1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "disallowed_running_bundles_plugin.h"
17
18 #include <system_ability_definition.h>
19
20 #include "app_control/app_control_proxy.h"
21 #include "array_string_serializer.h"
22 #include "edm_constants.h"
23 #include "edm_ipc_interface_code.h"
24 #include "edm_sys_manager.h"
25 #include "plugin_manager.h"
26
27 namespace OHOS {
28 namespace EDM {
29 const bool REGISTER_RESULT = PluginManager::GetInstance()->AddPlugin(DisallowedRunningBundlesPlugin::GetPlugin());
30
InitPlugin(std::shared_ptr<IPluginTemplate<DisallowedRunningBundlesPlugin,std::vector<std::string>>> ptr)31 void DisallowedRunningBundlesPlugin::InitPlugin(
32 std::shared_ptr<IPluginTemplate<DisallowedRunningBundlesPlugin, std::vector<std::string>>> ptr)
33 {
34 EDMLOGI("DisallowedRunningBundlesPlugin InitPlugin...");
35 std::map<std::string, std::string> perms;
36 perms.insert(std::make_pair(EdmConstants::PERMISSION_TAG_VERSION_11,
37 "ohos.permission.ENTERPRISE_MANAGE_SET_APP_RUNNING_POLICY"));
38 perms.insert(std::make_pair(EdmConstants::PERMISSION_TAG_VERSION_12,
39 "ohos.permission.ENTERPRISE_MANAGE_APPLICATION"));
40 IPlugin::PolicyPermissionConfig config = IPlugin::PolicyPermissionConfig(perms,
41 IPlugin::PermissionType::SUPER_DEVICE_ADMIN, IPlugin::ApiType::PUBLIC);
42 ptr->InitAttribute(EdmInterfaceCode::DISALLOW_RUNNING_BUNDLES, "disallow_running_bundles", config, true);
43 ptr->SetSerializer(ArrayStringSerializer::GetInstance());
44 ptr->SetOnHandlePolicyListener(&DisallowedRunningBundlesPlugin::OnSetPolicy, FuncOperateType::SET);
45 ptr->SetOnHandlePolicyListener(&DisallowedRunningBundlesPlugin::OnRemovePolicy, FuncOperateType::REMOVE);
46 ptr->SetOnAdminRemoveDoneListener(&DisallowedRunningBundlesPlugin::OnAdminRemoveDone);
47 }
48
OnSetPolicy(std::vector<std::string> & data,std::vector<std::string> & currentData,int32_t userId)49 ErrCode DisallowedRunningBundlesPlugin::OnSetPolicy(std::vector<std::string> &data,
50 std::vector<std::string> ¤tData, int32_t userId)
51 {
52 EDMLOGI("DisallowedRunningBundlesPlugin OnSetPolicy userId = %{public}d", userId);
53 if (data.empty()) {
54 EDMLOGW("DisallowedRunningBundlesPlugin OnSetPolicy data is empty:");
55 return ERR_OK;
56 }
57 if (data.size() > EdmConstants::APPID_MAX_SIZE) {
58 EDMLOGE("DisallowedRunningBundlesPlugin OnSetPolicy input data is too large:");
59 return EdmReturnErrCode::PARAM_ERROR;
60 }
61
62 std::vector<std::string> mergeData = ArrayStringSerializer::GetInstance()->SetUnionPolicyData(data, currentData);
63 if (mergeData.size() > EdmConstants::APPID_MAX_SIZE) {
64 EDMLOGE("DisallowedRunningBundlesPlugin OnSetPolicy merge data is too large:");
65 return EdmReturnErrCode::PARAM_ERROR;
66 }
67
68 std::vector<AppExecFwk::AppRunningControlRule> controlRules;
69 std::for_each(data.begin(), data.end(), [&](const std::string &str) {
70 AppExecFwk::AppRunningControlRule controlRule;
71 controlRule.appId = str;
72 controlRules.push_back(controlRule);
73 });
74
75 auto appControlProxy = GetAppControlProxy();
76 if (!appControlProxy) {
77 EDMLOGE("DisallowedRunningBundlesPlugin OnSetPolicy GetAppControlProxy failed.");
78 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
79 }
80 ErrCode res = appControlProxy->AddAppRunningControlRule(controlRules, userId);
81 if (res != ERR_OK) {
82 EDMLOGE("DisallowedRunningBundlesPlugin OnSetPolicyDone Faild %{public}d:", res);
83 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
84 }
85 currentData = mergeData;
86 return ERR_OK;
87 }
88
