1 /* 2 * Copyright (c) 2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #include "cert_manager_permission_check.h" 17 18 #include "accesstoken_kit.h" 19 #include "ipc_skeleton.h" 20 21 #include "cm_log.h" 22 23 using namespace OHOS::Security::AccessToken; 24 HasPermission(const std::string & permissionName)25static bool HasPermission(const std::string &permissionName) 26 { 27 AccessTokenID tokenId = OHOS::IPCSkeleton::GetCallingTokenID(); 28 29 int result = AccessTokenKit::VerifyAccessToken(tokenId, permissionName); 30 if (result == PERMISSION_GRANTED) { 31 return true; 32 } 33 34 return false; 35 } 36 CmHasPrivilegedPermission(void)37bool CmHasPrivilegedPermission(void) 38 { 39 return HasPermission("ohos.permission.ACCESS_CERT_MANAGER_INTERNAL"); 40 } 41 CmHasCommonPermission(void)42bool CmHasCommonPermission(void) 43 { 44 return HasPermission("ohos.permission.ACCESS_CERT_MANAGER"); 45 } 46 CmIsSystemApp(void)47bool CmIsSystemApp(void) 48 { 49 return true; 50 } 51 CmIsSystemAppByStoreType(const uint32_t store)52bool CmIsSystemAppByStoreType(const uint32_t store) 53 { 54 if (store == CM_CREDENTIAL_STORE) { /* only care about public credential */ 55 return CmIsSystemApp(); 56 } 57 return true; 58 } 59 CmPermissionCheck(const uint32_t store)60bool CmPermissionCheck(const uint32_t store) 61 { 62 switch (store) { 63 case CM_CREDENTIAL_STORE: 64 return CmHasPrivilegedPermission() && CmHasCommonPermission(); 65 case CM_PRI_CREDENTIAL_STORE: 66 return CmHasCommonPermission(); 67 default: 68 return false; 69 } 70 } 71