1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accesstoken_manager_client.h"
17
18 #include "accesstoken_log.h"
19 #include "accesstoken_manager_proxy.h"
20 #include "hap_token_info.h"
21 #include "hap_token_info_for_sync_parcel.h"
22 #include "iservice_registry.h"
23 #include "native_token_info.h"
24
25 namespace OHOS {
26 namespace Security {
27 namespace AccessToken {
28 namespace {
29 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
30 LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenManagerClient"
31 };
32 } // namespace
33
GetInstance()34 AccessTokenManagerClient& AccessTokenManagerClient::GetInstance()
35 {
36 static AccessTokenManagerClient instance;
37 return instance;
38 }
39
AccessTokenManagerClient()40 AccessTokenManagerClient::AccessTokenManagerClient()
41 {}
42
~AccessTokenManagerClient()43 AccessTokenManagerClient::~AccessTokenManagerClient()
44 {}
45
VerifyAccessToken(AccessTokenID tokenID,const std::string & permissionName)46 int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName)
47 {
48 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
49 auto proxy = GetProxy();
50 if (proxy == nullptr) {
51 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
52 return PERMISSION_DENIED;
53 }
54 return proxy->VerifyAccessToken(tokenID, permissionName);
55 }
56
VerifyNativeToken(AccessTokenID tokenID,const std::string & permissionName)57 int AccessTokenManagerClient::VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName)
58 {
59 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
60 auto proxy = GetProxy();
61 if (proxy == nullptr) {
62 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
63 return PERMISSION_DENIED;
64 }
65 return proxy->VerifyNativeToken(tokenID, permissionName);
66 }
67
GetDefPermission(const std::string & permissionName,PermissionDef & permissionDefResult)68 int AccessTokenManagerClient::GetDefPermission(
69 const std::string& permissionName, PermissionDef& permissionDefResult)
70 {
71 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
72 auto proxy = GetProxy();
73 if (proxy == nullptr) {
74 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
75 return RET_FAILED;
76 }
77 PermissionDefParcel permissionDefParcel;
78 int result = proxy->GetDefPermission(permissionName, permissionDefParcel);
79 permissionDefResult = permissionDefParcel.permissionDef;
80 return result;
81 }
82
GetDefPermissions(AccessTokenID tokenID,std::vector<PermissionDef> & permList)83 int AccessTokenManagerClient::GetDefPermissions(AccessTokenID tokenID, std::vector<PermissionDef>& permList)
84 {
85 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
86 auto proxy = GetProxy();
87 if (proxy == nullptr) {
88 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
89 return RET_FAILED;
90 }
91 std::vector<PermissionDefParcel> parcelList;
92 int result = proxy->GetDefPermissions(tokenID, parcelList);
93 for (auto permParcel : parcelList) {
94 PermissionDef perm = permParcel.permissionDef;
95 permList.emplace_back(perm);
96 }
97 return result;
98 }
99
GetReqPermissions(AccessTokenID tokenID,std::vector<PermissionStateFull> & reqPermList,bool isSystemGrant)100 int AccessTokenManagerClient::GetReqPermissions(
101 AccessTokenID tokenID, std::vector<PermissionStateFull>& reqPermList, bool isSystemGrant)
102 {
103 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
104 auto proxy = GetProxy();
105 if (proxy == nullptr) {
106 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
107 return RET_FAILED;
108 }
109 std::vector<PermissionStateFullParcel> parcelList;
110 int result = proxy->GetReqPermissions(tokenID, parcelList, isSystemGrant);
111 for (auto permParcel : parcelList) {
112 PermissionStateFull perm = permParcel.permStatFull;
113 reqPermList.emplace_back(perm);
114 }
115 return result;
116 }
117
GetPermissionFlag(AccessTokenID tokenID,const std::string & permissionName)118 int AccessTokenManagerClient::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName)
119 {
120 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
121 auto proxy = GetProxy();
122 if (proxy == nullptr) {
123 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
124 return DEFAULT_PERMISSION_FLAGS;
125 }
126 return proxy->GetPermissionFlag(tokenID, permissionName);
127 }
128
