1 /* 2 * Copyright (c) 2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #include "permission_manager.h" 17 18 #include "bundle_constants.h" 19 #include "bundle_info.h" 20 #include "bundle_mgr_client.h" 21 #include "bundle_mgr_interface.h" 22 #include "bundle_mgr_proxy.h" 23 #include "if_system_ability_manager.h" 24 #include "iservice_registry.h" 25 #include "system_ability_definition.h" 26 #include "ipc_skeleton.h" 27 #include "access_token.h" 28 #include "hap_token_info.h" 29 #include "native_token_info.h" 30 #include "accesstoken_kit.h" 31 #include "dm_log.h" 32 33 using namespace OHOS::AppExecFwk; 34 using namespace OHOS::AppExecFwk::Constants; 35 using namespace OHOS::Security::AccessToken; 36 37 namespace OHOS { 38 namespace DistributedHardware { 39 IMPLEMENT_SINGLE_INSTANCE(PermissionManager); 40 CheckPermission(void)41bool PermissionManager::CheckPermission(void) 42 { 43 LOGI("Enter PermissionManager::CheckPermission"); 44 AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); 45 if (tokenCaller == 0) { 46 LOGI("PermissionManager::tokenCaller == 0"); 47 return false; 48 } 49 LOGI("PermissionManager::tokenCaller ID == %d", tokenCaller); 50 51 ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller); 52 if (tokenTypeFlag == ATokenTypeEnum::TOKEN_HAP) { 53 int32_t uid = IPCSkeleton::GetCallingUid(); 54 if (uid < 0) { 55 LOGI("app caller uid is: %d,", uid); 56 return false; 57 } 58 59 sptr<ISystemAbilityManager> systemAbilityManager = 60 SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); 61 if (systemAbilityManager == nullptr) { 62 LOGE("failed to get system ability mgr."); 63 return false; 64 } 65 sptr<IRemoteObject> remoteObject = systemAbilityManager->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID); 66 if (remoteObject == nullptr) { 67 LOGE("failed to get bundle manager proxy."); 68 return false; 69 } 70 71 LOGI("get bundle manager proxy success."); 72 sptr<IBundleMgr> iBundleMgr = iface_cast<IBundleMgr>(remoteObject); 73 if (iBundleMgr == nullptr) { 74 LOGI("iBundleMgr is nullptr, caller may be a process"); 75 return false; 76 } 77 LOGI("PermissionManager::tokenTypeFlag is hap process"); 78 return iBundleMgr->CheckIsSystemAppByUid(uid); 79 } else if (tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE || tokenTypeFlag == ATokenTypeEnum::TOKEN_SHELL) { 80 LOGI("PermissionManager::tokenTypeFlag is native process"); 81 return true; 82 } else { 83 LOGI("PermissionManager::invalid tokenTypeFlag"); 84 return false; 85 } 86 } 87 } // namespace DistributedHardware 88 } // namespace OHOS 89