1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "app_account_control_manager.h"
17
18 #include "accesstoken_kit.h"
19 #include "account_log_wrapper.h"
20 #include "app_account_app_state_observer.h"
21 #include "app_account_check_labels_session.h"
22 #include "app_account_data_storage.h"
23 #include "app_account_info.h"
24 #include "app_account_subscribe_manager.h"
25 #include "bundle_manager_adapter.h"
26 #include "ipc_skeleton.h"
27 #include "iservice_registry.h"
28 #include "ohos_account_kits.h"
29 #include "singleton.h"
30 #include "system_ability_definition.h"
31
32 namespace OHOS {
33 namespace AccountSA {
AppAccountControlManager()34 AppAccountControlManager::AppAccountControlManager()
35 {}
36
AddAccount(const std::string & name,const std::string & extraInfo,const uid_t & uid,const std::string & bundleName,AppAccountInfo & appAccountInfo)37 ErrCode AppAccountControlManager::AddAccount(const std::string &name, const std::string &extraInfo, const uid_t &uid,
38 const std::string &bundleName, AppAccountInfo &appAccountInfo)
39 {
40 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(uid);
41 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
42 if (result != ERR_OK) {
43 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
44
45 appAccountInfo.SetExtraInfo(extraInfo);
46
47 result = AddAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, uid);
48 if (result != ERR_OK) {
49 ACCOUNT_LOGE("failed to add account info into data storage, result %{public}d.", result);
50 return result;
51 }
52 } else {
53 ACCOUNT_LOGE("add existing account");
54 return ERR_APPACCOUNT_SERVICE_ADD_EXISTING_ACCOUNT;
55 }
56
57 return ERR_OK;
58 }
59
CreateAccount(const std::string & name,const CreateAccountOptions & options,const uid_t & uid,const std::string & bundleName,AppAccountInfo & appAccountInfo)60 ErrCode AppAccountControlManager::CreateAccount(const std::string &name, const CreateAccountOptions &options,
61 const uid_t &uid, const std::string &bundleName, AppAccountInfo &appAccountInfo)
62 {
63 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(uid);
64 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
65 if (result != ERR_OK) {
66 result = appAccountInfo.InitCustomData(options.customData);
67 if (result != ERR_OK) {
68 ACCOUNT_LOGE("failed to set custom data, result %{public}d.", result);
69 return ERR_APPACCOUNT_SERVICE_SET_ASSOCIATED_DATA;
70 }
71 result = AddAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, uid);
72 if (result != ERR_OK) {
73 ACCOUNT_LOGE("failed to add account info into data storage, result %{public}d.", result);
74 return result;
75 }
76 } else {
77 ACCOUNT_LOGE("add existing account");
78 return ERR_APPACCOUNT_SERVICE_ADD_EXISTING_ACCOUNT;
79 }
80
81 return ERR_OK;
82 }
83
DeleteAccount(const std::string & name,const uid_t & uid,const std::string & bundleName,AppAccountInfo & appAccountInfo)84 ErrCode AppAccountControlManager::DeleteAccount(
85 const std::string &name, const uid_t &uid, const std::string &bundleName, AppAccountInfo &appAccountInfo)
86 {
87 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(uid);
88 ErrCode result = DeleteAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr, uid);
89 if (result != ERR_OK) {
90 ACCOUNT_LOGE("failed to delete account info from data storage, result %{public}d.", result);
91 return result;
92 }
93 RemoveAssociatedDataCacheByAccount(uid, name);
94
95 std::set<std::string> authorizedApps;
96 appAccountInfo.GetAuthorizedApps(authorizedApps);
97 for (auto authorizedApp : authorizedApps) {
98 // remove authorized account from data storage
99 result = RemoveAuthorizedAccount(authorizedApp, appAccountInfo, dataStoragePtr, uid);
100 if (result != ERR_OK) {
101 ACCOUNT_LOGE("failed to save authorized account into data storage, result %{public}d.", result);
102 return result;
103 }
104 }
105
106 return ERR_OK;
107 }
108
GetAccountExtraInfo(const std::string & name,std::string & extraInfo,const uid_t & uid,const std::string & bundleName,const uint32_t & appIndex)109 ErrCode AppAccountControlManager::GetAccountExtraInfo(const std::string &name, std::string &extraInfo,
110 const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex)
111 {
112 AppAccountInfo appAccountInfo(name, bundleName);
113 appAccountInfo.SetAppIndex(appIndex);
114 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(uid);
115 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
116 if (result != ERR_OK) {
117 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
118 return result;
119 }
120
121 appAccountInfo.GetExtraInfo(extraInfo);
122
123 return ERR_OK;
124 }
125
SetAccountExtraInfo(const std::string & name,const std::string & extraInfo,const uid_t & uid,const std::string & bundleName,AppAccountInfo & appAccountInfo)126 ErrCode AppAccountControlManager::SetAccountExtraInfo(const std::string &name, const std::string &extraInfo,
127 const uid_t &uid, const std::string &bundleName, AppAccountInfo &appAccountInfo)
128 {
129 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(uid);
130 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
131 if (result != ERR_OK) {
132 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
133 return result;
134 }
135
136 appAccountInfo.SetExtraInfo(extraInfo);
137
138 result = SaveAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, uid);
139 if (result != ERR_OK) {
140 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", result);
141 return result;
142 }
143
144 ACCOUNT_LOGD("end, result = %{public}d", result);
145
146 return result;
147 }
148
EnableAppAccess(const std::string & name,const std::string & authorizedApp,AppAccountCallingInfo & appAccountCallingInfo,AppAccountInfo & appAccountInfo,const uint32_t apiVersion)149 ErrCode AppAccountControlManager::EnableAppAccess(const std::string &name, const std::string &authorizedApp,
150 AppAccountCallingInfo &appAccountCallingInfo, AppAccountInfo &appAccountInfo, const uint32_t apiVersion)
151 {
152 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(appAccountCallingInfo.callingUid);
153 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
154 if (result != ERR_OK) {
155 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
156 return result;
157 }
158
159 result = appAccountInfo.EnableAppAccess(authorizedApp, apiVersion);
160 if (result != ERR_OK) {
161 ACCOUNT_LOGE("failed to enable app access, result %{public}d.", result);
162 return ERR_APPACCOUNT_SERVICE_ENABLE_APP_ACCESS_ALREADY_EXISTS;
163 }
164
165 result = SaveAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, appAccountCallingInfo.callingUid);
166 if (result != ERR_OK) {
167 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", result);
168 return result;
169 }
170
171 // save authorized account into data storage
172 result = SaveAuthorizedAccount(authorizedApp, appAccountInfo, dataStoragePtr, appAccountCallingInfo.callingUid);
173 if (result != ERR_OK) {
