1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "os_account_manager_service.h"
16 #include "account_info.h"
17 #include "account_log_wrapper.h"
18 #include "iinner_os_account_manager.h"
19 #include "ipc_skeleton.h"
20 #include "os_account_constants.h"
21
22 namespace OHOS {
23 namespace AccountSA {
24 namespace {
25 const std::string DUMP_TAB_CHARACTER = "\t";
26 const std::map<OsAccountType, std::string> DUMP_TYPE_MAP = {
27 {OsAccountType::ADMIN, "admin"},
28 {OsAccountType::NORMAL, "normal"},
29 {OsAccountType::GUEST, "guest"},
30 };
31 const std::string CONSTANT_CREATE = "constraint.os.account.create";
32 const std::string CONSTANT_REMOVE = "constraint.os.account.remove";
33 const std::string CONSTANT_START = "constraint.os.account.start";
34 const std::string CONSTANT_SET_ICON = "constraint.os.account.set.icon";
35 const std::int32_t ROOT_UID = 0;
36 } // namespace
37
OsAccountManagerService()38 OsAccountManagerService::OsAccountManagerService()
39 {
40 innerManager_ = DelayedSingleton<IInnerOsAccountManager>::GetInstance();
41 permissionManagerPtr_ = DelayedSingleton<AccountPermissionManager>::GetInstance();
42 bundleManagerPtr_ = DelayedSingleton<AccountBundleManager>::GetInstance();
43 }
~OsAccountManagerService()44 OsAccountManagerService::~OsAccountManagerService()
45 {}
46
CreateOsAccount(const std::string & name,const OsAccountType & type,OsAccountInfo & osAccountInfo)47 ErrCode OsAccountManagerService::CreateOsAccount(
48 const std::string &name, const OsAccountType &type, OsAccountInfo &osAccountInfo)
49 {
50 bool isMultiOsAccountEnable = false;
51 innerManager_->IsMultiOsAccountEnable(isMultiOsAccountEnable);
52 if (!isMultiOsAccountEnable) {
53 ACCOUNT_LOGE("system is not multi os account enable error");
54 return ERR_OSACCOUNT_SERVICE_MANAGER_NOT_ENABLE_MULTI_ERROR;
55 }
56
57 // permission check
58 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, CONSTANT_CREATE)) {
59 ACCOUNT_LOGE("account manager service, permission denied!");
60 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
61 }
62
63 // parameters check
64 if (name.size() > Constants::LOCAL_NAME_MAX_SIZE) {
65 ACCOUNT_LOGE("os account name out of max allowed size");
66 return ERR_OSACCOUNT_SERVICE_MANAGER_NAME_SIZE_OVERFLOW_ERROR;
67 }
68 if (name.size() <= 0) {
69 ACCOUNT_LOGE("os account name is empty");
70 return ERR_OSACCOUNT_SERVICE_MANAGER_NAME_SIZE_EMPTY_ERROR;
71 }
72
73 bool isAllowedCreateAdmin = false;
74 ErrCode errCode = innerManager_->IsAllowedCreateAdmin(isAllowedCreateAdmin);
75 if (errCode != ERR_OK) {
76 ACCOUNT_LOGE("query allowed create admin error");
77 return errCode;
78 }
79 if (!isAllowedCreateAdmin && type == OsAccountType::ADMIN) {
80 ACCOUNT_LOGE("cannot create admin account error");
81 return ERR_OSACCOUNT_SERVICE_MANAGER_CREATE_OSACCOUNT_TYPE_ERROR;
82 }
83 return innerManager_->CreateOsAccount(name, type, osAccountInfo);
84 }
85
CreateOsAccountForDomain(const OsAccountType & type,const DomainAccountInfo & domainInfo,OsAccountInfo & osAccountInfo)86 ErrCode OsAccountManagerService::CreateOsAccountForDomain(
87 const OsAccountType &type, const DomainAccountInfo &domainInfo, OsAccountInfo &osAccountInfo)
88 {
89 ACCOUNT_LOGI("OsAccountManager CreateOsAccountForDomain START");
90 bool isMultiOsAccountEnable = false;
91 innerManager_->IsMultiOsAccountEnable(isMultiOsAccountEnable);
92 if (!isMultiOsAccountEnable) {
93 return ERR_OSACCOUNT_SERVICE_MANAGER_NOT_ENABLE_MULTI_ERROR;
94 }
95
96 // permission check
97 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, CONSTANT_CREATE)) {
98 ACCOUNT_LOGE("account manager service, permission denied!");
99 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
100 }
101
102 // parameters check
