1 /*
2 * Copyright (C) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "app_domain_verify_hilog.h"
17 #include "if_system_ability_manager.h"
18 #include "iservice_registry.h"
19 #include "app_domain_verify_mgr_client.h"
20 #include "system_ability_definition.h"
21 #include "dfx/app_domain_verify_hisysevent.h"
22 #include "zidl/convert_callback_stub.h"
23 #include "regex.h"
24 #include "comm_define.h"
25 #include "ipc_skeleton.h"
26 #include "common_utils.h"
27 #include "bundle_info_query.h"
28
29 namespace OHOS {
30 namespace AppDomainVerify {
31 std::mutex AppDomainVerifyMgrClient::proxyLock_;
32 sptr<IAppDomainVerifyMgrService> AppDomainVerifyMgrClient::appDomainVerifyMgrServiceProxy_;
33 AppDomainVerifyMgrClient::StaticDestoryMonitor AppDomainVerifyMgrClient::staticDestoryMonitor_;
34 #ifndef _CUT_LINK_CONVERT_
35 static const std::string SCHEME_HTTPS("https");
36 static const char* PATTEN = "^[a-zA-Z0-9_-]{1,99}$";
37 constexpr int REG_ERR_BUF = 1024;
38 constexpr int NM = 10;
39 #endif
AppDomainVerifyMgrClient()40 AppDomainVerifyMgrClient::AppDomainVerifyMgrClient()
41 {
42 APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "new instance created.");
43 }
~AppDomainVerifyMgrClient()44 AppDomainVerifyMgrClient::~AppDomainVerifyMgrClient()
45 {
46 std::lock_guard<std::mutex> autoLock(proxyLock_);
47 if (appDomainVerifyMgrServiceProxy_ != nullptr && !staticDestoryMonitor_.IsDestoryed()) {
48 auto remoteObject = appDomainVerifyMgrServiceProxy_->AsObject();
49 if (remoteObject != nullptr) {
50 remoteObject->RemoveDeathRecipient(deathRecipient_);
51 }
52 }
53 APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "instance dead.");
54 }
55
VerifyDomain(const std::string & appIdentifier,const std::string & bundleName,const std::string & fingerprint,const std::vector<SkillUri> & skillUris)56 void AppDomainVerifyMgrClient::VerifyDomain(const std::string& appIdentifier, const std::string& bundleName,
57 const std::string& fingerprint, const std::vector<SkillUri>& skillUris)
58 {
59 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
60 INSTALL_EVENT(appIdentifier, bundleName);
61 std::lock_guard<std::mutex> autoLock(proxyLock_);
62 if (IsServiceAvailable()) {
63 appDomainVerifyMgrServiceProxy_->VerifyDomain(appIdentifier, bundleName, fingerprint, skillUris);
64 }
65 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end");
66 }
67
ClearDomainVerifyStatus(const std::string & appIdentifier,const std::string & bundleName)68 bool AppDomainVerifyMgrClient::ClearDomainVerifyStatus(const std::string& appIdentifier, const std::string& bundleName)
69 {
70 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
71 UNINSTALL_EVENT(appIdentifier, bundleName);
72 bool clearResult = false;
73 std::lock_guard<std::mutex> autoLock(proxyLock_);
74 if (IsServiceAvailable()) {
75 clearResult = appDomainVerifyMgrServiceProxy_->ClearDomainVerifyStatus(appIdentifier, bundleName);
76 }
77 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end");
78 return clearResult;
79 }
80
FilterAbilities(const OHOS::AAFwk::Want & want,const std::vector<OHOS::AppExecFwk::AbilityInfo> & originAbilityInfos,std::vector<OHOS::AppExecFwk::AbilityInfo> & filtedAbilityInfos)81 bool AppDomainVerifyMgrClient::FilterAbilities(const OHOS::AAFwk::Want& want,
82 const std::vector<OHOS::AppExecFwk::AbilityInfo>& originAbilityInfos,
83 std::vector<OHOS::AppExecFwk::AbilityInfo>& filtedAbilityInfos)
84 {
85 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
86 bool filterSuccess = false;
87 std::lock_guard<std::mutex> autoLock(proxyLock_);
88 if (IsServiceAvailable()) {
89 filterSuccess = appDomainVerifyMgrServiceProxy_->FilterAbilities(want, originAbilityInfos, filtedAbilityInfos);
90 }
91
92 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT,