174 ACCOUNT_LOGE("failed to save authorized account into data storage, result %{public}d.", result);
175 return result;
176 }
177
178 return ERR_OK;
179 }
180
DisableAppAccess(const std::string & name,const std::string & authorizedApp,AppAccountCallingInfo & appAccountCallingInfo,AppAccountInfo & appAccountInfo,const uint32_t apiVersion)181 ErrCode AppAccountControlManager::DisableAppAccess(const std::string &name, const std::string &authorizedApp,
182 AppAccountCallingInfo &appAccountCallingInfo, AppAccountInfo &appAccountInfo, const uint32_t apiVersion)
183 {
184 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(appAccountCallingInfo.callingUid);
185 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
186 if (result != ERR_OK) {
187 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
188 return result;
189 }
190
191 result = appAccountInfo.DisableAppAccess(authorizedApp, apiVersion);
192 if (result != ERR_OK) {
193 ACCOUNT_LOGE("failed to disable app access, result %{public}d.", result);
194 return ERR_APPACCOUNT_SERVICE_DISABLE_APP_ACCESS_NOT_EXISTED;
195 }
196
197 result = SaveAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, appAccountCallingInfo.callingUid);
198 if (result != ERR_OK) {
199 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", result);
200 return result;
201 }
202
203 // remove authorized account from data storage
204 result = RemoveAuthorizedAccount(authorizedApp, appAccountInfo, dataStoragePtr, appAccountCallingInfo.callingUid);
205 if (result != ERR_OK) {
206 ACCOUNT_LOGE("failed to save authorized account into data storage, result %{public}d.", result);
207 return result;
208 }
209
210 return ERR_OK;
211 }
212
CheckAppAccess(const std::string & name,const std::string & authorizedApp,bool & isAccessible,const AppAccountCallingInfo & appAccountCallingInfo)213 ErrCode AppAccountControlManager::CheckAppAccess(const std::string &name, const std::string &authorizedApp,
214 bool &isAccessible, const AppAccountCallingInfo &appAccountCallingInfo)
215 {
216 isAccessible = false;
217 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(appAccountCallingInfo.callingUid);
218 AppAccountInfo appAccountInfo(name, appAccountCallingInfo.bundleName);
219 appAccountInfo.SetAppIndex(appAccountCallingInfo.appIndex);
220 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
221 if (result != ERR_OK) {
222 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
223 return ERR_APPACCOUNT_SERVICE_ACCOUNT_NOT_EXIST;
224 }
225 return appAccountInfo.CheckAppAccess(authorizedApp, isAccessible);
226 }
227
CheckAppAccountSyncEnable(const std::string & name,bool & syncEnable,const uid_t & uid,const std::string & bundleName,const uint32_t & appIndex)228 ErrCode AppAccountControlManager::CheckAppAccountSyncEnable(const std::string &name,
229 bool &syncEnable, const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex)
230 {
231 AppAccountInfo appAccountInfo(name, bundleName);
232 appAccountInfo.SetAppIndex(appIndex);
233 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(uid);
234 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
235 if (result != ERR_OK) {
236 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
237 return result;
238 }
239
240 appAccountInfo.GetSyncEnable(syncEnable);
241
242 return ERR_OK;
243 }
244
SetAppAccountSyncEnable(const std::string & name,const bool & syncEnable,const uid_t & uid,const std::string & bundleName,AppAccountInfo & appAccountInfo)245 ErrCode AppAccountControlManager::SetAppAccountSyncEnable(const std::string &name, const bool &syncEnable,
246 const uid_t &uid, const std::string &bundleName, AppAccountInfo &appAccountInfo)
247 {
248 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(uid);
249 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
250 if (result != ERR_OK) {
251 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
252 return result;
253 }
254
255 appAccountInfo.SetSyncEnable(syncEnable);
256
257 result = SaveAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, uid);
258 if (result != ERR_OK) {
259 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", result);
260 return result;
261 }
262
263 return ERR_OK;
264 }
265
PopDataFromAssociatedDataCache()266 void AppAccountControlManager::PopDataFromAssociatedDataCache()
267 {
268 auto it = associatedDataCache_.begin();
269 auto toPopedIt = it++;
270 for (; it != associatedDataCache_.end(); ++it) {
271 if (toPopedIt->second.freq > it->second.freq) {
272 toPopedIt = it;
273 }
274 it->second.freq = 0;
275 }
276 associatedDataCache_.erase(toPopedIt);
277 }
278
GetAssociatedDataFromStorage(const std::string & name,const std::string & key,std::string & value,const uid_t & uid,const uint32_t & appIndex)279 ErrCode AppAccountControlManager::GetAssociatedDataFromStorage(const std::string &name, const std::string &key,
280 std::string &value, const uid_t &uid, const uint32_t &appIndex)
281 {
282 std::string bundleName;
283 if (!BundleManagerAdapter::GetInstance()->GetBundleNameForUid(uid, bundleName)) {
284 ACCOUNT_LOGE("failed to get bundle name");
285 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_NAME;
286 }
287 AppAccountInfo appAccountInfo(name, bundleName);
288 appAccountInfo.SetAppIndex(appIndex);
289 std::shared_ptr<AppAccountDataStorage> storePtr = GetDataStorage(uid);
290 if (storePtr == nullptr) {
291 ACCOUNT_LOGE("failed to get data storage");
292 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
293 }
294 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, storePtr);
295 if (result != ERR_OK) {
296 ACCOUNT_LOGE("failed to get account info from data storage");
297 return result;
298 }
299 AssociatedDataCacheItem item;
300 item.name = name;
301 item.freq = 0;
302 appAccountInfo.GetAllAssociatedData(item.data);
303 auto it = item.data.find(key);
304 if (it != item.data.end()) {
305 value = it->second;
306 } else {
307 result = ERR_APPACCOUNT_SERVICE_ASSOCIATED_DATA_KEY_NOT_EXIST;
308 }
309 if ((associatedDataCache_.size() == 0) && (!RegisterApplicationStateObserver())) {
310 ACCOUNT_LOGE("failed to register application state observer");
311 return result;
312 }
313 if (associatedDataCache_.size() >= ASSOCIATED_DATA_CACHE_MAX_SIZE) {
314 PopDataFromAssociatedDataCache();
315 }
316 associatedDataCache_.emplace(uid, item);
317 return result;
318 }
319
GetAssociatedData(const std::string & name,const std::string & key,std::string & value,const uid_t & uid)320 ErrCode AppAccountControlManager::GetAssociatedData(const std::string &name, const std::string &key,
321 std::string &value, const uid_t &uid)
322 {
323 std::lock_guard<std::mutex> lock(associatedDataMutex_);
324 auto it = associatedDataCache_.find(uid);
325 if ((it == associatedDataCache_.end()) || (it->second.name != name)) {
326 uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID();
327 Security::AccessToken::HapTokenInfo hapTokenInfo;
328 int result = Security::AccessToken::AccessTokenKit::GetHapTokenInfo(callingTokenId, hapTokenInfo);
