1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "disallowed_running_bundles_plugin.h"
17
18 #include <system_ability_definition.h>
19
20 #include "app_control/app_control_proxy.h"
21 #include "array_string_serializer.h"
22 #include "edm_constants.h"
23 #include "edm_ipc_interface_code.h"
24 #include "edm_sys_manager.h"
25 #include "plugin_manager.h"
26
27 namespace OHOS {
28 namespace EDM {
29 const bool REGISTER_RESULT = PluginManager::GetInstance()->AddPlugin(DisallowedRunningBundlesPlugin::GetPlugin());
30
InitPlugin(std::shared_ptr<IPluginTemplate<DisallowedRunningBundlesPlugin,std::vector<std::string>>> ptr)31 void DisallowedRunningBundlesPlugin::InitPlugin(
32 std::shared_ptr<IPluginTemplate<DisallowedRunningBundlesPlugin, std::vector<std::string>>> ptr)
33 {
34 EDMLOGI("DisallowedRunningBundlesPlugin InitPlugin...");
35 std::map<std::string, std::map<IPlugin::PermissionType, std::string>> tagPermissions;
36 std::map<IPlugin::PermissionType, std::string> typePermissionsForTag11;
37 std::map<IPlugin::PermissionType, std::string> typePermissionsForTag12;
38 typePermissionsForTag11.emplace(IPlugin::PermissionType::SUPER_DEVICE_ADMIN,
39 "ohos.permission.ENTERPRISE_MANAGE_SET_APP_RUNNING_POLICY");
40 typePermissionsForTag12.emplace(IPlugin::PermissionType::SUPER_DEVICE_ADMIN,
41 "ohos.permission.ENTERPRISE_MANAGE_APPLICATION");
42 tagPermissions.emplace(EdmConstants::PERMISSION_TAG_VERSION_11, typePermissionsForTag11);
43 tagPermissions.emplace(EdmConstants::PERMISSION_TAG_VERSION_12, typePermissionsForTag12);
44
45 IPlugin::PolicyPermissionConfig config = IPlugin::PolicyPermissionConfig(tagPermissions, IPlugin::ApiType::PUBLIC);
46 ptr->InitAttribute(EdmInterfaceCode::DISALLOW_RUNNING_BUNDLES, "disallow_running_bundles", config, true);
47 ptr->SetSerializer(ArrayStringSerializer::GetInstance());
48 ptr->SetOnHandlePolicyListener(&DisallowedRunningBundlesPlugin::OnSetPolicy, FuncOperateType::SET);
49 ptr->SetOnHandlePolicyListener(&DisallowedRunningBundlesPlugin::OnRemovePolicy, FuncOperateType::REMOVE);
50 ptr->SetOnAdminRemoveDoneListener(&DisallowedRunningBundlesPlugin::OnAdminRemoveDone);
51 }
52
OnSetPolicy(std::vector<std::string> & data,std::vector<std::string> & currentData,int32_t userId)53 ErrCode DisallowedRunningBundlesPlugin::OnSetPolicy(std::vector<std::string> &data,
54 std::vector<std::string> ¤tData, int32_t userId)
55 {
56 EDMLOGI("DisallowedRunningBundlesPlugin OnSetPolicy userId = %{public}d", userId);
57 if (data.empty()) {
58 EDMLOGW("DisallowedRunningBundlesPlugin OnSetPolicy data is empty:");
59 return ERR_OK;
60 }
61 if (data.size() > EdmConstants::APPID_MAX_SIZE) {
62 EDMLOGE("DisallowedRunningBundlesPlugin OnSetPolicy input data is too large:");
63 return EdmReturnErrCode::PARAM_ERROR;
64 }
65
66 std::vector<std::string> mergeData = ArrayStringSerializer::GetInstance()->SetUnionPolicyData(data, currentData);
67 if (mergeData.size() > EdmConstants::APPID_MAX_SIZE) {
68 EDMLOGE("DisallowedRunningBundlesPlugin OnSetPolicy merge data is too large:");
69 return EdmReturnErrCode::PARAM_ERROR;
70 }
71
72 std::vector<AppExecFwk::AppRunningControlRule> controlRules;
73 std::for_each(data.begin(), data.end(), [&](const std::string &str) {
74 AppExecFwk::AppRunningControlRule controlRule;
75 controlRule.appId = str;
76 controlRules.push_back(controlRule);
77 });
78
79 auto appControlProxy = GetAppControlProxy();
80 if (!appControlProxy) {
81 EDMLOGE("DisallowedRunningBundlesPlugin OnSetPolicy GetAppControlProxy failed.");
82 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
83 }
84 ErrCode res = appControlProxy->AddAppRunningControlRule(controlRules, userId);
85 if (res != ERR_OK) {
86 EDMLOGE("DisallowedRunningBundlesPlugin OnSetPolicyDone Faild %{public}d:", res);