103 if (domainInfo.accountName_.empty() || domainInfo.domain_.empty()) {
104 return ERR_OSACCOUNT_SERVICE_MANAGER_NAME_SIZE_EMPTY_ERROR;
105 }
106 if (domainInfo.accountName_.size() > Constants::DOMAIN_ACCOUNT_NAME_MAX_SIZE ||
107 domainInfo.domain_.size() > Constants::DOMAIN_NAME_MAX_SIZE) {
108 return ERR_OSACCOUNT_SERVICE_MANAGER_NAME_SIZE_OVERFLOW_ERROR;
109 }
110
111 bool isAllowedCreateAdmin = false;
112 ErrCode errCode = innerManager_->IsAllowedCreateAdmin(isAllowedCreateAdmin);
113 if (errCode != ERR_OK) {
114 return errCode;
115 }
116 if (!isAllowedCreateAdmin && type == OsAccountType::ADMIN) {
117 return ERR_OSACCOUNT_SERVICE_MANAGER_CREATE_OSACCOUNT_TYPE_ERROR;
118 }
119 return innerManager_->CreateOsAccountForDomain(type, domainInfo, osAccountInfo);
120 }
121
RemoveOsAccount(const int id)122 ErrCode OsAccountManagerService::RemoveOsAccount(const int id)
123 {
124 // permission check
125 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, CONSTANT_REMOVE)) {
126 ACCOUNT_LOGE("account manager service, permission denied!");
127 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
128 }
129
130 // parameters check
131 if (id <= Constants::START_USER_ID) {
132 ACCOUNT_LOGE("cannot remove system preinstalled user!");
133 return ERR_OSACCOUNT_SERVICE_MANAGER_ID_ERROR;
134 }
135
136 return innerManager_->RemoveOsAccount(id);
137 }
138
IsOsAccountExists(const int id,bool & isOsAccountExists)139 ErrCode OsAccountManagerService::IsOsAccountExists(const int id, bool &isOsAccountExists)
140 {
141 return innerManager_->IsOsAccountExists(id, isOsAccountExists);
142 }
143
IsOsAccountActived(const int id,bool & isOsAccountActived)144 ErrCode OsAccountManagerService::IsOsAccountActived(const int id, bool &isOsAccountActived)
145 {
146 // check current account state
147 int callerUserId = IPCSkeleton::GetCallingUid() / UID_TRANSFORM_DIVISOR;
148 if (callerUserId == id) {
149 return innerManager_->IsOsAccountActived(id, isOsAccountActived);
150 }
151
152 // check other account state, check permission first
153 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, "") &&
154 !PermissionCheck(AccountPermissionManager::INTERACT_ACROSS_LOCAL_ACCOUNTS, "")) {
155 ACCOUNT_LOGE("account manager service, permission denied!");
156 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
157 }
158
159 return innerManager_->IsOsAccountActived(id, isOsAccountActived);
160 }
161
IsOsAccountConstraintEnable(const int id,const std::string & constraint,bool & isConstraintEnable)162 ErrCode OsAccountManagerService::IsOsAccountConstraintEnable(
163 const int id, const std::string &constraint, bool &isConstraintEnable)
164 {
165 // permission check
166 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, "")) {
167 ACCOUNT_LOGE("account manager service, permission denied!");
168 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
169 }
170
171 return innerManager_->IsOsAccountConstraintEnable(id, constraint, isConstraintEnable);
172 }
173
IsOsAccountVerified(const int id,bool & isVerified)174 ErrCode OsAccountManagerService::IsOsAccountVerified(const int id, bool &isVerified)
175 {
176 // check current account state
177 int callerUserId = IPCSkeleton::GetCallingUid() / UID_TRANSFORM_DIVISOR;
178 if (callerUserId == id) {
179 return innerManager_->IsOsAccountVerified(id, isVerified);
180 }
181
182 // check other account state, check permission first
183 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, "") &&
184 !PermissionCheck(AccountPermissionManager::INTERACT_ACROSS_LOCAL_ACCOUNTS, "")) {
185 ACCOUNT_LOGE("account manager service, permission denied!");
186 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
187 }
188
189 return innerManager_->IsOsAccountVerified(id, isVerified);
