPatch errno:%{public}d", errno);
1168 return ERR_BUNDLEMANAGER_QUICK_FIX_APPLY_DIFF_PATCH_FAILED;
1169 }
1170 return ERR_OK;
1171 }
1172
IsExistDir(const std::string & dir,bool & isExist)1173 ErrCode InstalldHostImpl::IsExistDir(const std::string &dir, bool &isExist)
1174 {
1175 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1176 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1177 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1178 }
1179 isExist = InstalldOperator::IsExistDir(dir);
1180 return ERR_OK;
1181 }
1182
IsExistFile(const std::string & path,bool & isExist)1183 ErrCode InstalldHostImpl::IsExistFile(const std::string &path, bool &isExist)
1184 {
1185 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1186 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1187 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1188 }
1189 isExist = InstalldOperator::IsExistFile(path);
1190 return ERR_OK;
1191 }
1192
IsExistApFile(const std::string & path,bool & isExist)1193 ErrCode InstalldHostImpl::IsExistApFile(const std::string &path, bool &isExist)
1194 {
1195 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1196 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1197 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1198 }
1199 isExist = InstalldOperator::IsExistApFile(path);
1200 return ERR_OK;
1201 }
1202
IsDirEmpty(const std::string & dir,bool & isDirEmpty)1203 ErrCode InstalldHostImpl::IsDirEmpty(const std::string &dir, bool &isDirEmpty)
1204 {
1205 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1206 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1207 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1208 }
1209 isDirEmpty = InstalldOperator::IsDirEmpty(dir);
1210 return ERR_OK;
1211 }
1212
ObtainQuickFixFileDir(const std::string & dir,std::vector<std::string> & dirVec)1213 ErrCode InstalldHostImpl::ObtainQuickFixFileDir(const std::string &dir, std::vector<std::string> &dirVec)
1214 {
1215 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1216 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1217 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1218 }
1219 InstalldOperator::ObtainQuickFixFileDir(dir, dirVec);
1220 return ERR_OK;
1221 }
1222
CopyFiles(const std::string & sourceDir,const std::string & destinationDir)1223 ErrCode InstalldHostImpl::CopyFiles(const std::string &sourceDir, const std::string &destinationDir)
1224 {
1225 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1226 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1227 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1228 }
1229
1230 InstalldOperator::CopyFiles(sourceDir, destinationDir);
1231 return ERR_OK;
1232 }
1233
GetNativeLibraryFileNames(const std::string & filePath,const std::string & cpuAbi,std::vector<std::string> & fileNames)1234 ErrCode InstalldHostImpl::GetNativeLibraryFileNames(const std::string &filePath, const std::string &cpuAbi,
1235 std::vector<std::string> &fileNames)
1236 {
1237 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1238 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1239 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1240 }
1241 if (filePath.empty()) {
1242 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractDiffFiles with invalid param");
1243 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1244 }
1245 InstalldOperator::GetNativeLibraryFileNames(filePath, cpuAbi, fileNames);
1246 return ERR_OK;
1247 }
1248
VerifyCodeSignature(const CodeSignatureParam & codeSignatureParam)1249 ErrCode InstalldHostImpl::VerifyCodeSignature(const CodeSignatureParam &codeSignatureParam)
1250 {
1251 LOG_D(BMS_TAG_INSTALLD, "start to process the code signature for so files");
1252 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1253 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1254 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1255 }
1256 LOG_D(BMS_TAG_INSTALLD, "code sign param is %{public}s", codeSignatureParam.ToString().c_str());
1257 if (codeSignatureParam.modulePath.empty()) {
1258 LOG_E(BMS_TAG_INSTALLD, "Calling the function VerifyCodeSignature with invalid param");
1259 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1260 }