OnGetPolicy(std::string & policyData,MessageParcel & data,MessageParcel & reply,int32_t userId)89 ErrCode DisallowedRunningBundlesPlugin::OnGetPolicy(std::string &policyData, MessageParcel &data, MessageParcel &reply,
90 int32_t userId)
91 {
92 EDMLOGI("DisallowedRunningBundlesPlugin OnGetPolicy policyData : %{public}s, userId : %{public}d",
93 policyData.c_str(), userId);
94 std::vector<std::string> appIds;
95 pluginInstance_->serializer_->Deserialize(policyData, appIds);
96 reply.WriteInt32(ERR_OK);
97 reply.WriteInt32(appIds.size());
98 reply.WriteStringVector(appIds);
99 return ERR_OK;
100 }
101
OnRemovePolicy(std::vector<std::string> & data,std::vector<std::string> & currentData,int32_t userId)102 ErrCode DisallowedRunningBundlesPlugin::OnRemovePolicy(std::vector<std::string> &data,
103 std::vector<std::string> ¤tData, int32_t userId)
104 {
105 EDMLOGD("DisallowedRunningBundlesPlugin OnRemovePolicy userId : %{public}d:", userId);
106 if (data.empty()) {
107 EDMLOGW("DisallowedRunningBundlesPlugin OnRemovePolicy data is empty:");
108 return ERR_OK;
109 }
110 if (data.size() > EdmConstants::APPID_MAX_SIZE) {
111 EDMLOGE("DisallowedRunningBundlesPlugin OnRemovePolicy input data is too large:");
112 return EdmReturnErrCode::PARAM_ERROR;
113 }
114 std::vector<std::string> mergeData =
115 ArrayStringSerializer::GetInstance()->SetDifferencePolicyData(data, currentData);
116 std::vector<AppExecFwk::AppRunningControlRule> controlRules;
117 std::for_each(data.begin(), data.end(), [&](const std::string &str) {
118 AppExecFwk::AppRunningControlRule controlRule;
119 controlRule.appId = str;
120 controlRules.push_back(controlRule);
121 });
122 auto appControlProxy = GetAppControlProxy();
123 if (!appControlProxy) {
124 EDMLOGE("DisallowedRunningBundlesPlugin OnRemovePolicy GetAppControlProxy failed.");
125 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
126 }
127 ErrCode res = appControlProxy->DeleteAppRunningControlRule(controlRules, userId);
128 if (res != ERR_OK) {
129 EDMLOGE("DisallowedRunningBundlesPlugin DeleteAppInstallControlRule OnRemovePolicy faild %{public}d:", res);
130 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
131 }
132 currentData = mergeData;
133 return ERR_OK;
134 }
135
GetAppControlProxy()136 sptr<AppExecFwk::IAppControlMgr> DisallowedRunningBundlesPlugin::GetAppControlProxy()
137 {
138 auto remoteObject = EdmSysManager::GetRemoteObjectOfSystemAbility(OHOS::BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
139 sptr<AppExecFwk::IBundleMgr> proxy = iface_cast<AppExecFwk::IBundleMgr>(remoteObject);
140 return proxy->GetAppControlProxy();
141 }
142
OnAdminRemoveDone(const std::string & adminName,std::vector<std::string> & data,int32_t userId)143 void DisallowedRunningBundlesPlugin::OnAdminRemoveDone(const std::string &adminName, std::vector<std::string> &data,
144 int32_t userId)
145 {
146 EDMLOGI("DisallowedRunningBundlesPlugin OnAdminRemoveDone adminName : %{public}s userId : %{public}d",
147 adminName.c_str(), userId);
148 std::vector<AppExecFwk::AppRunningControlRule> controlRules;
149 std::for_each(data.begin(), data.end(), [&](const std::string &str) {
150 AppExecFwk::AppRunningControlRule controlRule;
151 controlRule.appId = str;
152 controlRules.push_back(controlRule);
153 });
154 auto appControlProxy = GetAppControlProxy();
155 if (!appControlProxy) {
156 EDMLOGE("DisallowedRunningBundlesPlugin OnAdminRemoveDone GetAppControlProxy failed.");
157 return;
158 }
159 ErrCode res = appControlProxy->DeleteAppRunningControlRule(controlRules, userId);
160 EDMLOGI("DisallowedRunningBundlesPlugin OnAdminRemoveDone result %{public}d:", res);
161 }
162 } // namespace EDM
163 } // namespace OHOS
164