diff --git a/bundle.json b/bundle.json index 05ce8cc33850396732f4b142c04547e6ad4db393..ad567ec39665380ac159beb5b968c557297fc684 100644 --- a/bundle.json +++ b/bundle.json @@ -92,6 +92,9 @@ }, "build": { "group_type":{ + "base_group":[ + "//base/customization/enterprise_device_management/tools/edm:tools_edm" + ], "fwk_group":[ "//base/customization/enterprise_device_management/interfaces/kits/account_manager:accountmanager", "//base/customization/enterprise_device_management/interfaces/kits/application_manager:applicationmanager", diff --git a/common/native/include/edm_errors.h b/common/native/include/edm_errors.h index d2850cd92dde8cd12a6234390cdc71edd2b63559..3402ebf252075a5e3cfbfd0bc20f5a087c65ae52 100644 --- a/common/native/include/edm_errors.h +++ b/common/native/include/edm_errors.h @@ -28,6 +28,7 @@ enum { EDM_MODULE_POLICYMGR = 0x03, EDM_MODULE_PLUGINMGR = 0x04, EDM_MODULE_EXTERNAL = 0x05, + EDM_MODULE_TOOLS = 0x06, // Reserved 0x04 ~ 0x0f for new modules, Event related modules start from 0x10 }; @@ -118,6 +119,21 @@ enum { ERR_APPLICATION_SERVICE_ABNORMALLY = EDM_EXTERNAL_ERR_OFFSET + 2, }; +// Error code for EDM_TOOLS_COMMAND: 0x2060000,value:33882112 +constexpr ErrCode EDM_TOOLS_ERR_OFFSET = ErrCodeOffset(SUBSYS_CUSTOMIZATION, EDM_MODULE_TOOLS); +enum { + ERR_EDM_TOOLS_COMMAND_HELP = EDM_TOOLS_ERR_OFFSET + 1, + ERR_EDM_TOOLS_COMMAND_NO_OPTION, + ERR_EDM_TOOLS_COMMAND_N_OPTION_REQUIRES_AN_ARGUMENT, + ERR_EDM_TOOLS_COMMAND_A_OPTION_REQUIRES_AN_ARGUMENT, + ERR_EDM_TOOLS_COMMAND_T_OPTION_REQUIRES_AN_ARGUMENT, + ERR_EDM_TOOLS_COMMAND_UNKNOWN_OPTION, + ERR_EDM_TOOLS_COMMAND_NO_BUNDLE_NAME_OPTION, + ERR_EDM_TOOLS_COMMAND_NO_ABILITY_NAME_OPTION, + ERR_EDM_TOOLS_COMMAND_NO_ADMIN_TYPE_OPTION, + ERR_EDM_TOOLS_COMMAND_INVALIT_ADMIN_TYPE_ARGUMENT, +}; + #define RETURN_IF_FAILED(errcode) if (FAILED(errcode)) { return errcode; } } // namespace EDM } // namespace OHOS diff --git a/interfaces/inner_api/common/include/enterprise_device_mgr_proxy.h b/interfaces/inner_api/common/include/enterprise_device_mgr_proxy.h index c1c33fe0e50b05354f316fed60d46c03316ac2ba..b1f8a8bf415ca038d6de6f3ddec987f4ba974f85 100644 --- a/interfaces/inner_api/common/include/enterprise_device_mgr_proxy.h +++ b/interfaces/inner_api/common/include/enterprise_device_mgr_proxy.h @@ -39,9 +39,10 @@ public: static std::shared_ptr GetInstance(); static void DestroyInstance(); - ErrCode EnableAdmin(AppExecFwk::ElementName &admin, EntInfo &entInfo, AdminType type, int32_t userId); - ErrCode DisableAdmin(AppExecFwk::ElementName &admin, int32_t userId); - ErrCode DisableSuperAdmin(const std::string &bundleName); + ErrCode EnableAdmin(AppExecFwk::ElementName &admin, EntInfo &entInfo, AdminType type, int32_t userId, + bool isDebug = false); + ErrCode DisableAdmin(AppExecFwk::ElementName &admin, int32_t userId, bool isDebug = false); + ErrCode DisableSuperAdmin(const std::string &bundleName, bool isDebug = false); ErrCode GetEnabledAdmin(AdminType type, std::vector &enabledAdminList); ErrCode GetEnterpriseInfo(AppExecFwk::ElementName &admin, EntInfo &entInfo); ErrCode SetEnterpriseInfo(AppExecFwk::ElementName &admin, EntInfo &entInfo); diff --git a/interfaces/inner_api/common/include/ienterprise_device_mgr.h b/interfaces/inner_api/common/include/ienterprise_device_mgr.h index c7dd82b899f18ed9ee7074c8f8c07f045fc4e276..810959f540356bf4851e607563a98b1002a8f0fa 100644 --- a/interfaces/inner_api/common/include/ienterprise_device_mgr.h +++ b/interfaces/inner_api/common/include/ienterprise_device_mgr.h @@ -32,9 +32,10 @@ namespace EDM { class IEnterpriseDeviceMgr : public IRemoteBroker { public: DECLARE_INTERFACE_DESCRIPTOR(u"ohos.edm.IEnterpriseDeviceMgr"); - virtual ErrCode EnableAdmin(AppExecFwk::ElementName &admin, EntInfo &entInfo, AdminType type, int32_t userId) = 0; - virtual ErrCode DisableAdmin(AppExecFwk::ElementName &admin, int32_t userId) = 0; - virtual ErrCode DisableSuperAdmin(const std::string &bundleName) = 0; + virtual ErrCode EnableAdmin(AppExecFwk::ElementName &admin, EntInfo &entInfo, AdminType type, int32_t userId, + bool isDebug = false) = 0; + virtual ErrCode DisableAdmin(AppExecFwk::ElementName &admin, int32_t userId, bool isDebug = false) = 0; + virtual ErrCode DisableSuperAdmin(const std::string &bundleName, bool isDebug = false) = 0; virtual ErrCode HandleDevicePolicy(uint32_t code, AppExecFwk::ElementName &admin, MessageParcel &data, MessageParcel &reply, int32_t userId) = 0; virtual ErrCode GetDevicePolicy(uint32_t code, MessageParcel &data, MessageParcel &reply, int32_t userId) = 0; diff --git a/interfaces/inner_api/common/src/enterprise_device_mgr_proxy.cpp b/interfaces/inner_api/common/src/enterprise_device_mgr_proxy.cpp index ddba79962c95cb39283c3682bdf2fc33d714e30b..2f236c6aa23ab6b6118223a876067a049588e5b7 100644 --- a/interfaces/inner_api/common/src/enterprise_device_mgr_proxy.cpp +++ b/interfaces/inner_api/common/src/enterprise_device_mgr_proxy.cpp @@ -63,7 +63,7 @@ bool EnterpriseDeviceMgrProxy::IsEdmEnabled() } ErrCode EnterpriseDeviceMgrProxy::EnableAdmin(AppExecFwk::ElementName &admin, EntInfo &entInfo, AdminType type, - int32_t userId) + int32_t userId, bool isDebug) { EDMLOGD("EnterpriseDeviceMgrProxy::EnableAdmin"); sptr remote = LoadAndGetEdmService(); @@ -78,6 +78,7 @@ ErrCode EnterpriseDeviceMgrProxy::EnableAdmin(AppExecFwk::ElementName &admin, En entInfo.Marshalling(data); data.WriteInt32(static_cast(type)); data.WriteInt32(userId); + data.WriteBool(isDebug); ErrCode res = remote->SendRequest(EdmInterfaceCode::ADD_DEVICE_ADMIN, data, reply, option); if (FAILED(res)) { EDMLOGE("EnterpriseDeviceMgrProxy:EnableAdmin send request fail. %{public}d", res); @@ -91,7 +92,7 @@ ErrCode EnterpriseDeviceMgrProxy::EnableAdmin(AppExecFwk::ElementName &admin, En return ERR_OK; } -ErrCode EnterpriseDeviceMgrProxy::DisableAdmin(AppExecFwk::ElementName &admin, int32_t userId) +ErrCode EnterpriseDeviceMgrProxy::DisableAdmin(AppExecFwk::ElementName &admin, int32_t userId, bool isDebug) { EDMLOGD("EnterpriseDeviceMgrProxy::DisableAdmin"); if (!IsEdmEnabled()) { @@ -107,6 +108,7 @@ ErrCode EnterpriseDeviceMgrProxy::DisableAdmin(AppExecFwk::ElementName &admin, i data.WriteInterfaceToken(DESCRIPTOR); data.WriteParcelable(&admin); data.WriteInt32(userId); + data.WriteBool(isDebug); ErrCode res = remote->SendRequest(EdmInterfaceCode::REMOVE_DEVICE_ADMIN, data, reply, option); if (FAILED(res)) { EDMLOGE("EnterpriseDeviceMgrProxy:DisableAdmin send request fail. %{public}d", res); @@ -120,7 +122,7 @@ ErrCode EnterpriseDeviceMgrProxy::DisableAdmin(AppExecFwk::ElementName &admin, i return ERR_OK; } -ErrCode EnterpriseDeviceMgrProxy::DisableSuperAdmin(const std::string &bundleName) +ErrCode EnterpriseDeviceMgrProxy::DisableSuperAdmin(const std::string &bundleName, bool isDebug) { EDMLOGD("EnterpriseDeviceMgrProxy::DisableSuperAdmin"); if (!IsEdmEnabled()) { @@ -135,6 +137,7 @@ ErrCode EnterpriseDeviceMgrProxy::DisableSuperAdmin(const std::string &bundleNam MessageOption option; data.WriteInterfaceToken(DESCRIPTOR); data.WriteString(bundleName); + data.WriteBool(isDebug); ErrCode res = remote->SendRequest(EdmInterfaceCode::REMOVE_SUPER_ADMIN, data, reply, option); if (FAILED(res)) { EDMLOGE("EnterpriseDeviceMgrProxy:DisableSuperAdmin send request fail. %{public}d", res); diff --git a/services/edm/include/admin.h b/services/edm/include/admin.h index 52e8cdc375cb98a4ccfadadd4944a4a3ce41b96c..32c0b5b6f2b699d1f1f96969f92d7c61bd4bae71 100644 --- a/services/edm/include/admin.h +++ b/services/edm/include/admin.h @@ -36,10 +36,14 @@ struct AdminInfo { std::vector permission_; std::vector managedEvents_; std::string parentAdminName_; + bool isDebug_; }; class Admin { public: + Admin() = default; + Admin(const AppExecFwk::ExtensionAbilityInfo &abilityInfo, AdminType type, const EntInfo &entInfo, + const std::vector &permissions, bool isDebug); virtual bool CheckPermission(const std::string &permission); virtual AdminType GetAdminType(); virtual std::string GetParentAdminName() const; diff --git a/services/edm/include/admin_manager.h b/services/edm/include/admin_manager.h index 6eed9ad283842b7c6c02e1f1575bae5778da000e..43c1f5457598de1a6314286e5827ed86ec3d2aab 100644 --- a/services/edm/include/admin_manager.h +++ b/services/edm/include/admin_manager.h @@ -48,8 +48,7 @@ public: void GetEnabledAdmin(AdminType role, std::vector &packageNameList, int32_t userId); std::shared_ptr GetSuperAdmin(); void Init(); - ErrCode SetAdminValue(AppExecFwk::ExtensionAbilityInfo &abilityInfo, EntInfo &entInfo, AdminType role, - std::vector &permissions, int32_t userId); + ErrCode SetAdminValue(int32_t userId, Admin &adminItem); ErrCode GetEntInfo(const std::string &packageName, EntInfo &entInfo, int32_t userId); ErrCode SetEntInfo(const std::string &packageName, EntInfo &entInfo, int32_t userId); ErrCode SaveSubscribeEvents(const std::vector &events, const std::string &bundleName, int32_t userId); diff --git a/services/edm/include/admin_policies_storage_rdb.h