1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "app_account_control_manager.h"
17
18 #include "accesstoken_kit.h"
19 #include "account_log_wrapper.h"
20 #include "account_permission_manager.h"
21 #include "app_account_app_state_observer.h"
22 #include "app_account_check_labels_session.h"
23 #include "app_account_data_storage.h"
24 #include "app_account_info.h"
25 #include "app_account_subscribe_manager.h"
26 #include "bundle_manager_adapter.h"
27 #include "ipc_skeleton.h"
28 #include "iservice_registry.h"
29 #include "ohos_account_kits.h"
30 #include "singleton.h"
31 #include "system_ability_definition.h"
32
33 namespace OHOS {
34 namespace AccountSA {
AppAccountControlManager()35 AppAccountControlManager::AppAccountControlManager()
36 {}
37
AddAccount(const std::string & name,const std::string & extraInfo,const uid_t & uid,const std::string & bundleName,AppAccountInfo & appAccountInfo)38 ErrCode AppAccountControlManager::AddAccount(const std::string &name, const std::string &extraInfo, const uid_t &uid,
39 const std::string &bundleName, AppAccountInfo &appAccountInfo)
40 {
41 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(uid);
42 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
43 if (result != ERR_OK) {
44 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
45
46 appAccountInfo.SetExtraInfo(extraInfo);
47
48 result = AddAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, uid);
49 if (result != ERR_OK) {
50 ACCOUNT_LOGE("failed to add account info into data storage, result %{public}d.", result);
51 return result;
52 }
53 } else {
54 ACCOUNT_LOGE("add existing account");
55 return ERR_APPACCOUNT_SERVICE_ADD_EXISTING_ACCOUNT;
56 }
57
58 return ERR_OK;
59 }
60
CreateAccount(const std::string & name,const CreateAccountOptions & options,const uid_t & uid,const std::string & bundleName,AppAccountInfo & appAccountInfo)61 ErrCode AppAccountControlManager::CreateAccount(const std::string &name, const CreateAccountOptions &options,
62 const uid_t &uid, const std::string &bundleName, AppAccountInfo &appAccountInfo)
63 {
64 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(uid);
65 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
66 if (result != ERR_OK) {
67 result = appAccountInfo.InitCustomData(options.customData);
68 if (result != ERR_OK) {
69 ACCOUNT_LOGE("failed to set custom data, result %{public}d.", result);
70 return ERR_APPACCOUNT_SERVICE_SET_ASSOCIATED_DATA;
71 }
72 result = AddAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, uid);
73 if (result != ERR_OK) {
74 ACCOUNT_LOGE("failed to add account info into data storage, result %{public}d.", result);
75 return result;
76 }
77 } else {
78 ACCOUNT_LOGE("add existing account");
79 return ERR_APPACCOUNT_SERVICE_ADD_EXISTING_ACCOUNT;
80 }
81
82 return ERR_OK;
83 }
84
DeleteAccount(const std::string & name,const uid_t & uid,const std::string & bundleName,AppAccountInfo & appAccountInfo)85 ErrCode AppAccountControlManager::DeleteAccount(
86 const std::string &name, const uid_t &uid, const std::string &bundleName, AppAccountInfo &appAccountInfo)
87 {
88 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(uid);
89 ErrCode result = DeleteAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr, uid);
90 if (result != ERR_OK) {
91 ACCOUNT_LOGE("failed to delete account info from data storage, result %{public}d.", result);
92 return result;
93 }
94 RemoveAssociatedDataCacheByAccount(uid, name);
95
96 std::set<std::string> authorizedApps;
97 appAccountInfo.GetAuthorizedApps(authorizedApps);
98 for (auto authorizedApp : authorizedApps) {
99 // remove authorized account from data storage
100 result = RemoveAuthorizedAccount(authorizedApp, appAccountInfo, dataStoragePtr, uid);
101 if (result != ERR_OK) {
102 ACCOUNT_LOGE("failed to save authorized account into data storage, result %{public}d.", result);
103 return result;
104 }
105 }
106
107 return ERR_OK;
108 }
109
GetAccountExtraInfo(const std::string & name,std::string & extraInfo,const uid_t & uid,const std::string & bundleName,const uint32_t & appIndex)110 ErrCode AppAccountControlManager::GetAccountExtraInfo(const std::string &name, std::string &extraInfo,
111 const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex)
112 {
113 AppAccountInfo appAccountInfo(name, bundleName);
114 appAccountInfo.SetAppIndex(appIndex);
115 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(uid);
116 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
117 if (result != ERR_OK) {
118 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
119 return result;
120 }
121
122 appAccountInfo.GetExtraInfo(extraInfo);
123
124 return ERR_OK;
125 }
126
SetAccountExtraInfo(const std::string & name,const std::string & extraInfo,const uid_t & uid,const std::string & bundleName,AppAccountInfo & appAccountInfo)127 ErrCode AppAccountControlManager::SetAccountExtraInfo(const std::string &name, const std::string &extraInfo,
128 const uid_t &uid, const std::string &bundleName, AppAccountInfo &appAccountInfo)
129 {
130 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(uid);
131 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
132 if (result != ERR_OK) {
133 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
134 return result;
135 }
136
137 appAccountInfo.SetExtraInfo(extraInfo);
138
139 result = SaveAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, uid);
140 if (result != ERR_OK) {
141 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", result);
142 return result;
143 }
144
145 ACCOUNT_LOGD("end, result = %{public}d", result);
146
147 return result;
148 }
149
EnableAppAccess(const std::string & name,const std::string & authorizedApp,AppAccountCallingInfo & appAccountCallingInfo,AppAccountInfo & appAccountInfo,const uint32_t apiVersion)150 ErrCode AppAccountControlManager::EnableAppAccess(const std::string &name, const std::string &authorizedApp,
151 AppAccountCallingInfo &appAccountCallingInfo, AppAccountInfo &appAccountInfo, const uint32_t apiVersion)
152 {
153 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(appAccountCallingInfo.callingUid);
154 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
155 if (result != ERR_OK) {
156 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
157 return result;
158 }
159
160 result = appAccountInfo.EnableAppAccess(authorizedApp, apiVersion);
161 if (result != ERR_OK) {
162 ACCOUNT_LOGE("failed to enable app access, result %{public}d.", result);
163 return ERR_APPACCOUNT_SERVICE_ENABLE_APP_ACCESS_ALREADY_EXISTS;
164 }
165
