1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "app_control_manager_host_impl.h"
17
18 #include "app_log_tag_wrapper.h"
19 #include "app_log_wrapper.h"
20 #include "appexecfwk_errors.h"
21 #include "app_control_constants.h"
22 #include "bundle_mgr_service.h"
23 #include "bundle_permission_mgr.h"
24 #include "bundle_service_constants.h"
25 #include "event_report.h"
26 #include "ipc_skeleton.h"
27
28 namespace OHOS {
29 namespace AppExecFwk {
30 namespace {
31 const std::string PERMISSION_DISPOSED_STATUS = "ohos.permission.MANAGE_DISPOSED_APP_STATUS";
32 const std::string PERMISSION_GET_DISPOSED_STATUS = "ohos.permission.GET_DISPOSED_APP_STATUS";
33 }
AppControlManagerHostImpl()34 AppControlManagerHostImpl::AppControlManagerHostImpl()
35 {
36 appControlManager_ = DelayedSingleton<AppControlManager>::GetInstance();
37 dataMgr_ = DelayedSingleton<BundleMgrService>::GetInstance()->GetDataMgr();
38 callingNameMap_ = {
39 {AppControlConstants::EDM_UID, AppControlConstants::EDM_CALLING}
40 };
41 ruleTypeMap_ = {
42 {AppInstallControlRuleType::DISALLOWED_UNINSTALL, AppControlConstants::APP_DISALLOWED_UNINSTALL},
43 {AppInstallControlRuleType::ALLOWED_INSTALL, AppControlConstants::APP_ALLOWED_INSTALL},
44 {AppInstallControlRuleType::DISALLOWED_INSTALL, AppControlConstants::APP_DISALLOWED_INSTALL}
45 };
46 }
47
~AppControlManagerHostImpl()48 AppControlManagerHostImpl::~AppControlManagerHostImpl()
49 {
50 }
51
AddAppInstallControlRule(const std::vector<std::string> & appIds,const AppInstallControlRuleType controlRuleType,int32_t userId)52 ErrCode AppControlManagerHostImpl::AddAppInstallControlRule(const std::vector<std::string> &appIds,
53 const AppInstallControlRuleType controlRuleType, int32_t userId)
54 {
55 LOG_D(BMS_TAG_DEFAULT, "AddAppInstallControlRule start");
56 std::string callingName = GetCallingName();
57 std::string ruleType = GetControlRuleType(controlRuleType);
58 if (callingName.empty()) {
59 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
60 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
61 }
62 if (ruleType.empty()) {
63 LOG_E(BMS_TAG_DEFAULT, "controlRuleType is invalid");
64 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
65 }
66 auto ret = appControlManager_->AddAppInstallControlRule(callingName, appIds, ruleType, userId);
67 if (ret != ERR_OK) {
68 LOG_E(BMS_TAG_DEFAULT, "AddAppInstallControlRule failed due to error %{public}d", ret);
69 return ret;
70 }
71 if (ruleType == AppControlConstants::APP_DISALLOWED_UNINSTALL) {
72 UpdateAppControlledInfo(userId, appIds);
73 }
74 return ERR_OK;
75 }
76
DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,const std::vector<std::string> & appIds,int32_t userId)77 ErrCode AppControlManagerHostImpl::DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,
78 const std::vector<std::string> &appIds, int32_t userId)
79 {
80 LOG_D(BMS_TAG_DEFAULT, "DeleteAppInstallControlRule start");
81 std::string ruleType = GetControlRuleType(controlRuleType);
82 if (ruleType.empty()) {
83 LOG_E(BMS_TAG_DEFAULT, "controlRuleType is invalid");
84 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
85 }
86 std::string callingName = GetCallingName();
87 if (callingName.empty()) {
88 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
89 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
90 }
91 auto ret = appControlManager_->DeleteAppInstallControlRule(callingName, ruleType, appIds, userId);
92 if (ret != ERR_OK) {
93 LOG_E(BMS_TAG_DEFAULT, "DeleteAppInstallControlRule failed due to error %{public}d", ret);
94 return ret;
95 }
96 if (ruleType == AppControlConstants::APP_DISALLOWED_UNINSTALL) {
97 UpdateAppControlledInfo(userId, appIds);
98 }
99 return ERR_OK;
100 }
101
DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,int32_t userId)102 ErrCode AppControlManagerHostImpl::DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,
103 int32_t userId)
104 {
105 LOG_D(BMS_TAG_DEFAULT, "CleanAppInstallControlRule start");
106 std::string callingName = GetCallingName();
107 std::string ruleType = GetControlRuleType(controlRuleType);
108 if (callingName.empty()) {
