1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "installd/installd_host_impl.h"
17
18 #include <cinttypes>
19 #include <cstdio>
20 #include <fstream>
21 #include <map>
22 #include <memory>
23 #include <sstream>
24 #include <string>
25 #include <sys/stat.h>
26 #include <sys/types.h>
27 #include <sys/xattr.h>
28 #include <unistd.h>
29
30 #include "aot/aot_executor.h"
31 #include "app_log_tag_wrapper.h"
32 #include "bundle_constants.h"
33 #include "bundle_service_constants.h"
34 #if defined(CODE_SIGNATURE_ENABLE)
35 #include "byte_buffer.h"
36 #include "code_sign_utils.h"
37 #endif
38 #include "common_profile.h"
39 #ifdef CONFIG_POLOCY_ENABLE
40 #include "config_policy_utils.h"
41 #endif
42 #include "directory_ex.h"
43 #ifdef WITH_SELINUX
44 #include "hap_restorecon.h"
45 #include "selinux/selinux.h"
46 #ifndef SELINUX_HAP_DEBUGGABLE
47 #define SELINUX_HAP_DEBUGGABLE 2
48 #endif
49 #endif // WITH_SELINUX
50 #include "installd/installd_operator.h"
51 #include "installd/installd_permission_mgr.h"
52 #include "parameters.h"
53 #include "inner_bundle_clone_common.h"
54 #include "storage_acl.h"
55
56 namespace OHOS {
57 namespace AppExecFwk {
58 namespace {
59 const std::string ARK_CACHE_PATH = "/data/local/ark-cache/";
60 const std::string ARK_PROFILE_PATH = "/data/local/ark-profile/";
61 const std::vector<std::string> BUNDLE_DATA_DIR = {
62 "/cache",
63 "/files",
64 "/temp",
65 "/preferences",
66 "/haps"
67 };
68 const std::string CLOUD_FILE_PATH = "/data/service/el2/%/hmdfs/cloud/data/";
69 const std::string BUNDLE_BACKUP_HOME_PATH_EL2 = "/data/service/el2/%/backup/bundles/";
70 const std::string DISTRIBUTED_FILE = "/data/service/el2/%/hmdfs/account/data/";
71 const std::string SHARE_FILE_PATH = "/data/service/el2/%/share/";
72 const std::string BUNDLE_BACKUP_HOME_PATH_EL1 = "/data/service/el1/%/backup/bundles/";
73 const std::string DISTRIBUTED_FILE_NON_ACCOUNT = "/data/service/el2/%/hmdfs/non_account/data/";
74 const std::string BUNDLE_BACKUP_HOME_PATH_EL2_NEW = "/data/app/el2/%/base/";
75 const std::string BUNDLE_BACKUP_HOME_PATH_EL1_NEW = "/data/app/el1/%/base/";
76 const std::string BUNDLE_BACKUP_INNER_DIR = "/.backup";
77 constexpr const char* EXTENSION_CONFIG_DEFAULT_PATH = "/system/etc/ams_extension_config.json";
78 #ifdef CONFIG_POLOCY_ENABLE
79 constexpr const char* EXTENSION_CONFIG_FILE_PATH = "/etc/ams_extension_config.json";
80 #endif
81 constexpr const char* EXTENSION_CONFIG_NAME = "ams_extension_config";
82 constexpr const char* EXTENSION_TYPE_NAME = "extension_type_name";
83 constexpr const char* EXTENSION_SERVICE_NEED_CREATE_SANDBOX = "need_create_sandbox";
84 constexpr const char* SHELL_ENTRY_TXT = "g:2000:rwx";
85 constexpr int32_t INSTALLS_UID = 3060;
86 enum class DirType {
87 DIR_EL1,
88 DIR_EL2,
89 };
90 #if defined(CODE_SIGNATURE_ENABLE)
91 using namespace OHOS::Security::CodeSign;
92 #endif
93 }
94
InstalldHostImpl()95 InstalldHostImpl::InstalldHostImpl()
96 {
97 LOG_I(BMS_TAG_INSTALLD, "installd service instance is created");
98 }
99
~InstalldHostImpl()100 InstalldHostImpl::~InstalldHostImpl()
101 {
102 LOG_I(BMS_TAG_INSTALLD, "installd service instance is destroyed");
103 }
104
CreateBundleDir(const std::string & bundleDir)105 ErrCode InstalldHostImpl::CreateBundleDir(const std::string &bundleDir)
106 {
107 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
108 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
109 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
110 }
111 if (bundleDir.empty()) {
112 LOG_E(BMS_TAG_INSTALLD, "Calling the function CreateBundleDir with invalid param");
113 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
114 }
115 if (InstalldOperator::IsExistDir(bundleDir)) {
116 LOG_W(BMS_TAG_INSTALLD, "bundleDir %{public}s is exist", bundleDir.c_str());
117 OHOS::ForceRemoveDirectory(bundleDir);
118 }
119 if (!InstalldOperator::MkRecursiveDir(bundleDir, true)) {
120 LOG_E(BMS_TAG_INSTALLD, "create bundle dir %{public}s failed, errno:%{public}d", bundleDir.c_str(), errno);
121 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
122 }
123 return ERR_OK;
124 }
125
ExtractModuleFiles(const std::string & srcModulePath,const std::string & targetPath,const std::string & targetSoPath,const std::string & cpuAbi)126 ErrCode InstalldHostImpl::ExtractModuleFiles(const std::string &srcModulePath, const std::string &targetPath,
127 const std::string &targetSoPath, const std::string &cpuAbi)
128 {
129 LOG_D(BMS_TAG_INSTALLD, "ExtractModuleFiles extract original src %{public}s and target src %{public}s",
130 srcModulePath.c_str(), targetPath.c_str());
131 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
132 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
133 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
134 }
135 if (srcModulePath.empty() || targetPath.empty()) {
136 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractModuleFiles with invalid param");
137 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
138 }
139 if (!InstalldOperator::MkRecursiveDir(targetPath, true)) {
140 LOG_E(BMS_TAG_INSTALLD, "create target dir %{public}s failed, errno:%{public}d", targetPath.c_str(), errno);
141 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
142 }
143 if (!InstalldOperator::ExtractFiles(srcModulePath, targetSoPath, cpuAbi)) {
144 LOG_E(BMS_TAG_INSTALLD, "extract %{public}s to %{public}s failed errno:%{public}d",
145 srcModulePath.c_str(), targetPath.c_str(), errno);
146 InstalldOperator::DeleteDir(targetPath);
147 return ERR_APPEXECFWK_INSTALL_DISK_MEM_INSUFFICIENT;
148 }
149 return ERR_OK;
150 }
151
ExtractFiles(const ExtractParam & extractParam)152 ErrCode InstalldHostImpl::ExtractFiles(const ExtractParam &extractParam)
153 {
154 LOG_D(BMS_TAG_INSTALLD, "ExtractFiles extractParam %{public}s", extractParam.ToString().c_str());
155 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
156 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
157 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
158 }
159
160 if (extractParam.srcPath.empty() || extractParam.targetPath.empty()) {
161 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractFiles with invalid param");
162 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
163 }
164
165 if (!InstalldOperator::ExtractFiles(extractParam)) {
166 LOG_E(BMS_TAG_INSTALLD, "extract failed errno:%{public}d", errno);
167 return ERR_APPEXECFWK_INSTALL_DISK_MEM_INSUFFICIENT;
168 }
169
170 return ERR_OK;
171 }
172
173
ExtractHnpFiles(const std::string & hnpPackageInfo,const ExtractParam & extractParam)174 ErrCode InstalldHostImpl::ExtractHnpFiles(const std::string &hnpPackageInfo, const ExtractParam &extractParam)
175 {
176 LOG_D(BMS_TAG_INSTALLD, "ExtractHnpFiles hnpPackageInfo %{public}s", hnpPackageInfo.c_str());
177 LOG_D(BMS_TAG_INSTALLD, "ExtractHnpFiles extractParam %{public}s", extractParam.ToString().c_str());
178 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
179 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
180 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
181 }
182
183 if (extractParam.srcPath.empty() || extractParam.targetPath.empty() || hnpPackageInfo.empty()) {
184 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractFiles with invalid param");
185 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
186 }
187
188 if (!InstalldOperator::ExtractFiles(hnpPackageInfo, extractParam)) {
189 LOG_E(BMS_TAG_INSTALLD, "extract failed errno:%{public}d", errno);
190 return ERR_APPEXECFWK_NATIVE_HNP_EXTRACT_FAILED;
191 }
192
193 return ERR_OK;
194 }
195
ProcessBundleInstallNative(const std::string & userId,const std::string & hnpRootPath,const std::string & hapPath,const std::string & cpuAbi,const std::string & packageName)196 ErrCode InstalldHostImpl::ProcessBundleInstallNative(const std::string &userId, const std::string &hnpRootPath,
197 const std::string &hapPath, const std::string &cpuAbi, const std::string &packageName)
198 {
199 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
200 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
201 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
202 }
203 if (!InstalldOperator::ProcessBundleInstallNative(userId, hnpRootPath, hapPath, cpuAbi, packageName)) {
204 return ERR_APPEXECFWK_NATIVE_INSTALL_FAILED;
205 }
206 return ERR_OK;
207 }
208
ProcessBundleUnInstallNative(const std::string & userId,const std::string & packageName)209 ErrCode InstalldHostImpl::ProcessBundleUnInstallNative(const std::string &userId, const std::string &packageName)
210 {
211 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
212 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
213 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
214 }
215 if (!InstalldOperator::ProcessBundleUnInstallNative(userId, packageName)) {
216 return ERR_APPEXECFWK_NATIVE_UNINSTALL_FAILED;
217 }
218 return ERR_OK;
219 }
220
ExecuteAOT(const AOTArgs & aotArgs,std::vector<uint8_t> & pendSignData)221 ErrCode InstalldHostImpl::ExecuteAOT(const AOTArgs &aotArgs, std::vector<uint8_t> &pendSignData)
222 {
223 LOG_D(BMS_TAG_INSTALLD, "begin to execute AOT, args : %{public}s", aotArgs.ToString().c_str());
224 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
225 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
226 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
227 }
228 ErrCode ret = ERR_OK;
229 AOTExecutor::GetInstance().ExecuteAOT(aotArgs, ret, pendSignData);
230 LOG_D(BMS_TAG_INSTALLD, "execute AOT ret : %{public}d", ret);
231 return ret;
232 }
233
PendSignAOT(const std::string & anFileName,const std::vector<uint8_t> & signData)234 ErrCode InstalldHostImpl::PendSignAOT(const std::string &anFileName, const std::vector<uint8_t> &signData)
235 {
236 LOG_D(BMS_TAG_INSTALLD, "begin to pend sign AOT, anFileName : %{public}s", anFileName.c_str());
237 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
238 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
239 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
240 }
241 ErrCode ret = AOTExecutor::GetInstance().PendSignAOT(anFileName, signData);
242 LOG_D(BMS_TAG_INSTALLD, "pend sign AOT ret : %{public}d", ret);
243 return ret;
244 }
245
StopAOT()246 ErrCode InstalldHostImpl::StopAOT()
247 {
248 LOG_I(BMS_TAG_INSTALLD, "StopAOT begin");
249 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
250 LOG_E(BMS_TAG_INSTALLD, "verify permission failed");
251 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
252 }
253 return AOTExecutor::GetInstance().StopAOT();
254 }
255
DeleteUninstallTmpDirs(const std::vector<std::string> & dirs)256 ErrCode InstalldHostImpl::DeleteUninstallTmpDirs(const std::vector<std::string> &dirs)
257 {
258 LOG_I(BMS_TAG_INSTALLD, "DeleteUninstallTmpDirs begin");
259 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
260 LOG_E(BMS_TAG_INSTALLD, "verify permission failed");
261 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
262 }
263 ErrCode ret = ERR_OK;
264 for (const std::string &dir : dirs) {
265 if (!InstalldOperator::DeleteUninstallTmpDir(dir)) {
266 ret = ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
267 }
268 }
269 return ret;
270 }
271
RenameModuleDir(const std::string & oldPath,const std::string & newPath)272 ErrCode InstalldHostImpl::RenameModuleDir(const std::string &oldPath, const std::string &newPath)
273 {
274 LOG_D(BMS_TAG_INSTALLD, "rename %{public}s to %{public}s", oldPath.c_str(), newPath.c_str());
275 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
276 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
277 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
278 }
279 if (oldPath.empty() || newPath.empty()) {
280 LOG_E(BMS_TAG_INSTALLD, "Calling the function RenameModuleDir with invalid param");
