From de9b4377a05a62b8ce87a7a4f3156732ae6c345a Mon Sep 17 00:00:00 2001 From: lanhaoyu Date: Thu, 28 Aug 2025 10:16:26 +0800 Subject: [PATCH] add controlRule Signed-off-by: lanhaoyu --- .../include/app_running_control_rule.h | 3 +- .../include/appexecfwk_errors.h | 1 + .../src/app_running_control_rule.cpp | 4 +- .../app_control/app_control_interface.h | 2 +- .../include/app_control/app_control_proxy.h | 5 +- .../src/app_control/app_control_host.cpp | 7 +- .../src/app_control/app_control_proxy.cpp | 27 +- .../include/app_control/app_control_manager.h | 22 +- .../app_control_manager_db_interface.h | 8 +- .../app_control_manager_host_impl.h | 3 +- .../app_control/app_control_manager_rdb.h | 8 +- .../src/app_control/app_control_manager.cpp | 243 +++++++++++++++--- .../app_control_manager_host_impl.cpp | 5 +- .../app_control/app_control_manager_rdb.cpp | 144 ++++++++++- 14 files changed, 425 insertions(+), 57 deletions(-) diff --git a/interfaces/inner_api/appexecfwk_base/include/app_running_control_rule.h b/interfaces/inner_api/appexecfwk_base/include/app_running_control_rule.h index cdf2eab9be..e45e49d6ac 100644 --- a/interfaces/inner_api/appexecfwk_base/include/app_running_control_rule.h +++ b/interfaces/inner_api/appexecfwk_base/include/app_running_control_rule.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,6 +23,7 @@ namespace OHOS { namespace AppExecFwk { struct AppRunningControlRule : public Parcelable { + bool allowRunning = false; std::string appId; std::string controlMessage; diff --git a/interfaces/inner_api/appexecfwk_base/include/appexecfwk_errors.h b/interfaces/inner_api/appexecfwk_base/include/appexecfwk_errors.h index fcbaaeb207..c5840bb26d 100644 --- a/interfaces/inner_api/appexecfwk_base/include/appexecfwk_errors.h +++ b/interfaces/inner_api/appexecfwk_base/include/appexecfwk_errors.h @@ -361,6 +361,7 @@ enum { ERR_BUNDLE_MANAGER_GET_ACCOUNT_INFO_FAILED = 8521258, ERR_BUNDLE_MANAGER_BUNDLE_DISABLED = 8521259, ERR_BUNDLE_MANAGER_ACCESS_TOKENID_NOT_EXIST = 8521260, + ERR_BUNDLE_MANAGER_CONTROL_RULE_NOT_CONSISTENT = 8521261, // zlib errcode ERR_ZLIB_SRC_FILE_DISABLED = 8521240, ERR_ZLIB_DEST_FILE_DISABLED = 8521241, diff --git a/interfaces/inner_api/appexecfwk_base/src/app_running_control_rule.cpp b/interfaces/inner_api/appexecfwk_base/src/app_running_control_rule.cpp index af55cc9738..cdc78860af 100644 --- a/interfaces/inner_api/appexecfwk_base/src/app_running_control_rule.cpp +++ b/interfaces/inner_api/appexecfwk_base/src/app_running_control_rule.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -25,6 +25,7 @@ bool AppRunningControlRule::ReadFromParcel(Parcel &parcel) { appId = Str16ToStr8(parcel.ReadString16()); controlMessage = Str16ToStr8(parcel.ReadString16()); + allowRunning = parcel.ReadBool(); return true; } @@ -32,6 +33,7 @@ bool AppRunningControlRule::Marshalling(Parcel &parcel) const { WRITE_PARCEL_AND_RETURN_FALSE_IF_FAIL(String16, parcel, Str8ToStr16(appId)); WRITE_PARCEL_AND_RETURN_FALSE_IF_FAIL(String16, parcel, Str8ToStr16(controlMessage)); + WRITE_PARCEL_AND_RETURN_FALSE_IF_FAIL(Bool, parcel, allowRunning); return true; } diff --git a/interfaces/inner_api/appexecfwk_core/include/app_control/app_control_interface.h b/interfaces/inner_api/appexecfwk_core/include/app_control/app_control_interface.h index 5f7cb2f8f3..cd48132b9c 100644 --- a/interfaces/inner_api/appexecfwk_core/include/app_control/app_control_interface.h +++ b/interfaces/inner_api/appexecfwk_core/include/app_control/app_control_interface.h @@ -80,7 +80,7 @@ public: { return ERR_APPEXECFWK_SERVICE_INTERNAL_ERROR; } - virtual ErrCode GetAppRunningControlRule(int32_t userId, std::vector &appIds) + virtual ErrCode GetAppRunningControlRule(int32_t userId, std::vector &appIds, bool &allowRunning) { return ERR_APPEXECFWK_SERVICE_INTERNAL_ERROR; } diff --git a/interfaces/inner_api/appexecfwk_core/include/app_control/app_control_proxy.h b/interfaces/inner_api/appexecfwk_core/include/app_control/app_control_proxy.h index 997765c4f2..9877cab9c8 100644 --- a/interfaces/inner_api/appexecfwk_core/include/app_control/app_control_proxy.h +++ b/interfaces/inner_api/appexecfwk_core/include/app_control/app_control_proxy.h @@ -41,7 +41,8 @@ public: virtual ErrCode DeleteAppRunningControlRule( const std::vector &controlRule, int32_t userId) override; virtual ErrCode DeleteAppRunningControlRule(int32_t userId) override; - virtual ErrCode GetAppRunningControlRule(int32_t userId, std::vector &appIds) override; + virtual ErrCode GetAppRunningControlRule( + int32_t