mirror of
https://gitee.com/openharmony/bundlemanager_bundle_framework
synced 2024-11-27 01:11:15 +00:00
shell安装管控
Signed-off-by: Zhou Shihui <zhoushihui4@huawei.com>
This commit is contained in:
parent
607d14a403
commit
be58fbb9a0
@ -141,6 +141,8 @@ enum {
|
||||
ERR_APPEXECFWK_INSTALL_CHECK_ENCRYPTION_FAILED = 8519760,
|
||||
ERR_APPEXECFWK_INSTALLD_SERVICE_DIED = 8519761,
|
||||
ERR_APPEXECFWK_INSTALL_DEBUG_ENCRYPTED_BUNDLE_FAILED = 8519762,
|
||||
ERR_APPEXECFWK_INSTALL_RELEASE_BUNDLE_NOT_ALLOWED_FOR_SHELL = 8519763,
|
||||
ERR_APPEXECFWK_INSTALL_ENCRYPTED_BUNDLE_NOT_ALLOWED_FOR_SHELL = 8519764,
|
||||
|
||||
ERR_APPEXECFWK_INSTALL_ENTERPRISE_BUNDLE_NOT_ALLOWED = 8519780,
|
||||
ERR_APPEXECFWK_INSTALL_SELF_UPDATE_NOT_MDM = 8519781,
|
||||
@ -150,7 +152,6 @@ enum {
|
||||
ERR_APPEXECFWK_INSTALL_FAILED_CONTROLLED = 8519785,
|
||||
ERR_APPEXECFWK_INSTALL_APP_IN_BLOCKLIST = 8519787,
|
||||
ERR_APPEXECFWK_INSTALL_INTERNALTESTING_BUNDLE_NOT_ALLOWED = 8519788,
|
||||
ERR_APPEXECFWK_INSTALL_RELEASE_BUNDLE_NOT_ALLOWED_FOR_SHELL = 8519789,
|
||||
|
||||
// native bundle
|
||||
ERR_APPEXECFWK_NATIVE_INSTALL_FAILED = 8519790,
|
||||
|
@ -215,6 +215,7 @@ public:
|
||||
|
||||
ERR_INSTALL_EXISTED_ENTERPRISE_BUNDLE_NOT_ALLOWED = 9568414,
|
||||
ERR_INSTALL_DEBUG_ENCRYPTED_BUNDLE_FAILED = 9568415,
|
||||
ERR_INSTALL_ENCRYPTED_BUNDLE_NOT_ALLOWED_FOR_SHELL = 9568416,
|
||||
|
||||
ERR_RECOVER_GET_BUNDLEPATH_ERROR = 201,
|
||||
ERR_RECOVER_INVALID_BUNDLE_NAME,
|
||||
|
@ -387,6 +387,8 @@ private:
|
||||
std::vector<Security::Verify::HapVerifyResult> &hapVerifyRes,
|
||||
std::unordered_map<std::string, InnerBundleInfo> &infos);
|
||||
|
||||
ErrCode CheckShellInstall(std::vector<Security::Verify::HapVerifyResult> &hapVerifyRes);
|
||||
|
||||
ErrCode CheckInstallCondition(std::vector<Security::Verify::HapVerifyResult> &hapVerifyRes,
|
||||
std::unordered_map<std::string, InnerBundleInfo> &infos, bool isSysCapValid);
|
||||
|
||||
|
@ -1153,10 +1153,8 @@ ErrCode BaseBundleInstaller::ProcessBundleInstall(const std::vector<std::string>
|
||||
CHECK_RESULT(result, "hap files check signature info failed %{public}d");
|
||||
UpdateInstallerState(InstallerState::INSTALL_SIGNATURE_CHECKED); // ---- 15%
|
||||
|
||||
if (sysEventInfo_.callingUid == ServiceConstants::SHELL_UID &&
|
||||
hapVerifyResults[0].GetProvisionInfo().type == Security::Verify::ProvisionType::RELEASE) {
|
||||
return ERR_APPEXECFWK_INSTALL_RELEASE_BUNDLE_NOT_ALLOWED_FOR_SHELL;
|
||||
}
|
||||
result = CheckShellInstall(hapVerifyResults);
|
||||
CHECK_RESULT(result, "check shell install failed %{public}d");
|
||||
|
||||
// parse the bundle infos for all haps
|
||||
// key is bundlePath , value is innerBundleInfo
|
||||
@ -3742,6 +3740,19 @@ ErrCode BaseBundleInstaller::CheckMultipleHapsSignInfo(
|
||||
return bundleInstallChecker_->CheckMultipleHapsSignInfo(bundlePaths, hapVerifyRes);