1261 if (!InstalldOperator::VerifyCodeSignature(codeSignatureParam)) {
1262 LOG_E(BMS_TAG_INSTALLD, "verify code signature failed");
1263 return ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FAILED;
1264 }
1265 return ERR_OK;
1266 }
1267
CheckEncryption(const CheckEncryptionParam & checkEncryptionParam,bool & isEncryption)1268 ErrCode InstalldHostImpl::CheckEncryption(const CheckEncryptionParam &checkEncryptionParam, bool &isEncryption)
1269 {
1270 LOG_D(BMS_TAG_INSTALLD, "start to process check encryption");
1271 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1272 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1273 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1274 }
1275
1276 if (checkEncryptionParam.modulePath.empty()) {
1277 LOG_E(BMS_TAG_INSTALLD, "Calling the function CheckEncryption with invalid param");
1278 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1279 }
1280 if (!InstalldOperator::CheckEncryption(checkEncryptionParam, isEncryption)) {
1281 LOG_E(BMS_TAG_INSTALLD, "check encryption failed");
1282 return ERR_APPEXECFWK_INSTALL_CHECK_ENCRYPTION_FAILED;
1283 }
1284 return ERR_OK;
1285 }
1286
MoveFiles(const std::string & srcDir,const std::string & desDir)1287 ErrCode InstalldHostImpl::MoveFiles(const std::string &srcDir, const std::string &desDir)
1288 {
1289 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1290 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1291 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1292 }
1293
1294 if (srcDir.empty() || desDir.empty()) {
1295 LOG_E(BMS_TAG_INSTALLD, "Calling the function MoveFiles with invalid param");
1296 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1297 }
1298 if (!InstalldOperator::MoveFiles(srcDir, desDir)) {
1299 LOG_E(BMS_TAG_INSTALLD, "move files failed errno:%{public}d", errno);
1300 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
1301 }
1302 return ERR_OK;
1303 }
1304
ExtractDriverSoFiles(const std::string & srcPath,const std::unordered_multimap<std::string,std::string> & dirMap)1305 ErrCode InstalldHostImpl::ExtractDriverSoFiles(const std::string &srcPath,
1306 const std::unordered_multimap<std::string, std::string> &dirMap)
1307 {
1308 LOG_D(BMS_TAG_INSTALLD, "start to copy driver so files");
1309 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1310 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1311 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1312 }
1313 if (dirMap.empty()) {
1314 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractDriverSoFiles with invalid param");
1315 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1316 }
1317
1318 if (!InstalldOperator::ExtractDriverSoFiles(srcPath, dirMap)) {
1319 LOG_E(BMS_TAG_INSTALLD, "copy driver so files failed errno:%{public}d", errno);
1320 return ERR_APPEXECFWK_INSTALLD_COPY_FILE_FAILED;
1321 }
1322 return ERR_OK;
1323 }
1324
ExtractEncryptedSoFiles(const std::string & hapPath,const std::string & realSoFilesPath,const std::string & cpuAbi,const std::string & tmpSoPath,int32_t uid)1325 ErrCode InstalldHostImpl::ExtractEncryptedSoFiles(const std::string &hapPath, const std::string &realSoFilesPath,
1326 const std::string &cpuAbi, const std::string &tmpSoPath, int32_t uid)
1327 {
1328 LOG_D(BMS_TAG_INSTALLD, "start to obtain decoded so files");
1329 #if defined(CODE_ENCRYPTION_ENABLE)
1330 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1331 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1332 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1333 }
1334
1335 if (hapPath.empty() || tmpSoPath.empty()) {
1336 LOG_E(BMS_TAG_INSTALLD, "hapPath %{public}s or tmpSoPath %{public}s is empty",
1337 hapPath.c_str(), tmpSoPath.c_str());
1338 return ERR_BUNDLEMANAGER_QUICK_FIX_INVALID_PATH;
1339 }
1340
1341 if (!CheckPathValid(hapPath, Constants::BUNDLE_CODE_DIR) ||
1342 !CheckPathValid(realSoFilesPath, Constants::BUNDLE_CODE_DIR) ||
1343 !CheckPathValid(tmpSoPath, ServiceConstants::HAP_COPY_PATH)) {
1344 return ERR_BUNDLEMANAGER_QUICK_FIX_INVALID_PATH;
1345 }
1346 if (realSoFilesPath.empty()) {
1347 /* obtain the decoded so files from hapPath*/
1348 return InstalldOperator::ExtractSoFilesToTmpHapPath(hapPath, cpuAbi, tmpSoPath, uid);