190 }
191
GetCreatedOsAccountsCount(unsigned int & osAccountsCount)192 ErrCode OsAccountManagerService::GetCreatedOsAccountsCount(unsigned int &osAccountsCount)
193 {
194 // permission check
195 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, "")) {
196 ACCOUNT_LOGE("account manager service, permission denied!");
197 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
198 }
199
200 return innerManager_->GetCreatedOsAccountsCount(osAccountsCount);
201 }
202
GetOsAccountLocalIdFromProcess(int & id)203 ErrCode OsAccountManagerService::GetOsAccountLocalIdFromProcess(int &id)
204 {
205 const std::int32_t uid = IPCSkeleton::GetCallingUid();
206 id = uid / UID_TRANSFORM_DIVISOR;
207 return ERR_OK;
208 }
209
GetOsAccountLocalIdFromDomain(const DomainAccountInfo & domainInfo,int & id)210 ErrCode OsAccountManagerService::GetOsAccountLocalIdFromDomain(const DomainAccountInfo &domainInfo, int &id)
211 {
212 // permission check
213 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, "")) {
214 ACCOUNT_LOGE("account manager service, permission denied!");
215 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
216 }
217
218 return innerManager_->GetOsAccountLocalIdFromDomain(domainInfo, id);
219 }
220
QueryMaxOsAccountNumber(int & maxOsAccountNumber)221 ErrCode OsAccountManagerService::QueryMaxOsAccountNumber(int &maxOsAccountNumber)
222 {
223 return innerManager_->QueryMaxOsAccountNumber(maxOsAccountNumber);
224 }
225
GetOsAccountAllConstraints(const int id,std::vector<std::string> & constraints)226 ErrCode OsAccountManagerService::GetOsAccountAllConstraints(const int id, std::vector<std::string> &constraints)
227 {
228 // permission check
229 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, "")) {
230 ACCOUNT_LOGE("account manager service, permission denied!");
231 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
232 }
233
234 return innerManager_->GetOsAccountAllConstraints(id, constraints);
235 }
236
QueryAllCreatedOsAccounts(std::vector<OsAccountInfo> & osAccountInfos)237 ErrCode OsAccountManagerService::QueryAllCreatedOsAccounts(std::vector<OsAccountInfo> &osAccountInfos)
238 {
239 // permission check
240 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, "")) {
241 ACCOUNT_LOGE("account manager service, permission denied!");
242 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
243 }
244
245 return innerManager_->QueryAllCreatedOsAccounts(osAccountInfos);
246 }
247
QueryCurrentOsAccount(OsAccountInfo & osAccountInfo)248 ErrCode OsAccountManagerService::QueryCurrentOsAccount(OsAccountInfo &osAccountInfo)
249 {
250 // permission check
251 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, "")) {
252 ACCOUNT_LOGE("account manager service, permission denied!");
253 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
254 }
255
256 int id = IPCSkeleton::GetCallingUid() / UID_TRANSFORM_DIVISOR;
257 return innerManager_->QueryOsAccountById(id, osAccountInfo);
258 }
259
QueryOsAccountById(const int id,OsAccountInfo & osAccountInfo)260 ErrCode OsAccountManagerService::QueryOsAccountById(const int id, OsAccountInfo &osAccountInfo)
261 {
262 // permission check
263 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, "") &&
264 !PermissionCheck(AccountPermissionManager::INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION, "")) {
265 ACCOUNT_LOGE("account manager service, permission denied!");
266 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
267 }
268
269 return innerManager_->QueryOsAccountById(id, osAccountInfo);
270 }
271
GetOsAccountTypeFromProcess(OsAccountType & type)272 ErrCode OsAccountManagerService::GetOsAccountTypeFromProcess(OsAccountType &type)
273 {
