1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "fingerprint_auth_plugin.h"
17 
18 #include "edm_ipc_interface_code.h"
19 #include "fingerprint_policy_serializer.h"
20 #include "plugin_manager.h"
21 #include "user_auth_client.h"
22 
23 namespace OHOS {
24 namespace EDM {
25 const bool REGISTER_RESULT = PluginManager::GetInstance()->AddPlugin(std::make_shared<FingerprintAuthPlugin>());
FingerprintAuthPlugin()26 FingerprintAuthPlugin::FingerprintAuthPlugin()
27 {
28     policyCode_ = EdmInterfaceCode::FINGERPRINT_AUTH;
29     policyName_ = "fingerprint_auth";
30     permissionConfig_.permission = "ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS";
31     permissionConfig_.permissionType = IPlugin::PermissionType::SUPER_DEVICE_ADMIN;
32     permissionConfig_.apiType = IPlugin::ApiType::PUBLIC;
33     needSave_ = true;
34 }
35 
OnHandlePolicy(std::uint32_t funcCode, MessageParcel &data, MessageParcel &reply, HandlePolicyData &policyData, int32_t userId)36 ErrCode FingerprintAuthPlugin::OnHandlePolicy(std::uint32_t funcCode, MessageParcel &data, MessageParcel &reply,
37     HandlePolicyData &policyData, int32_t userId)
38 {
39     EDMLOGI("FingerprintAuthPlugin OnSetPolicy");
40     auto serializer_ = FingerprintPolicySerializer::GetInstance();
41     FingerprintPolicy policy;
42     serializer_->Deserialize(policyData.policyData, policy);
43     std::string type = data.ReadString();
44     bool disallow = data.ReadBool();
45     ErrCode ret = ERR_INVALID_VALUE;
46     if (type == EdmConstants::FINGERPRINT_AUTH_TYPE) {
47         ret = HandleFingerprintAuthPolicy(disallow, policy);
48     } else if (type == EdmConstants::DISALLOW_FOR_ACCOUNT_TYPE) {
49         int32_t accountId = data.ReadInt32();
50         ret = HandleFingerprintForAccountPolicy(disallow, accountId, policy);
51     }
52 
53     if (ret != ERR_OK) {
54         return ret;
55     }
56 
57     ret = SetGlobalConfigParam(policy);
58     if (ret != ERR_OK) {
59         return EdmReturnErrCode::SYSTEM_ABNORMALLY;
60     }
61 
62     std::string afterHandle;
63     serializer_->Serialize(policy, afterHandle);
64     policyData.isChanged = (afterHandle != policyData.policyData);
65     if (policyData.isChanged) {
66         policyData.policyData = afterHandle;
67     }
68     return ERR_OK;
69 }
70 
HandleFingerprintAuthPolicy(bool disallow, FingerprintPolicy &policy)71 ErrCode FingerprintAuthPlugin::HandleFingerprintAuthPolicy(bool disallow, FingerprintPolicy &policy)
72 {
73     if (disallow) {
74         policy.globalDisallow = true;
75         policy.accountIds.clear();
76         return ERR_OK;
77     }
78     if (policy.accountIds.size() != 0) {
79         return EdmReturnErrCode::CONFIGURATION_CONFLICT_FAILED;
80     }
81     policy.globalDisallow = false;
82     return ERR_OK;
83 }
84 
HandleFingerprintForAccountPolicy(bool disallow, int32_t accountId, FingerprintPolicy &policy)85 ErrCode FingerprintAuthPlugin::HandleFingerprintForAccountPolicy(bool disallow,
86     int32_t accountId, FingerprintPolicy &policy)
87 {
88     if (policy.globalDisallow) {
89         return EdmReturnErrCode::CONFIGURATION_CONFLICT_FAILED;
90     }
91     if (disallow) {
92         policy.accountIds.insert(accountId);
93     } else {
94         auto it = policy.accountIds.find(accountId);
95         if (it != policy.accountIds.end()) {
96             policy.accountIds.erase(it);
97         }
98     }
99     return ERR_OK;
100 }
101 
SetGlobalConfigParam(FingerprintPolicy policy)102 ErrCode FingerprintAuthPlugin::SetGlobalConfigParam(FingerprintPolicy policy)
103 {
104     std::vector<int32_t> userIds(policy.accountIds.size());
105     std::copy(policy.accountIds.begin(), policy.accountIds.end(), userIds.begin());
106     UserIam::UserAuth::GlobalConfigParam param;
107     param.userIds = userIds;
108     param.authTypes.push_back(UserIam::UserAuth::AuthType::FINGERPRINT);
109     param.type = UserIam::UserAuth::GlobalConfigType::ENABLE_STATUS;
110     param.value.enableStatus = !policy.globalDisallow && userIds.size() == 0;
111     return UserIam::UserAuth::UserAuthClient::GetInstance().SetGlobalConfigParam(param);
112 }
113 
OnGetPolicy(std::string &policyData, MessageParcel &data, MessageParcel &reply, int32_t userId)114 ErrCode FingerprintAuthPlugin::OnGetPolicy(std::string &policyData, MessageParcel &data,
115     MessageParcel &reply, int32_t userId)
116 {
117     EDMLOGI("FingerprintAuthPlugin OnGetPolicy");
118     auto serializer_ = FingerprintPolicySerializer::GetInstance();
119     FingerprintPolicy policy;
120     serializer_->Deserialize(policyData, policy);
121     std::string type = data.ReadString();
122     bool isDisallow = false;
123     if (type == EdmConstants::FINGERPRINT_AUTH_TYPE) {
124         isDisallow = policy.globalDisallow;
125     } else if (type == EdmConstants::DISALLOW_FOR_ACCOUNT_TYPE) {
126         int32_t accountId = data.ReadInt32();
127         auto it = policy.accountIds.find(accountId);
128         isDisallow = (it != policy.accountIds.end());
129     }
130     reply.WriteInt32(ERR_OK);
131     reply.WriteBool(isDisallow);
132     EDMLOGI("FingerprintAuthPlugin OnGetPolicy result %{public}d", isDisallow);
133     return ERR_OK;
134 }
135 } // namespace EDM
136 } // namespace OHOS
137