1349 } else {
1350 /* obtain the decoded so files from realSoFilesPath*/
1351 return InstalldOperator::ExtractSoFilesToTmpSoPath(hapPath, realSoFilesPath, cpuAbi, tmpSoPath, uid);
1352 }
1353 #else
1354 LOG_D(BMS_TAG_INSTALLD, "code encryption is not supported");
1355 return ERR_BUNDLEMANAGER_QUICK_FIX_NOT_SUPPORT_CODE_ENCRYPTION;
1356 #endif
1357 }
1358
1359 #if defined(CODE_SIGNATURE_ENABLE)
PrepareEntryMap(const CodeSignatureParam & codeSignatureParam,Security::CodeSign::EntryMap & entryMap)1360 ErrCode InstalldHostImpl::PrepareEntryMap(const CodeSignatureParam &codeSignatureParam,
1361 Security::CodeSign::EntryMap &entryMap)
1362 {
1363 LOG_D(BMS_TAG_INSTALLD, "PrepareEntryMap target so path is %{public}s", codeSignatureParam.targetSoPath.c_str());
1364 if (codeSignatureParam.modulePath.empty()) {
1365 LOG_E(BMS_TAG_INSTALLD, "real path of the installed hap is empty");
1366 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1367 }
1368 if (codeSignatureParam.targetSoPath.empty()) {
1369 LOG_W(BMS_TAG_INSTALLD, "target so path is empty");
1370 return ERR_OK;
1371 }
1372 std::vector<std::string> fileNames;
1373 if (!InstalldOperator::GetNativeLibraryFileNames(
1374 codeSignatureParam.modulePath, codeSignatureParam.cpuAbi, fileNames)) {
1375 LOG_E(BMS_TAG_INSTALLD, "get native library file names failed");
1376 return ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FAILED;
1377 }
1378 const std::string prefix = ServiceConstants::LIBS + codeSignatureParam.cpuAbi + ServiceConstants::PATH_SEPARATOR;
1379 for (const auto &fileName : fileNames) {
1380 std::string entryName = prefix + fileName;
1381 std::string path = codeSignatureParam.targetSoPath;
1382 if (path.back() != ServiceConstants::FILE_SEPARATOR_CHAR) {
1383 path += ServiceConstants::FILE_SEPARATOR_CHAR;
1384 }
1385 entryMap.emplace(entryName, path + fileName);
1386 LOG_D(BMS_TAG_INSTALLD, "entryMap add soEntry %{public}s: %{public}s",
1387 entryName.c_str(), (path + fileName).c_str());
1388 }
1389 return ERR_OK;
1390 }
1391 #endif
1392
VerifyCodeSignatureForHap(const CodeSignatureParam & codeSignatureParam)1393 ErrCode InstalldHostImpl::VerifyCodeSignatureForHap(const CodeSignatureParam &codeSignatureParam)
1394 {
1395 LOG_D(BMS_TAG_INSTALLD, "code sign param is %{public}s", codeSignatureParam.ToString().c_str());
1396 #if defined(CODE_SIGNATURE_ENABLE)
1397 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1398 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1399 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1400 }
1401 ErrCode ret = ERR_OK;
1402 if (codeSignatureParam.isCompileSdkOpenHarmony && !Security::CodeSign::CodeSignUtils::IsSupportOHCodeSign()) {
1403 LOG_D(BMS_TAG_INSTALLD, "code signature is not supported");
1404 return ret;
1405 }
1406 Security::CodeSign::EntryMap entryMap;
1407 if ((ret = PrepareEntryMap(codeSignatureParam, entryMap)) != ERR_OK) {
1408 LOG_E(BMS_TAG_INSTALLD, "prepare entry map failed");
1409 return ret;
1410 }
1411 if (codeSignatureParam.signatureFileDir.empty()) {
1412 std::shared_ptr<CodeSignHelper> codeSignHelper = std::make_shared<CodeSignHelper>();
1413 Security::CodeSign::FileType fileType = codeSignatureParam.isPreInstalledBundle ?
1414 FILE_ENTRY_ONLY : FILE_ALL;
1415 if (codeSignatureParam.isEnterpriseBundle) {
1416 LOG_D(BMS_TAG_INSTALLD, "Verify code signature for enterprise bundle");
1417 ret = codeSignHelper->EnforceCodeSignForAppWithOwnerId(codeSignatureParam.appIdentifier,
1418 codeSignatureParam.modulePath, entryMap, fileType);
1419 } else {
1420 LOG_D(BMS_TAG_INSTALLD, "Verify code signature for non-enterprise bundle");
1421 ret = codeSignHelper->EnforceCodeSignForApp(codeSignatureParam.modulePath, entryMap, fileType);
1422 }
1423 LOG_I(BMS_TAG_INSTALLD, "Verify code signature %{public}s", codeSignatureParam.modulePath.c_str());
1424 } else {
1425 LOG_D(BMS_TAG_INSTALLD, "Verify code signature with: %{public}s", codeSignatureParam.signatureFileDir.c_str());
1426 ret = Security::CodeSign::CodeSignUtils::EnforceCodeSignForApp(entryMap, codeSignatureParam.signatureFileDir);
1427 }
1428 if (ret != ERR_OK) {
1429 LOG_E(BMS_TAG_INSTALLD, "hap or hsp code signature failed due to %{public}d", ret);