281 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
282 }
283 if (!InstalldOperator::RenameDir(oldPath, newPath)) {
284 LOG_D(BMS_TAG_INSTALLD, "rename module dir %{public}s to %{public}s failed errno:%{public}d",
285 oldPath.c_str(), newPath.c_str(), errno);
286 return ERR_APPEXECFWK_INSTALLD_RNAME_DIR_FAILED;
287 }
288 return ERR_OK;
289 }
290
GetBackupExtDirByType(std::string & bundleBackupDir,const std::string & bundleName,const DirType dirType)291 static void GetBackupExtDirByType(std::string &bundleBackupDir, const std::string &bundleName, const DirType dirType)
292 {
293 switch (dirType) {
294 case DirType::DIR_EL1:
295 bundleBackupDir = BUNDLE_BACKUP_HOME_PATH_EL1 + bundleName;
296 break;
297 case DirType::DIR_EL2:
298 bundleBackupDir = BUNDLE_BACKUP_HOME_PATH_EL2 + bundleName;
299 break;
300 default:
301 break;
302 }
303 }
304
GetNewBackupExtDirByType(std::string & bundleBackupDir,const std::string & bundleName,const DirType dirType)305 static void GetNewBackupExtDirByType(std::string &bundleBackupDir,
306 const std::string &bundleName, const DirType dirType)
307 {
308 switch (dirType) {
309 case DirType::DIR_EL1:
310 bundleBackupDir = BUNDLE_BACKUP_HOME_PATH_EL1_NEW + bundleName + BUNDLE_BACKUP_INNER_DIR;
311 break;
312 case DirType::DIR_EL2:
313 bundleBackupDir = BUNDLE_BACKUP_HOME_PATH_EL2_NEW + bundleName + BUNDLE_BACKUP_INNER_DIR;
314 break;
315 default:
316 break;
317 }
318 }
319
CreateBackupExtHomeDir(const std::string & bundleName,const int32_t userid,const int32_t uid,std::string & bundleBackupDir,const DirType dirType)320 static void CreateBackupExtHomeDir(const std::string &bundleName, const int32_t userid, const int32_t uid,
321 std::string &bundleBackupDir, const DirType dirType)
322 {
323 GetBackupExtDirByType(bundleBackupDir, bundleName, dirType);
324 LOG_D(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir begin, type %{public}d, path %{public}s",
325 dirType, bundleBackupDir.c_str());
326 if (bundleBackupDir.empty()) {
327 LOG_W(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir backup dir empty, type %{public}d", dirType);
328 return;
329 }
330 // Setup BackupExtensionAbility's home directory in a harmless way
331 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
332 if (!InstalldOperator::MkOwnerDir(
333 bundleBackupDir, S_IRWXU | S_IRWXG | S_ISGID, uid, ServiceConstants::BACKU_HOME_GID)) {
334 static std::once_flag logOnce;
335 std::call_once(logOnce, []() {
336 LOG_W(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir MkOwnerDir(backup's home dir) failed errno:%{public}d",
337 errno);
338 });
339 }
340 }
341
CreateNewBackupExtHomeDir(const std::string & bundleName,const int32_t userid,const int32_t uid,std::string & bundleBackupDir,const DirType dirType)342 static void CreateNewBackupExtHomeDir(const std::string &bundleName, const int32_t userid, const int32_t uid,
343 std::string &bundleBackupDir, const DirType dirType)
344 {
345 GetNewBackupExtDirByType(bundleBackupDir, bundleName, dirType);
346 LOG_D(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir begin, type %{public}d, path %{public}s",
347 dirType, bundleBackupDir.c_str());
348 if (bundleBackupDir.empty()) {
349 LOG_W(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir backup dir empty, type %{public}d", dirType);
350 return;
351 }
352 // Setup BackupExtensionAbility's home directory in a harmless way
353 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
354 if (!InstalldOperator::MkOwnerDir(
355 bundleBackupDir, S_IRWXU | S_IRWXG | S_ISGID, uid, ServiceConstants::BACKU_HOME_GID)) {
356 static std::once_flag logOnce;
357 std::call_once(logOnce, []() {
358 LOG_W(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir MkOwnerDir(backup's home dir) failed errno:%{public}d",
359 errno);
360 });
361 }
362 }
363
CreateShareDir(const std::string & bundleName,const int32_t userid,const int32_t uid,const int32_t gid)364 static void CreateShareDir(const std::string &bundleName, const int32_t userid, const int32_t uid, const int32_t gid)
365 {
366 std::string bundleShareDir = SHARE_FILE_PATH + bundleName;
367 bundleShareDir = bundleShareDir.replace(bundleShareDir.find("%"), 1, std::to_string(userid));
368 if (!InstalldOperator::MkOwnerDir(bundleShareDir, S_IRWXU | S_IRWXG | S_ISGID, uid, gid)) {
369 static std::once_flag logOnce;
370 std::call_once(logOnce, []() {
371 LOG_W(BMS_TAG_INSTALLD, "CreateShareDir MkOwnerDir(share's home dir) failed errno:%{public}d", errno);
372 });
373 }
374 }
375
CreateCloudDir(const std::string & bundleName,const int32_t userid,const int32_t uid,const int32_t gid)376 static void CreateCloudDir(const std::string &bundleName, const int32_t userid, const int32_t uid, const int32_t gid)
377 {
378 std::string bundleCloudDir = CLOUD_FILE_PATH + bundleName;
379 bundleCloudDir = bundleCloudDir.replace(bundleCloudDir.find("%"), 1, std::to_string(userid));
380 if (!InstalldOperator::MkOwnerDir(bundleCloudDir, S_IRWXU | S_IRWXG | S_ISGID, uid, gid)) {
381 static std::once_flag logOnce;
382 std::call_once(logOnce, []() {
383 LOG_W(BMS_TAG_INSTALLD, "CreateCloudDir MkOwnerDir(cloud's home dir) failed errno:%{public}d", errno);
384 });
385 }
386 }
CreateBundleDataDirWithVector(const std::vector<CreateDirParam> & createDirParams)387 ErrCode InstalldHostImpl::CreateBundleDataDirWithVector(const std::vector<CreateDirParam> &createDirParams)
388 {
389 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
390 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
391 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
392 }
393 ErrCode res = ERR_OK;
394 for (const auto &item : createDirParams) {
395 auto result = CreateBundleDataDir(item);
396 if (result != ERR_OK) {
397 LOG_E(BMS_TAG_INSTALLD, "CreateBundleDataDir failed in %{public}s, errCode is %{public}d",
398 item.bundleName.c_str(), result);
399 res = result;
400 }
401 }
402 return res;
403 }
404
AclSetDir(bool debug,const std::string & dir,bool setAccess,bool setDefault)405 ErrCode InstalldHostImpl::AclSetDir(bool debug, const std::string &dir, bool setAccess, bool setDefault)
406 {
407 if (!debug) {
408 return ERR_OK;
409 }
410 if (setAccess) {
411 int status = StorageDaemon::AclSetAccess(dir, SHELL_ENTRY_TXT);
412 LOG_I(BMS_TAG_INSTALLD, "AclSetAccess: %{public}d, %{private}s", status, dir.c_str());
413 }
414 if (setDefault) {
415 int status = StorageDaemon::AclSetDefault(dir, SHELL_ENTRY_TXT);
416 LOG_I(BMS_TAG_INSTALLD, "AclSetDefault: %{public}d, %{private}s", status, dir.c_str());
417 }
418 return ERR_OK;
419 }
420
AclSetExtensionDirs(bool debug,const std::string & parentDir,const std::vector<std::string> & extensionDirs,bool setAccess,bool setDefault)421 ErrCode InstalldHostImpl::AclSetExtensionDirs(bool debug, const std::string &parentDir,
422 const std::vector<std::string> &extensionDirs, bool setAccess, bool setDefault)
423 {
424 if (!debug) {
425 return ERR_OK;
426 }
427 if (extensionDirs.empty()) {
428 return ERR_OK;
429 }
430 for (const auto &extension : extensionDirs) {
431 std::string extensionDir = parentDir + extension;
432 AclSetDir(debug, extensionDir, setAccess, setDefault);
433 }
434 return ERR_OK;
435 }
436
CreateBundleDataDir(const CreateDirParam & createDirParam)437 ErrCode InstalldHostImpl::CreateBundleDataDir(const CreateDirParam &createDirParam)
438 {
439 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
440 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
441 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
442 }
443 if (createDirParam.bundleName.empty() || createDirParam.userId < 0 ||
444 createDirParam.uid < 0 || createDirParam.gid < 0) {
445 LOG_E(BMS_TAG_INSTALLD, "Calling the function CreateBundleDataDir with invalid param, bundleName %{public}s "
446 "userId %{public}d uid %{public}d gid %{public}d", createDirParam.bundleName.c_str(),
447 createDirParam.userId, createDirParam.uid, createDirParam.gid);
448 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
449 }
450 unsigned int hapFlags = GetHapFlags(createDirParam.isPreInstallApp, createDirParam.debug,
451 createDirParam.isDlpSandbox);
452 for (const auto &el : ServiceConstants::BUNDLE_EL) {
453 if ((createDirParam.createDirFlag == CreateDirFlag::CREATE_DIR_UNLOCKED) &&
454 (el == ServiceConstants::BUNDLE_EL[0])) {
455 continue;
456 }
457
458 std::string bundleDataDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::BASE;
459 if (access(bundleDataDir.c_str(), F_OK) != 0) {
460 LOG_W(BMS_TAG_INSTALLD, "Base directory %{public}s does not existed, bundleName:%{public}s",
461 bundleDataDir.c_str(), createDirParam.bundleName.c_str());
462 return ERR_OK;
463 }
464 // create base extension dir
465 int mode = createDirParam.debug ? (S_IRWXU | S_IRWXG | S_IRWXO) : S_IRWXU;
466 if (CreateExtensionDir(createDirParam, bundleDataDir, mode, createDirParam.gid) != ERR_OK) {
467 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", bundleDataDir.c_str());
468 }
469 AclSetExtensionDirs(createDirParam.debug, bundleDataDir, createDirParam.extensionDirs, true, true);
470 bundleDataDir += createDirParam.bundleName;
471 if (!InstalldOperator::MkOwnerDir(bundleDataDir, mode, createDirParam.uid, createDirParam.gid)) {
472 LOG_E(BMS_TAG_INSTALLD, "CreateBundledatadir MkOwnerDir failed errno:%{public}d", errno);
473 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
474 }
475 AclSetDir(createDirParam.debug, bundleDataDir, true, true);
476 if (el == ServiceConstants::BUNDLE_EL[1]) {
477 for (const auto &dir : BUNDLE_DATA_DIR) {
478 if (!InstalldOperator::MkOwnerDir(bundleDataDir + dir, mode,
479 createDirParam.uid, createDirParam.gid)) {
480 LOG_E(BMS_TAG_INSTALLD, "CreateBundledatadir MkOwnerDir el2 failed errno:%{public}d", errno);
481 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
482 }
483 }
484 std::string logParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::LOG;
485 std::string logDir = logParentDir + createDirParam.bundleName;
486 if (!InstalldOperator::MkOwnerDir(
487 logDir, S_IRWXU | S_IRWXG, createDirParam.uid, ServiceConstants::LOG_DIR_GID)) {
488 LOG_E(BMS_TAG_INSTALLD, "create log dir failed errno:%{public}d", errno);
489 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
490 }
491 // create log extension dir
492 if (CreateExtensionDir(createDirParam, logParentDir, S_IRWXU | S_IRWXG,
493 ServiceConstants::LOG_DIR_GID, true) != ERR_OK) {
494 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", logParentDir.c_str());
495 }
496 }
497 ErrCode ret = SetDirApl(bundleDataDir, createDirParam.bundleName, createDirParam.apl, hapFlags);
498 if (ret != ERR_OK) {
499 LOG_E(BMS_TAG_INSTALLD, "CreateBundleDataDir SetDirApl failed");
500 return ret;
501 }
502 std::string databaseParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::DATABASE;
503 std::string databaseDir = databaseParentDir + createDirParam.bundleName;
504 mode = createDirParam.debug ? (S_IRWXU | S_IRWXG | S_ISGID | S_IROTH | S_IXOTH) : (S_IRWXU | S_IRWXG | S_ISGID);
505 if (!InstalldOperator::MkOwnerDir(
506 databaseDir, mode, createDirParam.uid, ServiceConstants::DATABASE_DIR_GID)) {
507 LOG_E(BMS_TAG_INSTALLD, "CreateBundle databaseDir MkOwnerDir failed errno:%{public}d", errno);
508 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
509 }
510 AclSetDir(createDirParam.debug, databaseDir, false, true);
511 ret = SetDirApl(databaseDir, createDirParam.bundleName, createDirParam.apl, hapFlags);
512 if (ret != ERR_OK) {
513 LOG_E(BMS_TAG_INSTALLD, "CreateBundleDataDir SetDirApl failed");
514 return ret;
515 }
516 // create database extension dir
517 if (CreateExtensionDir(createDirParam, databaseParentDir, mode,
518 ServiceConstants::DATABASE_DIR_GID) != ERR_OK) {
519 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", databaseParentDir.c_str());
