diff --git a/services/ans/include/advanced_notification_service.h b/services/ans/include/advanced_notification_service.h index dcd72551009d1133e9938937aa813640219517cd..0bef2bee0c5780c5ba456e8e2d5f6f849bb0749e 100644 --- a/services/ans/include/advanced_notification_service.h +++ b/services/ans/include/advanced_notification_service.h @@ -1332,6 +1332,8 @@ public: bool IsDisableNotification(const std::string &bundleName); + bool IsEnableNotificationByKioskAppTrustList(const std::string &bundleName); + bool IsNeedToControllerByDisableNotification(const sptr &request); void SetAndPublishSubscriberExistFlag(const std::string& deviceType, bool existFlag); diff --git a/services/ans/include/notification_preferences.h b/services/ans/include/notification_preferences.h index 29e10cdafb0cc28ac67380da8d350cc68da2726c..2e5f02138ae857cb0b6fa0218a865d9c95d5c63f 100644 --- a/services/ans/include/notification_preferences.h +++ b/services/ans/include/notification_preferences.h @@ -503,6 +503,12 @@ public: bool SetBundleRemoveFlag(const sptr &bundleOption, const NotificationConstant::SlotType &slotType, int32_t sourceType); + void SetKioskModeStatus(bool isKioskMode); + + bool IsKioskMode(); + + bool GetkioskAppTrustList(std::vector &kioskAppTrustList); + private: bool GetBundleInfo(NotificationPreferencesInfo &preferencesInfo, const sptr &bundleOption, NotificationPreferencesInfo::BundleInfo &info) const; @@ -533,6 +539,7 @@ private: std::shared_ptr preferncesDB_ = nullptr; bool isCachedMirrorNotificationEnabledStatus_ = false; std::vector mirrorNotificationEnabledStatus_ = {}; + bool isKioskMode_ = false; }; } // namespace Notification } // namespace OHOS diff --git a/services/ans/include/notification_preferences_info.h b/services/ans/include/notification_preferences_info.h index 87f75e4280ec6afcd195490ad5eab6efdf7bd297..ce9c93cc446924a10d9f2b9a3824b898f69d78d2 100644 --- a/services/ans/include/notification_preferences_info.h +++ b/services/ans/include/notification_preferences_info.h @@ -324,12 +324,15 @@ public: bool GetDisableNotificationInfo(NotificationDisable ¬ificationDisable); void AddDisableNotificationInfo(const std::string &value); ErrCode GetAllLiveViewEnabledBundles(const int32_t userId, std::vector &bundleOption); + void SetkioskAppTrustList(const std::vector &kioskAppTrustList); + bool GetkioskAppTrustList(std::vector &kioskAppTrustList) const; private: std::map isEnabledAllNotification_; std::map> doNotDisturbDate_; std::map> doNotDisturbProfiles_; std::map infos_; + std::vector kioskAppTrustList_; struct DisableNotificationInfo { int32_t disabled = -1; diff --git a/services/ans/src/advanced_notification_manager/advanced_notification_publish.cpp b/services/ans/src/advanced_notification_manager/advanced_notification_publish.cpp index aa04b87366a07945b89c1d55b9b2ee48fab5ae2c..52e331fbabba9006840bc917faad1daff16b6ec5 100644 --- a/services/ans/src/advanced_notification_manager/advanced_notification_publish.cpp +++ b/services/ans/src/advanced_notification_manager/advanced_notification_publish.cpp @@ -219,6 +219,7 @@ ErrCode AdvancedNotificationService::PublishNotificationForIndirectProxy(const s SetRequestBySlotType(record->request, bundleOption); const int32_t ipcUid = IPCSkeleton::GetCallingUid(); + bool isKioskMode = NotificationPreferences::GetInstance()->IsKioskMode(); ffrt::task_handle handler = notificationSvrQueue_->submit_h([&]() { if (IsDisableNotification(bundle)) { ANS_LOGE("bundle in Disable Notification list, bundleName=%{public}s", bundle.c_str()); @@ -227,6 +228,13 @@ ErrCode AdvancedNotificationService::PublishNotificationForIndirectProxy(const s .ErrorCode(result).Message("bundle in Disable Notification list, bundleName=" + bundle); return; } + if (isKioskMode && !IsEnableNotificationByKioskAppTrustList(bundle)) { + ANS_LOGE("bundle not in kiosk trust list, bundleName=%{public}s", bundle.c_str()); + result = ERR_ANS_REJECTED_WITH_DISABLE_NOTIFICATION; + message.BranchId(EventBranchId::BRANCH_1) + .ErrorCode(result).Message("bundle not in kiosk trust list, bundleName=" + bundle); + return; + } if (AssignValidNotificationSlot(record, bundleOption) != ERR_OK) { ANS_LOGE("Can not assign valid slot!"); } diff --git a/services/ans/src/advanced_notification_publish_service.cpp b/services/ans/src/advanced_notification_publish_service.cpp index 64636a8098056a6375c0d98006c4874e9b673360..c22112cb294efa9fbeb6b5de496ed7c94597cc40 100644 --- a/services/ans/src/advanced_notification_publish_service.cpp +++ b/services/ans/src/advanced_notification_publish_service.cpp @@ -775,12 +775,22 @@ ErrCode AdvancedNotificationService::PublishNotificationBySa(const sptrGetUnifiedGroupInfo(request); #endif + bool isDisable = false; + if (request->IsAgentNotification() && !bundle.empty()) { + isDisable = true; + } + bool isKioskMode = NotificationPreferences::GetInstance()->IsKioskMode(); ffrt::task_handle handler = notificationSvrQueue_->submit_h([&]() { if (!bundle.empty() && IsDisableNotification(bundle)) { ANS_LOGE("bundle in Disable Notification list, bundleName=%{public}s", bundle.c_str()); result = ERR_ANS_REJECTED_WITH_DISABLE_NOTIFICATION; return; } + if (isKioskMode && isDisable && !IsEnableNotificationByKioskAppTrustList(bundle)) { + ANS_LOGE("bundle not in kiosk trust list, bundleName=%{public}s", bundle.c_str()); + result = ERR_ANS_REJECTED_WITH_DISABLE_NOTIFICATION; + return; + } if (!bundleOption->GetBundleName().empty() && !(request->GetSlotType() == NotificationConstant::SlotType::LIVE_VIEW && request->IsAgentNotification())) { ErrCode ret = AssignValidNotificationSlot(record, bundleOption); @@ -1066,6 +1076,20 @@ bool AdvancedNotificationService::IsDisableNotification(const std::string &bundl return false; } +bool AdvancedNotificationService::IsEnableNotificationByKioskAppTrustList(const std::string &bundleName) +{ + std::vector kioskAppTrustList; + if (NotificationPreferences::GetInstance()->GetkioskAppTrustList(kioskAppTrustList)) { + auto it = std::find(kioskAppTrustList.begin(), kioskAppTrustList.end(), bundleName); + if (it != kioskAppTrustList.end()) { + return true; + } + } else { + ANS_LOGD("no kiosk app trust list has been set up"); + } + return false; +} + bool AdvancedNotificationService::IsNeedToControllerByDisableNotification(const sptr &request) { if (request == nullptr) { diff --git a/services/ans/src/advanced_notification_service.cpp b/services/ans/src/advanced_notification_service.cpp index 77b40d6a59d4edc1796ffe6a3e41cd616a738576..bdc13d398e9052eae1907f873a05ac6b584bf255 100644 --- a/services/ans/src/advanced_notification_service.cpp +++ b/services/ans/src/advanced_notification_service.cpp @@ -708,17 +708,25 @@ ErrCode AdvancedNotificationService::PublishPreparedNotification(const sptrGetOwnerBundleName(); + ANS_LOGI("ttt PublishPreparedNotification ownerBundleName%{public}s", ownerBundleName.c_str()); + ANS_LOGI("ttt PublishPreparedNotification createBundleName%{public}s", request->GetCreatorBundleName().c_str()); + bool isKioskMode = NotificationPreferences::GetInstance()->IsKioskMode(); #ifdef