1430 return ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FAILED;
1431 }
1432 #else
1433 LOG_W(BMS_TAG_INSTALLD, "code signature feature is not supported");
1434 #endif
1435 return ERR_OK;
1436 }
1437
DeliverySignProfile(const std::string & bundleName,int32_t profileBlockLength,const unsigned char * profileBlock)1438 ErrCode InstalldHostImpl::DeliverySignProfile(const std::string &bundleName, int32_t profileBlockLength,
1439 const unsigned char *profileBlock)
1440 {
1441 LOG_D(BMS_TAG_INSTALLD, "start to delivery sign profile");
1442 #if defined(CODE_SIGNATURE_ENABLE)
1443 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1444 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1445 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1446 }
1447
1448 if (bundleName.empty() || profileBlock == nullptr || profileBlockLength == 0) {
1449 LOG_E(BMS_TAG_INSTALLD, "Calling the function DeliverySignProfile with invalid param");
1450 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1451 }
1452
1453 LOG_D(BMS_TAG_INSTALLD, "delivery profile of bundle %{public}s and profile size is %{public}d", bundleName.c_str(),
1454 profileBlockLength);
1455 Security::CodeSign::ByteBuffer byteBuffer;
1456 byteBuffer.CopyFrom(reinterpret_cast<const uint8_t *>(profileBlock), profileBlockLength);
1457 ErrCode ret = Security::CodeSign::CodeSignUtils::EnableKeyInProfile(bundleName, byteBuffer);
1458 if (ret != ERR_OK) {
1459 LOG_E(BMS_TAG_INSTALLD, "delivery code sign profile failed due to error %{public}d", ret);
1460 return ERR_BUNDLE_MANAGER_CODE_SIGNATURE_DELIVERY_FILE_FAILED;
1461 }
1462 #else
1463 LOG_W(BMS_TAG_INSTALLD, "code signature feature is not supported");
1464 #endif
1465 return ERR_OK;
1466 }
1467
RemoveSignProfile(const std::string & bundleName)1468 ErrCode InstalldHostImpl::RemoveSignProfile(const std::string &bundleName)
1469 {
1470 LOG_D(BMS_TAG_INSTALLD, "start to remove sign profile");
1471 #if defined(CODE_SIGNATURE_ENABLE)
1472 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1473 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1474 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1475 }
1476
1477 if (bundleName.empty()) {
1478 LOG_E(BMS_TAG_INSTALLD, "Calling the function RemoveSignProfile with invalid param");
1479 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1480 }
1481
1482 ErrCode ret = Security::CodeSign::CodeSignUtils::RemoveKeyInProfile(bundleName);
1483 if (ret != ERR_OK) {
1484 LOG_E(BMS_TAG_INSTALLD, "remove code sign profile failed due to error %{public}d", ret);
1485 return ERR_BUNDLE_MANAGER_CODE_SIGNATURE_REMOVE_FILE_FAILED;
1486 }
1487 #else
1488 LOG_W(BMS_TAG_INSTALLD, "code signature feature is not supported");
1489 #endif
1490 return ERR_OK;
1491 }
1492
CheckPathValid(const std::string & path,const std::string & prefix)1493 bool InstalldHostImpl::CheckPathValid(const std::string &path, const std::string &prefix)
1494 {
1495 if (path.empty()) {
1496 return true;
1497 }
1498 if (path.find(ServiceConstants::RELATIVE_PATH) != std::string::npos) {
1499 LOG_E(BMS_TAG_INSTALLD, "path(%{public}s) contain relevant path", path.c_str());
1500 return false;
1501 }
1502 if (path.find(prefix) == std::string::npos) {
1503 LOG_E(BMS_TAG_INSTALLD, "prefix(%{public}s) cannot be found", prefix.c_str());
1504 return false;
1505 }
1506 return true;
1507 }
1508
SetEncryptionPolicy(int32_t uid,const std::string & bundleName,const int32_t userId,std::string & keyId)1509 ErrCode InstalldHostImpl::SetEncryptionPolicy(int32_t uid, const std::string &bundleName,
1510 const int32_t userId, std::string &keyId)
1511 {
1512 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1513 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1514 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1515 }
1516 if (bundleName.empty()) {
1517 LOG_E(BMS_TAG_INSTALLD, "Calling the function SetEncryptionPolicy with invalid param");
1518 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1519 }
1520 if (!InstalldOperator::GenerateKeyIdAndSetPolicy(uid, bundleName, userId, keyId)) {
1521 LOG_E(BMS_TAG_INSTALLD, "EncryptionPaths fail");
1522 return ERR_APPEXECFWK_INSTALLD_GENERATE_KEY_FAILED;
1523 }
1524 return ERR_OK;
1525 }
1526
