1 /*
2  * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef SERVICES_EDM_INCLUDE_EDM_ENTERPRISE_DEVICE_MGR_ABILITY_H
17 #define SERVICES_EDM_INCLUDE_EDM_ENTERPRISE_DEVICE_MGR_ABILITY_H
18 
19 #include <chrono>
20 #include <condition_variable>
21 #include <memory>
22 #include <string>
23 
24 #include "admin_manager.h"
25 #include "common_event_subscriber.h"
26 #include "enterprise_admin_proxy.h"
27 #include "enterprise_device_mgr_stub.h"
28 #include "hilog/log.h"
29 #include "plugin_manager.h"
30 #include "policy_manager.h"
31 #include "policy_struct.h"
32 #include "security_report.h"
33 #include "system_ability.h"
34 
35 namespace OHOS {
36 namespace EDM {
37 class EnterpriseDeviceMgrAbility : public SystemAbility, public EnterpriseDeviceMgrStub {
38     DECLARE_SYSTEM_ABILITY(EnterpriseDeviceMgrAbility);
39 
40 public:
41     EnterpriseDeviceMgrAbility();
42     DISALLOW_COPY_AND_MOVE(EnterpriseDeviceMgrAbility);
43     ~EnterpriseDeviceMgrAbility() override;
44     static sptr<EnterpriseDeviceMgrAbility> GetInstance();
45 
46     ErrCode EnableAdmin(AppExecFwk::ElementName &admin, EntInfo &entInfo, AdminType type, int32_t userId) override;
47     ErrCode DisableAdmin(AppExecFwk::ElementName &admin, int32_t userId) override;
48     ErrCode DisableSuperAdmin(const std::string &bundleName) override;
49     ErrCode HandleDevicePolicy(uint32_t code, AppExecFwk::ElementName &admin, MessageParcel &data, MessageParcel &reply,
50         int32_t userId) override;
51     ErrCode GetDevicePolicy(uint32_t code, MessageParcel &data, MessageParcel &reply, int32_t userId) override;
52     ErrCode GetEnabledAdmin(AdminType type, std::vector<std::string> &enabledAdminList) override;
53     ErrCode GetEnterpriseInfo(AppExecFwk::ElementName &admin, MessageParcel &reply) override;
54     ErrCode SetEnterpriseInfo(AppExecFwk::ElementName &admin, EntInfo &entInfo) override;
55     ErrCode SubscribeManagedEvent(const AppExecFwk::ElementName &admin, const std::vector<uint32_t> &events) override;
56     ErrCode UnsubscribeManagedEvent(const AppExecFwk::ElementName &admin, const std::vector<uint32_t> &events) override;
57     ErrCode AuthorizeAdmin(const AppExecFwk::ElementName &admin, const std::string &bundleName) override;
58     bool IsSuperAdmin(const std::string &bundleName) override;
59     bool IsAdminEnabled(AppExecFwk::ElementName &admin, int32_t userId) override;
60     void ConnectAbilityOnSystemEvent(const std::string &bundleName, ManagedEvent event, int32_t userId = 100);
61     std::unordered_map<std::string,
62         std::function<void(EnterpriseDeviceMgrAbility *that, const EventFwk::CommonEventData &data)>>
63         commonEventFuncMap_;
64     std::unordered_map<int32_t,
65         std::function<void(EnterpriseDeviceMgrAbility *that, int32_t systemAbilityId, const std::string &deviceId)>>
66         addSystemAbilityFuncMap_;
67     ErrCode GetSuperAdmin(MessageParcel &reply) override;
68 
69 protected:
70     void OnStart() override;
71     void OnStop() override;
72     int32_t Dump(int32_t fd, const std::vector<std::u16string> &args) override;
73     void OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override;
74     void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override;
75 
76 private:
77     void AddCommonEventFuncMap();
78     void AddOnAddSystemAbilityFuncMap();
79     bool SubscribeAppState();
80     bool UnsubscribeAppState();
81     ErrCode CheckCallingUid(const std::string &bundleName);
82     ErrCode RemoveAdminItem(const std::string &adminName, const std::string &policyName, const std::string &policyValue,
83         int32_t userId);
84     ErrCode RemoveAdminAndAdminPolicy(const std::string &adminName, int32_t userId);
85     ErrCode RemoveAdmin(const std::string &adminName, int32_t userId);
86     ErrCode RemoveAdminPolicy(const std::string &adminName, int32_t userId);
87     ErrCode RemoveSubSuperAdminAndAdminPolicy(const std::string &bundleName);
88     ErrCode RemoveSuperAdminAndAdminPolicy(const std::string &bundleName);
89     ErrCode RemoveSubOrSuperAdminAndAdminPolicy(const std::string &bundleName,
90         const std::vector<int32_t> &nonDefaultUserIds);
91     ErrCode GetAllPermissionsByAdmin(const std::string &bundleInfoName, std::vector<std::string> &permissionList,
92         int32_t userId);
93     int32_t GetCurrentUserId();