GetSelfPermissionsState(std::vector<PermissionListState> & permList)129 PermissionOper AccessTokenManagerClient::GetSelfPermissionsState(
130 std::vector<PermissionListState>& permList)
131 {
132 ACCESSTOKEN_LOG_DEBUG(LABEL, "permList.size() : %{public}d.", (int)permList.size());
133 auto proxy = GetProxy();
134 if (proxy == nullptr) {
135 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null.");
136 return INVALID_OPER;
137 }
138
139 size_t len = permList.size();
140 if (len == 0) {
141 ACCESSTOKEN_LOG_DEBUG(LABEL, "len is zero.");
142 return PASS_OPER;
143 }
144
145 std::vector<PermissionListStateParcel> parcelList;
146
147 for (auto perm : permList) {
148 PermissionListStateParcel permParcel;
149 permParcel.permsState = perm;
150 parcelList.emplace_back(permParcel);
151 }
152
153 PermissionOper result = proxy->GetSelfPermissionsState(parcelList);
154
155 if (len != parcelList.size()) {
156 return INVALID_OPER;
157 }
158 for (uint32_t i = 0; i < len; i++) {
159 PermissionListState perm = parcelList[i].permsState;
160 permList[i].state = perm.state;
161 }
162 return result;
163 }
164
GrantPermission(AccessTokenID tokenID,const std::string & permissionName,int flag)165 int AccessTokenManagerClient::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag)
166 {
167 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
168 auto proxy = GetProxy();
169 if (proxy == nullptr) {
170 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
171 return RET_FAILED;
172 }
173 return proxy->GrantPermission(tokenID, permissionName, flag);
174 }
175
RevokePermission(AccessTokenID tokenID,const std::string & permissionName,int flag)176 int AccessTokenManagerClient::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag)
177 {
178 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
179 auto proxy = GetProxy();
180 if (proxy == nullptr) {
181 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
182 return RET_FAILED;
183 }
184 return proxy->RevokePermission(tokenID, permissionName, flag);
185 }
186
ClearUserGrantedPermissionState(AccessTokenID tokenID)187 int AccessTokenManagerClient::ClearUserGrantedPermissionState(AccessTokenID tokenID)
188 {
189 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
190 auto proxy = GetProxy();
191 if (proxy == nullptr) {
192 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
193 return RET_FAILED;
194 }
195 return proxy->ClearUserGrantedPermissionState(tokenID);
196 }
197
AllocHapToken(const HapInfoParams & info,const HapPolicyParams & policy)198 AccessTokenIDEx AccessTokenManagerClient::AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy)
199 {
200 AccessTokenIDEx res = { 0 };
201 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
202 auto proxy = GetProxy();
203 if (proxy == nullptr) {
204 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
205 return res;
206 }
207 HapInfoParcel hapInfoParcel;
208 HapPolicyParcel hapPolicyParcel;
209 hapInfoParcel.hapInfoParameter = info;
210 hapPolicyParcel.hapPolicyParameter = policy;
211
212 return proxy->AllocHapToken(hapInfoParcel, hapPolicyParcel);
213 }
214
DeleteToken(AccessTokenID tokenID)215 int AccessTokenManagerClient::DeleteToken(AccessTokenID tokenID)
216 {
217 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
218 auto proxy = GetProxy();
219 if (proxy == nullptr) {
220 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
221 return RET_FAILED;
222 }
223 return proxy->DeleteToken(tokenID);
224 }
225
GetTokenType(AccessTokenID tokenID)226 ATokenTypeEnum AccessTokenManagerClient::GetTokenType(AccessTokenID tokenID)
227 {
228 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
229 auto proxy = GetProxy();
230 if (proxy == nullptr) {
231 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
232 return TOKEN_INVALID;
233 }
234 return static_cast<ATokenTypeEnum>(proxy->GetTokenType(tokenID));
235 }
236
CheckNativeDCap(AccessTokenID tokenID,const std::string & dcap)237 int AccessTokenManagerClient::CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap)
238 {
239 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
240 auto proxy = GetProxy();
241 if (proxy == nullptr) {
242 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
243 return RET_FAILED;
244 }
245 return proxy->CheckNativeDCap(tokenID, dcap);
246 }
247