166 result = SaveAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, appAccountCallingInfo.callingUid);
167 if (result != ERR_OK) {
168 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", result);
169 return result;
170 }
171
172 // save authorized account into data storage
173 result = SaveAuthorizedAccount(authorizedApp, appAccountInfo, dataStoragePtr, appAccountCallingInfo.callingUid);
174 if (result != ERR_OK) {
175 ACCOUNT_LOGE("failed to save authorized account into data storage, result %{public}d.", result);
176 return result;
177 }
178
179 return ERR_OK;
180 }
181
DisableAppAccess(const std::string & name,const std::string & authorizedApp,AppAccountCallingInfo & appAccountCallingInfo,AppAccountInfo & appAccountInfo,const uint32_t apiVersion)182 ErrCode AppAccountControlManager::DisableAppAccess(const std::string &name, const std::string &authorizedApp,
183 AppAccountCallingInfo &appAccountCallingInfo, AppAccountInfo &appAccountInfo, const uint32_t apiVersion)
184 {
185 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(appAccountCallingInfo.callingUid);
186 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
187 if (result != ERR_OK) {
188 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
189 return result;
190 }
191
192 result = appAccountInfo.DisableAppAccess(authorizedApp, apiVersion);
193 if (result != ERR_OK) {
194 ACCOUNT_LOGE("failed to disable app access, result %{public}d.", result);
195 return ERR_APPACCOUNT_SERVICE_DISABLE_APP_ACCESS_NOT_EXISTED;
196 }
197
198 result = SaveAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, appAccountCallingInfo.callingUid);
199 if (result != ERR_OK) {
200 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", result);
201 return result;
202 }
203
204 // remove authorized account from data storage
205 result = RemoveAuthorizedAccount(authorizedApp, appAccountInfo, dataStoragePtr, appAccountCallingInfo.callingUid);
206 if (result != ERR_OK) {
207 ACCOUNT_LOGE("failed to save authorized account into data storage, result %{public}d.", result);
208 return result;
209 }
210
211 return ERR_OK;
212 }
213
CheckAppAccess(const std::string & name,const std::string & authorizedApp,bool & isAccessible,const AppAccountCallingInfo & appAccountCallingInfo)214 ErrCode AppAccountControlManager::CheckAppAccess(const std::string &name, const std::string &authorizedApp,
215 bool &isAccessible, const AppAccountCallingInfo &appAccountCallingInfo)
216 {
217 isAccessible = false;
218 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(appAccountCallingInfo.callingUid);
219 AppAccountInfo appAccountInfo(name, appAccountCallingInfo.bundleName);
220 appAccountInfo.SetAppIndex(appAccountCallingInfo.appIndex);
221 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
222 if (result != ERR_OK) {
223 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
224 return ERR_APPACCOUNT_SERVICE_ACCOUNT_NOT_EXIST;
225 }
226 return appAccountInfo.CheckAppAccess(authorizedApp, isAccessible);
227 }
228
CheckAppAccountSyncEnable(const std::string & name,bool & syncEnable,const uid_t & uid,const std::string & bundleName,const uint32_t & appIndex)229 ErrCode AppAccountControlManager::CheckAppAccountSyncEnable(const std::string &name,
230 bool &syncEnable, const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex)
231 {
232 AppAccountInfo appAccountInfo(name, bundleName);
233 appAccountInfo.SetAppIndex(appIndex);
234 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(uid);
235 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
236 if (result != ERR_OK) {
237 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
238 return result;
239 }
240
241 appAccountInfo.GetSyncEnable(syncEnable);
242
243 return ERR_OK;
244 }
245
SetAppAccountSyncEnable(const std::string & name,const bool & syncEnable,const uid_t & uid,const std::string & bundleName,AppAccountInfo & appAccountInfo)246 ErrCode AppAccountControlManager::SetAppAccountSyncEnable(const std::string &name, const bool &syncEnable,
247 const uid_t &uid, const std::string &bundleName, AppAccountInfo &appAccountInfo)
248 {
249 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(uid);
250 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
251 if (result != ERR_OK) {
252 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
253 return result;
254 }
255
256 appAccountInfo.SetSyncEnable(syncEnable);
257
258 result = SaveAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, uid);
259 if (result != ERR_OK) {
260 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", result);
261 return result;
262 }
263
264 return ERR_OK;
265 }
266
PopDataFromAssociatedDataCache()267 void AppAccountControlManager::PopDataFromAssociatedDataCache()
268 {
269 auto it = associatedDataCache_.begin();
270 auto toPopedIt = it++;
271 for (; it != associatedDataCache_.end(); ++it) {
272 if (toPopedIt->second.freq > it->second.freq) {
273 toPopedIt = it;
274 }
275 it->second.freq = 0;
276 }
277 associatedDataCache_.erase(toPopedIt);
278 }
279
GetAssociatedDataFromStorage(const std::string & name,const std::string & key,std::string & value,const uid_t & uid,const uint32_t & appIndex)280 ErrCode AppAccountControlManager::GetAssociatedDataFromStorage(const std::string &name, const std::string &key,
281 std::string &value, const uid_t &uid, const uint32_t &appIndex)
282 {
283 std::string bundleName;
284 if (!BundleManagerAdapter::GetInstance()->GetBundleNameForUid(uid, bundleName)) {
285 ACCOUNT_LOGE("failed to get bundle name");
286 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_NAME;
287 }
288 AppAccountInfo appAccountInfo(name, bundleName);
289 appAccountInfo.SetAppIndex(appIndex);
290 std::shared_ptr<AppAccountDataStorage> storePtr = GetDataStorage(uid);
291 if (storePtr == nullptr) {
292 ACCOUNT_LOGE("failed to get data storage");
293 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
294 }
295 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, storePtr);
296 if (result != ERR_OK) {
297 ACCOUNT_LOGE("failed to get account info from data storage");
298 return result;
299 }
300 AssociatedDataCacheItem item;
301 item.name = name;
302 item.freq = 0;
303 appAccountInfo.GetAllAssociatedData(item.data);
304 auto it = item.data.find(key);
305 if (it != item.data.end()) {
306 value = it->second;
307 } else {
308 result = ERR_APPACCOUNT_SERVICE_ASSOCIATED_DATA_KEY_NOT_EXIST;
309 }
310 if ((associatedDataCache_.size() == 0) && (!RegisterApplicationStateObserver())) {
311 ACCOUNT_LOGE("failed to register application state observer");
312 return result;
313 }