109 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
110 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
111 }
112 if (ruleType.empty()) {
113 LOG_E(BMS_TAG_DEFAULT, "controlRuleType is invalid");
114 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
115 }
116 std::vector<std::string> modifyAppIds;
117 if (ruleType == AppControlConstants::APP_DISALLOWED_UNINSTALL) {
118 auto ret = appControlManager_->GetAppInstallControlRule(AppControlConstants::EDM_CALLING,
119 ruleType, userId, modifyAppIds);
120 if (ret != ERR_OK) {
121 LOG_W(BMS_TAG_DEFAULT, "GetAppInstallControlRule failed code:%{public}d", ret);
122 }
123 }
124 auto ret = appControlManager_->DeleteAppInstallControlRule(callingName, ruleType, userId);
125 if (ret != ERR_OK) {
126 LOG_E(BMS_TAG_DEFAULT, "CleanAppInstallControlRule failed due to error %{public}d", ret);
127 return ret;
128 }
129 if (ruleType == AppControlConstants::APP_DISALLOWED_UNINSTALL) {
130 UpdateAppControlledInfo(userId, modifyAppIds);
131 }
132 return ERR_OK;
133 }
134
GetAppInstallControlRule(const AppInstallControlRuleType controlRuleType,int32_t userId,std::vector<std::string> & appIds)135 ErrCode AppControlManagerHostImpl::GetAppInstallControlRule(
136 const AppInstallControlRuleType controlRuleType, int32_t userId, std::vector<std::string> &appIds)
137 {
138 LOG_D(BMS_TAG_DEFAULT, "GetAppInstallControlRule start");
139 std::string callingName = GetCallingName();
140 std::string ruleType = GetControlRuleType(controlRuleType);
141 if (callingName.empty()) {
142 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
143 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
144 }
145 if (ruleType.empty()) {
146 LOG_E(BMS_TAG_DEFAULT, "controlRuleType is invalid");
147 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
148 }
149
150 return appControlManager_->GetAppInstallControlRule(callingName, ruleType, userId, appIds);
151 }
152
AddAppRunningControlRule(const std::vector<AppRunningControlRule> & controlRules,int32_t userId)153 ErrCode AppControlManagerHostImpl::AddAppRunningControlRule(
154 const std::vector<AppRunningControlRule> &controlRules, int32_t userId)
155 {
156 std::string callingName = GetCallingName();
157 if (callingName.empty()) {
158 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
159 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
160 }
161 return appControlManager_->AddAppRunningControlRule(callingName, controlRules, userId);
162 }
163
DeleteAppRunningControlRule(const std::vector<AppRunningControlRule> & controlRules,int32_t userId)164 ErrCode AppControlManagerHostImpl::DeleteAppRunningControlRule(
165 const std::vector<AppRunningControlRule> &controlRules, int32_t userId)
166 {
167 std::string callingName = GetCallingName();
168 if (callingName.empty()) {
169 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
170 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
171 }
172 return appControlManager_->DeleteAppRunningControlRule(callingName, controlRules, userId);
173 }
174
DeleteAppRunningControlRule(int32_t userId)175 ErrCode AppControlManagerHostImpl::DeleteAppRunningControlRule(int32_t userId)
176 {
177 std::string callingName = GetCallingName();
178 if (callingName.empty()) {
179 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
180 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
181 }
182 return appControlManager_->DeleteAppRunningControlRule(callingName, userId);
183 }
184
GetAppRunningControlRule(int32_t userId,std::vector<std::string> & appIds)185 ErrCode AppControlManagerHostImpl::GetAppRunningControlRule(int32_t userId, std::vector<std::string> &appIds)
186 {
187 std::string callingName = GetCallingName();
188 if (callingName.empty()) {
189 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
190 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
191 }
192 return appControlManager_->GetAppRunningControlRule(callingName, userId, appIds);
193 }
194
GetAppRunningControlRule(const std::string & bundleName,int32_t userId,AppRunningControlRuleResult & controlRuleResult)195 ErrCode AppControlManagerHostImpl::GetAppRunningControlRule(