93 "call end, filted ability size:%{public}zu, origin ability size:%{public}zu", filtedAbilityInfos.size(),
94 originAbilityInfos.size());
95 return filterSuccess;
96 }
97
QueryDomainVerifyStatus(const std::string & bundleName,DomainVerifyStatus & domainVerificationState)98 bool AppDomainVerifyMgrClient::QueryDomainVerifyStatus(
99 const std::string& bundleName, DomainVerifyStatus& domainVerificationState)
100 {
101 APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
102 bool querySuccess = false;
103 std::lock_guard<std::mutex> autoLock(proxyLock_);
104 if (IsServiceAvailable()) {
105 querySuccess = appDomainVerifyMgrServiceProxy_->QueryDomainVerifyStatus(bundleName, domainVerificationState);
106 }
107 APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end");
108 return querySuccess;
109 }
110
QueryAllDomainVerifyStatus(BundleVerifyStatusInfo & bundleVerifyStatusInfo)111 bool AppDomainVerifyMgrClient::QueryAllDomainVerifyStatus(BundleVerifyStatusInfo& bundleVerifyStatusInfo)
112 {
113 APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
114 bool querySuccess = false;
115 std::lock_guard<std::mutex> autoLock(proxyLock_);
116 if (IsServiceAvailable()) {
117 querySuccess = appDomainVerifyMgrServiceProxy_->QueryAllDomainVerifyStatus(bundleVerifyStatusInfo);
118 }
119 APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end");
120 return querySuccess;
121 }
122
SaveDomainVerifyStatus(const std::string & bundleName,const VerifyResultInfo & verifyResultInfo)123 bool AppDomainVerifyMgrClient::SaveDomainVerifyStatus(
124 const std::string& bundleName, const VerifyResultInfo& verifyResultInfo)
125 {
126 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
127 bool saveSuccess = false;
128 std::lock_guard<std::mutex> autoLock(proxyLock_);
129 if (IsServiceAvailable()) {
130 saveSuccess = appDomainVerifyMgrServiceProxy_->SaveDomainVerifyStatus(bundleName, verifyResultInfo);
131 }
132 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end");
133 return saveSuccess;
134 }
135
IsServiceAvailable()136 bool AppDomainVerifyMgrClient::IsServiceAvailable()
137 {
138 if (appDomainVerifyMgrServiceProxy_ == nullptr) {
139 APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "Redo ConnectService");
140 ConnectService();
141 }
142
143 if (appDomainVerifyMgrServiceProxy_ == nullptr) {
144 APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "Service proxy null.");
145 UNIVERSAL_ERROR_EVENT(CONNECT_MGR_FAULT);
146 return false;
147 }
148 return true;
149 }
ConnectService()150 void AppDomainVerifyMgrClient::ConnectService()
151 {
152 APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "ConnectService start.");
153 sptr<ISystemAbilityManager> samgrProxy = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
154 if (samgrProxy == nullptr) {
155 APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "ConnectService SystemAbilityManager failed.");
156 appDomainVerifyMgrServiceProxy_ = nullptr;
157 return;
158 }
159 sptr<IRemoteObject> remoteObject = samgrProxy->CheckSystemAbility(APP_DOMAIN_VERIFY_MANAGER_SA_ID);
160 if (remoteObject != nullptr) {
161 APP_DOMAIN_VERIFY_HILOGI(
162 APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "ConnectService AppDomainVerifyMgrServiceProxy succeed.");
163 if (deathRecipient_ == nullptr) {
164 deathRecipient_ = sptr<IRemoteObject::DeathRecipient>(new AppDomainVerifyMgrSaDeathRecipient());
165 }
166 remoteObject->AddDeathRecipient(deathRecipient_);
167 appDomainVerifyMgrServiceProxy_ = iface_cast<IAppDomainVerifyMgrService>(remoteObject);
168 return;
169 }
170
171 APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "Getting AppDomainVerifyMgrServiceProxy failed.");
172 }
173
OnRemoteSaDied(const wptr<IRemoteObject> & remote)174 void AppDomainVerifyMgrClient::OnRemoteSaDied(const wptr<IRemoteObject>& remote)
175 {
176 APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "OnRemoteSaDied.");