329 if ((result != 0) || (hapTokenInfo.instIndex < 0)) {
330 ACCOUNT_LOGE("failed to get app index");
331 return ERR_APPACCOUNT_SERVICE_GET_APP_INDEX;
332 }
333 associatedDataCache_.erase(uid);
334 return GetAssociatedDataFromStorage(name, key, value, uid, hapTokenInfo.instIndex);
335 }
336 it->second.freq++;
337 auto dataIt = it->second.data.find(key);
338 if (dataIt == it->second.data.end()) {
339 return ERR_APPACCOUNT_SERVICE_ASSOCIATED_DATA_KEY_NOT_EXIST;
340 }
341 value = dataIt->second;
342 return ERR_OK;
343 }
344
SetAssociatedData(const std::string & name,const std::string & key,const std::string & value,const AppAccountCallingInfo & appAccountCallingInfo)345 ErrCode AppAccountControlManager::SetAssociatedData(const std::string &name, const std::string &key,
346 const std::string &value, const AppAccountCallingInfo &appAccountCallingInfo)
347 {
348 std::shared_ptr<AppAccountDataStorage> storePtr = GetDataStorage(appAccountCallingInfo.callingUid);
349 AppAccountInfo appAccountInfo(name, appAccountCallingInfo.bundleName);
350 appAccountInfo.SetAppIndex(appAccountCallingInfo.appIndex);
351 std::lock_guard<std::mutex> lock(associatedDataMutex_);
352 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, storePtr);
353 if (result != ERR_OK) {
354 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
355 return result;
356 }
357 result = appAccountInfo.SetAssociatedData(key, value);
358 if (result != ERR_OK) {
359 ACCOUNT_LOGE("failed to set associated data, result %{public}d.", result);
360 return result;
361 }
362 result = SaveAccountInfoIntoDataStorage(appAccountInfo, storePtr, appAccountCallingInfo.callingUid);
363 if (result != ERR_OK) {
364 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", result);
365 return result;
366 }
367 auto it = associatedDataCache_.find(appAccountCallingInfo.callingUid);
368 if ((it != associatedDataCache_.end()) && (it->second.name == name)) {
369 it->second.data[key] = value;
370 }
371 return ERR_OK;
372 }
373
GetAccountCredential(const std::string & name,const std::string & credentialType,std::string & credential,const AppAccountCallingInfo & appAccountCallingInfo)374 ErrCode AppAccountControlManager::GetAccountCredential(const std::string &name, const std::string &credentialType,
375 std::string &credential, const AppAccountCallingInfo &appAccountCallingInfo)
376 {
377 AppAccountInfo appAccountInfo(name, appAccountCallingInfo.bundleName);
378 appAccountInfo.SetAppIndex(appAccountCallingInfo.appIndex);
379 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(appAccountCallingInfo.callingUid);
380 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
381 if (result != ERR_OK) {
382 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
383 return result;
384 }
385
386 result = appAccountInfo.GetAccountCredential(credentialType, credential);
387 if (result != ERR_OK) {
388 ACCOUNT_LOGE("failed to get account credential, result %{public}d.", result);
389 return result;
390 }
391
392 return ERR_OK;
393 }
394
SetAccountCredential(const std::string & name,const std::string & credentialType,const std::string & credential,const AppAccountCallingInfo & appAccountCallingInfo,bool isDelete)395 ErrCode AppAccountControlManager::SetAccountCredential(const std::string &name, const std::string &credentialType,
396 const std::string &credential, const AppAccountCallingInfo &appAccountCallingInfo, bool isDelete)
397 {
398 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(appAccountCallingInfo.callingUid);
399 AppAccountInfo appAccountInfo(name, appAccountCallingInfo.bundleName);
400 appAccountInfo.SetAppIndex(appAccountCallingInfo.appIndex);
401 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
402 if (result != ERR_OK) {
403 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
404 return ERR_APPACCOUNT_SERVICE_ACCOUNT_NOT_EXIST;
405 }
406
407 result = appAccountInfo.SetAccountCredential(credentialType, credential, isDelete);
408 if (result != ERR_OK) {
409 ACCOUNT_LOGE("failed to set account credential, result %{public}d.", result);
410 return result;
411 }
412
413 result = SaveAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, appAccountCallingInfo.callingUid);
414 if (result != ERR_OK) {
415 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", result);
416 return result;
417 }
418
419 return ERR_OK;
420 }
421
GetOAuthToken(const AuthenticatorSessionRequest & request,std::string & token,const uint32_t apiVersion)422 ErrCode AppAccountControlManager::GetOAuthToken(
423 const AuthenticatorSessionRequest &request, std::string &token, const uint32_t apiVersion)
424 {
425 AppAccountInfo appAccountInfo(request.name, request.owner);
426 appAccountInfo.SetAppIndex(request.appIndex);
427 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(request.callerUid);
428 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
429 if (result != ERR_OK) {
430 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
431 return ERR_APPACCOUNT_SERVICE_ACCOUNT_NOT_EXIST;
432 }
433 bool isVisible = false;
434 result = appAccountInfo.CheckOAuthTokenVisibility(
435 request.authType, request.callerBundleName, isVisible, apiVersion);
436 if ((result != ERR_OK) || (!isVisible)) {
437 ACCOUNT_LOGE("failed to get oauth token for permission denied, result %{public}d.", result);
438 return ERR_APPACCOUNT_SERVICE_PERMISSION_DENIED;
439 }
440 return appAccountInfo.GetOAuthToken(request.authType, token, apiVersion);
441 }
442
SetOAuthToken(const AuthenticatorSessionRequest & request)443 ErrCode AppAccountControlManager::SetOAuthToken(const AuthenticatorSessionRequest &request)
444 {
445 std::lock_guard<std::mutex> lock(mutex_);
446 AppAccountInfo appAccountInfo(request.name, request.callerBundleName);
447 appAccountInfo.SetAppIndex(request.appIndex);
448 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(request.callerUid);
449 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
450 if (result != ERR_OK) {
451 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
452 return ERR_APPACCOUNT_SERVICE_ACCOUNT_NOT_EXIST;
453 }
454 result = appAccountInfo.SetOAuthToken(request.authType, request.token);
455 if (result != ERR_OK) {
456 ACCOUNT_LOGE("failed to set oauth token, result %{public}d.", result);
457 return result;
458 }
459 result = SaveAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, request.callerUid);
460 if (result != ERR_OK) {
461 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", result);
462 return ERR_APPACCOUNT_SERVICE_SAVE_ACCOUNT_INFO;
463 }
464 return ERR_OK;
465 }
466
DeleteOAuthToken(const AuthenticatorSessionRequest & request,const uint32_t apiVersion)467 ErrCode AppAccountControlManager::DeleteOAuthToken(
468 const AuthenticatorSessionRequest &request, const uint32_t apiVersion)
469 {
470 std::lock_guard<std::mutex> lock(mutex_);
471 AppAccountInfo appAccountInfo(request.name, request.owner);
472 appAccountInfo.SetAppIndex(request.appIndex);
