1 /*
2 * Copyright (C) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "if_system_ability_manager.h"
17 #include "iservice_registry.h"
18 #include "app_domain_verify_mgr_client.h"
19 #include "system_ability_definition.h"
20 #include "dfx/app_domain_verify_hisysevent.h"
21 #include "zidl/convert_callback_stub.h"
22 #include "regex.h"
23 #include "comm_define.h"
24 #include "ipc_skeleton.h"
25 #include "common_utils.h"
26
27 namespace OHOS {
28 namespace AppDomainVerify {
29 std::mutex AppDomainVerifyMgrClient::proxyLock_;
30 sptr<IAppDomainVerifyMgrService> AppDomainVerifyMgrClient::appDomainVerifyMgrServiceProxy_;
31 AppDomainVerifyMgrClient::StaticDestoryMonitor AppDomainVerifyMgrClient::staticDestoryMonitor_;
32 #ifndef _CUT_LINK_CONVERT_
33 static const std::string SCHEME_HTTPS("https");
34 static const char* PATTEN = "^[a-zA-Z0-9_-]{1,99}$";
35 constexpr int REG_ERR_BUF = 1024;
36 constexpr int NM = 10;
37 #endif
AppDomainVerifyMgrClient()38 AppDomainVerifyMgrClient::AppDomainVerifyMgrClient()
39 {
40 APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "new instance created.");
41 }
~AppDomainVerifyMgrClient()42 AppDomainVerifyMgrClient::~AppDomainVerifyMgrClient()
43 {
44 std::lock_guard<std::mutex> autoLock(proxyLock_);
45 if (appDomainVerifyMgrServiceProxy_ != nullptr && !staticDestoryMonitor_.IsDestoryed()) {
46 auto remoteObject = appDomainVerifyMgrServiceProxy_->AsObject();
47 if (remoteObject != nullptr) {
48 remoteObject->RemoveDeathRecipient(deathRecipient_);
49 }
50 }
51 APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "instance dead.");
52 }
53
VerifyDomain(const std::string & appIdentifier,const std::string & bundleName,const std::string & fingerprint,const std::vector<SkillUri> & skillUris)54 void AppDomainVerifyMgrClient::VerifyDomain(const std::string& appIdentifier, const std::string& bundleName,
55 const std::string& fingerprint, const std::vector<SkillUri>& skillUris)
56 {
57 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
58 INSTALL_EVENT(appIdentifier, bundleName);
59 std::lock_guard<std::mutex> autoLock(proxyLock_);
60 if (IsServiceAvailable()) {
61 appDomainVerifyMgrServiceProxy_->VerifyDomain(appIdentifier, bundleName, fingerprint, skillUris);
62 }
63 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end");
64 }
65
ClearDomainVerifyStatus(const std::string & appIdentifier,const std::string & bundleName)66 bool AppDomainVerifyMgrClient::ClearDomainVerifyStatus(const std::string& appIdentifier, const std::string& bundleName)
67 {
68 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
69 UNINSTALL_EVENT(appIdentifier, bundleName);
70 bool clearResult = false;
71 std::lock_guard<std::mutex> autoLock(proxyLock_);
72 if (IsServiceAvailable()) {
73 clearResult = appDomainVerifyMgrServiceProxy_->ClearDomainVerifyStatus(appIdentifier, bundleName);
74 }
75 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end");
76 return clearResult;
77 }
78
FilterAbilities(const OHOS::AAFwk::Want & want,const std::vector<OHOS::AppExecFwk::AbilityInfo> & originAbilityInfos,std::vector<OHOS::AppExecFwk::AbilityInfo> & filtedAbilityInfos)79 bool AppDomainVerifyMgrClient::FilterAbilities(const OHOS::AAFwk::Want& want,
80 const std::vector<OHOS::AppExecFwk::AbilityInfo>& originAbilityInfos,
81 std::vector<OHOS::AppExecFwk::AbilityInfo>& filtedAbilityInfos)
82 {
83 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
84 bool filterSuccess = false;
85 std::lock_guard<std::mutex> autoLock(proxyLock_);
86 if (IsServiceAvailable()) {