520 }
521 AclSetExtensionDirs(createDirParam.debug, databaseParentDir, createDirParam.extensionDirs, false, true);
522 }
523 std::string distributedfile = DISTRIBUTED_FILE;
524 distributedfile = distributedfile.replace(distributedfile.find("%"), 1, std::to_string(createDirParam.userId));
525 if (!InstalldOperator::MkOwnerDir(distributedfile + createDirParam.bundleName,
526 S_IRWXU | S_IRWXG | S_ISGID, createDirParam.uid, ServiceConstants::DFS_GID)) {
527 LOG_E(BMS_TAG_INSTALLD, "Failed to mk dir for distributedfile errno:%{public}d", errno);
528 }
529
530 distributedfile = DISTRIBUTED_FILE_NON_ACCOUNT;
531 distributedfile = distributedfile.replace(distributedfile.find("%"), 1, std::to_string(createDirParam.userId));
532 if (!InstalldOperator::MkOwnerDir(distributedfile + createDirParam.bundleName,
533 S_IRWXU | S_IRWXG | S_ISGID, createDirParam.uid, ServiceConstants::DFS_GID)) {
534 LOG_E(BMS_TAG_INSTALLD, "Failed to mk dir for non account distributedfile errno:%{public}d", errno);
535 }
536
537 std::string bundleBackupDir;
538 CreateBackupExtHomeDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, bundleBackupDir,
539 DirType::DIR_EL2);
540 ErrCode ret = SetDirApl(bundleBackupDir, createDirParam.bundleName, createDirParam.apl, hapFlags);
541 if (ret != ERR_OK) {
542 LOG_E(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir DIR_EL2 SetDirApl failed, errno is %{public}d", ret);
543 }
544
545 CreateBackupExtHomeDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, bundleBackupDir,
546 DirType::DIR_EL1);
547 ret = SetDirApl(bundleBackupDir, createDirParam.bundleName, createDirParam.apl, hapFlags);
548 if (ret != ERR_OK) {
549 LOG_E(BMS_TAG_INSTALLD, "CreateBackupExtHomeDir DIR_EL1 SetDirApl failed, errno is %{public}d", ret);
550 }
551
552 std::string newBundleBackupDir;
553 CreateNewBackupExtHomeDir(createDirParam.bundleName,
554 createDirParam.userId, createDirParam.uid, newBundleBackupDir, DirType::DIR_EL2);
555 ret = SetDirApl(newBundleBackupDir, createDirParam.bundleName, createDirParam.apl,
556 createDirParam.isPreInstallApp, createDirParam.debug);
557 if (ret != ERR_OK) {
558 LOG_E(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir DIR_EL2 SetDirApl failed, errno is %{public}d", ret);
559 }
560 CreateNewBackupExtHomeDir(createDirParam.bundleName,
561 createDirParam.userId, createDirParam.uid, newBundleBackupDir, DirType::DIR_EL1);
562 ret = SetDirApl(newBundleBackupDir, createDirParam.bundleName, createDirParam.apl,
563 createDirParam.isPreInstallApp, createDirParam.debug);
564 if (ret != ERR_OK) {
565 LOG_E(BMS_TAG_INSTALLD, "CreateNewBackupExtHomeDir DIR_EL1 SetDirApl failed, errno is %{public}d", ret);
566 }
567
568 CreateShareDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, createDirParam.gid);
569 CreateCloudDir(createDirParam.bundleName, createDirParam.userId, createDirParam.uid, ServiceConstants::DFS_GID);
570 return ERR_OK;
571 }
572
CreateExtensionDir(const CreateDirParam & createDirParam,const std::string & parentDir,int32_t mode,int32_t gid,bool isLog)573 ErrCode InstalldHostImpl::CreateExtensionDir(const CreateDirParam &createDirParam, const std::string& parentDir,
574 int32_t mode, int32_t gid, bool isLog)
575 {
576 if (createDirParam.extensionDirs.empty()) {
577 return ERR_OK;
578 }
579 unsigned int hapFlags = GetHapFlags(createDirParam.isPreInstallApp, createDirParam.debug,
580 createDirParam.isDlpSandbox);
581 LOG_I(BMS_TAG_INSTALLD, "CreateExtensionDir parent dir %{public}s for bundle %{public}s",
582 parentDir.c_str(), createDirParam.bundleName.c_str());
583 for (const auto &item : createDirParam.extensionDirs) {
584 std::string extensionDir = parentDir + item;
585 LOG_I(BMS_TAG_INSTALLD, "begin to create extension dir %{public}s", extensionDir.c_str());
586 if (!InstalldOperator::MkOwnerDir(
587 extensionDir, mode, createDirParam.uid, gid)) {
588 LOG_E(BMS_TAG_INSTALLD, "CreateExtension dir %{public}s error %{public}s",
589 extensionDir.c_str(), strerror(errno));
590 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
591 }
592 if (isLog) {
593 continue;
594 }
595 auto ret = SetDirApl(extensionDir, createDirParam.bundleName, createDirParam.apl, hapFlags);
596 if (ret != ERR_OK) {
597 LOG_E(BMS_TAG_INSTALLD, "dir %{public}s SetDirApl failed", extensionDir.c_str());
598 return ret;
599 }
600 }
601 return ERR_OK;
602 }
603
RemoveBackupExtHomeDir(const std::string & bundleName,const int userid,DirType dirType)604 static ErrCode RemoveBackupExtHomeDir(const std::string &bundleName, const int userid, DirType dirType)
605 {
606 std::string bundleBackupDir;
607 GetBackupExtDirByType(bundleBackupDir, bundleName, dirType);
608 LOG_D(BMS_TAG_INSTALLD, "RemoveBackupExtHomeDir begin, type %{public}d, path %{public}s",
609 dirType, bundleBackupDir.c_str());
610 if (bundleBackupDir.empty()) {
611 LOG_W(BMS_TAG_INSTALLD, "RemoveBackupExtHomeDir backup dir empty, type %{public}d", dirType);
612 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
613 }
614 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
615 if (!InstalldOperator::DeleteDir(bundleBackupDir)) {
616 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed, errno is %{public}d", bundleBackupDir.c_str(), errno);
617 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
618 }
619 return ERR_OK;
620 }
621
RemoveNewBackupExtHomeDir(const std::string & bundleName,const int userid,DirType dirType)622 static ErrCode RemoveNewBackupExtHomeDir(const std::string &bundleName, const int userid, DirType dirType)
623 {
624 std::string bundleBackupDir;
625 GetNewBackupExtDirByType(bundleBackupDir, bundleName, dirType);
626 LOG_D(BMS_TAG_INSTALLD, "RemoveNewBackupExtHomeDir begin, type %{public}d, path %{public}s",
627 dirType, bundleBackupDir.c_str());
628 if (bundleBackupDir.empty()) {
629 LOG_W(BMS_TAG_INSTALLD, "RemoveNewBackupExtHomeDir backup dir empty, type %{public}d", dirType);
630 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
631 }
632 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
633 if (!InstalldOperator::DeleteDir(bundleBackupDir)) {
634 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed, errno is %{public}d", bundleBackupDir.c_str(), errno);
635 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
636 }
637 return ERR_OK;
638 }
639
CleanBackupExtHomeDir(const std::string & bundleName,const int userid,DirType dirType)640 static void CleanBackupExtHomeDir(const std::string &bundleName, const int userid, DirType dirType)
641 {
642 std::string bundleBackupDir;
643 GetBackupExtDirByType(bundleBackupDir, bundleName, dirType);
644 LOG_D(BMS_TAG_INSTALLD, "CleanBackupExtHomeDir begin, type %{public}d, path %{public}s",
645 dirType, bundleBackupDir.c_str());
646 if (bundleBackupDir.empty()) {
647 LOG_W(BMS_TAG_INSTALLD, "CleanBackupExtHomeDir backup dir empty, type %{public}d", dirType);
648 return;
649 }
650 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
651 if (!InstalldOperator::DeleteFiles(bundleBackupDir)) {
652 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed, errno is %{public}d", bundleBackupDir.c_str(), errno);
653 }
654 }
655
CleanNewBackupExtHomeDir(const std::string & bundleName,const int userid,DirType dirType)656 static void CleanNewBackupExtHomeDir(const std::string &bundleName, const int userid, DirType dirType)
657 {
658 std::string bundleBackupDir;
659 GetNewBackupExtDirByType(bundleBackupDir, bundleName, dirType);
660 LOG_D(BMS_TAG_INSTALLD, "CleanNewBackupExtHomeDir begin, type %{public}d, path %{public}s",
661 dirType, bundleBackupDir.c_str());
662 if (bundleBackupDir.empty()) {
663 LOG_W(BMS_TAG_INSTALLD, "CleanNewBackupExtHomeDir backup dir empty, type %{public}d", dirType);
664 return;
665 }
666 bundleBackupDir = bundleBackupDir.replace(bundleBackupDir.find("%"), 1, std::to_string(userid));
667 if (!InstalldOperator::DeleteFiles(bundleBackupDir)) {
668 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed, errno is %{public}d", bundleBackupDir.c_str(), errno);
669 }
670 }
671
RemoveDistributedDir(const std::string & bundleName,const int userid)672 static ErrCode RemoveDistributedDir(const std::string &bundleName, const int userid)
673 {
674 std::string distributedFile = DISTRIBUTED_FILE + bundleName;
675 distributedFile = distributedFile.replace(distributedFile.find("%"), 1, std::to_string(userid));
676 if (!InstalldOperator::DeleteDir(distributedFile)) {
677 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed, errno is %{public}d", distributedFile.c_str(), errno);
678 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
679 }
680 std::string fileNonAccount = DISTRIBUTED_FILE_NON_ACCOUNT + bundleName;
681 fileNonAccount = fileNonAccount.replace(fileNonAccount.find("%"), 1, std::to_string(userid));
682 if (!InstalldOperator::DeleteDir(fileNonAccount)) {
683 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed, errno is %{public}d", fileNonAccount.c_str(), errno);
684 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
685 }
686 return ERR_OK;
687 }
688
CleanDistributedDir(const std::string & bundleName,const int userid)689 static void CleanDistributedDir(const std::string &bundleName, const int userid)
690 {
691 std::string distributedFile = DISTRIBUTED_FILE + bundleName;
692 distributedFile = distributedFile.replace(distributedFile.find("%"), 1, std::to_string(userid));
693 if (!InstalldOperator::DeleteFiles(distributedFile)) {
694 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed, errno is %{public}d", distributedFile.c_str(), errno);
695 }
696 std::string fileNonAccount = DISTRIBUTED_FILE_NON_ACCOUNT + bundleName;
697 fileNonAccount = fileNonAccount.replace(fileNonAccount.find("%"), 1, std::to_string(userid));
698 if (!InstalldOperator::DeleteFiles(fileNonAccount)) {
699 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed, errno is %{public}d", fileNonAccount.c_str(), errno);
700 }
701 }
702
RemoveShareDir(const std::string & bundleName,const int userid)703 static ErrCode RemoveShareDir(const std::string &bundleName, const int userid)
704 {
705 std::string shareFileDir = SHARE_FILE_PATH + bundleName;
706 shareFileDir = shareFileDir.replace(shareFileDir.find("%"), 1, std::to_string(userid));
707 if (!InstalldOperator::DeleteDir(shareFileDir)) {
708 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", shareFileDir.c_str(), errno);
709 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
710 }
711 return ERR_OK;
712 }
713
CleanShareDir(const std::string & bundleName,const int userid)714 static void CleanShareDir(const std::string &bundleName, const int userid)
715 {
716 std::string shareFileDir = SHARE_FILE_PATH + bundleName;
717 shareFileDir = shareFileDir.replace(shareFileDir.find("%"), 1, std::to_string(userid));
718 if (!InstalldOperator::DeleteFiles(shareFileDir)) {
719 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", shareFileDir.c_str(), errno);
720 }
721 }
722
RemoveCloudDir(const std::string & bundleName,const int userid)723 static ErrCode RemoveCloudDir(const std::string &bundleName, const int userid)
724 {
725 std::string cloudFileDir = CLOUD_FILE_PATH + bundleName;
726 cloudFileDir = cloudFileDir.replace(cloudFileDir.find("%"), 1, std::to_string(userid));
727 if (!InstalldOperator::DeleteDir(cloudFileDir)) {
728 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", cloudFileDir.c_str(), errno);
729 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
730 }
731 return ERR_OK;
732 }
733
CleanCloudDir(const std::string & bundleName,const int userid)734 static void CleanCloudDir(const std::string &bundleName, const int userid)
735 {
736 std::string cloudFileDir = CLOUD_FILE_PATH + bundleName;
737 cloudFileDir = cloudFileDir.replace(cloudFileDir.find("%"), 1, std::to_string(userid));
