1 /*
2  * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef SERVICES_EDM_INCLUDE_EDM_ENTERPRISE_DEVICE_MGR_ABILITY_H
17 #define SERVICES_EDM_INCLUDE_EDM_ENTERPRISE_DEVICE_MGR_ABILITY_H
18 
19 #include <chrono>
20 #include <condition_variable>
21 #include <memory>
22 #include <string>
23 
24 #include "admin_manager.h"
25 #include "common_event_subscriber.h"
26 #include "enterprise_admin_proxy.h"
27 #include "enterprise_device_mgr_stub.h"
28 #include "hilog/log.h"
29 #include "plugin_manager.h"
30 #include "policy_manager.h"
31 #include "policy_struct.h"
32 #include "security_report.h"
33 #include "system_ability.h"
34 
35 namespace OHOS {
36 namespace EDM {
37 class EnterpriseDeviceMgrAbility : public SystemAbility, public EnterpriseDeviceMgrStub {
38     DECLARE_SYSTEM_ABILITY(EnterpriseDeviceMgrAbility);
39 
40 public:
41     EnterpriseDeviceMgrAbility();
42     DISALLOW_COPY_AND_MOVE(EnterpriseDeviceMgrAbility);
43     ~EnterpriseDeviceMgrAbility() override;
44     static sptr<EnterpriseDeviceMgrAbility> GetInstance();
45 
46     ErrCode EnableAdmin(AppExecFwk::ElementName &admin, EntInfo &entInfo, AdminType type, int32_t userId) override;
47     ErrCode DisableAdmin(AppExecFwk::ElementName &admin, int32_t userId) override;
48     ErrCode DisableSuperAdmin(const std::string &bundleName) override;
49     ErrCode HandleDevicePolicy(uint32_t code, AppExecFwk::ElementName &admin, MessageParcel &data, MessageParcel &reply,
50         int32_t userId) override;
51     ErrCode GetDevicePolicy(uint32_t code, MessageParcel &data, MessageParcel &reply, int32_t userId) override;
52     ErrCode GetEnabledAdmin(AdminType type, std::vector<std::string> &enabledAdminList) override;
53     ErrCode GetEnterpriseInfo(AppExecFwk::ElementName &admin, MessageParcel &reply) override;
54     ErrCode SetEnterpriseInfo(AppExecFwk::ElementName &admin, EntInfo &entInfo) override;
55     ErrCode SubscribeManagedEvent(const AppExecFwk::ElementName &admin, const std::vector<uint32_t> &events) override;
56     ErrCode UnsubscribeManagedEvent(const AppExecFwk::ElementName &admin, const std::vector<uint32_t> &events) override;
57     ErrCode AuthorizeAdmin(const AppExecFwk::ElementName &admin, const std::string &bundleName) override;
58     ErrCode SetDelegatedPolicies(const std::string &parentAdminName, const std::string &bundleName,
59         const std::vector<std::string> &policies) override;
60     ErrCode GetDelegatedPolicies(const std::string &parentAdminName, const std::string &bundleName,
61         std::vector<std::string> &policies) override;
62     ErrCode GetDelegatedBundleNames(const std::string &parentAdminName, const std::string &policyName,
63         std::vector<std::string> &bundleNames) override;
64     bool IsSuperAdmin(const std::string &bundleName) override;
65     bool IsAdminEnabled(AppExecFwk::ElementName &admin, int32_t userId) override;
66     void ConnectAbilityOnSystemEvent(const std::string &bundleName, ManagedEvent event, int32_t userId = 100);
67     std::unordered_map<std::string,
68         std::function<void(EnterpriseDeviceMgrAbility *that, const EventFwk::CommonEventData &data)>>
69         commonEventFuncMap_;
70     std::unordered_map<int32_t,
71         std::function<void(EnterpriseDeviceMgrAbility *that, int32_t systemAbilityId, const std::string &deviceId)>>
72         addSystemAbilityFuncMap_;
73     ErrCode GetSuperAdmin(MessageParcel &reply) override;
74 
75 protected:
76     void OnStart() override;
77     void OnStop() override;
78     int32_t Dump(int32_t fd, const std::vector<std::u16string> &args) override;
79     void OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override;
80     void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override;
81 
82 private:
83     void AddCommonEventFuncMap();
84     void AddOnAddSystemAbilityFuncMap();
85     bool SubscribeAppState();
86     bool UnsubscribeAppState();
87     ErrCode CheckCallingUid(const std::string &bundleName);
88     ErrCode RemoveAdminItem(const std::string &adminName, const std::string &policyName, const std::string &policyValue,
89         int32_t userId);
90     ErrCode RemoveAdminAndAdminPolicy(const std::string &adminName, int32_t userId);
91     ErrCode RemoveAdmin(const std::string &adminName, int32_t userId);
92     ErrCode RemoveAdminPolicy(const std::string &adminName, int32_t userId);
93     ErrCode RemoveSubSuperAdminAndAdminPolicy(const std::string &bundleName);
94     ErrCode RemoveSuperAdminAndAdminPolicy(const std::string &bundleName);
95     ErrCode RemoveSubOrSuperAdminAndAdminPolicy(const std::string &bundleName,
