1 /* 2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef SERVICES_EDM_INCLUDE_EDM_ENTERPRISE_DEVICE_MGR_ABILITY_H 17 #define SERVICES_EDM_INCLUDE_EDM_ENTERPRISE_DEVICE_MGR_ABILITY_H 18 19 #include <chrono> 20 #include <condition_variable> 21 #include <memory> 22 #include <string> 23 24 #include "admin_manager.h" 25 #include "common_event_subscriber.h" 26 #include "enterprise_admin_proxy.h" 27 #include "enterprise_device_mgr_stub.h" 28 #include "hilog/log.h" 29 #include "plugin_manager.h" 30 #include "policy_manager.h" 31 #include "policy_struct.h" 32 #include "security_report.h" 33 #include "system_ability.h" 34 35 namespace OHOS { 36 namespace EDM { 37 class EnterpriseDeviceMgrAbility : public SystemAbility, public EnterpriseDeviceMgrStub { 38 DECLARE_SYSTEM_ABILITY(EnterpriseDeviceMgrAbility); 39 40 public: 41 EnterpriseDeviceMgrAbility(); 42 DISALLOW_COPY_AND_MOVE(EnterpriseDeviceMgrAbility); 43 ~EnterpriseDeviceMgrAbility() override; 44 static sptr<EnterpriseDeviceMgrAbility> GetInstance(); 45 46 ErrCode EnableAdmin(AppExecFwk::ElementName &admin, EntInfo &entInfo, AdminType type, int32_t userId) override; 47 ErrCode DisableAdmin(AppExecFwk::ElementName &admin, int32_t userId) override; 48 ErrCode DisableSuperAdmin(const std::string &bundleName) override; 49 ErrCode HandleDevicePolicy(uint32_t code, AppExecFwk::ElementName &admin, MessageParcel &data, MessageParcel &reply, 50 int32_t userId) override; 51 ErrCode GetDevicePolicy(uint32_t code, MessageParcel &data, MessageParcel &reply, int32_t userId) override; 52 ErrCode CheckAndGetAdminProvisionInfo(uint32_t code, MessageParcel &data, MessageParcel &reply, int32_t userId) 53 override; 54 ErrCode GetEnabledAdmin(AdminType type, std::vector<std::string> &enabledAdminList) override; 55 ErrCode GetEnterpriseInfo(AppExecFwk::ElementName &admin, MessageParcel &reply) override; 56 ErrCode SetEnterpriseInfo(AppExecFwk::ElementName &admin, EntInfo &entInfo) override; 57 ErrCode SubscribeManagedEvent(const AppExecFwk::ElementName &admin, const std::vector<uint32_t> &events) override; 58 ErrCode UnsubscribeManagedEvent(const AppExecFwk::ElementName &admin, const std::vector<uint32_t> &events) override; 59 ErrCode AuthorizeAdmin(const AppExecFwk::ElementName &admin, const std::string &bundleName) override; 60 ErrCode SetDelegatedPolicies(const std::string &parentAdminName, const std::string &bundleName, 61 const std::vector<std::string> &policies) override; 62 ErrCode GetDelegatedPolicies(const std::string &parentAdminName, const std::string &bundleName, 63 std::vector<std::string> &policies) override; 64 ErrCode GetDelegatedBundleNames(const std::string &parentAdminName, const std::string &policyName, 65 std::vector<std::string> &bundleNames) override; 66 ErrCode GetAdmins(std::vector<std::shared_ptr<AAFwk::Want>> &wants) override; 67 bool IsSuperAdmin(const std::string &bundleName) override; 68 bool IsAdminEnabled(AppExecFwk::ElementName &admin, int32_t userId) override; 69 void ConnectAbilityOnSystemEvent(const std::string &bundleName, ManagedEvent event, int32_t userId = 100); 70 std::unordered_map<std::string, 71 std::function<void(EnterpriseDeviceMgrAbility *that, const EventFwk::CommonEventData &data)>> 72 commonEventFuncMap_; 73 std::unordered_map<int32_t, 74 std::function<void(EnterpriseDeviceMgrAbility *that, int32_t systemAbilityId, const std::string &deviceId)>> 75 addSystemAbilityFuncMap_; 76 ErrCode GetSuperAdmin(MessageParcel &reply) override; 77 78 protected: 79 void OnStart() override; 80 void OnStop() override; 81 int32_t Dump(int32_t fd, const std::vector<std::u16string> &args) override; 82 void OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override; 83 void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override; 84 85 private: 86 void AddCommonEventFuncMap(); 87 void AddOnAddSystemAbilityFuncMap(); 88 bool SubscribeAppState(); 89 bool UnsubscribeAppState(); 90 ErrCode CheckCallingUid(const std::string &bundleName); 91 void CheckAndUpdateByodSettingsData(); 92 ErrCode RemoveAdminItem(const std::string &adminName, const std::string &policyName, const std::string &policyValue, 93 int32_t userId); 94 ErrCode RemoveAdminAndAdminPolicy(const std::string &adminName, int32_t userId); 95 ErrCode RemoveAdmin(const std::string &adminName, int32_t userId); 96 ErrCode RemoveAdminPolicy(const std::string &adminName, int32_t userId); 97 ErrCode RemoveSubSuperAdminAndAdminPolicy(const std::string &bundleName); 98 ErrCode RemoveSuperAdminAndAdminPolicy(const std::string &bundleName); 99 ErrCode RemoveSubOrSuperAdminAndAdminPolicy(const std::string &bundleName, 100 const std::vector<int32_t> &nonDefaultUserIds); 101 ErrCode GetAllPermissionsByAdmin(const std::string &bundleInfoName, AdminType adminType, int32_t userId, 102 std::vector<std::string> &permissionList); 103 int32_t GetCurrentUserId(); 104 ErrCode HandleApplicationEvent(const std::vector<uint32_t> &events, bool subscribe); 105 ErrCode UpdateDeviceAdmin(AppExecFwk::ElementName &admin); 106 ErrCode VerifyEnableAdminCondition(AppExecFwk::ElementName &admin, AdminType type, int32_t userId, bool isDebug); 107 ErrCode VerifyEnableAdminConditionCheckExistAdmin(AppExecFwk::ElementName &admin, AdminType type, int32_t userId, 108 bool isDebug); 109 ErrCode VerifyManagedEvent(const AppExecFwk::ElementName &admin, const std::vector<uint32_t> &events); 110 ErrCode UpdateDevicePolicy(uint32_t code, const std::string &bundleName, MessageParcel &data, MessageParcel &reply, 111 int32_t userId); 112 ErrCode CheckCallerPermission(std::shared_ptr<Admin> admin, const std::string &permission, bool isNeedSuperAdmin); 113 ErrCode CheckAndUpdatePermission(std::shared_ptr<Admin> admin, Security::AccessToken::AccessTokenID tokenId, 114 const std::string &permission, int32_t userId); 115 ErrCode CheckDelegatedPolicies(std::shared_ptr<Admin> admin, const std::vector<std::string> &policies); 116 ErrCode CheckSystemCalling(IPlugin::ApiType apiType, const std::string &permissionTag); 117 ErrCode CheckHandlePolicyPermission(FuncOperateType operateType, const std::string &bundleName, 118 const std::string &policyName, const std::string &permissionName, int32_t userId); 119 ErrCode AddDisallowUninstallApp(const std::string &bundleName); 120 ErrCode DelDisallowUninstallApp(const std::string &bundleName); 121 void AfterEnableAdmin(AppExecFwk::ElementName &admin, AdminType type, int32_t userId); 122 #ifdef COMMON_EVENT_SERVICE_EDM_ENABLE 123 std::shared_ptr<EventFwk::CommonEventSubscriber> CreateEnterpriseDeviceEventSubscriber( 124 EnterpriseDeviceMgrAbility &listener); 125 #endif 126 void OnCommonEventUserRemoved(const EventFwk::CommonEventData &data); 127 void OnCommonEventPackageAdded(const EventFwk::CommonEventData &data); 128 void OnCommonEventPackageRemoved(const EventFwk::CommonEventData &data); 129 bool ShouldUnsubscribeAppState(const std::string &adminName, int32_t userId); 130 bool CheckManagedEvent(uint32_t event); 131 void OnAppManagerServiceStart(); 132 void OnAbilityManagerServiceStart(); 133 void OnCommonEventServiceStart(); 134 #ifdef PASTEBOARD_EDM_ENABLE 135 void OnPasteboardServiceStart(); 136 #endif 137 void OnUserAuthFrameworkStart(); 138 #ifdef USB_EDM_ENABLE 139 void OnUsbServiceStart(); 140 #endif 141 void CreateSecurityContent(const std::string &bundleName, const std::string &abilityName, 142 uint32_t code, const std::string &policyName, ErrCode errorCode); 143 void InitAllAdmins(); 144 void InitAllPlugins(); 145 void InitAllPolices(); 146 void RemoveAllDebugAdmin(); 147 void AddSystemAbilityListeners(); 148 void ConnectAbilityOnSystemUpdate(const UpdateInfo &updateInfo); 149 void OnCommonEventSystemUpdate(const EventFwk::CommonEventData &data); 150 std::shared_ptr<IEdmBundleManager> GetBundleMgr(); 151 std::shared_ptr<IEdmAppManager> GetAppMgr(); 152 std::shared_ptr<IEdmOsAccountManager> GetOsAccountMgr(); 153 ErrCode DoDisableAdmin(const std::string &bundleName, int32_t userId, AdminType adminType); 154 void UnloadPluginTask(); 155 156 ErrCode SetAdminEnabled(Admin edmAdmin, AppExecFwk::ElementName &admin, int32_t userId); 157 IPlugin::PermissionType AdminTypeToPermissionType(AdminType adminType); 158 159 static std::mutex mutexLock_; 160 static sptr<EnterpriseDeviceMgrAbility> instance_; 161 std::shared_ptr<PolicyManager> policyMgr_; 162 std::shared_ptr<AdminManager> adminMgr_; 163 std::shared_ptr<PluginManager> pluginMgr_; 164 std::unordered_set<std::string> allowDelegatedPolicies_; 165 bool registerToService_ = false; 166 std::shared_ptr<EventFwk::CommonEventSubscriber> commonEventSubscriber = nullptr; 167 sptr<AppExecFwk::IApplicationStateObserver> appStateObserver_; 168 bool pluginHasInit_ = false; 169 bool notifySignal_ = false; 170 std::chrono::system_clock::time_point lastCallTime_; 171 std::condition_variable waitSignal_; 172 std::mutex waitMutex_; 173 }; 174 #ifdef COMMON_EVENT_SERVICE_EDM_ENABLE 175 class EnterpriseDeviceEventSubscriber : public EventFwk::CommonEventSubscriber { 176 public: 177 EnterpriseDeviceEventSubscriber(const EventFwk::CommonEventSubscribeInfo &subscribeInfo, 178 EnterpriseDeviceMgrAbility &listener); 179 ~EnterpriseDeviceEventSubscriber() override = default; 180 181 void OnReceiveEvent(const EventFwk::CommonEventData &data) override; 182 183 private: 184 EnterpriseDeviceMgrAbility &listener_; 185 }; 186 #endif 187 } // namespace EDM 188 } // namespace OHOS 189 #endif // SERVICES_EDM_INCLUDE_EDM_ENTERPRISE_DEVICE_MGR_ABILITY_H 190