From e9682c7115ace8435c24f645f8e4b3d49095a226 Mon Sep 17 00:00:00 2001 From: sunjiakun Date: Mon, 4 Nov 2024 16:53:33 +0800 Subject: [PATCH 1/5] =?UTF-8?q?6293=20=E6=94=AF=E6=8C=81Ad=20Hoc=E5=86=85?= =?UTF-8?q?=E9=83=A8=E5=88=86=E5=8F=91=E8=83=BD=E5=8A=9B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: sunjiakun --- .../include/appexecfwk_errors.h | 2 ++ .../include/bundle_constants.h | 1 + .../appexecfwk_base/include/bundle_info.h | 1 + .../appexecfwk_base/include/install_param.h | 2 ++ .../bundle_status_callback_proxy.cpp | 2 ++ interfaces/kits/js/common/common_func.cpp | 5 +++ interfaces/kits/js/installer/installer.cpp | 3 +- .../bundlemgr/include/base_bundle_installer.h | 1 + .../include/bundle_install_checker.h | 9 +++++ .../include/bundle_service_constants.h | 2 ++ .../include/ipc/code_signature_param.h | 1 + .../bundlemgr/src/base_bundle_installer.cpp | 19 ++++++++++ .../bundlemgr/src/bundle_install_checker.cpp | 36 +++++++++++++++++-- .../bundlemgr/src/bundle_installer_host.cpp | 18 ++++++++-- .../src/bundle_stream_installer_host_impl.cpp | 8 +++++ services/bundlemgr/src/bundle_verify_mgr.cpp | 1 + .../src/installd/installd_host_impl.cpp | 4 +++ .../src/shared/shared_bundle_installer.cpp | 2 ++ .../bms_bundle_quick_fix_test.cpp | 4 +-- 19 files changed, 113 insertions(+), 8 deletions(-) diff --git a/interfaces/inner_api/appexecfwk_base/include/appexecfwk_errors.h b/interfaces/inner_api/appexecfwk_base/include/appexecfwk_errors.h index fca20adac6..dbb29aff62 100644 --- a/interfaces/inner_api/appexecfwk_base/include/appexecfwk_errors.h +++ b/interfaces/inner_api/appexecfwk_base/include/appexecfwk_errors.h @@ -148,7 +148,9 @@ enum { ERR_APPEXECFWK_INSTALL_GWP_ASAN_ENABLED_NOT_SAME = 8519783, ERR_APPEXECFWK_INSTALL_DEBUG_BUNDLE_NOT_ALLOWED = 8519784, ERR_APPEXECFWK_INSTALL_FAILED_CONTROLLED = 8519785, + ERR_APPEXECFWK_INSTALL_MULTI_APP_MAX_COUNT_DECREASE = 8519786, ERR_APPEXECFWK_INSTALL_APP_IN_BLOCKLIST = 8519787, + ERR_APPEXECFWK_INSTALL_INTERNALTESTING_BUNDLE_NOT_ALLOWED = 8519788, // native bundle ERR_APPEXECFWK_NATIVE_INSTALL_FAILED = 8519790, diff --git a/interfaces/inner_api/appexecfwk_base/include/bundle_constants.h b/interfaces/inner_api/appexecfwk_base/include/bundle_constants.h index 6f331291ec..1c8dfaad3e 100644 --- a/interfaces/inner_api/appexecfwk_base/include/bundle_constants.h +++ b/interfaces/inner_api/appexecfwk_base/include/bundle_constants.h @@ -129,6 +129,7 @@ constexpr const char* APP_DISTRIBUTION_TYPE_APP_GALLERY = "app_gallery"; constexpr const char* APP_DISTRIBUTION_TYPE_ENTERPRISE = "enterprise"; constexpr const char* APP_DISTRIBUTION_TYPE_ENTERPRISE_NORMAL = "enterprise_normal"; constexpr const char* APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM = "enterprise_mdm"; +constexpr const char* APP_DISTRIBUTION_TYPE_INTERNALTESTING = "internaltesting"; constexpr const char* APP_DISTRIBUTION_TYPE_OS_INTEGRATION = "os_integration"; constexpr const char* APP_DISTRIBUTION_TYPE_CROWDTESTING = "crowdtesting"; // app provision type diff --git a/interfaces/inner_api/appexecfwk_base/include/bundle_info.h b/interfaces/inner_api/appexecfwk_base/include/bundle_info.h index b04d354e80..ed988fbecc 100644 --- a/interfaces/inner_api/appexecfwk_base/include/bundle_info.h +++ b/interfaces/inner_api/appexecfwk_base/include/bundle_info.h @@ -92,6 +92,7 @@ struct SignatureInfo : public Parcelable { std::string appId; std::string fingerprint; std::string appIdentifier; + std::string certificate; bool ReadFromParcel(Parcel &parcel); virtual bool Marshalling(Parcel &parcel) const override; diff --git a/interfaces/inner_api/appexecfwk_base/include/install_param.h b/interfaces/inner_api/appexecfwk_base/include/install_param.h index e2d0c77950..b0cdbaecf7 100644 --- a/interfaces/inner_api/appexecfwk_base/include/install_param.h +++ b/interfaces/inner_api/appexecfwk_base/include/install_param.h @@ -72,6 +72,8 @@ struct InstallParam : public Parcelable { PermissionStatus installEtpNormalBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; // status of install enterprise mdm bundle permission PermissionStatus installEtpMdmBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; + // status of install internaltesting bundle permission + PermissionStatus installInternaltestingBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; // status of mdm update bundle for self PermissionStatus installUpdateSelfBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; // is shell token diff --git a/interfaces/inner_api/appexecfwk_core/src/bundlemgr/bundle_status_callback_proxy.cpp b/interfaces/inner_api/appexecfwk_core/src/bundlemgr/bundle_status_callback_proxy.cpp index 663b3af896..5def1af3da 100644 --- a/interfaces/inner_api/appexecfwk_core/src/bundlemgr/bundle_status_callback_proxy.cpp +++ b/interfaces/inner_api/appexecfwk_core/src/bundlemgr/bundle_status_callback_proxy.cpp @@ -164,6 +164,8 @@ void