738 if (!InstalldOperator::DeleteFiles(cloudFileDir)) {
739 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", cloudFileDir.c_str(), errno);
740 }
741 }
742
CleanBundleDataForEl2(const std::string & bundleName,const int userid,const int appIndex)743 static void CleanBundleDataForEl2(const std::string &bundleName, const int userid, const int appIndex)
744 {
745 std::string suffixName = bundleName;
746 if (appIndex > 0) {
747 suffixName = BundleCloneCommonHelper::GetCloneDataDir(bundleName, appIndex);
748 }
749 std::string dataDir = ServiceConstants::BUNDLE_APP_DATA_BASE_DIR + ServiceConstants::BUNDLE_EL[1] +
750 ServiceConstants::PATH_SEPARATOR + std::to_string(userid);
751 std::string databaseDir = dataDir + ServiceConstants::DATABASE + suffixName;
752 if (!InstalldOperator::DeleteFiles(databaseDir)) {
753 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", databaseDir.c_str(), errno);
754 }
755 std::string logDir = dataDir + ServiceConstants::LOG + suffixName;
756 if (!InstalldOperator::DeleteFiles(logDir)) {
757 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", logDir.c_str(), errno);
758 }
759 std::string bundleDataDir = dataDir + ServiceConstants::BASE + suffixName;
760 for (const auto &dir : BUNDLE_DATA_DIR) {
761 std::string subDir = bundleDataDir + dir;
762 if (!InstalldOperator::DeleteFiles(subDir)) {
763 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", subDir.c_str(), errno);
764 }
765 }
766 if (!InstalldOperator::DeleteFilesExceptDirs(bundleDataDir, BUNDLE_DATA_DIR)) {
767 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", bundleDataDir.c_str(), errno);
768 }
769 }
770
RemoveBundleDataDir(const std::string & bundleName,const int32_t userId,bool isAtomicService,const bool async)771 ErrCode InstalldHostImpl::RemoveBundleDataDir(const std::string &bundleName, const int32_t userId,
772 bool isAtomicService, const bool async)
773 {
774 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::RemoveBundleDataDir bundleName:%{public}s", bundleName.c_str());
775 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
776 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
777 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
778 }
779 if (bundleName.empty() || userId < 0) {
780 LOG_E(BMS_TAG_INSTALLD, "Calling the function CreateBundleDataDir with invalid param");
781 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
782 }
783 if (isAtomicService) {
784 LOG_I(BMS_TAG_INSTALLD, "bundleName:%{public}s is atomic service, need process", bundleName.c_str());
785 return InnerRemoveAtomicServiceBundleDataDir(bundleName, userId, async);
786 }
787
788 ErrCode result = InnerRemoveBundleDataDir(bundleName, userId, async);
789 if (result != ERR_OK) {
790 return InnerRemoveBundleDataDir(bundleName, userId, async);
791 }
792 return ERR_OK;
793 }
794
RemoveModuleDataDir(const std::string & ModuleDir,const int userid)795 ErrCode InstalldHostImpl::RemoveModuleDataDir(const std::string &ModuleDir, const int userid)
796 {
797 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::RemoveModuleDataDir ModuleDir:%{public}s", ModuleDir.c_str());
798 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
799 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
800 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
801 }
802 if (ModuleDir.empty() || userid < 0) {
803 LOG_E(BMS_TAG_INSTALLD, "Calling the function CreateModuleDataDir with invalid param");
804 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
805 }
806
807 for (const auto &el : ServiceConstants::BUNDLE_EL) {
808 std::string moduleDataDir = GetBundleDataDir(el, userid) + ServiceConstants::BASE + ModuleDir;
809 if (!InstalldOperator::DeleteDir(moduleDataDir)) {
810 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", moduleDataDir.c_str(), errno);
811 }
812 }
813 return ERR_OK;
814 }
815
RemoveDir(const std::string & dir)816 ErrCode InstalldHostImpl::RemoveDir(const std::string &dir)
817 {
818 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::RemoveDir:%{public}s", dir.c_str());
819 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
820 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
821 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
822 }
823 if (dir.empty()) {
824 LOG_E(BMS_TAG_INSTALLD, "Calling the function RemoveDir with invalid param");
825 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
826 }
827 if (!InstalldOperator::DeleteDir(dir)) {
828 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", dir.c_str(), errno);
829 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
830 }
831 return ERR_OK;
832 }
833
GetDiskUsage(const std::string & dir,bool isRealPath)834 int64_t InstalldHostImpl::GetDiskUsage(const std::string &dir, bool isRealPath)
835 {
836 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
837 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
838 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
839 }
840
841 return InstalldOperator::GetDiskUsage(dir, isRealPath);
842 }
843
CleanBundleDataDir(const std::string & dataDir)844 ErrCode InstalldHostImpl::CleanBundleDataDir(const std::string &dataDir)
845 {
846 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::CleanBundleDataDir start");
847 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
848 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
849 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
850 }
851 if (dataDir.empty()) {
852 LOG_E(BMS_TAG_INSTALLD, "Calling the function CleanBundleDataDir with invalid param");
853 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
854 }
855
856 if (!InstalldOperator::DeleteFiles(dataDir)) {
857 LOG_E(BMS_TAG_INSTALLD, "CleanBundleDataDir delete files failed errno:%{public}d", errno);
858 return ERR_APPEXECFWK_INSTALLD_CLEAN_DIR_FAILED;
859 }
860 return ERR_OK;
861 }
862
CleanBundleDataDirByName(const std::string & bundleName,const int userid,const int appIndex)863 ErrCode InstalldHostImpl::CleanBundleDataDirByName(const std::string &bundleName, const int userid, const int appIndex)
864 {
865 LOG_D(BMS_TAG_INSTALLD,
866 "InstalldHostImpl::CleanBundleDataDirByName bundleName:%{public}s,userid:%{public}d,appIndex:%{public}d",
867 bundleName.c_str(), userid, appIndex);
868 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
869 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
870 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
871 }
872 if (bundleName.empty() || userid < 0 || appIndex < 0 || appIndex > Constants::INITIAL_SANDBOX_APP_INDEX) {
873 LOG_E(BMS_TAG_INSTALLD, "Calling the function CleanBundleDataDirByName with invalid param");
874 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
875 }
876 std::string suffixName = bundleName;
877 std::vector<std::string> elPath(ServiceConstants::BUNDLE_EL);
878 elPath.push_back(ServiceConstants::DIR_EL5);
879 for (const auto &el : elPath) {
880 if (el == ServiceConstants::BUNDLE_EL[1]) {
881 CleanBundleDataForEl2(bundleName, userid, appIndex);
882 continue;
883 }
884 if (appIndex > 0) {
885 suffixName = BundleCloneCommonHelper::GetCloneDataDir(bundleName, appIndex);
886 }
887 std::string bundleDataDir = GetBundleDataDir(el, userid) + ServiceConstants::BASE + suffixName;
888 if (!InstalldOperator::DeleteFiles(bundleDataDir)) {
889 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", bundleDataDir.c_str(), errno);
890 }
891 std::string databaseDir = GetBundleDataDir(el, userid) + ServiceConstants::DATABASE + suffixName;
892 if (!InstalldOperator::DeleteFiles(databaseDir)) {
893 LOG_W(BMS_TAG_INSTALLD, "clean dir %{public}s failed errno:%{public}d", databaseDir.c_str(), errno);
894 }
895 }
896 CleanShareDir(bundleName, userid);
897 CleanCloudDir(bundleName, userid);
898 CleanBackupExtHomeDir(bundleName, userid, DirType::DIR_EL2);
899 CleanBackupExtHomeDir(bundleName, userid, DirType::DIR_EL1);
900 CleanNewBackupExtHomeDir(bundleName, userid, DirType::DIR_EL2);
901 CleanNewBackupExtHomeDir(bundleName, userid, DirType::DIR_EL1);
902 CleanDistributedDir(bundleName, userid);
903 return ERR_OK;
904 }
905
GetBundleDataDir(const std::string & el,const int userid) const906 std::string InstalldHostImpl::GetBundleDataDir(const std::string &el, const int userid) const
907 {
908 std::string dataDir = ServiceConstants::BUNDLE_APP_DATA_BASE_DIR +
909 el +
910 ServiceConstants::PATH_SEPARATOR +
911 std::to_string(userid);
912 return dataDir;
913 }
914
GetAppDataPath(const std::string & bundleName,const std::string & el,const int32_t userId,const int32_t appIndex)915 std::string InstalldHostImpl::GetAppDataPath(const std::string &bundleName, const std::string &el,
916 const int32_t userId, const int32_t appIndex)
917 {
918 if (appIndex == 0) {
919 return ServiceConstants::BUNDLE_APP_DATA_BASE_DIR + el + ServiceConstants::PATH_SEPARATOR +
920 std::to_string(userId) + ServiceConstants::BASE + bundleName;
921 } else {
922 std::string innerDataDir = BundleCloneCommonHelper::GetCloneDataDir(bundleName, appIndex);
923 return ServiceConstants::BUNDLE_APP_DATA_BASE_DIR + el + ServiceConstants::PATH_SEPARATOR +
924 std::to_string(userId) + ServiceConstants::BASE + innerDataDir;
925 }
926 }
927
GetAppCacheSize(const std::string & bundleName,const int32_t userId,const int32_t appIndex,const std::vector<std::string> & moduleNameList)928 int64_t InstalldHostImpl::GetAppCacheSize(const std::string &bundleName,
929 const int32_t userId, const int32_t appIndex, const std::vector<std::string> &moduleNameList)
930 {
931 std::string bundleNameDir = bundleName;
932 if (appIndex > 0) {
933 bundleNameDir = BundleCloneCommonHelper::GetCloneDataDir(bundleName, appIndex);
934 }
935 std::vector<std::string> cachePaths;
936 std::vector<std::string> elPath(ServiceConstants::BUNDLE_EL);
937 elPath.push_back(ServiceConstants::DIR_EL5);
938 for (const auto &el : elPath) {
939 cachePaths.push_back(std::string(ServiceConstants::BUNDLE_APP_DATA_BASE_DIR) + el +
940 ServiceConstants::PATH_SEPARATOR + std::to_string(userId) + ServiceConstants::BASE +
941 bundleNameDir + ServiceConstants::PATH_SEPARATOR + Constants::CACHE_DIR);
942 for (const auto &moduleName : moduleNameList) {
943 std::string moduleCachePath = std::string(ServiceConstants::BUNDLE_APP_DATA_BASE_DIR) + el +
944 ServiceConstants::PATH_SEPARATOR + std::to_string(userId) + ServiceConstants::BASE + bundleNameDir +
945 ServiceConstants::HAPS + moduleName + ServiceConstants::PATH_SEPARATOR + Constants::CACHE_DIR;
946 cachePaths.push_back(moduleCachePath);
947 LOG_D(BMS_TAG_INSTALLD, "GetBundleStats, add module cache path: %{public}s", moduleCachePath.c_str());
948 }
949 }
950 return InstalldOperator::GetDiskUsageFromPath(cachePaths);
951 }
952
GetBundleStats(const std::string & bundleName,const int32_t userId,std::vector<int64_t> & bundleStats,const int32_t uid,const int32_t appIndex,const uint32_t statFlag,const std::vector<std::string> & moduleNameList)953 ErrCode InstalldHostImpl::GetBundleStats(const std::string &bundleName, const int32_t userId,
954 std::vector<int64_t> &bundleStats, const int32_t uid, const int32_t appIndex,
955 const uint32_t statFlag, const std::vector<std::string> &moduleNameList)
956 {
957 LOG_D(BMS_TAG_INSTALLD,
958 "GetBundleStats, bundleName = %{public}s, userId = %{public}d, uid = %{public}d, appIndex = %{public}d",
959 bundleName.c_str(), userId, uid, appIndex);
960 LOG_D(BMS_TAG_INSTALLD,
961 "GetBundleStats, statFlag = %{public}d", statFlag);
962 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
963 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
964 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
965 }
966 if (bundleName.empty()) {
967 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
968 }
969 bundleStats = {0, 0, 0, 0, 0};