274 int id = IPCSkeleton::GetCallingUid() / UID_TRANSFORM_DIVISOR;
275 return innerManager_->GetOsAccountType(id, type);
276 }
277
GetOsAccountProfilePhoto(const int id,std::string & photo)278 ErrCode OsAccountManagerService::GetOsAccountProfilePhoto(const int id, std::string &photo)
279 {
280 // get current account photo
281 int callerUserId = IPCSkeleton::GetCallingUid() / UID_TRANSFORM_DIVISOR;
282 if (callerUserId == id) {
283 return innerManager_->GetOsAccountProfilePhoto(id, photo);
284 }
285
286 // get other account photo, check permission first
287 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, "")) {
288 ACCOUNT_LOGE("account manager service, permission denied!");
289 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
290 }
291
292 return innerManager_->GetOsAccountProfilePhoto(id, photo);
293 }
294
IsMultiOsAccountEnable(bool & isMultiOsAccountEnable)295 ErrCode OsAccountManagerService::IsMultiOsAccountEnable(bool &isMultiOsAccountEnable)
296 {
297 return innerManager_->IsMultiOsAccountEnable(isMultiOsAccountEnable);
298 }
299
SetOsAccountName(const int id,const std::string & name)300 ErrCode OsAccountManagerService::SetOsAccountName(const int id, const std::string &name)
301 {
302 // permission check
303 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, "")) {
304 ACCOUNT_LOGE("account manager service, permission denied!");
305 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
306 }
307
308 // parameters check
309 if (name.size() > Constants::LOCAL_NAME_MAX_SIZE) {
310 ACCOUNT_LOGE("set os account name is out of allowed szie");
311 return ERR_OSACCOUNT_SERVICE_MANAGER_NAME_SIZE_OVERFLOW_ERROR;
312 }
313 if (name.size() <= 0) {
314 ACCOUNT_LOGE("os account name is empty");
315 return ERR_OSACCOUNT_SERVICE_MANAGER_NAME_SIZE_EMPTY_ERROR;
316 }
317 if (id < Constants::START_USER_ID) {
318 ACCOUNT_LOGE("invalid input id %{public}d.", id);
319 return ERR_OSACCOUNT_SERVICE_MANAGER_ID_ERROR;
320 }
321 return innerManager_->SetOsAccountName(id, name);
322 }
323
SetOsAccountConstraints(const int id,const std::vector<std::string> & constraints,const bool enable)324 ErrCode OsAccountManagerService::SetOsAccountConstraints(
325 const int id, const std::vector<std::string> &constraints, const bool enable)
326 {
327 // permission check
328 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, "")) {
329 ACCOUNT_LOGE("account manager service, permission denied!");
330 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
331 }
332
333 // parameters check
334 if (id < Constants::START_USER_ID) {
335 ACCOUNT_LOGE("invalid input account id %{public}d.", id);
336 return ERR_OSACCOUNT_SERVICE_MANAGER_ID_ERROR;
337 }
338
339 return innerManager_->SetOsAccountConstraints(id, constraints, enable);
340 }
341
SetOsAccountProfilePhoto(const int id,const std::string & photo)342 ErrCode OsAccountManagerService::SetOsAccountProfilePhoto(const int id, const std::string &photo)
343 {
344 // permission check
345 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, CONSTANT_SET_ICON)) {
346 ACCOUNT_LOGE("account manager service, permission denied!");
347 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
348 }
349
350 // parameters check
351 if (id < Constants::START_USER_ID) {
352 ACCOUNT_LOGE("invalid input id %{public}d.", id);
353 return ERR_OSACCOUNT_SERVICE_MANAGER_ID_ERROR;
354 }
355 if (photo.size() > Constants::LOCAL_PHOTO_MAX_SIZE) {
356 ACCOUNT_LOGE("photo out of allowed size");
357 return ERR_OSACCOUNT_SERVICE_MANAGER_PHOTO_SIZE_OVERFLOW_ERROR;
358 }
359
360 return innerManager_->SetOsAccountProfilePhoto(id, photo);
361 }
362
ActivateOsAccount(const int id)363 ErrCode OsAccountManagerService::ActivateOsAccount(const int id)
364 {
365 // permission check
