1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "app_control_manager_host_impl.h"
17
18 #include "app_log_tag_wrapper.h"
19 #include "app_log_wrapper.h"
20 #include "appexecfwk_errors.h"
21 #include "app_control_constants.h"
22 #include "bundle_mgr_service.h"
23 #include "bundle_permission_mgr.h"
24 #include "bundle_service_constants.h"
25 #include "ipc_skeleton.h"
26
27 namespace OHOS {
28 namespace AppExecFwk {
29 namespace {
30 const std::string PERMISSION_DISPOSED_STATUS = "ohos.permission.MANAGE_DISPOSED_APP_STATUS";
31 const std::string PERMISSION_GET_DISPOSED_STATUS = "ohos.permission.GET_DISPOSED_APP_STATUS";
32 }
AppControlManagerHostImpl()33 AppControlManagerHostImpl::AppControlManagerHostImpl()
34 {
35 appControlManager_ = DelayedSingleton<AppControlManager>::GetInstance();
36 dataMgr_ = DelayedSingleton<BundleMgrService>::GetInstance()->GetDataMgr();
37 callingNameMap_ = {
38 {AppControlConstants::EDM_UID, AppControlConstants::EDM_CALLING}
39 };
40 ruleTypeMap_ = {
41 {AppInstallControlRuleType::DISALLOWED_UNINSTALL, AppControlConstants::APP_DISALLOWED_UNINSTALL},
42 {AppInstallControlRuleType::ALLOWED_INSTALL, AppControlConstants::APP_ALLOWED_INSTALL},
43 {AppInstallControlRuleType::DISALLOWED_INSTALL, AppControlConstants::APP_DISALLOWED_INSTALL}
44 };
45 }
46
~AppControlManagerHostImpl()47 AppControlManagerHostImpl::~AppControlManagerHostImpl()
48 {
49 }
50
AddAppInstallControlRule(const std::vector<std::string> & appIds,const AppInstallControlRuleType controlRuleType,int32_t userId)51 ErrCode AppControlManagerHostImpl::AddAppInstallControlRule(const std::vector<std::string> &appIds,
52 const AppInstallControlRuleType controlRuleType, int32_t userId)
53 {
54 LOG_D(BMS_TAG_DEFAULT, "AddAppInstallControlRule start");
55 std::string callingName = GetCallingName();
56 std::string ruleType = GetControlRuleType(controlRuleType);
57 if (callingName.empty()) {
58 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
59 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
60 }
61 if (ruleType.empty()) {
62 LOG_E(BMS_TAG_DEFAULT, "controlRuleType is invalid");
63 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
64 }
65 auto ret = appControlManager_->AddAppInstallControlRule(callingName, appIds, ruleType, userId);
66 if (ret != ERR_OK) {
67 LOG_E(BMS_TAG_DEFAULT, "AddAppInstallControlRule failed due to error %{public}d", ret);
68 return ret;
69 }
70 if (ruleType == AppControlConstants::APP_DISALLOWED_UNINSTALL) {
71 UpdateAppControlledInfo(userId);
72 }
73 return ERR_OK;
74 }
75
DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,const std::vector<std::string> & appIds,int32_t userId)76 ErrCode AppControlManagerHostImpl::DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,
77 const std::vector<std::string> &appIds, int32_t userId)
78 {
79 LOG_D(BMS_TAG_DEFAULT, "DeleteAppInstallControlRule start");
80 std::string ruleType = GetControlRuleType(controlRuleType);
81 if (ruleType.empty()) {
82 LOG_E(BMS_TAG_DEFAULT, "controlRuleType is invalid");
83 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
84 }
85 std::string callingName = GetCallingName();
86 if (callingName.empty()) {
87 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
88 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
89 }
90 auto ret = appControlManager_->DeleteAppInstallControlRule(callingName, ruleType, appIds, userId);
91 if (ret != ERR_OK) {
92 LOG_E(BMS_TAG_DEFAULT, "DeleteAppInstallControlRule failed due to error %{public}d", ret);
93 return ret;
94 }
95 if (ruleType == AppControlConstants::APP_DISALLOWED_UNINSTALL) {
96 UpdateAppControlledInfo(userId);
97 }
98 return ERR_OK;
99 }
