From f9be1ec9d5530c9e43e49f622dd6ba315c94d430 Mon Sep 17 00:00:00 2001 From: sunxuhui Date: Fri, 14 Jun 2024 10:32:48 +0800 Subject: [PATCH] update Signed-off-by: sunxuhui --- services/bundlemgr/BUILD.gn | 1 + services/bundlemgr/appexecfwk_bundlemgr.gni | 1 + .../bundlemgr/include/el5_filekey_callback.h | 33 +++++++++++ services/bundlemgr/src/bundle_mgr_service.cpp | 8 +++ .../bundlemgr/src/el5_filekey_callback.cpp | 57 +++++++++++++++++++ services/bundlemgr/src/inner_bundle_info.cpp | 1 + .../src/installd/installd_operator.cpp | 1 + .../bms_ability_manager_helper_test/BUILD.gn | 1 + .../bms_bundle_clone_app_test/BUILD.gn | 1 + .../bms_bundle_clone_installer_test/BUILD.gn | 1 + .../bms_bundle_data_group_test/BUILD.gn | 1 + .../bms_bundle_installer_test/BUILD.gn | 3 + .../unittest/bms_bundle_overlay_test/BUILD.gn | 4 ++ .../bms_bundle_permission_grant_test/BUILD.gn | 1 + .../bms_bundle_quick_fix_query_test/BUILD.gn | 1 + .../test/unittest/bms_data_mgr_test/BUILD.gn | 2 + .../unittest/bms_event_handler_test/BUILD.gn | 2 + .../bms_rdb_data_manager_test/BUILD.gn | 1 + .../bms_service_bundle_scan_test/BUILD.gn | 1 + .../bms_service_startup_test/BUILD.gn | 1 + .../bundlecloneinstaller_fuzzer/BUILD.gn | 1 + 21 files changed, 123 insertions(+) create mode 100644 services/bundlemgr/include/el5_filekey_callback.h create mode 100644 services/bundlemgr/src/el5_filekey_callback.cpp diff --git a/services/bundlemgr/BUILD.gn b/services/bundlemgr/BUILD.gn index 5789a0637..342631853 100644 --- a/services/bundlemgr/BUILD.gn +++ b/services/bundlemgr/BUILD.gn @@ -243,6 +243,7 @@ ohos_shared_library("libbms") { external_deps = [ "ability_base:want", "ability_runtime:ability_connect_callback_stub", + "access_token:el5_filekey_manager_sdk", "access_token:libaccesstoken_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", diff --git a/services/bundlemgr/appexecfwk_bundlemgr.gni b/services/bundlemgr/appexecfwk_bundlemgr.gni index 3834781cf..055537fb2 100644 --- a/services/bundlemgr/appexecfwk_bundlemgr.gni +++ b/services/bundlemgr/appexecfwk_bundlemgr.gni @@ -191,6 +191,7 @@ bundle_mgr_source = [ "${services_path}/bundlemgr/src/bundle_user_mgr_host_impl.cpp", "${services_path}/bundlemgr/src/clone/bundle_clone_installer.cpp", "${services_path}/bundlemgr/src/common/serial_queue.cpp", + "${services_path}/bundlemgr/src/el5_filekey_callback.cpp", "${services_path}/bundlemgr/src/extend_resource/extend_resource_manager_host_impl.cpp", "${services_path}/bundlemgr/src/hidump_helper.cpp", "${services_path}/bundlemgr/src/navigation/router_item_compare.cpp", diff --git a/services/bundlemgr/include/el5_filekey_callback.h b/services/bundlemgr/include/el5_filekey_callback.h new file mode 100644 index 000000000..fd1ad4b3b --- /dev/null +++ b/services/bundlemgr/include/el5_filekey_callback.h @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FOUNDATION_BUNDLEMANAGER_BUNDLE_FRAMEWORK_SERVICES_BUNDLEMGR_EL5_FILEKEY_CALLBACK_H +#define FOUNDATION_BUNDLEMANAGER_BUNDLE_FRAMEWORK_SERVICES_BUNDLEMGR_EL5_FILEKEY_CALLBACK_H + +#include "el5_filekey_callback_stub.h" + +namespace OHOS { +namespace AppExecFwk { +class El5FilekeyCallback : public Security::AccessToken::El5FilekeyCallbackStub { +public: + El5FilekeyCallback() = default; + + ~El5FilekeyCallback() = default; + + void