94     ErrCode HandleApplicationEvent(const std::vector<uint32_t> &events, bool subscribe);
95     ErrCode UpdateDeviceAdmin(AppExecFwk::ElementName &admin);
96     ErrCode VerifyEnableAdminCondition(AppExecFwk::ElementName &admin, AdminType type, int32_t userId, bool isDebug);
97     ErrCode VerifyManagedEvent(const AppExecFwk::ElementName &admin, const std::vector<uint32_t> &events);
98     ErrCode UpdateDevicePolicy(uint32_t code, AppExecFwk::ElementName &admin, MessageParcel &data, MessageParcel &reply,
99         int32_t userId);
100     ErrCode CheckGetPolicyPermission(MessageParcel &data, MessageParcel &reply, const std::string &getPermission,
101         const int32_t userId, AppExecFwk::ElementName &elementName);
102 #ifdef COMMON_EVENT_SERVICE_EDM_ENABLE
103     std::shared_ptr<EventFwk::CommonEventSubscriber> CreateEnterpriseDeviceEventSubscriber(
104         EnterpriseDeviceMgrAbility &listener);
105 #endif
106     void OnCommonEventUserRemoved(const EventFwk::CommonEventData &data);
107     void OnCommonEventPackageAdded(const EventFwk::CommonEventData &data);
108     void OnCommonEventPackageRemoved(const EventFwk::CommonEventData &data);
109     bool ShouldUnsubscribeAppState(const std::string &adminName, int32_t userId);
110     bool CheckManagedEvent(uint32_t event);
111     void OnAppManagerServiceStart(int32_t systemAbilityId, const std::string &deviceId);
112     void OnAbilityManagerServiceStart(int32_t systemAbilityId, const std::string &deviceId);
113     void OnCommonEventServiceStart(int32_t systemAbilityId, const std::string &deviceId);
114 #ifdef PASTEBOARD_EDM_ENABLE
115     void OnPasteboardServiceStart(int32_t systemAbilityId, const std::string &deviceId);
116 #endif
117 #ifdef NET_MANAGER_BASE_EDM_ENABLE
118     void OnNetManagerBaseServiceStart(int32_t systemAbilityId, const std::string &deviceId);
119     void HandleDisallowedNetworkInterface(const std::map<std::string, std::string> policyMap);
120 #endif
121     void OnUserAuthFrameworkStart(int32_t systemAbilityId, const std::string &deviceId);
122     void OnRenderSystemStart(int32_t systemAbilityId, const std::string &deviceId);
123     void OnWindowManagerServiceStart(int32_t systemAbilityId, const std::string &deviceId);
124     void CreateSecurityContent(const std::string &bundleName, const std::string &abilityName,
125         uint32_t code, const std::string &policyName, ErrCode errorCode);
126     void InitAllAdmins();
127     void InitAllPlugins();
128     void InitAllPolices();
129     void RemoveAllDebugAdmin();
130     void AddSystemAbilityListeners();
131     void ConnectAbilityOnSystemUpdate(const UpdateInfo &updateInfo);
132     void OnCommonEventSystemUpdate(const EventFwk::CommonEventData &data);
133     std::shared_ptr<IEdmBundleManager> GetBundleMgr();
134     std::shared_ptr<IEdmAppManager> GetAppMgr();
135     std::shared_ptr<IEdmOsAccountManager> GetOsAccountMgr();
136     ErrCode DoDisableAdmin(const std::string &bundleName, int32_t userId, AdminType adminType);
137     void UnloadPluginTask();
138     void SetPasswordPolicy();
139     void SetFingerprintPolicy();
140 
141     static std::mutex mutexLock_;
142     static sptr<EnterpriseDeviceMgrAbility> instance_;
143     std::shared_ptr<PolicyManager> policyMgr_;
144     std::shared_ptr<AdminManager> adminMgr_;
145     std::shared_ptr<PluginManager> pluginMgr_;
146     bool registerToService_ = false;
147     std::shared_ptr<EventFwk::CommonEventSubscriber> commonEventSubscriber = nullptr;
148     sptr<AppExecFwk::IApplicationStateObserver> appStateObserver_;
149     bool pluginHasInit_ = false;
150     bool notifySignal_ = false;
151     std::chrono::system_clock::time_point lastCallTime_;
152     std::condition_variable waitSignal_;
153     std::mutex waitMutex_;
154 };
155 #ifdef COMMON_EVENT_SERVICE_EDM_ENABLE
156 class EnterpriseDeviceEventSubscriber : public EventFwk::CommonEventSubscriber {
157 public:
158     EnterpriseDeviceEventSubscriber(const EventFwk::CommonEventSubscribeInfo &subscribeInfo,
159         EnterpriseDeviceMgrAbility &listener);
160     ~EnterpriseDeviceEventSubscriber() override = default;
161 
162     void OnReceiveEvent(const EventFwk::CommonEventData &data) override;
163 
164 private:
165     EnterpriseDeviceMgrAbility &listener_;
166 };
167 #endif
168 } // namespace EDM
169 } // namespace OHOS
170 #endif // SERVICES_EDM_INCLUDE_EDM_ENTERPRISE_DEVICE_MGR_ABILITY_H
171