970 std::vector<std::string> bundlePath;
971 bundlePath.push_back(std::string(Constants::BUNDLE_CODE_DIR) + ServiceConstants::PATH_SEPARATOR + bundleName);
972 int64_t appDataSize = 0;
973 int64_t bundleDataSize = 0;
974 int64_t bundleCacheSize = 0;
975 if ((statFlag & OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_INSTALL_SIZE) !=
976 OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_INSTALL_SIZE) {
977 appDataSize = appIndex == 0 ? InstalldOperator::GetDiskUsageFromPath(bundlePath) : 0;
978 }
979 if ((statFlag & OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_DATA_SIZE) !=
980 OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_DATA_SIZE) {
981 bundleDataSize = InstalldOperator::GetDiskUsageFromQuota(uid);
982 }
983 if ((statFlag & OHOS::AppExecFwk::Constants::GET_BUNDLE_WITHOUT_CACHE_SIZE) !=
984 OHOS::AppExecFwk::Constants::NoGetBundleStatsFlag::GET_BUNDLE_WITHOUT_CACHE_SIZE) {
985 bundleCacheSize = GetAppCacheSize(bundleName, userId, appIndex, moduleNameList);
986 }
987 // index 0 : bundle data size
988 bundleStats[0] = appDataSize;
989 // index 1 : local bundle data size
990 bundleStats[1] = bundleDataSize;
991 // index 4 : cache size
992 bundleStats[4] = bundleCacheSize;
993 return ERR_OK;
994 }
995
GetAllBundleStats(const int32_t userId,std::vector<int64_t> & bundleStats,const std::vector<int32_t> & uids)996 ErrCode InstalldHostImpl::GetAllBundleStats(const int32_t userId,
997 std::vector<int64_t> &bundleStats, const std::vector<int32_t> &uids)
998 {
999 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1000 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1001 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1002 }
1003 if (uids.empty()) {
1004 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1005 }
1006 int64_t totalFileSize = InstalldOperator::GetDiskUsageFromQuota(INSTALLS_UID);
1007 int64_t totalDataSize = 0;
1008 for (size_t index = 0; index < uids.size(); ++index) {
1009 const auto &uid = uids[index];
1010 int64_t bundleDataSize = InstalldOperator::GetDiskUsageFromQuota(uid);
1011 // index 1 : local bundle data size
1012 totalDataSize += bundleDataSize;
1013 }
1014 bundleStats.push_back(totalFileSize);
1015 bundleStats.push_back(totalDataSize);
1016 bundleStats.push_back(0);
1017 bundleStats.push_back(0);
1018 bundleStats.push_back(0);
1019 return ERR_OK;
1020 }
1021
GetHapFlags(const bool isPreInstallApp,const bool debug,const bool isDlpSandbox)1022 unsigned int InstalldHostImpl::GetHapFlags(const bool isPreInstallApp, const bool debug, const bool isDlpSandbox)
1023 {
1024 unsigned int hapFlags = 0;
1025 #ifdef WITH_SELINUX
1026 hapFlags = isPreInstallApp ? SELINUX_HAP_RESTORECON_PREINSTALLED_APP : 0;
1027 hapFlags |= debug ? SELINUX_HAP_DEBUGGABLE : 0;
1028 hapFlags |= isDlpSandbox ? SELINUX_HAP_DLP : 0;
1029 #endif
1030 return hapFlags;
1031 }
1032
SetDirApl(const std::string & dir,const std::string & bundleName,const std::string & apl,bool isPreInstallApp,bool debug)1033 ErrCode InstalldHostImpl::SetDirApl(const std::string &dir, const std::string &bundleName, const std::string &apl,
1034 bool isPreInstallApp, bool debug)
1035 {
1036 unsigned int hapFlags = GetHapFlags(isPreInstallApp, debug, false);
1037 return SetDirApl(dir, bundleName, apl, hapFlags);
1038 }
1039
SetDirApl(const std::string & dir,const std::string & bundleName,const std::string & apl,unsigned int hapFlags)1040 ErrCode InstalldHostImpl::SetDirApl(const std::string &dir, const std::string &bundleName, const std::string &apl,
1041 unsigned int hapFlags)
1042 {
1043 #ifdef WITH_SELINUX
1044 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1045 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1046 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1047 }
1048 if (dir.empty() || bundleName.empty()) {
1049 LOG_E(BMS_TAG_INSTALLD, "Calling the function SetDirApl with invalid param");
1050 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1051 }
1052 HapFileInfo hapFileInfo;
1053 hapFileInfo.pathNameOrig.push_back(dir);
1054 hapFileInfo.apl = apl;
1055 hapFileInfo.packageName = bundleName;
1056 hapFileInfo.flags = SELINUX_HAP_RESTORECON_RECURSE;
1057 hapFileInfo.hapFlags = hapFlags;
1058 HapContext hapContext;
1059 int ret = hapContext.HapFileRestorecon(hapFileInfo);
1060 if (ret != 0) {
1061 LOG_E(BMS_TAG_INSTALLD, "HapFileRestorecon path: %{public}s failed, apl: %{public}s, errcode:%{public}d",
1062 dir.c_str(), apl.c_str(), ret);
1063 return ERR_APPEXECFWK_INSTALLD_SET_SELINUX_LABEL_FAILED;
1064 }
1065 return ret;
1066 #else
1067 return ERR_OK;
1068 #endif // WITH_SELINUX
1069 }
1070
GetBundleCachePath(const std::string & dir,std::vector<std::string> & cachePath)1071 ErrCode InstalldHostImpl::GetBundleCachePath(const std::string &dir, std::vector<std::string> &cachePath)
1072 {
1073 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::GetBundleCachePath start");
1074 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1075 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1076 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1077 }
1078 if (dir.empty()) {
1079 LOG_E(BMS_TAG_INSTALLD, "Calling the function GetBundleCachePath with invalid param");
1080 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1081 }
1082 InstalldOperator::TraverseCacheDirectory(dir, cachePath);
1083 return ERR_OK;
1084 }
1085
ScanDir(const std::string & dir,ScanMode scanMode,ResultMode resultMode,std::vector<std::string> & paths)1086 ErrCode InstalldHostImpl::ScanDir(
1087 const std::string &dir, ScanMode scanMode, ResultMode resultMode, std::vector<std::string> &paths)
1088 {
1089 LOG_D(BMS_TAG_INSTALLD, "InstalldHostImpl::Scan start %{public}s", dir.c_str());
1090 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1091 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1092 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1093 }
1094 if (dir.empty()) {
1095 LOG_E(BMS_TAG_INSTALLD, "Calling the function Scan with invalid param");
1096 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1097 }
1098
1099 InstalldOperator::ScanDir(dir, scanMode, resultMode, paths);
1100 return ERR_OK;
1101 }
1102
MoveFile(const std::string & oldPath,const std::string & newPath)1103 ErrCode InstalldHostImpl::MoveFile(const std::string &oldPath, const std::string &newPath)
1104 {
1105 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1106 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1107 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1108 }
1109 if (!InstalldOperator::MoveFile(oldPath, newPath)) {
1110 LOG_E(BMS_TAG_INSTALLD, "Move file %{public}s to %{public}s failed errno:%{public}d",
1111 oldPath.c_str(), newPath.c_str(), errno);
1112 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
1113 }
1114 return ERR_OK;
1115 }
1116
CopyFile(const std::string & oldPath,const std::string & newPath,const std::string & signatureFilePath)1117 ErrCode InstalldHostImpl::CopyFile(const std::string &oldPath, const std::string &newPath,
1118 const std::string &signatureFilePath)
1119 {
1120 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1121 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1122 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1123 }
1124 if (!InstalldOperator::CopyFileFast(oldPath, newPath)) {
1125 LOG_E(BMS_TAG_INSTALLD, "Copy file %{public}s to %{public}s failed errno:%{public}d",
1126 oldPath.c_str(), newPath.c_str(), errno);
1127 return ERR_APPEXECFWK_INSTALLD_COPY_FILE_FAILED;
1128 }
1129 mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
1130 if (!OHOS::ChangeModeFile(newPath, mode)) {
1131 LOG_E(BMS_TAG_INSTALLD, "change mode failed");
1132 return ERR_APPEXECFWK_INSTALLD_COPY_FILE_FAILED;
1133 }
1134
1135 if (signatureFilePath.empty()) {
1136 LOG_D(BMS_TAG_INSTALLD, "signature file path is empty and no need to process code signature");
1137 return ERR_OK;
1138 }
1139
1140 #if defined(CODE_SIGNATURE_ENABLE)
1141 Security::CodeSign::EntryMap entryMap = {{ ServiceConstants::CODE_SIGNATURE_HAP, newPath }};
1142 ErrCode ret = Security::CodeSign::CodeSignUtils::EnforceCodeSignForApp(entryMap, signatureFilePath);
1143 if (ret != ERR_OK) {
1144 LOG_E(BMS_TAG_INSTALLD, "hap or hsp code signature failed due to %{public}d", ret);
1145 return ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FAILED;
1146 }
1147 #endif
1148 return ERR_OK;
1149 }
1150
Mkdir(const std::string & dir,const int32_t mode,const int32_t uid,const int32_t gid)1151 ErrCode InstalldHostImpl::Mkdir(
1152 const std::string &dir, const int32_t mode, const int32_t uid, const int32_t gid)
1153 {
1154 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1155 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1156 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1157 }
1158 LOG_D(BMS_TAG_INSTALLD, "Mkdir start %{public}s", dir.c_str());
1159 if (dir.empty()) {
1160 LOG_E(BMS_TAG_INSTALLD, "Calling the function Mkdir with invalid param");
1161 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1162 }
1163
1164 if (!InstalldOperator::MkOwnerDir(dir, mode, uid, gid)) {
1165 LOG_E(BMS_TAG_INSTALLD, "Mkdir %{public}s failed errno:%{public}d", dir.c_str(), errno);
1166 return ERR_APPEXECFWK_INSTALLD_MKDIR_FAILED;
1167 }
1168
1169 return ERR_OK;
1170 }
1171
GetFileStat(const std::string & file,FileStat & fileStat)1172 ErrCode InstalldHostImpl::GetFileStat(const std::string &file, FileStat &fileStat)
1173 {
1174 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1175 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1176 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1177 }
1178
1179 LOG_D(BMS_TAG_INSTALLD, "GetFileStat start %{public}s", file.c_str());
1180 struct stat s;
1181 if (stat(file.c_str(), &s) != 0) {
1182 LOG_E(BMS_TAG_INSTALLD, "Stat file(%{public}s) failed", file.c_str());
1183 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1184 }
1185
1186 fileStat.uid = static_cast<int32_t>(s.st_uid);
1187 fileStat.gid = static_cast<int32_t>(s.st_gid);
1188 fileStat.lastModifyTime = static_cast<int64_t>(s.st_mtime);
1189 fileStat.isDir = s.st_mode & S_IFDIR;
1190 fileStat.mode = static_cast<int32_t>(s.st_mode);
1191 return ERR_OK;
1192 }
1193
ExtractDiffFiles(const std::string & filePath,const std::string & targetPath,const std::string & cpuAbi)1194 ErrCode InstalldHostImpl::ExtractDiffFiles(const std::string &filePath, const std::string &targetPath,
1195 const std::string &cpuAbi)
1196 {
1197 if (filePath.empty() || targetPath.empty()) {
1198 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractDiffFiles with invalid param");
1199 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1200 }
1201 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1202 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1203 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1204 }
1205 if (!InstalldOperator::ExtractDiffFiles(filePath, targetPath, cpuAbi)) {
1206 LOG_E(BMS_TAG_INSTALLD, "fail to ExtractDiffFiles errno:%{public}d", errno);
1207 return ERR_BUNDLEMANAGER_QUICK_FIX_EXTRACT_DIFF_FILES_FAILED;
1208 }
1209 return ERR_OK;
1210 }
1211
ApplyDiffPatch(const std::string & oldSoPath,const std::string & diffFilePath,const std::string & newSoPath,int32_t uid)1212 ErrCode InstalldHostImpl::ApplyDiffPatch(const std::string &oldSoPath, const std::string &diffFilePath,
1213 const std::string &newSoPath, int32_t uid)
1214 {
1215 if (oldSoPath.empty() || diffFilePath.empty() || newSoPath.empty()) {
1216 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractDiffFiles with invalid param");
1217 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1218 }
1219 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1220 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1221 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1222 }
