!7120 debug类型的加密应用，安装拦截

Merge pull request !7120 from wangtiantian/debug_insstall

interfaces/inner_api/appexecfwk_base/include/appexecfwk_errors.h

@@ -140,6 +140,7 @@ enum {
     ERR_BUNDLEMANAGER_INSTALL_FAILED_SIGNATURE_EXTENSION_NOT_EXISTED = 8519759,
     ERR_APPEXECFWK_INSTALL_CHECK_ENCRYPTION_FAILED = 8519760,
     ERR_APPEXECFWK_INSTALLD_SERVICE_DIED = 8519761,
+    ERR_APPEXECFWK_INSTALL_DEBUG_ENCRYPTED_BUNDLE_FAILED = 8519762,
 
     ERR_APPEXECFWK_INSTALL_ENTERPRISE_BUNDLE_NOT_ALLOWED = 8519780,
     ERR_APPEXECFWK_INSTALL_SELF_UPDATE_NOT_MDM = 8519781,

interfaces/inner_api/appexecfwk_core/include/bundlemgr/status_receiver_interface.h

@@ -213,6 +213,7 @@ public:
         ERR_INSTALL_CHECK_SYSCAP_FAILED_AND_DEVICE_TYPE_NOT_SUPPORTED = 9568413,
 
         ERR_INSTALL_EXISTED_ENTERPRISE_BUNDLE_NOT_ALLOWED = 9568414,
+        ERR_INSTALL_DEBUG_ENCRYPTED_BUNDLE_FAILED = 9568415,
 
         ERR_RECOVER_GET_BUNDLEPATH_ERROR = 201,
         ERR_RECOVER_INVALID_BUNDLE_NAME,

interfaces/kits/js/bundlemgr/bundle_mgr.cpp

@@ -4841,6 +4841,7 @@ static void ConvertInstallResult(InstallResult &installResult)
             installResult.resultMsg = "STATUS_INSTALL_FAILURE";
             break;
         case static_cast<int32_t>(IStatusReceiver::ERR_INSTALL_PARSE_FAILED):
+        case static_cast<int32_t>(IStatusReceiver::ERR_INSTALL_DEBUG_ENCRYPTED_BUNDLE_FAILED):
         case static_cast<int32_t>(IStatusReceiver::ERR_INSTALL_VERIFICATION_FAILED):
         case static_cast<int32_t>(IStatusReceiver::ERR_INSTALL_FAILED_INCOMPATIBLE_SIGNATURE):
         case static_cast<int32_t>(IStatusReceiver::ERR_INSTALL_PARAM_ERROR):

interfaces/kits/js/installer/installer.cpp

@@ -413,7 +413,8 @@ static void CreateErrCodeMap(std::unordered_map<int32_t, int32_t> &errCodeMap)
         { IStatusReceiver::ERR_INSTALL_NATIVE_FAILED, ERROR_INSTALL_NATIVE_FAILED},
         { IStatusReceiver::ERR_UNINSTALL_NATIVE_FAILED, ERROR_UNINSTALL_NATIVE_FAILED},
         { IStatusReceiver::ERR_NATIVE_HNP_EXTRACT_FAILED, ERROR_INSTALL_NATIVE_FAILED},
-        { IStatusReceiver::ERR_UNINSTALL_CONTROLLED, ERROR_BUNDLE_CAN_NOT_BE_UNINSTALLED }
+        { IStatusReceiver::ERR_UNINSTALL_CONTROLLED, ERROR_BUNDLE_CAN_NOT_BE_UNINSTALLED },
+        { IStatusReceiver::ERR_INSTALL_DEBUG_ENCRYPTED_BUNDLE_FAILED, ERROR_INSTALL_PARSE_FAILED }
     };
 }
 