userId, std::vector &appIds, bool &allowRunning) override; virtual ErrCode GetAppRunningControlRule( const std::string &bundleName, int32_t userId, AppRunningControlRuleResult &controlRuleResult) override; @@ -93,6 +94,8 @@ private: bool WriteStringVector(const std::vector &stringVector, MessageParcel &data); int32_t GetParcelableInfos( AppControlManagerInterfaceCode code, MessageParcel &data, std::vector &stringVector); + int32_t GetParcelableInfos(AppControlManagerInterfaceCode code, + MessageParcel &data, std::vector &stringVector, bool &allowRunning); int32_t SendRequest(AppControlManagerInterfaceCode code, MessageParcel &data, MessageParcel &reply); template ErrCode GetParcelableInfosWithErrCode(AppControlManagerInterfaceCode code, MessageParcel &data, diff --git a/interfaces/inner_api/appexecfwk_core/src/app_control/app_control_host.cpp b/interfaces/inner_api/appexecfwk_core/src/app_control/app_control_host.cpp index 752eb8cc68..cb8db83334 100644 --- a/interfaces/inner_api/appexecfwk_core/src/app_control/app_control_host.cpp +++ b/interfaces/inner_api/appexecfwk_core/src/app_control/app_control_host.cpp @@ -249,7 +249,8 @@ ErrCode AppControlHost::HandleGetAppRunningControlRule(MessageParcel& data, Mess { int32_t userId = data.ReadInt32(); std::vector appIds; - int32_t ret = GetAppRunningControlRule(userId, appIds); + bool allowRunning; + int32_t ret = GetAppRunningControlRule(userId, appIds, allowRunning); if (ret != ERR_OK) { LOG_E(BMS_TAG_DEFAULT, "HandleGetAppRunningControlRule failed"); return ret; @@ -258,6 +259,10 @@ ErrCode AppControlHost::HandleGetAppRunningControlRule(MessageParcel& data, Mess LOG_E(BMS_TAG_DEFAULT, "write appIds failed"); return ERR_APPEXECFWK_PARCEL_ERROR; } + if (!reply.WriteBool(allowRunning)) { + LOG_E(BMS_TAG_DEFAULT, "write allowRunning failed"); + return ERR_APPEXECFWK_PARCEL_ERROR; + } return ERR_OK; } diff --git a/interfaces/inner_api/appexecfwk_core/src/app_control/app_control_proxy.cpp b/interfaces/inner_api/appexecfwk_core/src/app_control/app_control_proxy.cpp index 71711f25bb..2c4d1a1fa0 100644 --- a/interfaces/inner_api/appexecfwk_core/src/app_control/app_control_proxy.cpp +++ b/interfaces/inner_api/appexecfwk_core/src/app_control/app_control_proxy.cpp @@ -207,7 +207,7 @@ ErrCode AppControlProxy::DeleteAppRunningControlRule(int32_t userId) return SendRequest(AppControlManagerInterfaceCode::CLEAN_APP_RUNNING_CONTROL_RULE, data, reply); } -ErrCode AppControlProxy::GetAppRunningControlRule(int32_t userId, std::vector &appIds) +ErrCode AppControlProxy::GetAppRunningControlRule(int32_t userId, std::vector &appIds, bool &allowRunning) { LOG_D(BMS_TAG_DEFAULT, "begin to call GetAppInstallControlRule"); MessageParcel data; @@ -219,7 +219,7 @@ ErrCode AppControlProxy::GetAppRunningControlRule(int32_t userId, std::vector &stringVector, bool &allowRunning) +{ + MessageParcel reply; + int32_t ret = SendRequest(code, data, reply); + if (ret != NO_ERROR) { + return ret; + } + + int32_t infoSize = reply.ReadInt32(); + CONTAINER_SECURITY_VERIFY(reply, infoSize, &stringVector); + for (int32_t i = 0; i < infoSize; i++) { + stringVector.emplace_back(reply.ReadString()); + } + + if (!reply.ReadBool(allowRunning)) { + LOG_E(BMS_TAG_DEFAULT, "read allowRunning failed"); + return ERR_APPEXECFWK_PARCEL_ERROR; + } + LOG_D(BMS_TAG_DEFAULT, "Read string vector success"); + return NO_ERROR; +} + template ErrCode AppControlProxy::GetParcelableInfosWithErrCode(AppControlManagerInterfaceCode code, MessageParcel &data, std::vector &parcelableInfos) diff --git a/services/bundlemgr/include/app_control/app_control_manager.h b/services/bundlemgr/include/app_control/app_control_manager.h index 46bd1e3b06..9149654965 100644 --- a/services/bundlemgr/include/app_control/app_control_manager.h +++ b/services/bundlemgr/include/app_control/app_control_manager.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2024 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -30,6 +30,11 @@ namespace AppExecFwk { class AppControlManager : public DelayedSingleton { public: using Want = OHOS::AAFwk::Want; + enum RunningRuleSettingStatus : int32_t { + NO_SET, + BLACK_LIST, + WHITE_LIST, + }; AppControlManager(); ~AppControlManager(); @@ -51,7 +56,8 @@ public: ErrCode DeleteAppRunningControlRule(const std::string &callingName, const std::vector &controlRules, int32_t userId); ErrCode DeleteAppRunningControlRule(const std::string &callingName, int32_t userId); - ErrCode GetAppRunningControlRule(const std::string &callingName, int32_t