314 if (associatedDataCache_.size() >= ASSOCIATED_DATA_CACHE_MAX_SIZE) {
315 PopDataFromAssociatedDataCache();
316 }
317 associatedDataCache_.emplace(uid, item);
318 return result;
319 }
320
GetAssociatedData(const std::string & name,const std::string & key,std::string & value,const uid_t & uid)321 ErrCode AppAccountControlManager::GetAssociatedData(const std::string &name, const std::string &key,
322 std::string &value, const uid_t &uid)
323 {
324 std::lock_guard<std::mutex> lock(associatedDataMutex_);
325 auto it = associatedDataCache_.find(uid);
326 if ((it == associatedDataCache_.end()) || (it->second.name != name)) {
327 uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID();
328 Security::AccessToken::HapTokenInfo hapTokenInfo;
329 int result = Security::AccessToken::AccessTokenKit::GetHapTokenInfo(callingTokenId, hapTokenInfo);
330 if ((result != 0) || (hapTokenInfo.instIndex < 0)) {
331 ACCOUNT_LOGE("failed to get app index");
332 return ERR_APPACCOUNT_SERVICE_GET_APP_INDEX;
333 }
334 associatedDataCache_.erase(uid);
335 return GetAssociatedDataFromStorage(name, key, value, uid, hapTokenInfo.instIndex);
336 }
337 it->second.freq++;
338 auto dataIt = it->second.data.find(key);
339 if (dataIt == it->second.data.end()) {
340 return ERR_APPACCOUNT_SERVICE_ASSOCIATED_DATA_KEY_NOT_EXIST;
341 }
342 value = dataIt->second;
343 return ERR_OK;
344 }
345
SetAssociatedData(const std::string & name,const std::string & key,const std::string & value,const AppAccountCallingInfo & appAccountCallingInfo)346 ErrCode AppAccountControlManager::SetAssociatedData(const std::string &name, const std::string &key,
347 const std::string &value, const AppAccountCallingInfo &appAccountCallingInfo)
348 {
349 std::shared_ptr<AppAccountDataStorage> storePtr = GetDataStorage(appAccountCallingInfo.callingUid);
350 AppAccountInfo appAccountInfo(name, appAccountCallingInfo.bundleName);
351 appAccountInfo.SetAppIndex(appAccountCallingInfo.appIndex);
352 std::lock_guard<std::mutex> lock(associatedDataMutex_);
353 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, storePtr);
354 if (result != ERR_OK) {
355 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
356 return result;
357 }
358 result = appAccountInfo.SetAssociatedData(key, value);
359 if (result != ERR_OK) {
360 ACCOUNT_LOGE("failed to set associated data, result %{public}d.", result);
361 return result;
362 }
363 result = SaveAccountInfoIntoDataStorage(appAccountInfo, storePtr, appAccountCallingInfo.callingUid);
364 if (result != ERR_OK) {
365 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", result);
366 return result;
367 }
368 auto it = associatedDataCache_.find(appAccountCallingInfo.callingUid);
369 if ((it != associatedDataCache_.end()) && (it->second.name == name)) {
370 it->second.data[key] = value;
371 }
372 return ERR_OK;
373 }
374
GetAccountCredential(const std::string & name,const std::string & credentialType,std::string & credential,const AppAccountCallingInfo & appAccountCallingInfo)375 ErrCode AppAccountControlManager::GetAccountCredential(const std::string &name, const std::string &credentialType,
376 std::string &credential, const AppAccountCallingInfo &appAccountCallingInfo)
377 {
378 AppAccountInfo appAccountInfo(name, appAccountCallingInfo.bundleName);
379 appAccountInfo.SetAppIndex(appAccountCallingInfo.appIndex);
380 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(appAccountCallingInfo.callingUid);
381 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
382 if (result != ERR_OK) {
383 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
384 return result;
385 }
386
387 result = appAccountInfo.GetAccountCredential(credentialType, credential);
388 if (result != ERR_OK) {
389 ACCOUNT_LOGE("failed to get account credential, result %{public}d.", result);
390 return result;
391 }
392
393 return ERR_OK;
394 }
395
SetAccountCredential(const std::string & name,const std::string & credentialType,const std::string & credential,const AppAccountCallingInfo & appAccountCallingInfo,bool isDelete)396 ErrCode AppAccountControlManager::SetAccountCredential(const std::string &name, const std::string &credentialType,
397 const std::string &credential, const AppAccountCallingInfo &appAccountCallingInfo, bool isDelete)
398 {
399 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(appAccountCallingInfo.callingUid);
400 AppAccountInfo appAccountInfo(name, appAccountCallingInfo.bundleName);
401 appAccountInfo.SetAppIndex(appAccountCallingInfo.appIndex);
402 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
403 if (result != ERR_OK) {
404 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
405 return ERR_APPACCOUNT_SERVICE_ACCOUNT_NOT_EXIST;
406 }
407
408 result = appAccountInfo.SetAccountCredential(credentialType, credential, isDelete);
409 if (result != ERR_OK) {
410 ACCOUNT_LOGE("failed to set account credential, result %{public}d.", result);
411 return result;
412 }
413
414 result = SaveAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, appAccountCallingInfo.callingUid);
415 if (result != ERR_OK) {
416 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", result);
417 return result;
418 }
419
420 return ERR_OK;
421 }
422
GetOAuthToken(const AuthenticatorSessionRequest & request,std::string & token,const uint32_t apiVersion)423 ErrCode AppAccountControlManager::GetOAuthToken(
424 const AuthenticatorSessionRequest &request, std::string &token, const uint32_t apiVersion)
425 {
426 AppAccountInfo appAccountInfo(request.name, request.owner);
427 appAccountInfo.SetAppIndex(request.appIndex);
428 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(request.callerUid);
429 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
430 if (result != ERR_OK) {
431 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
432 return ERR_APPACCOUNT_SERVICE_ACCOUNT_NOT_EXIST;
433 }
434 bool isVisible = false;
435 result = appAccountInfo.CheckOAuthTokenVisibility(
436 request.authType, request.callerBundleName, isVisible, apiVersion);
437 if ((result != ERR_OK) || (!isVisible)) {
438 ACCOUNT_LOGE("failed to get oauth token for permission denied, result %{public}d.", result);
439 return ERR_APPACCOUNT_SERVICE_PERMISSION_DENIED;
440 }
441 return appAccountInfo.GetOAuthToken(request.authType, token, apiVersion);
442 }
443
SetOAuthToken(const AuthenticatorSessionRequest & request)444 ErrCode AppAccountControlManager::SetOAuthToken(const AuthenticatorSessionRequest &request)
445 {
446 std::lock_guard<std::mutex> lock(mutex_);
447 AppAccountInfo appAccountInfo(request.name, request.callerBundleName);