services/bundlemgr/src/base_bundle_installer.cpp

@@ -5299,6 +5299,12 @@ ErrCode BaseBundleInstaller::CheckSoEncryption(InnerBundleInfo &info, const std:
     bool isEncrypted = false;
     ErrCode result = InstalldClient::GetInstance()->CheckEncryption(param, isEncrypted);
     CHECK_RESULT(result, "fail to CheckSoEncryption, error is %{public}d");
+    if ((info.GetBaseApplicationInfo().debug || (info.GetAppProvisionType() == Constants::APP_PROVISION_TYPE_DEBUG))
+        && isEncrypted) {
+        LOG_E(BMS_TAG_INSTALLER, "-n %{public}s debug encrypted bundle is not allowed to install",
+            info.GetBundleName().c_str());
+        return ERR_APPEXECFWK_INSTALL_DEBUG_ENCRYPTED_BUNDLE_FAILED;
+    }
     if (isEncrypted) {
         LOG_D(BMS_TAG_INSTALLER, "module %{public}s is encrypted", modulePath_.c_str());
         info.SetApplicationReservedFlag(static_cast<uint32_t>(ApplicationReservedFlag::ENCRYPTED_APPLICATION));
@@ -5496,6 +5502,12 @@ ErrCode BaseBundleInstaller::CheckHapEncryption(const std::unordered_map<std::st
         bool isEncrypted = false;
         ErrCode result = InstalldClient::GetInstance()->CheckEncryption(param, isEncrypted);
         CHECK_RESULT(result, "fail to CheckHapEncryption, error is %{public}d");
+        if ((info.second.GetBaseApplicationInfo().debug ||
+            (info.second.GetAppProvisionType() == Constants::APP_PROVISION_TYPE_DEBUG)) && isEncrypted) {
+            LOG_E(BMS_TAG_INSTALLER, "-n %{public}s debug encrypted bundle is not allowed to install",
+                bundleName_.c_str());
+            return ERR_APPEXECFWK_INSTALL_DEBUG_ENCRYPTED_BUNDLE_FAILED;
+        }
         oldInfo.SetMoudleIsEncrpted(info.second.GetCurrentModulePackage(), isEncrypted);
     }
     if (oldInfo.IsContainEncryptedModule()) {

services/bundlemgr/src/status_receiver_proxy.cpp

@@ -225,6 +225,7 @@ const char* MSG_ERR_INSTALL_CODE_SIGNATURE_REMOVE_FILE_FAILED =
 const char* MSG_ERR_INSTALL_CODE_APP_CONTROLLED_FAILED =
     "[MSG_ERR_INSTALL_CODE_APP_CONTROLLED_FAILED]";
 const char* MSG_ERR_UNINSTALL_CONTROLLED = "[MSG_ERR_UNINSTALL_CONTROLLED]";
+const char* MSG_ERR_INSTALL_DEBUG_ENCRYPTED_BUNDLE_FAILED = "[MSG_ERR_INSTALL_DEBUG_ENCRYPTED_BUNDLE_FAILED]";
 
 const std::unordered_map<int32_t, struct ReceivedResult> MAP_RECEIVED_RESULTS {
     {ERR_OK, {IStatusReceiver::SUCCESS, MSG_SUCCESS}},
@@ -597,6 +598,9 @@ const std::unordered_map<int32_t, struct ReceivedResult> MAP_RECEIVED_RESULTS {
     {ERR_APPEXECFWK_UNINSTALL_CONTROLLED,
         {IStatusReceiver::ERR_UNINSTALL_CONTROLLED,
             MSG_ERR_UNINSTALL_CONTROLLED}},
+    // debug encrypted bundle not allowed to install, errCode
+    {ERR_APPEXECFWK_INSTALL_DEBUG_ENCRYPTED_BUNDLE_FAILED,
+        {IStatusReceiver::ERR_INSTALL_DEBUG_ENCRYPTED_BUNDLE_FAILED, MSG_ERR_INSTALL_DEBUG_ENCRYPTED_BUNDLE_FAILED}},
 };
 }  // namespace