userId, std::vector &appIds); + ErrCode GetAppRunningControlRule( + const std::string &callingName, int32_t userId, std::vector &appIds, bool &allowRunning); ErrCode GetAppRunningControlRule( const std::string &bundleName, int32_t userId, AppRunningControlRuleResult &controlRule); @@ -112,10 +118,21 @@ private: bool CheckCanDispose(const std::string &appId, int32_t userId); void PrintDisposedRuleInfo(const std::vector &disposedRules, const std::string &key); std::string GenerateAppRunningRuleCacheKey(const std::string &appId, int32_t userId, int32_t appIndex); + ErrCode GenerateRunningRuleSettingStatusMap(); + ErrCode VerifyRulesCanContinue(const std::vector &controlRules, int32_t userId); + void SetRunningRuleSettingStatusByUserId(int32_t userId, RunningRuleSettingStatus runningRuleSettingStatus); + RunningRuleSettingStatus GetRunningRuleSettingStatusByUserId(int32_t userId); + void SetAppRunningControlRuleCache(const std::string &key, AppRunningControlRuleResult controlRuleResult); + bool GetAppRunningControlRuleCache(const std::string &key, AppRunningControlRuleResult &controlRuleResult); + void DeleteAppRunningControlRuleCache(const std::string &key); + void DeleteAppRunningControlRuleCacheForUserId(int32_t userId); + ErrCode CheckAppControlRuleIntercept(const std::string &bundleName, + int32_t userId, bool isSuccess, AppRunningControlRuleResult &controlRuleResult); bool isAppInstallControlEnabled_ = false; std::mutex appRunningControlMutex_; std::mutex abilityRunningControlRuleMutex_; + std::mutex runningRuleSettingStatusMutex_; std::shared_ptr appControlManagerDb_; std::shared_ptr appJumpInterceptorManagerDb_; std::shared_ptr commonEventMgr_; @@ -123,6 +140,7 @@ private: std::unordered_map> abilityRunningControlRuleCache_; std::unordered_map abilityRunningControlRuleCacheForBms_; std::vector noControllingList_; + std::unordered_map runningRuleSettingStatusMap_; }; } // AppExecFwk } // OHOS diff --git a/services/bundlemgr/include/app_control/app_control_manager_db_interface.h b/services/bundlemgr/include/app_control/app_control_manager_db_interface.h index b98a1c699a..d3a26968b0 100644 --- a/services/bundlemgr/include/app_control/app_control_manager_db_interface.h +++ b/services/bundlemgr/include/app_control/app_control_manager_db_interface.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -45,7 +45,7 @@ public: const std::vector &controlRules, int32_t userId) = 0; virtual ErrCode DeleteAppRunningControlRule(const std::string &callingName, int32_t userId) = 0; virtual ErrCode GetAppRunningControlRule(const std::string &callingName, - int32_t userId, std::vector &appIds) = 0; + int32_t userId, std::vector &appIds, bool &allowRunning) = 0; virtual ErrCode GetAppRunningControlRule(const std::string &appId, int32_t userId, AppRunningControlRuleResult &controlRuleResult) = 0; @@ -72,6 +72,10 @@ public: int32_t appIndex, int32_t userId) = 0; virtual ErrCode GetUninstallDisposedRule(const std::string &appIdentifier, int32_t appIndex, int32_t userId, UninstallDisposedRule &rule) = 0; + virtual ErrCode GetAppRunningControlRuleByUserId(int32_t userId, std::string &appId, + AppRunningControlRule &controlRuleResult) = 0; + virtual ErrCode GetAllUserIdsForRunningControl(std::vector &outUserIds) = 0; + virtual ErrCode GetAppIdsByUserId(int32_t userId, std::vector &appIds) = 0; }; } // namespace AppExecFwk } // namespace OHOS diff --git a/services/bundlemgr/include/app_control/app_control_manager_host_impl.h b/services/bundlemgr/include/app_control/app_control_manager_host_impl.h index a9e7128c90..f4fafad391 100644 --- a/services/bundlemgr/include/app_control/app_control_manager_host_impl.h +++ b/services/bundlemgr/include/app_control/app_control_manager_host_impl.h @@ -46,7 +46,8 @@ public: virtual ErrCode DeleteAppRunningControlRule( const std::vector &controlRules, int32_t userId) override; virtual ErrCode DeleteAppRunningControlRule(int32_t userId) override; - virtual ErrCode GetAppRunningControlRule(int32_t userId, std::vector &appIds) override; + virtual ErrCode GetAppRunningControlRule( + int32_t userId, std::vector &appIds, bool &allowRunning) override; virtual ErrCode GetAppRunningControlRule( const std::string &bundleName, int32_t userId, AppRunningControlRuleResult &controlRule) override; diff --git a/services/bundlemgr/include/app_control/app_control_manager_rdb.h b/services/bundlemgr/include/app_control/app_control_manager_rdb.h index a054a4573a..887bea6b07 100644 --- a/services/bundlemgr/include/app_control/app_control_manager_rdb.h +++ b/services/bundlemgr/include/app_control/app_control_manager_rdb.