196 const std::string &bundleName, int32_t userId, AppRunningControlRuleResult &controlRuleResult)
197 {
198 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
199 if (uid != AppControlConstants::FOUNDATION_UID) {
200 LOG_W(BMS_TAG_DEFAULT, "calling permission denied, uid : %{public}d, pid : %{public}d",
201 uid, OHOS::IPCSkeleton::GetCallingPid());
202 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
203 }
204 return appControlManager_->GetAppRunningControlRule(bundleName, userId, controlRuleResult);
205 }
206
ConfirmAppJumpControlRule(const std::string & callerBundleName,const std::string & targetBundleName,int32_t userId)207 ErrCode AppControlManagerHostImpl::ConfirmAppJumpControlRule(const std::string &callerBundleName,
208 const std::string &targetBundleName, int32_t userId)
209 {
210 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
211 if (uid != AppControlConstants::FOUNDATION_UID) {
212 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid, uid : %{public}d", uid);
213 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
214 }
215 return appControlManager_->ConfirmAppJumpControlRule(callerBundleName, targetBundleName, userId);
216 }
217
AddAppJumpControlRule(const std::vector<AppJumpControlRule> & controlRules,int32_t userId)218 ErrCode AppControlManagerHostImpl::AddAppJumpControlRule(const std::vector<AppJumpControlRule> &controlRules,
219 int32_t userId)
220 {
221 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
222 if (uid != AppControlConstants::FOUNDATION_UID) {
223 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid, uid : %{public}d", uid);
224 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
225 }
226 return appControlManager_->AddAppJumpControlRule(controlRules, userId);
227 }
228
DeleteAppJumpControlRule(const std::vector<AppJumpControlRule> & controlRules,int32_t userId)229 ErrCode AppControlManagerHostImpl::DeleteAppJumpControlRule(const std::vector<AppJumpControlRule> &controlRules,
230 int32_t userId)
231 {
232 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
233 if (uid != AppControlConstants::FOUNDATION_UID) {
234 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid, uid : %{public}d", uid);
235 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
236 }
237 return appControlManager_->DeleteAppJumpControlRule(controlRules, userId);
238 }
239
DeleteRuleByCallerBundleName(const std::string & callerBundleName,int32_t userId)240 ErrCode AppControlManagerHostImpl::DeleteRuleByCallerBundleName(const std::string &callerBundleName, int32_t userId)
241 {
242 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
243 if (uid != AppControlConstants::FOUNDATION_UID) {
244 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid, uid : %{public}d", uid);
245 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
246 }
247 return appControlManager_->DeleteRuleByCallerBundleName(callerBundleName, userId);
248 }
249
DeleteRuleByTargetBundleName(const std::string & targetBundleName,int32_t userId)250 ErrCode AppControlManagerHostImpl::DeleteRuleByTargetBundleName(const std::string &targetBundleName, int32_t userId)
251 {
252 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
253 if (uid != AppControlConstants::FOUNDATION_UID) {
254 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid, uid : %{public}d", uid);
255 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
256 }
257 return appControlManager_->DeleteRuleByTargetBundleName(targetBundleName, userId);
258 }
259
GetAppJumpControlRule(const std::string & callerBundleName,const std::string & targetBundleName,int32_t userId,AppJumpControlRule & controlRule)260 ErrCode AppControlManagerHostImpl::GetAppJumpControlRule(const std::string &callerBundleName,
261 const std::string &targetBundleName, int32_t userId, AppJumpControlRule &controlRule)
262 {
263 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
264 if (uid != AppControlConstants::FOUNDATION_UID) {
265 LOG_W(BMS_TAG_DEFAULT, "calling permission denied, uid : %{public}d", uid);
266 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