b/services/edm/include/admin_policies_storage_rdb.h index fd607f29848ed390a204cb255aa4c0499390dfcc..8ab7a1729828d5ab9d6fa929b0dd910fa306a52a 100644 --- a/services/edm/include/admin_policies_storage_rdb.h +++ b/services/edm/include/admin_policies_storage_rdb.h @@ -28,10 +28,8 @@ class AdminPoliciesStorageRdb { public: AdminPoliciesStorageRdb(); static std::shared_ptr GetInstance(); - bool InsertAdmin(int32_t userId, const AppExecFwk::ExtensionAbilityInfo &abilityInfo, const EntInfo &entInfo, - AdminType role, const std::vector &permissions); - bool UpdateAdmin(int32_t userId, const AppExecFwk::ExtensionAbilityInfo &abilityInfo, const EntInfo &entInfo, - AdminType role, const std::vector &permissions); + bool InsertAdmin(int32_t userId, const Admin &admin); + bool UpdateAdmin(int32_t userId, const Admin &admin); bool DeleteAdmin(int32_t userId, const std::string &packageName); bool UpdateAdmin(int32_t userId, const std::string &packageName, const std::string &className, const std::vector &permissions); @@ -45,8 +43,7 @@ public: const std::string &parentName); private: - NativeRdb::ValuesBucket CreateValuesBucket(int32_t userId, const AppExecFwk::ExtensionAbilityInfo &abilityInfo, - const EntInfo &entInfo, AdminType role, const std::vector &permissions); + NativeRdb::ValuesBucket CreateValuesBucket(int32_t userId, const Admin &admin); void SetAdminItems(std::shared_ptr resultSet, std::shared_ptr item); void ConvertStrToJson(const std::string &str, Json::Value &json); static std::shared_ptr instance_; diff --git a/services/edm/include/database/edm_rdb_filed_const.h b/services/edm/include/database/edm_rdb_filed_const.h index ff9d9e664be0890bc679b2e5d8925036f15ae7d6..5ca377439ddae8ed3da9aa3dd87519d89607c846 100644 --- a/services/edm/include/database/edm_rdb_filed_const.h +++ b/services/edm/include/database/edm_rdb_filed_const.h @@ -31,6 +31,7 @@ const std::string FILED_ENT_DESC = "ent_desc"; const std::string FILED_PERMISSIONS = "permissions"; const std::string FILED_SUBSCRIBE_EVENTS = "subscribe_events"; const std::string FILED_PARENT_ADMIN = "parent_admin"; +const std::string FILED_IS_DEBUG = "is_debug"; const std::string FILED_ADMIN_NAME = "admin_name"; const std::string FILED_POLICY_NAME = "policy_name"; @@ -46,13 +47,14 @@ constexpr int32_t FILED_COLUMN_INDEX_SIX = 6; constexpr int32_t FILED_COLUMN_INDEX_SEVEN = 7; constexpr int32_t FILED_COLUMN_INDEX_EIGHT = 8; constexpr int32_t FILED_COLUMN_INDEX_NINE = 9; +constexpr int32_t FILED_COLUMN_INDEX_TEN = 10; const std::string EDM_SERVICE_DATABASE_PATH = "/data/service/el1/public/edm"; const std::string EDM_RDB_NAME = "/edmdb.db"; const std::string ADMIN_POLICIES_RDB_TABLE_NAME = "admin_policies"; const std::string DEVICE_ADMIN_POLICIES_RDB_TABLE_NAME = "device_admin_policies"; const std::string DEVICE_COMBINED_POLICIES_RDB_TABLE_NAME = "device_combined_policies"; -constexpr int32_t EDM_RDB_VERSION = 1; +constexpr int32_t EDM_RDB_VERSION = 2; } // namespace EdmRdbFiledConst } // namespace EDM } // namespace OHOS diff --git a/services/edm/include/enterprise_device_mgr_ability.h b/services/edm/include/enterprise_device_mgr_ability.h index 9ea3a57d7e0db61b74b02292c7ff29bb62e73e7d..0255942e187b521d00bdef095ebc719bd875727e 100644 --- a/services/edm/include/enterprise_device_mgr_ability.h +++ b/services/edm/include/enterprise_device_mgr_ability.h @@ -45,9 +45,10 @@ public: ~EnterpriseDeviceMgrAbility() override; static sptr GetInstance(); - ErrCode EnableAdmin(AppExecFwk::ElementName &admin, EntInfo &entInfo, AdminType type, int32_t userId) override; - ErrCode DisableAdmin(AppExecFwk::ElementName &admin, int32_t userId) override; - ErrCode DisableSuperAdmin(const std::string &bundleName) override; + ErrCode EnableAdmin(AppExecFwk::ElementName &admin, EntInfo &entInfo, AdminType type, int32_t userId, + bool isDebug = false) override; + ErrCode DisableAdmin(AppExecFwk::ElementName &admin, int32_t userId, bool isDebug = false) override; + ErrCode DisableSuperAdmin(const std::string &bundleName, bool isDebug = false) override; ErrCode HandleDevicePolicy(uint32_t code, AppExecFwk::ElementName &admin, MessageParcel &data, MessageParcel &reply, int32_t userId) override; ErrCode GetDevicePolicy(uint32_t code, MessageParcel &data, MessageParcel &reply, int32_t userId) override; @@ -72,6 +73,7 @@ protected: virtual std::shared_ptr GetExternalManagerFactory(); private: + bool IsHdc(); void AddCommonEventFuncMap(); void AddOnAddSystemAbilityFuncMap(); bool SubscribeAppState(); @@ -91,7 +93,7 @@ private: int32_t GetCurrentUserId(); ErrCode HandleApplicationEvent(const std::vector &events, bool subscribe); ErrCode UpdateDeviceAdmin(AppExecFwk::ElementName &admin); - ErrCode VerifyEnableAdminCondition(AppExecFwk::ElementName &admin, AdminType type, int32_t userId); + ErrCode VerifyEnableAdminCondition(AppExecFwk::ElementName &admin, AdminType type, int32_t userId, bool isDebug); ErrCode VerifyManagedEvent(const AppExecFwk::ElementName &admin, const std::vector &events); ErrCode UpdateDevicePolicy(uint32_t code, AppExecFwk::ElementName &admin, MessageParcel &data, MessageParcel &reply, int32_t userId); diff --git a/services/edm/src/admin.cpp b/services/edm/src/admin.cpp index b69130d7bb6d902414f8c2365977c22cfe1f1ccf..25752c8e59c6fe7ae9d29b4953251aba1f778525 100644 --- a/services/edm/src/admin.cpp +++ b/services/edm/src/admin.cpp @@ -21,6 +21,16 @@ namespace OHOS { namespace EDM { +Admin::Admin(const AppExecFwk::ExtensionAbilityInfo &abilityInfo, AdminType type, const EntInfo &entInfo, + const std::vector &permissions, bool isDebug) +{ + adminInfo_.adminType_ = type; + adminInfo_.entInfo_ = entInfo; + adminInfo_.permission_ = permissions; + adminInfo_.packageName_ = abilityInfo.bundleName; + adminInfo_.className_ = abilityInfo.name; + adminInfo_.isDebug_ = isDebug; +} bool Admin::CheckPermission(const std::string &permission) { EDMLOGD("Admin::CheckPermission"); diff --git a/services/edm/src/admin_manager.cpp b/services/edm/src/admin_manager.cpp index 4433b775e1657d766485ac55fa812a561ba95bf9..9f7f4451c6c485a7ac2f19b49ee556f128e94d36 100644 --- a/services/edm/src/admin_manager.cpp +++ b/services/edm/src/admin_manager.cpp @@ -90,8 +90,7 @@ void AdminManager::GetAdminBySubscribeEvent(ManagedEvent event, } } -ErrCode AdminManager::SetAdminValue(AppExecFwk::ExtensionAbilityInfo &abilityInfo, EntInfo &entInfo, AdminType role, - std::vector &permissions, int32_t userId) +ErrCode AdminManager::SetAdminValue(int32_t userId, Admin &adminItem) { auto adminPoliciesStorageRdb = AdminPoliciesStorageRdb::GetInstance(); if (adminPoliciesStorageRdb == nullptr) { @@ -100,44 +99,37 @@ ErrCode AdminManager::SetAdminValue(AppExecFwk::ExtensionAbilityInfo &abilityInf } std::vector reqPermission; std::vector permissionNames; - std::vector> admin; - PermissionManager::GetInstance()->GetReqPermission(permissions, reqPermission); + PermissionManager::GetInstance()->GetReqPermission(adminItem.adminInfo_.permission_, reqPermission); if (reqPermission.empty()) { EDMLOGW("SetAdminValue::the application is requesting useless permissions"); } for (const auto &it : reqPermission) { - if (role == AdminType::NORMAL && it.adminType == AdminType::ENT) { + if (adminItem.adminInfo_.adminType_ == AdminType::NORMAL && it.adminType == AdminType::ENT) { return ERR_EDM_DENY_PERMISSION; } permissionNames.push_back(it.permissionName); } - - std::shared_ptr adminItem = GetAdminByPkgName(abilityInfo.bundleName, userId); - if (!adminItem && !adminPoliciesStorageRdb->InsertAdmin(userId, abilityInfo, entInfo, role, permissions)) { - EDMLOGE("AdminManager::SetAdminValue failed."); - return ERR_EDM_ADD_ADMIN_FAILED; - } else if (adminItem && !adminPoliciesStorageRdb->UpdateAdmin(userId, abilityInfo, entInfo, role, permissions)) { - EDMLOGE("AdminManager::SetAdminValue failed."); - return ERR_EDM_ADD_ADMIN_FAILED; - } - bool ret = GetAdminByUserId(userId, admin); - if (role == AdminType::NORMAL) { - admin.emplace_back(std::make_shared()); - } else { - admin.emplace_back(std::make_shared()); + std::shared_ptr getAdmin = GetAdminByPkgName(adminItem.adminInfo_.packageName_, userId); + if (getAdmin != nullptr) { + if (!adminPoliciesStorageRdb->UpdateAdmin(userId, adminItem)) { + EDMLOGE("AdminManager::SetAdminValue update failed."); + return ERR_EDM_ADD_ADMIN_FAILED; + } + getAdmin->adminInfo_.adminType_ = adminItem.adminInfo_.adminType_; + getAdmin->adminInfo_.entInfo_ = adminItem.adminInfo_.entInfo_; + getAdmin->adminInfo_.permission_ = permissionNames; + return ERR_OK; } - if (!ret) { - admins_.insert(std::pair>>(userId, admin)); - adminItem = admin.back(); - } else if (ret && !adminItem) { - admins_[userId] = admin; - adminItem = admin.back(); + if (!adminPoliciesStorageRdb->InsertAdmin(userId, adminItem)) { + EDMLOGE("AdminManager::SetAdminValue insert failed."); + return ERR_EDM_ADD_ADMIN_FAILED; } - adminItem->adminInfo_.adminType_ = role; - adminItem->adminInfo_.entInfo_ = entInfo; - adminItem->adminInfo_.permission_ = permissionNames; - adminItem->adminInfo_.packageName_ = abilityInfo.bundleName; - adminItem->adminInfo_.className_ = abilityInfo.name; + std::vector> admins; + GetAdminByUserId(userId, admins); + adminItem.adminInfo_.permission_ = permissionNames; + std::shared_ptr admin = std::make_shared(adminItem); + admins.emplace_back(admin); + admins_[userId] = admins; return ERR_OK; } diff --git a/services/edm/src/admin_policies_storage_rdb.cpp b/services/edm/src/admin_policies_storage_rdb.cpp index ec0a2c8a5e2f7f755cde1872c1ab4d4dbdde50cd..4b1bf1d66cf48601f3fa75860149aa2d216d0d0f 100644 --- a/services/edm/src/admin_policies_storage_rdb.cpp +++ b/services/edm/src/admin_policies_storage_rdb.cpp @@ -38,7 +38,8 @@ AdminPoliciesStorageRdb::AdminPoliciesStorageRdb() .append(EdmRdbFiledConst::FILED_ENT_DESC + " TEXT,") .append(EdmRdbFiledConst::FILED_PERMISSIONS + " TEXT,") .append(EdmRdbFiledConst::FILED_SUBSCRIBE_EVENTS + " TEXT,") - .append(EdmRdbFiledConst::FILED_PARENT_ADMIN + " TEXT);"); + .append(EdmRdbFiledConst::FILED_PARENT_ADMIN + " TEXT,") + .append(EdmRdbFiledConst::FILED_IS_DEBUG + " TEXT);"); auto edmRdbDataManager = EdmRdbDataManager::GetInstance(); if (edmRdbDataManager != nullptr) { edmRdbDataManager->CreateTable(createTableSql); @@ -58,8 +59,7 @@ std::shared_ptr AdminPoliciesStorageRdb::GetInstance() return instance_; } -bool AdminPoliciesStorageRdb::InsertAdmin(int32_t userId, const AppExecFwk::ExtensionAbilityInfo &abilityInfo, - const EntInfo &entInfo, AdminType role, const std::vector &permissions) +bool AdminPoliciesStorageRdb::InsertAdmin(int32_t userId, const Admin &admin) { EDMLOGD("AdminPoliciesStorageRdb::Insert data start."); auto edmRdbDataManager = EdmRdbDataManager::GetInstance(); @@ -67,14 +67,13 @@ bool AdminPoliciesStorageRdb::InsertAdmin(int32_t userId, const AppExecFwk::Exte EDMLOGE("AdminPoliciesStorageRdb::InsertAdmin get edmRdbDataManager failed."); return false; } - // insert into admin_policies(user_id, admin_type, package_name, class_name, ent_name, ent_desc, permissions) - // values(?, ?, ?, ?, ?, ?, ?) + // insert into admin_policies(user_id, admin_type, package_name, class_name, ent_name, ent_desc, permissions, + // is_debug) values(?, ?, ?, ?, ?, ?, ?) return edmRdbDataManager->Insert(EdmRdbFiledConst::ADMIN_POLICIES_RDB_TABLE_NAME, - CreateValuesBucket(userId, abilityInfo, entInfo, role, permissions)); + CreateValuesBucket(userId, admin)); } -bool AdminPoliciesStorageRdb::UpdateAdmin(int32_t userId, const AppExecFwk::ExtensionAbilityInfo &abilityInfo, - const EntInfo &entInfo, AdminType role, const std::vector &permissions) +bool AdminPoliciesStorageRdb::UpdateAdmin(int32_t userId, const Admin &admin) { EDMLOGD("AdminPoliciesStorageRdb::Insert data start."); auto edmRdbDataManager = EdmRdbDataManager::GetInstance(); @@ -86,31 +85,30 @@ bool AdminPoliciesStorageRdb::UpdateAdmin(int32_t userId, const AppExecFwk::Exte // permissions=? where user_id=? and package_name=? NativeRdb::AbsRdbPredicates predicates(EdmRdbFiledConst::ADMIN_POLICIES_RDB_TABLE_NAME); predicates.EqualTo(EdmRdbFiledConst::FILED_USER_ID, std::to_string(userId)); - predicates.EqualTo(EdmRdbFiledConst::FILED_PACKAGE_NAME, abilityInfo.bundleName); - return edmRdbDataManager->Update(CreateValuesBucket(userId, abilityInfo, entInfo, role, permissions), predicates); + predicates.EqualTo(EdmRdbFiledConst::FILED_PACKAGE_NAME, admin.adminInfo_.packageName_); + return edmRdbDataManager->Update(CreateValuesBucket(userId, admin), predicates); } -NativeRdb::ValuesBucket AdminPoliciesStorageRdb::CreateValuesBucket(int32_t userId, - const AppExecFwk::ExtensionAbilityInfo &abilityInfo, const EntInfo &entInfo, AdminType role, - const std::vector &permissions) +NativeRdb::ValuesBucket AdminPoliciesStorageRdb::CreateValuesBucket(int32_t userId, const Admin &admin) { NativeRdb::ValuesBucket valuesBucket; valuesBucket.PutInt(EdmRdbFiledConst::FILED_USER_ID, userId); - valuesBucket.PutInt(EdmRdbFiledConst::FILED_ADMIN_TYPE, static_cast(role)); - valuesBucket.PutString(EdmRdbFiledConst::FILED_PACKAGE_NAME, abilityInfo.bundleName); - valuesBucket.PutString(EdmRdbFiledConst::FILED_CLASS_NAME, abilityInfo.name); - valuesBucket.PutString(EdmRdbFiledConst::FILED_ENT_NAME, entInfo.enterpriseName); - valuesBucket.PutString(EdmRdbFiledConst::FILED_ENT_DESC, entInfo.description); + valuesBucket.PutInt(EdmRdbFiledConst::FILED_ADMIN_TYPE, static_cast(admin.adminInfo_.adminType_)); + valuesBucket.PutString(EdmRdbFiledConst::FILED_PACKAGE_NAME, admin.adminInfo_.packageName_); + valuesBucket.PutString(EdmRdbFiledConst::FILED_CLASS_NAME, admin.adminInfo_.className_); + valuesBucket.PutString(EdmRdbFiledConst::FILED_ENT_NAME, admin.adminInfo_.entInfo_.enterpriseName); + valuesBucket.PutString(EdmRdbFiledConst::FILED_ENT_DESC, admin.adminInfo_.entInfo_.description); - if (!permissions.empty()) { + if (!admin.adminInfo_.permission_.empty()) { Json::StreamWriterBuilder builder; builder.settings_["indentation"] = ""; Json::Value permissionJson; - for (const auto &it : permissions) { + for (const auto &it : admin.adminInfo_.permission_) { permissionJson.append(it); } valuesBucket.PutString(EdmRdbFiledConst::FILED_PERMISSIONS, Json::writeString(builder, permissionJson)); } + valuesBucket.PutBool(EdmRdbFiledConst::FILED_IS_DEBUG, admin.adminInfo_.isDebug_); return valuesBucket; } @@ -267,6 +265,9 @@ void AdminPoliciesStorageRdb::SetAdminItems(std::shared_ptrGetString(EdmRdbFiledConst::FILED_COLUMN_INDEX_NINE, item->adminInfo_.parentAdminName_); + int isDebug = 0; + resultSet->GetInt(EdmRdbFiledConst::FILED_COLUMN_INDEX_TEN, isDebug); + item->adminInfo_.isDebug_ = isDebug != 0; } void AdminPoliciesStorageRdb::ConvertStrToJson(const std::string &str, Json::Value &json) diff --git a/services/edm/src/database/edm_rdb_open_callback.cpp b/services/edm/src/database/edm_rdb_open_callback.cpp index cc7b0ad5675f7dc1f45f699cec1e9f88513a80af..629d31b8d0fe841e608063c40c5a5aa60d29583c 100644 --- a/services/edm/src/database/edm_rdb_open_callback.cpp +++ b/services/edm/src/database/edm_rdb_open_callback.cpp @@ -14,10 +14,13 @@ */ #include "edm_rdb_open_callback.h" + +#include "edm_rdb_filed_const.h" #include "edm_log.h" namespace OHOS { namespace EDM { +constexpr int32_t EDM_RDB_VERSION_TWO = 2; int32_t EdmRdbOpenCallback::OnCreate(NativeRdb::RdbStore &rdbStore) { EDMLOGD("EdmRdbOpenCallback OnCreate : database create."); @@ -26,7 +29,12 @@ int32_t EdmRdbOpenCallback::OnCreate(NativeRdb::RdbStore &rdbStore) int32_t EdmRdbOpenCallback::OnUpgrade(NativeRdb::RdbStore &rdbStore, int currentVersion, int targetVersion) { - EDMLOGD("EdmRdbOpenCallback OnUpgrade : database upgrade."); + EDMLOGD("EdmRdbOpenCallback OnUpgrade : database upgrade. currentVersion = %{public}d, newVersion = %{public}d", + currentVersion, targetVersion); + if (currentVersion < EDM_RDB_VERSION_TWO && targetVersion >= EDM_RDB_VERSION_TWO) { + rdbStore.ExecuteSql("ALTER TABLE " + EdmRdbFiledConst::ADMIN_POLICIES_RDB_TABLE_NAME + " ADD COLUMN " + + EdmRdbFiledConst::FILED_IS_DEBUG + " INTEGER DEFAULT 0;"); + } return NativeRdb::E_OK; } } // namespace EDM diff --git a/services/edm/src/enterprise_device_mgr_ability.cpp b/services/edm/src/enterprise_device_mgr_ability.cpp index 4cf345a23f1468ef252b78e782b98b332b174147..06af78f43086e11aebcead9a324ca6e38fc6c41f 100644 --- a/services/edm/src/enterprise_device_mgr_ability.cpp +++ b/services/edm/src/enterprise_device_mgr_ability.cpp @@ -57,6 +57,7 @@ const std::string SYSTEM_UPDATE_FOR_POLICY = "usual.event.DUE_SA_FIRMWARE_UPDATE const std::string FIRMWARE_EVENT_INFO_NAME = "version"; const std::string FIRMWARE_EVENT_INFO_TYPE = "packageType"; const std::string FIRMWARE_EVENT_INFO_CHECK_TIME = "firstReceivedTime"; +const std::string DEVELOP_MODE_STATE = "const.security.developermode.state"; const std::vector codeList = { EdmInterfaceCode::RESET_FACTORY, @@ -485,6 +486,19 @@ bool EnterpriseDeviceMgrAbility::UnsubscribeAppState() return true; } +bool EnterpriseDeviceMgrAbility::IsHdc() +{ + Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID(); + Security::AccessToken::ATokenTypeEnum tokenType = + Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken); + if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL && + system::GetBoolParameter(DEVELOP_MODE_STATE, false)) { + EDMLOGI("caller tokenType is shell and check developer mode success."); + return true; + } + return false; +} + bool EnterpriseDeviceMgrAbility::VerifyCallingPermission(const std::string &permissionName) { EDMLOGD("VerifyCallingPermission permission %{public}s", permissionName.c_str()); @@ -499,7 +513,7 @@ bool EnterpriseDeviceMgrAbility::VerifyCallingPermission(const std::string &perm } ErrCode EnterpriseDeviceMgrAbility::VerifyEnableAdminCondition(AppExecFwk::ElementName &admin, AdminType type, - int32_t userId) + int32_t userId, bool isDebug) { if (type == AdminType::UNKNOWN) { EDMLOGW("EnableAdmin: admin type is invalid."); @@ -525,13 +539,17 @@ ErrCode EnterpriseDeviceMgrAbility::VerifyEnableAdminCondition(AppExecFwk::Eleme