1223 if (!InstalldOperator::ApplyDiffPatch(oldSoPath, diffFilePath, newSoPath, uid)) {
1224 LOG_E(BMS_TAG_INSTALLD, "fail to ApplyDiffPatch errno:%{public}d", errno);
1225 return ERR_BUNDLEMANAGER_QUICK_FIX_APPLY_DIFF_PATCH_FAILED;
1226 }
1227 return ERR_OK;
1228 }
1229
IsExistDir(const std::string & dir,bool & isExist)1230 ErrCode InstalldHostImpl::IsExistDir(const std::string &dir, bool &isExist)
1231 {
1232 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1233 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1234 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1235 }
1236 isExist = InstalldOperator::IsExistDir(dir);
1237 return ERR_OK;
1238 }
1239
IsExistFile(const std::string & path,bool & isExist)1240 ErrCode InstalldHostImpl::IsExistFile(const std::string &path, bool &isExist)
1241 {
1242 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1243 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1244 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1245 }
1246 isExist = InstalldOperator::IsExistFile(path);
1247 return ERR_OK;
1248 }
1249
IsExistApFile(const std::string & path,bool & isExist)1250 ErrCode InstalldHostImpl::IsExistApFile(const std::string &path, bool &isExist)
1251 {
1252 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1253 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1254 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1255 }
1256 isExist = InstalldOperator::IsExistApFile(path);
1257 return ERR_OK;
1258 }
1259
IsDirEmpty(const std::string & dir,bool & isDirEmpty)1260 ErrCode InstalldHostImpl::IsDirEmpty(const std::string &dir, bool &isDirEmpty)
1261 {
1262 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1263 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1264 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1265 }
1266 isDirEmpty = InstalldOperator::IsDirEmpty(dir);
1267 return ERR_OK;
1268 }
1269
ObtainQuickFixFileDir(const std::string & dir,std::vector<std::string> & dirVec)1270 ErrCode InstalldHostImpl::ObtainQuickFixFileDir(const std::string &dir, std::vector<std::string> &dirVec)
1271 {
1272 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1273 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1274 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1275 }
1276 InstalldOperator::ObtainQuickFixFileDir(dir, dirVec);
1277 return ERR_OK;
1278 }
1279
CopyFiles(const std::string & sourceDir,const std::string & destinationDir)1280 ErrCode InstalldHostImpl::CopyFiles(const std::string &sourceDir, const std::string &destinationDir)
1281 {
1282 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1283 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1284 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1285 }
1286
1287 InstalldOperator::CopyFiles(sourceDir, destinationDir);
1288 return ERR_OK;
1289 }
1290
GetNativeLibraryFileNames(const std::string & filePath,const std::string & cpuAbi,std::vector<std::string> & fileNames)1291 ErrCode InstalldHostImpl::GetNativeLibraryFileNames(const std::string &filePath, const std::string &cpuAbi,
1292 std::vector<std::string> &fileNames)
1293 {
1294 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1295 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1296 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1297 }
1298 if (filePath.empty()) {
1299 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractDiffFiles with invalid param");
1300 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1301 }
1302 InstalldOperator::GetNativeLibraryFileNames(filePath, cpuAbi, fileNames);
1303 return ERR_OK;
1304 }
1305
VerifyCodeSignature(const CodeSignatureParam & codeSignatureParam)1306 ErrCode InstalldHostImpl::VerifyCodeSignature(const CodeSignatureParam &codeSignatureParam)
1307 {
1308 LOG_D(BMS_TAG_INSTALLD, "start to process the code signature for so files");
1309 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1310 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1311 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1312 }
1313 LOG_D(BMS_TAG_INSTALLD, "code sign param is %{public}s", codeSignatureParam.ToString().c_str());
1314 if (codeSignatureParam.modulePath.empty()) {
1315 LOG_E(BMS_TAG_INSTALLD, "Calling the function VerifyCodeSignature with invalid param");
1316 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1317 }
1318 if (!InstalldOperator::VerifyCodeSignature(codeSignatureParam)) {
1319 LOG_E(BMS_TAG_INSTALLD, "verify code signature failed");
1320 return ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FAILED;
1321 }
1322 return ERR_OK;
1323 }
1324
CheckEncryption(const CheckEncryptionParam & checkEncryptionParam,bool & isEncryption)1325 ErrCode InstalldHostImpl::CheckEncryption(const CheckEncryptionParam &checkEncryptionParam, bool &isEncryption)
1326 {
1327 LOG_D(BMS_TAG_INSTALLD, "start to process check encryption");
1328 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1329 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1330 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1331 }
1332
1333 if (checkEncryptionParam.modulePath.empty()) {
1334 LOG_E(BMS_TAG_INSTALLD, "Calling the function CheckEncryption with invalid param");
1335 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1336 }
1337 if (!InstalldOperator::CheckEncryption(checkEncryptionParam, isEncryption)) {
1338 LOG_E(BMS_TAG_INSTALLD, "check encryption failed");
1339 return ERR_APPEXECFWK_INSTALL_CHECK_ENCRYPTION_FAILED;
1340 }
1341 return ERR_OK;
1342 }
1343
MoveFiles(const std::string & srcDir,const std::string & desDir)1344 ErrCode InstalldHostImpl::MoveFiles(const std::string &srcDir, const std::string &desDir)
1345 {
1346 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1347 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1348 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1349 }
1350
1351 if (srcDir.empty() || desDir.empty()) {
1352 LOG_E(BMS_TAG_INSTALLD, "Calling the function MoveFiles with invalid param");
1353 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1354 }
1355 if (!InstalldOperator::MoveFiles(srcDir, desDir)) {
1356 LOG_E(BMS_TAG_INSTALLD, "move files failed errno:%{public}d", errno);
1357 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
1358 }
1359 return ERR_OK;
1360 }
1361
ExtractDriverSoFiles(const std::string & srcPath,const std::unordered_multimap<std::string,std::string> & dirMap)1362 ErrCode InstalldHostImpl::ExtractDriverSoFiles(const std::string &srcPath,
1363 const std::unordered_multimap<std::string, std::string> &dirMap)
1364 {
1365 LOG_D(BMS_TAG_INSTALLD, "start to copy driver so files");
1366 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1367 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1368 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1369 }
1370 if (dirMap.empty()) {
1371 LOG_E(BMS_TAG_INSTALLD, "Calling the function ExtractDriverSoFiles with invalid param");
1372 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1373 }
1374
1375 if (!InstalldOperator::ExtractDriverSoFiles(srcPath, dirMap)) {
1376 LOG_E(BMS_TAG_INSTALLD, "copy driver so files failed errno:%{public}d", errno);
1377 return ERR_APPEXECFWK_INSTALLD_COPY_FILE_FAILED;
1378 }
1379 return ERR_OK;
1380 }
1381
ExtractEncryptedSoFiles(const std::string & hapPath,const std::string & realSoFilesPath,const std::string & cpuAbi,const std::string & tmpSoPath,int32_t uid)1382 ErrCode InstalldHostImpl::ExtractEncryptedSoFiles(const std::string &hapPath, const std::string &realSoFilesPath,
1383 const std::string &cpuAbi, const std::string &tmpSoPath, int32_t uid)
1384 {
1385 LOG_D(BMS_TAG_INSTALLD, "start to obtain decoded so files");
1386 #if defined(CODE_ENCRYPTION_ENABLE)
1387 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1388 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1389 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1390 }
1391
1392 if (hapPath.empty() || tmpSoPath.empty()) {
1393 LOG_E(BMS_TAG_INSTALLD, "hapPath %{public}s or tmpSoPath %{public}s is empty",
1394 hapPath.c_str(), tmpSoPath.c_str());
1395 return ERR_BUNDLEMANAGER_QUICK_FIX_INVALID_PATH;
1396 }
1397
1398 if (!CheckPathValid(hapPath, Constants::BUNDLE_CODE_DIR) ||
1399 !CheckPathValid(realSoFilesPath, Constants::BUNDLE_CODE_DIR) ||
1400 !CheckPathValid(tmpSoPath, ServiceConstants::HAP_COPY_PATH)) {
1401 return ERR_BUNDLEMANAGER_QUICK_FIX_INVALID_PATH;
1402 }
1403 if (realSoFilesPath.empty()) {
1404 /* obtain the decoded so files from hapPath*/
1405 return InstalldOperator::ExtractSoFilesToTmpHapPath(hapPath, cpuAbi, tmpSoPath, uid);
1406 } else {
1407 /* obtain the decoded so files from realSoFilesPath*/
1408 return InstalldOperator::ExtractSoFilesToTmpSoPath(hapPath, realSoFilesPath, cpuAbi, tmpSoPath, uid);
1409 }
1410 #else
1411 LOG_D(BMS_TAG_INSTALLD, "code encryption is not supported");
1412 return ERR_BUNDLEMANAGER_QUICK_FIX_NOT_SUPPORT_CODE_ENCRYPTION;
1413 #endif
1414 }
1415
1416 #if defined(CODE_SIGNATURE_ENABLE)
PrepareEntryMap(const CodeSignatureParam & codeSignatureParam,Security::CodeSign::EntryMap & entryMap)1417 ErrCode InstalldHostImpl::PrepareEntryMap(const CodeSignatureParam &codeSignatureParam,
1418 Security::CodeSign::EntryMap &entryMap)
1419 {
1420 LOG_D(BMS_TAG_INSTALLD, "PrepareEntryMap target so path is %{public}s", codeSignatureParam.targetSoPath.c_str());
1421 if (codeSignatureParam.modulePath.empty()) {
1422 LOG_E(BMS_TAG_INSTALLD, "real path of the installed hap is empty");
1423 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1424 }
1425 if (codeSignatureParam.targetSoPath.empty()) {
1426 LOG_W(BMS_TAG_INSTALLD, "target so path is empty");
1427 return ERR_OK;
1428 }
1429 std::vector<std::string> fileNames;
1430 if (!InstalldOperator::GetNativeLibraryFileNames(
1431 codeSignatureParam.modulePath, codeSignatureParam.cpuAbi, fileNames)) {
1432 LOG_E(BMS_TAG_INSTALLD, "get native library file names failed");
1433 return ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FAILED;
1434 }
1435 const std::string prefix = ServiceConstants::LIBS + codeSignatureParam.cpuAbi + ServiceConstants::PATH_SEPARATOR;
1436 for (const auto &fileName : fileNames) {
1437 std::string entryName = prefix + fileName;
1438 std::string path = codeSignatureParam.targetSoPath;
1439 if (path.back() != ServiceConstants::FILE_SEPARATOR_CHAR) {
1440 path += ServiceConstants::FILE_SEPARATOR_CHAR;
1441 }
1442 entryMap.emplace(entryName, path + fileName);
1443 LOG_D(BMS_TAG_INSTALLD, "entryMap add soEntry %{public}s: %{public}s",
1444 entryName.c_str(), (path + fileName).c_str());
1445 }
1446 return ERR_OK;
1447 }
1448 #endif
1449
VerifyCodeSignatureForHap(const CodeSignatureParam & codeSignatureParam)1450 ErrCode InstalldHostImpl::VerifyCodeSignatureForHap(const CodeSignatureParam &codeSignatureParam)
1451 {
1452 LOG_D(BMS_TAG_INSTALLD, "code sign param is %{public}s", codeSignatureParam.ToString().c_str());
1453 #if defined(CODE_SIGNATURE_ENABLE)
1454 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1455 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1456 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1457 }
1458 ErrCode ret = ERR_OK;
1459 if (codeSignatureParam.isCompileSdkOpenHarmony && !Security::CodeSign::CodeSignUtils::IsSupportOHCodeSign()) {
1460 LOG_D(BMS_TAG_INSTALLD, "code signature is not supported");
1461 return ret;
1462 }
1463 Security::CodeSign::EntryMap entryMap;
1464 if ((ret = PrepareEntryMap(codeSignatureParam, entryMap)) != ERR_OK) {
1465 LOG_E(BMS_TAG_INSTALLD, "prepare entry map failed");
1466 return ret;
1467 }
1468 if (codeSignatureParam.signatureFileDir.empty()) {
1469 std::shared_ptr<CodeSignHelper> codeSignHelper = std::make_shared<CodeSignHelper>();