448 appAccountInfo.SetAppIndex(request.appIndex);
449 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(request.callerUid);
450 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
451 if (result != ERR_OK) {
452 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
453 return ERR_APPACCOUNT_SERVICE_ACCOUNT_NOT_EXIST;
454 }
455 result = appAccountInfo.SetOAuthToken(request.authType, request.token);
456 if (result != ERR_OK) {
457 ACCOUNT_LOGE("failed to set oauth token, result %{public}d.", result);
458 return result;
459 }
460 result = SaveAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, request.callerUid);
461 if (result != ERR_OK) {
462 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", result);
463 return ERR_APPACCOUNT_SERVICE_SAVE_ACCOUNT_INFO;
464 }
465 return ERR_OK;
466 }
467
DeleteOAuthToken(const AuthenticatorSessionRequest & request,const uint32_t apiVersion)468 ErrCode AppAccountControlManager::DeleteOAuthToken(
469 const AuthenticatorSessionRequest &request, const uint32_t apiVersion)
470 {
471 std::lock_guard<std::mutex> lock(mutex_);
472 AppAccountInfo appAccountInfo(request.name, request.owner);
473 appAccountInfo.SetAppIndex(request.appIndex);
474 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(request.callerUid);
475 ErrCode ret = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
476 if (ret != ERR_OK) {
477 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", ret);
478 return ERR_APPACCOUNT_SERVICE_ACCOUNT_NOT_EXIST;
479 }
480 bool isOwnerSelf = false;
481 if (request.owner == request.callerBundleName) {
482 isOwnerSelf = true;
483 }
484 bool isVisible = false;
485 ret = appAccountInfo.CheckOAuthTokenVisibility(request.authType, request.callerBundleName, isVisible, apiVersion);
486 if ((!isVisible) || (ret != ERR_OK)) {
487 ACCOUNT_LOGE("failed to delete oauth token for permission denied, result %{public}d.", ret);
488 return ERR_APPACCOUNT_SERVICE_PERMISSION_DENIED;
489 }
490 if (apiVersion >= Constants::API_VERSION9) {
491 ret = appAccountInfo.DeleteAuthToken(request.authType, request.token, isOwnerSelf);
492 if (ret != ERR_OK) {
493 return ret;
494 }
495 } else {
496 ret = appAccountInfo.DeleteOAuthToken(request.authType, request.token);
497 if (ret == ERR_APPACCOUNT_SERVICE_OAUTH_TOKEN_NOT_EXIST) {
498 return ERR_OK;
499 }
500 }
501 ret = SaveAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, request.callerUid);
502 if (ret != ERR_OK) {
503 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", ret);
504 return ERR_APPACCOUNT_SERVICE_SAVE_ACCOUNT_INFO;
505 }
506 return ERR_OK;
507 }
508
SetOAuthTokenVisibility(const AuthenticatorSessionRequest & request,const uint32_t apiVersion)509 ErrCode AppAccountControlManager::SetOAuthTokenVisibility(
510 const AuthenticatorSessionRequest &request, const uint32_t apiVersion)
511 {
512 std::lock_guard<std::mutex> lock(mutex_);
513 AppAccountInfo appAccountInfo(request.name, request.callerBundleName);
514 appAccountInfo.SetAppIndex(request.appIndex);
515 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(request.callerUid);
516 ErrCode ret = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
517 if (ret != ERR_OK) {
518 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", ret);
519 return ERR_APPACCOUNT_SERVICE_ACCOUNT_NOT_EXIST;
520 }
521 ret = appAccountInfo.SetOAuthTokenVisibility(
522 request.authType, request.bundleName, request.isTokenVisible, apiVersion);
523 if (ret != ERR_OK) {
524 ACCOUNT_LOGE("failed to set oauth token visibility, result %{public}d.", ret);
525 return ret;
526 }
527 ret = SaveAccountInfoIntoDataStorage(appAccountInfo, dataStoragePtr, request.callerUid);
528 if (ret != ERR_OK) {
529 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", ret);
530 return ERR_APPACCOUNT_SERVICE_SAVE_ACCOUNT_INFO;
531 }
532 return ERR_OK;
533 }
534
CheckOAuthTokenVisibility(const AuthenticatorSessionRequest & request,bool & isVisible,const uint32_t apiVersion)535 ErrCode AppAccountControlManager::CheckOAuthTokenVisibility(
536 const AuthenticatorSessionRequest &request, bool &isVisible, const uint32_t apiVersion)
537 {
538 isVisible = false;
539 AppAccountInfo appAccountInfo(request.name, request.owner);
540 appAccountInfo.SetAppIndex(request.appIndex);
541 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(request.callerUid);
542 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
543 if (result != ERR_OK) {
544 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
545 return ERR_APPACCOUNT_SERVICE_ACCOUNT_NOT_EXIST;
546 }
547 return appAccountInfo.CheckOAuthTokenVisibility(request.authType, request.bundleName, isVisible, apiVersion);
548 }
549
GetAllOAuthTokens(const AuthenticatorSessionRequest & request,std::vector<OAuthTokenInfo> & tokenInfos)550 ErrCode AppAccountControlManager::GetAllOAuthTokens(
551 const AuthenticatorSessionRequest &request, std::vector<OAuthTokenInfo> &tokenInfos)
552 {
553 tokenInfos.clear();
554 AppAccountInfo appAccountInfo(request.name, request.owner);
555 appAccountInfo.SetAppIndex(request.appIndex);
556 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(request.callerUid);
557 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
558 if (result != ERR_OK) {
559 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
560 return ERR_APPACCOUNT_SERVICE_ACCOUNT_NOT_EXIST;
561 }
562 std::vector<OAuthTokenInfo> allTokenInfos;
563 result = appAccountInfo.GetAllOAuthTokens(allTokenInfos);
564 if (result != ERR_OK) {
565 ACCOUNT_LOGE("failed to get all oauth token from data storage, result %{public}d.", result);
566 return result;
567 }
568 if (request.callerBundleName == request.owner) {
569 tokenInfos = allTokenInfos;
570 return ERR_OK;
571 }
572 for (auto tokenInfo : allTokenInfos) {
573 if (tokenInfo.token.empty()) {
574 continue;
575 }
576 auto it = tokenInfo.authList.find(request.callerBundleName);
577 if (it != tokenInfo.authList.end()) {
578 tokenInfo.authList.clear();
579 tokenInfos.push_back(tokenInfo);
580 }
581 }
582 return ERR_OK;
583 }
584
GetOAuthList(const AuthenticatorSessionRequest & request,std::set<std::string> & oauthList,const uint32_t apiVersion)585 ErrCode AppAccountControlManager::GetOAuthList(
586 const AuthenticatorSessionRequest &request, std::set<std::string> &oauthList, const uint32_t apiVersion)
587 {
588 AppAccountInfo appAccountInfo(request.name, request.callerBundleName);
589 appAccountInfo.SetAppIndex(request.appIndex);
590 std::shared_ptr<AppAccountDataStorage> dataStoragePtr = GetDataStorage(request.callerUid);