EDMLOGW("EnableAdmin: an exist super admin can't be enabled twice with different role or user id."); return ERR_EDM_ADD_ADMIN_FAILED; } + if (isDebug != existAdmin->adminInfo_.isDebug_) { + EDMLOGW("EnableAdmin: debug parameter can not be changed."); + return ERR_EDM_ADD_ADMIN_FAILED; + } /* An application can't be enabled twice with different ability name */ if (existAdmin->adminInfo_.className_ != admin.GetAbilityName()) { EDMLOGW("EnableAdmin: There is another admin ability enabled with the same package name."); return ERR_EDM_ADD_ADMIN_FAILED; } } - if (type == AdminType::ENT && adminMgr_->IsSuperAdminExist()) { + if (!isDebug && type == AdminType::ENT && adminMgr_->IsSuperAdminExist()) { if (existAdmin == nullptr || existAdmin->adminInfo_.adminType_ != AdminType::ENT) { EDMLOGW("EnableAdmin: There is another super admin enabled."); return ERR_EDM_ADD_ADMIN_FAILED; @@ -541,11 +559,11 @@ ErrCode EnterpriseDeviceMgrAbility::VerifyEnableAdminCondition(AppExecFwk::Eleme } ErrCode EnterpriseDeviceMgrAbility::EnableAdmin(AppExecFwk::ElementName &admin, EntInfo &entInfo, AdminType type, - int32_t userId) + int32_t userId, bool isDebug) { EDMLOGD("EnterpriseDeviceMgrAbility::EnableAdmin user id = %{public}d", userId); std::lock_guard autoLock(mutexLock_); - if (!VerifyCallingPermission(PERMISSION_MANAGE_ENTERPRISE_DEVICE_ADMIN)) { + if (!IsHdc() && !VerifyCallingPermission(PERMISSION_MANAGE_ENTERPRISE_DEVICE_ADMIN)) { EDMLOGW("EnterpriseDeviceMgrAbility::EnableAdmin check permission failed"); return EdmReturnErrCode::PERMISSION_DENIED; } @@ -558,7 +576,7 @@ ErrCode EnterpriseDeviceMgrAbility::EnableAdmin(AppExecFwk::ElementName &admin, EDMLOGW("EnableAdmin: QueryExtensionAbilityInfos failed"); return EdmReturnErrCode::COMPONENT_INVALID; } - if (FAILED(VerifyEnableAdminCondition(admin, type, userId))) { + if (FAILED(VerifyEnableAdminCondition(admin, type, userId, isDebug))) { EDMLOGW("EnableAdmin: VerifyEnableAdminCondition failed."); return EdmReturnErrCode::ENABLE_ADMIN_FAILED; } @@ -575,7 +593,8 @@ ErrCode EnterpriseDeviceMgrAbility::EnableAdmin(AppExecFwk::ElementName &admin, // permission verify, should throw exception if failed return EdmReturnErrCode::ENABLE_ADMIN_FAILED; } - if (FAILED(adminMgr_->SetAdminValue(abilityInfo.at(0), entInfo, type, permissionList, userId))) { + Admin edmAdmin(abilityInfo.at(0), type, entInfo, permissionList, isDebug); + if (FAILED(adminMgr_->SetAdminValue(userId, edmAdmin))) { EDMLOGE("EnableAdmin: SetAdminValue failed."); return EdmReturnErrCode::ENABLE_ADMIN_FAILED; } @@ -718,11 +737,11 @@ bool EnterpriseDeviceMgrAbility::ShouldUnsubscribeAppState(const std::string &ad [](ManagedEvent event) { return event == ManagedEvent::APP_START || event == ManagedEvent::APP_STOP; }); } -ErrCode EnterpriseDeviceMgrAbility::DisableAdmin(AppExecFwk::ElementName &admin, int32_t userId) +ErrCode EnterpriseDeviceMgrAbility::DisableAdmin(AppExecFwk::ElementName &admin, int32_t userId, bool isDebug) { EDMLOGI("EnterpriseDeviceMgrAbility::DisableAdmin user id = %{public}d", userId); std::lock_guard autoLock(mutexLock_); - if (!VerifyCallingPermission(PERMISSION_MANAGE_ENTERPRISE_DEVICE_ADMIN)) { + if (!IsHdc() && !VerifyCallingPermission(PERMISSION_MANAGE_ENTERPRISE_DEVICE_ADMIN)) { EDMLOGW("EnterpriseDeviceMgrAbility::DisableAdmin check permission failed"); return EdmReturnErrCode::PERMISSION_DENIED; } @@ -731,6 +750,10 @@ ErrCode EnterpriseDeviceMgrAbility::DisableAdmin(AppExecFwk::ElementName &admin, if (adminPtr == nullptr) { return EdmReturnErrCode::DISABLE_ADMIN_FAILED; } + if (isDebug && !adminPtr->adminInfo_.isDebug_) { + EDMLOGW("DisableAdmin: shell command can only remove debug admin."); + return EdmReturnErrCode::DISABLE_ADMIN_FAILED; + } if (adminPtr->adminInfo_.adminType_ != AdminType::NORMAL) { EDMLOGW("DisableAdmin: only remove normal admin."); return EdmReturnErrCode::DISABLE_ADMIN_FAILED; @@ -744,7 +767,7 @@ ErrCode EnterpriseDeviceMgrAbility::DisableAdmin(AppExecFwk::ElementName &admin, system::SetParameter(PARAM_EDM_ENABLE, "false"); } AAFwk::Want want; - want.SetElementName(admin.GetBundleName(), admin.GetAbilityName()); + want.SetElementName(adminPtr->adminInfo_.packageName_, adminPtr->adminInfo_.className_); std::shared_ptr manager = DelayedSingleton::GetInstance(); sptr connection = manager->CreateAdminConnection(want, IEnterpriseAdmin::COMMAND_ON_ADMIN_DISABLED, userId); @@ -768,10 +791,10 @@ ErrCode EnterpriseDeviceMgrAbility::CheckCallingUid(const std::string &bundleNam return ERR_EDM_PERMISSION_ERROR; } -ErrCode EnterpriseDeviceMgrAbility::DisableSuperAdmin(const std::string &bundleName) +ErrCode EnterpriseDeviceMgrAbility::DisableSuperAdmin(const std::string &bundleName, bool isDebug) { std::lock_guard autoLock(mutexLock_); - if (!VerifyCallingPermission(PERMISSION_MANAGE_ENTERPRISE_DEVICE_ADMIN)) { + if (!IsHdc() && !VerifyCallingPermission(PERMISSION_MANAGE_ENTERPRISE_DEVICE_ADMIN)) { EDMLOGW("EnterpriseDeviceMgrAbility::DisableSuperAdmin check permission failed."); return EdmReturnErrCode::PERMISSION_DENIED; } @@ -779,6 +802,10 @@ ErrCode EnterpriseDeviceMgrAbility::DisableSuperAdmin(const std::string &bundleN if (admin == nullptr) { return EdmReturnErrCode::DISABLE_ADMIN_FAILED; } + if (isDebug && !admin->adminInfo_.isDebug_) { + EDMLOGW("DisableSuperAdmin: shell command can only remove debug super admin."); + return EdmReturnErrCode::DISABLE_ADMIN_FAILED; + } if (admin->adminInfo_.adminType_ != AdminType::ENT) { EDMLOGW("DisableSuperAdmin: only remove super admin."); return EdmReturnErrCode::DISABLE_ADMIN_FAILED; diff --git a/services/edm/src/enterprise_device_mgr_stub.cpp b/services/edm/src/enterprise_device_mgr_stub.cpp index 7ce648c6f2bbc371654b3f66563dbc8784e22aaa..1898efc0c196702d630fbac868564b1f36eb34c4 100644 --- a/services/edm/src/enterprise_device_mgr_stub.cpp +++ b/services/edm/src/enterprise_device_mgr_stub.cpp @@ -58,7 +58,8 @@ int32_t EnterpriseDeviceMgrStub::OnRemoteRequest(uint32_t code, MessageParcel &d Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(IPCSkeleton::GetCallingFullTokenID()); Security::AccessToken::ATokenTypeEnum tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(IPCSkeleton::GetCallingTokenID()); - if (!isSystemApp && tokenType != Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) { + if (!isSystemApp && tokenType != Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE && + tokenType != Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL) { EDMLOGE("EnterpriseDeviceMgrStub not system app or native process"); reply.WriteInt32(EdmReturnErrCode::SYSTEM_API_DENIED); return EdmReturnErrCode::SYSTEM_API_DENIED; @@ -123,7 +124,7 @@ ErrCode EnterpriseDeviceMgrStub::EnableAdminInner(MessageParcel &data, MessagePa if (type == static_cast(AdminType::NORMAL) || type == static_cast(AdminType::ENT)) { adminType = static_cast(type); } - ErrCode retCode = EnableAdmin(*admin, entInfo, adminType, userId); + ErrCode retCode = EnableAdmin(*admin, entInfo, adminType, userId, data.ReadBool()); reply.WriteInt32(retCode); return ERR_OK; } @@ -136,7 +137,7 @@ ErrCode EnterpriseDeviceMgrStub::DisableAdminInner(MessageParcel &data, MessageP return EdmReturnErrCode::PARAM_ERROR; } int32_t userId = data.ReadInt32(); - ErrCode retCode = DisableAdmin(*admin, userId); + ErrCode retCode = DisableAdmin(*admin, userId, data.ReadBool()); reply.WriteInt32(retCode); return ERR_OK; } @@ -145,7 +146,7 @@ ErrCode EnterpriseDeviceMgrStub::DisableSuperAdminInner(MessageParcel &data, Mes { std::string bundleName = data.ReadString(); EDMLOGD("DisableSuperAdminInner bundleName:: %{public}s :", bundleName.c_str()); - ErrCode retCode = DisableSuperAdmin(bundleName); + ErrCode retCode = DisableSuperAdmin(bundleName, data.ReadBool()); reply.WriteInt32(retCode); return retCode; } diff --git a/test/unittest/interface/inner_api/proxy/mock/include/enterprise_device_mgr_stub_mock.h b/test/unittest/interface/inner_api/proxy/mock/include/enterprise_device_mgr_stub_mock.h index ee37c69d0cccd185a77298005cc07ff0352f900f..3c12cd35e3f19277472d835f531290f2be60eeb9 100644 --- a/test/unittest/interface/inner_api/proxy/mock/include/enterprise_device_mgr_stub_mock.h +++ b/test/unittest/interface/inner_api/proxy/mock/include/enterprise_device_mgr_stub_mock.h @@ -103,14 +103,15 @@ public: return ERR_PROXY_SENDREQUEST_FAIL; } - ErrCode EnableAdmin(AppExecFwk::ElementName &admin, EntInfo &entInfo, AdminType type, int32_t userId) override + ErrCode EnableAdmin(AppExecFwk::ElementName &admin, EntInfo &entInfo, AdminType type, int32_t userId, + bool isDebug = false) override { return 0; } - ErrCode DisableAdmin(AppExecFwk::ElementName &admin, int32_t userId) override { return 0; } + ErrCode DisableAdmin(AppExecFwk::ElementName &admin, int32_t userId, bool isDebug = false) override { return 0; } - ErrCode DisableSuperAdmin(const std::string &bundleName) override { return 0; } + ErrCode DisableSuperAdmin(const std::string &bundleName, bool isDebug = false) override { return 0; } ErrCode HandleDevicePolicy(uint32_t code, AppExecFwk::ElementName &admin, MessageParcel &data, MessageParcel &reply, int32_t userId) override diff --git a/test/unittest/services/edm/src/admin_manager_test.cpp b/test/unittest/services/edm/src/admin_manager_test.cpp index cad00b0dcc7ee8352dfd94f1a591fe544f8bcfa0..31144e6d0cd2fce5bbf5270b29b2076ce2cf717a 100644 --- a/test/unittest/services/edm/src/admin_manager_test.cpp +++ b/test/unittest/services/edm/src/admin_manager_test.cpp @@ -124,14 +124,16 @@ HWTEST_F(AdminManagerTest, TestGetAdminByUserId, TestSize.Level1) entInfo.enterpriseName = "company"; entInfo.description = "technology company in wuhan"; permissions = {"ohos.permission.EDM_TEST_PERMISSION"}; - res = adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::NORMAL, permissions, DEFAULT_USER_ID); + Admin admin(abilityInfo, AdminType::NORMAL, entInfo, permissions, false); + res = adminMgr_->SetAdminValue(DEFAULT_USER_ID, admin); ASSERT_TRUE(res == ERR_OK); adminMgr_->GetAdminByUserId(DEFAULT_USER_ID, userAdmin); ASSERT_TRUE(userAdmin.size() == 1); - abilityInfo.bundleName = "com.edm.test.demo1"; - permissions = {"ohos.permission.EDM_TEST_PERMISSION", "ohos.permission.EDM_TEST_ENT_PERMISSION"}; - res = adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::ENT, permissions, DEFAULT_USER_ID); + admin.adminInfo_.adminType_ = AdminType::ENT; + admin.adminInfo_.packageName_ = "com.edm.test.demo1"; + admin.adminInfo_.permission_ = {"ohos.permission.EDM_TEST_PERMISSION", "ohos.permission.EDM_TEST_ENT_PERMISSION"}; + res = adminMgr_->SetAdminValue(DEFAULT_USER_ID, admin); ASSERT_TRUE(res == ERR_OK); adminMgr_->GetAdminByUserId(DEFAULT_USER_ID, userAdmin); @@ -155,16 +157,18 @@ HWTEST_F(AdminManagerTest, TestGetAdminByPkgName, TestSize.Level1) entInfo.enterpriseName = "company"; entInfo.description = "technology company in wuhan"; permissions = {"ohos.permission.EDM_TEST_PERMISSION"}; - res = adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::NORMAL, permissions, DEFAULT_USER_ID); + Admin edmAdmin(abilityInfo, AdminType::NORMAL, entInfo, permissions, false); + res = adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); ASSERT_TRUE(res == ERR_OK); - abilityInfo.bundleName = "com.edm.test.demo1"; - abilityInfo.name = "testDemo"; - entInfo.enterpriseName = "company"; - entInfo.description = "technology company in wuhan"; - - permissions = {"ohos.permission.EDM_TEST_PERMISSION", "ohos.permission.EDM_TEST_ENT_PERMISSION"}; - res = adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::ENT, permissions, DEFAULT_USER_ID); + edmAdmin.adminInfo_.adminType_ = AdminType::ENT; + edmAdmin.adminInfo_.packageName_ = "com.edm.test.demo1"; + edmAdmin.adminInfo_.className_ = "testDemo"; + edmAdmin.adminInfo_.entInfo_.enterpriseName = "company"; + edmAdmin.adminInfo_.entInfo_.description = "technology company in wuhan"; + edmAdmin.adminInfo_.permission_ = {"ohos.permission.EDM_TEST_PERMISSION", + "ohos.permission.EDM_TEST_ENT_PERMISSION"}; + res = adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); ASSERT_TRUE(res == ERR_OK); std::shared_ptr admin; @@ -192,12 +196,15 @@ HWTEST_F(AdminManagerTest, TestDeleteAdmin, TestSize.Level1) entInfo.enterpriseName = "company"; entInfo.description = "technology company in wuhan"; permissions = {"ohos.permission.EDM_TEST_PERMISSION"}; - res = adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::NORMAL, permissions, DEFAULT_USER_ID); + Admin edmAdmin(abilityInfo, AdminType::NORMAL, entInfo, permissions, false); + res = adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); ASSERT_TRUE(res == ERR_OK); - abilityInfo.bundleName = "com.edm.test.demo1"; - permissions = {"ohos.permission.EDM_TEST_PERMISSION", "ohos.permission.EDM_TEST_ENT_PERMISSION"}; - res = adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::ENT, permissions, DEFAULT_USER_ID); + edmAdmin.adminInfo_.adminType_ = AdminType::ENT; + edmAdmin.adminInfo_.packageName_ = "com.edm.test.demo1"; + edmAdmin.adminInfo_.permission_ = {"ohos.permission.EDM_TEST_PERMISSION", + "ohos.permission.EDM_TEST_ENT_PERMISSION"}; + res = adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); ASSERT_TRUE(res == ERR_OK); res = adminMgr_->DeleteAdmin("com.edm.test.demo", DEFAULT_USER_ID); @@ -231,37 +238,41 @@ HWTEST_F(AdminManagerTest, TestSetAdminValue, TestSize.Level1) abilityInfo.bundleName = bundleName + "1"; permissions = {}; - res = adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::NORMAL, permissions, DEFAULT_USER_ID); + Admin edmAdmin(abilityInfo, AdminType::NORMAL, entInfo, permissions, false); + res = adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); ASSERT_TRUE(res == ERR_OK); - admin = adminMgr_->GetAdminByPkgName(abilityInfo.bundleName, DEFAULT_USER_ID); + admin = adminMgr_->GetAdminByPkgName(edmAdmin.adminInfo_.packageName_, DEFAULT_USER_ID); ASSERT_TRUE(admin != nullptr); - abilityInfo.bundleName = bundleName + "2"; - permissions = {"ohos.permission.EDM_TEST_ENT_PERMISSION"}; - res = adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::NORMAL, permissions, DEFAULT_USER_ID); + edmAdmin.adminInfo_.packageName_ = bundleName + "2"; + edmAdmin.adminInfo_.permission_ = {"ohos.permission.EDM_TEST_ENT_PERMISSION"}; + res = adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); ASSERT_TRUE(res != ERR_OK); - admin = adminMgr_->GetAdminByPkgName(abilityInfo.bundleName, DEFAULT_USER_ID); + admin = adminMgr_->GetAdminByPkgName(edmAdmin.adminInfo_.packageName_, DEFAULT_USER_ID); ASSERT_TRUE(admin == nullptr); - abilityInfo.bundleName = bundleName + "3"; - permissions = {"ohos.permission.EDM_TEST_PERMISSION_FAIL", "ohos.permission.EDM_TEST_PERMISSION"}; - res = adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::NORMAL, permissions, DEFAULT_USER_ID); + edmAdmin.adminInfo_.packageName_ = bundleName + "3"; + edmAdmin.adminInfo_.permission_ = {"ohos.permission.EDM_TEST_PERMISSION_FAIL", + "ohos.permission.EDM_TEST_PERMISSION"}; + res = adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); ASSERT_TRUE(res == ERR_OK); - admin = adminMgr_->GetAdminByPkgName(abilityInfo.bundleName, DEFAULT_USER_ID); + admin = adminMgr_->GetAdminByPkgName(edmAdmin.adminInfo_.packageName_, DEFAULT_USER_ID); ASSERT_TRUE(admin != nullptr); - abilityInfo.bundleName = bundleName + "4"; - permissions = {"ohos.permission.EDM_TEST_PERMISSION"}; - res = adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::NORMAL, permissions, DEFAULT_USER_ID); + edmAdmin.adminInfo_.packageName_ = bundleName + "4"; + edmAdmin.adminInfo_.permission_ = {"ohos.permission.EDM_TEST_PERMISSION"}; + res = adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); ASSERT_TRUE(res == ERR_OK); - admin = adminMgr_->GetAdminByPkgName(abilityInfo.bundleName, DEFAULT_USER_ID); + admin = adminMgr_->GetAdminByPkgName(edmAdmin.adminInfo_.packageName_, DEFAULT_USER_ID); ASSERT_TRUE(admin != nullptr); - abilityInfo.bundleName = bundleName + "5"; - permissions = {"ohos.permission.EDM_TEST_ENT_PERMISSION", "ohos.permission.EDM_TEST_PERMISSION"}; - res = adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::ENT, permissions, DEFAULT_USER_ID); + edmAdmin.adminInfo_.adminType_ = AdminType::ENT; + edmAdmin.adminInfo_.packageName_ = bundleName + "5"; + edmAdmin.adminInfo_.permission_ = {"ohos.permission.EDM_TEST_ENT_PERMISSION", + "ohos.permission.EDM_TEST_PERMISSION"}; + res = adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); ASSERT_TRUE(res == ERR_OK); - admin = adminMgr_->GetAdminByPkgName(abilityInfo.bundleName, DEFAULT_USER_ID); + admin = adminMgr_->GetAdminByPkgName(edmAdmin.adminInfo_.packageName_, DEFAULT_USER_ID); ASSERT_TRUE(admin != nullptr); } @@ -282,13 +293,13 @@ HWTEST_F(AdminManagerTest, TestSetAdminValueHuge, TestSize.Level1) entInfo.enterpriseName = "company"; entInfo.description = "technology company in wuhan"; std::vector permissions; - + Admin edmAdmin(abilityInfo, AdminType::NORMAL, entInfo, permissions, false); for (int i = 0; i < HUGE_ADMIN_SIZE; ++i) { - abilityInfo.bundleName = bundleName + std::to_string(i); - permissions = {"ohos.permission.EDM_TEST_PERMISSION"}; - res = adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::NORMAL, permissions, DEFAULT_USER_ID); + edmAdmin.adminInfo_.packageName_ = bundleName + std::to_string(i); + edmAdmin.adminInfo_.permission_ = {"ohos.permission.EDM_TEST_PERMISSION"}; + res = adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); ASSERT_TRUE(res == ERR_OK); - admin = adminMgr_->GetAdminByPkgName(abilityInfo.bundleName, DEFAULT_USER_ID); + admin = adminMgr_->GetAdminByPkgName(edmAdmin.adminInfo_.packageName_, DEFAULT_USER_ID); ASSERT_TRUE(admin != nullptr); } std::vector> userAdmin; @@ -317,7 +328,8 @@ HWTEST_F(AdminManagerTest, TestUpdateAdmin, TestSize.Level1) "ohos.permission.EDM_TEST_ENT_PERMISSION"}; res = adminMgr_->GetGrantedPermission(permissions, AdminType::ENT); ASSERT_TRUE(res == ERR_OK); - adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::ENT, permissions, DEFAULT_USER_ID); + Admin