366 if (!PermissionCheck(AccountPermissionManager::INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION, CONSTANT_START)) {
367 ACCOUNT_LOGE("account manager service, permission denied!");
368 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
369 }
370
371 // parameters check
372 if (id < Constants::START_USER_ID) {
373 ACCOUNT_LOGE("invalid input id %{public}d.", id);
374 return ERR_OSACCOUNT_SERVICE_MANAGER_ID_ERROR;
375 }
376
377 return innerManager_->ActivateOsAccount(id);
378 }
379
StartOsAccount(const int id)380 ErrCode OsAccountManagerService::StartOsAccount(const int id)
381 {
382 return innerManager_->StartOsAccount(id);
383 }
384
StopOsAccount(const int id)385 ErrCode OsAccountManagerService::StopOsAccount(const int id)
386 {
387 return innerManager_->StopOsAccount(id);
388 }
389
SubscribeOsAccount(const OsAccountSubscribeInfo & subscribeInfo,const sptr<IRemoteObject> & eventListener)390 ErrCode OsAccountManagerService::SubscribeOsAccount(
391 const OsAccountSubscribeInfo &subscribeInfo, const sptr<IRemoteObject> &eventListener)
392 {
393 // permission check
394 if (!PermissionCheck(AccountPermissionManager::INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION, "")) {
395 ACCOUNT_LOGE("account manager service, permission denied!");
396 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
397 }
398
399 return innerManager_->SubscribeOsAccount(subscribeInfo, eventListener);
400 }
401
UnsubscribeOsAccount(const sptr<IRemoteObject> & eventListener)402 ErrCode OsAccountManagerService::UnsubscribeOsAccount(const sptr<IRemoteObject> &eventListener)
403 {
404 // permission check
405 if (!PermissionCheck(AccountPermissionManager::INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION, "")) {
406 ACCOUNT_LOGE("account manager service, permission denied!");
407 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
408 }
409
410 return innerManager_->UnsubscribeOsAccount(eventListener);
411 }
412
GetOsAccountLocalIdBySerialNumber(const int64_t serialNumber,int & id)413 ErrCode OsAccountManagerService::GetOsAccountLocalIdBySerialNumber(const int64_t serialNumber, int &id)
414 {
415 return innerManager_->GetOsAccountLocalIdBySerialNumber(serialNumber, id);
416 }
417
GetSerialNumberByOsAccountLocalId(const int & id,int64_t & serialNumber)418 ErrCode OsAccountManagerService::GetSerialNumberByOsAccountLocalId(const int &id, int64_t &serialNumber)
419 {
420 return innerManager_->GetSerialNumberByOsAccountLocalId(id, serialNumber);
421 }
422
GetOsAccountSwitchMod()423 OS_ACCOUNT_SWITCH_MOD OsAccountManagerService::GetOsAccountSwitchMod()
424 {
425 return innerManager_->GetOsAccountSwitchMod();
426 }
427
IsCurrentOsAccountVerified(bool & isVerified)428 ErrCode OsAccountManagerService::IsCurrentOsAccountVerified(bool &isVerified)
429 {
430 int id = IPCSkeleton::GetCallingUid() / UID_TRANSFORM_DIVISOR;
431 return innerManager_->IsOsAccountVerified(id, isVerified);
432 }
433
IsOsAccountCompleted(const int id,bool & isOsAccountCompleted)434 ErrCode OsAccountManagerService::IsOsAccountCompleted(const int id, bool &isOsAccountCompleted)
435 {
436 return innerManager_->IsOsAccountCompleted(id, isOsAccountCompleted);
437 }
438
SetCurrentOsAccountIsVerified(const bool isVerified)439 ErrCode OsAccountManagerService::SetCurrentOsAccountIsVerified(const bool isVerified)
440 {
441 // permission check
442 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, "")) {
443 ACCOUNT_LOGE("account manager service, permission denied!");
444 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
445 }
446
447 // parameters check
448 int id = IPCSkeleton::GetCallingUid() / UID_TRANSFORM_DIVISOR;
449 if (id < Constants::START_USER_ID) {
450 ACCOUNT_LOGE("invalid input id %{public}d.", id);
