• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "access_token_helper.h"
17 
18 #include "ans_log_wrapper.h"
19 #include "ipc_skeleton.h"
20 
21 using namespace OHOS::Security::AccessToken;
22 
23 namespace OHOS {
24 namespace Notification {
VerifyCallerPermission(const AccessTokenID & tokenCaller,const std::string & permission)25 bool AccessTokenHelper::VerifyCallerPermission(
26     const AccessTokenID &tokenCaller, const std::string &permission)
27 {
28     int result = AccessTokenKit::VerifyAccessToken(tokenCaller, permission);
29     return (result == PERMISSION_GRANTED);
30 }
31 
VerifyNativeToken(const AccessTokenID & callerToken)32 bool AccessTokenHelper::VerifyNativeToken(const AccessTokenID &callerToken)
33 {
34     ATokenTypeEnum tokenType = AccessTokenKit::GetTokenTypeFlag(callerToken);
35     return (tokenType == ATokenTypeEnum::TOKEN_NATIVE || tokenType == ATokenTypeEnum::TOKEN_SHELL);
36 }
37 
IsSystemHap()38 bool AccessTokenHelper::IsSystemHap()
39 {
40     AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID();
41     ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(tokenId);
42     if (type == ATokenTypeEnum::TOKEN_NATIVE) {
43         return true;
44     }
45     if (type == ATokenTypeEnum::TOKEN_HAP) {
46         HapTokenInfo info;
47         AccessTokenKit::GetHapTokenInfo(tokenId, info);
48         if (info.apl == ATokenAplEnum::APL_SYSTEM_CORE || info.apl == ATokenAplEnum::APL_SYSTEM_BASIC) {
49             return true;
50         }
51         pid_t pid = IPCSkeleton::GetCallingPid();
52         pid_t uid = IPCSkeleton::GetCallingUid();
53         ANS_LOGW("apl not match, info.apl=%{public}d, type=%{public}d, pid=%{public}d, uid=%{public}d",
54             info.apl, type, pid, uid);
55     }
56     return false;
57 }
58 
IsDlpHap(const AccessTokenID & callerToken)59 bool AccessTokenHelper::IsDlpHap(const AccessTokenID &callerToken)
60 {
61     ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(callerToken);
62     if (type == ATokenTypeEnum::TOKEN_HAP) {
63         HapTokenInfo info;
64         AccessTokenKit::GetHapTokenInfo(callerToken, info);
65         if (info.dlpType == DlpType::DLP_READ || info.dlpType == DlpType::DLP_FULL_CONTROL) {
66             return true;
67         }
68     }
69     return false;
70 }
71 }  // namespace Notification
72 }  // namespace OHOS