96         const std::vector<int32_t> &nonDefaultUserIds);
97     ErrCode GetAllPermissionsByAdmin(const std::string &bundleInfoName, AdminType adminType, int32_t userId,
98         std::vector<std::string> &permissionList);
99     int32_t GetCurrentUserId();
100     ErrCode HandleApplicationEvent(const std::vector<uint32_t> &events, bool subscribe);
101     ErrCode UpdateDeviceAdmin(AppExecFwk::ElementName &admin);
102     ErrCode VerifyEnableAdminCondition(AppExecFwk::ElementName &admin, AdminType type, int32_t userId, bool isDebug);
103     ErrCode VerifyManagedEvent(const AppExecFwk::ElementName &admin, const std::vector<uint32_t> &events);
104     ErrCode UpdateDevicePolicy(uint32_t code, const std::string &bundleName, MessageParcel &data, MessageParcel &reply,
105         int32_t userId);
106     ErrCode CheckCallerPermission(std::shared_ptr<Admin> admin, const std::string &permission, bool isNeedSuperAdmin);
107     ErrCode CheckAndUpdatePermission(std::shared_ptr<Admin> admin, Security::AccessToken::AccessTokenID tokenId,
108         const std::string &permission, int32_t userId);
109     ErrCode CheckDelegatedPolicies(std::shared_ptr<Admin> admin, const std::vector<std::string> &policies);
110     ErrCode CheckSystemCalling(IPlugin::ApiType apiType, const std::string &permissionTag);
111     ErrCode CheckHandlePolicyPermission(FuncOperateType operateType, const std::string &bundleName,
112         const std::string &policyName, const std::string &permissionName, int32_t userId);
113 #ifdef COMMON_EVENT_SERVICE_EDM_ENABLE
114     std::shared_ptr<EventFwk::CommonEventSubscriber> CreateEnterpriseDeviceEventSubscriber(
115         EnterpriseDeviceMgrAbility &listener);
116 #endif
117     void OnCommonEventUserRemoved(const EventFwk::CommonEventData &data);
118     void OnCommonEventPackageAdded(const EventFwk::CommonEventData &data);
119     void OnCommonEventPackageRemoved(const EventFwk::CommonEventData &data);
120     bool ShouldUnsubscribeAppState(const std::string &adminName, int32_t userId);
121     bool CheckManagedEvent(uint32_t event);
122     void OnAppManagerServiceStart();
123     void OnAbilityManagerServiceStart();
124     void OnCommonEventServiceStart();
125 #ifdef PASTEBOARD_EDM_ENABLE
126     void OnPasteboardServiceStart();
127 #endif
128     void OnUserAuthFrameworkStart();
129 #ifdef USB_EDM_ENABLE
130     void OnUsbServiceStart();
131 #endif
132     void CreateSecurityContent(const std::string &bundleName, const std::string &abilityName,
133         uint32_t code, const std::string &policyName, ErrCode errorCode);
134     void InitAllAdmins();
135     void InitAllPlugins();
136     void InitAllPolices();
137     void RemoveAllDebugAdmin();
138     void AddSystemAbilityListeners();
139     void ConnectAbilityOnSystemUpdate(const UpdateInfo &updateInfo);
140     void OnCommonEventSystemUpdate(const EventFwk::CommonEventData &data);
141     std::shared_ptr<IEdmBundleManager> GetBundleMgr();
142     std::shared_ptr<IEdmAppManager> GetAppMgr();
143     std::shared_ptr<IEdmOsAccountManager> GetOsAccountMgr();
144     ErrCode DoDisableAdmin(const std::string &bundleName, int32_t userId, AdminType adminType);
145     void UnloadPluginTask();
146 
147     static std::mutex mutexLock_;
148     static sptr<EnterpriseDeviceMgrAbility> instance_;
149     std::shared_ptr<PolicyManager> policyMgr_;
150     std::shared_ptr<AdminManager> adminMgr_;
151     std::shared_ptr<PluginManager> pluginMgr_;
152     std::unordered_set<std::string> allowDelegatedPolicies_;
153     bool registerToService_ = false;
154     std::shared_ptr<EventFwk::CommonEventSubscriber> commonEventSubscriber = nullptr;
155     sptr<AppExecFwk::IApplicationStateObserver> appStateObserver_;
156     bool pluginHasInit_ = false;
157     bool notifySignal_ = false;
158     std::chrono::system_clock::time_point lastCallTime_;
159     std::condition_variable waitSignal_;
160     std::mutex waitMutex_;
161 };
162 #ifdef COMMON_EVENT_SERVICE_EDM_ENABLE
163 class EnterpriseDeviceEventSubscriber : public EventFwk::CommonEventSubscriber {
164 public:
165     EnterpriseDeviceEventSubscriber(const EventFwk::CommonEventSubscribeInfo &subscribeInfo,
166         EnterpriseDeviceMgrAbility &listener);
167     ~EnterpriseDeviceEventSubscriber() override = default;
168 
169     void OnReceiveEvent(const EventFwk::CommonEventData &data) override;
170 
171 private:
172     EnterpriseDeviceMgrAbility &listener_;
173 };
174 #endif
175 } // namespace EDM
176 } // namespace OHOS
177 #endif // SERVICES_EDM_INCLUDE_EDM_ENTERPRISE_DEVICE_MGR_ABILITY_H
178