• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2021 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "ipc_skeleton.h"
17 #include "accesstoken_kit.h"
18 #include "time_permission.h"
19 
20 namespace OHOS {
21 namespace MiscServices {
22 namespace {
23 constexpr int32_t SYSTEM_UID = 1000;
24 constexpr int32_t ROOT_UID = 0;
25 constexpr int32_t MIN_SYSTEM_UID = 2100;
26 constexpr int32_t MAX_SYSTEM_UID = 2899;
27 }
28 sptr<AppExecFwk::IBundleMgr> TimePermission::bundleMgrProxy_;
29 
TimePermission()30 TimePermission::TimePermission() {};
~TimePermission()31 TimePermission::~TimePermission() {};
32 
CheckSelfPermission(std::string permName)33 bool TimePermission::CheckSelfPermission(std::string permName)
34 {
35     return true;
36 }
37 
CheckCallingPermission(int32_t uid,std::string permName)38 bool TimePermission::CheckCallingPermission(int32_t uid, std::string permName)
39 {
40     if ((uid == SYSTEM_UID) || (uid == ROOT_UID)) {
41         TIME_HILOGD(TIME_MODULE_COMMON, "root uid return true");
42         return true;
43     }
44     if (IsSystemUid(uid)) {
45         TIME_HILOGD(TIME_MODULE_COMMON, "system uid 2100 ~ 2899");
46         return true;
47     }
48     auto callingToken = IPCSkeleton::GetCallingTokenID();
49 
50     auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callingToken);
51     if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) {
52         TIME_HILOGD(TIME_MODULE_COMMON, "native token.");
53         return true;
54     }
55     auto result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callingToken, permName);
56     if (result == Security::AccessToken::TypePermissionState::PERMISSION_DENIED) {
57         return false;
58     }
59     return true;
60 }
61 
GetBundleManager()62 sptr<AppExecFwk::IBundleMgr> TimePermission::GetBundleManager()
63 {
64     if (bundleMgrProxy_ == nullptr) {
65         sptr<ISystemAbilityManager> systemManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
66         if (systemManager != nullptr) {
67             bundleMgrProxy_ =
68                 iface_cast<AppExecFwk::IBundleMgr>(systemManager->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID));
69         } else {
70             TIME_HILOGE(TIME_MODULE_COMMON, "fail to get SAMGR");
71         }
72     }
73     return bundleMgrProxy_;
74 }
75 
IsSystemUid(const int32_t & uid) const76 bool TimePermission::IsSystemUid(const int32_t &uid) const
77 {
78     TIME_HILOGE(TIME_MODULE_COMMON, "enter");
79 
80     if (uid >= MIN_SYSTEM_UID && uid <= MAX_SYSTEM_UID) {
81         return true;
82     }
83 
84     return false;
85 }
86 } // namespace MiscServices
87 } // namespace OHOS
88