BundleStatusCallbackProxy::InitResultMap() {ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FILE_IS_INVALID, "ERR_BUNDLEMANAGER_INSTALL_CODE_SIGNATURE_FILE_IS_INVALID"}, {ERR_APPEXECFWK_INSTALL_ENTERPRISE_BUNDLE_NOT_ALLOWED, "ERR_APPEXECFWK_INSTALL_ENTERPRISE_BUNDLE_NOT_ALLOWED"}, + { ERR_APPEXECFWK_INSTALL_INTERNALTESTING_BUNDLE_NOT_ALLOWED, + "ERR_APPEXECFWK_INSTALL_INTERNALTESTING_BUNDLE_NOT_ALLOWED" }, {ERR_APPEXECFWK_INSTALL_SELF_UPDATE_BUNDLENAME_NOT_SAME, "ERR_APPEXECFWK_INSTALL_SELF_UPDATE_BUNDLENAME_NOT_SAME"}, {ERR_APPEXECFWK_INSTALL_GWP_ASAN_ENABLED_NOT_SAME, "ERR_APPEXECFWK_INSTALL_GWP_ASAN_ENABLED_NOT_SAME"}, diff --git a/interfaces/kits/js/common/common_func.cpp b/interfaces/kits/js/common/common_func.cpp index ca46569e0a..403ca912d9 100644 --- a/interfaces/kits/js/common/common_func.cpp +++ b/interfaces/kits/js/common/common_func.cpp @@ -1630,6 +1630,11 @@ void CommonFunc::ConvertSignatureInfo(napi_env env, const SignatureInfo &signatu NAPI_CALL_RETURN_VOID( env, napi_create_string_utf8(env, signatureInfo.appIdentifier.c_str(), NAPI_AUTO_LENGTH, &nAppIdentifier)); NAPI_CALL_RETURN_VOID(env, napi_set_named_property(env, value, "appIdentifier", nAppIdentifier)); + + napi_value nCertificate; + NAPI_CALL_RETURN_VOID( + env, napi_create_string_utf8(env, signatureInfo.certificate.c_str(), NAPI_AUTO_LENGTH, &nCertificate)); + NAPI_CALL_RETURN_VOID(env, napi_set_named_property(env, value, "certificate", nCertificate)); } void CommonFunc::ConvertHapModuleInfo(napi_env env, const HapModuleInfo &hapModuleInfo, napi_value objHapModuleInfo) diff --git a/interfaces/kits/js/installer/installer.cpp b/interfaces/kits/js/installer/installer.cpp index 356ba21868..8bd0aaa92b 100644 --- a/interfaces/kits/js/installer/installer.cpp +++ b/interfaces/kits/js/installer/installer.cpp @@ -49,7 +49,8 @@ constexpr const char* INSTALL_PERMISSION = "ohos.permission.INSTALL_BUNDLE or " "ohos.permission.INSTALL_ENTERPRISE_BUNDLE or " "ohos.permission.INSTALL_ENTERPRISE_MDM_BUNDLE or " - "ohos.permission.INSTALL_ENTERPRISE_NORMAL_BUNDLE"; + "ohos.permission.INSTALL_ENTERPRISE_NORMAL_BUNDLE or " + "ohos.permission.INSTALL_INTERNALTESTING_BUNDLE"; constexpr const char* UNINSTALL_PERMISSION = "ohos.permission.INSTALL_BUNDLE or ohos.permission.UNINSTALL_BUNDLE"; constexpr const char* RECOVER_PERMISSION = "ohos.permission.INSTALL_BUNDLE or ohos.permission.RECOVER_BUNDLE"; constexpr const char* INSTALL_SELF_PERMISSION = "ohos.permission.INSTALL_SELF_BUNDLE"; diff --git a/services/bundlemgr/include/base_bundle_installer.h b/services/bundlemgr/include/base_bundle_installer.h index c6b420b9fd..794f01c88d 100644 --- a/services/bundlemgr/include/base_bundle_installer.h +++ b/services/bundlemgr/include/base_bundle_installer.h @@ -778,6 +778,7 @@ private: std::string entryModuleName_ = ""; std::map pgoParams_; bool isEnterpriseBundle_ = false; + bool isInternaltestingBundle_ = false; std::string appIdentifier_ = ""; // When it is true, it means that the same bundleName and same userId was uninstalled with keepData before bool existBeforeKeepDataApp_ = false; diff --git a/services/bundlemgr/include/bundle_install_checker.h b/services/bundlemgr/include/bundle_install_checker.h index 6b764e0a9a..f7fcf3fed1 100644 --- a/services/bundlemgr/include/bundle_install_checker.h +++ b/services/bundlemgr/include/bundle_install_checker.h @@ -42,6 +42,8 @@ struct InstallCheckParam { PermissionStatus installEtpNormalBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; // status of install enterprise mdm bundle permission PermissionStatus installEtpMdmBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; + // status of install internaltesting bundle permission + PermissionStatus installInternaltestingBundlePermissionStatus = PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS; // is shell token bool isCallByShell = false; Constants::AppType appType = Constants::AppType::THIRD_PARTY_APP; @@ -139,6 +141,9 @@ public: bool VaildEnterpriseInstallPermission(const InstallParam &installParam, const Security::Verify::ProvisionInfo &provisionInfo); + + bool ValidInternaltestingInstallPermission(const InstallParam &installParam, + const Security::Verify::ProvisionInfo &provisionInfo); bool VaildInstallPermissionForShare(const InstallCheckParam &checkParam, const std::vector &hapVerifyRes); @@ -146,6 +151,9 @@ public: bool VaildEnterpriseInstallPermissionForShare(const InstallCheckParam &checkParam, const Security::Verify::ProvisionInfo &provisionInfo); + bool VaildInternaltestngInstallPermissionForShare(const InstallCheckParam &checkParam, + const Security::Verify::ProvisionInfo &provisionInfo); + ErrCode CheckModuleNameForMulitHaps(const std::unordered_map &infos); bool IsExistedDistroModule(const InnerBundleInfo &newInfo, const InnerBundleInfo &info) const; @@ -167,6 +175,7 @@ public: ErrCode CheckAllowEnterpriseBundle(const std::vector &hapVerifyRes) const; bool CheckEnterpriseBundle(Security::Verify::HapVerifyResult &hapVerifyRes) const; + bool CheckInternaltestingBundle(Security::Verify::HapVerifyResult &hapVerifyRes) const; bool CheckSupportAppTypes( const std::unordered_map &infos, const std::string &supportAppTypes) const; diff --git a/services/bundlemgr/include/bundle_service_constants.h b/services/bundlemgr/include/bundle_service_constants.h index 415aeee1b7..6706d1b533 100644 --- a/services/bundlemgr/include/bundle_service_constants.h +++ b/services/bundlemgr/include/bundle_service_constants.h @@ -109,6 +109,7 @@ constexpr int32_t LOG_DIR_GID = 1007; constexpr const char* PERMISSION_INSTALL_ENTERPRISE_BUNDLE = "ohos.permission.INSTALL_ENTERPRISE_BUNDLE"; constexpr const char* PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE = "ohos.permission.INSTALL_ENTERPRISE_NORMAL_BUNDLE"; constexpr const char* PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE = "ohos.permission.INSTALL_ENTERPRISE_MDM_BUNDLE"; +constexpr const char* PERMISSION_INSTALL_INTERNALTESTING_BUNDLE = "ohos.permission.INSTALL_INTERNALTESTING_BUNDLE"; constexpr const char* PERMISSION_MANAGE_DISPOSED_APP_STATUS = "ohos.permission.MANAGE_DISPOSED_APP_STATUS"; constexpr const char* PERMISSION_INSTALL_SELF_BUNDLE = "ohos.permission.INSTALL_SELF_BUNDLE"; constexpr const char* PERMISSION_UNINSTALL_BUNDLE = "ohos.permission.UNINSTALL_BUNDLE"; @@ -149,6 +150,7 @@ constexpr const char* SECURITY_SIGNATURE_FILE_PATH = "security_signature_files"; constexpr const char* PGO_FILE_SUFFIX = ".ap"; // system param constexpr const char* ALLOW_ENTERPRISE_BUNDLE = "const.bms.allowenterprisebundle"; +constexpr const char* ALLOW_INTERNALRTESTING_BUNDLE = "const.bms.allinternaltestingbundle"; constexpr const char* IS_ENTERPRISE_DEVICE = "const.edm.is_enterprise_device"; constexpr const char* DEVELOPERMODE_STATE = "const.security.developermode.state"; //extResource diff --git a/services/bundlemgr/include/ipc/code_signature_param.h b/services/bundlemgr/include/ipc/code_signature_param.h index 6caae4d907..b5abdde1b1 100644 --- a/services/bundlemgr/include/ipc/code_signature_param.h +++ b/services/bundlemgr/include/ipc/code_signature_param.h @@ -26,6 +26,7 @@ struct CodeSignatureParam : public Parcelable { std::string targetSoPath; std::string signatureFileDir; bool isEnterpriseBundle = false; + bool isInternaltestingBundle = false; std::string appIdentifier; bool isPreInstalledBundle = false; bool isCompileSdkOpenHarmony = false; diff --git a/services/bundlemgr/src/base_bundle_installer.cpp b/services/bundlemgr/src/base_bundle_installer.cpp index 1719b951d7..2d29fc5255 100644 --- a/services/bundlemgr/src/base_bundle_installer.cpp +++ b/services/bundlemgr/src/base_bundle_installer.cpp @@ -1147,6 +1147,12 @@ ErrCode BaseBundleInstaller::ProcessBundleInstall(const std::vector CHECK_RESULT(result, "check install verifyActivation failed %{public}d"); result = CheckInstallPermission(installParam, hapVerifyResults); CHECK_RESULT(result, "check install permission failed %{public}d"); + for (uint32_t i = 0; i < hapVerifyResults.size(); ++i) { + Security::Verify::ProvisionInfo provisionInfo = hapVerifyResults[i].GetProvisionInfo(); + if (provisionInfo.distributionType == Security::Verify::AppDistType::INTERNALTESTING) { + DeliveryProfileToCodeSign(); + } + } result = CheckInstallCondition(hapVerifyResults, newInfos); CHECK_RESULT(result, "check install condition failed %{public}d"); // check the dependencies whether or not exists @@ -1154,6 +1160,13 @@ ErrCode BaseBundleInstaller::ProcessBundleInstall(const std::vector CHECK_RESULT(result, "check dependency failed %{public}d"); // hapVerifyResults at here will not be empty verifyRes_ = hapVerifyResults[0]; + + Security::Verify::ProvisionInfo provisionInfo = verifyRes_.GetProvisionInfo(); + if (provisionInfo.distributionType == Security::Verify::AppDistType::INTERNALTESTING) { + result = DeliveryProfileToCodeSign(); + CHECK_RESULT(result, "delivery profile failed %{public}d"); + } + UpdateInstallerState(InstallerState::INSTALL_PARSED); // ---- 20% userId_ = GetConfirmUserId(userId_, newInfos); @@ -3560,6 +3573,7 @@ ErrCode BaseBundleInstaller::ParseHapFiles( isContainEntry_ = bundleInstallChecker_->IsContainEntry(); /* At this place, hapVerifyRes cannot be empty and unnecessary to check it */ isEnterpriseBundle_ = bundleInstallChecker_->CheckEnterpriseBundle(hapVerifyRes[0]); + isInternaltestingBundle_ = bundleInstallChecker_->CheckInternaltestingBundle(hapVerifyRes[0]); appIdentifier_ = (hapVerifyRes[0].GetProvisionInfo().type == Security::Verify::ProvisionType::DEBUG) ? DEBUG_APP_IDENTIFIER : hapVerifyRes[0].GetProvisionInfo().bundleInfo.appIdentifier; SetAppDistributionType(infos); @@ -3891,6 +3905,7 @@ ErrCode BaseBundleInstaller::CheckInstallPermission(const InstallParam &installP installParam.installEnterpriseBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS || installParam.installEtpNormalBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS || installParam.installEtpMdmBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS || + installParam.installInternaltestingBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS || installParam.installUpdateSelfBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS) && !bundleInstallChecker_->VaildInstallPermission(installParam, hapVerifyRes)) { // need vaild permission @@ -4580,6 +4595,7 @@ void BaseBundleInstaller::ResetInstallProperties() isEntryInstalled_ = false; entryModuleName_.clear(); isEnterpriseBundle_ = false; + isInternaltestingBundle_ = false; appIdentifier_.clear(); targetSoPathMap_.clear(); existBeforeKeepDataApp_ = false; @@ -5019,6 +5035,7 @@ ErrCode