87 filterSuccess = appDomainVerifyMgrServiceProxy_->FilterAbilities(want, originAbilityInfos, filtedAbilityInfos);
88 }
89
90 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT,
91 "call end, filted ability size:%{public}zu, origin ability size:%{public}zu", filtedAbilityInfos.size(),
92 originAbilityInfos.size());
93 return filterSuccess;
94 }
95
QueryDomainVerifyStatus(const std::string & bundleName,DomainVerifyStatus & domainVerificationState)96 bool AppDomainVerifyMgrClient::QueryDomainVerifyStatus(
97 const std::string& bundleName, DomainVerifyStatus& domainVerificationState)
98 {
99 APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
100 bool querySuccess = false;
101 std::lock_guard<std::mutex> autoLock(proxyLock_);
102 if (IsServiceAvailable()) {
103 querySuccess = appDomainVerifyMgrServiceProxy_->QueryDomainVerifyStatus(bundleName, domainVerificationState);
104 }
105 APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end");
106 return querySuccess;
107 }
108
QueryAllDomainVerifyStatus(BundleVerifyStatusInfo & bundleVerifyStatusInfo)109 bool AppDomainVerifyMgrClient::QueryAllDomainVerifyStatus(BundleVerifyStatusInfo& bundleVerifyStatusInfo)
110 {
111 APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
112 bool querySuccess = false;
113 std::lock_guard<std::mutex> autoLock(proxyLock_);
114 if (IsServiceAvailable()) {
115 querySuccess = appDomainVerifyMgrServiceProxy_->QueryAllDomainVerifyStatus(bundleVerifyStatusInfo);
116 }
117 APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end");
118 return querySuccess;
119 }
120
SaveDomainVerifyStatus(const std::string & bundleName,const VerifyResultInfo & verifyResultInfo)121 bool AppDomainVerifyMgrClient::SaveDomainVerifyStatus(
122 const std::string& bundleName, const VerifyResultInfo& verifyResultInfo)
123 {
124 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
125 bool saveSuccess = false;
126 std::lock_guard<std::mutex> autoLock(proxyLock_);
127 if (IsServiceAvailable()) {
128 saveSuccess = appDomainVerifyMgrServiceProxy_->SaveDomainVerifyStatus(bundleName, verifyResultInfo);
129 }
130 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end");
131 return saveSuccess;
132 }
133
IsServiceAvailable()134 bool AppDomainVerifyMgrClient::IsServiceAvailable()
135 {
136 if (appDomainVerifyMgrServiceProxy_ == nullptr) {
137 APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "Redo ConnectService");
138 ConnectService();
139 }
140
141 if (appDomainVerifyMgrServiceProxy_ == nullptr) {
142 APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "Service proxy null.");
143 return false;
144 }
145 return true;
146 }
ConnectService()147 void AppDomainVerifyMgrClient::ConnectService()
148 {
149 APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "ConnectService start.");
150 sptr<ISystemAbilityManager> samgrProxy = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
151 if (samgrProxy == nullptr) {
152 APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "Get SystemAbilityManager failed.");
153 appDomainVerifyMgrServiceProxy_ = nullptr;
154 return;
155 }
156 sptr<IRemoteObject> remoteObject = samgrProxy->CheckSystemAbility(APP_DOMAIN_VERIFY_MANAGER_SA_ID);
157 if (remoteObject != nullptr) {
158 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "Get AppDomainVerifyMgrServiceProxy succeed.");
159 if (deathRecipient_ == nullptr) {
160 deathRecipient_ = sptr<IRemoteObject::DeathRecipient>(new AppDomainVerifyMgrSaDeathRecipient());
161 }
162 remoteObject->AddDeathRecipient(deathRecipient_);
163 appDomainVerifyMgrServiceProxy_ = iface_cast<IAppDomainVerifyMgrService>(remoteObject);
