diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_check.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_check.h index 5bf317516d5aeaea47bd68457b9e0339606ef815..8ffe6482c5d0227e01c398b3ef8c5581b4667663 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_check.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_check.h @@ -48,6 +48,8 @@ int32_t CmServiceUninstallUserCertCheck(struct CmContext *cmContext, const struc int32_t CmServiceGetUserCertInfoCheck(struct CmContext *cmContext, const struct CmBlob *uri, const uint32_t type, bool isCheckUid); + +int32_t CmServiceSetUserCertStatusCheck(struct CmContext *cmContext, const struct CmBlob *certUri); #ifdef __cplusplus } #endif diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c index 42b930b7c05ed013ede984432a4690640503e71f..3dde8b8d4dbaba51fdb505cdd3e85b43ac4675fa 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c @@ -546,3 +546,33 @@ int32_t CmServiceUninstallUserCertCheck(struct CmContext *cmContext, const struc } return CM_SUCCESS; } + +int32_t CmServiceSetUserCertStatusCheck(struct CmContext *cmContext, const struct CmBlob *certUri) +{ + if (cmContext == NULL) { + CM_LOG_E("CmServiceUninstallUserCertCheck: context is null"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) { + CM_LOG_E("caller no permission"); + return CMR_ERROR_PERMISSION_DENIED; + } + + if (!CmIsSystemApp()) { + CM_LOG_E("set user status: caller is not system app"); + return CMR_ERROR_NOT_SYSTEMP_APP; + } + + if (CmCheckBlob(certUri) != CM_SUCCESS || CheckUri(certUri) != CM_SUCCESS) { + CM_LOG_E("certUri is invalid"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + int32_t ret = CheckAndUpdateCallerAndUri(cmContext, certUri, CM_URI_TYPE_CERTIFICATE, true); + if (ret != CM_SUCCESS) { + CM_LOG_E("uninstall user cert: caller and uri check fail"); + return ret; + } + return CM_SUCCESS; +} diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_query.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_query.c index c57bd30aace6bab8402ae967e49ac9e02e28363b..8224bc3759953a7672f31dbfbf78e36117ac0de6 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_query.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_query.c @@ -26,6 +26,7 @@ #include "cert_manager_storage.h" #include "cert_manager_status.h" #include "cert_manager_file_operator.h" +#include "cm_util.h" #define MAX_PATH_LEN 256 @@ -466,6 +467,37 @@ static int32_t CmGetCertSubjectName(const struct CmBlob *certData, struct CmBlob return CM_SUCCESS; } +static int32_t GetCertContext(const struct CmBlob *fileName, struct CmContext *certContext, + const struct CmContext *context, uint32_t store) +{ + if (store != CM_USER_TRUSTED_STORE) { + certContext->userId = context->userId; + certContext->uid = context->uid; + return CM_SUCCESS; + } + + struct CMUri uriObj; + int32_t ret = CertManagerUriDecode(&uriObj, (char *)fileName->data); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed to decode uri, ret = %d", ret); + return ret; + } + + uint32_t userId = 0; + uint32_t uid = 0; + if (CmIsNumeric(uriObj.user, strlen(uriObj.user) + 1, &userId) != CM_SUCCESS || + CmIsNumeric(uriObj.app, strlen(uriObj.app) + 1, &uid) != CM_SUCCESS) { + CM_LOG_E("parse string to uint32 failed."); + (void)CertManagerFreeUri(&uriObj); + return CMR_ERROR_INVALID_ARGUMENT; + } + (void)CertManagerFreeUri(&uriObj); + + certContext->userId = userId; + certContext->uid = uid; + return CM_SUCCESS; +} + int32_t CmGetCertListInfo(const struct CmContext *context, uint32_t store, const struct CmMutableBlob *certFileList, struct CertBlob *certBlob, uint32_t *status) { @@ -479,7 +511,14 @@ int32_t CmGetCertListInfo(const struct CmContext *context, uint32_t store, } for (uint32_t i = 0; i < certFileList->size; i++) { - ret = CmGetCertStatus(context, &cFileList[i], store, &status[i]); /* status */ + struct CmContext certContext = {0}; + ret = GetCertContext(&cFileList[i].fileName, &certContext, context, store); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed to get cert context"); + return ret; + } + + ret = CmGetCertStatus(&certContext, &cFileList[i], store, &status[i]); /* status */ if (ret != CM_SUCCESS) { CM_LOG_E("Failed to get cert status"); return CM_FAILURE; @@ -503,14 +542,12 @@ int32_t CmGetCertListInfo(const struct CmContext *context, uint32_t store, ret = CmGetCertAlias(store, (char *)cFileList[i].fileName.data, &certData, &(certBlob->certAlias[i])); /* alias */ if (ret != CM_SUCCESS) { - CM_LOG_E("Failed to get cert certAlias"); CM_FREE_BLOB(certData); return CM_FAILURE; } ret = CmGetCertSubjectName(&certData, &(certBlob->subjectName[i])); /* subjectName */ if (ret != CM_SUCCESS) { - CM_LOG_E("Failed to get cert subjectName"); CM_FREE_BLOB(certData); return CM_FAILURE; } diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c index 862787101e0ec01aa86ba8a462ab45d3d276aacd..891a920d688c3637315844977428997bae71031f 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c @@ -1109,6 +1109,7 @@ void CmIpcServiceSetUserCertStatus(const struct CmBlob *paramSetBlob, struct CmB int32_t ret = CM_SUCCESS; uint32_t store = CM_USER_TRUSTED_STORE; uint32_t status = INIT_INVALID_VALUE; + struct CmContext oriContext = {0}; struct CmBlob certUri = { 0, NULL }; struct CmContext cmContext = {0}; struct CmParamSet *paramSet = NULL; @@ -1119,20 +1120,17 @@ void CmIpcServiceSetUserCertStatus(const struct CmBlob *paramSetBlob, struct CmB }; do { - if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) { - CM_LOG_E("caller no permission"); - ret = CMR_ERROR_PERMISSION_DENIED; - break; - } - if (!CmIsSystemApp()) { - CM_LOG_E("set user status: caller is not system app"); - ret = CMR_ERROR_NOT_SYSTEMP_APP; + ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); + if (ret != CM_SUCCESS) { + CM_LOG_E("SetUserCertStatus get input params failed, ret = %d", ret); break; } + oriContext.userId = cmContext.userId; + oriContext.uid = cmContext.uid; - ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); + ret = CmServiceSetUserCertStatusCheck(&cmContext, &certUri); if (ret != CM_SUCCESS) { - CM_LOG_E("SetUserCertStatus get input params failed, ret = %d", ret); + CM_LOG_E("CmServiceSetUserCertStatusCheck fail, ret = %d", ret); break; }