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -42,7 +42,7 @@ public: const std::vector &controlRules, int32_t userId) override; virtual ErrCode DeleteAppRunningControlRule(const std::string &callingName, int32_t userId) override; virtual ErrCode GetAppRunningControlRule(const std::string &callingName, - int32_t userId, std::vector &appIds) override; + int32_t userId, std::vector &appIds, bool &allowRunning) override; virtual ErrCode GetAppRunningControlRule(const std::string &appId, int32_t userId, AppRunningControlRuleResult &controlRuleResult) override; @@ -69,6 +69,10 @@ public: int32_t appIndex, int32_t userId) override; virtual ErrCode GetUninstallDisposedRule(const std::string &appIdentifier, int32_t appIndex, int32_t userId, UninstallDisposedRule &rule) override; + virtual ErrCode GetAppRunningControlRuleByUserId(int32_t userId, std::string &appId, + AppRunningControlRule &controlRuleResult) override; + virtual ErrCode GetAllUserIdsForRunningControl(std::vector &outUserIds) override; + virtual ErrCode GetAppIdsByUserId(int32_t userId, std::vector &appIds) override; private: ErrCode DeleteOldControlRule(const std::string &callingName, const std::string &controlRuleType, diff --git a/services/bundlemgr/src/app_control/app_control_manager.cpp b/services/bundlemgr/src/app_control/app_control_manager.cpp index fb5e644264..8282490907 100644 --- a/services/bundlemgr/src/app_control/app_control_manager.cpp +++ b/services/bundlemgr/src/app_control/app_control_manager.cpp @@ -32,6 +32,7 @@ namespace { constexpr const char* APP_MARKET_CALLING = "app market"; constexpr const char* INVALID_MESSAGE = "INVALID_MESSAGE"; constexpr const char* ATOMIC_SERVICE = "atomicservice"; + constexpr const char* APP_CONTROL_EDM_DEFAULT_MESSAGE = "The app has been disabled by EDM"; } AppControlManager::AppControlManager() @@ -43,12 +44,48 @@ AppControlManager::AppControlManager() if (ret != ERR_OK) { LOG_W(BMS_TAG_DEFAULT, "GetNoDisablingList failed"); } + ret = GenerateRunningRuleSettingStatusMap(); + if (ret != ERR_OK) { + LOG_W(BMS_TAG_DEFAULT, "GenerateRunningRuleSettingStatusMap failed"); + } } AppControlManager::~AppControlManager() { } +ErrCode AppControlManager::GenerateRunningRuleSettingStatusMap() +{ + std::vector userIds; + auto ret = appControlManagerDb_->GetAllUserIdsForRunningControl(userIds); + if (ret != ERR_OK) { + LOG_E(BMS_TAG_DEFAULT, "GetAllUserIdsForRunningControl failed"); + return ret; + } + if (userIds.empty()) { + return ERR_OK; + } + std::string appId; + AppRunningControlRule controlRuleResult; + for (auto userId : userIds) { + auto ret = appControlManagerDb_->GetAppRunningControlRuleByUserId(userId, appId, controlRuleResult); + if (ret != ERR_OK) { + LOG_E(BMS_TAG_DEFAULT, "GetAppRunningControlRuleByUserId failed for userId=%d", userId); + continue; + } + if (appId.empty()) { + SetRunningRuleSettingStatusByUserId(userId, RunningRuleSettingStatus::NO_SET); + continue; + } + if (controlRuleResult.allowRunning) { + SetRunningRuleSettingStatusByUserId(userId, RunningRuleSettingStatus::WHITE_LIST); + } else { + SetRunningRuleSettingStatusByUserId(userId, RunningRuleSettingStatus::BLACK_LIST); + } + } + return ERR_OK; +} + ErrCode AppControlManager::AddAppInstallControlRule(const std::string &callingName, const std::vector &appIds, const std::string &controlRuleType, int32_t userId) { @@ -93,34 +130,93 @@ ErrCode AppControlManager::AddAppRunningControlRule(const std::string &callingNa const std::vector &controlRules, int32_t userId) { LOG_D(BMS_TAG_DEFAULT, "AddAppRunningControlRule"); - std::lock_guard lock(appRunningControlMutex_); - ErrCode ret = appControlManagerDb_->AddAppRunningControlRule(callingName, controlRules, userId); - if (ret == ERR_OK) { - for (const auto &rule : controlRules) { - std::string key = rule.appId + std::string("_") + std::to_string(userId); - auto iter = appRunningControlRuleResult_.find(key); - if (iter != appRunningControlRuleResult_.end()) { - appRunningControlRuleResult_.erase(iter); - } + ErrCode ret = VerifyRulesCanContinue(controlRules, userId); + if (ret != ERR_OK) { + return ret; + } + ret = appControlManagerDb_->AddAppRunningControlRule(callingName, controlRules, userId); + if (ret != ERR_OK) { + return ret; + } + if (controlRules[0].allowRunning == true) { + SetRunningRuleSettingStatusByUserId(userId, RunningRuleSettingStatus::WHITE_LIST); + } else { + SetRunningRuleSettingStatusByUserId(userId, RunningRuleSettingStatus::BLACK_LIST); + } + for (const auto &rule : controlRules) { + std::string key = rule.appId + std::string("_") + std::to_string(userId); + DeleteAppRunningControlRuleCache(key); + } + KillRunningApp(controlRules, userId); + return ERR_OK; +} + +ErrCode AppControlManager::VerifyRulesCanContinue( + const std::vector &controlRules, int32_t userId) +{ + if (controlRules.empty()) { + LOG_E(BMS_TAG_DEFAULT, "controlRules is empty"); + return ERR_BUNDLE_MANAGER_INVALID_PARAMETER; + } + auto firstAllowRunning = controlRules[0].allowRunning; + for (const auto &rule : controlRules) { + if (rule.allowRunning != firstAllowRunning) { + LOG_E(BMS_TAG_DEFAULT, "mixed blacklist and whitelist rules are not allowed"); + return ERR_BUNDLE_MANAGER_CONTROL_RULE_NOT_CONSISTENT; } - KillRunningApp(controlRules, userId); } - return ret; + RunningRuleSettingStatus runningRuleSettingStatus = + firstAllowRunning ? RunningRuleSettingStatus::WHITE_LIST : RunningRuleSettingStatus::BLACK_LIST; + auto status = GetRunningRuleSettingStatusByUserId(userId); + if (status != RunningRuleSettingStatus::NO_SET && status != runningRuleSettingStatus) { + LOG_E(BMS_TAG_DEFAULT, "rules are inconsistent with history"); + return ERR_BUNDLE_MANAGER_CONTROL_RULE_NOT_CONSISTENT; + } + return ERR_OK; +} + +AppControlManager::RunningRuleSettingStatus AppControlManager::GetRunningRuleSettingStatusByUserId(int32_t userId) +{ + std::lock_guard lock(runningRuleSettingStatusMutex_); + auto it = runningRuleSettingStatusMap_.find(userId); + if (it != runningRuleSettingStatusMap_.end()) { + return it->second; + } + return RunningRuleSettingStatus::NO_SET; +} + +void AppControlManager::SetRunningRuleSettingStatusByUserId( + int32_t userId, RunningRuleSettingStatus runningRuleSettingStatus) +{ + std::lock_guard lock(runningRuleSettingStatusMutex_); + auto it = runningRuleSettingStatusMap_.find(userId); + if (it != runningRuleSettingStatusMap_.end()) { + runningRuleSettingStatusMap_.erase(it); + } + runningRuleSettingStatusMap_.emplace(userId, runningRuleSettingStatus); } ErrCode AppControlManager::DeleteAppRunningControlRule(const std::string &callingName, const std::vector &controlRules, int32_t userId) { - std::lock_guard lock(appRunningControlMutex_); - auto ret = appControlManagerDb_->DeleteAppRunningControlRule(callingName, controlRules, userId); - if (ret == ERR_OK) { - for (const auto &rule : controlRules) { - std::string key = rule.appId + std::string("_") + std::to_string(userId); - auto iter = appRunningControlRuleResult_.find(key); - if (iter != appRunningControlRuleResult_.end()) { - appRunningControlRuleResult_.erase(iter); - } - } + ErrCode ret = VerifyRulesCanContinue(controlRules, userId); + if (ret != ERR_OK) { + return ret; + } + ret = appControlManagerDb_->DeleteAppRunningControlRule(callingName, controlRules, userId); + if (ret != ERR_OK) { + LOG_E(BMS_TAG_DEFAULT, "DeleteAppRunningControlRule failed"); + return ret; + } + for (const auto &rule : controlRules) { + std::string key = rule.appId + std::string("_") + std::to_string(userId); + DeleteAppRunningControlRuleCache(key); + } + std::vector appIds; + ret = appControlManagerDb_->GetAppIdsByUserId(userId, appIds); + if (appIds.empty()) { + SetRunningRuleSettingStatusByUserId(userId, RunningRuleSettingStatus::NO_SET); + DeleteAppRunningControlRuleCacheForUserId(userId); } return ret; } @@ -132,24 +228,15 @@ ErrCode AppControlManager::DeleteAppRunningControlRule(const std::string &callin LOG_E(BMS_TAG_DEFAULT, "DeleteAppRunningControlRule failed"); return res; } - std::lock_guard lock(appRunningControlMutex_); - for (auto it = appRunningControlRuleResult_.begin(); it != appRunningControlRuleResult_.end();) { - std::string key = it->first; - std::string targetUserId = std::to_string(userId); - if (key.size() >= targetUserId.size() && - key.compare(key.size() - targetUserId.size(), targetUserId.size(), targetUserId) == 0) { - it = appRunningControlRuleResult_.erase(it); - } else { - ++it; - } - } + DeleteAppRunningControlRuleCacheForUserId(userId); + SetRunningRuleSettingStatusByUserId(userId, RunningRuleSettingStatus::NO_SET); return res; } ErrCode AppControlManager::GetAppRunningControlRule( - const std::string &callingName, int32_t userId, std::vector &appIds) + const std::string &callingName, int32_t userId, std::vector &appIds, bool &allowRunning) { - return appControlManagerDb_->GetAppRunningControlRule(callingName, userId, appIds); + return appControlManagerDb_->GetAppRunningControlRule(callingName, userId, appIds, allowRunning); } ErrCode