1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "sec_comp_kit.h"
16
17 #include "bundle_mgr_client.h"
18 #include "hisysevent.h"
19 #include "ipc_skeleton.h"
20 #include "sec_comp_caller_authorization.h"
21 #include "sec_comp_client.h"
22 #include "sec_comp_dialog_callback.h"
23 #include "sec_comp_enhance_adapter.h"
24 #include "sec_comp_log.h"
25
26 namespace OHOS {
27 namespace Security {
28 namespace SecurityComponent {
29 namespace {
30 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_SECURITY_COMPONENT, "SecCompKit"};
31 } // namespace
32
RegisterSecurityComponent(SecCompType type,std::string & componentInfo,int32_t & scId)33 int32_t SecCompKit::RegisterSecurityComponent(SecCompType type,
34 std::string& componentInfo, int32_t& scId)
35 {
36 if (!SecCompCallerAuthorization::GetInstance().IsKitCaller(
37 reinterpret_cast<uintptr_t>(__builtin_return_address(0)))) {
38 SC_LOG_ERROR(LABEL, "register security component fail, caller invalid");
39 int32_t uid = IPCSkeleton::GetCallingUid();
40 OHOS::AppExecFwk::BundleMgrClient bmsClient;
41 std::string bundleName = "";
42 bmsClient.GetNameForUid(uid, bundleName);
43 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CALLER_CHECK_FAILED",
44 HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName,
45 "CALLER_PID", IPCSkeleton::GetCallingRealPid(), "CALL_SCENE", "REGITSTER");
46 return SC_SERVICE_ERROR_CALLER_INVALID;
47 }
48
49 if (!SecCompEnhanceAdapter::EnhanceDataPreprocess(componentInfo)) {
50 SC_LOG_ERROR(LABEL, "Preprocess security component fail");
51 return SC_ENHANCE_ERROR_VALUE_INVALID;
52 }
53
54 int32_t res = SecCompClient::GetInstance().RegisterSecurityComponent(type, componentInfo, scId);
55 if (res != SC_OK) {
56 SC_LOG_ERROR(LABEL, "register security component fail, error: %{public}d", res);
57 return res;
58 }
59 SecCompEnhanceAdapter::RegisterScIdEnhance(scId);
60 return res;
61 }
62
UpdateSecurityComponent(int32_t scId,std::string & componentInfo)63 int32_t SecCompKit::UpdateSecurityComponent(int32_t scId, std::string& componentInfo)
64 {
65 if (!SecCompCallerAuthorization::GetInstance().IsKitCaller(
66 reinterpret_cast<uintptr_t>(__builtin_return_address(0)))) {
67 SC_LOG_ERROR(LABEL, "update security component fail, caller invalid");
68 int32_t uid = IPCSkeleton::GetCallingUid();
69 OHOS::AppExecFwk::BundleMgrClient bmsClient;
70 std::string bundleName = "";
71 bmsClient.GetNameForUid(uid, bundleName);
72 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CALLER_CHECK_FAILED",
73 HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName,
74 "CALLER_PID", IPCSkeleton::GetCallingRealPid(), "CALL_SCENE", "UPDATE");
75 return SC_SERVICE_ERROR_CALLER_INVALID;
76 }
77
78 if (!SecCompEnhanceAdapter::EnhanceDataPreprocess(scId, componentInfo)) {
79 SC_LOG_ERROR(LABEL, "Preprocess security component fail");
80 return SC_ENHANCE_ERROR_VALUE_INVALID;
81 }
82
83 int32_t res = SecCompClient::GetInstance().UpdateSecurityComponent(scId, componentInfo);
84 if (res != SC_OK) {
85 SC_LOG_ERROR(LABEL, "update security component fail, error: %{public}d", res);
86 }
87 return res;
88 }
89
UnregisterSecurityComponent(int32_t scId)90 int32_t SecCompKit::UnregisterSecurityComponent(int32_t scId)
91 {
92 int32_t res = SecCompClient::GetInstance().UnregisterSecurityComponent(scId);
93 SecCompEnhanceAdapter::UnregisterScIdEnhance(scId);
94 if (res != SC_OK) {
95 SC_LOG_ERROR(LABEL, "unregister security component fail, error: %{public}d", res);