267 }
268 return appControlManager_->GetAppJumpControlRule(callerBundleName, targetBundleName, userId, controlRule);
269 }
270
GetCallingName()271 std::string AppControlManagerHostImpl::GetCallingName()
272 {
273 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
274 auto item = callingNameMap_.find(uid);
275 if (item == callingNameMap_.end()) {
276 LOG_W(BMS_TAG_DEFAULT, "calling uid is invalid, uid : %{public}d", uid);
277 return "";
278 }
279 return item->second;
280 }
281
GetControlRuleType(const AppInstallControlRuleType controlRuleType)282 std::string AppControlManagerHostImpl::GetControlRuleType(const AppInstallControlRuleType controlRuleType)
283 {
284 auto item = ruleTypeMap_.find(controlRuleType);
285 if (item == ruleTypeMap_.end()) {
286 LOG_W(BMS_TAG_DEFAULT, "controlRuleType:%{public}d is invalid", static_cast<int32_t>(controlRuleType));
287 return "";
288 }
289 return item->second;
290 }
291
GetCallingUserId()292 int32_t AppControlManagerHostImpl::GetCallingUserId()
293 {
294 return OHOS::IPCSkeleton::GetCallingUid() / Constants::BASE_USER_RANGE;
295 }
296
SetDisposedStatus(const std::string & appId,const Want & want,int32_t userId)297 ErrCode AppControlManagerHostImpl::SetDisposedStatus(const std::string &appId, const Want &want, int32_t userId)
298 {
299 LOG_D(BMS_TAG_DEFAULT, "host begin to SetDisposedStatus");
300 if (!BundlePermissionMgr::IsSystemApp()) {
301 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
302 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
303 }
304 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
305 LOG_W(BMS_TAG_DEFAULT, "verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
306 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
307 }
308 if (userId == Constants::UNSPECIFIED_USERID) {
309 userId = GetCallingUserId();
310 }
311 ErrCode ret = appControlManager_->SetDisposedStatus(appId, want, userId);
312 if (ret != ERR_OK) {
313 LOG_W(BMS_TAG_DEFAULT, "host SetDisposedStatus error:%{public}d", ret);
314 }
315 return ret;
316 }
317
DeleteDisposedStatus(const std::string & appId,int32_t userId)318 ErrCode AppControlManagerHostImpl::DeleteDisposedStatus(const std::string &appId, int32_t userId)
319 {
320 LOG_D(BMS_TAG_DEFAULT, "host begin to DeleteDisposedStatus");
321 if (!BundlePermissionMgr::IsSystemApp()) {
322 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
323 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
324 }
325 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
326 LOG_W(BMS_TAG_DEFAULT, "verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
327 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
328 }
329 if (userId == Constants::UNSPECIFIED_USERID) {
330 userId = GetCallingUserId();
331 }
332 ErrCode ret = appControlManager_->DeleteDisposedStatus(appId, userId);
333 if (ret != ERR_OK) {
334 LOG_W(BMS_TAG_DEFAULT, "host DeletetDisposedStatus error:%{public}d", ret);
335 }
336 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
337 std::string callerName;
338 GetCallerByUid(uid, callerName);
339 if (userId == Constants::UNSPECIFIED_USERID) {
340 userId = GetCallingUserId();
341 }
342 ret = appControlManager_->DeleteDisposedRule(callerName, appId, Constants::MAIN_APP_INDEX, userId);
343
344 return ret;
345 }
346
GetDisposedStatus(const std::string & appId,Want & want,int32_t userId)347 ErrCode AppControlManagerHostImpl::GetDisposedStatus(const std::string &appId, Want &want, int32_t userId)
348 {
349 LOG_D(BMS_TAG_DEFAULT, "host begin to GetDisposedStatus");
350 if (!BundlePermissionMgr::IsSystemApp()) {
351 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
352 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
353 }
354 if (!BundlePermissionMgr::VerifyCallingPermissionsForAll({PERMISSION_DISPOSED_STATUS,
355 PERMISSION_GET_DISPOSED_STATUS})) {
356 LOG_W(BMS_TAG_DEFAULT, "verify get disposed status permission failed");
357 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
358 }
359 if (userId == Constants::UNSPECIFIED_USERID) {
360 userId = GetCallingUserId();
361 }