BaseBundleInstaller::VerifyCodeSignatureForNativeFiles(InnerBundleInfo & codeSignatureParam.targetSoPath = targetSoPath; codeSignatureParam.signatureFileDir = signatureFileDir; codeSignatureParam.isEnterpriseBundle = isEnterpriseBundle_; + codeSignatureParam.isInternaltestingBundle = isInternaltestingBundle_; codeSignatureParam.appIdentifier = appIdentifier_; codeSignatureParam.isPreInstalledBundle = info.IsPreInstallApp(); codeSignatureParam.isCompileSdkOpenHarmony = (compileSdkType == COMPILE_SDK_TYPE_OPEN_HARMONY); @@ -5052,6 +5069,7 @@ ErrCode BaseBundleInstaller::VerifyCodeSignatureForHap(const std::unordered_map< codeSignatureParam.modulePath = realHapPath; codeSignatureParam.signatureFileDir = signatureFileDir; codeSignatureParam.isEnterpriseBundle = isEnterpriseBundle_; + codeSignatureParam.isInternaltestingBundle = isInternaltestingBundle_; codeSignatureParam.appIdentifier = appIdentifier_; codeSignatureParam.isCompileSdkOpenHarmony = (compileSdkType == COMPILE_SDK_TYPE_OPEN_HARMONY); codeSignatureParam.isPreInstalledBundle = (iter->second).IsPreInstallApp(); @@ -5529,6 +5547,7 @@ ErrCode BaseBundleInstaller::DeliveryProfileToCodeSign() const if (provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE || provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_NORMAL || provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_MDM || + provisionInfo.distributionType == Security::Verify::AppDistType::INTERNALTESTING || provisionInfo.type == Security::Verify::ProvisionType::DEBUG) { return InstalldClient::GetInstance()->DeliverySignProfile(provisionInfo.bundleInfo.bundleName, provisionInfo.profileBlockLength, provisionInfo.profileBlock.get()); diff --git a/services/bundlemgr/src/bundle_install_checker.cpp b/services/bundlemgr/src/bundle_install_checker.cpp index 2d6d9ca80f..ce4a47d2f2 100644 --- a/services/bundlemgr/src/bundle_install_checker.cpp +++ b/services/bundlemgr/src/bundle_install_checker.cpp @@ -257,10 +257,12 @@ bool BundleInstallChecker::VaildInstallPermission(const InstallParam &installPar PermissionStatus installBundleStatus = installParam.installBundlePermissionStatus; PermissionStatus installEnterpriseBundleStatus = installParam.installEnterpriseBundlePermissionStatus; PermissionStatus installEtpMdmBundleStatus = installParam.installEtpMdmBundlePermissionStatus; + PermissionStatus installInternaltestingBundleStatus = installParam.installInternaltestingBundlePermissionStatus; bool isCallByShell = installParam.isCallByShell; if (!isCallByShell && installBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS && installEnterpriseBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS && - installEtpMdmBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS) { + installEtpMdmBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS && + installInternaltestingBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS) { return true; } for (uint32_t i = 0; i < hapVerifyRes.size(); ++i) { @@ -284,6 +286,13 @@ bool BundleInstallChecker::VaildInstallPermission(const InstallParam &installPar } continue; } + if (provisionInfo.distributionType == Security::Verify::AppDistType::INTERNALTESTING) { + if (!isCallByShell && installInternaltestingBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) { + LOG_E(BMS_TAG_INSTALLER, "install internaltesting bundle permission denied"); + return false; + } + continue; + } if (installBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) { LOG_E(BMS_TAG_INSTALLER, "install permission denied"); return false; @@ -437,6 +446,7 @@ ErrCode BundleInstallChecker::CheckInstallPermission(const InstallCheckParam &ch if ((checkParam.installBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS || checkParam.installEnterpriseBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS || checkParam.installEtpNormalBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS || + checkParam.installInternaltestingBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS || checkParam.installEtpMdmBundlePermissionStatus != PermissionStatus::NOT_VERIFIED_PERMISSION_STATUS) && !VaildInstallPermissionForShare(checkParam, hapVerifyRes)) { // need vaild permission @@ -452,10 +462,12 @@ bool BundleInstallChecker::VaildInstallPermissionForShare(const InstallCheckPara PermissionStatus installBundleStatus = checkParam.installBundlePermissionStatus; PermissionStatus installEnterpriseBundleStatus = checkParam.installEnterpriseBundlePermissionStatus; PermissionStatus installEtpMdmBundleStatus = checkParam.installEtpMdmBundlePermissionStatus; + PermissionStatus installInternaltestingBundleStatus = checkParam.installInternaltestingBundlePermissionStatus; bool isCallByShell = checkParam.isCallByShell; if (!isCallByShell && installBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS && installEnterpriseBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS && - installEtpMdmBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS) { + installEtpMdmBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS && + installInternaltestingBundleStatus == PermissionStatus::HAVE_PERMISSION_STATUS) { return true; } for (uint32_t i = 0; i < hapVerifyRes.size(); ++i) { @@ -471,6 +483,17 @@ bool BundleInstallChecker::VaildInstallPermissionForShare(const InstallCheckPara } continue; } + if (provisionInfo.distributionType == Security::Verify::AppDistType::INTERNALTESTING) { + if (isCallByShell && provisionInfo.type != Security::Verify::ProvisionType::DEBUG) { + LOG_E(BMS_TAG_INSTALLER, "internaltesting bundle can not be installed by shell"); + return false; + } + if (!isCallByShell && installInternaltestingBundleStatus != PermissionStatus::HAVE_PERMISSION_STATUS) { + LOG_E(BMS_TAG_INSTALLER, "install internaltesting bundle permission denied"); + return false; + } + continue; + } if (provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_NORMAL || provisionInfo.distributionType == Security::Verify::AppDistType::ENTERPRISE_MDM) { bool result = VaildEnterpriseInstallPermissionForShare(checkParam, provisionInfo); @@ -1584,6 +1607,15 @@ bool BundleInstallChecker::CheckEnterpriseBundle(Security::Verify::HapVerifyResu return false; } +bool BundleInstallChecker::CheckInternaltestingBundle(Security::Verify::HapVerifyResult &hapVerifyRes) const +{ + Security::Verify::ProvisionInfo provisionInfo = hapVerifyRes.GetProvisionInfo(); + if (provisionInfo.distributionType == Security::Verify::AppDistType::INTERNALTESTING) { + return true; + } + return false; +} + std::string BundleInstallChecker::GetCheckResultMsg() const { return checkResultMsg_; diff --git a/services/bundlemgr/src/bundle_installer_host.cpp b/services/bundlemgr/src/bundle_installer_host.cpp index 9bdf26efde..74d658c5d0 100644 --- a/services/bundlemgr/src/bundle_installer_host.cpp +++ b/services/bundlemgr/src/bundle_installer_host.cpp @@ -361,7 +361,9 @@ bool BundleInstallerHost::Install( !BundlePermissionMgr::VerifyCallingPermissionForAll( ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) && !BundlePermissionMgr::VerifyCallingPermissionForAll( - ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE)) { + ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE) && + !BundlePermissionMgr::VerifyCallingPermissionForAll( + ServiceConstants::PERMISSION_INSTALL_INTERNALTESTING_BUNDLE)) { LOG_E(BMS_TAG_INSTALLER, "install permission denied"); statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, ""); return false; @@ -390,7 +392,9 @@ bool BundleInstallerHost::Install(const std::vector &bundleFilePath !BundlePermissionMgr::VerifyCallingPermissionForAll( ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) && !BundlePermissionMgr::VerifyCallingPermissionForAll( - ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE)) { + ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE) && + !BundlePermissionMgr::VerifyCallingPermissionForAll( + ServiceConstants::PERMISSION_INSTALL_INTERNALTESTING_BUNDLE)) { LOG_E(BMS_TAG_INSTALLER, "install permission denied"); statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, ""); return false; @@ -507,7 +511,9 @@ bool BundleInstallerHost::InstallByBundleName(const std::string &bundleName, !BundlePermissionMgr::VerifyCallingPermissionForAll( ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) && !BundlePermissionMgr::VerifyCallingPermissionForAll( - ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE)) { + ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE) && + !BundlePermissionMgr::VerifyCallingPermissionForAll( + ServiceConstants::PERMISSION_INSTALL_INTERNALTESTING_BUNDLE)) { LOG_E(BMS_TAG_INSTALLER, "install permission denied"); statusReceiver->OnFinished(ERR_APPEXECFWK_INSTALL_PERMISSION_DENIED, ""); return false; @@ -633,6 +639,10 @@ bool BundleInstallerHost::IsPermissionVaild(const InstallParam &installParam, In verifiedInstallParam.installEtpMdmBundlePermissionStatus = BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE) ? PermissionStatus::HAVE_PERMISSION_STATUS : PermissionStatus::NON_HAVE_PERMISSION_STATUS; + verifiedInstallParam.installInternaltestingBundlePermissionStatus = + BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_INTERNALTESTING_BUNDLE) + ? PermissionStatus::HAVE_PERMISSION_STATUS + : PermissionStatus::NON_HAVE_PERMISSION_STATUS; verifiedInstallParam.installUpdateSelfBundlePermissionStatus = BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_SELF_BUNDLE) ? PermissionStatus::HAVE_PERMISSION_STATUS : PermissionStatus::NON_HAVE_PERMISSION_STATUS; @@ -657,6 +667,8 @@ bool BundleInstallerHost::DestoryBundleStreamInstaller(uint32_t streamInstallerI ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) && !BundlePermissionMgr::VerifyCallingPermissionForAll( ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE) && + !BundlePermissionMgr::VerifyCallingPermissionForAll( + ServiceConstants::PERMISSION_INSTALL_INTERNALTESTING_BUNDLE) && !BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_QUICK_FIX_BUNDLE)) { LOG_E(BMS_TAG_INSTALLER, "install permission denied"); return false; diff --git a/services/bundlemgr/src/bundle_stream_installer_host_impl.cpp b/services/bundlemgr/src/bundle_stream_installer_host_impl.cpp index 140ccfcbec..464fb0fd09 100644 --- a/services/bundlemgr/src/bundle_stream_installer_host_impl.cpp +++ b/services/bundlemgr/src/bundle_stream_installer_host_impl.cpp @@ -102,6 +102,8 @@ int32_t BundleStreamInstallerHostImpl::CreateStream(const std::string &fileName) ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) && !BundlePermissionMgr::VerifyCallingPermissionForAll( ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE) && + !BundlePermissionMgr::VerifyCallingPermissionForAll( + ServiceConstants::PERMISSION_INSTALL_INTERNALTESTING_BUNDLE) && !BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_SELF_BUNDLE) && !BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_SANDBOX_BUNDLE) && !BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_QUICK_FIX_BUNDLE)) { @@ -152,6 +154,8 @@ int32_t BundleStreamInstallerHostImpl::CreateSignatureFileStream(const std::stri ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) && !BundlePermissionMgr::VerifyCallingPermissionForAll( ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE) && + !BundlePermissionMgr::VerifyCallingPermissionForAll( + ServiceConstants::PERMISSION_INSTALL_INTERNALTESTING_BUNDLE) && !BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_SELF_BUNDLE) && !BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_SANDBOX_BUNDLE) && !BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_QUICK_FIX_BUNDLE)) { @@ -203,6 +207,8 @@ int32_t BundleStreamInstallerHostImpl::CreateSharedBundleStream(const std::strin ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) && !BundlePermissionMgr::VerifyCallingPermissionForAll( ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE) && + !BundlePermissionMgr::VerifyCallingPermissionForAll( + ServiceConstants::PERMISSION_INSTALL_INTERNALTESTING_BUNDLE) && !BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_SELF_BUNDLE)) { APP_LOGE("CreateSharedBundleStream permission denied"); return Constants::DEFAULT_STREAM_FD; @@ -258,6 +264,8 @@ int32_t BundleStreamInstallerHostImpl::CreatePgoFileStream(const std::string &mo ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_NORMAL_BUNDLE) && !BundlePermissionMgr::VerifyCallingPermissionForAll( ServiceConstants::PERMISSION_INSTALL_ENTERPRISE_MDM_BUNDLE) && + !BundlePermissionMgr::VerifyCallingPermissionForAll( + ServiceConstants::PERMISSION_INSTALL_INTERNALTESTING_BUNDLE) && !BundlePermissionMgr::VerifyCallingPermissionForAll(ServiceConstants::PERMISSION_INSTALL_SELF_BUNDLE)) { APP_LOGE("CreatePgoFileStream permission denied"); return Constants::DEFAULT_STREAM_FD; diff --git a/services/bundlemgr/src/bundle_verify_mgr.cpp b/services/bundlemgr/src/bundle_verify_mgr.cpp index 196a4af497..89924ebfd4 100644 --- a/services/bundlemgr/src/bundle_verify_mgr.cpp +++ b/services/bundlemgr/src/bundle_verify_mgr.cpp @@ -29,6 +29,7 @@ const std::unordered_map APP_DISTRIB { Security::Verify::AppDistType::ENTERPRISE, Constants::APP_DISTRIBUTION_TYPE_ENTERPRISE }, { Security::Verify::AppDistType::ENTERPRISE_NORMAL, Constants::APP_DISTRIBUTION_TYPE_ENTERPRISE_NORMAL }, { Security::Verify::AppDistType::ENTERPRISE_MDM, Constants::APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM }, + { Security::Verify::AppDistType::INTERNALTESTING, Constants::APP_DISTRIBUTION_TYPE_INTERNALTESTING }, { Security::Verify::AppDistType::OS_INTEGRATION, Constants::APP_DISTRIBUTION_TYPE_OS_INTEGRATION }, { Security::Verify::AppDistType::CROWDTESTING, Constants::APP_DISTRIBUTION_TYPE_CROWDTESTING }, }; diff --git a/services/bundlemgr/src/installd/installd_host_impl.cpp b/services/bundlemgr/src/installd/installd_host_impl.cpp index 1dfc70a3d4..2b515c3bab 100644 --- a/services/bundlemgr/src/installd/installd_host_impl.cpp +++ b/services/bundlemgr/src/installd/installd_host_impl.cpp @@ -1398,6 +1398,10 @@ ErrCode InstalldHostImpl::VerifyCodeSignatureForHap(const CodeSignatureParam &co LOG_D(BMS_TAG_INSTALLD, "Verify code signature for enterprise bundle"); ret = codeSignHelper->EnforceCodeSignForAppWithOwnerId(codeSignatureParam.appIdentifier, codeSignatureParam.modulePath, entryMap, fileType); + } else if (codeSignatureParam.isInternaltestingBundle) { + LOG_D(BMS_TAG_INSTALLD, "Verify code signature for internaltesting bundle"); + ret = codeSignHelper->EnforceCodeSignForAppWithOwnerId(codeSignatureParam.appIdentifier, + codeSignatureParam.modulePath, entryMap, fileType); } else { LOG_D(BMS_TAG_INSTALLD, "Verify code signature for non-enterprise bundle"); ret = codeSignHelper->EnforceCodeSignForApp(codeSignatureParam.modulePath, entryMap, fileType); diff --git a/services/bundlemgr/src/shared/shared_bundle_installer.cpp b/services/bundlemgr/src/shared/shared_bundle_installer.cpp index 85d421bb73..346847df6f 100644 --- a/services/bundlemgr/src/shared/shared_bundle_installer.cpp +++ b/services/bundlemgr/src/shared/shared_bundle_installer.cpp @@ -48,6 +48,8 @@ ErrCode SharedBundleInstaller::ParseFiles() checkParam.installEnterpriseBundlePermissionStatus = installParam_.installEnterpriseBundlePermissionStatus; checkParam.installEtpNormalBundlePermissionStatus = installParam_.installEtpNormalBundlePermissionStatus; checkParam.installEtpMdmBundlePermissionStatus = installParam_.installEtpMdmBundlePermissionStatus; + checkParam.installInternaltestingBundlePermissionStatus = + installParam_.installInternaltestingBundlePermissionStatus; checkParam.isCallByShell = installParam_.isCallByShell; for (const auto &path : installParam_.sharedBundleDirPaths) { diff --git a/services/bundlemgr/test/unittest/bms_bundle_quick_fix_test/bms_bundle_quick_fix_test.cpp b/services/bundlemgr/test/unittest/bms_bundle_quick_fix_test/bms_bundle_quick_fix_test.cpp index 12add1223a..a504bd9689 100644 --- a/services/bundlemgr/test/unittest/bms_bundle_quick_fix_test/bms_bundle_quick_fix_test.cpp +++ b/services/bundlemgr/test/unittest/bms_bundle_quick_fix_test/bms_bundle_quick_fix_test.cpp @@ -1763,13 +1763,13 @@ HWTEST_F(BmsBundleQuickFixTest, BmsBundleQuickFixTest_0058, Function | SmallTest * Function: GetAppDistributionType * @tc.name: test GetAppDistributionType * @tc.require: issueI5N7AD - * @tc.desc: GetAppDistributionType none + * @tc.desc: GetAppDistributionType internaltesting */ HWTEST_F(BmsBundleQuickFixTest, BmsBundleQuickFixTest_0059, Function | SmallTest | Level0) { QuickFixChecker checker; std::string type = checker.GetAppDistributionType(static_cast(7)); - EXPECT_EQ(type, "none"); + EXPECT_EQ(type, "internaltesting"); } /** -- Gitee From 596481ab28a5fd001b8fe02085c3e1bf3a28c7b2 Mon Sep 17 00:00:00 2001 From: sunjiakun Date: Sat, 2 Nov 2024 16:21:28 +0800 Subject: [PATCH 2/5] =?UTF-8?q?6708=20=E6=94=AF=E6=8C=81=E6=A0=B9=E6=8D=AE?= =?UTF-8?q?hap=E5=8C=85=E8=8E=B7=E5=8F=96=E5=BA=94=E7=94=A8=E7=9A=84?= =?UTF-8?q?=E5=85=AC=E9=92=A5=E4=BF=A1=E6=81=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: sunjiakun --- interfaces/inner_api/appexecfwk_base/src/bundle_info.cpp | 2 ++ services/bundlemgr/src/inner_bundle_info.cpp | 1 + 2 files changed, 3 insertions(+) diff --git a/interfaces/inner_api/appexecfwk_base/src/bundle_info.cpp b/interfaces/inner_api/appexecfwk_base/src/bundle_info.cpp index 1c166fc259..163c55ef97 100644 --- a/interfaces/inner_api/appexecfwk_base/src/bundle_info.cpp +++ b/interfaces/inner_api/appexecfwk_base/src/bundle_info.cpp @@ -158,6 +158,7 @@ bool SignatureInfo::ReadFromParcel(Parcel &parcel) appId = Str16ToStr8(parcel.ReadString16()); fingerprint = Str16ToStr8(parcel.ReadString16()); appIdentifier = Str16ToStr8(parcel.ReadString16()); + certificate = Str16ToStr8(parcel.ReadString16()); return true; } @@ -166,6 +167,7 @@ bool SignatureInfo::Marshalling(Parcel &parcel) const WRITE_PARCEL_AND_RETURN_FALSE_IF_FAIL(String16, parcel, Str8ToStr16(appId)); WRITE_PARCEL_AND_RETURN_FALSE_IF_FAIL(String16, parcel, Str8ToStr16(fingerprint)); WRITE_PARCEL_AND_RETURN_FALSE_IF_FAIL(String16, parcel, Str8ToStr16(appIdentifier)); + WRITE_PARCEL_AND_RETURN_FALSE_IF_FAIL(String16, parcel, Str8ToStr16(certificate)); return true; } diff --git a/services/bundlemgr/src/inner_bundle_info.cpp b/services/bundlemgr/src/inner_bundle_info.cpp index 4b15a1d796..93e5aacf7f 100644 --- a/services/bundlemgr/src/inner_bundle_info.cpp +++ b/services/bundlemgr/src/inner_bundle_info.cpp @@ -2523,6 +2523,7 @@ void InnerBundleInfo::ProcessBundleFlags( == static_cast(GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_SIGNATURE_INFO)) { bundleInfo.signatureInfo.appId = baseBundleInfo_->appId; bundleInfo.signatureInfo.fingerprint = baseApplicationInfo_->fingerprint; + bundleInfo.signatureInfo.certificate = baseBundleInfo_->signatureInfo.certificate; } } -- Gitee From 91538afa87148e1a169eabbcb6384b94bc2cb661 Mon Sep 17 00:00:00 2001 From: sunjiakun Date: Sat, 2 Nov 2024 16:22:20 +0800 Subject: [PATCH 3/5] =?UTF-8?q?6806=20Ad=20Hoc=E9=9C=80=E6=B1=82=E6=96=B0?= =?UTF-8?q?=E5=A2=9Etdd?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: sunjiakun --- .../bms_bundle_install_checker_test.cpp | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/services/bundlemgr/test/unittest/bms_bundle_installer_test/bms_bundle_install_checker_test.cpp b/services/bundlemgr/test/unittest/bms_bundle_installer_test/bms_bundle_install_checker_test.cpp index 82bb192033..ddb35d5329 100755 --- a/services/bundlemgr/test/unittest/bms_bundle_installer_test/bms_bundle_install_checker_test.cpp +++ b/services/bundlemgr/test/unittest/bms_bundle_installer_test/bms_bundle_install_checker_test.cpp @@ -2390,6 +2390,23 @@ HWTEST_F(BmsBundleInstallCheckerTest, CheckEnterpriseBundle_0100, Function | Sma EXPECT_EQ(ret, true); } +/** + * @tc.number: CheckInternaltestingBundle_0100 + * @tc.name: test CheckInternaltestingBundle + * @tc.desc: 1.test check Internaltesting bundle + */ +HWTEST_F(BmsBundleInstallCheckerTest, CheckInternaltestingBundle_0100, Function | SmallTest | Level0) +{ + BundleInstallChecker installChecker; + Security::Verify::HapVerifyResult result; + Security::Verify::ProvisionInfo provisionInfo; + provisionInfo.type = Security::Verify::ProvisionType::DEBUG; + provisionInfo.distributionType = Security::Verify::AppDistType::INTERNALTESTING; + result.SetProvisionInfo(provisionInfo); + bool ret = installChecker.CheckInternaltestingBundle(result); + EXPECT_EQ(ret, true); +} + /** * @tc.number: ParseBundleInfo_0100 * @tc.name: test ParseBundleInfo -- Gitee From 90a2697d2edd1507a86fd452e4695c6990a407f3 Mon Sep 17 00:00:00 2001 From: sunjiakun Date: Mon, 4 Nov 2024 19:37:15 +0800 Subject: [PATCH 4/5] =?UTF-8?q?7027=20=E5=85=B6=E4=BB=96=E4=BD=BF=E7=94=A8?