GetHapTokenID(int userID,const std::string & bundleName,int instIndex)248 AccessTokenID AccessTokenManagerClient::GetHapTokenID(int userID, const std::string& bundleName, int instIndex)
249 {
250 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
251 auto proxy = GetProxy();
252 if (proxy == nullptr) {
253 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
254 return RET_FAILED;
255 }
256 return proxy->GetHapTokenID(userID, bundleName, instIndex);
257 }
258
AllocLocalTokenID(const std::string & remoteDeviceID,AccessTokenID remoteTokenID)259 AccessTokenID AccessTokenManagerClient::AllocLocalTokenID(
260 const std::string& remoteDeviceID, AccessTokenID remoteTokenID)
261 {
262 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
263 auto proxy = GetProxy();
264 if (proxy == nullptr) {
265 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
266 return RET_FAILED;
267 }
268 return proxy->AllocLocalTokenID(remoteDeviceID, remoteTokenID);
269 }
270
UpdateHapToken(AccessTokenID tokenID,const std::string & appIDDesc,const HapPolicyParams & policy)271 int AccessTokenManagerClient::UpdateHapToken(
272 AccessTokenID tokenID, const std::string& appIDDesc, const HapPolicyParams& policy)
273 {
274 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
275 auto proxy = GetProxy();
276 if (proxy == nullptr) {
277 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
278 return RET_FAILED;
279 }
280 HapPolicyParcel hapPolicyParcel;
281 hapPolicyParcel.hapPolicyParameter = policy;
282 return proxy->UpdateHapToken(tokenID, appIDDesc, hapPolicyParcel);
283 }
284
GetHapTokenInfo(AccessTokenID tokenID,HapTokenInfo & hapTokenInfoRes)285 int AccessTokenManagerClient::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes)
286 {
287 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
288 auto proxy = GetProxy();
289 if (proxy == nullptr) {
290 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
291 return RET_FAILED;
292 }
293 HapTokenInfoParcel hapTokenInfoParcel;
294 int res = proxy->GetHapTokenInfo(tokenID, hapTokenInfoParcel);
295
296 hapTokenInfoRes = hapTokenInfoParcel.hapTokenInfoParams;
297 return res;
298 }
299
GetNativeTokenInfo(AccessTokenID tokenID,NativeTokenInfo & nativeTokenInfoRes)300 int AccessTokenManagerClient::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes)
301 {
302 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
303 auto proxy = GetProxy();
304 if (proxy == nullptr) {
305 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
306 return RET_FAILED;
307 }
308 NativeTokenInfoParcel nativeTokenInfoParcel;
309 int res = proxy->GetNativeTokenInfo(tokenID, nativeTokenInfoParcel);
310 nativeTokenInfoRes = nativeTokenInfoParcel.nativeTokenInfoParams;
311 return res;
312 }
313
314 #ifdef TOKEN_SYNC_ENABLE
GetHapTokenInfoFromRemote(AccessTokenID tokenID,HapTokenInfoForSync & hapSync)315 int AccessTokenManagerClient::GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync)
316 {
317 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
318 auto proxy = GetProxy();
319 if (proxy == nullptr) {
320 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
321 return RET_FAILED;
322 }
323
324 HapTokenInfoForSyncParcel hapSyncParcel;
325 int res = proxy->GetHapTokenInfoFromRemote(tokenID, hapSyncParcel);
326 hapSync = hapSyncParcel.hapTokenInfoForSyncParams;
327 return res;
328 }
329
GetAllNativeTokenInfo(std::vector<NativeTokenInfo> & nativeTokenInfosRes)330 int AccessTokenManagerClient::GetAllNativeTokenInfo(std::vector<NativeTokenInfo>& nativeTokenInfosRes)
331 {
332 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
333 auto proxy = GetProxy();
334 if (proxy == nullptr) {
335 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
336 return RET_FAILED;
337 }
338
339 std::vector<NativeTokenInfoParcel> parcelList;
340 int result = proxy->GetAllNativeTokenInfo(parcelList);
341 for (auto nativeTokenParcel : parcelList) {
342 NativeTokenInfo native = nativeTokenParcel.nativeTokenInfoParams;
343 nativeTokenInfosRes.emplace_back(native);
344 }
345
346 return result;
347 }
348
SetRemoteHapTokenInfo(const std::string & deviceID,const HapTokenInfoForSync & hapSync)349 int AccessTokenManagerClient::SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync)
350 {
351 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
352 auto proxy = GetProxy();
353 if (proxy == nullptr) {
354 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
