1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "disallow_add_os_account_by_user_plugin.h"
17 
18 #include "edm_ipc_interface_code.h"
19 #include "edm_utils.h"
20 #include "os_account_manager.h"
21 #include "plugin_manager.h"
22 
23 namespace OHOS {
24 namespace EDM {
25 const bool REGISTER_RESULT = PluginManager::GetInstance()->AddPlugin(DisallowAddOsAccountByUserPlugin::GetPlugin());
26 const char* const CONSTRAINT_CREATE_OS_ACCOUNT = "constraint.os.account.create";
27 const char* const CONSTRAINT_CREATE_OS_ACCOUNT_DIRECTLY = "constraint.os.account.create.directly";
28 
InitPlugin(std::shared_ptr<IPluginTemplate<DisallowAddOsAccountByUserPlugin,std::map<std::string,std::string>>> ptr)29 void DisallowAddOsAccountByUserPlugin::InitPlugin(
30     std::shared_ptr<IPluginTemplate<DisallowAddOsAccountByUserPlugin, std::map<std::string, std::string>>> ptr)
31 {
32     EDMLOGI("DisallowAddOsAccountByUserPlugin InitPlugin...");
33     ptr->InitAttribute(EdmInterfaceCode::DISALLOW_ADD_OS_ACCOUNT_BY_USER, "disallow_add_os_account_by_user",
34         "ohos.permission.ENTERPRISE_SET_ACCOUNT_POLICY", IPlugin::PermissionType::SUPER_DEVICE_ADMIN, false);
35     ptr->SetSerializer(MapStringSerializer::GetInstance());
36     ptr->SetOnHandlePolicyListener(&DisallowAddOsAccountByUserPlugin::OnSetPolicy, FuncOperateType::SET);
37 }
38 
OnSetPolicy(std::map<std::string,std::string> & data)39 ErrCode DisallowAddOsAccountByUserPlugin::OnSetPolicy(std::map<std::string, std::string> &data)
40 {
41     auto it = data.begin();
42     if (it == data.end()) {
43         return ERR_OK;
44     }
45     int32_t userId = -1;
46     ErrCode parseRet = EdmUtils::ParseStringToInt(it -> first, userId);
47     if (FAILED(parseRet)) {
48         return EdmReturnErrCode::SYSTEM_ABNORMALLY;
49     }
50     bool isIdExist = false;
51     AccountSA::OsAccountManager::IsOsAccountExists(userId, isIdExist);
52     if (!isIdExist) {
53         EDMLOGE("DisallowAddOsAccountByUserPlugin userId invalid");
54         return EdmReturnErrCode::PARAM_ERROR;
55     }
56     bool disallow = it -> second == "true";
57     return SetSpecificOsAccountConstraints(userId, disallow);
58 }
59 
OnGetPolicy(std::string & policyData,MessageParcel & data,MessageParcel & reply,int32_t userId)60 ErrCode DisallowAddOsAccountByUserPlugin::OnGetPolicy(std::string &policyData, MessageParcel &data,
61     MessageParcel &reply, int32_t userId)
62 {
63     EDMLOGD("DisallowAddOsAccountByUserPlugin OnGetPolicy.");
64     int32_t targetUserId = data.ReadInt32();
65     bool isIdExist = false;
66     AccountSA::OsAccountManager::IsOsAccountExists(targetUserId, isIdExist);
67     if (!isIdExist) {
68         EDMLOGE("DisallowAddOsAccountByUserPlugin userId invalid");
69         reply.WriteInt32(EdmReturnErrCode::PARAM_ERROR);
70         return EdmReturnErrCode::PARAM_ERROR;
71     }
72     std::vector<std::string> constraints;
73     ErrCode ret = AccountSA::OsAccountManager::GetOsAccountAllConstraints(targetUserId, constraints);
74     if (FAILED(ret)) {
75         EDMLOGE("DisallowAddOsAccountByUserPlugin GetOsAccountAllConstraints failed");
76         reply.WriteInt32(EdmReturnErrCode::SYSTEM_ABNORMALLY);
77         return EdmReturnErrCode::SYSTEM_ABNORMALLY;
78     }
79     bool disallow =
80         (std::find(constraints.begin(), constraints.end(), CONSTRAINT_CREATE_OS_ACCOUNT) != constraints.end()) &&
81         (std::find(constraints.begin(), constraints.end(), CONSTRAINT_CREATE_OS_ACCOUNT_DIRECTLY) != constraints.end());
82     reply.WriteInt32(ERR_OK);
83     reply.WriteBool(disallow);
84     return ERR_OK;
85 }
86 
SetSpecificOsAccountConstraints(int32_t userId,bool disallow)87 ErrCode DisallowAddOsAccountByUserPlugin::SetSpecificOsAccountConstraints(int32_t userId, bool disallow)
88 {
89     std::vector<std::string> constraints;
90     constraints.emplace_back(CONSTRAINT_CREATE_OS_ACCOUNT);
91     constraints.emplace_back(CONSTRAINT_CREATE_OS_ACCOUNT_DIRECTLY);
92     std::vector<int32_t> ids;
93     AccountSA::OsAccountManager::QueryActiveOsAccountIds(ids);
94     if (ids.empty()) {
95         EDMLOGE("DisallowAddOsAccountByUserPlugin QueryActiveOsAccountIds failed");
96         return EdmReturnErrCode::SYSTEM_ABNORMALLY;
97     }
98     EDMLOGI("DisallowAddOsAccountByUserPlugin SetSpecificOsAccountConstraints: "
99         "disallow: %{public}s, targetId: %{public}d, enforceId: %{public}d",
100         disallow ? "true" : "false", userId, ids.at(0));
101     ErrCode ret = AccountSA::OsAccountManager::SetSpecificOsAccountConstraints(constraints, disallow, userId,
102         ids.at(0), true);
103     if (FAILED(ret)) {
104         EDMLOGE("DisallowAddOsAccountByUserPlugin SetSpecificOsAccountConstraints failed");
105         return EdmReturnErrCode::SYSTEM_ABNORMALLY;
106     }
107     return ERR_OK;
108 }
109 } // namespace EDM
110 } // namespace OHOS
111