= =?UTF-8?q?SignatureInfo=E7=9A=84=E6=8E=A5=E5=8F=A3=E8=8E=B7=E5=8F=96?= =?UTF-8?q?=E8=AF=81=E4=B9=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: sunjiakun --- services/bundlemgr/src/bundle_data_mgr.cpp | 2 ++ services/bundlemgr/src/bundle_install_checker.cpp | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/services/bundlemgr/src/bundle_data_mgr.cpp b/services/bundlemgr/src/bundle_data_mgr.cpp index 0fa0637ca3..47462f565b 100644 --- a/services/bundlemgr/src/bundle_data_mgr.cpp +++ b/services/bundlemgr/src/bundle_data_mgr.cpp @@ -353,6 +353,7 @@ bool BundleDataMgr::AddNewModuleInfo( oldInfo.SetProvisionId(newInfo.GetProvisionId()); oldInfo.SetCertificateFingerprint(newInfo.GetCertificateFingerprint()); oldInfo.SetAppIdentifier(newInfo.GetAppIdentifier()); + oldInfo.SetCertificate(newInfo.GetCertificate()); oldInfo.AddOldAppId(newInfo.GetAppId()); oldInfo.SetAppPrivilegeLevel(newInfo.GetAppPrivilegeLevel()); oldInfo.UpdateNativeLibAttrs(newInfo.GetBaseApplicationInfo()); @@ -634,6 +635,7 @@ bool BundleDataMgr::UpdateInnerBundleInfo( oldInfo.AddOldAppId(newInfo.GetAppId()); oldInfo.SetProvisionId(newInfo.GetProvisionId()); oldInfo.SetAppIdentifier(newInfo.GetAppIdentifier()); + oldInfo.SetCertificate(newInfo.GetCertificate()); oldInfo.SetAppPrivilegeLevel(newInfo.GetAppPrivilegeLevel()); oldInfo.UpdateAppDetailAbilityAttrs(); oldInfo.UpdateDataGroupInfos(newInfo.GetDataGroupInfos()); diff --git a/services/bundlemgr/src/bundle_install_checker.cpp b/services/bundlemgr/src/bundle_install_checker.cpp index ce4a47d2f2..d824392393 100644 --- a/services/bundlemgr/src/bundle_install_checker.cpp +++ b/services/bundlemgr/src/bundle_install_checker.cpp @@ -688,6 +688,11 @@ void BundleInstallChecker::CollectProvisionInfo( #endif newInfo.AddOldAppId(newInfo.GetAppId()); newInfo.SetAppIdentifier(provisionInfo.bundleInfo.appIdentifier); + if (provisionInfo.type == Security::Verify::ProvisionType::DEBUG) { + newInfo.SetCertificate(provisionInfo.bundleInfo.developmentCertificate); + } else { + newInfo.SetCertificate(provisionInfo.bundleInfo.distributionCertificate); + } } void BundleInstallChecker::SetAppProvisionMetadata(const std::vector &provisionMetadatas, -- Gitee From 25792f4789b7a212f6ef1017483ba4bae7097e1a Mon Sep 17 00:00:00 2001 From: sunjiakun Date: Tue, 5 Nov 2024 10:31:37 +0800 Subject: [PATCH 5/5] =?UTF-8?q?6738=20=E8=8E=B7=E5=8F=96=E5=BA=94=E7=94=A8?= =?UTF-8?q?=E7=9A=84=E5=85=AC=E9=92=A5=E4=BF=A1=E6=81=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: sunjiakun --- services/bundlemgr/include/inner_bundle_info.h | 2 ++ services/bundlemgr/src/bundle_mgr_host_impl.cpp | 5 +++++ services/bundlemgr/src/inner_bundle_info.cpp | 10 ++++++++++ 3 files changed, 17 insertions(+) diff --git a/services/bundlemgr/include/inner_bundle_info.h b/services/bundlemgr/include/inner_bundle_info.h index 4eb4198c0b..7d0d9207f2 100644 --- a/services/bundlemgr/include/inner_bundle_info.h +++ b/services/bundlemgr/include/inner_bundle_info.h @@ -2183,6 +2183,8 @@ public: void SetResourcesApply(const std::vector &resourcesApply); void SetAppIdentifier(const std::string &appIdentifier); std::string GetAppIdentifier() const; + void SetCertificate(const std::string &certificate); + std::string GetCertificate() const; void AddOldAppId(const std::string &appId); std::vector GetOldAppIds() const; void SetMoudleIsEncrpted(const std::string &packageName, bool isEncrypted); diff --git a/services/bundlemgr/src/bundle_mgr_host_impl.cpp b/services/bundlemgr/src/bundle_mgr_host_impl.cpp index a08cdd22a1..13a67f0c0e 100644 --- a/services/bundlemgr/src/bundle_mgr_host_impl.cpp +++ b/services/bundlemgr/src/bundle_mgr_host_impl.cpp @@ -4072,6 +4072,11 @@ void BundleMgrHostImpl::SetProvisionInfoToInnerBundleInfo(const std::string &hap info.SetProvisionId(provisionInfo.appId); info.SetCertificateFingerprint(provisionInfo.fingerprint); info.SetAppIdentifier(provisionInfo.bundleInfo.appIdentifier); + if (provisionInfo.type == Security::Verify::ProvisionType::DEBUG) { + info.SetCertificate(provisionInfo.bundleInfo.developmentCertificate); + } else { + info.SetCertificate(provisionInfo.bundleInfo.distributionCertificate); + } info.SetAppPrivilegeLevel(provisionInfo.bundleInfo.apl); bool isDebug = provisionInfo.type == Security::Verify::ProvisionType::DEBUG; info.SetAppProvisionType(isDebug ? Constants::APP_PROVISION_TYPE_DEBUG : Constants::APP_PROVISION_TYPE_RELEASE); diff --git a/services/bundlemgr/src/inner_bundle_info.cpp b/services/bundlemgr/src/inner_bundle_info.cpp index 93e5aacf7f..699f35dff1 100644 --- a/services/bundlemgr/src/inner_bundle_info.cpp +++ b/services/bundlemgr/src/inner_bundle_info.cpp @@ -4232,6 +4232,16 @@ void InnerBundleInfo::SetAppIdentifier(const std::string &appIdentifier) baseBundleInfo_->signatureInfo.appIdentifier = appIdentifier; } +void InnerBundleInfo::SetCertificate(const std::string &certificate) +{ + baseBundleInfo_->signatureInfo.certificate = certificate; +} + +std::string InnerBundleInfo::GetCertificate() const +{ + return baseBundleInfo_->signatureInfo.certificate; +} + void InnerBundleInfo::UpdateDebug(bool debug, bool isEntry) { if (isEntry) { -- Gitee