362 ErrCode ret = appControlManager_->GetDisposedStatus(appId, want, userId);
363 if (ret != ERR_OK) {
364 LOG_W(BMS_TAG_DEFAULT, "host GetDisposedStatus error:%{public}d", ret);
365 }
366 return ret;
367 }
368
UpdateAppControlledInfo(int32_t userId,const std::vector<std::string> & modifyAppIds) const369 void AppControlManagerHostImpl::UpdateAppControlledInfo(int32_t userId,
370 const std::vector<std::string> &modifyAppIds) const
371 {
372 LOG_D(BMS_TAG_DEFAULT, "start to UpdateAppControlledInfo under userId %{public}d", userId);
373 std::vector<std::string> appIds;
374 ErrCode ret = appControlManager_->GetAppInstallControlRule(AppControlConstants::EDM_CALLING,
375 AppControlConstants::APP_DISALLOWED_UNINSTALL, userId, appIds);
376 if (ret != ERR_OK) {
377 LOG_W(BMS_TAG_DEFAULT, "not update GetAppInstallControlRule failed code:%{public}d", ret);
378 return;
379 }
380 auto bundleInfos = dataMgr_->GetAllInnerBundleInfos();
381 for (const auto &info : bundleInfos) {
382 InnerBundleUserInfo userInfo;
383 if (!info.second.GetInnerBundleUserInfo(userId, userInfo)) {
384 LOG_W(BMS_TAG_DEFAULT, "current bundle (%{public}s) is not installed at current userId (%{public}d)",
385 info.first.c_str(), userId);
386 continue;
387 }
388 auto iterator = std::find(appIds.begin(), appIds.end(), info.second.GetAppId());
389 userInfo.isRemovable = (iterator != appIds.end()) ? false : true;
390 dataMgr_->AddInnerBundleUserInfo(info.first, userInfo);
391 auto modifyAppIdsIterator = std::find(modifyAppIds.begin(), modifyAppIds.end(), info.second.GetAppId());
392 if (modifyAppIdsIterator != modifyAppIds.end()) {
393 AbilityInfo mainAbilityInfo;
394 info.second.GetMainAbilityInfo(mainAbilityInfo);
395 NotifyBundleEvents installRes = {
396 .isModuleUpdate = false,
397 .type = NotifyType::UPDATE,
398 .resultCode = ERR_OK,
399 .accessTokenId = info.second.GetAccessTokenId(userId),
400 .uid = info.second.GetUid(userId),
401 .bundleType = static_cast<int32_t>(info.second.GetApplicationBundleType()),
402 .bundleName = info.second.GetBundleName(),
403 .modulePackage = info.second.GetModuleNameVec()[0],
404 .abilityName = mainAbilityInfo.name,
405 .appDistributionType = info.second.GetAppDistributionType(),
406 };
407 std::shared_ptr<BundleCommonEventMgr> commonEventMgr = std::make_shared<BundleCommonEventMgr>();
408 commonEventMgr->NotifyBundleStatus(installRes, dataMgr_);
409 }
410 }
411 }
412
GetCallerByUid(const int32_t uid,std::string & callerName)413 void AppControlManagerHostImpl::GetCallerByUid(const int32_t uid, std::string &callerName)
414 {
415 auto item = callingNameMap_.find(uid);
416 if (item != callingNameMap_.end()) {
417 callerName = item->second;
418 return;
419 }
420 auto ret = dataMgr_->GetNameForUid(uid, callerName);
421 if (ret != ERR_OK) {
422 LOG_W(BMS_TAG_DEFAULT, "caller not recognized");
423 callerName = std::to_string(uid);
424 }
425 }
426
GetDisposedRule(const std::string & appId,DisposedRule & rule,int32_t userId)427 ErrCode AppControlManagerHostImpl::GetDisposedRule(const std::string &appId, DisposedRule &rule, int32_t userId)
428 {
429 LOG_D(BMS_TAG_DEFAULT, "host begin to GetDisposedRule");
430 if (!BundlePermissionMgr::IsSystemApp()) {
431 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
432 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
433 }
434 if (!BundlePermissionMgr::VerifyCallingPermissionsForAll({PERMISSION_DISPOSED_STATUS,
435 PERMISSION_GET_DISPOSED_STATUS})) {
436 LOG_W(BMS_TAG_DEFAULT, "verify get disposed rule permission failed");
437 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
438 }
439
440 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
441 std::string callerName;
442 GetCallerByUid(uid, callerName);
443 if (userId == Constants::UNSPECIFIED_USERID) {
444 userId = GetCallingUserId();
445 }
446 auto ret = appControlManager_->GetDisposedRule(callerName, appId, rule, Constants::MAIN_APP_INDEX, userId);
447 if (ret != ERR_OK) {
448 LOG_W(BMS_TAG_DEFAULT, "host GetDisposedStatus error:%{public}d", ret);
449 }
450 return ret;
451 }
452