473 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(request.callerUid);
474 ErrCode ret = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
475 if (ret != ERR_OK) {
476 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", ret);
477 return ERR_APPACCOUNT_SERVICE_ACCOUNT_NOT_EXIST;
478 }
479 bool isOwnerSelf = false;
480 if (request.owner == request.callerBundleName) {
481 isOwnerSelf = true;
482 }
483 bool isVisible = false;
484 ret = appAccountInfo.CheckOAuthTokenVisibility(request.authType, request.callerBundleName, isVisible, apiVersion);
485 if ((!isVisible) || (ret != ERR_OK)) {
486 ACCOUNT_LOGE("failed to delete oauth token for permission denied, result %{public}d.", ret);
487 return ERR_APPACCOUNT_SERVICE_PERMISSION_DENIED;
488 }
489 if (apiVersion >= Constants::API_VERSION9) {
490 ret = appAccountInfo.DeleteAuthToken(request.authType, request.token, isOwnerSelf);
491 if (ret != ERR_OK) {
492 return ret;
493 }
494 } else {
495 ret = appAccountInfo.DeleteOAuthToken(request.authType, request.token);
496 if (ret == ERR_APPACCOUNT_SERVICE_OAUTH_TOKEN_NOT_EXIST) {
497 return ERR_OK;
498 }
499 }
500 ret = SaveAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, request.callerUid);
501 if (ret != ERR_OK) {
502 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", ret);
503 return ERR_APPACCOUNT_SERVICE_SAVE_ACCOUNT_INFO;
504 }
505 return ERR_OK;
506 }
507
SetOAuthTokenVisibility(const AuthenticatorSessionRequest & request,const uint32_t apiVersion)508 ErrCode AppAccountControlManager::SetOAuthTokenVisibility(
509 const AuthenticatorSessionRequest &request, const uint32_t apiVersion)
510 {
511 std::lock_guard<std::mutex> lock(mutex_);
512 AppAccountInfo appAccountInfo(request.name, request.callerBundleName);
513 appAccountInfo.SetAppIndex(request.appIndex);
514 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(request.callerUid);
515 ErrCode ret = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
516 if (ret != ERR_OK) {
517 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", ret);
518 return ERR_APPACCOUNT_SERVICE_ACCOUNT_NOT_EXIST;
519 }
520 ret = appAccountInfo.SetOAuthTokenVisibility(
521 request.authType, request.bundleName, request.isTokenVisible, apiVersion);
522 if (ret != ERR_OK) {
523 ACCOUNT_LOGE("failed to set oauth token visibility, result %{public}d.", ret);
524 return ret;
525 }
526 ret = SaveAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, request.callerUid);
527 if (ret != ERR_OK) {
528 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", ret);
529 return ERR_APPACCOUNT_SERVICE_SAVE_ACCOUNT_INFO;
530 }
531 return ERR_OK;
532 }
533
CheckOAuthTokenVisibility(const AuthenticatorSessionRequest & request,bool & isVisible,const uint32_t apiVersion)534 ErrCode AppAccountControlManager::CheckOAuthTokenVisibility(
535 const AuthenticatorSessionRequest &request, bool &isVisible, const uint32_t apiVersion)
536 {
537 isVisible = false;
538 AppAccountInfo appAccountInfo(request.name, request.owner);
539 appAccountInfo.SetAppIndex(request.appIndex);
540 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(request.callerUid);
541 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
542 if (result != ERR_OK) {
543 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
544 return ERR_APPACCOUNT_SERVICE_ACCOUNT_NOT_EXIST;
545 }
546 return appAccountInfo.CheckOAuthTokenVisibility(request.authType, request.bundleName, isVisible, apiVersion);
547 }
548
GetAllOAuthTokens(const AuthenticatorSessionRequest & request,std::vector<OAuthTokenInfo> & tokenInfos)549 ErrCode AppAccountControlManager::GetAllOAuthTokens(
550 const AuthenticatorSessionRequest &request, std::vector<OAuthTokenInfo> &tokenInfos)
551 {
552 tokenInfos.clear();
553 AppAccountInfo appAccountInfo(request.name, request.owner);
554 appAccountInfo.SetAppIndex(request.appIndex);
555 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(request.callerUid);
556 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
557 if (result != ERR_OK) {
558 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
559 return ERR_APPACCOUNT_SERVICE_ACCOUNT_NOT_EXIST;
560 }
561 std::vector<OAuthTokenInfo> allTokenInfos;
562 result = appAccountInfo.GetAllOAuthTokens(allTokenInfos);
563 if (result != ERR_OK) {
564 ACCOUNT_LOGE("failed to get all oauth token from data storage, result %{public}d.", result);
565 return result;
566 }
567 if (request.callerBundleName == request.owner) {
568 tokenInfos = allTokenInfos;
569 return ERR_OK;
570 }
571 for (auto tokenInfo : allTokenInfos) {
572 if (tokenInfo.token.empty()) {
573 continue;
574 }
575 auto it = tokenInfo.authList.find(request.callerBundleName);
576 if (it != tokenInfo.authList.end()) {
577 tokenInfo.authList.clear();
578 tokenInfos.push_back(tokenInfo);
579 }
580 }
581 return ERR_OK;
582 }
583
GetOAuthList(const AuthenticatorSessionRequest & request,std::set<std::string> & oauthList,const uint32_t apiVersion)584 ErrCode AppAccountControlManager::GetOAuthList(
585 const AuthenticatorSessionRequest &request, std::set<std::string> &oauthList, const uint32_t apiVersion)
586 {
587 AppAccountInfo appAccountInfo(request.name, request.callerBundleName);
588 appAccountInfo.SetAppIndex(request.appIndex);
589 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(request.callerUid);
590 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
591 if (result != ERR_OK) {
592 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
593 return ERR_APPACCOUNT_SERVICE_ACCOUNT_NOT_EXIST;
594 }
595 return appAccountInfo.GetOAuthList(request.authType, oauthList, apiVersion);
596 }
597
GetAllAccounts(const std::string & owner,std::vector<AppAccountInfo> & appAccounts,const uid_t & uid,const std::string & bundleName,const uint32_t & appIndex)598 ErrCode AppAccountControlManager::GetAllAccounts(const std::string &owner, std::vector<AppAccountInfo> &appAccounts,
599 const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex)
600 {
601 appAccounts.clear();
602
603 auto dataStoragePtr = GetDataStorage(uid);
604 if (dataStoragePtr == nullptr) {
605 ACCOUNT_LOGE("dataStoragePtr is nullptr");
606 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
607 }
608 if (bundleName == owner) {
609 std::string key = owner + Constants::HYPHEN + std::to_string(appIndex);
610 ErrCode result = GetAllAccountsFromDataStorage(key, appAccounts, bundleName, dataStoragePtr);
611 if (result != ERR_OK) {
612 ACCOUNT_LOGE("failed to get all accounts from data storage, result = %{public}d", result);
613 return result;
614 }
615 return ERR_OK;
616 }
617
618 std::vector<std::string> accessibleAccounts;
619 ErrCode result = dataStoragePtr->GetAccessibleAccountsFromDataStorage(bundleName, accessibleAccounts);
620 if (result != ERR_OK) {
621 ACCOUNT_LOGE("failed to get accessible account from data storage, result %{public}d.", result);
622 return result;
623 }
624 for (auto account : accessibleAccounts) {
625 AppAccountInfo appAccountInfo;
