• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <map>
17 
18 #include "netmanager_base_permission.h"
19 
20 #include "accesstoken_kit.h"
21 #include "ipc_skeleton.h"
22 
23 #include "net_mgr_log_wrapper.h"
24 
25 namespace OHOS {
26 namespace NetManagerStandard {
27 /**
28  * @brief Permission check by callingTokenID.
29  * @param permissionName permission name.
30  * @return Returns true on success, false on failure.
31  */
CheckPermission(const std::string & permissionName)32 bool NetManagerPermission::CheckPermission(const std::string &permissionName)
33 {
34     if (permissionName.empty()) {
35         NETMGR_LOG_E("permission check failed,permission name is empty.");
36         return false;
37     }
38 
39     auto callerToken = IPCSkeleton::GetCallingTokenID();
40     auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken);
41     int result = Security::AccessToken::PERMISSION_DENIED;
42     if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) {
43         result = Security::AccessToken::PERMISSION_GRANTED;
44     } else if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_HAP) {
45         result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName);
46     } else {
47         NETMGR_LOG_E("permission check failed, callerToken:%{public}u, tokenType:%{public}d", callerToken, tokenType);
48     }
49 
50     if (result != Security::AccessToken::PERMISSION_GRANTED) {
51         NETMGR_LOG_E("permission check failed, permission:%{public}s, callerToken:%{public}u, tokenType:%{public}d",
52                      permissionName.c_str(), callerToken, tokenType);
53         return false;
54     }
55     return true;
56 }
57 
CheckPermissionWithCache(const std::string & permissionName)58 bool NetManagerPermission::CheckPermissionWithCache(const std::string &permissionName)
59 {
60     if (permissionName.empty()) {
61         NETMGR_LOG_E("permission check failed,permission name is empty.");
62         return false;
63     }
64 
65     static std::map<uint32_t, bool> permissionMap;
66 
67     auto callerToken = IPCSkeleton::GetCallingTokenID();
68     if (permissionMap.find(callerToken) != permissionMap.end()) {
69         return permissionMap[callerToken];
70     }
71 
72     auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken);
73     if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) {
74         permissionMap[callerToken] = true;
75         return true;
76     }
77     if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_HAP) {
78         bool res = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName) ==
79                    Security::AccessToken::PERMISSION_GRANTED;
80         permissionMap[callerToken] = res;
81         return res;
82     }
83     permissionMap[callerToken] = false;
84     return false;
85 }
86 } // namespace NetManagerStandard
87 } // namespace OHOS
88