OnRegenerateAppKey(std::vector &infos) override; +}; +} // AppExecFwk +} // OHOS +#endif // FOUNDATION_BUNDLEMANAGER_BUNDLE_FRAMEWORK_SERVICES_BUNDLEMGR_BUNDLE_RESOURCE_CALLBACK_H diff --git a/services/bundlemgr/src/bundle_mgr_service.cpp b/services/bundlemgr/src/bundle_mgr_service.cpp index 887d08a85..7abfc1fe9 100644 --- a/services/bundlemgr/src/bundle_mgr_service.cpp +++ b/services/bundlemgr/src/bundle_mgr_service.cpp @@ -29,6 +29,8 @@ #include "common_event_manager.h" #include "common_event_support.h" #include "datetime_ex.h" +#include "el5_filekey_callback.h" +#include "el5_filekey_manager_kit.h" #include "ffrt.h" #include "installd_client.h" #ifdef BUNDLE_FRAMEWORK_APP_CONTROL @@ -46,6 +48,7 @@ namespace OHOS { namespace AppExecFwk { namespace { const int32_t BUNDLE_BROKER_SERVICE_ABILITY_ID = 0x00010500; +const int32_t EL5_FILEKEY_SERVICE_ABILITY_ID = 8250; } // namespace const bool REGISTER_RESULT = @@ -88,6 +91,7 @@ void BundleMgrService::OnStart() AddSystemAbilityListener(COMMON_EVENT_SERVICE_ID); AddSystemAbilityListener(BUNDLE_BROKER_SERVICE_ABILITY_ID); + AddSystemAbilityListener(EL5_FILEKEY_SERVICE_ABILITY_ID); APP_LOGI("BundleMgrService OnStart end"); } @@ -510,6 +514,10 @@ void BundleMgrService::OnAddSystemAbility(int32_t systemAbilityId, const std::st host_->SetBrokerServiceStatus(true); } } + if (EL5_FILEKEY_SERVICE_ABILITY_ID == systemAbilityId) { + int32_t reg = Security::AccessToken::El5FilekeyManagerKit::RegisterCallback(sptr(new El5FilekeyCallback())); + APP_LOGI("Register El5FilekeyCallback result: %{public}d", reg); + } } bool BundleMgrService::Hidump(const std::vector &args, std::string& result) const diff --git a/services/bundlemgr/src/el5_filekey_callback.cpp b/services/bundlemgr/src/el5_filekey_callback.cpp new file mode 100644 index 000000000..2f4a24b0a --- /dev/null +++ b/services/bundlemgr/src/el5_filekey_callback.cpp @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "el5_filekey_callback.h" +#include "installd_client.h" +#include "bundle_mgr_service.h" + +namespace OHOS { +namespace AppExecFwk { +void El5FilekeyCallback::OnRegenerateAppKey(std::vector &infos) +{ + APP_LOGI("OnRegenerateAppKey start"); + if (infos.empty()) { + APP_LOGE("OnRegenerateAppKey infos is empty"); + return; + } + for (auto &info : infos) { + std::string keyId = ""; + auto result = InstalldClient::GetInstance()->SetEncryptionPolicy( + info.uid, info.bundleName, info.userId, keyId); + if (result != ERR_OK) { + APP_LOGE("SetEncryptionPolicy failed for %{public}s", info.bundleName.c_str()); + } + // update the keyId to the bundleInfo + auto dataMgr = DelayedSingleton::GetInstance()->GetDataMgr(); + if (dataMgr == nullptr) { + APP_LOGE("OnRegenerateAppKey dataMgr is nullptr"); + continue; + } + InnerBundleInfo bundleInfo; + bool isAppExist = dataMgr->GetInnerBundleInfo(info.bundleName, bundleInfo); + if (!isAppExist) { + APP_LOGE("OnRegenerateAppKey bundleInfo is not exist"); + continue; + } + userInfo.SetKeyId(info.userId, keyId); + if (!dataMgr_->UpdateInnerBundleInfo(info)) { + APP_LOGE("save keyId failed"); + continue; + } + APP_LOGI("OnRegenerateAppKey success for %{public}s", info.bundleName.c_str()); + } +} +} // AppExecFwk +} // OHOS diff --git a/services/bundlemgr/src/inner_bundle_info.cpp