SetDisposedRule(const std::string & appId,DisposedRule & rule,int32_t userId)453 ErrCode AppControlManagerHostImpl::SetDisposedRule(const std::string &appId, DisposedRule &rule, int32_t userId)
454 {
455 LOG_D(BMS_TAG_DEFAULT, "host begin to SetDisposedRule");
456 if (!BundlePermissionMgr::IsSystemApp()) {
457 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
458 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
459 }
460 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
461 LOG_W(BMS_TAG_DEFAULT, "verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
462 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
463 }
464
465 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
466 std::string callerName;
467 GetCallerByUid(uid, callerName);
468 if (uid == AppControlConstants::EDM_UID) {
469 rule.isEdm = true;
470 }
471 if (userId == Constants::UNSPECIFIED_USERID) {
472 userId = GetCallingUserId();
473 }
474 auto ret = appControlManager_->SetDisposedRule(callerName, appId, rule, Constants::MAIN_APP_INDEX, userId);
475 if (ret != ERR_OK) {
476 LOG_W(BMS_TAG_DEFAULT, "host GetDisposedStatus error:%{public}d", ret);
477 }
478 return ret;
479 }
480
GetAbilityRunningControlRule(const std::string & bundleName,int32_t userId,std::vector<DisposedRule> & disposedRules,int32_t appIndex)481 ErrCode AppControlManagerHostImpl::GetAbilityRunningControlRule(const std::string &bundleName, int32_t userId,
482 std::vector<DisposedRule>& disposedRules, int32_t appIndex)
483 {
484 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
485 if (uid != AppControlConstants::FOUNDATION_UID) {
486 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid, uid : %{public}d", uid);
487 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
488 }
489 return appControlManager_->GetAbilityRunningControlRule(bundleName, appIndex, userId,
490 disposedRules);
491 }
492
GetDisposedRuleForCloneApp(const std::string & appId,DisposedRule & rule,int32_t appIndex,int32_t userId)493 ErrCode AppControlManagerHostImpl::GetDisposedRuleForCloneApp(const std::string &appId, DisposedRule &rule,
494 int32_t appIndex, int32_t userId)
495 {
496 LOG_D(BMS_TAG_DEFAULT, "host begin to GetDisposedRuleForCloneApp");
497 if (!BundlePermissionMgr::IsSystemApp()) {
498 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
499 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
500 }
501 if (!BundlePermissionMgr::VerifyCallingPermissionsForAll({PERMISSION_DISPOSED_STATUS,
502 PERMISSION_GET_DISPOSED_STATUS})) {
503 LOG_W(BMS_TAG_DEFAULT, "verify get disposed rule permission failed");
504 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
505 }
506 if (appIndex < Constants::MAIN_APP_INDEX || appIndex > ServiceConstants::CLONE_APP_INDEX_MAX) {
507 LOG_E(BMS_TAG_DEFAULT, "appIndex %{public}d is invalid", appIndex);
508 return ERR_APPEXECFWK_APP_INDEX_OUT_OF_RANGE;
509 }
510 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
511 std::string callerName;
512 GetCallerByUid(uid, callerName);
513 if (userId == Constants::UNSPECIFIED_USERID) {
514 userId = GetCallingUserId();
515 }
516 auto ret = appControlManager_->GetDisposedRule(callerName, appId, rule, appIndex, userId);
517 if (ret != ERR_OK) {
518 LOG_W(BMS_TAG_DEFAULT, "GetDisposedRuleForCloneApp error:%{public}d, appIndex:%{public}d", ret, appIndex);
519 }
520 return ret;
521 }
522
SetDisposedRuleForCloneApp(const std::string & appId,DisposedRule & rule,int32_t appIndex,int32_t userId)523 ErrCode AppControlManagerHostImpl::SetDisposedRuleForCloneApp(const std::string &appId, DisposedRule &rule,
524 int32_t appIndex, int32_t userId)
525 {
526 LOG_D(BMS_TAG_DEFAULT, "host begin to SetDisposedRuleForCloneApp");
527 if (!BundlePermissionMgr::IsSystemApp()) {
528 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
529 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
530 }
531 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
532 LOG_W(BMS_TAG_DEFAULT, "verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
533 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
534 }
535 if (appIndex < Constants::MAIN_APP_INDEX || appIndex > ServiceConstants::CLONE_APP_INDEX_MAX) {