591 ErrCode result = GetAccountInfoFromDataStorage(appAccountInfo, dataStoragePtr);
592 if (result != ERR_OK) {
593 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
594 return ERR_APPACCOUNT_SERVICE_ACCOUNT_NOT_EXIST;
595 }
596 return appAccountInfo.GetOAuthList(request.authType, oauthList, apiVersion);
597 }
598
GetAllAccounts(const std::string & owner,std::vector<AppAccountInfo> & appAccounts,const uid_t & uid,const std::string & bundleName,const uint32_t & appIndex)599 ErrCode AppAccountControlManager::GetAllAccounts(const std::string &owner, std::vector<AppAccountInfo> &appAccounts,
600 const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex)
601 {
602 appAccounts.clear();
603
604 auto dataStoragePtr = GetDataStorage(uid);
605 if (dataStoragePtr == nullptr) {
606 ACCOUNT_LOGE("dataStoragePtr is nullptr");
607 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
608 }
609 ErrCode result = AccountPermissionManager::GetInstance()->VerifyPermission(AccountPermissionManager::GET_ALL_APP_ACCOUNTS);
610 if ((bundleName == owner) || (result == ERR_OK)) {
611 std::string key = owner + Constants::HYPHEN + std::to_string(appIndex);
612 result = GetAllAccountsFromDataStorage(key, appAccounts, owner, dataStoragePtr);
613 if (result != ERR_OK) {
614 ACCOUNT_LOGE("failed to get all accounts from data storage, result = %{public}d", result);
615 return result;
616 }
617 return ERR_OK;
618 }
619
620 std::vector<std::string> accessibleAccounts;
621 result = dataStoragePtr->GetAccessibleAccountsFromDataStorage(bundleName, accessibleAccounts);
622 if (result != ERR_OK) {
623 ACCOUNT_LOGE("failed to get accessible account from data storage, result %{public}d.", result);
624 return result;
625 }
626 for (auto account : accessibleAccounts) {
627 AppAccountInfo appAccountInfo;
628 result = dataStoragePtr->GetAccountInfoById(account, appAccountInfo);
629 if (result != ERR_OK) {
630 ACCOUNT_LOGE("failed to get account info by id, result %{public}d.", result);
631 return ERR_APPACCOUNT_SERVICE_GET_ACCOUNT_INFO_BY_ID;
632 }
633 if (appAccountInfo.GetOwner() == owner) {
634 appAccounts.emplace_back(appAccountInfo);
635 }
636 }
637 return ERR_OK;
638 }
639
LoadAllAppAccounts(const std::shared_ptr<OHOS::AccountSA::AppAccountDataStorage> & dataStoragePtr,std::vector<AppAccountInfo> & appAccounts)640 static ErrCode LoadAllAppAccounts(const std::shared_ptr<OHOS::AccountSA::AppAccountDataStorage> &dataStoragePtr,
641 std::vector<AppAccountInfo> &appAccounts)
642 {
643 std::map<std::string, std::shared_ptr<IAccountInfo>> infos;
644 ErrCode result = dataStoragePtr->LoadAllData(infos);
645 if (result != ERR_OK) {
646 ACCOUNT_LOGE("LoadAllData failed!");
647 return result;
648 }
649 for (auto it = infos.begin(); it != infos.end(); ++it) {
650 if (it->first == AppAccountDataStorage::AUTHORIZED_ACCOUNTS) {
651 continue;
652 }
653 AppAccountInfo curAppInfo = *(std::static_pointer_cast<AppAccountInfo>(it->second));
654 appAccounts.emplace_back(curAppInfo);
655 }
656 return ERR_OK;
657 }
658
GetAllAccessibleAccounts(std::vector<AppAccountInfo> & appAccounts,const uid_t & uid,const std::string & bundleName,const uint32_t & appIndex)659 ErrCode AppAccountControlManager::GetAllAccessibleAccounts(std::vector<AppAccountInfo> &appAccounts,
660 const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex)
661 {
662 appAccounts.clear();
663
664 auto dataStoragePtr = GetDataStorage(uid);
665 if (dataStoragePtr == nullptr) {
666 ACCOUNT_LOGE("dataStoragePtr is nullptr");
667 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
668 }
669 ErrCode result = AccountPermissionManager::GetInstance()->VerifyPermission(AccountPermissionManager::GET_ALL_APP_ACCOUNTS);
670 if (result == ERR_OK) {
671 return LoadAllAppAccounts(dataStoragePtr, appAccounts);
672 }
673 std::vector<std::string> accessibleAccounts;
674 result = dataStoragePtr->GetAccessibleAccountsFromDataStorage(bundleName, accessibleAccounts);
675 if (result != ERR_OK) {
676 ACCOUNT_LOGE("failed to get accessible account from data storage, result %{public}d.", result);
677 return result;
678 }
679
680 for (auto account : accessibleAccounts) {
681 AppAccountInfo appAccountInfo;
682
683 result = dataStoragePtr->GetAccountInfoById(account, appAccountInfo);
684 if (result != ERR_OK) {
685 ACCOUNT_LOGE("failed to get account info by id, result %{public}d.", result);
686 return ERR_APPACCOUNT_SERVICE_GET_ACCOUNT_INFO_BY_ID;
687 }
688
689 appAccounts.emplace_back(appAccountInfo);
690 }
691
692 std::vector<AppAccountInfo> currentAppAccounts;
693 std::string key = bundleName + Constants::HYPHEN + std::to_string(appIndex);
694 result = GetAllAccountsFromDataStorage(key, currentAppAccounts, bundleName, dataStoragePtr);
695 if (result != ERR_OK) {
696 ACCOUNT_LOGE("failed to get all accounts from data storage, result = %{public}d", result);
697 return result;
698 }
699
700 std::transform(currentAppAccounts.begin(), currentAppAccounts.end(), std::back_inserter(appAccounts),
701 [](auto account) { return account; });
702
703 return ERR_OK;
704 }
705
SelectAccountsByOptions(const SelectAccountsOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback,const uid_t & uid,const std::string & bundleName,const uint32_t & appIndex)706 ErrCode AppAccountControlManager::SelectAccountsByOptions(
707 const SelectAccountsOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback,
708 const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex)
709 {
710 AAFwk::Want result;
711 if ((!options.hasAccounts) && (!options.hasOwners) && (!options.hasLabels)) {
712 callback->OnResult(ERR_JS_SUCCESS, result);
713 return ERR_OK;
714 }
715 std::set<std::string> allowedAccounts;
716 for (auto account : options.allowedAccounts) {
717 allowedAccounts.emplace(account.first + "_" + account.second);
718 }
719 std::set<std::string> allowedOwners(options.allowedOwners.begin(), options.allowedOwners.end());
720 std::vector<AppAccountInfo> accessibleAccounts;
721 ErrCode errCode = GetAllAccessibleAccounts(accessibleAccounts, uid, bundleName, appIndex);
722 if (errCode != ERR_OK) {
723 ACCOUNT_LOGE("failed to get all accessible accounts");
724 return errCode;
725 }
726 std::vector<AppAccountInfo> candidateAccounts;
727 for (auto account : accessibleAccounts) {
728 std::string owner = account.GetOwner();
729 if (options.hasOwners && allowedOwners.count(owner) == 0) {
730 continue;
731 }
732 if (options.hasAccounts && allowedAccounts.count(owner + "_" + account.GetName()) == 0) {
733 continue;
734 }
735 candidateAccounts.push_back(account);
736 }
737 if (options.requiredLabels.size() == 0) {