b/services/bundlemgr/src/inner_bundle_info.cpp index 9d6bed2e3..ea70653f7 100644 --- a/services/bundlemgr/src/inner_bundle_info.cpp +++ b/services/bundlemgr/src/inner_bundle_info.cpp @@ -2011,6 +2011,7 @@ void InnerBundleInfo::SetkeyId(const int32_t userId, const std::string &keyId) auto& key = NameAndUserIdToKey(GetBundleName(), userId); auto infoItem = innerBundleUserInfos_.find(key); if (infoItem == innerBundleUserInfos_.end()) { + APP_LOGE("SetkeyId failed, cannot find userInfo for userId %{public}d", userId); return; } infoItem->second.keyId = keyId; diff --git a/services/bundlemgr/src/installd/installd_operator.cpp b/services/bundlemgr/src/installd/installd_operator.cpp index a283b12e0..5e8f5870b 100644 --- a/services/bundlemgr/src/installd/installd_operator.cpp +++ b/services/bundlemgr/src/installd/installd_operator.cpp @@ -2241,6 +2241,7 @@ bool InstalldOperator::GenerateKeyIdAndSetPolicy(int32_t uid, const std::string } close(fd); } + LOG_I(BMS_TAG_INSTALLD, "GenerateKeyIdAndSetPolicy success for %{public}s", bundleName.c_str()); return true; } diff --git a/services/bundlemgr/test/unittest/bms_ability_manager_helper_test/BUILD.gn b/services/bundlemgr/test/unittest/bms_ability_manager_helper_test/BUILD.gn index e1df6497c..8c72f2065 100644 --- a/services/bundlemgr/test/unittest/bms_ability_manager_helper_test/BUILD.gn +++ b/services/bundlemgr/test/unittest/bms_ability_manager_helper_test/BUILD.gn @@ -54,6 +54,7 @@ ohos_unittest("BmsAbilityManagerHelperTest") { external_deps = [ "ability_base:want", "ability_runtime:app_manager", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify", diff --git a/services/bundlemgr/test/unittest/bms_bundle_clone_app_test/BUILD.gn b/services/bundlemgr/test/unittest/bms_bundle_clone_app_test/BUILD.gn index 693289945..ec759c6a7 100644 --- a/services/bundlemgr/test/unittest/bms_bundle_clone_app_test/BUILD.gn +++ b/services/bundlemgr/test/unittest/bms_bundle_clone_app_test/BUILD.gn @@ -62,6 +62,7 @@ ohos_unittest("BmsBundleCloneAppBundleLogicTest") { external_deps = [ "ability_base:want", "ability_runtime:app_manager", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify", diff --git a/services/bundlemgr/test/unittest/bms_bundle_clone_installer_test/BUILD.gn b/services/bundlemgr/test/unittest/bms_bundle_clone_installer_test/BUILD.gn index 5ad48208a..29c0bbe35 100644 --- a/services/bundlemgr/test/unittest/bms_bundle_clone_installer_test/BUILD.gn +++ b/services/bundlemgr/test/unittest/bms_bundle_clone_installer_test/BUILD.gn @@ -76,6 +76,7 @@ ohos_unittest("BmsBundleCloneInstallerTest") { external_deps = [ "ability_base:want", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify", diff --git a/services/bundlemgr/test/unittest/bms_bundle_data_group_test/BUILD.gn b/services/bundlemgr/test/unittest/bms_bundle_data_group_test/BUILD.gn index cf5888d91..fa5f02eaa 100644 --- a/services/bundlemgr/test/unittest/bms_bundle_data_group_test/BUILD.gn +++ b/services/bundlemgr/test/unittest/bms_bundle_data_group_test/BUILD.gn @@ -55,6 +55,7 @@ ohos_unittest("BmsBundleDataGroupTest") { external_deps = [ "ability_base:want", "ability_runtime:app_manager", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify", diff --git a/services/bundlemgr/test/unittest/bms_bundle_installer_test/BUILD.gn