536 LOG_E(BMS_TAG_DEFAULT, "appIndex %{public}d is invalid", appIndex);
537 return ERR_APPEXECFWK_APP_INDEX_OUT_OF_RANGE;
538 }
539 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
540 std::string callerName;
541 GetCallerByUid(uid, callerName);
542 if (uid == AppControlConstants::EDM_UID) {
543 rule.isEdm = true;
544 }
545 if (userId == Constants::UNSPECIFIED_USERID) {
546 userId = GetCallingUserId();
547 }
548 auto ret = appControlManager_->SetDisposedRule(callerName, appId, rule, appIndex, userId);
549 if (ret != ERR_OK) {
550 LOG_W(BMS_TAG_DEFAULT, "SetDisposedRuleForCloneApp error:%{public}d, appIndex:%{public}d", ret, appIndex);
551 }
552 return ret;
553 }
DeleteDisposedRuleForCloneApp(const std::string & appId,int32_t appIndex,int32_t userId)554 ErrCode AppControlManagerHostImpl::DeleteDisposedRuleForCloneApp(const std::string &appId, int32_t appIndex,
555 int32_t userId)
556 {
557 LOG_D(BMS_TAG_DEFAULT, "host begin to DeleteDisposedRuleForCloneApp");
558 if (!BundlePermissionMgr::IsSystemApp()) {
559 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
560 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
561 }
562 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
563 LOG_W(BMS_TAG_DEFAULT, "verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
564 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
565 }
566 if (appIndex < Constants::MAIN_APP_INDEX || appIndex > ServiceConstants::CLONE_APP_INDEX_MAX) {
567 LOG_E(BMS_TAG_DEFAULT, "appIndex %{public}d is invalid", appIndex);
568 return ERR_APPEXECFWK_APP_INDEX_OUT_OF_RANGE;
569 }
570 if (userId == Constants::UNSPECIFIED_USERID) {
571 userId = GetCallingUserId();
572 }
573 ErrCode ret = ERR_OK;
574 if (appIndex == Constants::MAIN_APP_INDEX) {
575 ret = appControlManager_->DeleteDisposedStatus(appId, userId);
576 if (ret != ERR_OK) {
577 LOG_W(BMS_TAG_DEFAULT, "DeleteDisposedStatus error:%{public}d", ret);
578 }
579 }
580 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
581 std::string callerName;
582 GetCallerByUid(uid, callerName);
583 if (userId == Constants::UNSPECIFIED_USERID) {
584 userId = GetCallingUserId();
585 }
586 ret = appControlManager_->DeleteDisposedRule(callerName, appId, appIndex, userId);
587 if (ret != ERR_OK) {
588 LOG_W(BMS_TAG_DEFAULT, "DeleteDisposedRule error:%{public}d, appIndex:%{public}d", ret, appIndex);
589 }
590 return ret;
591 }
592
GetUninstallDisposedRule(const std::string & appIdentifier,int32_t appIndex,int32_t userId,UninstallDisposedRule & rule)593 ErrCode AppControlManagerHostImpl::GetUninstallDisposedRule(const std::string &appIdentifier,
594 int32_t appIndex, int32_t userId, UninstallDisposedRule &rule)
595 {
596 LOG_D(BMS_TAG_DEFAULT, "begin");
597 if (!BundlePermissionMgr::IsSystemApp()) {
598 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
599 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
600 }
601 if (!BundlePermissionMgr::VerifyCallingPermissionsForAll({PERMISSION_DISPOSED_STATUS,
602 PERMISSION_GET_DISPOSED_STATUS})) {
603 LOG_W(BMS_TAG_DEFAULT, "verify get uninstall disposed rule permission failed");
604 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
605 }
606 if (appIndex < Constants::MAIN_APP_INDEX || appIndex > ServiceConstants::CLONE_APP_INDEX_MAX) {
607 LOG_E(BMS_TAG_DEFAULT, "appIndex %{public}d is invalid", appIndex);
608 return ERR_APPEXECFWK_APP_INDEX_OUT_OF_RANGE;
609 }
610 if (userId == Constants::UNSPECIFIED_USERID) {
611 userId = GetCallingUserId();
612 }
613 if (!appControlManager_) {
614 LOG_E(BMS_TAG_DEFAULT, "null appControlManager_");
615 return ERR_BUNDLE_MANAGER_APP_CONTROL_INTERNAL_ERROR;
616 }
617 auto ret = appControlManager_->GetUninstallDisposedRule(appIdentifier, appIndex, userId, rule);
618 if (ret != ERR_OK) {
619 LOG_W(BMS_TAG_DEFAULT, "error:%{public}d, appIndex:%{public}d",
620 ret, appIndex);
621 }
622 return ret;
623 }
624
SetUninstallDisposedRule(const std::string & appIdentifier,const UninstallDisposedRule & rule,int32_t appIndex,int32_t userId)625 ErrCode AppControlManagerHostImpl::SetUninstallDisposedRule(const std::string &appIdentifier,