738 std::vector<std::string> names;
739 std::vector<std::string> owners;
740 for (auto account : candidateAccounts) {
741 names.push_back(account.GetName());
742 owners.push_back(account.GetOwner());
743 }
744 result.SetParam(Constants::KEY_ACCOUNT_NAMES, names);
745 result.SetParam(Constants::KEY_ACCOUNT_OWNERS, owners);
746 callback->OnResult(ERR_JS_SUCCESS, result);
747 return ERR_OK;
748 }
749 AuthenticatorSessionRequest request;
750 request.callback = callback;
751 request.callerUid = uid;
752 request.labels = options.requiredLabels;
753 auto sessionManager = AppAccountAuthenticatorSessionManager::GetInstance();
754 if (sessionManager == nullptr) {
755 return ERR_APPACCOUNT_SERVICE_OAUTH_SERVICE_EXCEPTION;
756 }
757 return sessionManager->SelectAccountsByOptions(candidateAccounts, request);
758 }
759
RemoveAssociatedDataCacheByUid(const uid_t & uid)760 void AppAccountControlManager::RemoveAssociatedDataCacheByUid(const uid_t &uid)
761 {
762 std::lock_guard<std::mutex> lock(associatedDataMutex_);
763 associatedDataCache_.erase(uid);
764 if (associatedDataCache_.empty()) {
765 UnregisterApplicationStateObserver();
766 }
767 }
768
RemoveAssociatedDataCacheByAccount(const uid_t & uid,const std::string & name)769 void AppAccountControlManager::RemoveAssociatedDataCacheByAccount(const uid_t &uid, const std::string &name)
770 {
771 std::lock_guard<std::mutex> lock(associatedDataMutex_);
772 auto it = associatedDataCache_.find(uid);
773 if ((it == associatedDataCache_.end()) || (it->second.name != name)) {
774 return;
775 }
776 associatedDataCache_.erase(it);
777 if (associatedDataCache_.empty()) {
778 UnregisterApplicationStateObserver();
779 }
780 }
781
OnPackageRemoved(const uid_t & uid,const std::string & bundleName,const uint32_t & appIndex)782 ErrCode AppAccountControlManager::OnPackageRemoved(
783 const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex)
784 {
785 RemoveAssociatedDataCacheByUid(uid);
786 auto dataStoragePtr = GetDataStorage(uid);
787 if (dataStoragePtr == nullptr) {
788 ACCOUNT_LOGE("dataStoragePtr is nullptr");
789 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
790 }
791 #ifdef DISTRIBUTED_FEATURE_ENABLED
792 auto dataStorageSyncPtr = GetDataStorage(uid, true);
793 if (dataStorageSyncPtr == nullptr) {
794 ACCOUNT_LOGE("dataStorageSyncPtr is nullptr");
795 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
796 }
797 #endif // DISTRIBUTED_FEATURE_ENABLED
798 std::map<std::string, std::shared_ptr<IAccountInfo>> accounts;
799 std::string key = bundleName + Constants::HYPHEN + std::to_string(appIndex);
800 ErrCode result = dataStoragePtr->LoadDataByLocalFuzzyQuery(key, accounts);
801 if (result != ERR_OK) {
802 ACCOUNT_LOGE("failed to get accounts by owner, result %{public}d, bundleName = %{public}s",
803 result, bundleName.c_str());
804 return ERR_APPACCOUNT_SERVICE_GET_ACCOUNT_INFO_BY_OWNER;
805 }
806 AppAccountInfo appAccountInfo;
807 for (auto account : accounts) {
808 appAccountInfo = *(std::static_pointer_cast<AppAccountInfo>(account.second));
809 std::set<std::string> authorizedApps;
810 appAccountInfo.GetAuthorizedApps(authorizedApps);
811 appAccountInfo.SetAppIndex(appIndex);
812 for (auto authorizedApp : authorizedApps) {
813 RemoveAuthorizedAccountFromDataStorage(authorizedApp, appAccountInfo, dataStoragePtr);
814 #ifdef DISTRIBUTED_FEATURE_ENABLED
815 if (NeedSyncDataStorage(appAccountInfo) == true) {
816 RemoveAuthorizedAccountFromDataStorage(authorizedApp, appAccountInfo, dataStorageSyncPtr);
817 }
818 #endif // DISTRIBUTED_FEATURE_ENABLED
819 }
820 dataStoragePtr->DeleteAccountInfoFromDataStorage(appAccountInfo);
821 #ifdef DISTRIBUTED_FEATURE_ENABLED
822 if (NeedSyncDataStorage(appAccountInfo) == true) {
823 dataStorageSyncPtr->DeleteAccountInfoFromDataStorage(appAccountInfo);
824 }
825 #else // DISTRIBUTED_FEATURE_ENABLED
826 ACCOUNT_LOGI("No distributed feature!");
827 #endif // DISTRIBUTED_FEATURE_ENABLED
828 }
829 return ERR_OK;
830 }
831
OnUserRemoved(int32_t userId)832 ErrCode AppAccountControlManager::OnUserRemoved(int32_t userId)
833 {
834 std::string storeId = std::to_string(userId);
835 std::string syncStoreId = storeId + AppAccountDataStorage::DATA_STORAGE_SUFFIX;
836 std::lock_guard<std::mutex> lock(storePtrMutex_);
837 storePtrMap_.erase(storeId);
838 storePtrMap_.erase(syncStoreId);
839 return ERR_OK;
840 }
841
RegisterApplicationStateObserver()842 bool AppAccountControlManager::RegisterApplicationStateObserver()
843 {
844 if (appStateObserver_ != nullptr) {
845 return false;
846 }
847 appStateObserver_ = new (std::nothrow) AppAccountAppStateObserver();
848 if (appStateObserver_ == nullptr) {
849 ACCOUNT_LOGE("failed to create AppAccountAppStateObserver instance");
850 return false;
851 }
852 sptr<ISystemAbilityManager> samgrClient = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
853 if (samgrClient == nullptr) {
854 ACCOUNT_LOGE("failed to system ability manager");
855 return false;
856 }
857 iAppMgr_ = iface_cast<AppExecFwk::IAppMgr>(samgrClient->GetSystemAbility(APP_MGR_SERVICE_ID));
858 if (iAppMgr_ == nullptr) {
859 appStateObserver_ = nullptr;
860 ACCOUNT_LOGE("failed to get ability manager service");
861 return false;
862 }
863 int32_t result = iAppMgr_->RegisterApplicationStateObserver(appStateObserver_);
864 if (result != ERR_OK) {
865 return false;
866 }
867 return true;
868 }
869
UnregisterApplicationStateObserver()870 void AppAccountControlManager::UnregisterApplicationStateObserver()
871 {
872 if (iAppMgr_) {
873 iAppMgr_->UnregisterApplicationStateObserver(appStateObserver_);
874 }
875 iAppMgr_ = nullptr;
876 appStateObserver_ = nullptr;
877 }
878
OnAbilityStateChanged(const AppExecFwk::AbilityStateData & abilityStateData)879 void AppAccountControlManager::OnAbilityStateChanged(const AppExecFwk::AbilityStateData &abilityStateData)
880 {
881 if (abilityStateData.abilityState != static_cast<int32_t>(AppExecFwk::AbilityState::ABILITY_STATE_TERMINATED)) {
882 return;
883 }
884 RemoveAssociatedDataCacheByUid(abilityStateData.uid);
885 }
886
GetAllAccountsFromDataStorage(const std::string & owner,std::vector<AppAccountInfo> & appAccounts,const std::string & bundleName,const std::shared_ptr<AppAccountDataStorage> & dataStoragePtr)887 ErrCode AppAccountControlManager::GetAllAccountsFromDataStorage(const std::string &owner,
888 std::vector<AppAccountInfo> &appAccounts, const std::string &bundleName,
889 const std::shared_ptr<AppAccountDataStorage> &dataStoragePtr)
890 {
891 appAccounts.clear();
892
893 if (dataStoragePtr == nullptr) {