1470 Security::CodeSign::FileType fileType = codeSignatureParam.isPreInstalledBundle ?
1471 FILE_ENTRY_ONLY : FILE_ALL;
1472 if (codeSignatureParam.isEnterpriseBundle) {
1473 LOG_D(BMS_TAG_INSTALLD, "Verify code signature for enterprise bundle");
1474 ret = codeSignHelper->EnforceCodeSignForAppWithOwnerId(codeSignatureParam.appIdentifier,
1475 codeSignatureParam.modulePath, entryMap, fileType);
1476 } else if (codeSignatureParam.isInternaltestingBundle) {
1477 LOG_D(BMS_TAG_INSTALLD, "Verify code signature for internaltesting bundle");
1478 ret = codeSignHelper->EnforceCodeSignForAppWithOwnerId(codeSignatureParam.appIdentifier,
1479 codeSignatureParam.modulePath, entryMap, fileType);
1480 } else {
1481 LOG_D(BMS_TAG_INSTALLD, "Verify code signature for non-enterprise bundle");
1482 ret = codeSignHelper->EnforceCodeSignForApp(codeSignatureParam.modulePath, entryMap, fileType);
1483 }
1484 LOG_I(BMS_TAG_INSTALLD, "Verify code signature %{public}s", codeSignatureParam.modulePath.c_str());
1485 } else {
1486 LOG_D(BMS_TAG_INSTALLD, "Verify code signature with: %{public}s", codeSignatureParam.signatureFileDir.c_str());
1487 ret = Security::CodeSign::CodeSignUtils::EnforceCodeSignForApp(entryMap, codeSignatureParam.signatureFileDir);
1488 }
1489 if (ret != ERR_OK) {
1490 LOG_E(BMS_TAG_INSTALLD, "hap or hsp code signature failed due to %{public}d", ret);
1491 return ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FAILED;
1492 }
1493 #else
1494 LOG_W(BMS_TAG_INSTALLD, "code signature feature is not supported");
1495 #endif
1496 return ERR_OK;
1497 }
1498
DeliverySignProfile(const std::string & bundleName,int32_t profileBlockLength,const unsigned char * profileBlock)1499 ErrCode InstalldHostImpl::DeliverySignProfile(const std::string &bundleName, int32_t profileBlockLength,
1500 const unsigned char *profileBlock)
1501 {
1502 LOG_D(BMS_TAG_INSTALLD, "start to delivery sign profile");
1503 #if defined(CODE_SIGNATURE_ENABLE)
1504 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1505 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1506 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1507 }
1508
1509 if (bundleName.empty() || profileBlock == nullptr || profileBlockLength == 0) {
1510 LOG_E(BMS_TAG_INSTALLD, "Calling the function DeliverySignProfile with invalid param");
1511 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1512 }
1513
1514 LOG_D(BMS_TAG_INSTALLD, "delivery profile of bundle %{public}s and profile size is %{public}d", bundleName.c_str(),
1515 profileBlockLength);
1516 Security::CodeSign::ByteBuffer byteBuffer;
1517 byteBuffer.CopyFrom(reinterpret_cast<const uint8_t *>(profileBlock), profileBlockLength);
1518 ErrCode ret = Security::CodeSign::CodeSignUtils::EnableKeyInProfile(bundleName, byteBuffer);
1519 if (ret != ERR_OK) {
1520 LOG_E(BMS_TAG_INSTALLD, "delivery code sign profile failed due to error %{public}d", ret);
1521 return ERR_BUNDLE_MANAGER_CODE_SIGNATURE_DELIVERY_FILE_FAILED;
1522 }
1523 #else
1524 LOG_W(BMS_TAG_INSTALLD, "code signature feature is not supported");
1525 #endif
1526 return ERR_OK;
1527 }
1528
RemoveSignProfile(const std::string & bundleName)1529 ErrCode InstalldHostImpl::RemoveSignProfile(const std::string &bundleName)
1530 {
1531 LOG_D(BMS_TAG_INSTALLD, "start to remove sign profile");
1532 #if defined(CODE_SIGNATURE_ENABLE)
1533 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1534 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1535 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1536 }
1537
1538 if (bundleName.empty()) {
1539 LOG_E(BMS_TAG_INSTALLD, "Calling the function RemoveSignProfile with invalid param");
1540 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1541 }
1542
1543 ErrCode ret = Security::CodeSign::CodeSignUtils::RemoveKeyInProfile(bundleName);
1544 if (ret != ERR_OK) {
1545 LOG_E(BMS_TAG_INSTALLD, "remove code sign profile failed due to error %{public}d", ret);
1546 return ERR_BUNDLE_MANAGER_CODE_SIGNATURE_REMOVE_FILE_FAILED;
1547 }
1548 #else
1549 LOG_W(BMS_TAG_INSTALLD, "code signature feature is not supported");
1550 #endif
1551 return ERR_OK;
1552 }
1553
CheckPathValid(const std::string & path,const std::string & prefix)1554 bool InstalldHostImpl::CheckPathValid(const std::string &path, const std::string &prefix)
1555 {
1556 if (path.empty()) {
1557 return true;
1558 }
1559 if (path.find(ServiceConstants::RELATIVE_PATH) != std::string::npos) {
1560 LOG_E(BMS_TAG_INSTALLD, "path(%{public}s) contain relevant path", path.c_str());
1561 return false;
1562 }
1563 if (path.find(prefix) == std::string::npos) {
1564 LOG_E(BMS_TAG_INSTALLD, "prefix(%{public}s) cannot be found", prefix.c_str());
1565 return false;
1566 }
1567 return true;
1568 }
1569
SetEncryptionPolicy(int32_t uid,const std::string & bundleName,const int32_t userId,std::string & keyId)1570 ErrCode InstalldHostImpl::SetEncryptionPolicy(int32_t uid, const std::string &bundleName,
1571 const int32_t userId, std::string &keyId)
1572 {
1573 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1574 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1575 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1576 }
1577 if (bundleName.empty()) {
1578 LOG_E(BMS_TAG_INSTALLD, "Calling the function SetEncryptionPolicy with invalid param");
1579 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1580 }
1581 if (!InstalldOperator::GenerateKeyIdAndSetPolicy(uid, bundleName, userId, keyId)) {
1582 LOG_E(BMS_TAG_INSTALLD, "EncryptionPaths fail");
1583 return ERR_APPEXECFWK_INSTALLD_GENERATE_KEY_FAILED;
1584 }
1585 return ERR_OK;
1586 }
1587
DeleteEncryptionKeyId(const std::string & bundleName,const int32_t userId)1588 ErrCode InstalldHostImpl::DeleteEncryptionKeyId(const std::string &bundleName, const int32_t userId)
1589 {
1590 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1591 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1592 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1593 }
1594 if (bundleName.empty()) {
1595 LOG_E(BMS_TAG_INSTALLD, "Calling the function DeleteEncryptionKeyId with invalid param");
1596 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1597 }
1598 if (!InstalldOperator::DeleteKeyId(bundleName, userId)) {
1599 LOG_E(BMS_TAG_INSTALLD, "EncryptionPaths fail");
1600 return ERR_APPEXECFWK_INSTALLD_DELETE_KEY_FAILED;
1601 }
1602 return ERR_OK;
1603 }
1604
RemoveExtensionDir(int32_t userId,const std::vector<std::string> & extensionBundleDirs)1605 ErrCode InstalldHostImpl::RemoveExtensionDir(int32_t userId, const std::vector<std::string> &extensionBundleDirs)
1606 {
1607 LOG_I(BMS_TAG_INSTALLD, "RemoveExtensionDir userId: %{public}d, extensionBundleDir size: %{public}zu",
1608 userId, extensionBundleDirs.size());
1609 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1610 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1611 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1612 }
1613 if (extensionBundleDirs.empty() || userId < 0) {
1614 LOG_E(BMS_TAG_INSTALLD, "Calling the function RemoveExtensionDir with invalid param");
1615 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1616 }
1617
1618 for (const std::string &extensionBundleDir : extensionBundleDirs) {
1619 if (extensionBundleDir.empty()) {
1620 LOG_E(BMS_TAG_INSTALLD, "RemoveExtensionDir failed for param invalid");
1621 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1622 }
1623 auto ret = RemoveExtensionDir(userId, extensionBundleDir);
1624 if (ret != ERR_OK) {
1625 LOG_E(BMS_TAG_INSTALLD, "remove dir failed: %{public}s", extensionBundleDir.c_str());
1626 return ret;
1627 }
1628 }
1629 return ERR_OK;
1630 }
1631
RemoveExtensionDir(int32_t userId,const std::string & extensionBundleDir)1632 ErrCode InstalldHostImpl::RemoveExtensionDir(int32_t userId, const std::string &extensionBundleDir)
1633 {
1634 LOG_I(BMS_TAG_INSTALLD, "begin RemoveExtensionDir dir %{public}s", extensionBundleDir.c_str());
1635 for (const auto &el : ServiceConstants::BUNDLE_EL) {
1636 const std::string bundleDataDir = GetBundleDataDir(el, userId);
1637 std::string baseDir = bundleDataDir + ServiceConstants::BASE + extensionBundleDir;
1638 if (!InstalldOperator::DeleteDir(baseDir)) {
1639 LOG_E(BMS_TAG_INSTALLD, "remove base dir %{public}s failed errno:%{public}d", baseDir.c_str(), errno);
1640 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1641 }
1642
1643 std::string databaseDir = bundleDataDir + ServiceConstants::DATABASE + extensionBundleDir;
1644 if (!InstalldOperator::DeleteDir(databaseDir)) {
1645 LOG_E(BMS_TAG_INSTALLD, "remove database dir %{public}s failed errno:%{public}d",
1646 databaseDir.c_str(), errno);
1647 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1648 }
1649
1650 if (el == ServiceConstants::BUNDLE_EL[1]) {
1651 std::string logDir = bundleDataDir + ServiceConstants::LOG + extensionBundleDir;
1652 if (!InstalldOperator::DeleteDir(logDir)) {
1653 LOG_E(BMS_TAG_INSTALLD, "remove log dir %{public}s failed errno:%{public}d", logDir.c_str(), errno);
1654 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1655 }
1656 }
1657 }
1658 return ERR_OK;
1659 }
1660
IsExistExtensionDir(int32_t userId,const std::string & extensionBundleDir,bool & isExist)1661 ErrCode InstalldHostImpl::IsExistExtensionDir(int32_t userId, const std::string &extensionBundleDir, bool &isExist)
1662 {
1663 LOG_I(BMS_TAG_INSTALLD, "IsExistExtensionDir called, userId %{public}d dir %{public}s",
1664 userId, extensionBundleDir.c_str());
1665 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1666 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1667 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1668 }
1669 for (const auto &el : ServiceConstants::BUNDLE_EL) {
1670 const std::string bundleDataDir = GetBundleDataDir(el, userId);
1671 std::string baseDir = bundleDataDir + ServiceConstants::BASE + extensionBundleDir;
1672 if (!InstalldOperator::IsExistDir(baseDir)) {
1673 LOG_I(BMS_TAG_INSTALLD, "dir %{public}s is not existed", baseDir.c_str());
1674 isExist = false;
1675 return ERR_OK;
1676 }
1677
1678 std::string databaseDir = bundleDataDir + ServiceConstants::DATABASE + extensionBundleDir;
1679 if (!InstalldOperator::IsExistDir(databaseDir)) {
1680 LOG_I(BMS_TAG_INSTALLD, "dir %{public}s is not existed", databaseDir.c_str());
1681 isExist = false;
1682 return ERR_OK;
1683 }
1684
1685 if (el == ServiceConstants::BUNDLE_EL[1]) {
1686 std::string logDir = bundleDataDir + ServiceConstants::LOG + extensionBundleDir;
1687 if (!InstalldOperator::IsExistDir(logDir)) {
1688 LOG_I(BMS_TAG_INSTALLD, "dir %{public}s is not existed", logDir.c_str());
1689 isExist = false;
1690 return ERR_OK;
1691 }
1692 }
1693 }
1694 isExist = true;
1695 return ERR_OK;
1696 }
1697
CreateExtensionDataDir(const CreateDirParam & createDirParam)1698 ErrCode InstalldHostImpl::CreateExtensionDataDir(const CreateDirParam &createDirParam)
1699 {
1700 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1701 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1702 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1703 }
1704 if (createDirParam.bundleName.empty() || createDirParam.userId < 0 ||
1705 createDirParam.uid < 0 || createDirParam.gid < 0 || createDirParam.extensionDirs.empty()) {
1706 LOG_E(BMS_TAG_INSTALLD, "Calling the function CreateExtensionDataDir with invalid param");
1707 return ERR_APPEXECFWK_INSTALLD_PARAM_ERROR;
1708 }
1709 LOG_I(BMS_TAG_INSTALLD, "begin to create extension dir for bundle %{public}s, which has %{public}zu extension dir",
1710 createDirParam.bundleName.c_str(), createDirParam.extensionDirs.size());
1711 for (const auto &el : ServiceConstants::BUNDLE_EL) {