edmAdmin(abilityInfo, AdminType::ENT, entInfo, permissions, false); + adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); std::vector> userAdmin; adminMgr_->GetAdminByUserId(DEFAULT_USER_ID, userAdmin); ASSERT_TRUE(userAdmin.size() == 1); @@ -348,7 +360,8 @@ HWTEST_F(AdminManagerTest, TestIsSuperAdmin, TestSize.Level1) entInfo.description = "technology company in wuhan"; std::vector permissions = {"ohos.permission.EDM_TEST_ENT_PERMISSION"}; - adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::ENT, permissions, DEFAULT_USER_ID); + Admin edmAdmin(abilityInfo, AdminType::ENT, entInfo, permissions, false); + adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); ASSERT_TRUE(adminMgr_->IsSuperOrSubSuperAdmin(bundleName)); } @@ -368,9 +381,11 @@ HWTEST_F(AdminManagerTest, TestIsSuperAdminExist, TestSize.Level1) entInfo.description = "technology company in wuhan"; std::vector permissions = {"ohos.permission.EDM_TEST_ENT_PERMISSION"}; - adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::ENT, permissions, DEFAULT_USER_ID); - permissions = {"ohos.permission.EDM_TEST_PERMISSION"}; - adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::NORMAL, permissions, DEFAULT_USER_ID); + Admin edmAdmin(abilityInfo, AdminType::ENT, entInfo, permissions, false); + adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); + edmAdmin.adminInfo_.adminType_ = AdminType::NORMAL; + edmAdmin.adminInfo_.permission_ = {"ohos.permission.EDM_TEST_PERMISSION"}; + adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); ASSERT_TRUE(!adminMgr_->IsSuperAdminExist()); } @@ -388,17 +403,18 @@ HWTEST_F(AdminManagerTest, TestGetAdminBySubscribeEvent, TestSize.Level1) entInfo.enterpriseName = "company"; entInfo.description = "technology company in wuhan"; std::vector permissions = {"ohos.permission.EDM_TEST_PERMISSION"}; - adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::NORMAL, permissions, DEFAULT_USER_ID); - abilityInfo.bundleName = "com.edm.test.demo1"; - abilityInfo.name = "testDemo1"; - entInfo.enterpriseName = "company1"; - entInfo.description = "technology company in wuhan1"; - adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::NORMAL, permissions, DEFAULT_USER_ID); - abilityInfo.bundleName = "com.edm.test.demo2"; - abilityInfo.name = "testDemo2"; - entInfo.enterpriseName = "company2"; - entInfo.description = "technology company in wuhan2"; - adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::NORMAL, permissions, TEST_USER_ID); + Admin edmAdmin(abilityInfo, AdminType::NORMAL, entInfo, permissions, false); + adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); + edmAdmin.adminInfo_.packageName_ = "com.edm.test.demo1"; + edmAdmin.adminInfo_.className_ = "testDemo1"; + edmAdmin.adminInfo_.entInfo_.enterpriseName = "company1"; + edmAdmin.adminInfo_.entInfo_.description = "technology company in wuhan1"; + adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); + edmAdmin.adminInfo_.packageName_ = "com.edm.test.demo2"; + edmAdmin.adminInfo_.className_ = "testDemo2"; + edmAdmin.adminInfo_.entInfo_.enterpriseName = "company2"; + edmAdmin.adminInfo_.entInfo_.description = "technology company in wuhan2"; + adminMgr_->SetAdminValue(TEST_USER_ID, edmAdmin); const std::vector events = {0, 1}; adminMgr_->SaveSubscribeEvents(events, "com.edm.test.demo", DEFAULT_USER_ID); @@ -425,7 +441,8 @@ HWTEST_F(AdminManagerTest, TestSaveSubscribeEvents, TestSize.Level1) entInfo.enterpriseName = "company"; entInfo.description = "technology company in wuhan"; std::vector permissions = {"ohos.permission.EDM_TEST_PERMISSION"}; - adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::NORMAL, permissions, DEFAULT_USER_ID); + Admin edmAdmin(abilityInfo, AdminType::NORMAL, entInfo, permissions, false); + adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); std::shared_ptr admin = adminMgr_->GetAdminByPkgName(abilityInfo.bundleName, DEFAULT_USER_ID); ASSERT_TRUE(admin != nullptr); @@ -451,7 +468,8 @@ HWTEST_F(AdminManagerTest, TestRemoveSubscribeEvents, TestSize.Level1) entInfo.enterpriseName = "company"; entInfo.description = "technology company in wuhan"; std::vector permissions = {"ohos.permission.EDM_TEST_PERMISSION"}; - adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::NORMAL, permissions, DEFAULT_USER_ID); + Admin edmAdmin(abilityInfo, AdminType::NORMAL, entInfo, permissions, false); + adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); std::shared_ptr admin = adminMgr_->GetAdminByPkgName(abilityInfo.bundleName, DEFAULT_USER_ID); ASSERT_TRUE(admin != nullptr); @@ -490,7 +508,8 @@ HWTEST_F(AdminManagerTest, TestSaveAuthorizedAdmin, TestSize.Level1) abilityInfo.name = "testDemo"; EntInfo entInfo("test", "this is test"); std::vector permissions{"ohos.permission.EDM_TEST_PERMISSION"}; - ErrCode res = adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::ENT, permissions, DEFAULT_USER_ID); + Admin edmAdmin(abilityInfo, AdminType::ENT, entInfo, permissions, false); + ErrCode res = adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); ASSERT_TRUE(res == ERR_OK); std::string subSuperAdmin = "com.edm.test.demo1"; @@ -528,7 +547,8 @@ HWTEST_F(AdminManagerTest, TestGetSubSuperAdminsByParentName, TestSize.Level1) abilityInfo.name = "testDemo"; EntInfo entInfo("test", "this is test"); std::vector permissions{"ohos.permission.EDM_TEST_PERMISSION"}; - res = adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::ENT, permissions, DEFAULT_USER_ID); + Admin edmAdmin(abilityInfo, AdminType::ENT, entInfo, permissions, false); + res = adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); ASSERT_TRUE(res == ERR_OK); std::string subSuperAdmin = "com.edm.test.demo1"; res = adminMgr_->SaveAuthorizedAdmin(subSuperAdmin, permissions, abilityInfo.bundleName); diff --git a/test/unittest/services/edm/src/enterprise_admin_connection_test.cpp b/test/unittest/services/edm/src/enterprise_admin_connection_test.cpp index 14e4d4c5a52f3fa0906c277d8d497deedf03fac8..7aa7441af8b555ffaf085a98336272069715d72c 100644 --- a/test/unittest/services/edm/src/enterprise_admin_connection_test.cpp +++ b/test/unittest/services/edm/src/enterprise_admin_connection_test.cpp @@ -153,7 +153,8 @@ HWTEST_F(EnterpriseAdminConnectionTest, TestOnAbilityDisconnectDoneWithSuperAdmi entInfo.enterpriseName = "company"; entInfo.description = "technology company in wuhan"; std::vector permissions = {"ohos.permission.EDM_TEST_PERMISSION"}; - AdminManager::GetInstance()->SetAdminValue(abilityInfo, entInfo, AdminType::ENT, permissions, DEFAULT_USER_ID); + Admin edmAdmin(abilityInfo, AdminType::ENT, entInfo, permissions, false); + AdminManager::GetInstance()->SetAdminValue(DEFAULT_USER_ID, edmAdmin); AAFwk::Want connectWant; connectWant.SetElementName(abilityInfo.bundleName, abilityInfo.name); diff --git a/test/unittest/services/edm/src/enterprise_device_mgr_ability_test.cpp b/test/unittest/services/edm/src/enterprise_device_mgr_ability_test.cpp index 3f3a19bef31baa979d24ddb75b4d386138731979..fa17cbfb0720d4ac43b726f5d10e0982cb4393c8 100644 --- a/test/unittest/services/edm/src/enterprise_device_mgr_ability_test.cpp +++ b/test/unittest/services/edm/src/enterprise_device_mgr_ability_test.cpp @@ -1782,12 +1782,13 @@ HWTEST_F(EnterpriseDeviceMgrAbilityTest, TestOnCommonEventUserRemoved, TestSize. entInfo.enterpriseName = "company"; entInfo.description = "technology company in wuhan"; std::vector permissions = {EDM_TEST_PERMISSION}; - edmMgr_->adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::NORMAL, permissions, DEFAULT_USER_ID); - abilityInfo.bundleName = ADMIN_PACKAGENAME_1; - abilityInfo.name = ADMIN_PACKAGENAME_ABILITY_1; - entInfo.enterpriseName = "company1"; - entInfo.description = "technology company in wuhan"; - edmMgr_->adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::NORMAL, permissions, ERROR_USER_ID_REMOVE); + Admin edmAdmin(abilityInfo, AdminType::NORMAL, entInfo, permissions, false); + edmMgr_->adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); + edmAdmin.adminInfo_.packageName_ = ADMIN_PACKAGENAME_1; + edmAdmin.adminInfo_.className_ = ADMIN_PACKAGENAME_ABILITY_1; + edmAdmin.adminInfo_.entInfo_.enterpriseName = "company1"; + edmAdmin.adminInfo_.entInfo_.description = "technology company in wuhan"; + edmMgr_->adminMgr_->SetAdminValue(ERROR_USER_ID_REMOVE, edmAdmin); EventFwk::CommonEventData data; std::string action = "usual.event.USER_REMOVED"; @@ -1805,7 +1806,7 @@ HWTEST_F(EnterpriseDeviceMgrAbilityTest, TestOnCommonEventUserRemoved, TestSize. isExist = edmMgr_->adminMgr_->GetAdminByUserId(DEFAULT_USER_ID, userAdmin); EXPECT_TRUE(!isExist); - ErrCode ret = edmMgr_->adminMgr_->DeleteAdmin(abilityInfo.bundleName, ERROR_USER_ID_REMOVE); + ErrCode ret = edmMgr_->adminMgr_->DeleteAdmin(edmAdmin.adminInfo_.packageName_, ERROR_USER_ID_REMOVE); EXPECT_TRUE(ret == ERR_OK); } @@ -1841,13 +1842,14 @@ HWTEST_F(EnterpriseDeviceMgrAbilityTest, TestOnCommonEventPackageAdded, TestSize