1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "native_token_info_inner.h"
17
18 #include "accesstoken_dfx_define.h"
19 #include "accesstoken_log.h"
20 #include "data_translator.h"
21 #include "data_validator.h"
22 #include "nlohmann/json.hpp"
23 #include "token_field_const.h"
24
25 namespace OHOS {
26 namespace Security {
27 namespace AccessToken {
28 namespace {
29 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "NativeTokenInfoInner"};
30 }
31
NativeTokenInfoInner()32 NativeTokenInfoInner::NativeTokenInfoInner() : isRemote_(false)
33 {
34 tokenInfoBasic_.ver = DEFAULT_TOKEN_VERSION;
35 tokenInfoBasic_.tokenID = 0;
36 tokenInfoBasic_.tokenAttr = 0;
37 tokenInfoBasic_.apl = APL_NORMAL;
38 }
39
NativeTokenInfoInner(NativeTokenInfo & native,const std::vector<PermissionStateFull> & permStateList)40 NativeTokenInfoInner::NativeTokenInfoInner(NativeTokenInfo& native,
41 const std::vector<PermissionStateFull>& permStateList) : isRemote_(false)
42 {
43 tokenInfoBasic_ = native;
44 permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(native.tokenID,
45 permStateList);
46 }
47
~NativeTokenInfoInner()48 NativeTokenInfoInner::~NativeTokenInfoInner()
49 {
50 ACCESSTOKEN_LOG_DEBUG(LABEL,
51 "tokenID: %{public}u destruction", tokenInfoBasic_.tokenID);
52 }
53
Init(AccessTokenID id,const std::string & processName,int apl,const std::vector<std::string> & dcap,const std::vector<std::string> & nativeAcls,const std::vector<PermissionStateFull> & permStateList)54 int NativeTokenInfoInner::Init(AccessTokenID id, const std::string& processName,
55 int apl, const std::vector<std::string>& dcap,
56 const std::vector<std::string>& nativeAcls,
57 const std::vector<PermissionStateFull>& permStateList)
58 {
59 tokenInfoBasic_.tokenID = id;
60 if (!DataValidator::IsProcessNameValid(processName)) {
61 ACCESSTOKEN_LOG_ERROR(LABEL,
62 "tokenID: %{public}u process name is null", tokenInfoBasic_.tokenID);
63 return RET_FAILED;
64 }
65 tokenInfoBasic_.processName = processName;
66 if (!DataValidator::IsAplNumValid(apl)) {
67 ACCESSTOKEN_LOG_ERROR(LABEL,
68 "tokenID: %{public}u init failed, apl %{public}d is invalid",
69 tokenInfoBasic_.tokenID, apl);
70 return RET_FAILED;
71 }
72 tokenInfoBasic_.apl = static_cast<ATokenAplEnum>(apl);
73 tokenInfoBasic_.dcap = dcap;
74 tokenInfoBasic_.nativeAcls = nativeAcls;
75
76 permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id,
77 permStateList);
78 return RET_SUCCESS;
79 }
80
DcapToString(const std::vector<std::string> & dcap) const81 std::string NativeTokenInfoInner::DcapToString(const std::vector<std::string>& dcap) const
82 {
83 std::string dcapStr;
84 for (auto iter = dcap.begin(); iter != dcap.end(); iter++) {
85 dcapStr.append(*iter);
86 if (iter != (dcap.end() - 1)) {
87 dcapStr.append(",");
88 }
89 }
90 return dcapStr;
91 }
92
NativeAclsToString(const std::vector<std::string> & nativeAcls) const93 std::string NativeTokenInfoInner::NativeAclsToString(const std::vector<std::string>& nativeAcls) const
94 {
95 std::string nativeAclsStr;
96 for (auto iter = nativeAcls.begin(); iter != nativeAcls.end(); iter++) {
97 nativeAclsStr.append(*iter);
98 if (iter != (nativeAcls.end() - 1)) {
99 nativeAclsStr.append(",");
100 }
101 }
102 return nativeAclsStr;
103 }
104
TranslationIntoGenericValues(GenericValues & outGenericValues) const105 int NativeTokenInfoInner::TranslationIntoGenericValues(GenericValues& outGenericValues) const
106 {
107 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenInfoBasic_.tokenID));