ENABLE_ANS_AGGREGATION EXTENTION_WRAPPER->GetUnifiedGroupInfo(request); #endif const int32_t uid = IPCSkeleton::GetCallingUid(); ffrt::task_handle handler = notificationSvrQueue_->submit_h(std::bind([&]() { - ANS_LOGD("ffrt enter!"); + ANS_LOGI("ffrt enter!"); if (isDisableNotification && IsDisableNotification(ownerBundleName)) { ANS_LOGE("bundle: %{public}s in disable notification list", (request->GetOwnerBundleName()).c_str()); result = ERR_ANS_REJECTED_WITH_DISABLE_NOTIFICATION; return; } + if (isKioskMode && !IsEnableNotificationByKioskAppTrustList(ownerBundleName)) { + ANS_LOGE("bundle: %{public}s not in kiosk trust list", (request->GetOwnerBundleName()).c_str()); + result = ERR_ANS_REJECTED_WITH_DISABLE_NOTIFICATION; + return; + } if (record->request->GetSlotType() == NotificationConstant::SlotType::LIVE_VIEW && !LivePublishProcess::GetInstance()->CheckLocalLiveViewSubscribed(record->request, isUpdateByOwner, uid)) { result = ERR_ANS_INVALID_PARAM; diff --git a/services/ans/src/advanced_notification_slot_service.cpp b/services/ans/src/advanced_notification_slot_service.cpp index 8c833accc2a66104c55cdf8ab091eb62d6053145..f92271f60f985c5a9a9f5e9bd266d0d4a0c9af3b 100644 --- a/services/ans/src/advanced_notification_slot_service.cpp +++ b/services/ans/src/advanced_notification_slot_service.cpp @@ -45,6 +45,7 @@ namespace { constexpr char KEY_NAME[] = "AGGREGATE_CONFIG"; constexpr char CTRL_LIST_KEY_NAME[] = "NOTIFICATION_CTL_LIST_PKG"; constexpr char CALL_UI_BUNDLE[] = "com.ohos.callui"; + constexpr char KIOSK_APP_TRUST_LIST[] = "kiosk_app_trust_list"; constexpr uint32_t NOTIFICATION_SETTING_FLAG_BASE = 0x11; } @@ -984,6 +985,13 @@ ErrCode AdvancedNotificationService::SetAdditionConfig(const std::string &key, c return ERR_ANS_PERMISSION_DENIED; } + if (key == KIOSK_APP_TRUST_LIST && !AccessTokenHelper::CheckPermission(OHOS_PERMISSION_MANAGE_EDM_POLICY)) { + ANS_LOGE("Permission denied."); + message.ErrorCode(ERR_ANS_PERMISSION_DENIED).Append(" Permission denied"); + NotificationAnalyticsUtil::ReportModifyEvent(message); + return ERR_ANS_PERMISSION_DENIED; + } + if (notificationSvrQueue_ == nullptr) { ANS_LOGE("Serial queue is invalid."); return ERR_ANS_INVALID_PARAM; diff --git a/services/ans/src/notification_preferences.cpp b/services/ans/src/notification_preferences.cpp index dcff9f9fdb301d05eff2d440d5a58b80fab44adb..c8f4afa55ece504e45eb26a3e1c9f482649dbf14 100644 --- a/services/ans/src/notification_preferences.cpp +++ b/services/ans/src/notification_preferences.cpp @@ -1478,6 +1478,39 @@ bool NotificationPreferences::GetDisableNotificationInfo(NotificationDisable &no return true; } +bool NotificationPreferences::GetkioskAppTrustList(std::vector &kioskAppTrustList) +{ + ANS_LOGI("ttt NotificationPreferences::GetkioskAppTrustList enter"); + kioskAppTrustList.push_back("com.example.myapplication"); + // ANS_LOGD("%{public}s", __FUNCTION__); + // if (preferencesInfo_.GetkioskAppTrustList(kioskAppTrustList)) { + // ANS_LOGD("info get disable notification success"); + // return true; + // } + // std::string value = ""; + // int32_t userId = -1; + // if (GetKvFromDb("kiosk_app_trust_list", value, userId) != ERR_OK) { + // ANS_LOGD("Get kiosk app trust list failed."); + // return false; + // } + // if (value.empty() || !nlohmann::json::accept(value)) { + // ANS_LOGE("Invalid json string"); + // return false; + // } + // nlohmann::json jsonObject = nlohmann::json::parse(value, nullptr, false); + // if (jsonObject.is_null() || jsonObject.empty()) { + // ANS_LOGE("Invalid JSON object"); + // return false; + // } + // if (jsonObject.is_discarded() || !jsonObject.is_array()) { + // ANS_LOGE("Parse kiosk app trust list failed due to data is discarded or not array"); + // return false; + // } + // kioskAppTrustList = jsonObject.get>(); + // preferencesInfo_.SetkioskAppTrustList(kioskAppTrustList); + return true; +} + ErrCode NotificationPreferences::SetSubscriberExistFlag(const std::string& deviceType, bool existFlag) { ANS_LOGD("%{public}s", __FUNCTION__); @@ -1576,6 +1609,16 @@ bool NotificationPreferences::SetBundleRemoveFlag(const sptrSetBundleRemoveFlag(bundleOption, slotType, sourceType); } +void NotificationPreferences::SetKioskModeStatus(bool isKioskMode) +{ + isKioskMode_ = isKioskMode; +} + +bool NotificationPreferences::IsKioskMode() +{ + return true; +} + #ifdef ENABLE_ANS_PRIVILEGED_MESSAGE_EXT_WRAPPER int32_t NotificationPreferences::GetKvFromDb( const std::string &key, std::string &value, const int32_t &userId, int32_t &retCode) diff --git a/services/ans/src/notification_preferences_info.cpp b/services/ans/src/notification_preferences_info.cpp index 92d810f4bcdf496fc015c098873bdde8f9554981..e3efa260396794aec00124cb59fd66477f3feea9 100644 --- a/services/ans/src/notification_preferences_info.cpp +++ b/services/ans/src/notification_preferences_info.cpp @@ -443,6 +443,21 @@ bool NotificationPreferencesInfo::GetDisableNotificationInfo(NotificationDisable return true; } +void NotificationPreferencesInfo::SetkioskAppTrustList(const std::vector &kioskAppTrustList) +{ + kioskAppTrustList_ = kioskAppTrustList; +} + +bool NotificationPreferencesInfo::GetkioskAppTrustList(std::vector &kioskAppTrustList) const +{ + if (kioskAppTrustList_.empty()) { + ANS_LOGE("kioskAppTrustList is empty"); + return false; + } + kioskAppTrustList = kioskAppTrustList_; + return true; +} + void NotificationPreferencesInfo::AddDisableNotificationInfo(const std::string &value) { NotificationDisable notificationDisable; diff --git a/services/ans/src/system_event_observer.cpp b/services/ans/src/system_event_observer.cpp index db7602425ddbf2650630d93300ca87cfe7bb390a..844d2d8ec13b2f7d837746590b759b6447a0ba05 100644 --- a/services/ans/src/system_event_observer.cpp +++ b/services/ans/src/system_event_observer.cpp @@ -46,6 +46,8 @@ SystemEventObserver::SystemEventObserver(const ISystemEvent &callbacks) : callba matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_PACKAGE_CHANGED); matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_BOOT_COMPLETED); matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_RESTORE_START); + matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_KIOSK_MODE_ON); + matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_KIOSK_MODE_OFF); EventFwk::CommonEventSubscribeInfo commonEventSubscribeInfo(matchingSkills); commonEventSubscribeInfo.SetThreadMode(EventFwk::CommonEventSubscribeInfo::COMMON); @@ -152,6 +154,10 @@ void SystemEventObserver::OnReceiveEvent(const EventFwk::CommonEventData &data) } } else if (action == EventFwk::CommonEventSupport::COMMON_EVENT_RESTORE_START) { NotificationCloneManager::GetInstance().OnRestoreStart(want); + } else if (action == EventFwk::CommonEventSupport::COMMON_EVENT_KIOSK_MODE_ON) { + NotificationPreferences::GetInstance()->SetKioskModeStatus(true); + } else if (action == EventFwk::CommonEventSupport::COMMON_EVENT_KIOSK_MODE_OFF) { + NotificationPreferences::GetInstance()->SetKioskModeStatus(false); } else { OnReceiveEventInner(data); }