AppControlManager::ConfirmAppJumpControlRule(const std::string &callerBundleName, @@ -271,9 +358,8 @@ ErrCode AppControlManager::GetAppRunningControlRule( return ret; } std::string key = appId + std::string("_") + std::to_string(userId); - std::lock_guard lock(appRunningControlMutex_); - if (appRunningControlRuleResult_.find(key) != appRunningControlRuleResult_.end()) { - controlRuleResult = appRunningControlRuleResult_[key]; + auto statusRet = GetAppRunningControlRuleCache(key, controlRuleResult); + if (statusRet) { if (controlRuleResult.controlMessage == INVALID_MESSAGE) { controlRuleResult.controlMessage = std::string(); return ERR_BUNDLE_MANAGER_BUNDLE_NOT_SET_CONTROL; @@ -281,11 +367,90 @@ ErrCode AppControlManager::GetAppRunningControlRule( return ERR_OK; } ret = appControlManagerDb_->GetAppRunningControlRule(appId, userId, controlRuleResult); - if (ret != ERR_OK) { + if (ret == ERR_OK) { + if (!controlRuleResult.isEdm) { + SetAppRunningControlRuleCache(key, controlRuleResult); + return ret; + } + } + bool isSuccess = (ret == ERR_OK); + ret = CheckAppControlRuleIntercept(bundleName, userId, isSuccess, controlRuleResult); + SetAppRunningControlRuleCache(key, controlRuleResult); + return ret; +} + +ErrCode AppControlManager::CheckAppControlRuleIntercept(const std::string &bundleName, + int32_t userId, bool isSuccess, AppRunningControlRuleResult &controlRuleResult) +{ + auto status = GetRunningRuleSettingStatusByUserId(userId); + if (isSuccess) { + if (status == RunningRuleSettingStatus::NO_SET || status == RunningRuleSettingStatus::WHITE_LIST) { + controlRuleResult.controlMessage = INVALID_MESSAGE; + return ERR_BUNDLE_MANAGER_BUNDLE_NOT_SET_CONTROL; + } + return ERR_OK; + } + + if (status == RunningRuleSettingStatus::BLACK_LIST || status == RunningRuleSettingStatus::NO_SET) { controlRuleResult.controlMessage = INVALID_MESSAGE; + } else { + bool isSystemApp = false; + auto dataMgr = DelayedSingleton::GetInstance()->GetDataMgr(); + if (dataMgr == nullptr) { + LOG_E(BMS_TAG_DEFAULT, "dataMgr is null"); + return ERR_BUNDLE_MANAGER_INTERNAL_ERROR; + } + auto ret = dataMgr->IsSystemApp(bundleName, isSystemApp); + if (isSystemApp) { + controlRuleResult.controlMessage = INVALID_MESSAGE; + } else { + controlRuleResult.controlMessage = APP_CONTROL_EDM_DEFAULT_MESSAGE; + return ERR_OK; + } } + return ERR_BUNDLE_MANAGER_BUNDLE_NOT_SET_CONTROL; +} + +void AppControlManager::SetAppRunningControlRuleCache( + const std::string &key, AppRunningControlRuleResult controlRuleResult) +{ + std::lock_guard lock(appRunningControlMutex_); appRunningControlRuleResult_.emplace(key, controlRuleResult); - return ret; +} + +bool AppControlManager::GetAppRunningControlRuleCache( + const std::string &key, AppRunningControlRuleResult &controlRuleResult) +{ + std::lock_guard lock(appRunningControlMutex_); + if (appRunningControlRuleResult_.find(key) != appRunningControlRuleResult_.end()) { + controlRuleResult = appRunningControlRuleResult_[key]; + return true; + } + return false; +} + +void AppControlManager::DeleteAppRunningControlRuleCache(const std::string &key) +{ + std::lock_guard lock(appRunningControlMutex_); + auto iter = appRunningControlRuleResult_.find(key); + if (iter != appRunningControlRuleResult_.end()) { + appRunningControlRuleResult_.erase(iter); + } +} + +void AppControlManager::DeleteAppRunningControlRuleCacheForUserId(int32_t userId) +{ + std::lock_guard lock(appRunningControlMutex_); + for (auto it = appRunningControlRuleResult_.begin(); it != appRunningControlRuleResult_.end();) { + std::string key = it->first; + std::string targetUserId = std::to_string(userId); + if (key.size() >= targetUserId.size() && + key.compare(key.size() - targetUserId.size(), targetUserId.size(), targetUserId) == 0) { + it = appRunningControlRuleResult_.erase(it); + } else { + ++it; + } + } } void AppControlManager::KillRunningApp(const std::vector &rules, int32_t userId) const diff --git a/services/bundlemgr/src/app_control/app_control_manager_host_impl.cpp b/services/bundlemgr/src/app_control/app_control_manager_host_impl.cpp index aca8dfaa5d..587279a1f2 100644 --- a/services/bundlemgr/src/app_control/app_control_manager_host_impl.cpp +++ b/services/bundlemgr/src/app_control/app_control_manager_host_impl.cpp @@ -231,14 +231,15 @@ ErrCode AppControlManagerHostImpl::DeleteAppRunningControlRule(int32_t userId) return result; } -ErrCode AppControlManagerHostImpl::GetAppRunningControlRule(int32_t userId, std::vector &appIds) +ErrCode