626 const UninstallDisposedRule &rule, int32_t appIndex, int32_t userId)
627 {
628 LOG_D(BMS_TAG_DEFAULT, "begin");
629 if (!BundlePermissionMgr::IsSystemApp()) {
630 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
631 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
632 }
633 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
634 LOG_W(BMS_TAG_DEFAULT, "verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
635 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
636 }
637 if (appIndex < Constants::MAIN_APP_INDEX || appIndex > ServiceConstants::CLONE_APP_INDEX_MAX) {
638 LOG_E(BMS_TAG_DEFAULT, "appIndex %{public}d is invalid", appIndex);
639 return ERR_APPEXECFWK_APP_INDEX_OUT_OF_RANGE;
640 }
641 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
642 std::string callerName;
643 GetCallerByUid(uid, callerName);
644 if (rule.want == nullptr) {
645 LOG_E(BMS_TAG_DEFAULT, "null want");
646 return ERR_BUNDLE_MANAGER_INVALID_UNINSTALL_RULE;
647 }
648 if (callerName != rule.want->GetBundle()) {
649 LOG_E(BMS_TAG_DEFAULT, "callerName is not equal to bundleName in want");
650 return ERR_BUNDLE_MANAGER_INVALID_UNINSTALL_RULE;
651 }
652 if (userId == Constants::UNSPECIFIED_USERID) {
653 userId = GetCallingUserId();
654 }
655 if (!appControlManager_) {
656 LOG_E(BMS_TAG_DEFAULT, "null appControlManager_");
657 return ERR_BUNDLE_MANAGER_APP_CONTROL_INTERNAL_ERROR;
658 }
659 auto ret = appControlManager_->SetUninstallDisposedRule(callerName, appIdentifier, rule, appIndex, userId);
660 if (ret != ERR_OK) {
661 LOG_W(BMS_TAG_DEFAULT, "error:%{public}d, appIndex:%{public}d",
662 ret, appIndex);
663 }
664 EventInfo info;
665 info.callingName = callerName;
666 info.userId = userId;
667 info.appIds.push_back(appIdentifier);
668 info.rule = rule.ToString();
669 info.operationType = static_cast<int32_t>(OPERATION_TYPE_ENUM::OPERATION_TYPE_ADD_RULE);
670 info.actionType = static_cast<int32_t>(ACTION_TYPE_ENUM::ACTION_TYPE_UNINSTALL_DISPOSE_RULE);
671 info.appIndex = appIndex;
672 EventReport::SendAppControlRuleEvent(info);
673 return ret;
674 }
675
DeleteUninstallDisposedRule(const std::string & appIdentifier,int32_t appIndex,int32_t userId)676 ErrCode AppControlManagerHostImpl::DeleteUninstallDisposedRule(const std::string &appIdentifier, int32_t appIndex,
677 int32_t userId)
678 {
679 LOG_D(BMS_TAG_DEFAULT, "begin");
680 if (!BundlePermissionMgr::IsSystemApp()) {
681 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
682 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
683 }
684 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
685 LOG_W(BMS_TAG_DEFAULT, "verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
686 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
687 }
688 if (appIndex < Constants::MAIN_APP_INDEX || appIndex > ServiceConstants::CLONE_APP_INDEX_MAX) {
689 LOG_E(BMS_TAG_DEFAULT, "appIndex %{public}d is invalid", appIndex);
690 return ERR_APPEXECFWK_APP_INDEX_OUT_OF_RANGE;
691 }
692 if (userId == Constants::UNSPECIFIED_USERID) {
693 userId = GetCallingUserId();
694 }
695 if (!appControlManager_) {
696 LOG_E(BMS_TAG_DEFAULT, "null appControlManager_");
697 return ERR_BUNDLE_MANAGER_APP_CONTROL_INTERNAL_ERROR;
698 }
699 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
700 std::string callerName;
701 GetCallerByUid(uid, callerName);
702 if (userId == Constants::UNSPECIFIED_USERID) {
703 userId = GetCallingUserId();
704 }
705 auto ret = appControlManager_->DeleteUninstallDisposedRule(callerName, appIdentifier, appIndex, userId);
706 if (ret != ERR_OK) {
707 LOG_W(BMS_TAG_DEFAULT, "error:%{public}d, appIndex:%{public}d", ret, appIndex);
708 }
709 EventInfo info;
710 info.callingName = callerName;
711 info.userId = userId;
712 info.appIds.push_back(appIdentifier);
713 info.operationType = static_cast<int32_t>(OPERATION_TYPE_ENUM::OPERATION_TYPE_REMOVE_RULE);
714 info.actionType = static_cast<int32_t>(ACTION_TYPE_ENUM::ACTION_TYPE_UNINSTALL_DISPOSE_RULE);
715 info.appIndex = appIndex;
716 EventReport::SendAppControlRuleEvent(info);
717 return ret;
718 }
719 } // AppExecFwk
720 } // OHOS