108 outGenericValues.Put(TokenFiledConst::FIELD_PROCESS_NAME, tokenInfoBasic_.processName);
109 outGenericValues.Put(TokenFiledConst::FIELD_APL, tokenInfoBasic_.apl);
110 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_VERSION, tokenInfoBasic_.ver);
111 outGenericValues.Put(TokenFiledConst::FIELD_DCAP, DcapToString(tokenInfoBasic_.dcap));
112 outGenericValues.Put(TokenFiledConst::FIELD_NATIVE_ACLS, NativeAclsToString(tokenInfoBasic_.nativeAcls));
113 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_ATTR, static_cast<int32_t>(tokenInfoBasic_.tokenAttr));
114
115 return RET_SUCCESS;
116 }
117
RestoreNativeTokenInfo(AccessTokenID tokenId,const GenericValues & inGenericValues,const std::vector<GenericValues> & permStateRes)118 int NativeTokenInfoInner::RestoreNativeTokenInfo(AccessTokenID tokenId, const GenericValues& inGenericValues,
119 const std::vector<GenericValues>& permStateRes)
120 {
121 tokenInfoBasic_.tokenID = tokenId;
122 tokenInfoBasic_.processName = inGenericValues.GetString(TokenFiledConst::FIELD_PROCESS_NAME);
123 if (!DataValidator::IsProcessNameValid(tokenInfoBasic_.processName)) {
124 ACCESSTOKEN_LOG_ERROR(LABEL,
125 "tokenID: %{public}u process name is null", tokenInfoBasic_.tokenID);
126 HiviewDFX::HiSysEvent::Write(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
127 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR,
128 "ERROR_REASON", "native token processName error");
129 return RET_FAILED;
130 }
131 int aplNum = inGenericValues.GetInt(TokenFiledConst::FIELD_APL);
132 if (!DataValidator::IsAplNumValid(aplNum)) {
133 ACCESSTOKEN_LOG_ERROR(LABEL,
134 "tokenID: %{public}u apl is error, value %{public}d",
135 tokenInfoBasic_.tokenID, aplNum);
136 HiviewDFX::HiSysEvent::Write(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
137 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR,
138 "ERROR_REASON", "native token apl error");
139 return RET_FAILED;
140 }
141 tokenInfoBasic_.apl = static_cast<ATokenAplEnum>(aplNum);
142 tokenInfoBasic_.ver = (char)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_VERSION);
143 if (tokenInfoBasic_.ver != DEFAULT_TOKEN_VERSION) {
144 ACCESSTOKEN_LOG_ERROR(LABEL,
145 "tokenID: %{public}u version is error, version %{public}d",
146 tokenInfoBasic_.tokenID, tokenInfoBasic_.ver);
147 HiviewDFX::HiSysEvent::Write(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
148 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR,
149 "ERROR_REASON", "native token version error");
150 return RET_FAILED;
151 }
152
153 SetDcaps(inGenericValues.GetString(TokenFiledConst::FIELD_DCAP));
154 SetNativeAcls(inGenericValues.GetString(TokenFiledConst::FIELD_NATIVE_ACLS));
155 tokenInfoBasic_.tokenAttr = (uint32_t)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_ATTR);
156
157 permPolicySet_ = PermissionPolicySet::RestorePermissionPolicy(tokenId, permStateRes);
158 return RET_SUCCESS;
159 }
160
TranslateToNativeTokenInfo(NativeTokenInfo & infoParcel) const161 void NativeTokenInfoInner::TranslateToNativeTokenInfo(NativeTokenInfo& infoParcel) const
162 {
163 infoParcel.apl = tokenInfoBasic_.apl;
164 infoParcel.ver = tokenInfoBasic_.ver;
165 infoParcel.processName = tokenInfoBasic_.processName;
166 infoParcel.dcap = tokenInfoBasic_.dcap;
167 infoParcel.nativeAcls = tokenInfoBasic_.nativeAcls;
168 infoParcel.tokenID = tokenInfoBasic_.tokenID;
169 infoParcel.tokenAttr = tokenInfoBasic_.tokenAttr;
170 }
171