AppControlManagerHostImpl::GetAppRunningControlRule( + int32_t userId, std::vector &appIds, bool &allowRunning) { std::string callingName = GetCallingName(); if (callingName.empty()) { LOG_E(BMS_TAG_DEFAULT, "callingName is invalid"); return ERR_BUNDLE_MANAGER_PERMISSION_DENIED; } - return appControlManager_->GetAppRunningControlRule(callingName, userId, appIds); + return appControlManager_->GetAppRunningControlRule(callingName, userId, appIds, allowRunning); } ErrCode AppControlManagerHostImpl::GetAppRunningControlRule( diff --git a/services/bundlemgr/src/app_control/app_control_manager_rdb.cpp b/services/bundlemgr/src/app_control/app_control_manager_rdb.cpp index e9a5f12adb..ad97dbc18e 100644 --- a/services/bundlemgr/src/app_control/app_control_manager_rdb.cpp +++ b/services/bundlemgr/src/app_control/app_control_manager_rdb.cpp @@ -36,6 +36,7 @@ namespace { constexpr int8_t CONTROL_MESSAGE_INDEX = 5; constexpr int8_t DISPOSED_STATUS_INDEX = 6; constexpr int8_t TIME_STAMP_INDEX = 8; + constexpr int8_t ALLOW_RUNNING_INDEX = 9; // app control table key constexpr const char* CALLING_NAME = "CALLING_NAME"; constexpr const char* APP_CONTROL_LIST = "APP_CONTROL_LIST"; @@ -46,6 +47,7 @@ namespace { constexpr const char* PRIORITY = "PRIORITY"; constexpr const char* TIME_STAMP = "TIME_STAMP"; constexpr const char* APP_INDEX = "APP_INDEX"; + constexpr const char* ALLOW_RUNNING = "ALLOW_RUNNING"; enum class PRIORITY : uint16_t { EDM = 100, @@ -63,7 +65,7 @@ AppControlManagerRdb::AppControlManagerRdb() + std::string(APP_CONTROL_RDB_TABLE_NAME) + "(ID INTEGER PRIMARY KEY AUTOINCREMENT, CALLING_NAME TEXT NOT NULL, " + "APP_CONTROL_LIST TEXT, USER_ID INTEGER, APP_ID TEXT, CONTROL_MESSAGE TEXT, " - + "DISPOSED_STATUS TEXT, PRIORITY INTEGER, TIME_STAMP INTEGER);"); + + "DISPOSED_STATUS TEXT, PRIORITY INTEGER, TIME_STAMP INTEGER, ALLOW_RUNNING INTEGER);"); bmsRdbConfig.insertColumnSql.push_back(std::string("ALTER TABLE " + std::string(APP_CONTROL_RDB_TABLE_NAME) + " ADD APP_INDEX INTEGER DEFAULT 0;")); rdbDataManager_ = std::make_shared(bmsRdbConfig); @@ -183,6 +185,52 @@ ErrCode AppControlManagerRdb::GetAppInstallControlRule(const std::string &callin return ERR_OK; } +ErrCode AppControlManagerRdb::GetAllUserIdsForRunningControl(std::vector &outUserIds) +{ + NativeRdb::AbsRdbPredicates absRdbPredicates(APP_CONTROL_RDB_TABLE_NAME); + absRdbPredicates.EqualTo(APP_CONTROL_LIST, RUNNING_CONTROL); + absRdbPredicates.EqualTo(CALLING_NAME, AppControlConstants::EDM_CALLING); + auto absSharedResultSet = rdbDataManager_->QueryData(absRdbPredicates); + if (!absSharedResultSet) { + LOG_E(BMS_TAG_DEFAULT, "QueryData with absRdbPredicates failed: result set is null"); + return ERR_APPEXECFWK_DB_RESULT_SET_EMPTY; + } + ScopeGuard stateGuard([&] { absSharedResultSet->Close(); }); + outUserIds.clear(); + int32_t count; + int ret = absSharedResultSet->GetRowCount(count); + if (ret != NativeRdb::E_OK) { + LOG_E(BMS_TAG_DEFAULT, "GetRowCount failed, ret: %{public}d", ret); + return ERR_APPEXECFWK_DB_RESULT_SET_OPT_ERROR; + } + if (count == 0) { + LOG_D(BMS_TAG_DEFAULT, "GetAllUserIdsForRunningControl size 0"); + return ERR_OK; + } + + std::set uniqueUserIds; + ret = absSharedResultSet->GoToFirstRow(); + if (ret != NativeRdb::E_OK) { + LOG_E(BMS_TAG_DEFAULT, "GoToFirstRow failed, ret: %{public}d", ret); + return ERR_APPEXECFWK_DB_RESULT_SET_OPT_ERROR; + } + do { + int columnIndex = -1; + int32_t userIdValue = 0; + if (absSharedResultSet->GetColumnIndex(USER_ID, columnIndex) != 0 || columnIndex == -1) { + continue; + } + if (absSharedResultSet->GetInt(columnIndex, userIdValue) != 0) { + continue; + } + if (userIdValue != -1) { + uniqueUserIds.insert(userIdValue); + } + } while (absSharedResultSet->GoToNextRow() == NativeRdb::E_OK); + outUserIds.assign(uniqueUserIds.begin(), uniqueUserIds.end()); + return ERR_OK; +} + ErrCode AppControlManagerRdb::AddAppRunningControlRule(const std::string &callingName, const std::vector &controlRules, int32_t userId) { @@ -200,6 +248,7 @@ ErrCode AppControlManagerRdb::AddAppRunningControlRule(const std::string &callin valuesBucket.PutInt(USER_ID, static_cast(userId)); valuesBucket.PutString(APP_ID, controlRule.appId); valuesBucket.PutString(CONTROL_MESSAGE, controlRule.controlMessage); + valuesBucket.PutInt(ALLOW_RUNNING, controlRule.allowRunning ? 