626 result = dataStoragePtr->GetAccountInfoById(account, appAccountInfo);
627 if (result != ERR_OK) {
628 ACCOUNT_LOGE("failed to get account info by id, result %{public}d.", result);
629 return ERR_APPACCOUNT_SERVICE_GET_ACCOUNT_INFO_BY_ID;
630 }
631 if (appAccountInfo.GetOwner() == owner) {
632 appAccounts.emplace_back(appAccountInfo);
633 }
634 }
635 return ERR_OK;
636 }
637
GetAllAccessibleAccounts(std::vector<AppAccountInfo> & appAccounts,const uid_t & uid,const std::string & bundleName,const uint32_t & appIndex)638 ErrCode AppAccountControlManager::GetAllAccessibleAccounts(std::vector<AppAccountInfo> &appAccounts,
639 const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex)
640 {
641 appAccounts.clear();
642
643 auto dataStoragePtr = GetDataStorage(uid);
644 if (dataStoragePtr == nullptr) {
645 ACCOUNT_LOGE("dataStoragePtr is nullptr");
646 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
647 }
648
649 std::vector<std::string> accessibleAccounts;
650 ErrCode result = dataStoragePtr->GetAccessibleAccountsFromDataStorage(bundleName, accessibleAccounts);
651 if (result != ERR_OK) {
652 ACCOUNT_LOGE("failed to get accessible account from data storage, result %{public}d.", result);
653 return result;
654 }
655
656 for (auto account : accessibleAccounts) {
657 AppAccountInfo appAccountInfo;
658
659 result = dataStoragePtr->GetAccountInfoById(account, appAccountInfo);
660 if (result != ERR_OK) {
661 ACCOUNT_LOGE("failed to get account info by id, result %{public}d.", result);
662 return ERR_APPACCOUNT_SERVICE_GET_ACCOUNT_INFO_BY_ID;
663 }
664
665 appAccounts.emplace_back(appAccountInfo);
666 }
667
668 std::vector<AppAccountInfo> currentAppAccounts;
669 std::string key = bundleName + Constants::HYPHEN + std::to_string(appIndex);
670 result = GetAllAccountsFromDataStorage(key, currentAppAccounts, bundleName, dataStoragePtr);
671 if (result != ERR_OK) {
672 ACCOUNT_LOGE("failed to get all accounts from data storage, result = %{public}d", result);
673 return result;
674 }
675
676 std::transform(currentAppAccounts.begin(), currentAppAccounts.end(), std::back_inserter(appAccounts),
677 [](auto account) { return account; });
678
679 return ERR_OK;
680 }
681
SelectAccountsByOptions(const SelectAccountsOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback,const uid_t & uid,const std::string & bundleName,const uint32_t & appIndex)682 ErrCode AppAccountControlManager::SelectAccountsByOptions(
683 const SelectAccountsOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback,
684 const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex)
685 {
686 AAFwk::Want result;
687 if ((!options.hasAccounts) && (!options.hasOwners) && (!options.hasLabels)) {
688 callback->OnResult(ERR_JS_SUCCESS, result);
689 return ERR_OK;
690 }
691 std::set<std::string> allowedAccounts;
692 for (auto account : options.allowedAccounts) {
693 allowedAccounts.emplace(account.first + "_" + account.second);
694 }
695 std::set<std::string> allowedOwners(options.allowedOwners.begin(), options.allowedOwners.end());
696 std::vector<AppAccountInfo> accessibleAccounts;
697 ErrCode errCode = GetAllAccessibleAccounts(accessibleAccounts, uid, bundleName, appIndex);
698 if (errCode != ERR_OK) {
699 ACCOUNT_LOGE("failed to get all accessible accounts");
700 return errCode;
701 }
702 std::vector<AppAccountInfo> candidateAccounts;
703 for (auto account : accessibleAccounts) {
704 std::string owner = account.GetOwner();
705 if (options.hasOwners && allowedOwners.count(owner) == 0) {
706 continue;
707 }
708 if (options.hasAccounts && allowedAccounts.count(owner + "_" + account.GetName()) == 0) {
709 continue;
710 }
711 candidateAccounts.push_back(account);
712 }
713 if (options.requiredLabels.size() == 0) {
714 std::vector<std::string> names;
715 std::vector<std::string> owners;
716 for (auto account : candidateAccounts) {
717 names.push_back(account.GetName());
718 owners.push_back(account.GetOwner());
719 }
720 result.SetParam(Constants::KEY_ACCOUNT_NAMES, names);
721 result.SetParam(Constants::KEY_ACCOUNT_OWNERS, owners);
722 callback->OnResult(ERR_JS_SUCCESS, result);
723 return ERR_OK;
724 }
725 AuthenticatorSessionRequest request;
726 request.callback = callback;
727 request.callerUid = uid;
728 request.labels = options.requiredLabels;
729 auto sessionManager = AppAccountAuthenticatorSessionManager::GetInstance();
730 if (sessionManager == nullptr) {
731 return ERR_APPACCOUNT_SERVICE_OAUTH_SERVICE_EXCEPTION;
732 }
733 return sessionManager->SelectAccountsByOptions(candidateAccounts, request);
734 }
735
RemoveAssociatedDataCacheByUid(const uid_t & uid)736 void AppAccountControlManager::RemoveAssociatedDataCacheByUid(const uid_t &uid)
737 {
738 std::lock_guard<std::mutex> lock(associatedDataMutex_);
739 associatedDataCache_.erase(uid);
740 if (associatedDataCache_.empty()) {
741 UnregisterApplicationStateObserver();
742 }
743 }
744
RemoveAssociatedDataCacheByAccount(const uid_t & uid,const std::string & name)745 void AppAccountControlManager::RemoveAssociatedDataCacheByAccount(const uid_t &uid, const std::string &name)
746 {
747 std::lock_guard<std::mutex> lock(associatedDataMutex_);
748 auto it = associatedDataCache_.find(uid);
749 if ((it == associatedDataCache_.end()) || (it->second.name != name)) {
750 return;
751 }
752 associatedDataCache_.erase(it);
753 if (associatedDataCache_.empty()) {
754 UnregisterApplicationStateObserver();
755 }
756 }
757
OnPackageRemoved(const uid_t & uid,const std::string & bundleName,const uint32_t & appIndex)758 ErrCode AppAccountControlManager::OnPackageRemoved(
759 const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex)
760 {
761 RemoveAssociatedDataCacheByUid(uid);
762 auto dataStoragePtr = GetDataStorage(uid);
763 if (dataStoragePtr == nullptr) {
764 ACCOUNT_LOGE("dataStoragePtr is nullptr");
765 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
766 }
767 #ifdef DISTRIBUTED_FEATURE_ENABLED
768 auto dataStorageSyncPtr = GetDataStorage(uid, true);
769 if (dataStorageSyncPtr == nullptr) {
770 ACCOUNT_LOGE("dataStorageSyncPtr is nullptr");
771 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
772 }
773 #endif // DISTRIBUTED_FEATURE_ENABLED
774 std::map<std::string, std::shared_ptr<IAccountInfo>> accounts;
775 std::string key = bundleName + Constants::HYPHEN + std::to_string(appIndex);
776 ErrCode result = dataStoragePtr->LoadDataByLocalFuzzyQuery(key, accounts);
777 if (result != ERR_OK) {
778 ACCOUNT_LOGE("failed to get accounts by owner, result %{public}d, bundleName = %{public}s",
779 result, bundleName.c_str());
780 return ERR_APPACCOUNT_SERVICE_GET_ACCOUNT_INFO_BY_OWNER;
781 }
782 AppAccountInfo appAccountInfo;
783 for (auto account : accounts) {
784 appAccountInfo = *(std::static_pointer_cast<AppAccountInfo>(account.second));
785 std::set<std::string> authorizedApps;
786 appAccountInfo.GetAuthorizedApps(authorizedApps);
787 appAccountInfo.SetAppIndex(appIndex);
788 for (auto authorizedApp : authorizedApps) {