164 return;
165 }
166 APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "Getting AppDomainVerifyMgrServiceProxy failed.");
167 }
168
OnRemoteSaDied(const wptr<IRemoteObject> & remote)169 void AppDomainVerifyMgrClient::OnRemoteSaDied(const wptr<IRemoteObject>& remote)
170 {
171 APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "OnRemoteSaDied.");
172 std::lock_guard<std::mutex> autoLock(proxyLock_);
173 if (appDomainVerifyMgrServiceProxy_ != nullptr) {
174 auto remoteObj = appDomainVerifyMgrServiceProxy_->AsObject();
175 if (remoteObj != nullptr) {
176 remoteObj->RemoveDeathRecipient(deathRecipient_);
177 }
178 }
179 appDomainVerifyMgrServiceProxy_ = nullptr;
180 }
ConvertToExplicitWant(AAFwk::Want & implicitWant,sptr<IConvertCallback> & callback)181 void AppDomainVerifyMgrClient::ConvertToExplicitWant(AAFwk::Want& implicitWant, sptr<IConvertCallback>& callback)
182 {
183 #ifdef _CUT_LINK_CONVERT_
184 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "not support, will return false!");
185 if (callback) {
186 callback->OnConvert(-1, implicitWant);
187 }
188 #else
189 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
190 std::lock_guard<std::mutex> autoLock(proxyLock_);
191 if (IsServiceAvailable()) {
192 std::string identity = IPCSkeleton::ResetCallingIdentity();
193 appDomainVerifyMgrServiceProxy_->ConvertToExplicitWant(implicitWant, callback);
194 IPCSkeleton::SetCallingIdentity(identity);
195 }
196 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end");
197 #endif
198 }
199 #ifndef _CUT_LINK_CONVERT_
IsValidPath(const std::string & path)200 bool AppDomainVerifyMgrClient::IsValidPath(const std::string& path)
201 {
202 const char* bematch = path.c_str();
203 char errbuf[REG_ERR_BUF];
204 regex_t reg;
205 int errNum = 0;
206 int nm = NM;
207 regmatch_t pmatch[nm];
208 if (regcomp(®, PATTEN, REG_EXTENDED) < 0) {
209 regerror(errNum, ®, errbuf, sizeof(errbuf));
210 APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "regexec error:%{public}s", errbuf);
211 return false;
212 }
213 errNum = regexec(®, bematch, nm, pmatch, 0);
214 if (errNum == REG_NOMATCH) {
215 APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "regexec no match");
216 return false;
217 } else if (errNum) {
218 regerror(errNum, ®, errbuf, sizeof(errbuf));
219 APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "regexec error:%{public}s", errbuf);
220 return false;
221 }
222 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "is valid path");
223 return true;
224 }
IsValidUrl(OHOS::Uri & uri)225 bool AppDomainVerifyMgrClient::IsValidUrl(OHOS::Uri& uri)
226 {
227 if (uri.GetScheme() != SCHEME_HTTPS) {
228 APP_DOMAIN_VERIFY_HILOGW(
229 APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "scheme:%{public}s is not https", uri.GetScheme().c_str());
230 return false;
231 }
232 if (uri.GetHost().empty()) {
233 APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "host is empty");
234 return false;
235 }
236 std::vector<std::string> segments;
237 uri.GetPathSegments(segments);
238 if (segments.size() != 1) {
239 APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "short path is more than one");
240 return false;
241 }
242 if (!IsValidPath(segments[0])) {
243 APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT,
244 "short path:%{public}s must only contains number,alphabet or dash line!", segments[0].c_str());
245 return false;
246 }
247 APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "is valid Url");
248 return true;
249 }
250
251 #endif