177 std::lock_guard<std::mutex> autoLock(proxyLock_);
178 if (appDomainVerifyMgrServiceProxy_ != nullptr) {
179 auto remoteObj = appDomainVerifyMgrServiceProxy_->AsObject();
180 if (remoteObj != nullptr) {
181 remoteObj->RemoveDeathRecipient(deathRecipient_);
182 }
183 }
184 appDomainVerifyMgrServiceProxy_ = nullptr;
185 }
ConvertToExplicitWant(AAFwk::Want & implicitWant,sptr<IConvertCallback> & callback)186 void AppDomainVerifyMgrClient::ConvertToExplicitWant(AAFwk::Want& implicitWant, sptr<IConvertCallback>& callback)
187 {
188 #ifdef _CUT_LINK_CONVERT_
189 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "not support, will return false!");
190 if (callback) {
191 callback->OnConvert(-1, implicitWant);
192 }
193 #else
194 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
195 std::lock_guard<std::mutex> autoLock(proxyLock_);
196 if (IsServiceAvailable()) {
197 std::string identity = IPCSkeleton::ResetCallingIdentity();
198 appDomainVerifyMgrServiceProxy_->ConvertToExplicitWant(implicitWant, callback);
199 IPCSkeleton::SetCallingIdentity(identity);
200 }
201 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end");
202 #endif
203 }
204 #ifndef _CUT_LINK_CONVERT_
IsValidPath(const std::string & path)205 bool AppDomainVerifyMgrClient::IsValidPath(const std::string& path)
206 {
207 const char* bematch = path.c_str();
208 char errbuf[REG_ERR_BUF];
209 regex_t reg;
210 int errNum = 0;
211 int nm = NM;
212 regmatch_t pmatch[nm];
213 if (regcomp(®, PATTEN, REG_EXTENDED) < 0) {
214 regerror(errNum, ®, errbuf, sizeof(errbuf));
215 APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "regexec error:%{public}s", errbuf);
216 return false;
217 }
218 errNum = regexec(®, bematch, nm, pmatch, 0);
219 if (errNum == REG_NOMATCH) {
220 APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "regexec no match");
221 regfree(®);
222 return false;
223 } else if (errNum) {
224 regerror(errNum, ®, errbuf, sizeof(errbuf));
225 APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "regexec error:%{public}s", errbuf);
226 regfree(®);
227 return false;
228 }
229 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "is valid path");
230 regfree(®);
231 return true;
232 }
IsValidUrl(OHOS::Uri & uri)233 bool AppDomainVerifyMgrClient::IsValidUrl(OHOS::Uri& uri)
234 {
235 if (uri.GetScheme() != SCHEME_HTTPS) {
236 APP_DOMAIN_VERIFY_HILOGW(
237 APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "scheme:%{public}s is not https", uri.GetScheme().c_str());
238 return false;
239 }
240 if (uri.GetHost().empty()) {
241 APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "host is empty");
242 return false;
243 }
244 std::vector<std::string> segments;
245 uri.GetPathSegments(segments);
246 if (segments.size() != 1) {
247 APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "short path is more than one");
248 return false;
249 }
250 if (!IsValidPath(segments[0])) {
251 APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT,
252 "short path:%{public}s must only contains number,alphabet or dash line!", segments[0].c_str());
253 return false;
254 }
255 APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "is valid Url");
256 return true;
257 }
258
259 #endif
IsAtomicServiceUrl(const std::string & url)260 bool AppDomainVerifyMgrClient::IsAtomicServiceUrl(const std::string& url)
261 {
262 #ifdef _CUT_LINK_CONVERT_
263 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "not support, will return false!");
264 return false;
265 #else
266 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called, url %{public}s", MaskStr(url).c_str());
267 Uri uri(url);
268 if (!IsValidUrl(uri)) {
269 APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "url is invalid!");
270 return false;
271 }
272 bool ret{ false };
273 std::lock_guard<std::mutex> autoLock(proxyLock_);