355 return RET_FAILED;
356 }
357
358 HapTokenInfoForSyncParcel hapSyncParcel;
359 hapSyncParcel.hapTokenInfoForSyncParams = hapSync;
360
361 int res = proxy->SetRemoteHapTokenInfo(deviceID, hapSyncParcel);
362 return res;
363 }
364
SetRemoteNativeTokenInfo(const std::string & deviceID,std::vector<NativeTokenInfo> & nativeTokenInfoList)365 int AccessTokenManagerClient::SetRemoteNativeTokenInfo(const std::string& deviceID,
366 std::vector<NativeTokenInfo>& nativeTokenInfoList)
367 {
368 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
369 auto proxy = GetProxy();
370 if (proxy == nullptr) {
371 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
372 return RET_FAILED;
373 }
374 std::vector<NativeTokenInfoParcel> hapTokenInfoParcels;
375 for (auto native : nativeTokenInfoList) {
376 NativeTokenInfoParcel nativeTokenInfoParcel;
377 nativeTokenInfoParcel.nativeTokenInfoParams = native;
378 hapTokenInfoParcels.emplace_back(nativeTokenInfoParcel);
379 }
380 PermissionStateFullParcel permStateParcel;
381 int res = proxy->SetRemoteNativeTokenInfo(deviceID, hapTokenInfoParcels);
382 return res;
383 }
384
DeleteRemoteToken(const std::string & deviceID,AccessTokenID tokenID)385 int AccessTokenManagerClient::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID)
386 {
387 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
388 auto proxy = GetProxy();
389 if (proxy == nullptr) {
390 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
391 return RET_FAILED;
392 }
393
394 int res = proxy->DeleteRemoteToken(deviceID, tokenID);
395 return res;
396 }
397
GetRemoteNativeTokenID(const std::string & deviceID,AccessTokenID tokenID)398 AccessTokenID AccessTokenManagerClient::GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID)
399 {
400 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
401 auto proxy = GetProxy();
402 if (proxy == nullptr) {
403 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
404 return RET_FAILED;
405 }
406
407 AccessTokenID res = proxy->GetRemoteNativeTokenID(deviceID, tokenID);
408 return res;
409 }
410
DeleteRemoteDeviceTokens(const std::string & deviceID)411 int AccessTokenManagerClient::DeleteRemoteDeviceTokens(const std::string& deviceID)
412 {
413 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
414 auto proxy = GetProxy();
415 if (proxy == nullptr) {
416 ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
417 return RET_FAILED;
418 }
419
420 int res = proxy->DeleteRemoteDeviceTokens(deviceID);
421 return res;
422 }
423 #endif
424
DumpTokenInfo(std::string & dumpInfo)425 void AccessTokenManagerClient::DumpTokenInfo(std::string& dumpInfo)
426 {
427 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
428 auto proxy = GetProxy();
429 if (proxy == nullptr) {
430 ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: proxy is null", __func__);
431 return;
432 }
433 proxy->DumpTokenInfo(dumpInfo);
434 }
435
InitProxy()436 void AccessTokenManagerClient::InitProxy()
437 {
438 std::lock_guard<std::mutex> lock(proxyMutex_);
439 if (proxy_ == nullptr) {
440 auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
441 if (sam == nullptr) {
442 ACCESSTOKEN_LOG_DEBUG(LABEL, "GetSystemAbilityManager is null");
443 return;
444 }
445 auto accesstokenSa = sam->GetSystemAbility(IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE);
446 if (accesstokenSa == nullptr) {
447 ACCESSTOKEN_LOG_DEBUG(LABEL, "GetSystemAbility %{public}d is null",
448 IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE);
449 return;
450 }
451
452 serviceDeathObserver_ = new (std::nothrow) AccessTokenDeathRecipient();
453 if (serviceDeathObserver_ != nullptr) {
454 accesstokenSa->AddDeathRecipient(serviceDeathObserver_);
455 }
456 proxy_ = iface_cast<IAccessTokenManager>(accesstokenSa);
457 if (proxy_ == nullptr) {
458 ACCESSTOKEN_LOG_DEBUG(LABEL, "iface_cast get null");
459 }
460 }
461 }
462
OnRemoteDiedHandle()463 void AccessTokenManagerClient::OnRemoteDiedHandle()
464 {
465 {
466 std::lock_guard<std::mutex> lock(proxyMutex_);
467 proxy_ = nullptr;
468 }
469 InitProxy();
470 }
471
GetProxy()472 sptr<IAccessTokenManager> AccessTokenManagerClient::GetProxy()
473 {
474 if (proxy_ == nullptr) {
475 InitProxy();
476 }
477 return proxy_;
478 }
479 } // namespace AccessToken
480 } // namespace Security
481 } // namespace OHOS
482