1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "disallowed_usb_devices_plugin.h"
17
18 #include <algorithm>
19 #include <system_ability_definition.h>
20 #include "array_usb_device_type_serializer.h"
21 #include "edm_constants.h"
22 #include "edm_ipc_interface_code.h"
23 #include "plugin_manager.h"
24 #include "usb_policy_utils.h"
25
26 namespace OHOS {
27 namespace EDM {
28 const bool REGISTER_RESULT = PluginManager::GetInstance()->AddPlugin(std::make_shared<DisallowedUsbDevicesPlugin>());
29 constexpr int32_t USB_DEVICE_TYPE_BASE_CLASS_STORAGE = 8;
30
DisallowedUsbDevicesPlugin()31 DisallowedUsbDevicesPlugin::DisallowedUsbDevicesPlugin()
32 {
33 policyCode_ = EdmInterfaceCode::DISALLOWED_USB_DEVICES;
34 policyName_ = "disallowed_usb_devices";
35 permissionConfig_.permission = "ohos.permission.ENTERPRISE_MANAGE_USB";
36 permissionConfig_.permissionType = IPlugin::PermissionType::SUPER_DEVICE_ADMIN;
37 permissionConfig_.apiType = IPlugin::ApiType::PUBLIC;
38 needSave_ = true;
39 }
40
OnHandlePolicy(std::uint32_t funcCode,MessageParcel & data,MessageParcel & reply,HandlePolicyData & policyData,int32_t userId)41 ErrCode DisallowedUsbDevicesPlugin::OnHandlePolicy(std::uint32_t funcCode, MessageParcel &data, MessageParcel &reply,
42 HandlePolicyData &policyData, int32_t userId)
43 {
44 uint32_t typeCode = FUNC_TO_OPERATE(funcCode);
45 FuncOperateType type = FuncCodeUtils::ConvertOperateType(typeCode);
46 EDMLOGI("DisallowedUsbDevicesPlugin OnHandlePolicy: type: %{public}u", static_cast<uint32_t>(type));
47 if (type != FuncOperateType::SET && type != FuncOperateType::REMOVE) {
48 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
49 }
50 if (HasConflictPolicy(type)) {
51 return EdmReturnErrCode::CONFIGURATION_CONFLICT_FAILED;
52 }
53 auto serializer_ = ArrayUsbDeviceTypeSerializer::GetInstance();
54 std::string beforeHandle = policyData.policyData;
55 std::vector<USB::UsbDeviceType> beforeDevices;
56 serializer_->Deserialize(beforeHandle, beforeDevices);
57 std::vector<USB::UsbDeviceType> policyDevices;
58 if (!serializer_->GetPolicy(data, policyDevices)) {
59 return EdmReturnErrCode::PARAM_ERROR;
60 }
61 std::vector<USB::UsbDeviceType> mergeData;
62 if (!CombinePolicyDataAndBeforeData(type, policyDevices, beforeDevices, mergeData)) {
63 return EdmReturnErrCode::PARAM_ERROR;
64 }
65 std::vector<USB::UsbDeviceType> disallowedUsbDeviceTypes;
66 CombineDataWithStorageAccessPolicy(mergeData, disallowedUsbDeviceTypes);
67 ErrCode ret = ERR_OK;
68 if (disallowedUsbDeviceTypes.empty() && !beforeDevices.empty()) {
69 ret = UsbPolicyUtils::SetUsbDisabled(false);
70 if (ret != ERR_OK) {
71 return ret;
72 }
73 }
74 ret = UsbPolicyUtils::SetDisallowedUsbDevices(disallowedUsbDeviceTypes);
75 if (ret != ERR_OK) {
76 return ret;
77 }
78 std::string afterHandle;
79 serializer_->Serialize(mergeData, afterHandle);
80 policyData.isChanged = afterHandle != beforeHandle;
81 if (policyData.isChanged) {
82 policyData.policyData = afterHandle;
83 }
84 return ERR_OK;
85 }
86
HasConflictPolicy(const FuncOperateType type)87 bool DisallowedUsbDevicesPlugin::HasConflictPolicy(const FuncOperateType type)
88 {
89 if (type != FuncOperateType::SET) {
90 return false;
91 }
92 auto policyManager = IPolicyManager::GetInstance();
93 std::string disableUsb;
94 policyManager->GetPolicy("", "disable_usb", disableUsb);
95 if (disableUsb == "true") {
96 EDMLOGE("DisallowedUsbDevicesPlugin policy conflict! Usb is disabled.");
97 return true;
98 }
99 std::string allowUsbDevice;
100 policyManager->GetPolicy("", "allowed_usb_devices", allowUsbDevice);
101 if (!allowUsbDevice.empty()) {
102 EDMLOGE("DisallowedUsbDevicesPlugin policy conflict! AllowedUsbDevice: %{public}s", allowUsbDevice.c_str());