b/services/bundlemgr/test/unittest/bms_bundle_installer_test/BUILD.gn index 23789cc69..4880949ad 100755 --- a/services/bundlemgr/test/unittest/bms_bundle_installer_test/BUILD.gn +++ b/services/bundlemgr/test/unittest/bms_bundle_installer_test/BUILD.gn @@ -776,6 +776,7 @@ ohos_unittest("BmsBundleInstallCheckerTest") { external_deps = [ "ability_base:want", "ability_runtime:app_manager", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify", @@ -918,6 +919,7 @@ ohos_unittest("BmsBundleInstallDeviceTypeTest") { external_deps = [ "ability_base:want", "ability_runtime:app_manager", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify", @@ -1061,6 +1063,7 @@ ohos_unittest("BmsSystemBundleInstallerTest") { external_deps = [ "ability_base:want", "ability_runtime:app_manager", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify", diff --git a/services/bundlemgr/test/unittest/bms_bundle_overlay_test/BUILD.gn b/services/bundlemgr/test/unittest/bms_bundle_overlay_test/BUILD.gn index 7ee4063c9..152fcedba 100644 --- a/services/bundlemgr/test/unittest/bms_bundle_overlay_test/BUILD.gn +++ b/services/bundlemgr/test/unittest/bms_bundle_overlay_test/BUILD.gn @@ -267,6 +267,7 @@ ohos_unittest("BmsBundleOverlayIpcTest") { external_deps = [ "ability_base:want", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify", @@ -398,6 +399,7 @@ ohos_unittest("BmsBundleManagerOverlayIpcTest") { external_deps = [ "ability_base:want", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify", @@ -530,6 +532,7 @@ ohos_unittest("BmsBundleSetOverlayEnabledTest") { external_deps = [ "ability_base:want", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify", @@ -662,6 +665,7 @@ ohos_unittest("BmsBundleGetOverlayModuleInfoTest") { external_deps = [ "ability_base:want", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify", diff --git a/services/bundlemgr/test/unittest/bms_bundle_permission_grant_test/BUILD.gn b/services/bundlemgr/test/unittest/bms_bundle_permission_grant_test/BUILD.gn index 8169a5742..601557c34 100644 --- a/services/bundlemgr/test/unittest/bms_bundle_permission_grant_test/BUILD.gn +++ b/services/bundlemgr/test/unittest/bms_bundle_permission_grant_test/BUILD.gn @@ -1110,6 +1110,7 @@ ohos_unittest("BmsBundlePermissionGetRequestTest") { external_deps = [ "ability_base:want", "ability_runtime:app_manager", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify", diff --git a/services/bundlemgr/test/unittest/bms_bundle_quick_fix_query_test/BUILD.gn b/services/bundlemgr/test/unittest/bms_bundle_quick_fix_query_test/BUILD.gn index 0320d21bf..9cb7ea0bb 100644 --- a/services/bundlemgr/test/unittest/bms_bundle_quick_fix_query_test/BUILD.gn +++ b/services/bundlemgr/test/unittest/bms_bundle_quick_fix_query_test/BUILD.gn @@ -54,6 +54,7 @@ ohos_unittest("BmsBundleQuickFixQueryTest") { external_deps = [ "ability_base:want", "ability_runtime:app_manager", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify", diff --git a/services/bundlemgr/test/unittest/bms_data_mgr_test/BUILD.gn b/services/bundlemgr/test/unittest/bms_data_mgr_test/BUILD.gn index 1a83c154c..762a85321 100644 --- a/services/bundlemgr/test/unittest/bms_data_mgr_test/BUILD.gn +++ b/services/bundlemgr/test/unittest/bms_data_mgr_test/BUILD.gn @@ -55,6 +55,7 @@ ohos_unittest("BmsDataMgrTest") { external_deps = [ "ability_base:want", "ability_runtime:app_manager", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify", @@ -184,6 +185,7 @@ ohos_unittest("BmsExtensionDataMgrTest") { external_deps = [ "ability_base:want", "ability_runtime:app_manager", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify", diff --git a/services/bundlemgr/test/unittest/bms_event_handler_test/BUILD.gn b/services/bundlemgr/test/unittest/bms_event_handler_test/BUILD.gn index 0e667cb88..50fa73c9f 100644 --- a/services/bundlemgr/test/unittest/bms_event_handler_test/BUILD.gn +++ b/services/bundlemgr/test/unittest/bms_event_handler_test/BUILD.gn @@ -42,6 +42,7 @@ ohos_unittest("BmsEventHandlerTest") { external_deps = [ "ability_base:want", "ability_runtime:app_manager", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify", @@ -157,6 +158,7 @@ ohos_unittest("BmsEventHandlerUnLockedTest") { external_deps = [ "ability_base:want", "ability_runtime:app_manager", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify", diff --git a/services/bundlemgr/test/unittest/bms_rdb_data_manager_test/BUILD.gn b/services/bundlemgr/test/unittest/bms_rdb_data_manager_test/BUILD.gn index 946574e3b..af57bf0d3 100755 --- a/services/bundlemgr/test/unittest/bms_rdb_data_manager_test/BUILD.gn +++ b/services/bundlemgr/test/unittest/bms_rdb_data_manager_test/BUILD.gn @@ -62,6 +62,7 @@ ohos_unittest("BmsRdbDataManagerTest") { external_deps = [ "ability_base:want", "ability_runtime:app_manager", + "access_token:el5_filekey_manager_sdk", "access_token:libaccesstoken_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", diff --git a/services/bundlemgr/test/unittest/bms_service_bundle_scan_test/BUILD.gn b/services/bundlemgr/test/unittest/bms_service_bundle_scan_test/BUILD.gn index 28c5aabb6..43db4e266 100644 --- a/services/bundlemgr/test/unittest/bms_service_bundle_scan_test/BUILD.gn +++ b/services/bundlemgr/test/unittest/bms_service_bundle_scan_test/BUILD.gn @@ -52,6 +52,7 @@ ohos_unittest("BmsServiceBundleScanTest") { external_deps = [ "ability_base:want", "ability_runtime:app_manager", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify", diff --git a/services/bundlemgr/test/unittest/bms_service_startup_test/BUILD.gn b/services/bundlemgr/test/unittest/bms_service_startup_test/BUILD.gn index 6eea77b17..2813fe9e7 100644 --- a/services/bundlemgr/test/unittest/bms_service_startup_test/BUILD.gn +++ b/services/bundlemgr/test/unittest/bms_service_startup_test/BUILD.gn @@ -48,6 +48,7 @@ ohos_unittest("BmsServiceStartupTest") { external_deps = [ "ability_base:want", "ability_runtime:app_manager", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify", diff --git a/test/fuzztest/fuzztest_others/bundlecloneinstaller_fuzzer/BUILD.gn b/test/fuzztest/fuzztest_others/bundlecloneinstaller_fuzzer/BUILD.gn index 06cc0cdd9..82ebec29d 100644 --- a/test/fuzztest/fuzztest_others/bundlecloneinstaller_fuzzer/BUILD.gn +++ b/test/fuzztest/fuzztest_others/bundlecloneinstaller_fuzzer/BUILD.gn @@ -50,6 +50,7 @@ ohos_fuzztest("BundlecloneinstallerFuzzTest") { external_deps = [ "ability_base:want", + "access_token:el5_filekey_manager_sdk", "access_token:libprivacy_sdk", "access_token:libtokenid_sdk", "appverify:libhapverify",