451 return ERR_OSACCOUNT_SERVICE_MANAGER_ID_ERROR;
452 }
453
454 return innerManager_->SetOsAccountIsVerified(id, isVerified);
455 }
456
SetOsAccountIsVerified(const int id,const bool isVerified)457 ErrCode OsAccountManagerService::SetOsAccountIsVerified(const int id, const bool isVerified)
458 {
459 // permission check
460 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, "")) {
461 ACCOUNT_LOGE("account manager service, permission denied!");
462 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
463 }
464
465 // parameters check
466 if (id < Constants::START_USER_ID) {
467 ACCOUNT_LOGE("invalid input id %{public}d.", id);
468 return ERR_OSACCOUNT_SERVICE_MANAGER_ID_ERROR;
469 }
470 return innerManager_->SetOsAccountIsVerified(id, isVerified);
471 }
472
DumpState(const int & id,std::vector<std::string> & state)473 ErrCode OsAccountManagerService::DumpState(const int &id, std::vector<std::string> &state)
474 {
475 state.clear();
476
477 // permission check
478 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, "")) {
479 ACCOUNT_LOGE("account manager service, permission denied!");
480 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
481 }
482
483 ErrCode result = ERR_OK;
484 std::vector<OsAccountInfo> osAccountInfos;
485
486 if (id == -1) {
487 result = innerManager_->QueryAllCreatedOsAccounts(osAccountInfos);
488 if (result != ERR_OK) {
489 return result;
490 }
491 } else {
492 OsAccountInfo osAccountInfo;
493 result = innerManager_->QueryOsAccountById(id, osAccountInfo);
494 if (result != ERR_OK) {
495 return result;
496 }
497
498 osAccountInfos.emplace_back(osAccountInfo);
499 }
500
501 return DumpStateByAccounts(osAccountInfos, state);
502 }
503
GetCreatedOsAccountNumFromDatabase(const std::string & storeID,int & createdOsAccountNum)504 ErrCode OsAccountManagerService::GetCreatedOsAccountNumFromDatabase(const std::string& storeID,
505 int &createdOsAccountNum)
506 {
507 // permission check
508 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, "")) {
509 ACCOUNT_LOGE("account manager service, permission denied!");
510 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
511 }
512
513 return innerManager_->GetCreatedOsAccountNumFromDatabase(storeID, createdOsAccountNum);
514 }
515
CreateBasicAccounts()516 void OsAccountManagerService::CreateBasicAccounts()
517 {
518 ACCOUNT_LOGE("CreateBasicAccounts enter!");
519 innerManager_->Init();
520 ACCOUNT_LOGE("CreateBasicAccounts exit!");
521 }
522
GetSerialNumberFromDatabase(const std::string & storeID,int64_t & serialNumber)523 ErrCode OsAccountManagerService::GetSerialNumberFromDatabase(const std::string& storeID,
524 int64_t &serialNumber)
525 {
526 return innerManager_->GetSerialNumberFromDatabase(storeID, serialNumber);
527 }
528
GetMaxAllowCreateIdFromDatabase(const std::string & storeID,int & id)529 ErrCode OsAccountManagerService::GetMaxAllowCreateIdFromDatabase(const std::string& storeID, int &id)
530 {
531 return innerManager_->GetMaxAllowCreateIdFromDatabase(storeID, id);
532 }
533
GetOsAccountFromDatabase(const std::string & storeID,const int id,OsAccountInfo & osAccountInfo)534 ErrCode OsAccountManagerService::GetOsAccountFromDatabase(const std::string& storeID,
535 const int id, OsAccountInfo &osAccountInfo)
536 {
537 // permission check
538 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, "")) {
539 ACCOUNT_LOGE("account manager service, permission denied!");
540 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
541 }
542
543 return innerManager_->GetOsAccountFromDatabase(storeID, id, osAccountInfo);
544 }
545
GetOsAccountListFromDatabase(const std::string & storeID,std::vector<OsAccountInfo> & osAccountList)546 ErrCode OsAccountManagerService::GetOsAccountListFromDatabase(const std::string& storeID,