100
DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,int32_t userId)101 ErrCode AppControlManagerHostImpl::DeleteAppInstallControlRule(const AppInstallControlRuleType controlRuleType,
102 int32_t userId)
103 {
104 LOG_D(BMS_TAG_DEFAULT, "CleanAppInstallControlRule start");
105 std::string callingName = GetCallingName();
106 std::string ruleType = GetControlRuleType(controlRuleType);
107 if (callingName.empty()) {
108 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
109 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
110 }
111 if (ruleType.empty()) {
112 LOG_E(BMS_TAG_DEFAULT, "controlRuleType is invalid");
113 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
114 }
115 auto ret = appControlManager_->DeleteAppInstallControlRule(callingName, ruleType, userId);
116 if (ret != ERR_OK) {
117 LOG_E(BMS_TAG_DEFAULT, "CleanAppInstallControlRule failed due to error %{public}d", ret);
118 return ret;
119 }
120 if (ruleType == AppControlConstants::APP_DISALLOWED_UNINSTALL) {
121 UpdateAppControlledInfo(userId);
122 }
123 return ERR_OK;
124 }
125
GetAppInstallControlRule(const AppInstallControlRuleType controlRuleType,int32_t userId,std::vector<std::string> & appIds)126 ErrCode AppControlManagerHostImpl::GetAppInstallControlRule(
127 const AppInstallControlRuleType controlRuleType, int32_t userId, std::vector<std::string> &appIds)
128 {
129 LOG_D(BMS_TAG_DEFAULT, "GetAppInstallControlRule start");
130 std::string callingName = GetCallingName();
131 std::string ruleType = GetControlRuleType(controlRuleType);
132 if (callingName.empty()) {
133 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
134 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
135 }
136 if (ruleType.empty()) {
137 LOG_E(BMS_TAG_DEFAULT, "controlRuleType is invalid");
138 return ERR_BUNDLE_MANAGER_APP_CONTROL_RULE_TYPE_INVALID;
139 }
140
141 return appControlManager_->GetAppInstallControlRule(callingName, ruleType, userId, appIds);
142 }
143
AddAppRunningControlRule(const std::vector<AppRunningControlRule> & controlRules,int32_t userId)144 ErrCode AppControlManagerHostImpl::AddAppRunningControlRule(
145 const std::vector<AppRunningControlRule> &controlRules, int32_t userId)
146 {
147 std::string callingName = GetCallingName();
148 if (callingName.empty()) {
149 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
150 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
151 }
152 return appControlManager_->AddAppRunningControlRule(callingName, controlRules, userId);
153 }
154
DeleteAppRunningControlRule(const std::vector<AppRunningControlRule> & controlRules,int32_t userId)155 ErrCode AppControlManagerHostImpl::DeleteAppRunningControlRule(
156 const std::vector<AppRunningControlRule> &controlRules, int32_t userId)
157 {
158 std::string callingName = GetCallingName();
159 if (callingName.empty()) {
160 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
161 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
162 }
163 return appControlManager_->DeleteAppRunningControlRule(callingName, controlRules, userId);
164 }
165
DeleteAppRunningControlRule(int32_t userId)166 ErrCode AppControlManagerHostImpl::DeleteAppRunningControlRule(int32_t userId)
167 {
168 std::string callingName = GetCallingName();
169 if (callingName.empty()) {
170 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
171 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
172 }
173 return appControlManager_->DeleteAppRunningControlRule(callingName, userId);
174 }
175
GetAppRunningControlRule(int32_t userId,std::vector<std::string> & appIds)176 ErrCode AppControlManagerHostImpl::GetAppRunningControlRule(int32_t userId, std::vector<std::string> &appIds)