1712 if ((createDirParam.createDirFlag == CreateDirFlag::CREATE_DIR_UNLOCKED) &&
1713 (el == ServiceConstants::BUNDLE_EL[0])) {
1714 continue;
1715 }
1716
1717 std::string bundleDataDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::BASE;
1718 if (access(bundleDataDir.c_str(), F_OK) != 0) {
1719 LOG_W(BMS_TAG_INSTALLD, "Base directory %{public}s does not existed, bundleName:%{public}s",
1720 bundleDataDir.c_str(), createDirParam.bundleName.c_str());
1721 return ERR_OK;
1722 }
1723 int mode = createDirParam.debug ? (S_IRWXU | S_IRWXG | S_IRWXO) : S_IRWXU;
1724 if (CreateExtensionDir(createDirParam, bundleDataDir, mode, createDirParam.gid) != ERR_OK) {
1725 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", bundleDataDir.c_str());
1726 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
1727 }
1728 AclSetExtensionDirs(createDirParam.debug, bundleDataDir, createDirParam.extensionDirs, true, true);
1729 if (el == ServiceConstants::BUNDLE_EL[1]) {
1730 std::string logParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::LOG;
1731 if (CreateExtensionDir(createDirParam, logParentDir, S_IRWXU | S_IRWXG,
1732 ServiceConstants::LOG_DIR_GID, true) != ERR_OK) {
1733 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", logParentDir.c_str());
1734 }
1735 }
1736 mode = createDirParam.debug ? (S_IRWXU | S_IRWXG | S_ISGID | S_IROTH | S_IXOTH) : (S_IRWXU | S_IRWXG | S_ISGID);
1737 std::string databaseParentDir = GetBundleDataDir(el, createDirParam.userId) + ServiceConstants::DATABASE;
1738 if (CreateExtensionDir(createDirParam, databaseParentDir, mode,
1739 ServiceConstants::DATABASE_DIR_GID) != ERR_OK) {
1740 LOG_W(BMS_TAG_INSTALLD, "create extension dir failed, parent dir %{public}s", databaseParentDir.c_str());
1741 return ERR_APPEXECFWK_INSTALLD_CREATE_DIR_FAILED;
1742 }
1743 AclSetExtensionDirs(createDirParam.debug, databaseParentDir, createDirParam.extensionDirs, false, true);
1744 }
1745 return ERR_OK;
1746 }
1747
GetExtensionSandboxTypeList(std::vector<std::string> & typeList)1748 ErrCode InstalldHostImpl::GetExtensionSandboxTypeList(std::vector<std::string> &typeList)
1749 {
1750 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1751 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1752 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1753 }
1754 nlohmann::json jsonBuf;
1755 std::string extensionConfigPath = GetExtensionConfigPath();
1756 if (!ReadFileIntoJson(extensionConfigPath, jsonBuf)) {
1757 LOG_I(BMS_TAG_INSTALLD, "Parse file %{public}s failed", extensionConfigPath.c_str());
1758 return ERR_APPEXECFWK_INSTALL_FAILED_PROFILE_PARSE_FAIL;
1759 }
1760 LoadNeedCreateSandbox(jsonBuf, typeList);
1761 return ERR_OK;
1762 }
1763
GetExtensionConfigPath() const1764 std::string InstalldHostImpl::GetExtensionConfigPath() const
1765 {
1766 #ifdef CONFIG_POLOCY_ENABLE
1767 char buf[MAX_PATH_LEN] = { 0 };
1768 char *configPath = GetOneCfgFile(EXTENSION_CONFIG_FILE_PATH, buf, MAX_PATH_LEN);
1769 if (configPath == nullptr || configPath[0] == '\0') {
1770 LOG_E(BMS_TAG_INSTALLD, "GetOneCfgFile failed");
1771 return EXTENSION_CONFIG_DEFAULT_PATH;
1772 }
1773 if (strlen(configPath) > MAX_PATH_LEN) {
1774 LOG_E(BMS_TAG_INSTALLD, "configPath length exceeds");
1775 return EXTENSION_CONFIG_DEFAULT_PATH;
1776 }
1777 return configPath;
1778 #else
1779 return EXTENSION_CONFIG_DEFAULT_PATH;
1780 #endif
1781 }
1782
LoadNeedCreateSandbox(const nlohmann::json & object,std::vector<std::string> & typeList)1783 void InstalldHostImpl::LoadNeedCreateSandbox(const nlohmann::json &object, std::vector<std::string> &typeList)
1784 {
1785 if (!object.contains(EXTENSION_CONFIG_NAME) || !object.at(EXTENSION_CONFIG_NAME).is_array()) {
1786 LOG_E(BMS_TAG_INSTALLD, "Extension config not existed");
1787 return;
1788 }
1789
1790 for (auto &item : object.at(EXTENSION_CONFIG_NAME).items()) {
1791 const nlohmann::json& jsonObject = item.value();
1792 if (!jsonObject.contains(EXTENSION_TYPE_NAME) || !jsonObject.at(EXTENSION_TYPE_NAME).is_string()) {
1793 continue;
1794 }
1795 std::string extensionType = jsonObject.at(EXTENSION_TYPE_NAME).get<std::string>();
1796 if (LoadExtensionNeedCreateSandbox(jsonObject, extensionType)) {
1797 typeList.emplace_back(extensionType);
1798 }
1799 }
1800 }
1801
LoadExtensionNeedCreateSandbox(const nlohmann::json & object,std::string extensionTypeName)1802 bool InstalldHostImpl::LoadExtensionNeedCreateSandbox(const nlohmann::json &object, std::string extensionTypeName)
1803 {
1804 if (!object.contains(EXTENSION_SERVICE_NEED_CREATE_SANDBOX) ||
1805 !object.at(EXTENSION_SERVICE_NEED_CREATE_SANDBOX).is_boolean()) {
1806 LOG_E(BMS_TAG_INSTALLD, "need create sandbox config not existed");
1807 return false;
1808 }
1809 return object.at(EXTENSION_SERVICE_NEED_CREATE_SANDBOX).get<bool>();
1810 }
1811
ReadFileIntoJson(const std::string & filePath,nlohmann::json & jsonBuf)1812 bool InstalldHostImpl::ReadFileIntoJson(const std::string &filePath, nlohmann::json &jsonBuf)
1813 {
1814 if (filePath.length() > PATH_MAX) {
1815 LOG_E(BMS_TAG_INSTALLD, "path length(%{public}u) longer than max length(%{public}d)",
1816 static_cast<unsigned int>(filePath.length()), PATH_MAX);
1817 return false;
1818 }
1819 std::string realPath;
1820 realPath.reserve(PATH_MAX);
1821 realPath.resize(PATH_MAX - 1);
1822 if (realpath(filePath.c_str(), &(realPath[0])) == nullptr) {
1823 LOG_E(BMS_TAG_INSTALLD, "transform real path error: %{public}d", errno);
1824 return false;
1825 }
1826 if (access(filePath.c_str(), F_OK) != 0) {
1827 LOG_D(BMS_TAG_INSTALLD, "access file %{public}s failed, error: %{public}s", filePath.c_str(), strerror(errno));
1828 return false;
1829 }
1830
1831 std::fstream in;
1832 char errBuf[256];
1833 errBuf[0] = '\0';
1834 in.open(filePath, std::ios_base::in);
1835 if (!in.is_open()) {
1836 strerror_r(errno, errBuf, sizeof(errBuf));
1837 LOG_E(BMS_TAG_INSTALLD, "the file cannot be open due to %{public}s, errno:%{public}d", errBuf, errno);
1838 return false;
1839 }
1840
1841 in.seekg(0, std::ios::end);
1842 int64_t size = in.tellg();
1843 if (size <= 0) {
1844 LOG_E(BMS_TAG_INSTALLD, "the file is an empty file, errno:%{public}d", errno);
1845 in.close();
1846 return false;
1847 }
1848
1849 in.seekg(0, std::ios::beg);
1850 jsonBuf = nlohmann::json::parse(in, nullptr, false);
1851 in.close();
1852 if (jsonBuf.is_discarded()) {
1853 LOG_E(BMS_TAG_INSTALLD, "bad profile file");
1854 return false;
1855 }
1856
1857 return true;
1858 }
1859
InnerRemoveAtomicServiceBundleDataDir(const std::string & bundleName,const int32_t userId,const bool async)1860 ErrCode InstalldHostImpl::InnerRemoveAtomicServiceBundleDataDir(
1861 const std::string &bundleName, const int32_t userId, const bool async)
1862 {
1863 LOG_I(BMS_TAG_INSTALLD, "process atomic service bundleName:%{public}s", bundleName.c_str());
1864 std::vector<std::string> pathName;
1865 if (!InstalldOperator::GetAtomicServiceBundleDataDir(bundleName, userId, pathName)) {
1866 LOG_W(BMS_TAG_INSTALLD, "atomic bundle %{public}s no other path", bundleName.c_str());
1867 }
1868 pathName.emplace_back(bundleName);
1869 LOG_I(BMS_TAG_INSTALLD, "bundle %{public}s need delete path size:%{public}zu", bundleName.c_str(), pathName.size());
1870 ErrCode result = ERR_OK;
1871 for (const auto &name : pathName) {
1872 ErrCode tmpResult = InnerRemoveBundleDataDir(name, userId, async);
1873 if (tmpResult != ERR_OK) {
1874 result = tmpResult;
1875 }
1876 }
1877 return result;
1878 }
1879
InnerRemoveBundleDataDir(const std::string & bundleName,const int32_t userId,const bool async)1880 ErrCode InstalldHostImpl::InnerRemoveBundleDataDir(
1881 const std::string &bundleName, const int32_t userId, const bool async)
1882 {
1883 for (const auto &el : ServiceConstants::BUNDLE_EL) {
1884 std::string bundleDataDir = GetBundleDataDir(el, userId) + ServiceConstants::BASE + bundleName;
1885 if (!InstalldOperator::DeleteDirFlexible(bundleDataDir, async)) {
1886 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", bundleDataDir.c_str(), errno);
1887 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1888 }
1889 std::string databaseDir = GetBundleDataDir(el, userId) + ServiceConstants::DATABASE + bundleName;
1890 if (!InstalldOperator::DeleteDirFlexible(databaseDir, async)) {
1891 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", databaseDir.c_str(), errno);
1892 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1893 }
1894 if (el == ServiceConstants::BUNDLE_EL[1]) {
1895 std::string logDir = GetBundleDataDir(el, userId) + ServiceConstants::LOG + bundleName;
1896 if (!InstalldOperator::DeleteDir(logDir)) {
1897 LOG_E(BMS_TAG_INSTALLD, "remove dir %{public}s failed errno:%{public}d", logDir.c_str(), errno);
1898 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1899 }
1900 }
1901 }
1902 if (RemoveShareDir(bundleName, userId) != ERR_OK) {
1903 LOG_E(BMS_TAG_INSTALLD, "failed to remove share dir");
1904 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1905 }
1906 if (RemoveCloudDir(bundleName, userId) != ERR_OK) {
1907 LOG_E(BMS_TAG_INSTALLD, "failed to remove cloud dir");
1908 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1909 }
1910 if (RemoveBackupExtHomeDir(bundleName, userId, DirType::DIR_EL2) != ERR_OK ||
1911 RemoveBackupExtHomeDir(bundleName, userId, DirType::DIR_EL1) != ERR_OK) {
1912 LOG_E(BMS_TAG_INSTALLD, "failed to remove backup ext home dir");
1913 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1914 }
1915 if (RemoveNewBackupExtHomeDir(bundleName, userId, DirType::DIR_EL2) != ERR_OK ||
1916 RemoveNewBackupExtHomeDir(bundleName, userId, DirType::DIR_EL1) != ERR_OK) {
1917 LOG_E(BMS_TAG_INSTALLD, "failed to remove new backup ext home dir");
1918 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1919 }
1920 if (RemoveDistributedDir(bundleName, userId) != ERR_OK) {
1921 LOG_E(BMS_TAG_INSTALLD, "failed to remove distributed file dir");
1922 return ERR_APPEXECFWK_INSTALLD_REMOVE_DIR_FAILED;
1923 }
1924 return ERR_OK;
1925 }
1926
MoveHapToCodeDir(const std::string & originPath,const std::string & targetPath)1927 ErrCode InstalldHostImpl::MoveHapToCodeDir(const std::string &originPath, const std::string &targetPath)
1928 {
1929 if (!InstalldPermissionMgr::VerifyCallingPermission(Constants::FOUNDATION_UID)) {
1930 LOG_E(BMS_TAG_INSTALLD, "installd permission denied, only used for foundation process");
1931 return ERR_APPEXECFWK_INSTALLD_PERMISSION_DENIED;
1932 }
1933 if (!InstalldOperator::MoveFile(originPath, targetPath)) {
1934 LOG_E(BMS_TAG_INSTALLD, "move file %{public}s to %{public}s failed errno:%{public}d",
1935 originPath.c_str(), targetPath.c_str(), errno);
1936 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
1937 }
1938 mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
1939 if (!OHOS::ChangeModeFile(targetPath, mode)) {
1940 LOG_E(BMS_TAG_INSTALLD, "change mode failed");
1941 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
1942 }
1943 if (!InstalldOperator::ChangeFileAttr(targetPath, INSTALLS_UID, INSTALLS_UID)) {
1944 LOG_E(BMS_TAG_INSTALLD, "ChangeAttr %{public}s failed errno:%{public}d", targetPath.c_str(), errno);
1945 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
1946 }
1947
1948 #ifdef WITH_SELINUX
1949 const char *context = "u:object_r:data_app_el1_file:s0";
1950 if (lsetfilecon(targetPath.c_str(), context) < 0) {
1951 LOG_E(BMS_TAG_INSTALLD, "setcon %{public}s failed errno:%{public}d", targetPath.c_str(), errno);
1952 return ERR_APPEXECFWK_INSTALLD_MOVE_FILE_FAILED;
1953 }
1954 #endif
1955 return ERR_OK;
1956 }
1957 } // namespace AppExecFwk
1958 } // namespace OHOS
1959