1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "ownerid_utils.h"
17 #include "code_sign_attr_utils.h"
18 #include "parameter.h"
19 #include "log.h"
20 
21 #include <string>
22 #include <unordered_set>
23 
24 #define SECURE_SHIELD_MODE_KEY "ohos.boot.advsecmode.state"
25 #define VALUE_MAX_LEN 32
26 
27 // the list will be removed before 930
28 static const std::unordered_set<std::string> g_tempAllowList;
29 
30 static const std::unordered_set<std::string> g_secureShieldAllowList;
31 
IsSecureShieldModeOn()32 static uint32_t IsSecureShieldModeOn()
33 {
34     char secureShieldModeValue[VALUE_MAX_LEN] = {0};
35     (void)GetParameter(SECURE_SHIELD_MODE_KEY, "0", secureShieldModeValue, VALUE_MAX_LEN - 1);
36     return (strcmp(secureShieldModeValue, "0") != 0);
37 }
38 
ConvertIdType(int idType,const char * ownerId)39 uint32_t ConvertIdType(int idType, const char *ownerId)
40 {
41     if (ownerId == nullptr) {
42         return idType;
43     }
44     if ((idType != PROCESS_OWNERID_APP) && (idType != PROCESS_OWNERID_APP_TEMP_ALLOW)) {
45         return idType;
46     }
47     idType = PROCESS_OWNERID_APP;
48     std::string ownerIdStr(ownerId);
49     // check different list on secure shield mode or normal mode
50     if (IsSecureShieldModeOn()) {
51         if (g_secureShieldAllowList.count(ownerIdStr) != 0) {
52             LOG_INFO("Xpm: app in secure shield allow list");
53             return PROCESS_OWNERID_APP_TEMP_ALLOW;
54         }
55     } else {
56         if (g_tempAllowList.count(ownerIdStr) != 0) {
57             LOG_INFO("Xpm: app in temporary allow list");
58             return PROCESS_OWNERID_APP_TEMP_ALLOW;
59         }
60     }
61     return idType;
62 }