96 return res;
97 }
98 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "UNREGISTER_SUCCESS",
99 HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "CALLER_UID", IPCSkeleton::GetCallingUid(),
100 "CALLER_PID", IPCSkeleton::GetCallingRealPid(), "SC_ID", scId);
101 return res;
102 }
103
ReportSecurityComponentClickEvent(int32_t scId,std::string & componentInfo,const SecCompClickEvent & clickInfo,sptr<IRemoteObject> callerToken,OnFirstUseDialogCloseFunc && callback)104 int32_t SecCompKit::ReportSecurityComponentClickEvent(int32_t scId,
105 std::string& componentInfo, const SecCompClickEvent& clickInfo,
106 sptr<IRemoteObject> callerToken, OnFirstUseDialogCloseFunc&& callback)
107 {
108 if (!SecCompCallerAuthorization::GetInstance().IsKitCaller(
109 reinterpret_cast<uintptr_t>(__builtin_return_address(0)))) {
110 SC_LOG_ERROR(LABEL, "report click event fail, caller invalid");
111 int32_t uid = IPCSkeleton::GetCallingUid();
112 OHOS::AppExecFwk::BundleMgrClient bmsClient;
113 std::string bundleName = "";
114 bmsClient.GetNameForUid(uid, bundleName);
115 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CALLER_CHECK_FAILED",
116 HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName,
117 "CALLER_PID", IPCSkeleton::GetCallingRealPid(), "CALL_SCENE", "CLICK");
118 return SC_SERVICE_ERROR_CALLER_INVALID;
119 }
120
121 if (callback == nullptr) {
122 SC_LOG_ERROR(LABEL, "DialogCloseCallback is null");
123 return SC_ENHANCE_ERROR_VALUE_INVALID;
124 }
125
126 sptr<IRemoteObject> callbackRemote = new (std::nothrow) SecCompDialogCallback(std::move(callback));
127 if (callbackRemote == nullptr) {
128 SC_LOG_ERROR(LABEL, "New SecCompDialogCallback fail");
129 return SC_SERVICE_ERROR_MEMORY_OPERATE_FAIL;
130 }
131
132 if (!SecCompEnhanceAdapter::EnhanceDataPreprocess(scId, componentInfo)) {
133 SC_LOG_ERROR(LABEL, "Preprocess security component fail");
134 return SC_ENHANCE_ERROR_VALUE_INVALID;
135 }
136
137 int32_t res =
138 SecCompClient::GetInstance().ReportSecurityComponentClickEvent(scId, componentInfo,
139 clickInfo, callerToken, callbackRemote);
140 if (res != SC_OK) {
141 SC_LOG_ERROR(LABEL, "report click event fail, error: %{public}d", res);
142 }
143 return res;
144 }
145
VerifySavePermission(AccessToken::AccessTokenID tokenId)146 bool SecCompKit::VerifySavePermission(AccessToken::AccessTokenID tokenId)
147 {
148 bool res =
149 SecCompClient::GetInstance().VerifySavePermission(tokenId);
150 if (!res) {
151 SC_LOG_ERROR(LABEL, "verify temp save permission, error: %{public}d", res);
152 }
153 return res;
154 }
155
GetEnhanceRemoteObject(bool isLoad)156 sptr<IRemoteObject> SecCompKit::GetEnhanceRemoteObject(bool isLoad)
157 {
158 return SecCompClient::GetInstance().GetEnhanceRemoteObject(isLoad);
159 }
160
PreRegisterSecCompProcess()161 int32_t SecCompKit::PreRegisterSecCompProcess()
162 {
163 return SecCompClient::GetInstance().PreRegisterSecCompProcess();
164 }
165
IsServiceExist()166 bool SecCompKit::IsServiceExist()
167 {
168 return SecCompClient::GetInstance().IsServiceExist();
169 }
170
LoadService()171 bool SecCompKit::LoadService()
172 {
173 return SecCompClient::GetInstance().LoadService();
174 }
175
IsSystemAppCalling()176 bool SecCompKit::IsSystemAppCalling()
177 {
178 return SecCompClient::GetInstance().IsSystemAppCalling();
179 }
180 } // namespace SecurityComponent
181 } // namespace Security
182 } // namespace OHOS
183