103 return true;
104 }
105 return false;
106 }
107
CombinePolicyDataAndBeforeData(const FuncOperateType type,std::vector<USB::UsbDeviceType> policyDevices,std::vector<USB::UsbDeviceType> beforeDevices,std::vector<USB::UsbDeviceType> & mergeDevices)108 bool DisallowedUsbDevicesPlugin::CombinePolicyDataAndBeforeData(const FuncOperateType type,
109 std::vector<USB::UsbDeviceType> policyDevices, std::vector<USB::UsbDeviceType> beforeDevices,
110 std::vector<USB::UsbDeviceType> &mergeDevices)
111 {
112 auto serializer_ = ArrayUsbDeviceTypeSerializer::GetInstance();
113 if (type == FuncOperateType::SET) {
114 mergeDevices = serializer_->SetUnionPolicyData(policyDevices, beforeDevices);
115 } else {
116 mergeDevices = serializer_->SetDifferencePolicyData(policyDevices, beforeDevices);
117 }
118 if (mergeDevices.size() > EdmConstants::DISALLOWED_USB_DEVICES_TYPES_MAX_SIZE) {
119 EDMLOGE("DisallowedUsbDevicesPlugin: OnHandlePolicy union data size=[%{public}zu] is too large",
120 mergeDevices.size());
121 return false;
122 }
123 return true;
124 }
125
CombineDataWithStorageAccessPolicy(std::vector<USB::UsbDeviceType> policyData,std::vector<USB::UsbDeviceType> & combineData)126 void DisallowedUsbDevicesPlugin::CombineDataWithStorageAccessPolicy(std::vector<USB::UsbDeviceType> policyData,
127 std::vector<USB::UsbDeviceType> &combineData)
128 {
129 auto policyManager = IPolicyManager::GetInstance();
130 std::string usbStoragePolicy;
131 policyManager->GetPolicy("", "usb_read_only", usbStoragePolicy);
132 std::vector<USB::UsbDeviceType> usbStorageTypes;
133 if (usbStoragePolicy == std::to_string(EdmConstants::STORAGE_USB_POLICY_DISABLED)) {
134 USB::UsbDeviceType storageType;
135 storageType.baseClass = USB_DEVICE_TYPE_BASE_CLASS_STORAGE;
136 storageType.subClass = USB_DEVICE_TYPE_BASE_CLASS_STORAGE;
137 storageType.protocol = USB_DEVICE_TYPE_BASE_CLASS_STORAGE;
138 storageType.isDeviceType = false;
139 usbStorageTypes.emplace_back(storageType);
140 }
141 combineData = ArrayUsbDeviceTypeSerializer::GetInstance()->SetUnionPolicyData(policyData, usbStorageTypes);
142 }
143
OnGetPolicy(std::string & policyData,MessageParcel & data,MessageParcel & reply,int32_t userId)144 ErrCode DisallowedUsbDevicesPlugin::OnGetPolicy(std::string &policyData, MessageParcel &data, MessageParcel &reply,
145 int32_t userId)
146 {
147 EDMLOGI("DisallowedUsbDevicesPlugin OnGetPolicy: policyData: %{public}s", policyData.c_str());
148 if (policyData.empty()) {
149 EDMLOGW("DisallowedUsbDevicesPlugin OnGetPolicy data is empty:");
150 reply.WriteInt32(ERR_OK);
151 reply.WriteUint32(0);
152 return ERR_OK;
153 }
154 auto serializer_ = ArrayUsbDeviceTypeSerializer::GetInstance();
155 std::vector<USB::UsbDeviceType> disallowedDevices;
156 serializer_->Deserialize(policyData, disallowedDevices);
157 reply.WriteInt32(ERR_OK);
158 reply.WriteUint32(disallowedDevices.size());
159 for (const auto &usbDeviceType : disallowedDevices) {
160 if (!usbDeviceType.Marshalling(reply)) {
161 EDMLOGE("DisallowedUsbDevicesPlugin OnGetPolicy: write parcel failed!");
162 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
163 }
164 }
165 return ERR_OK;
166 }
167
OnAdminRemove(const std::string & adminName,const std::string & policyData,int32_t userId)168 ErrCode DisallowedUsbDevicesPlugin::OnAdminRemove(const std::string &adminName, const std::string &policyData,
169 int32_t userId)
170 {
171 EDMLOGD("DisallowedUsbDevicesPlugin OnAdminRemove");
172 if (policyData.empty()) {
173 EDMLOGW("DisallowedUsbDevicesPlugin OnRemovePolicy data is empty:");
174 return ERR_OK;
175 }
176 return UsbPolicyUtils::SetUsbDisabled(false);
177 }
178 } // namespace EDM
179 } // namespace OHOS
180