entInfo.enterpriseName = "company"; entInfo.description = "technology company in wuhan"; std::vector permissions = {EDM_TEST_PERMISSION}; - edmMgr_->adminMgr_->SetAdminValue(abilityInfo, entInfo, AdminType::NORMAL, permissions, DEFAULT_USER_ID); - AppExecFwk::ExtensionAbilityInfo abilityInfo1; - abilityInfo1.bundleName = ADMIN_PACKAGENAME_1; - abilityInfo1.name = ADMIN_PACKAGENAME_ABILITY_1; - entInfo.enterpriseName = "company1"; - entInfo.description = "technology company in wuhan1"; - edmMgr_->adminMgr_->SetAdminValue(abilityInfo1, entInfo, AdminType::NORMAL, permissions, DEFAULT_USER_ID); + Admin edmAdmin(abilityInfo, AdminType::NORMAL, entInfo, permissions, false); + edmMgr_->adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); + + edmAdmin.adminInfo_.packageName_ = ADMIN_PACKAGENAME_1; + edmAdmin.adminInfo_.className_ = ADMIN_PACKAGENAME_ABILITY_1; + edmAdmin.adminInfo_.entInfo_.enterpriseName = "company1"; + edmAdmin.adminInfo_.entInfo_.description = "technology company in wuhan1"; + edmMgr_->adminMgr_->SetAdminValue(DEFAULT_USER_ID, edmAdmin); const std::vector events = {BUNDLE_ADDED_EVENT, BUNDLE_REMOVED_EVENT}; edmMgr_->adminMgr_->SaveSubscribeEvents(events, abilityInfo.bundleName, DEFAULT_USER_ID); @@ -1868,7 +1870,7 @@ HWTEST_F(EnterpriseDeviceMgrAbilityTest, TestOnCommonEventPackageAdded, TestSize EXPECT_TRUE(func != edmMgr_->commonEventFuncMap_.end()); EXPECT_EQ(edmMgr_->adminMgr_->DeleteAdmin(abilityInfo.bundleName, DEFAULT_USER_ID), ERR_OK); - EXPECT_EQ(edmMgr_->adminMgr_->DeleteAdmin(abilityInfo1.bundleName, DEFAULT_USER_ID), ERR_OK); + EXPECT_EQ(edmMgr_->adminMgr_->DeleteAdmin(ADMIN_PACKAGENAME_1, DEFAULT_USER_ID), ERR_OK); } /** diff --git a/tools/edm/BUILD.gn b/tools/edm/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..94570544b8470f5e014fc848c2b4eb4e8d465c1b --- /dev/null +++ b/tools/edm/BUILD.gn @@ -0,0 +1,78 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") + +config("tools_edm_config") { + include_dirs = [ "include" ] +} + +ohos_source_set("tools_edm_source_set") { + sources = [ + "src/edm_command.cpp", + "src/main.cpp", + "src/shell_command.cpp", + ] + + public_configs = [ + ":tools_edm_config", + "../../common/config:coverage_flags", + ] + + cflags = [] + if (target_cpu == "arm") { + cflags += [ "-DBINDER_IPC_32BIT" ] + } + + external_deps = [ + "ability_base:want", + "bundle_framework:appexecfwk_base", + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_core", + ] + + deps = [ "../../interfaces/inner_api:edmservice_kits" ] + + sanitize = { + boundary_sanitize = true + cfi = true + cfi_cross_dso = true + debug = false + integer_overflow = true + ubsan = true + } + subsystem_name = "customization" + part_name = "enterprise_device_management" +} + +ohos_executable("edm") { + deps = [ ":tools_edm_source_set" ] + + install_enable = true + + sanitize = { + boundary_sanitize = true + cfi = true + cfi_cross_dso = true + debug = false + integer_overflow = true + ubsan = true + } + subsystem_name = "customization" + part_name = "enterprise_device_management" +} + +group("tools_edm") { + deps = [ ":edm" ] +} diff --git a/tools/edm/include/edm_command.h b/tools/edm/include/edm_command.h new file mode 100644 index 0000000000000000000000000000000000000000..a1c023f9f2e41605c0d7710c7b65693e3bac5b42 --- /dev/null +++ b/tools/edm/include/edm_command.h @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef EDM_TOOLS_EDM_INCLUDE_EDM_COMMAND_H +#define EDM_TOOLS_EDM_INCLUDE_EDM_COMMAND_H + +#include "shell_command.h" +#include "enterprise_device_mgr_proxy.h" +#include "ienterprise_device_mgr.h" + +namespace OHOS { +namespace EDM { +namespace { +const std::string TOOL_NAME = "edm"; + +const std::string HELP_MSG = "usage: edm []\n" + "These are common edm commands list:\n" + " help list available commands\n" + " enable-admin enable a admin with options\n" + " disable-admin disable a admin with options\n"; +} // namespace + +const std::string HELP_MSG_ENABLE_ADMIN = "usage: edm enable-admin \n" + "eg:edm enable-admin -n -a -t \n" + "options list:\n" + " -h, --help list available commands\n" + " -n, --bundle-name enable an admin with bundle name\n" + " -a, --ability-name enable an admin with ability name\n" + " -t, --admin-type enable an admin with admin type\n" + " : normal, super\n"; + +const std::string HELP_MSG_DISABLE_ADMIN = "usage: edm disable-admin \n" + "eg:edm disable-admin -n -t \n" + "options list:\n" + " -h, --help list available commands\n" + " -n, --bundle-name disable an admin with bundle name\n" + " -t, --admin-type disable an admin with admin type\n" + " : normal, super\n"; + +class EdmCommand : public ShellCommand { +public: + EdmCommand(int argc, char *argv[]); + ~EdmCommand() override = default; + +private: + ErrCode CreateCommandMap() override; + ErrCode CreateMessageMap() override; + ErrCode Init() override; + ErrCode RunAsHelpCommand(); + ErrCode RunAsEnableCommand(); + ErrCode RunAsDisableAdminCommand(); + ErrCode ParseEnableAdminCommandOption(std::string &bundleName, std::string &abilityName, AdminType &adminType); + ErrCode RunAsEnableCommandMissingOptionArgument(); + ErrCode RunAsEnableCommandParseOptionArgument(int option, std::string &bundleName, std::string &abilityName, + AdminType &adminType); + ErrCode ParseAdminTypeArgument(AdminType &adminType); + + std::shared_ptr enterpriseDeviceMgrProxy_; +}; +} // namespace EDM +} // namespace OHOS + +#endif // EDM_TOOLS_EDM_INCLUDE_EDM_COMMAND_H diff --git a/tools/edm/include/shell_command.h b/tools/edm/include/shell_command.h new file mode 100644 index 0000000000000000000000000000000000000000..75c7e85eae572e2300f9fbaac72393b16face829 --- /dev/null +++ b/tools/edm/include/shell_command.h @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef EDM_TOOLS_EDM_INCLUDE_SHELL_COMMAND_H +#define EDM_TOOLS_EDM_INCLUDE_SHELL_COMMAND_H + +#include +#include +#include +#include + +#include "errors.h" + +namespace OHOS { +namespace EDM { +class ShellCommand { +public: + ShellCommand(int argc, char *argv[], std::string name); + virtual ~ShellCommand() = default; + + ErrCode OnCommand(); + std::string ExecCommand(); + [[nodiscard]] std::string GetCommandErrorMsg() const; + [[nodiscard]] std::string GetMessageFromCode(int32_t code) const; + + virtual ErrCode CreateCommandMap() = 0; + virtual ErrCode CreateMessageMap() = 0; + virtual ErrCode Init() = 0; + +protected: + static constexpr int MIN_ARGUMENT_NUMBER = 2; + + int argc_; + char **argv_; + + std::string cmd_; + std::vector argList_; + + std::string name_; + std::map> commandMap_; + std::map messageMap_; + + std::string resultReceiver_; +}; +} // namespace EDM +} // namespace OHOS +#endif // EDM_TOOLS_EDM_INCLUDE_SHELL_COMMAND_H diff --git a/tools/edm/src/edm_command.cpp b/tools/edm/src/edm_command.cpp new file mode 100644 index 0000000000000000000000000000000000000000..346cf7ff24a34bac0371cbfb75bb3064054d8998 --- /dev/null +++ b/tools/edm/src/edm_command.cpp @@ -0,0 +1,248 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "edm_command.h" + +#include +#include +#include +#include + +#include "admin_type.h" +#include "element_name.h" +#include "out/rk3568/obj/third_party/musl/intermidiates/linux/musl_src_ported/include/getopt.h" + +namespace OHOS { +namespace EDM { +const std::string SHORT_OPTIONS = "hn:a:t:"; +constexpr int32_t OPTION_NUM = 4; + +const struct option LONG_OPTIONS[] = { + {"help", no_argument, nullptr, 'h'}, + {"bundle-name", required_argument, nullptr, 'n'}, + {"ability-name", required_argument, nullptr, 'a'}, + {"admin-type", required_argument, nullptr, 't'} +}; + +EdmCommand::EdmCommand(int argc, char *argv[]) : ShellCommand(argc, argv, TOOL_NAME) {} + +ErrCode EdmCommand::CreateCommandMap() +{ + commandMap_ = { + { "help", std::bind(&EdmCommand::RunAsHelpCommand, this) }, + { "enable-admin", std::bind(&EdmCommand::RunAsEnableCommand, this) }, + { "disable-admin", std::bind(&EdmCommand::RunAsDisableAdminCommand, this) } + }; + return ERR_OK; +} + +ErrCode EdmCommand::CreateMessageMap() +{ + messageMap_ = { // error + message + {ERR_EDM_TOOLS_COMMAND_NO_OPTION, "error: command requires option."}, + {ERR_EDM_TOOLS_COMMAND_N_OPTION_REQUIRES_AN_ARGUMENT, "error: -n, --bundle-name option requires an argument."}, + {ERR_EDM_TOOLS_COMMAND_A_OPTION_REQUIRES_AN_ARGUMENT, "error: -a, --ability-name option requires an argument."}, + {ERR_EDM_TOOLS_COMMAND_T_OPTION_REQUIRES_AN_ARGUMENT, "error: -t, --admin-type option requires an argument."}, + {ERR_EDM_TOOLS_COMMAND_UNKNOWN_OPTION, "error: unknown option."}, + {ERR_EDM_TOOLS_COMMAND_NO_BUNDLE_NAME_OPTION, "error: -n is expected."}, + {ERR_EDM_TOOLS_COMMAND_NO_ABILITY_NAME_OPTION, "error: -a is expected."}, + {ERR_EDM_TOOLS_COMMAND_NO_ADMIN_TYPE_OPTION, "error: -t is expected."}, + {ERR_EDM_TOOLS_COMMAND_INVALIT_ADMIN_TYPE_ARGUMENT, "error: invalid admin-type argument."}, + {ERR_EDM_ADD_ADMIN_FAILED, "error: add admin internal error."}, + {ERR_EDM_PERMISSION_ERROR, "error: permission check failed."