177 {
178 std::string callingName = GetCallingName();
179 if (callingName.empty()) {
180 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid");
181 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
182 }
183 return appControlManager_->GetAppRunningControlRule(callingName, userId, appIds);
184 }
185
GetAppRunningControlRule(const std::string & bundleName,int32_t userId,AppRunningControlRuleResult & controlRuleResult)186 ErrCode AppControlManagerHostImpl::GetAppRunningControlRule(
187 const std::string &bundleName, int32_t userId, AppRunningControlRuleResult &controlRuleResult)
188 {
189 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
190 if (uid != AppControlConstants::FOUNDATION_UID) {
191 LOG_W(BMS_TAG_DEFAULT, "calling permission denied, uid : %{public}d, pid : %{public}d",
192 uid, OHOS::IPCSkeleton::GetCallingPid());
193 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
194 }
195 return appControlManager_->GetAppRunningControlRule(bundleName, userId, controlRuleResult);
196 }
197
ConfirmAppJumpControlRule(const std::string & callerBundleName,const std::string & targetBundleName,int32_t userId)198 ErrCode AppControlManagerHostImpl::ConfirmAppJumpControlRule(const std::string &callerBundleName,
199 const std::string &targetBundleName, int32_t userId)
200 {
201 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
202 if (uid != AppControlConstants::FOUNDATION_UID) {
203 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid, uid : %{public}d", uid);
204 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
205 }
206 return appControlManager_->ConfirmAppJumpControlRule(callerBundleName, targetBundleName, userId);
207 }
208
AddAppJumpControlRule(const std::vector<AppJumpControlRule> & controlRules,int32_t userId)209 ErrCode AppControlManagerHostImpl::AddAppJumpControlRule(const std::vector<AppJumpControlRule> &controlRules,
210 int32_t userId)
211 {
212 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
213 if (uid != AppControlConstants::FOUNDATION_UID) {
214 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid, uid : %{public}d", uid);
215 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
216 }
217 return appControlManager_->AddAppJumpControlRule(controlRules, userId);
218 }
219
DeleteAppJumpControlRule(const std::vector<AppJumpControlRule> & controlRules,int32_t userId)220 ErrCode AppControlManagerHostImpl::DeleteAppJumpControlRule(const std::vector<AppJumpControlRule> &controlRules,
221 int32_t userId)
222 {
223 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
224 if (uid != AppControlConstants::FOUNDATION_UID) {
225 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid, uid : %{public}d", uid);
226 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
227 }
228 return appControlManager_->DeleteAppJumpControlRule(controlRules, userId);
229 }
230
DeleteRuleByCallerBundleName(const std::string & callerBundleName,int32_t userId)231 ErrCode AppControlManagerHostImpl::DeleteRuleByCallerBundleName(const std::string &callerBundleName, int32_t userId)
232 {
233 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
234 if (uid != AppControlConstants::FOUNDATION_UID) {
235 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid, uid : %{public}d", uid);
236 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
237 }
238 return appControlManager_->DeleteRuleByCallerBundleName(callerBundleName, userId);
239 }
240
DeleteRuleByTargetBundleName(const std::string & targetBundleName,int32_t userId)241 ErrCode AppControlManagerHostImpl::DeleteRuleByTargetBundleName(const std::string &targetBundleName, int32_t userId)
242 {