|
||||
}
|
||||
|
||||
ErrCode BaseBundleInstaller::CheckShellInstall(std::vector<Security::Verify::HapVerifyResult> &hapVerifyRes)
|
||||
{
|
||||
if (sysEventInfo_.callingUid != ServiceConstants::SHELL_UID || hapVerifyRes.empty()) {
|
||||
return ERR_OK;
|
||||
}
|
||||
Security::Verify::ProvisionInfo provisionInfo = hapVerifyRes.begin()->GetProvisionInfo();
|
||||
if (provisionInfo.distributionType == Security::Verify::AppDistType::APP_GALLERY &&
|
||||
provisionInfo.type == Security::Verify::ProvisionType::RELEASE) {
|
||||
return ERR_APPEXECFWK_INSTALL_RELEASE_BUNDLE_NOT_ALLOWED_FOR_SHELL;
|
||||
}
|
||||
return ERR_OK;
|
||||
}
|
||||
|
||||
ErrCode BaseBundleInstaller::ParseHapFiles(
|
||||
const std::vector<std::string> &bundlePaths,
|
||||
const InstallParam &installParam,
|
||||
@ -5375,6 +5386,11 @@ ErrCode BaseBundleInstaller::CheckSoEncryption(InnerBundleInfo &info, const std:
|
||||
info.GetBundleName().c_str());
|
||||
return ERR_APPEXECFWK_INSTALL_DEBUG_ENCRYPTED_BUNDLE_FAILED;
|
||||
}
|
||||
if (isEncrypted && sysEventInfo_.callingUid == ServiceConstants::SHELL_UID) {
|
||||
LOG_E(BMS_TAG_INSTALLER, "-n %{public}s encrypted bundle is not allowed for shell",
|
||||
info.GetBundleName().c_str());
|
||||
return ERR_APPEXECFWK_INSTALL_ENCRYPTED_BUNDLE_NOT_ALLOWED_FOR_SHELL;
|
||||
}
|
||||
if (isEncrypted) {
|
||||
LOG_D(BMS_TAG_INSTALLER, "module %{public}s is encrypted", modulePath_.c_str());
|
||||
info.SetApplicationReservedFlag(static_cast<uint32_t>(ApplicationReservedFlag::ENCRYPTED_APPLICATION));
|
||||
|
@ -228,6 +228,8 @@ const char* MSG_ERR_UNINSTALL_CONTROLLED = "[MSG_ERR_UNINSTALL_CONTROLLED]";
|
||||
const char* MSG_ERR_INSTALL_DEBUG_ENCRYPTED_BUNDLE_FAILED = "[MSG_ERR_INSTALL_DEBUG_ENCRYPTED_BUNDLE_FAILED]";
|
||||
const char* MSG_ERR_INSTALL_RELEASE_BUNDLE_NOT_ALLOWED_FOR_SHELL =
|
||||
"[MSG_ERR_INSTALL_RELEASE_BUNDLE_NOT_ALLOWED_FOR_SHELL]";
|
||||
const char* MSG_ERR_INSTALL_ENCRYPTED_BUNDLE_NOT_ALLOWED_FOR_SHELL =
|
||||
"[MSG_ERR_INSTALL_ENCRYPTED_BUNDLE_NOT_ALLOWED_FOR_SHELL]";
|
||||
|
||||
const std::unordered_map<int32_t, struct ReceivedResult> MAP_RECEIVED_RESULTS {
|
||||
{ERR_OK, {IStatusReceiver::SUCCESS, MSG_SUCCESS}},
|
||||
@ -606,6 +608,9 @@ const std::unordered_map<int32_t, struct ReceivedResult> MAP_RECEIVED_RESULTS {
|
||||
{ERR_APPEXECFWK_INSTALL_RELEASE_BUNDLE_NOT_ALLOWED_FOR_SHELL,
|
||||
{IStatusReceiver::ERR_INSTALL_RELEASE_BUNDLE_NOT_ALLOWED_FOR_SHELL,
|
||||
MSG_ERR_INSTALL_RELEASE_BUNDLE_NOT_ALLOWED_FOR_SHELL}},
|
||||
{ERR_APPEXECFWK_INSTALL_ENCRYPTED_BUNDLE_NOT_ALLOWED_FOR_SHELL,
|
||||
{IStatusReceiver::ERR_INSTALL_ENCRYPTED_BUNDLE_NOT_ALLOWED_FOR_SHELL,
|
||||
MSG_ERR_INSTALL_ENCRYPTED_BUNDLE_NOT_ALLOWED_FOR_SHELL}},
|
||||
};
|
||||
} // namespace
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user