IsAtomicServiceUrl(const std::string & url)252 bool AppDomainVerifyMgrClient::IsAtomicServiceUrl(const std::string& url)
253 {
254 #ifdef _CUT_LINK_CONVERT_
255 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "not support, will return false!");
256 return false;
257 #else
258 APP_DOMAIN_VERIFY_HILOGI(
259 APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called, url %{public}s", MaskStr(url).c_str());
260 Uri uri(url);
261 if (!IsValidUrl(uri)) {
262 APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "url is invalid!");
263 return false;
264 }
265 bool ret{ false };
266 std::lock_guard<std::mutex> autoLock(proxyLock_);
267 if (IsServiceAvailable()) {
268 std::string identity = IPCSkeleton::ResetCallingIdentity();
269 ret = appDomainVerifyMgrServiceProxy_->IsAtomicServiceUrl(uri.GetScheme() + "://" + uri.GetHost());
270 IPCSkeleton::SetCallingIdentity(identity);
271 }
272 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end, IsAtomicServiceUrl:%{public}d", ret);
273 return ret;
274 #endif
275 }
UpdateWhiteListUrls(const std::vector<std::string> & urls)276 void AppDomainVerifyMgrClient::UpdateWhiteListUrls(const std::vector<std::string>& urls)
277 {
278 #ifdef _CUT_LINK_CONVERT_
279 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "not support, will return!");
280 return;
281 #else
282 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
283 std::lock_guard<std::mutex> autoLock(proxyLock_);
284 if (IsServiceAvailable()) {
285 appDomainVerifyMgrServiceProxy_->UpdateWhiteListUrls(urls);
286 }
287 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end");
288 #endif
289 }
QueryAssociatedDomains(const std::string & bundleName,std::vector<std::string> & domains)290 int AppDomainVerifyMgrClient::QueryAssociatedDomains(const std::string& bundleName, std::vector<std::string>& domains)
291 {
292 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
293 std::lock_guard<std::mutex> autoLock(proxyLock_);
294 if (IsServiceAvailable()) {
295 return appDomainVerifyMgrServiceProxy_->QueryAssociatedDomains(bundleName, domains);
296 }
297 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end");
298 return CommonErrorCode::E_INTERNAL_ERR;
299 }
QueryAssociatedBundleNames(const std::string & domain,std::vector<std::string> & bundleNames)300 int AppDomainVerifyMgrClient::QueryAssociatedBundleNames(
301 const std::string& domain, std::vector<std::string>& bundleNames)
302 {
303 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "called");
304 std::lock_guard<std::mutex> autoLock(proxyLock_);
305 if (IsServiceAvailable()) {
306 return appDomainVerifyMgrServiceProxy_->QueryAssociatedBundleNames(domain, bundleNames);
307 }
308 APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "call end");
309 return CommonErrorCode::E_INTERNAL_ERR;
310 }
AppDomainVerifyMgrSaDeathRecipient()311 AppDomainVerifyMgrSaDeathRecipient::AppDomainVerifyMgrSaDeathRecipient()
312 {
313 }
314
~AppDomainVerifyMgrSaDeathRecipient()315 AppDomainVerifyMgrSaDeathRecipient::~AppDomainVerifyMgrSaDeathRecipient()
316 {
317 APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "deathRecipient dead.");
318 }
319
OnRemoteDied(const wptr<IRemoteObject> & object)320 void AppDomainVerifyMgrSaDeathRecipient::OnRemoteDied(const wptr<IRemoteObject>& object)
321 {
322 APP_DOMAIN_VERIFY_HILOGD(
323 APP_DOMAIN_VERIFY_MGR_MODULE_CLIENT, "AppDomainVerifyMgrSaDeathRecipient on remote systemAbility died.");
324 AppDomainVerifyMgrClient::GetInstance()->OnRemoteSaDied(object);
325 }
326 } // namespace AppDomainVerify
327 } // namespace OHOS
328