243 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
244 if (uid != AppControlConstants::FOUNDATION_UID) {
245 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid, uid : %{public}d", uid);
246 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
247 }
248 return appControlManager_->DeleteRuleByTargetBundleName(targetBundleName, userId);
249 }
250
GetAppJumpControlRule(const std::string & callerBundleName,const std::string & targetBundleName,int32_t userId,AppJumpControlRule & controlRule)251 ErrCode AppControlManagerHostImpl::GetAppJumpControlRule(const std::string &callerBundleName,
252 const std::string &targetBundleName, int32_t userId, AppJumpControlRule &controlRule)
253 {
254 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
255 if (uid != AppControlConstants::FOUNDATION_UID) {
256 LOG_W(BMS_TAG_DEFAULT, "calling permission denied, uid : %{public}d", uid);
257 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
258 }
259 return appControlManager_->GetAppJumpControlRule(callerBundleName, targetBundleName, userId, controlRule);
260 }
261
GetCallingName()262 std::string AppControlManagerHostImpl::GetCallingName()
263 {
264 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
265 auto item = callingNameMap_.find(uid);
266 if (item == callingNameMap_.end()) {
267 LOG_W(BMS_TAG_DEFAULT, "calling uid is invalid, uid : %{public}d", uid);
268 return "";
269 }
270 return item->second;
271 }
272
GetControlRuleType(const AppInstallControlRuleType controlRuleType)273 std::string AppControlManagerHostImpl::GetControlRuleType(const AppInstallControlRuleType controlRuleType)
274 {
275 auto item = ruleTypeMap_.find(controlRuleType);
276 if (item == ruleTypeMap_.end()) {
277 LOG_W(BMS_TAG_DEFAULT, "controlRuleType:%{public}d is invalid", static_cast<int32_t>(controlRuleType));
278 return "";
279 }
280 return item->second;
281 }
282
GetCallingUserId()283 int32_t AppControlManagerHostImpl::GetCallingUserId()
284 {
285 return OHOS::IPCSkeleton::GetCallingUid() / Constants::BASE_USER_RANGE;
286 }
287
SetDisposedStatus(const std::string & appId,const Want & want,int32_t userId)288 ErrCode AppControlManagerHostImpl::SetDisposedStatus(const std::string &appId, const Want &want, int32_t userId)
289 {
290 LOG_D(BMS_TAG_DEFAULT, "host begin to SetDisposedStatus");
291 if (!BundlePermissionMgr::IsSystemApp()) {
292 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
293 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
294 }
295 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
296 LOG_W(BMS_TAG_DEFAULT, "verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
297 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
298 }
299 if (userId == Constants::UNSPECIFIED_USERID) {
300 userId = GetCallingUserId();
301 }
302 ErrCode ret = appControlManager_->SetDisposedStatus(appId, want, userId);
303 if (ret != ERR_OK) {
304 LOG_W(BMS_TAG_DEFAULT, "host SetDisposedStatus error:%{public}d", ret);
305 }
306 return ret;
307 }
308
DeleteDisposedStatus(const std::string & appId,int32_t userId)309 ErrCode AppControlManagerHostImpl::DeleteDisposedStatus(const std::string &appId, int32_t userId)
310 {
311 LOG_D(BMS_TAG_DEFAULT, "host begin to DeleteDisposedStatus");
312 if (!BundlePermissionMgr::IsSystemApp()) {
313 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
314 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
315 }
316 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
317 LOG_W(BMS_TAG_DEFAULT, "verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
318 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
319 }
320 if (userId == Constants::UNSPECIFIED_USERID) {
321 userId = GetCallingUserId();