StoreNativeInfo(std::vector<GenericValues> & valueList,std::vector<GenericValues> & permStateValues) const172 void NativeTokenInfoInner::StoreNativeInfo(std::vector<GenericValues>& valueList,
173 std::vector<GenericValues>& permStateValues) const
174 {
175 if (isRemote_) {
176 return;
177 }
178 GenericValues genericValues;
179 TranslationIntoGenericValues(genericValues);
180 valueList.emplace_back(genericValues);
181
182 if (permPolicySet_ != nullptr) {
183 permPolicySet_->StorePermissionPolicySet(permStateValues);
184 }
185 }
186
GetTokenID() const187 AccessTokenID NativeTokenInfoInner::GetTokenID() const
188 {
189 return tokenInfoBasic_.tokenID;
190 }
191
GetDcap() const192 std::vector<std::string> NativeTokenInfoInner::GetDcap() const
193 {
194 return tokenInfoBasic_.dcap;
195 }
196
GetNativeAcls() const197 std::vector<std::string> NativeTokenInfoInner::GetNativeAcls() const
198 {
199 return tokenInfoBasic_.nativeAcls;
200 }
201
GetProcessName() const202 std::string NativeTokenInfoInner::GetProcessName() const
203 {
204 return tokenInfoBasic_.processName;
205 }
206
GetNativeInfoPermissionPolicySet() const207 std::shared_ptr<PermissionPolicySet> NativeTokenInfoInner::GetNativeInfoPermissionPolicySet() const
208 {
209 return permPolicySet_;
210 }
211
IsRemote() const212 bool NativeTokenInfoInner::IsRemote() const
213 {
214 return isRemote_;
215 }
216
SetRemote(bool isRemote)217 void NativeTokenInfoInner::SetRemote(bool isRemote)
218 {
219 isRemote_ = isRemote;
220 }
221
SetDcaps(const std::string & dcapStr)222 void NativeTokenInfoInner::SetDcaps(const std::string& dcapStr)
223 {
224 std::string::size_type start = 0;
225 while (true) {
226 std::string::size_type offset = dcapStr.find(',', start);
227 if (offset == std::string::npos) {
228 tokenInfoBasic_.dcap.push_back(dcapStr.substr(start));
229 break;
230 }
231 tokenInfoBasic_.dcap.push_back(dcapStr.substr(start, offset));
232 start = offset + 1;
233 }
234 }
235
SetNativeAcls(const std::string & AclsStr)236 void NativeTokenInfoInner::SetNativeAcls(const std::string& AclsStr)
237 {
238 std::string::size_type start = 0;
239 while (true) {
240 std::string::size_type offset = AclsStr.find(',', start);
241 if (offset == std::string::npos) {
242 tokenInfoBasic_.nativeAcls.push_back(AclsStr.substr(start));
243 break;
244 }
245 tokenInfoBasic_.nativeAcls.push_back(AclsStr.substr(start, offset));
246 start = offset + 1;
247 }
248 }
249
ToString(std::string & info) const250 void NativeTokenInfoInner::ToString(std::string& info) const
251 {
252 info.append(R"({)");
253 info.append("\n");
254 info.append(R"( "tokenID": )" + std::to_string(tokenInfoBasic_.tokenID) + ",\n");
255 info.append(R"( "tokenAttr": )" + std::to_string(tokenInfoBasic_.tokenAttr) + ",\n");
256 info.append(R"( "ver": )" + std::to_string(tokenInfoBasic_.ver) + ",\n");
257 info.append(R"( "processName": ")" + tokenInfoBasic_.processName + R"(")" + ",\n");
258 info.append(R"( "apl": )" + std::to_string(tokenInfoBasic_.apl) + ",\n");
259 info.append(R"( "dcap": ")" + DcapToString(tokenInfoBasic_.dcap) + R"(")" + ",\n");
260 info.append(R"( "nativeAcls": ")" + NativeAclsToString(tokenInfoBasic_.nativeAcls) + R"(")" + ",\n");
261 info.append(R"( "isRemote": )" + std::to_string(isRemote_? 1 : 0) + ",\n");
262 if (permPolicySet_ != nullptr) {
263 permPolicySet_->PermStateToString(tokenInfoBasic_.apl, tokenInfoBasic_.nativeAcls, info);
264 }
265 info.append("}");
266 }
267 } // namespace AccessToken
268 } // namespace Security
269 } // namespace OHOS
270