}, + {ERR_EDM_BMS_ERROR, "error: get bundle manager or query infos failed."}, + {ERR_EDM_DENY_PERMISSION, "error: permission requested by app is not allowed."}, + {ERR_EDM_DEL_ADMIN_FAILED, "error: disable admin internal error."}, + {ERR_EDM_GET_PLUGIN_MGR_FAILED, "error: get plugin manager internal error."}, + {ERR_EDM_PARAM_ERROR, "error: param count or value invalid"}, + {EdmReturnErrCode::COMPONENT_INVALID, "error: the administrator ability component is invalid."}, + {EdmReturnErrCode::ENABLE_ADMIN_FAILED, "error: failed to enable the administrator application of the device."}, + {EdmReturnErrCode::DISABLE_ADMIN_FAILED, + "error: failed to disable the administrator application of the device."} + }; + return ERR_OK; +} + +ErrCode EdmCommand::Init() +{ + if (!enterpriseDeviceMgrProxy_) { + enterpriseDeviceMgrProxy_ = EnterpriseDeviceMgrProxy::GetInstance(); + } + return ERR_OK; +} + +ErrCode EdmCommand::RunAsHelpCommand() +{ + resultReceiver_.append(HELP_MSG); + return ERR_OK; +} + +ErrCode EdmCommand::RunAsEnableCommand() +{ + std::string bundleName; + std::string abilityName; + AdminType adminType = AdminType::UNKNOWN; + ErrCode result = ParseEnableAdminCommandOption(bundleName, abilityName, adminType); + if (result == ERR_EDM_TOOLS_COMMAND_HELP && bundleName.empty() && abilityName.empty() && + adminType == AdminType::UNKNOWN) { + resultReceiver_.append(HELP_MSG_ENABLE_ADMIN); + return ERR_OK; + } + if (result != ERR_EDM_TOOLS_COMMAND_HELP && result != ERR_OK) { + resultReceiver_.append(GetMessageFromCode(result)); + resultReceiver_.append(HELP_MSG_ENABLE_ADMIN); + return ERR_EDM_PARAM_ERROR; + } + if (bundleName.empty()) { + resultReceiver_.append(GetMessageFromCode(ERR_EDM_TOOLS_COMMAND_NO_BUNDLE_NAME_OPTION)); + resultReceiver_.append(HELP_MSG_ENABLE_ADMIN); + return ERR_EDM_TOOLS_COMMAND_NO_BUNDLE_NAME_OPTION; + } + if (abilityName.empty()) { + resultReceiver_.append(GetMessageFromCode(ERR_EDM_TOOLS_COMMAND_NO_ABILITY_NAME_OPTION)); + resultReceiver_.append(HELP_MSG_ENABLE_ADMIN); + return ERR_EDM_TOOLS_COMMAND_NO_ABILITY_NAME_OPTION; + } + if (adminType == AdminType::UNKNOWN) { + resultReceiver_.append(GetMessageFromCode(ERR_EDM_TOOLS_COMMAND_NO_ADMIN_TYPE_OPTION)); + resultReceiver_.append(HELP_MSG_ENABLE_ADMIN); + return ERR_EDM_TOOLS_COMMAND_NO_ADMIN_TYPE_OPTION; + } + OHOS::AppExecFwk::ElementName elementName; + elementName.SetElementBundleName(&elementName, bundleName.c_str()); + elementName.SetElementAbilityName(&elementName, abilityName.c_str()); + EntInfo info; + result = enterpriseDeviceMgrProxy_->EnableAdmin(elementName, info, adminType, DEFAULT_USER_ID, true); + if (result != ERR_OK) { + resultReceiver_.append(GetMessageFromCode(result)); + } + resultReceiver_.append("enable admin success."); + return result; +} + +ErrCode EdmCommand::RunAsDisableAdminCommand() +{ + std::string bundleName; + std::string abilityName; + AdminType adminType = AdminType::UNKNOWN; + ErrCode result = ParseEnableAdminCommandOption(bundleName, abilityName, adminType); + if (result == ERR_EDM_TOOLS_COMMAND_HELP && bundleName.empty() && adminType == AdminType::UNKNOWN) { + resultReceiver_.append(HELP_MSG_DISABLE_ADMIN); + return ERR_OK; + } + if (result != ERR_EDM_TOOLS_COMMAND_HELP && result != ERR_OK) { + resultReceiver_.append(GetMessageFromCode(result)); + resultReceiver_.append(HELP_MSG_DISABLE_ADMIN); + return ERR_EDM_PARAM_ERROR; + } + if (bundleName.empty()) { + resultReceiver_.append(GetMessageFromCode(ERR_EDM_TOOLS_COMMAND_NO_BUNDLE_NAME_OPTION)); + resultReceiver_.append(HELP_MSG_DISABLE_ADMIN); + return ERR_EDM_TOOLS_COMMAND_NO_BUNDLE_NAME_OPTION; + } + if (adminType == AdminType::UNKNOWN) { + resultReceiver_.append(GetMessageFromCode(ERR_EDM_TOOLS_COMMAND_NO_ADMIN_TYPE_OPTION)); + resultReceiver_.append(HELP_MSG_DISABLE_ADMIN); + return ERR_EDM_TOOLS_COMMAND_NO_ADMIN_TYPE_OPTION; + } + if (adminType == AdminType::NORMAL) { + OHOS::AppExecFwk::ElementName elementName; + elementName.SetElementBundleName(&elementName, bundleName.c_str()); + result = enterpriseDeviceMgrProxy_->DisableAdmin(elementName, DEFAULT_USER_ID, true); + } else if (adminType == AdminType::ENT) { + result = enterpriseDeviceMgrProxy_->DisableSuperAdmin(bundleName, true); + } + if (result != ERR_OK) { + resultReceiver_.append(GetMessageFromCode(result)); + } + resultReceiver_.append("disable admin success."); + return result; +} + +ErrCode EdmCommand::ParseEnableAdminCommandOption(std::string &bundleName, std::string &abilityName, + AdminType &adminType) +{ + int count = 0; + ErrCode ret = ERR_INVALID_VALUE; + while (count < OPTION_NUM) { + count++; + int32_t option = getopt_long(argc_, argv_, SHORT_OPTIONS.c_str(), LONG_OPTIONS, nullptr); + if (option == -1) { + if (count == 1) { + ret = ERR_EDM_TOOLS_COMMAND_NO_OPTION; + } + break; + } + if (option == '?') { + ret = RunAsEnableCommandMissingOptionArgument(); + break; + } + ret = RunAsEnableCommandParseOptionArgument(option, bundleName, abilityName, adminType); + } + return ret; +} + +ErrCode EdmCommand::RunAsEnableCommandMissingOptionArgument() +{ + switch (optopt) { + case 'n': + return ERR_EDM_TOOLS_COMMAND_N_OPTION_REQUIRES_AN_ARGUMENT; + case 'a': + return ERR_EDM_TOOLS_COMMAND_A_OPTION_REQUIRES_AN_ARGUMENT; + case 't': + return ERR_EDM_TOOLS_COMMAND_T_OPTION_REQUIRES_AN_ARGUMENT; + default: + return ERR_EDM_TOOLS_COMMAND_UNKNOWN_OPTION; + } +} + +ErrCode EdmCommand::RunAsEnableCommandParseOptionArgument(int option, std::string &bundleName, std::string &abilityName, + AdminType &adminType) +{ + ErrCode ret = ERR_OK; + switch (option) { + case 'h': + ret = ERR_EDM_TOOLS_COMMAND_HELP; + break; + case 'n': + bundleName = optarg; + break; + case 'a': + abilityName = optarg; + break; + case 't': + ret = ParseAdminTypeArgument(adminType); + break; + default: + break; + } + return ret; +} + +ErrCode EdmCommand::ParseAdminTypeArgument(AdminType &adminType) +{ + std::string typeStr = optarg; + if (typeStr == "normal") { + adminType = AdminType::NORMAL; + return ERR_OK; + } + if (typeStr == "super") { + adminType = AdminType::ENT; + return ERR_OK; + } + return ERR_EDM_TOOLS_COMMAND_INVALIT_ADMIN_TYPE_ARGUMENT; +} +} // namespace EDM +} // namespace OHOS diff --git a/tools/edm/src/main.cpp b/tools/edm/src/main.cpp new file mode 100644 index 0000000000000000000000000000000000000000..9c73af536dce5f653d506e6d2a339f3a54cac6fd --- /dev/null +++ b/tools/edm/src/main.cpp @@ -0,0 +1,25 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include "edm_command.h" + +int main(int argc, char *argv[]) +{ + OHOS::EDM::EdmCommand cmd(argc, argv); + std::cout << cmd.ExecCommand(); + return 0; +} diff --git a/tools/edm/src/shell_command.cpp b/tools/edm/src/shell_command.cpp new file mode 100644 index 0000000000000000000000000000000000000000..584ac1cf154e2d52f4bc53d1730ac914cf3d9e7d --- /dev/null +++ b/tools/edm/src/shell_command.cpp @@ -0,0 +1,110 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "shell_command.h" + +#include + +#include "edm_log.h" + +namespace OHOS { +namespace EDM { +ShellCommand::ShellCommand(int argc, char *argv[], std::string name) +{ + opterr = 0; + argc_ = argc; + argv_ = argv; + name_ = name; + + if (argc < MIN_ARGUMENT_NUMBER) { + cmd_ = "help"; + return; + } + cmd_ = argv[1]; + for (int i = 2; i < argc; i++) { + argList_.push_back(argv[i]); + } +} + +ErrCode ShellCommand::OnCommand() +{ + int result = ERR_OK; + if (commandMap_.find("help") == commandMap_.end()) { + return ERR_INVALID_VALUE; + } + + auto respond = commandMap_["help"]; + if (commandMap_.find(cmd_) != commandMap_.end()) { + respond = commandMap_[cmd_]; + } + if (respond == nullptr) { + resultReceiver_.append(GetCommandErrorMsg()); + respond = commandMap_["help"]; + } + if (Init() == ERR_OK) { + respond(); + } else { + result = ERR_INVALID_VALUE; + } + + return result; +} + +std::string ShellCommand::ExecCommand() +{ + int result = CreateCommandMap(); + if (result != ERR_OK) { + EDMLOGE("failed to create command map.\n"); + } + + result = CreateMessageMap(); + if (result != ERR_OK) { + EDMLOGE("failed to create message map.\n"); + } + + result = OnCommand(); + if (result != ERR_OK) { + EDMLOGE("failed to execute your command.\n"); + resultReceiver_ = "error: failed to execute your command.\n"; + } + + return resultReceiver_; +} + +std::string ShellCommand::GetCommandErrorMsg() const +{ + std::string commandErrorMsg = + name_ + ": '" + cmd_ + "' is not a valid " + name_ + " command. See '" + name_ + " help'.\n"; + + return commandErrorMsg; +} + +std::string ShellCommand::GetMessageFromCode(int32_t code) const +{ + EDMLOGI("[%{public}s(%{public}s)] enter", __FILE__, __FUNCTION__); + EDMLOGI("code = %{public}d", code); + + std::string result = ""; + if (messageMap_.find(code) != messageMap_.end()) { + std::string message = messageMap_.at(code); + if (message.size() != 0) { + result.append(message + "\n"); + } + } + EDMLOGI("result = %{public}s", result.c_str()); + return result; +} +} // namespace EDM +} // namespace OHOS