322 }
323 ErrCode ret = appControlManager_->DeleteDisposedStatus(appId, userId);
324 if (ret != ERR_OK) {
325 LOG_W(BMS_TAG_DEFAULT, "host DeletetDisposedStatus error:%{public}d", ret);
326 }
327 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
328 std::string callerName;
329 GetCallerByUid(uid, callerName);
330 if (userId == Constants::UNSPECIFIED_USERID) {
331 userId = GetCallingUserId();
332 }
333 ret = appControlManager_->DeleteDisposedRule(callerName, appId, Constants::MAIN_APP_INDEX, userId);
334
335 return ret;
336 }
337
GetDisposedStatus(const std::string & appId,Want & want,int32_t userId)338 ErrCode AppControlManagerHostImpl::GetDisposedStatus(const std::string &appId, Want &want, int32_t userId)
339 {
340 LOG_D(BMS_TAG_DEFAULT, "host begin to GetDisposedStatus");
341 if (!BundlePermissionMgr::IsSystemApp()) {
342 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
343 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
344 }
345 if (!BundlePermissionMgr::VerifyCallingPermissionsForAll({PERMISSION_DISPOSED_STATUS,
346 PERMISSION_GET_DISPOSED_STATUS})) {
347 LOG_W(BMS_TAG_DEFAULT, "verify get disposed status permission failed");
348 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
349 }
350 if (userId == Constants::UNSPECIFIED_USERID) {
351 userId = GetCallingUserId();
352 }
353 ErrCode ret = appControlManager_->GetDisposedStatus(appId, want, userId);
354 if (ret != ERR_OK) {
355 LOG_W(BMS_TAG_DEFAULT, "host GetDisposedStatus error:%{public}d", ret);
356 }
357 return ret;
358 }
359
UpdateAppControlledInfo(int32_t userId) const360 void AppControlManagerHostImpl::UpdateAppControlledInfo(int32_t userId) const
361 {
362 LOG_D(BMS_TAG_DEFAULT, "start to UpdateAppControlledInfo under userId %{public}d", userId);
363 std::vector<std::string> appIds;
364 ErrCode ret = appControlManager_->GetAppInstallControlRule(AppControlConstants::EDM_CALLING,
365 AppControlConstants::APP_DISALLOWED_UNINSTALL, userId, appIds);
366 if (ret != ERR_OK) {
367 LOG_W(BMS_TAG_DEFAULT, "not update GetAppInstallControlRule failed code:%{public}d", ret);
368 return;
369 }
370 auto bundleInfos = dataMgr_->GetAllInnerBundleInfos();
371 for (const auto &info : bundleInfos) {
372 InnerBundleUserInfo userInfo;
373 if (!info.second.GetInnerBundleUserInfo(userId, userInfo)) {
374 LOG_W(BMS_TAG_DEFAULT, "current bundle (%{public}s) is not installed at current userId (%{public}d)",
375 info.first.c_str(), userId);
376 continue;
377 }
378 auto iterator = std::find(appIds.begin(), appIds.end(), info.second.GetAppId());
379 userInfo.isRemovable = (iterator != appIds.end()) ? false : true;
380 dataMgr_->AddInnerBundleUserInfo(info.first, userInfo);
381 }
382 }
383
GetCallerByUid(const int32_t uid,std::string & callerName)384 void AppControlManagerHostImpl::GetCallerByUid(const int32_t uid, std::string &callerName)
385 {
386 auto item = callingNameMap_.find(uid);
387 if (item != callingNameMap_.end()) {
388 callerName = item->second;
389 return;
390 }
391 auto ret = dataMgr_->GetNameForUid(uid, callerName);
392 if (ret != ERR_OK) {
393 LOG_W(BMS_TAG_DEFAULT, "caller not recognized");
394 callerName = std::to_string(uid);
395 }
396 }
397
GetDisposedRule(const std::string & appId,DisposedRule & rule,int32_t userId)398 ErrCode AppControlManagerHostImpl::GetDisposedRule(const std::string &appId, DisposedRule &rule, int32_t userId)
399 {
400 LOG_D(BMS_TAG_DEFAULT, "host begin to GetDisposedRule");
401 if (!BundlePermissionMgr::IsSystemApp()) {
402 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
403 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
404 }