789 RemoveAuthorizedAccountFromDataStorage(authorizedApp, appAccountInfo, dataStoragePtr);
790 #ifdef DISTRIBUTED_FEATURE_ENABLED
791 if (NeedSyncDataStorage(appAccountInfo) == true) {
792 RemoveAuthorizedAccountFromDataStorage(authorizedApp, appAccountInfo, dataStorageSyncPtr);
793 }
794 #endif // DISTRIBUTED_FEATURE_ENABLED
795 }
796 dataStoragePtr->DeleteAccountInfoFromDataStorage(appAccountInfo);
797 #ifdef DISTRIBUTED_FEATURE_ENABLED
798 if (NeedSyncDataStorage(appAccountInfo) == true) {
799 dataStorageSyncPtr->DeleteAccountInfoFromDataStorage(appAccountInfo);
800 }
801 #else // DISTRIBUTED_FEATURE_ENABLED
802 ACCOUNT_LOGI("No distributed feature!");
803 #endif // DISTRIBUTED_FEATURE_ENABLED
804 }
805 return ERR_OK;
806 }
807
OnUserRemoved(int32_t userId)808 ErrCode AppAccountControlManager::OnUserRemoved(int32_t userId)
809 {
810 std::string storeId = std::to_string(userId);
811 std::string syncStoreId = storeId + AppAccountDataStorage::DATA_STORAGE_SUFFIX;
812 std::lock_guard<std::mutex> lock(storePtrMutex_);
813 storePtrMap_.erase(storeId);
814 storePtrMap_.erase(syncStoreId);
815 return ERR_OK;
816 }
817
RegisterApplicationStateObserver()818 bool AppAccountControlManager::RegisterApplicationStateObserver()
819 {
820 if (appStateObserver_ != nullptr) {
821 return false;
822 }
823 appStateObserver_ = new (std::nothrow) AppAccountAppStateObserver();
824 if (appStateObserver_ == nullptr) {
825 ACCOUNT_LOGE("failed to create AppAccountAppStateObserver instance");
826 return false;
827 }
828 sptr<ISystemAbilityManager> samgrClient = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
829 if (samgrClient == nullptr) {
830 ACCOUNT_LOGE("failed to system ability manager");
831 return false;
832 }
833 iAppMgr_ = iface_cast<AppExecFwk::IAppMgr>(samgrClient->GetSystemAbility(APP_MGR_SERVICE_ID));
834 if (iAppMgr_ == nullptr) {
835 appStateObserver_ = nullptr;
836 ACCOUNT_LOGE("failed to get ability manager service");
837 return false;
838 }
839 int32_t result = iAppMgr_->RegisterApplicationStateObserver(appStateObserver_);
840 if (result != ERR_OK) {
841 return false;
842 }
843 return true;
844 }
845
UnregisterApplicationStateObserver()846 void AppAccountControlManager::UnregisterApplicationStateObserver()
847 {
848 if (iAppMgr_) {
849 iAppMgr_->UnregisterApplicationStateObserver(appStateObserver_);
850 }
851 iAppMgr_ = nullptr;
852 appStateObserver_ = nullptr;
853 }
854
OnAbilityStateChanged(const AppExecFwk::AbilityStateData & abilityStateData)855 void AppAccountControlManager::OnAbilityStateChanged(const AppExecFwk::AbilityStateData &abilityStateData)
856 {
857 if (abilityStateData.abilityState != static_cast<int32_t>(AppExecFwk::AbilityState::ABILITY_STATE_TERMINATED)) {
858 return;
859 }
860 RemoveAssociatedDataCacheByUid(abilityStateData.uid);
861 }
862
GetAllAccountsFromDataStorage(const std::string & owner,std::vector<AppAccountInfo> & appAccounts,const std::string & bundleName,const std::shared_ptr<AppAccountDataStorage> & dataStoragePtr)863 ErrCode AppAccountControlManager::GetAllAccountsFromDataStorage(const std::string &owner,
864 std::vector<AppAccountInfo> &appAccounts, const std::string &bundleName,
865 const std::shared_ptr<AppAccountDataStorage> &dataStoragePtr)
866 {
867 appAccounts.clear();
868
869 if (dataStoragePtr == nullptr) {
870 ACCOUNT_LOGE("dataStoragePtr is nullptr");
871 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
872 }
873
874 std::map<std::string, std::shared_ptr<IAccountInfo>> accounts;
875 ErrCode result = dataStoragePtr->LoadDataByLocalFuzzyQuery(owner, accounts);
876 if (result != ERR_OK) {
877 ACCOUNT_LOGE("failed to get accounts by owner, result = %{public}d, owner = %{public}s",
878 result, owner.c_str());
879 return ERR_APPACCOUNT_SERVICE_GET_ACCOUNT_INFO_BY_OWNER;
880 }
881
882 std::transform(accounts.begin(), accounts.end(), std::back_inserter(appAccounts),
883 [](auto account) { return *(std::static_pointer_cast<AppAccountInfo>(account.second)); });
884
885 return ERR_OK;
886 }
887
GetAllAccessibleAccountsFromDataStorage(std::vector<AppAccountInfo> & appAccounts,const std::string & bundleName,const std::shared_ptr<AppAccountDataStorage> & dataStoragePtr,const uint32_t & appIndex)888 ErrCode AppAccountControlManager::GetAllAccessibleAccountsFromDataStorage(
889 std::vector<AppAccountInfo> &appAccounts, const std::string &bundleName,
890 const std::shared_ptr<AppAccountDataStorage> &dataStoragePtr, const uint32_t &appIndex)
891 {
892 appAccounts.clear();
893
894 if (dataStoragePtr == nullptr) {
895 ACCOUNT_LOGE("dataStoragePtr is nullptr");
896 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
897 }
898
899 std::vector<std::string> accessibleAccounts;
900 ErrCode result = dataStoragePtr->GetAccessibleAccountsFromDataStorage(bundleName, accessibleAccounts);
901 if (result != ERR_OK) {
902 ACCOUNT_LOGE("failed to get accessible account from data storage, result = %{public}d.", result);
903 return result;
904 }
905
906 for (auto account : accessibleAccounts) {
907 AppAccountInfo appAccountInfo;
908
909 result = dataStoragePtr->GetAccountInfoById(account, appAccountInfo);
910 if (result != ERR_OK) {
911 ACCOUNT_LOGE("failed to get account info by id. result %{public}d.", result);
912 return ERR_APPACCOUNT_SERVICE_GET_ACCOUNT_INFO_BY_ID;
913 }
914
915 appAccounts.emplace_back(appAccountInfo);
916 }
917
918 std::vector<AppAccountInfo> currentAppAccounts;
919 std::string key = bundleName + Constants::HYPHEN + std::to_string(appIndex);
920 result = GetAllAccountsFromDataStorage(key, currentAppAccounts, bundleName, dataStoragePtr);
921 if (result != ERR_OK) {
922 ACCOUNT_LOGE("failed to get all accounts from data storage, result = %{public}d", result);
923 return result;
924 }
925
926 std::transform(currentAppAccounts.begin(), currentAppAccounts.end(), std::back_inserter(appAccounts),
927 [](auto account) { return account; });
928
929 return ERR_OK;
930 }
931
GetDataStorageByUserId(int32_t userId,const bool & autoSync)932 std::shared_ptr<AppAccountDataStorage> AppAccountControlManager::GetDataStorageByUserId(
933 int32_t userId, const bool &autoSync)
934 {
935 std::string storeId = std::to_string(userId);
936 if (autoSync == true) {
937 storeId = storeId + AppAccountDataStorage::DATA_STORAGE_SUFFIX;
938 }
939 std::lock_guard<std::mutex> lock(storePtrMutex_);
940 auto it = storePtrMap_.find(storeId);
941 if (it != storePtrMap_.end()) {
942 return it->second;
943 }
944 auto storePtr = std::make_shared<AppAccountDataStorage>(storeId, autoSync);
945 storePtrMap_.emplace(storeId, storePtr);
946 return storePtr;
947 }
948
GetDataStorage(const uid_t & uid,const bool & autoSync)949 std::shared_ptr<AppAccountDataStorage> AppAccountControlManager::GetDataStorage(const uid_t &uid, const bool &autoSync)
950 {
951 return GetDataStorageByUserId(uid / UID_TRANSFORM_DIVISOR, autoSync);
952 }
953
NeedSyncDataStorage(const AppAccountInfo & appAccountInfo)954 bool AppAccountControlManager::NeedSyncDataStorage(const AppAccountInfo &appAccountInfo)