87 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
88 }
89 currentData = mergeData;
90 return ERR_OK;
91 }
92
OnGetPolicy(std::string & policyData,MessageParcel & data,MessageParcel & reply,int32_t userId)93 ErrCode DisallowedRunningBundlesPlugin::OnGetPolicy(std::string &policyData, MessageParcel &data, MessageParcel &reply,
94 int32_t userId)
95 {
96 EDMLOGI("DisallowedRunningBundlesPlugin OnGetPolicy policyData : %{public}s, userId : %{public}d",
97 policyData.c_str(), userId);
98 std::vector<std::string> appIds;
99 pluginInstance_->serializer_->Deserialize(policyData, appIds);
100 reply.WriteInt32(ERR_OK);
101 reply.WriteInt32(appIds.size());
102 reply.WriteStringVector(appIds);
103 return ERR_OK;
104 }
105
OnRemovePolicy(std::vector<std::string> & data,std::vector<std::string> & currentData,int32_t userId)106 ErrCode DisallowedRunningBundlesPlugin::OnRemovePolicy(std::vector<std::string> &data,
107 std::vector<std::string> ¤tData, int32_t userId)
108 {
109 EDMLOGD("DisallowedRunningBundlesPlugin OnRemovePolicy userId : %{public}d:", userId);
110 if (data.empty()) {
111 EDMLOGW("DisallowedRunningBundlesPlugin OnRemovePolicy data is empty:");
112 return ERR_OK;
113 }
114 if (data.size() > EdmConstants::APPID_MAX_SIZE) {
115 EDMLOGE("DisallowedRunningBundlesPlugin OnRemovePolicy input data is too large:");
116 return EdmReturnErrCode::PARAM_ERROR;
117 }
118 std::vector<std::string> mergeData =
119 ArrayStringSerializer::GetInstance()->SetDifferencePolicyData(data, currentData);
120 std::vector<AppExecFwk::AppRunningControlRule> controlRules;
121 std::for_each(data.begin(), data.end(), [&](const std::string &str) {
122 AppExecFwk::AppRunningControlRule controlRule;
123 controlRule.appId = str;
124 controlRules.push_back(controlRule);
125 });
126 auto appControlProxy = GetAppControlProxy();
127 if (!appControlProxy) {
128 EDMLOGE("DisallowedRunningBundlesPlugin OnRemovePolicy GetAppControlProxy failed.");
129 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
130 }
131 ErrCode res = appControlProxy->DeleteAppRunningControlRule(controlRules, userId);
132 if (res != ERR_OK) {
133 EDMLOGE("DisallowedRunningBundlesPlugin DeleteAppInstallControlRule OnRemovePolicy faild %{public}d:", res);
134 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
135 }
136 currentData = mergeData;
137 return ERR_OK;
138 }
139
GetAppControlProxy()140 sptr<AppExecFwk::IAppControlMgr> DisallowedRunningBundlesPlugin::GetAppControlProxy()
141 {
142 auto remoteObject = EdmSysManager::GetRemoteObjectOfSystemAbility(OHOS::BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
143 sptr<AppExecFwk::IBundleMgr> proxy = iface_cast<AppExecFwk::IBundleMgr>(remoteObject);
144 return proxy->GetAppControlProxy();
145 }
146
OnAdminRemoveDone(const std::string & adminName,std::vector<std::string> & data,int32_t userId)147 void DisallowedRunningBundlesPlugin::OnAdminRemoveDone(const std::string &adminName, std::vector<std::string> &data,
148 int32_t userId)
149 {
150 EDMLOGI("DisallowedRunningBundlesPlugin OnAdminRemoveDone adminName : %{public}s userId : %{public}d",
151 adminName.c_str(), userId);
152 std::vector<AppExecFwk::AppRunningControlRule> controlRules;
153 std::for_each(data.begin(), data.end(), [&](const std::string &str) {
154 AppExecFwk::AppRunningControlRule controlRule;
155 controlRule.appId = str;
156 controlRules.push_back(controlRule);
157 });
158 auto appControlProxy = GetAppControlProxy();
159 if (!appControlProxy) {
160 EDMLOGE("DisallowedRunningBundlesPlugin OnAdminRemoveDone GetAppControlProxy failed.");
161 return;
162 }
163 ErrCode res = appControlProxy->DeleteAppRunningControlRule(controlRules, userId);
164 EDMLOGI("DisallowedRunningBundlesPlugin OnAdminRemoveDone result %{public}d:", res);
165 }
166 } // namespace EDM
167 } // namespace OHOS
168