547 std::vector<OsAccountInfo> &osAccountList)
548 {
549 // permission check
550 if (!PermissionCheck(AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, "")) {
551 ACCOUNT_LOGE("account manager service, permission denied!");
552 return ERR_OSACCOUNT_SERVICE_PERMISSION_DENIED;
553 }
554
555 return innerManager_->GetOsAccountListFromDatabase(storeID, osAccountList);
556 }
557
DumpStateByAccounts(const std::vector<OsAccountInfo> & osAccountInfos,std::vector<std::string> & state)558 ErrCode OsAccountManagerService::DumpStateByAccounts(
559 const std::vector<OsAccountInfo> &osAccountInfos, std::vector<std::string> &state)
560 {
561 ACCOUNT_LOGI("enter");
562
563 for (auto osAccountInfo : osAccountInfos) {
564 std::string info = "";
565
566 std::string localId = std::to_string(osAccountInfo.GetLocalId());
567 state.emplace_back("ID: " + localId);
568
569 std::string localName = osAccountInfo.GetLocalName();
570 state.emplace_back(DUMP_TAB_CHARACTER + "Name: " + localName);
571
572 std::string type = "";
573 auto it = DUMP_TYPE_MAP.find(osAccountInfo.GetType());
574 if (it != DUMP_TYPE_MAP.end()) {
575 type = it->second;
576 } else {
577 type = "unknown";
578 }
579 state.emplace_back(DUMP_TAB_CHARACTER + "Type: " + type);
580
581 std::string status = "";
582 if (osAccountInfo.GetIsActived()) {
583 status = "active";
584 } else {
585 status = "inactive";
586 }
587 state.emplace_back(DUMP_TAB_CHARACTER + "Status: " + status);
588
589 state.emplace_back(DUMP_TAB_CHARACTER + "Constraints:");
590 auto constraints = osAccountInfo.GetConstraints();
591 for (auto constraint : constraints) {
592 state.emplace_back(DUMP_TAB_CHARACTER + DUMP_TAB_CHARACTER + constraint);
593 }
594
595 std::string verifiedStatus = "";
596 if (osAccountInfo.GetIsVerified()) {
597 verifiedStatus = "true";
598 } else {
599 verifiedStatus = "false";
600 }
601 state.emplace_back(DUMP_TAB_CHARACTER + "Verified: " + verifiedStatus);
602
603 int64_t serialNumber = osAccountInfo.GetSerialNumber();
604 state.emplace_back(DUMP_TAB_CHARACTER + "Serial Number: " + std::to_string(serialNumber));
605
606 std::string createCompletedStatus = "";
607 if (osAccountInfo.GetIsCreateCompleted()) {
608 createCompletedStatus = "true";
609 } else {
610 createCompletedStatus = "false";
611 }
612 state.emplace_back(DUMP_TAB_CHARACTER + "Create Completed: " + createCompletedStatus);
613
614 state.emplace_back("\n");
615 }
616
617 return ERR_OK;
618 }
619
QueryActiveOsAccountIds(std::vector<int32_t> & ids)620 ErrCode OsAccountManagerService::QueryActiveOsAccountIds(std::vector<int32_t>& ids)
621 {
622 return innerManager_->QueryActiveOsAccountIds(ids);
623 }
624
PermissionCheck(const std::string & permissionName,const std::string & constriantName)625 bool OsAccountManagerService::PermissionCheck(const std::string& permissionName, const std::string& constriantName)
626 {
627 // constriants check
628 int callerUid = IPCSkeleton::GetCallingUid();
629 if (!constriantName.empty()) {
630 int callerUserId = callerUid / UID_TRANSFORM_DIVISOR;
631 bool isEnable = true;
632 innerManager_->IsOsAccountConstraintEnable(callerUserId, constriantName, isEnable);
633 if (isEnable) {
634 ACCOUNT_LOGE("constriant check %{public}s failed.", constriantName.c_str());
635 return false;
636 }
637 }
638
639 // root check
640 if (callerUid == ROOT_UID) {
641 return true;
642 }
643
644 // permission check
645 if (permissionManagerPtr_->VerifyPermission(permissionName) == ERR_OK) {
646 return true;
647 }
648
649 ACCOUNT_LOGE("failed to verify permission for %{public}s.", permissionName.c_str());
650 return false;
651 }
652 } // namespace AccountSA
653 } // namespace OHOS
654