DeleteEncryptionKeyId(const std::string & bundleName,const int32_t userId)1527 ErrCode InstalldHostImpl::DeleteEncryptionKeyId(const std::string &bundleName, const int32_t userId)
1528 {
1529 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1530 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1531 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1532 }
1533 if (bundleName.empty()) {
1534 LOG_E(BMS_TAG_INSTALLD, "Calling the function DeleteEncryptionKeyId with invalid param");
1535 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1536 }
1537 if (!InstalldOperator::DeleteKeyId(bundleName, userId)) {
1538 LOG_E(BMS_TAG_INSTALLD, "EncryptionPaths fail");
1539 return ERR_APPEXECFWK_INSTALLD_DELETE_KEY_FAILED;
1540 }
1541 return ERR_OK;
1542 }
1543
RemoveExtensionDir(int32_t userId,const std::vector<std::string> & extensionBundleDirs)1544 ErrCode InstalldHostImpl::RemoveExtensionDir(int32_t userId, const std::vector<std::string> &extensionBundleDirs)
1545 {
1546 LOG_I(BMS_TAG_INSTALLD, "RemoveExtensionDir userId: %{public}d, extensionBundleDir size: %{public}zu",
1547 userId, extensionBundleDirs.size());
1548 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1549 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1550 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1551 }
1552 if (extensionBundleDirs.empty() || userId < 0) {
1553 LOG_E(BMS_TAG_INSTALLD, "Calling the function RemoveExtensionDir with invalid param");
1554 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1555 }
1556
1557 for (const std::string &extensionBundleDir : extensionBundleDirs) {
1558 if (extensionBundleDir.empty()) {
1559 LOG_E(BMS_TAG_INSTALLD, "RemoveExtensionDir failed for param invalid");
1560 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1561 }
1562 auto ret = RemoveExtensionDir(userId, extensionBundleDir);
1563 if (ret != ERR_OK) {
1564 LOG_E(BMS_TAG_INSTALLD, "remove dir failed: %{public}s", extensionBundleDir.c_str());
1565 return ret;
1566 }
1567 }
1568 return ERR_OK;
1569 }
1570
RemoveExtensionDir(int32_t userId,const std::string & extensionBundleDir)1571 ErrCode InstalldHostImpl::RemoveExtensionDir(int32_t userId, const std::string &extensionBundleDir)
1572 {
1573 LOG_I(BMS_TAG_INSTALLD, "begin RemoveExtensionDir dir %{public}s", extensionBundleDir.c_str());
1574 for (const auto &el : ServiceConstants::BUNDLE_EL) {
1575 const std::string bundleDataDir = GetBundleDataDir(el, userId);
1576 std::string baseDir = bundleDataDir + ServiceConstants::BASE + extensionBundleDir;
1577 if (!InstalldOperator::DeleteDir(baseDir)) {
1578 LOG_E(BMS_TAG_INSTALLD, "remove base dir %{public}s failed errno:%{public}d", baseDir.c_str(), errno);
1579 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1580 }
1581
1582 std::string databaseDir = bundleDataDir + ServiceConstants::DATABASE + extensionBundleDir;
1583 if (!InstalldOperator::DeleteDir(databaseDir)) {
1584 LOG_E(BMS_TAG_INSTALLD, "remove database dir %{public}s failed errno:%{public}d",
1585 databaseDir.c_str(), errno);
1586 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1587 }
1588
1589 if (el == ServiceConstants::BUNDLE_EL[1]) {
1590 std::string logDir = bundleDataDir + ServiceConstants::LOG + extensionBundleDir;
1591 if (!InstalldOperator::DeleteDir(logDir)) {
1592 LOG_E(BMS_TAG_INSTALLD, "remove log dir %{public}s failed errno:%{public}d", logDir.c_str(), errno);
1593 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1594 }
1595 }
1596 }
1597 return ERR_OK;
1598 }
1599
IsExistExtensionDir(int32_t userId,const std::string & extensionBundleDir,bool & isExist)1600 ErrCode InstalldHostImpl::IsExistExtensionDir(int32_t userId, const std::string &extensionBundleDir, bool &isExist)
1601 {
1602 LOG_I(BMS_TAG_INSTALLD, "IsExistExtensionDir called, userId %{public}d dir %{public}s",
1603 userId, extensionBundleDir.c_str());
1604 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1605 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1606 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1607 }
1608 for (const auto &el : ServiceConstants::BUNDLE_EL) {
1609 const std::string bundleDataDir = GetBundleDataDir(el, userId);
1610 std::string baseDir = bundleDataDir + ServiceConstants::BASE + extensionBundleDir;