274 if (IsServiceAvailable()) {
275 std::string identity = IPCSkeleton::ResetCallingIdentity();
276 ret = appDomainVerifyMgrServiceProxy_->IsAtomicServiceUrl(uri.GetScheme() + "://" + uri.GetHost());
277 IPCSkeleton::SetCallingIdentity(identity);
278 }
279 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end, IsAtomicServiceUrl:%{public}d", ret);
280 return ret;
281 #endif
282 }
UpdateWhiteListUrls(const std::vector<std::string> & urls)283 void AppDomainVerifyMgrClient::UpdateWhiteListUrls(const std::vector<std::string>& urls)
284 {
285 #ifdef _CUT_LINK_CONVERT_
286 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "not support, will return!");
287 return;
288 #else
289 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
290 std::lock_guard<std::mutex> autoLock(proxyLock_);
291 if (IsServiceAvailable()) {
292 appDomainVerifyMgrServiceProxy_->UpdateWhiteListUrls(urls);
293 }
294 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end");
295 #endif
296 }
297
QueryAppDetailsWant(const std::string & link,AAFwk::Want & want)298 int AppDomainVerifyMgrClient::QueryAppDetailsWant(const std::string &link, AAFwk::Want &want)
299 {
300 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
301 std::lock_guard<std::mutex> autoLock(proxyLock_);
302 if (IsServiceAvailable()) {
303 return appDomainVerifyMgrServiceProxy_->QueryAppDetailsWant(link, want);
304 }
305 return CommonErrorCode::E_INTERNAL_ERR;
306 }
307
QueryAssociatedDomains(const std::string & bundleName,std::vector<std::string> & domains)308 int AppDomainVerifyMgrClient::QueryAssociatedDomains(const std::string& bundleName, std::vector<std::string>& domains)
309 {
310 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
311 std::lock_guard<std::mutex> autoLock(proxyLock_);
312 if (IsServiceAvailable()) {
313 return appDomainVerifyMgrServiceProxy_->QueryAssociatedDomains(bundleName, domains);
314 }
315 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end");
316 return CommonErrorCode::E_INTERNAL_ERR;
317 }
QueryAssociatedBundleNames(const std::string & domain,std::vector<std::string> & bundleNames)318 int AppDomainVerifyMgrClient::QueryAssociatedBundleNames(
319 const std::string& domain, std::vector<std::string>& bundleNames)
320 {
321 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
322 std::lock_guard<std::mutex> autoLock(proxyLock_);
323 if (IsServiceAvailable()) {
324 return appDomainVerifyMgrServiceProxy_->QueryAssociatedBundleNames(domain, bundleNames);
325 }
326 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end");
327 return CommonErrorCode::E_INTERNAL_ERR;
328 }
GetDeferredLink(std::string & link)329 int AppDomainVerifyMgrClient::GetDeferredLink(std::string& link)
330 {
331 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
332 std::lock_guard<std::mutex> autoLock(proxyLock_);
333 if (IsServiceAvailable()) {
334 return appDomainVerifyMgrServiceProxy_->GetDeferredLink(link);
335 }
336 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end");
337 return CommonErrorCode::E_INTERNAL_ERR;
338 }
AppDomainVerifyMgrSaDeathRecipient()339 AppDomainVerifyMgrSaDeathRecipient::AppDomainVerifyMgrSaDeathRecipient()
340 {
341 }
342
~AppDomainVerifyMgrSaDeathRecipient()343 AppDomainVerifyMgrSaDeathRecipient::~AppDomainVerifyMgrSaDeathRecipient()
344 {
345 APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "deathRecipient dead.");
346 }
347
OnRemoteDied(const wptr<IRemoteObject> & object)348 void AppDomainVerifyMgrSaDeathRecipient::OnRemoteDied(const wptr<IRemoteObject>& object)
349 {
350 APP_DOMAIN_VERIFY_HILOGD(
351 APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "AppDomainVerifyMgrSaDeathRecipient on remote systemAbility died.");
352 AppDomainVerifyMgrClient::GetInstance()->OnRemoteSaDied(object);
353 }
354 } // namespace AppDomainVerify
355 } // namespace OHOS
356