405 if (!BundlePermissionMgr::VerifyCallingPermissionsForAll({PERMISSION_DISPOSED_STATUS,
406 PERMISSION_GET_DISPOSED_STATUS})) {
407 LOG_W(BMS_TAG_DEFAULT, "verify get disposed rule permission failed");
408 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
409 }
410
411 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
412 std::string callerName;
413 GetCallerByUid(uid, callerName);
414 if (userId == Constants::UNSPECIFIED_USERID) {
415 userId = GetCallingUserId();
416 }
417 auto ret = appControlManager_->GetDisposedRule(callerName, appId, rule, Constants::MAIN_APP_INDEX, userId);
418 if (ret != ERR_OK) {
419 LOG_W(BMS_TAG_DEFAULT, "host GetDisposedStatus error:%{public}d", ret);
420 }
421 return ret;
422 }
423
SetDisposedRule(const std::string & appId,DisposedRule & rule,int32_t userId)424 ErrCode AppControlManagerHostImpl::SetDisposedRule(const std::string &appId, DisposedRule &rule, int32_t userId)
425 {
426 LOG_D(BMS_TAG_DEFAULT, "host begin to SetDisposedRule");
427 if (!BundlePermissionMgr::IsSystemApp()) {
428 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
429 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
430 }
431 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
432 LOG_W(BMS_TAG_DEFAULT, "verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
433 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
434 }
435
436 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
437 std::string callerName;
438 GetCallerByUid(uid, callerName);
439 if (uid == AppControlConstants::EDM_UID) {
440 rule.isEdm = true;
441 }
442 if (userId == Constants::UNSPECIFIED_USERID) {
443 userId = GetCallingUserId();
444 }
445 auto ret = appControlManager_->SetDisposedRule(callerName, appId, rule, Constants::MAIN_APP_INDEX, userId);
446 if (ret != ERR_OK) {
447 LOG_W(BMS_TAG_DEFAULT, "host GetDisposedStatus error:%{public}d", ret);
448 }
449 return ret;
450 }
451
GetAbilityRunningControlRule(const std::string & bundleName,int32_t userId,std::vector<DisposedRule> & disposedRules,int32_t appIndex)452 ErrCode AppControlManagerHostImpl::GetAbilityRunningControlRule(const std::string &bundleName, int32_t userId,
453 std::vector<DisposedRule>& disposedRules, int32_t appIndex)
454 {
455 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
456 if (uid != AppControlConstants::FOUNDATION_UID) {
457 LOG_E(BMS_TAG_DEFAULT, "callingName is invalid, uid : %{public}d", uid);
458 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
459 }
460 return appControlManager_->GetAbilityRunningControlRule(bundleName, appIndex, userId,
461 disposedRules);
462 }
463
GetDisposedRuleForCloneApp(const std::string & appId,DisposedRule & rule,int32_t appIndex,int32_t userId)464 ErrCode AppControlManagerHostImpl::GetDisposedRuleForCloneApp(const std::string &appId, DisposedRule &rule,
465 int32_t appIndex, int32_t userId)
466 {
467 LOG_D(BMS_TAG_DEFAULT, "host begin to GetDisposedRuleForCloneApp");
468 if (!BundlePermissionMgr::IsSystemApp()) {
469 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
470 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
471 }
472 if (!BundlePermissionMgr::VerifyCallingPermissionsForAll({PERMISSION_DISPOSED_STATUS,
473 PERMISSION_GET_DISPOSED_STATUS})) {
474 LOG_W(BMS_TAG_DEFAULT, "verify get disposed rule permission failed");
475 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
476 }
477 if (appIndex < Constants::MAIN_APP_INDEX || appIndex > ServiceConstants::CLONE_APP_INDEX_MAX) {
478 LOG_E(BMS_TAG_DEFAULT, "appIndex %{public}d is invalid", appIndex);
479 return ERR_APPEXECFWK_APP_INDEX_OUT_OF_RANGE;
480 }
481 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
482 std::string callerName;