1611 if (!InstalldOperator::IsExistDir(baseDir)) {
1612 LOG_I(BMS_TAG_INSTALLD, "dir %{public}s is not existed", baseDir.c_str());
1613 isExist = false;
1614 return ERR_OK;
1615 }
1616
1617 std::string databaseDir = bundleDataDir + ServiceConstants::DATABASE + extensionBundleDir;
1618 if (!InstalldOperator::IsExistDir(databaseDir)) {
1619 LOG_I(BMS_TAG_INSTALLD, "dir %{public}s is not existed", databaseDir.c_str());
1620 isExist = false;
1621 return ERR_OK;
1622 }
1623
1624 if (el == ServiceConstants::BUNDLE_EL[1]) {
1625 std::string logDir = bundleDataDir + ServiceConstants::LOG + extensionBundleDir;
1626 if (!InstalldOperator::IsExistDir(logDir)) {
1627 LOG_I(BMS_TAG_INSTALLD, "dir %{public}s is not existed", logDir.c_str());
1628 isExist = false;
1629 return ERR_OK;
1630 }
1631 }
1632 }
1633 isExist = true;
1634 return ERR_OK;
1635 }
1636
CreateExtensionDataDir(const CreateDirParam & createDirParam)1637 ErrCode InstalldHostImpl::CreateExtensionDataDir(const CreateDirParam &createDirParam)
1638 {
1639 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1640 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1641 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1642 }
1643 if (createDirParam.bundleName.empty() || createDirParam.userId < 0 ||
1644 createDirParam.uid < 0 || createDirParam.gid < 0 || createDirParam.extensionDirs.empty()) {
1645 LOG_E(BMS_TAG_INSTALLD, "Calling the function CreateExtensionDataDir with invalid param");
1646 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1647 }
1648 LOG_I(BMS_TAG_INSTALLD, "begin to create extension dir for bundle %{public}s, which has %{public}zu extension dir",
1649 createDirParam.bundleName.c_str(), createDirParam.extensionDirs.size());
1650 for (const auto &el : ServiceConstants::BUNDLE_EL) {
1651 if ((createDirParam.createDirFlag == CreateDirFlag::CREATE_DIR_UNLOCKED) &&
1652 (el == ServiceConstants::BUNDLE_EL[0])) {
1653 continue;
1654 }
1655
1656 std::string bundleDataDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::BASE;
1657 if (access(bundleDataDir.c_str(), F_OK) != 0) {
1658 LOG_W(BMS_TAG_INSTALLD, "Base directory %{public}s does not existed, bundleName:%{public}s",
1659 bundleDataDir.c_str(), createDirParam.bundleName.c_str());
1660 return ERR_OK;
1661 }
1662 if (CreateExtensionDir(createDirParam, bundleDataDir, S_IRWXU, createDirParam.gid) != ERR_OK) {
1663 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", bundleDataDir.c_str());
1664 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
1665 }
1666 if (el == ServiceConstants::BUNDLE_EL[1]) {
1667 std::string logParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::LOG;
1668 if (CreateExtensionDir(createDirParam, logParentDir, S_IRWXU | S_IRWXG,
1669 ServiceConstants::LOG_DIR_GID, true) != ERR_OK) {
1670 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", logParentDir.c_str());
1671 }
1672 }
1673
1674 std::string databaseParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::DATABASE;
1675 if (CreateExtensionDir(createDirParam, databaseParentDir, S_IRWXU | S_IRWXG | S_ISGID,
1676 ServiceConstants::DATABASE_DIR_GID) != ERR_OK) {
1677 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", databaseParentDir.c_str());
1678 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
1679 }
1680 }
1681 return ERR_OK;
1682 }
1683
GetExtensionSandboxTypeList(std::vector<std::string> & typeList)1684 ErrCode InstalldHostImpl::GetExtensionSandboxTypeList(std::vector<std::string> &typeList)
1685 {
1686 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1687 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1688 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1689 }
1690 nlohmann::json jsonBuf;
1691 std::string extensionConfigPath = GetExtensionConfigPath();
1692 if (!ReadFileIntoJson(extensionConfigPath, jsonBuf)) {
1693 LOG_I(BMS_TAG_INSTALLD, "Parse file %{public}s failed", extensionConfigPath.c_str());
1694 return ERR_APPEXECFWK_INSTALL_FAILED_PROFILE_PARSE_FAIL;
1695 }
1696 LoadNeedCreateSandbox(jsonBuf, typeList);
1697 return ERR_OK;
1698 }
1699
GetExtensionConfigPath() const1700 std::string InstalldHostImpl::GetExtensionConfigPath() const
1701 {