955 {
956 bool syncEnable = false;
957 appAccountInfo.GetSyncEnable(syncEnable);
958
959 if (syncEnable == false) {
960 return false;
961 }
962 return true;
963 }
964
GetAccountInfoFromDataStorage(AppAccountInfo & appAccountInfo,std::shared_ptr<AppAccountDataStorage> & dataStoragePtr)965 ErrCode AppAccountControlManager::GetAccountInfoFromDataStorage(
966 AppAccountInfo &appAccountInfo, std::shared_ptr<AppAccountDataStorage> &dataStoragePtr)
967 {
968 if (dataStoragePtr == nullptr) {
969 ACCOUNT_LOGE("dataStoragePtr is nullptr");
970 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
971 }
972
973 return dataStoragePtr->GetAccountInfoFromDataStorage(appAccountInfo);
974 }
975
AddAccountInfoIntoDataStorage(AppAccountInfo & appAccountInfo,const std::shared_ptr<AppAccountDataStorage> & dataStoragePtr,const uid_t & uid)976 ErrCode AppAccountControlManager::AddAccountInfoIntoDataStorage(
977 AppAccountInfo &appAccountInfo, const std::shared_ptr<AppAccountDataStorage> &dataStoragePtr, const uid_t &uid)
978 {
979 if (dataStoragePtr == nullptr) {
980 ACCOUNT_LOGE("dataStoragePtr is nullptr");
981 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
982 }
983
984 std::string owner;
985 appAccountInfo.GetOwner(owner);
986
987 std::map<std::string, std::shared_ptr<IAccountInfo>> accounts;
988 std::string key = owner + Constants::HYPHEN + std::to_string(appAccountInfo.GetAppIndex());
989 ErrCode result = dataStoragePtr->LoadDataByLocalFuzzyQuery(key, accounts);
990 if (result != ERR_OK) {
991 ACCOUNT_LOGE("failed to get accounts by owner, result %{public}d, owner = %{public}s",
992 result, owner.c_str());
993 return ERR_APPACCOUNT_SERVICE_GET_ACCOUNT_INFO_BY_OWNER;
994 }
995
996 if (accounts.size() >= ACCOUNT_MAX_SIZE) {
997 ACCOUNT_LOGE("account exceeds max size");
998 return ERR_APPACCOUNT_SERVICE_ACCOUNT_MAX_SIZE;
999 }
1000
1001 result = dataStoragePtr->AddAccountInfoIntoDataStorage(appAccountInfo);
1002 if (result != ERR_OK) {
1003 ACCOUNT_LOGE("failed to add account info into data storage, result %{public}d.", result);
1004 return result;
1005 }
1006
1007 // for sync data storage
1008 #ifdef DISTRIBUTED_FEATURE_ENABLED
1009 if (NeedSyncDataStorage(appAccountInfo) == true) {
1010 auto dataStorageSyncPtr = GetDataStorage(uid, true);
1011 if (dataStorageSyncPtr == nullptr) {
1012 ACCOUNT_LOGE("dataStorageSyncPtr is nullptr");
1013 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1014 }
1015
1016 result = dataStorageSyncPtr->AddAccountInfoIntoDataStorage(appAccountInfo);
1017 if (result != ERR_OK) {
1018 ACCOUNT_LOGE("failed to add account info into data storage, result %{public}d.", result);
1019 return result;
1020 }
1021 }
1022 #else // DISTRIBUTED_FEATURE_ENABLED
1023 ACCOUNT_LOGI("No distributed feature!");
1024 #endif // DISTRIBUTED_FEATURE_ENABLED
1025
1026 return ERR_OK;
1027 }
1028
SaveAccountInfoIntoDataStorage(AppAccountInfo & appAccountInfo,const std::shared_ptr<AppAccountDataStorage> & dataStoragePtr,const uid_t & uid)1029 ErrCode AppAccountControlManager::SaveAccountInfoIntoDataStorage(
1030 AppAccountInfo &appAccountInfo, const std::shared_ptr<AppAccountDataStorage> &dataStoragePtr, const uid_t &uid)
1031 {
1032 if (dataStoragePtr == nullptr) {
1033 ACCOUNT_LOGE("dataStoragePtr is nullptr");
1034 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1035 }
1036
1037 ErrCode result = dataStoragePtr->SaveAccountInfoIntoDataStorage(appAccountInfo);
1038 if (result != ERR_OK) {
1039 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", result);
1040 return result;
1041 }
1042
1043 // for sync data storage
1044 #ifdef DISTRIBUTED_FEATURE_ENABLED
1045 if (NeedSyncDataStorage(appAccountInfo) == true) {
1046 auto dataStorageSyncPtr = GetDataStorage(uid, true);
1047 if (dataStorageSyncPtr == nullptr) {
1048 ACCOUNT_LOGE("dataStorageSyncPtr is nullptr");
1049 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1050 }
1051
1052 std::string appAccountInfoFromDataStorage;
1053 result = dataStorageSyncPtr->GetValueFromKvStore(appAccountInfo.GetPrimeKey(), appAccountInfoFromDataStorage);
1054 if (result != ERR_OK) {
1055 ACCOUNT_LOGE("failed to get config by id from data storage, result %{public}d.", result);
1056
1057 result = dataStorageSyncPtr->AddAccountInfo(appAccountInfo);
1058 if (result != ERR_OK) {
1059 ACCOUNT_LOGE("failed to add account info, result = %{public}d", result);
1060 return ERR_APPACCOUNT_SERVICE_ADD_ACCOUNT_INFO;
1061 }
1062 } else {
1063 result = dataStorageSyncPtr->SaveAccountInfo(appAccountInfo);
1064 if (result != ERR_OK) {
1065 ACCOUNT_LOGE("failed to save account info, result = %{public}d", result);
1066 return ERR_APPACCOUNT_SERVICE_SAVE_ACCOUNT_INFO;
1067 }
1068 }
1069 }
1070 #else // DISTRIBUTED_FEATURE_ENABLED
1071 ACCOUNT_LOGI("No distributed feature!");
1072 #endif // DISTRIBUTED_FEATURE_ENABLED
1073
1074 return ERR_OK;
1075 }
1076
DeleteAccountInfoFromDataStorage(AppAccountInfo & appAccountInfo,std::shared_ptr<AppAccountDataStorage> & dataStoragePtr,const uid_t & uid)1077 ErrCode AppAccountControlManager::DeleteAccountInfoFromDataStorage(
1078 AppAccountInfo &appAccountInfo, std::shared_ptr<AppAccountDataStorage> &dataStoragePtr, const uid_t &uid)
1079 {
1080 if (dataStoragePtr == nullptr) {
1081 ACCOUNT_LOGE("dataStoragePtr is nullptr");
1082 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1083 }
1084
1085 ErrCode result = dataStoragePtr->GetAccountInfoFromDataStorage(appAccountInfo);
1086 if (result != ERR_OK) {
1087 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
1088 return result;
1089 }
1090
1091 result = dataStoragePtr->DeleteAccountInfoFromDataStorage(appAccountInfo);
1092 if (result != ERR_OK) {
1093 ACCOUNT_LOGE("failed to delete account info from data storage, result %{public}d.", result);
1094 return result;
1095 }
1096
1097 // for sync data storage
1098 #ifdef DISTRIBUTED_FEATURE_ENABLED
1099 if (NeedSyncDataStorage(appAccountInfo) == true) {
1100 auto dataStorageSyncPtr = GetDataStorage(uid, true);
1101 if (dataStorageSyncPtr == nullptr) {
1102 ACCOUNT_LOGE("dataStorageSyncPtr is nullptr");
1103 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1104 }
1105
1106 result = dataStorageSyncPtr->DeleteAccountInfoFromDataStorage(appAccountInfo);
1107 if (result != ERR_OK) {
1108 ACCOUNT_LOGE("failed to delete account info from data storage, result %{public}d.", result);
1109 }
1110 }
1111 #else // DISTRIBUTED_FEATURE_ENABLED
1112 ACCOUNT_LOGI("No distributed feature!");
1113 #endif // DISTRIBUTED_FEATURE_ENABLED
1114 return ERR_OK;
1115 }
1116
SaveAuthorizedAccount(const std::string & bundleName,AppAccountInfo & appAccountInfo,const std::shared_ptr<AppAccountDataStorage> & dataStoragePtr,const uid_t & uid)1117 ErrCode AppAccountControlManager::SaveAuthorizedAccount(const std::string &bundleName,
1118 AppAccountInfo &appAccountInfo, const std::shared_ptr<AppAccountDataStorage> &dataStoragePtr, const uid_t &uid)