894 ACCOUNT_LOGE("dataStoragePtr is nullptr");
895 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
896 }
897
898 std::map<std::string, std::shared_ptr<IAccountInfo>> accounts;
899 ErrCode result = dataStoragePtr->LoadDataByLocalFuzzyQuery(owner, accounts);
900 if (result != ERR_OK) {
901 ACCOUNT_LOGE("failed to get accounts by owner, result = %{public}d, owner = %{public}s",
902 result, owner.c_str());
903 return ERR_APPACCOUNT_SERVICE_GET_ACCOUNT_INFO_BY_OWNER;
904 }
905
906 std::transform(accounts.begin(), accounts.end(), std::back_inserter(appAccounts),
907 [](auto account) { return *(std::static_pointer_cast<AppAccountInfo>(account.second)); });
908
909 return ERR_OK;
910 }
911
GetAllAccessibleAccountsFromDataStorage(std::vector<AppAccountInfo> & appAccounts,const std::string & bundleName,const std::shared_ptr<AppAccountDataStorage> & dataStoragePtr,const uint32_t & appIndex)912 ErrCode AppAccountControlManager::GetAllAccessibleAccountsFromDataStorage(
913 std::vector<AppAccountInfo> &appAccounts, const std::string &bundleName,
914 const std::shared_ptr<AppAccountDataStorage> &dataStoragePtr, const uint32_t &appIndex)
915 {
916 appAccounts.clear();
917
918 if (dataStoragePtr == nullptr) {
919 ACCOUNT_LOGE("dataStoragePtr is nullptr");
920 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
921 }
922
923 std::vector<std::string> accessibleAccounts;
924 ErrCode result = dataStoragePtr->GetAccessibleAccountsFromDataStorage(bundleName, accessibleAccounts);
925 if (result != ERR_OK) {
926 ACCOUNT_LOGE("failed to get accessible account from data storage, result = %{public}d.", result);
927 return result;
928 }
929
930 for (auto account : accessibleAccounts) {
931 AppAccountInfo appAccountInfo;
932
933 result = dataStoragePtr->GetAccountInfoById(account, appAccountInfo);
934 if (result != ERR_OK) {
935 ACCOUNT_LOGE("failed to get account info by id. result %{public}d.", result);
936 return ERR_APPACCOUNT_SERVICE_GET_ACCOUNT_INFO_BY_ID;
937 }
938
939 appAccounts.emplace_back(appAccountInfo);
940 }
941
942 std::vector<AppAccountInfo> currentAppAccounts;
943 std::string key = bundleName + Constants::HYPHEN + std::to_string(appIndex);
944 result = GetAllAccountsFromDataStorage(key, currentAppAccounts, bundleName, dataStoragePtr);
945 if (result != ERR_OK) {
946 ACCOUNT_LOGE("failed to get all accounts from data storage, result = %{public}d", result);
947 return result;
948 }
949
950 std::transform(currentAppAccounts.begin(), currentAppAccounts.end(), std::back_inserter(appAccounts),
951 [](auto account) { return account; });
952
953 return ERR_OK;
954 }
955
GetDataStorageByUserId(int32_t userId,const bool & autoSync)956 std::shared_ptr<AppAccountDataStorage> AppAccountControlManager::GetDataStorageByUserId(
957 int32_t userId, const bool &autoSync)
958 {
959 std::string storeId = std::to_string(userId);
960 if (autoSync == true) {
961 storeId = storeId + AppAccountDataStorage::DATA_STORAGE_SUFFIX;
962 }
963 std::lock_guard<std::mutex> lock(storePtrMutex_);
964 auto it = storePtrMap_.find(storeId);
965 if (it != storePtrMap_.end()) {
966 return it->second;
967 }
968 auto storePtr = std::make_shared<AppAccountDataStorage>(storeId, autoSync);
969 storePtrMap_.emplace(storeId, storePtr);
970 return storePtr;
971 }
972
GetDataStorage(const uid_t & uid,const bool & autoSync)973 std::shared_ptr<AppAccountDataStorage> AppAccountControlManager::GetDataStorage(const uid_t &uid, const bool &autoSync)
974 {
975 return GetDataStorageByUserId(uid / UID_TRANSFORM_DIVISOR, autoSync);
976 }
977
NeedSyncDataStorage(const AppAccountInfo & appAccountInfo)978 bool AppAccountControlManager::NeedSyncDataStorage(const AppAccountInfo &appAccountInfo)
979 {
980 bool syncEnable = false;
981 appAccountInfo.GetSyncEnable(syncEnable);
982
983 if (syncEnable == false) {
984 return false;
985 }
986 return true;
987 }
988
GetAccountInfoFromDataStorage(AppAccountInfo & appAccountInfo,std::shared_ptr<AppAccountDataStorage> & dataStoragePtr)989 ErrCode AppAccountControlManager::GetAccountInfoFromDataStorage(
990 AppAccountInfo &appAccountInfo, std::shared_ptr<AppAccountDataStorage> &dataStoragePtr)
991 {
992 if (dataStoragePtr == nullptr) {
993 ACCOUNT_LOGE("dataStoragePtr is nullptr");
994 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
995 }
996
997 return dataStoragePtr->GetAccountInfoFromDataStorage(appAccountInfo);
998 }
999
AddAccountInfoIntoDataStorage(AppAccountInfo & appAccountInfo,const std::shared_ptr<AppAccountDataStorage> & dataStoragePtr,const uid_t & uid)1000 ErrCode AppAccountControlManager::AddAccountInfoIntoDataStorage(
1001 AppAccountInfo &appAccountInfo, const std::shared_ptr<AppAccountDataStorage> &dataStoragePtr, const uid_t &uid)
1002 {
1003 if (dataStoragePtr == nullptr) {
1004 ACCOUNT_LOGE("dataStoragePtr is nullptr");
1005 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1006 }
1007
1008 std::string owner;
1009 appAccountInfo.GetOwner(owner);
1010
1011 std::map<std::string, std::shared_ptr<IAccountInfo>> accounts;
1012 std::string key = owner + Constants::HYPHEN + std::to_string(appAccountInfo.GetAppIndex());
1013 ErrCode result = dataStoragePtr->LoadDataByLocalFuzzyQuery(key, accounts);
1014 if (result != ERR_OK) {
1015 ACCOUNT_LOGE("failed to get accounts by owner, result %{public}d, owner = %{public}s",
1016 result, owner.c_str());
1017 return ERR_APPACCOUNT_SERVICE_GET_ACCOUNT_INFO_BY_OWNER;
1018 }
1019
1020 if (accounts.size() >= ACCOUNT_MAX_SIZE) {
1021 ACCOUNT_LOGE("account exceeds max size");
1022 return ERR_APPACCOUNT_SERVICE_ACCOUNT_MAX_SIZE;
1023 }
1024
1025 result = dataStoragePtr->AddAccountInfoIntoDataStorage(appAccountInfo);
1026 if (result != ERR_OK) {
1027 ACCOUNT_LOGE("failed to add account info into data storage, result %{public}d.", result);
1028 return result;
1029 }
1030
1031 // for sync data storage
1032 #ifdef DISTRIBUTED_FEATURE_ENABLED
1033 if (NeedSyncDataStorage(appAccountInfo) == true) {
1034 auto dataStorageSyncPtr = GetDataStorage(uid, true);
1035 if (dataStorageSyncPtr == nullptr) {
1036 ACCOUNT_LOGE("dataStorageSyncPtr is nullptr");
1037 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1038 }
1039
1040 result = dataStorageSyncPtr->AddAccountInfoIntoDataStorage(appAccountInfo);
1041 if (result != ERR_OK) {
1042 ACCOUNT_LOGE("failed to add account info into data storage, result %{public}d.", result);
1043 return result;
1044 }
1045 }
1046 #else // DISTRIBUTED_FEATURE_ENABLED
1047 ACCOUNT_LOGI("No distributed feature!");
1048 #endif // DISTRIBUTED_FEATURE_ENABLED
1049
1050 return ERR_OK;