1 : 0); valuesBucket.PutInt(PRIORITY, static_cast(PRIORITY::EDM)); valuesBucket.PutInt(TIME_STAMP, timeStamp); valuesBuckets.emplace_back(valuesBucket); @@ -250,8 +299,92 @@ ErrCode AppControlManagerRdb::DeleteAppRunningControlRule(const std::string &cal return ERR_OK; } +ErrCode AppControlManagerRdb::GetAppIdsByUserId(int32_t userId, std::vector &appIds) +{ + HITRACE_METER_NAME_EX(HITRACE_LEVEL_INFO, HITRACE_TAG_APP, __PRETTY_FUNCTION__, nullptr); + NativeRdb::AbsRdbPredicates absRdbPredicates(APP_CONTROL_RDB_TABLE_NAME); + absRdbPredicates.EqualTo(APP_CONTROL_LIST, RUNNING_CONTROL); + absRdbPredicates.EqualTo(CALLING_NAME, AppControlConstants::EDM_CALLING); + absRdbPredicates.EqualTo(USER_ID, std::to_string(userId)); + auto absSharedResultSet = rdbDataManager_->QueryData(absRdbPredicates); + if (absSharedResultSet == nullptr) { + LOG_E(BMS_TAG_DEFAULT, "QueryData failed"); + return ERR_APPEXECFWK_DB_RESULT_SET_EMPTY; + } + ScopeGuard stateGuard([&] { absSharedResultSet->Close(); }); + int32_t count; + int ret = absSharedResultSet->GetRowCount(count); + if (ret != NativeRdb::E_OK) { + LOG_E(BMS_TAG_DEFAULT, "GetRowCount failed, ret: %{public}d", ret); + return ERR_APPEXECFWK_DB_RESULT_SET_OPT_ERROR; + } + if (count == 0) { + LOG_D(BMS_TAG_DEFAULT, "GetAppIdsByUserId size 0"); + return ERR_OK; + } + ret = absSharedResultSet->GoToFirstRow(); + if (ret != NativeRdb::E_OK) { + LOG_E(BMS_TAG_DEFAULT, "GoToFirstRow failed, ret: %{public}d", ret); + return ERR_APPEXECFWK_DB_RESULT_SET_OPT_ERROR; + } + do { + std::string appId; + ret = absSharedResultSet->GetString(APP_ID_INDEX, appId); + if (ret != NativeRdb::E_OK) { + LOG_E(BMS_TAG_DEFAULT, "GetString appId failed, ret: %{public}d", ret); + return ERR_APPEXECFWK_DB_RESULT_SET_OPT_ERROR; + } + appIds.push_back(appId); + } while (absSharedResultSet->GoToNextRow() == NativeRdb::E_OK); + return ERR_OK; +} + +ErrCode AppControlManagerRdb::GetAppRunningControlRuleByUserId(int32_t userId, std::string &appId, + AppRunningControlRule &controlRuleResult) +{ + HITRACE_METER_NAME_EX(HITRACE_LEVEL_INFO, HITRACE_TAG_APP, __PRETTY_FUNCTION__, nullptr); + NativeRdb::AbsRdbPredicates absRdbPredicates(APP_CONTROL_RDB_TABLE_NAME); + absRdbPredicates.EqualTo(APP_CONTROL_LIST, RUNNING_CONTROL); + absRdbPredicates.EqualTo(CALLING_NAME, AppControlConstants::EDM_CALLING); + absRdbPredicates.EqualTo(USER_ID, std::to_string(userId)); + auto absSharedResultSet = rdbDataManager_->QueryData(absRdbPredicates); + if (absSharedResultSet == nullptr) { + LOG_E(BMS_TAG_DEFAULT, "QueryData failed"); + return ERR_APPEXECFWK_DB_RESULT_SET_EMPTY; + } + ScopeGuard stateGuard([&] { absSharedResultSet->Close(); }); + int32_t count; + int ret = absSharedResultSet->GetRowCount(count); + if (ret != NativeRdb::E_OK) { + LOG_E(BMS_TAG_DEFAULT, "GetRowCount failed, ret: %{public}d", ret); + return ERR_APPEXECFWK_DB_RESULT_SET_OPT_ERROR; + } + if (count == 0) { + LOG_D(BMS_TAG_DEFAULT, "GetAppRunningControlRuleByUserId size 0"); + return ERR_OK; + } + ret = absSharedResultSet->GoToFirstRow(); + if (ret != NativeRdb::E_OK) { + LOG_E(BMS_TAG_DEFAULT, "GoToFirstRow failed, ret: %{public}d", ret); + return ERR_APPEXECFWK_DB_RESULT_SET_OPT_ERROR; + } + int allowRunningInt = 0; + ret = absSharedResultSet->GetInt(ALLOW_RUNNING_INDEX, allowRunningInt); + if (ret != NativeRdb::E_OK) { + LOG_W(BMS_TAG_DEFAULT, "GetInt allowRunning failed, ret: %{public}d", ret); + return ERR_APPEXECFWK_DB_RESULT_SET_OPT_ERROR; + } + controlRuleResult.allowRunning = (allowRunningInt == 1); + ret = absSharedResultSet->GetString(APP_ID_INDEX, appId); + if (ret != NativeRdb::E_OK) { + LOG_W(BMS_TAG_DEFAULT, "GetString appId failed, ret: %{public}d", ret); + return ERR_APPEXECFWK_DB_RESULT_SET_OPT_ERROR; + } + return ERR_OK; +} + ErrCode AppControlManagerRdb::GetAppRunningControlRule(const std::string &callingName, - int32_t userId, std::vector &appIds) + int32_t userId, std::vector &appIds, bool &allowRunning) { HITRACE_METER_NAME_EX(HITRACE_LEVEL_INFO, HITRACE_TAG_APP, __PRETTY_FUNCTION__, nullptr); NativeRdb::AbsRdbPredicates absRdbPredicates(APP_CONTROL_RDB_TABLE_NAME); @@ -279,6 +412,13 @@ ErrCode AppControlManagerRdb::GetAppRunningControlRule(const std::string &callin LOG_E(BMS_TAG_DEFAULT, "GoToFirstRow failed, ret: %{public}d", ret); return ERR_APPEXECFWK_DB_RESULT_SET_OPT_ERROR; } + int allowRunningInt = 0; + ret = absSharedResultSet->GetInt(ALLOW_RUNNING_INDEX, allowRunningInt); + if (ret != NativeRdb::E_OK) { + LOG_W(BMS_TAG_DEFAULT, "GetInt allowRunning failed, ret: %{public}d", ret); + return ERR_APPEXECFWK_DB_RESULT_SET_OPT_ERROR; + } + allowRunning = (allowRunningInt == 1); do { std::string appId; ret = absSharedResultSet->GetString(APP_ID_INDEX, appId); -- Gitee