483 GetCallerByUid(uid, callerName);
484 if (userId == Constants::UNSPECIFIED_USERID) {
485 userId = GetCallingUserId();
486 }
487 auto ret = appControlManager_->GetDisposedRule(callerName, appId, rule, appIndex, userId);
488 if (ret != ERR_OK) {
489 LOG_W(BMS_TAG_DEFAULT, "GetDisposedRuleForCloneApp error:%{public}d, appIndex:%{public}d", ret, appIndex);
490 }
491 return ret;
492 }
493
SetDisposedRuleForCloneApp(const std::string & appId,DisposedRule & rule,int32_t appIndex,int32_t userId)494 ErrCode AppControlManagerHostImpl::SetDisposedRuleForCloneApp(const std::string &appId, DisposedRule &rule,
495 int32_t appIndex, int32_t userId)
496 {
497 LOG_D(BMS_TAG_DEFAULT, "host begin to SetDisposedRuleForCloneApp");
498 if (!BundlePermissionMgr::IsSystemApp()) {
499 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
500 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
501 }
502 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
503 LOG_W(BMS_TAG_DEFAULT, "verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
504 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
505 }
506 if (appIndex < Constants::MAIN_APP_INDEX || appIndex > ServiceConstants::CLONE_APP_INDEX_MAX) {
507 LOG_E(BMS_TAG_DEFAULT, "appIndex %{public}d is invalid", appIndex);
508 return ERR_APPEXECFWK_APP_INDEX_OUT_OF_RANGE;
509 }
510 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
511 std::string callerName;
512 GetCallerByUid(uid, callerName);
513 if (uid == AppControlConstants::EDM_UID) {
514 rule.isEdm = true;
515 }
516 if (userId == Constants::UNSPECIFIED_USERID) {
517 userId = GetCallingUserId();
518 }
519 auto ret = appControlManager_->SetDisposedRule(callerName, appId, rule, appIndex, userId);
520 if (ret != ERR_OK) {
521 LOG_W(BMS_TAG_DEFAULT, "SetDisposedRuleForCloneApp error:%{public}d, appIndex:%{public}d", ret, appIndex);
522 }
523 return ret;
524 }
DeleteDisposedRuleForCloneApp(const std::string & appId,int32_t appIndex,int32_t userId)525 ErrCode AppControlManagerHostImpl::DeleteDisposedRuleForCloneApp(const std::string &appId, int32_t appIndex,
526 int32_t userId)
527 {
528 LOG_D(BMS_TAG_DEFAULT, "host begin to DeleteDisposedRuleForCloneApp");
529 if (!BundlePermissionMgr::IsSystemApp()) {
530 LOG_E(BMS_TAG_DEFAULT, "non-system app calling system api");
531 return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED;
532 }
533 if (!BundlePermissionMgr::VerifyCallingPermissionForAll(PERMISSION_DISPOSED_STATUS)) {
534 LOG_W(BMS_TAG_DEFAULT, "verify permission ohos.permission.MANAGE_DISPOSED_STATUS failed");
535 return ERR_BUNDLE_MANAGER_PERMISSION_DENIED;
536 }
537 if (appIndex < Constants::MAIN_APP_INDEX || appIndex > ServiceConstants::CLONE_APP_INDEX_MAX) {
538 LOG_E(BMS_TAG_DEFAULT, "appIndex %{public}d is invalid", appIndex);
539 return ERR_APPEXECFWK_APP_INDEX_OUT_OF_RANGE;
540 }
541 if (userId == Constants::UNSPECIFIED_USERID) {
542 userId = GetCallingUserId();
543 }
544 ErrCode ret = ERR_OK;
545 if (appIndex == Constants::MAIN_APP_INDEX) {
546 ret = appControlManager_->DeleteDisposedStatus(appId, userId);
547 if (ret != ERR_OK) {
548 LOG_W(BMS_TAG_DEFAULT, "DeleteDisposedStatus error:%{public}d", ret);
549 }
550 }
551 int32_t uid = OHOS::IPCSkeleton::GetCallingUid();
552 std::string callerName;
553 GetCallerByUid(uid, callerName);
554 if (userId == Constants::UNSPECIFIED_USERID) {
555 userId = GetCallingUserId();
556 }
557 ret = appControlManager_->DeleteDisposedRule(callerName, appId, appIndex, userId);
558 if (ret != ERR_OK) {
559 LOG_W(BMS_TAG_DEFAULT, "DeleteDisposedRule error:%{public}d, appIndex:%{public}d", ret, appIndex);
560 }
561 return ret;
562 }
563 } // AppExecFwk
564 } // OHOS