1702 #ifdef CONFIG_POLOCY_ENABLE
1703 char buf[MAX_PATH_LEN] = { 0 };
1704 char *configPath = GetOneCfgFile(EXTENSION_CONFIG_FILE_PATH, buf, MAX_PATH_LEN);
1705 if (configPath == nullptr || configPath[0] == '\0' || strlen(configPath) > MAX_PATH_LEN) {
1706 return EXTENSION_CONFIG_DEFAULT_PATH;
1707 }
1708 return configPath;
1709 #else
1710 return EXTENSION_CONFIG_DEFAULT_PATH;
1711 #endif
1712 }
1713
LoadNeedCreateSandbox(const nlohmann::json & object,std::vector<std::string> & typeList)1714 void InstalldHostImpl::LoadNeedCreateSandbox(const nlohmann::json &object, std::vector<std::string> &typeList)
1715 {
1716 if (!object.contains(EXTENSION_CONFIG_NAME) || !object.at(EXTENSION_CONFIG_NAME).is_array()) {
1717 LOG_E(BMS_TAG_INSTALLD, "Extension config not existed");
1718 return;
1719 }
1720
1721 for (auto &item : object.at(EXTENSION_CONFIG_NAME).items()) {
1722 const nlohmann::json& jsonObject = item.value();
1723 if (!jsonObject.contains(EXTENSION_TYPE_NAME) || !jsonObject.at(EXTENSION_TYPE_NAME).is_string()) {
1724 continue;
1725 }
1726 std::string extensionType = jsonObject.at(EXTENSION_TYPE_NAME).get<std::string>();
1727 if (LoadExtensionNeedCreateSandbox(jsonObject, extensionType)) {
1728 typeList.emplace_back(extensionType);
1729 }
1730 }
1731 }
1732
LoadExtensionNeedCreateSandbox(const nlohmann::json & object,std::string extensionTypeName)1733 bool InstalldHostImpl::LoadExtensionNeedCreateSandbox(const nlohmann::json &object, std::string extensionTypeName)
1734 {
1735 if (!object.contains(EXTENSION_SERVICE_NEED_CREATE_SANDBOX) ||
1736 !object.at(EXTENSION_SERVICE_NEED_CREATE_SANDBOX).is_boolean()) {
1737 LOG_E(BMS_TAG_INSTALLD, "need create sandbox config not existed");
1738 return false;
1739 }
1740 return object.at(EXTENSION_SERVICE_NEED_CREATE_SANDBOX).get<bool>();
1741 }
1742
ReadFileIntoJson(const std::string & filePath,nlohmann::json & jsonBuf)1743 bool InstalldHostImpl::ReadFileIntoJson(const std::string &filePath, nlohmann::json &jsonBuf)
1744 {
1745 if (filePath.length() > PATH_MAX) {
1746 LOG_E(BMS_TAG_INSTALLD, "path length(%{public}u) longer than max length(%{public}d)",
1747 static_cast<unsigned int>(filePath.length()), PATH_MAX);
1748 return false;
1749 }
1750 std::string realPath;
1751 realPath.reserve(PATH_MAX);
1752 realPath.resize(PATH_MAX - 1);
1753 if (realpath(filePath.c_str(), &(realPath[0])) == nullptr) {
1754 LOG_E(BMS_TAG_INSTALLD, "transform real path error: %{public}d", errno);
1755 return false;
1756 }
1757 if (access(filePath.c_str(), F_OK) != 0) {
1758 LOG_D(BMS_TAG_INSTALLD, "access file %{public}s failed, error: %{public}s", filePath.c_str(), strerror(errno));
1759 return false;
1760 }
1761
1762 std::fstream in;
1763 char errBuf[256];
1764 errBuf[0] = '\0';
1765 in.open(filePath, std::ios_base::in);
1766 if (!in.is_open()) {
1767 strerror_r(errno, errBuf, sizeof(errBuf));
1768 LOG_E(BMS_TAG_INSTALLD, "the file cannot be open due to %{public}s, errno:%{public}d", errBuf, errno);
1769 return false;
1770 }
1771
1772 in.seekg(0, std::ios::end);
1773 int64_t size = in.tellg();
1774 if (size <= 0) {
1775 LOG_E(BMS_TAG_INSTALLD, "the file is an empty file, errno:%{public}d", errno);
1776 in.close();
1777 return false;
1778 }
1779
1780 in.seekg(0, std::ios::beg);
1781 jsonBuf = nlohmann::json::parse(in, nullptr, false);
1782 in.close();
1783 if (jsonBuf.is_discarded()) {
1784 LOG_E(BMS_TAG_INSTALLD, "bad profile file");
1785 return false;
1786 }
1787
1788 return true;
1789 }
1790
InnerRemoveAtomicServiceBundleDataDir(const std::string & bundleName,const int32_t userId)1791 ErrCode InstalldHostImpl::InnerRemoveAtomicServiceBundleDataDir(const std::string &bundleName, const int32_t userId)
1792 {
1793 LOG_I(BMS_TAG_INSTALLD, "process atomic service bundleName:%{public}s", bundleName.c_str());
1794 std::vector<std::string> pathName;
1795 if (!InstalldOperator::GetAtomicServiceBundleDataDir(bundleName, userId, pathName)) {
1796 LOG_W(BMS_TAG_INSTALLD, "atomic bundle %{public}s no other path", bundleName.c_str());
1797 }
1798 pathName.emplace_back(bundleName);
1799 LOG_I(BMS_TAG_INSTALLD, "bundle %{public}s need delete path size:%{public}zu", bundleName.c_str(), pathName.size());
1800 ErrCode result = ERR_OK;