1119 {
1120 if (dataStoragePtr == nullptr) {
1121 ACCOUNT_LOGE("dataStoragePtr is nullptr");
1122 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1123 }
1124
1125 ErrCode result = SaveAuthorizedAccountIntoDataStorage(bundleName, appAccountInfo, dataStoragePtr);
1126 if (result != ERR_OK) {
1127 ACCOUNT_LOGE("failed to save authorized account, result %{public}d.", result);
1128 return result;
1129 }
1130
1131 // for sync data storage
1132 #ifdef DISTRIBUTED_FEATURE_ENABLED
1133 if (NeedSyncDataStorage(appAccountInfo) == true) {
1134 auto dataStorageSyncPtr = GetDataStorage(uid, true);
1135 if (dataStorageSyncPtr == nullptr) {
1136 ACCOUNT_LOGE("dataStorageSyncPtr is nullptr");
1137 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1138 }
1139
1140 result = SaveAuthorizedAccountIntoDataStorage(bundleName, appAccountInfo, dataStorageSyncPtr);
1141 if (result != ERR_OK) {
1142 ACCOUNT_LOGE("failed to save authorized account, result %{public}d.", result);
1143 return result;
1144 }
1145 }
1146 #else // DISTRIBUTED_FEATURE_ENABLED
1147 ACCOUNT_LOGI("No distributed feature!");
1148 #endif // DISTRIBUTED_FEATURE_ENABLED
1149
1150 return ERR_OK;
1151 }
1152
RemoveAuthorizedAccount(const std::string & bundleName,AppAccountInfo & appAccountInfo,const std::shared_ptr<AppAccountDataStorage> & dataStoragePtr,const uid_t & uid)1153 ErrCode AppAccountControlManager::RemoveAuthorizedAccount(const std::string &bundleName,
1154 AppAccountInfo &appAccountInfo, const std::shared_ptr<AppAccountDataStorage> &dataStoragePtr, const uid_t &uid)
1155 {
1156 if (dataStoragePtr == nullptr) {
1157 ACCOUNT_LOGE("dataStoragePtr is nullptr");
1158 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1159 }
1160
1161 ErrCode result = RemoveAuthorizedAccountFromDataStorage(bundleName, appAccountInfo, dataStoragePtr);
1162 if (result != ERR_OK) {
1163 ACCOUNT_LOGE("failed to save authorized account, result %{public}d.", result);
1164 return result;
1165 }
1166
1167 // for sync data storage
1168 #ifdef DISTRIBUTED_FEATURE_ENABLED
1169 if (NeedSyncDataStorage(appAccountInfo) == true) {
1170 auto dataStorageSyncPtr = GetDataStorage(uid, true);
1171 if (dataStorageSyncPtr == nullptr) {
1172 ACCOUNT_LOGE("dataStorageSyncPtr is nullptr");
1173 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1174 }
1175
1176 result = RemoveAuthorizedAccountFromDataStorage(bundleName, appAccountInfo, dataStorageSyncPtr);
1177 if (result != ERR_OK) {
1178 ACCOUNT_LOGE("failed to save authorized account, result %{public}d.", result);
1179 return result;
1180 }
1181 }
1182 #else // DISTRIBUTED_FEATURE_ENABLED
1183 ACCOUNT_LOGI("No distributed feature!");
1184 #endif // DISTRIBUTED_FEATURE_ENABLED
1185
1186 return ERR_OK;
1187 }
1188
SaveAuthorizedAccountIntoDataStorage(const std::string & authorizedApp,AppAccountInfo & appAccountInfo,const std::shared_ptr<AppAccountDataStorage> & dataStoragePtr)1189 ErrCode AppAccountControlManager::SaveAuthorizedAccountIntoDataStorage(const std::string &authorizedApp,
1190 AppAccountInfo &appAccountInfo, const std::shared_ptr<AppAccountDataStorage> &dataStoragePtr)
1191 {
1192 if (dataStoragePtr == nullptr) {
1193 ACCOUNT_LOGE("dataStoragePtr is nullptr");
1194 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1195 }
1196
1197 std::string authorizedAccounts;
1198 ErrCode result = dataStoragePtr->GetValueFromKvStore(AppAccountDataStorage::AUTHORIZED_ACCOUNTS,
1199 authorizedAccounts);
1200 if (result != ERR_OK) {
1201 ACCOUNT_LOGE("failed to get config by id from data storage, result %{public}d.", result);
1202 }
1203
1204 std::vector<std::string> accessibleAccounts;
1205 auto jsonObject = dataStoragePtr->GetAccessibleAccountsFromAuthorizedAccounts(
1206 authorizedAccounts, authorizedApp, accessibleAccounts);
1207
1208 auto accountId = appAccountInfo.GetPrimeKey();
1209
1210 auto it = std::find(accessibleAccounts.begin(), accessibleAccounts.end(), accountId);
1211 if (it == accessibleAccounts.end()) {
1212 accessibleAccounts.emplace_back(accountId);
1213 }
1214
1215 auto accessibleAccountArray = Json::array();
1216 std::transform(accessibleAccounts.begin(), accessibleAccounts.end(), std::back_inserter(accessibleAccountArray),
1217 [](auto account) { return account; });
1218
1219 jsonObject[authorizedApp] = accessibleAccountArray;
1220 try {
1221 authorizedAccounts = jsonObject.dump();
1222 } catch (Json::type_error& err) {
1223 ACCOUNT_LOGE("failed to dump json object, reason: %{public}s", err.what());
1224 return ERR_ACCOUNT_COMMON_DUMP_JSON_ERROR;
1225 }
1226
1227 result = dataStoragePtr->PutValueToKvStore(AppAccountDataStorage::AUTHORIZED_ACCOUNTS, authorizedAccounts);
1228 if (result != ERR_OK) {
1229 ACCOUNT_LOGE("PutValueToKvStore failed! result %{public}d.", result);
1230 }
1231 return result;
1232 }
1233
RemoveAuthorizedAccountFromDataStorage(const std::string & authorizedApp,AppAccountInfo & appAccountInfo,const std::shared_ptr<AppAccountDataStorage> & dataStoragePtr)1234 ErrCode AppAccountControlManager::RemoveAuthorizedAccountFromDataStorage(const std::string &authorizedApp,
1235 AppAccountInfo &appAccountInfo, const std::shared_ptr<AppAccountDataStorage> &dataStoragePtr)
1236 {
1237 if (dataStoragePtr == nullptr) {
1238 ACCOUNT_LOGE("dataStoragePtr is nullptr");
1239 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1240 }
1241
1242 std::string authorizedAccounts;
1243 ErrCode result = dataStoragePtr->GetValueFromKvStore(AppAccountDataStorage::AUTHORIZED_ACCOUNTS,
1244 authorizedAccounts);
1245 if (result != ERR_OK) {
1246 ACCOUNT_LOGE("failed to get config by id from data storage, result %{public}d.", result);
1247 }
1248
1249 std::vector<std::string> accessibleAccounts;
1250 auto jsonObject = dataStoragePtr->GetAccessibleAccountsFromAuthorizedAccounts(
1251 authorizedAccounts, authorizedApp, accessibleAccounts);
1252
1253 auto accountId = appAccountInfo.GetPrimeKey();
1254
1255 auto it = std::find(accessibleAccounts.begin(), accessibleAccounts.end(), accountId);
1256 if (it != accessibleAccounts.end()) {
1257 accessibleAccounts.erase(it);
1258 }
1259
1260 auto accessibleAccountArray = Json::array();
1261 std::transform(accessibleAccounts.begin(), accessibleAccounts.end(), std::back_inserter(accessibleAccountArray),
1262 [](auto account) { return account; });
1263
1264 jsonObject[authorizedApp] = accessibleAccountArray;
1265 try {
1266 authorizedAccounts = jsonObject.dump();
1267 } catch (Json::type_error& err) {
1268 ACCOUNT_LOGE("failed to dump json object, reason: %{public}s", err.what());
1269 return ERR_ACCOUNT_COMMON_DUMP_JSON_ERROR;
1270 }
1271
1272 result = dataStoragePtr->PutValueToKvStore(AppAccountDataStorage::AUTHORIZED_ACCOUNTS, authorizedAccounts);
1273 if (result != ERR_OK) {
1274 ACCOUNT_LOGE("failed to save config info, result %{public}d.", result);
1275 return result;
1276 }
1277
1278 return ERR_OK;
1279 }
1280 } // namespace AccountSA
1281 } // namespace OHOS
1282