1801 for (const auto &name : pathName) {
1802 ErrCode tmpResult = InnerRemoveBundleDataDir(name, userId);
1803 if (tmpResult != ERR_OK) {
1804 result = tmpResult;
1805 }
1806 }
1807 return result;
1808 }
1809
InnerRemoveBundleDataDir(const std::string & bundleName,const int32_t userId)1810 ErrCode InstalldHostImpl::InnerRemoveBundleDataDir(const std::string &bundleName, const int32_t userId)
1811 {
1812 for (const auto &el : ServiceConstants::BUNDLE_EL) {
1813 std::string bundleDataDir = GetBundleDataDir(el, userId) + ServiceConstants::BASE + bundleName;
1814 if (!InstalldOperator::DeleteDirFast(bundleDataDir)) {
1815 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", bundleDataDir.c_str(), errno);
1816 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1817 }
1818 std::string databaseDir = GetBundleDataDir(el, userId) + ServiceConstants::DATABASE + bundleName;
1819 if (!InstalldOperator::DeleteDirFast(databaseDir)) {
1820 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", databaseDir.c_str(), errno);
1821 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1822 }
1823 if (el == ServiceConstants::BUNDLE_EL[1]) {
1824 std::string logDir = GetBundleDataDir(el, userId) + ServiceConstants::LOG + bundleName;
1825 if (!InstalldOperator::DeleteDir(logDir)) {
1826 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", logDir.c_str(), errno);
1827 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1828 }
1829 }
1830 }
1831 if (RemoveShareDir(bundleName, userId) != ERR_OK) {
1832 LOG_E(BMS_TAG_INSTALLD, "failed to remove share dir");
1833 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1834 }
1835 if (RemoveCloudDir(bundleName, userId) != ERR_OK) {
1836 LOG_E(BMS_TAG_INSTALLD, "failed to remove cloud dir");
1837 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1838 }
1839 if (RemoveBackupExtHomeDir(bundleName, userId, DirType::DIR_EL2) != ERR_OK ||
1840 RemoveBackupExtHomeDir(bundleName, userId, DirType::DIR_EL1) != ERR_OK) {
1841 LOG_E(BMS_TAG_INSTALLD, "failed to remove backup ext home dir");
1842 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1843 }
1844 if (RemoveNewBackupExtHomeDir(bundleName, userId, DirType::DIR_EL2) != ERR_OK ||
1845 RemoveNewBackupExtHomeDir(bundleName, userId, DirType::DIR_EL1) != ERR_OK) {
1846 LOG_E(BMS_TAG_INSTALLD, "failed to remove new backup ext home dir");
1847 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1848 }
1849 if (RemoveDistributedDir(bundleName, userId) != ERR_OK) {
1850 LOG_E(BMS_TAG_INSTALLD, "failed to remove distributed file dir");
1851 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1852 }
1853 return ERR_OK;
1854 }
1855
MoveHapToCodeDir(const std::string & originPath,const std::string & targetPath)1856 ErrCode InstalldHostImpl::MoveHapToCodeDir(const std::string &originPath, const std::string &targetPath)
1857 {
1858 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1859 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1860 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1861 }
1862 if (!InstalldOperator::MoveFile(originPath, targetPath)) {
1863 LOG_E(BMS_TAG_INSTALLD, "move file %{public}s to %{public}s failed errno:%{public}d",
1864 originPath.c_str(), targetPath.c_str(), errno);
1865 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
1866 }
1867 mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
1868 if (!OHOS::ChangeModeFile(targetPath, mode)) {
1869 LOG_E(BMS_TAG_INSTALLD, "change mode failed");
1870 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
1871 }
1872 if (!InstalldOperator::ChangeFileAttr(targetPath, INSTALLS_UID, INSTALLS_UID)) {
1873 LOG_E(BMS_TAG_INSTALLD, "ChangeAttr %{public}s failed errno:%{public}d", targetPath.c_str(), errno);
1874 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
1875 }
1876
1877 #ifdef WITH_SELINUX
1878 const char *context = "u:object_r:data_app_el1_file:s0";
1879 if (lsetfilecon(targetPath.c_str(), context) < 0) {
1880 LOG_E(BMS_TAG_INSTALLD, "setcon %{public}s failed errno:%{public}d", targetPath.c_str(), errno);
1881 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
1882 }
1883 #endif
1884 return ERR_OK;
1885 }
1886 } // namespace AppExecFwk
1887 } // namespace OHOS
1888