1051 }
1052
SaveAccountInfoIntoDataStorage(AppAccountInfo & appAccountInfo,const std::shared_ptr<AppAccountDataStorage> & dataStoragePtr,const uid_t & uid)1053 ErrCode AppAccountControlManager::SaveAccountInfoIntoDataStorage(
1054 AppAccountInfo &appAccountInfo, const std::shared_ptr<AppAccountDataStorage> &dataStoragePtr, const uid_t &uid)
1055 {
1056 if (dataStoragePtr == nullptr) {
1057 ACCOUNT_LOGE("dataStoragePtr is nullptr");
1058 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1059 }
1060
1061 ErrCode result = dataStoragePtr->SaveAccountInfoIntoDataStorage(appAccountInfo);
1062 if (result != ERR_OK) {
1063 ACCOUNT_LOGE("failed to save account info into data storage, result %{public}d.", result);
1064 return result;
1065 }
1066
1067 // for sync data storage
1068 #ifdef DISTRIBUTED_FEATURE_ENABLED
1069 if (NeedSyncDataStorage(appAccountInfo) == true) {
1070 auto dataStorageSyncPtr = GetDataStorage(uid, true);
1071 if (dataStorageSyncPtr == nullptr) {
1072 ACCOUNT_LOGE("dataStorageSyncPtr is nullptr");
1073 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1074 }
1075
1076 std::string appAccountInfoFromDataStorage;
1077 result = dataStorageSyncPtr->GetValueFromKvStore(appAccountInfo.GetPrimeKey(), appAccountInfoFromDataStorage);
1078 if (result != ERR_OK) {
1079 ACCOUNT_LOGE("failed to get config by id from data storage, result %{public}d.", result);
1080
1081 result = dataStorageSyncPtr->AddAccountInfo(appAccountInfo);
1082 if (result != ERR_OK) {
1083 ACCOUNT_LOGE("failed to add account info, result = %{public}d", result);
1084 return ERR_APPACCOUNT_SERVICE_ADD_ACCOUNT_INFO;
1085 }
1086 } else {
1087 result = dataStorageSyncPtr->SaveAccountInfo(appAccountInfo);
1088 if (result != ERR_OK) {
1089 ACCOUNT_LOGE("failed to save account info, result = %{public}d", result);
1090 return ERR_APPACCOUNT_SERVICE_SAVE_ACCOUNT_INFO;
1091 }
1092 }
1093 }
1094 #else // DISTRIBUTED_FEATURE_ENABLED
1095 ACCOUNT_LOGI("No distributed feature!");
1096 #endif // DISTRIBUTED_FEATURE_ENABLED
1097
1098 return ERR_OK;
1099 }
1100
DeleteAccountInfoFromDataStorage(AppAccountInfo & appAccountInfo,std::shared_ptr<AppAccountDataStorage> & dataStoragePtr,const uid_t & uid)1101 ErrCode AppAccountControlManager::DeleteAccountInfoFromDataStorage(
1102 AppAccountInfo &appAccountInfo, std::shared_ptr<AppAccountDataStorage> &dataStoragePtr, const uid_t &uid)
1103 {
1104 if (dataStoragePtr == nullptr) {
1105 ACCOUNT_LOGE("dataStoragePtr is nullptr");
1106 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1107 }
1108
1109 ErrCode result = dataStoragePtr->GetAccountInfoFromDataStorage(appAccountInfo);
1110 if (result != ERR_OK) {
1111 ACCOUNT_LOGE("failed to get account info from data storage, result %{public}d.", result);
1112 return result;
1113 }
1114
1115 result = dataStoragePtr->DeleteAccountInfoFromDataStorage(appAccountInfo);
1116 if (result != ERR_OK) {
1117 ACCOUNT_LOGE("failed to delete account info from data storage, result %{public}d.", result);
1118 return result;
1119 }
1120
1121 // for sync data storage
1122 #ifdef DISTRIBUTED_FEATURE_ENABLED
1123 if (NeedSyncDataStorage(appAccountInfo) == true) {
1124 auto dataStorageSyncPtr = GetDataStorage(uid, true);
1125 if (dataStorageSyncPtr == nullptr) {
1126 ACCOUNT_LOGE("dataStorageSyncPtr is nullptr");
1127 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1128 }
1129
1130 result = dataStorageSyncPtr->DeleteAccountInfoFromDataStorage(appAccountInfo);
1131 if (result != ERR_OK) {
1132 ACCOUNT_LOGE("failed to delete account info from data storage, result %{public}d.", result);
1133 }
1134 }
1135 #else // DISTRIBUTED_FEATURE_ENABLED
1136 ACCOUNT_LOGI("No distributed feature!");
1137 #endif // DISTRIBUTED_FEATURE_ENABLED
1138 return ERR_OK;
1139 }
1140
SaveAuthorizedAccount(const std::string & bundleName,AppAccountInfo & appAccountInfo,const std::shared_ptr<AppAccountDataStorage> & dataStoragePtr,const uid_t & uid)1141 ErrCode AppAccountControlManager::SaveAuthorizedAccount(const std::string &bundleName,
1142 AppAccountInfo &appAccountInfo, const std::shared_ptr<AppAccountDataStorage> &dataStoragePtr, const uid_t &uid)
1143 {
1144 if (dataStoragePtr == nullptr) {
1145 ACCOUNT_LOGE("dataStoragePtr is nullptr");
1146 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1147 }
1148
1149 ErrCode result = SaveAuthorizedAccountIntoDataStorage(bundleName, appAccountInfo, dataStoragePtr);
1150 if (result != ERR_OK) {
1151 ACCOUNT_LOGE("failed to save authorized account, result %{public}d.", result);
1152 return result;
1153 }
1154
1155 // for sync data storage
1156 #ifdef DISTRIBUTED_FEATURE_ENABLED
1157 if (NeedSyncDataStorage(appAccountInfo) == true) {
1158 auto dataStorageSyncPtr = GetDataStorage(uid, true);
1159 if (dataStorageSyncPtr == nullptr) {
1160 ACCOUNT_LOGE("dataStorageSyncPtr is nullptr");
1161 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1162 }
1163
1164 result = SaveAuthorizedAccountIntoDataStorage(bundleName, appAccountInfo, dataStorageSyncPtr);
1165 if (result != ERR_OK) {
1166 ACCOUNT_LOGE("failed to save authorized account, result %{public}d.", result);
1167 return result;
1168 }
1169 }
1170 #else // DISTRIBUTED_FEATURE_ENABLED
1171 ACCOUNT_LOGI("No distributed feature!");
1172 #endif // DISTRIBUTED_FEATURE_ENABLED
1173
1174 return ERR_OK;
1175 }
1176
RemoveAuthorizedAccount(const std::string & bundleName,AppAccountInfo & appAccountInfo,const std::shared_ptr<AppAccountDataStorage> & dataStoragePtr,const uid_t & uid)1177 ErrCode AppAccountControlManager::RemoveAuthorizedAccount(const std::string &bundleName,
1178 AppAccountInfo &appAccountInfo, const std::shared_ptr<AppAccountDataStorage> &dataStoragePtr, const uid_t &uid)
1179 {
1180 if (dataStoragePtr == nullptr) {
1181 ACCOUNT_LOGE("dataStoragePtr is nullptr");
1182 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1183 }
1184
1185 ErrCode result = RemoveAuthorizedAccountFromDataStorage(bundleName, appAccountInfo, dataStoragePtr);
1186 if (result != ERR_OK) {
1187 ACCOUNT_LOGE("failed to save authorized account, result %{public}d.", result);
1188 return result;
1189 }
1190
1191 // for sync data storage
1192 #ifdef DISTRIBUTED_FEATURE_ENABLED
1193 if (NeedSyncDataStorage(appAccountInfo) == true) {
1194 auto dataStorageSyncPtr = GetDataStorage(uid, true);
1195 if (dataStorageSyncPtr == nullptr) {
1196 ACCOUNT_LOGE("dataStorageSyncPtr is nullptr");
1197 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1198 }
1199
1200 result = RemoveAuthorizedAccountFromDataStorage(bundleName, appAccountInfo, dataStorageSyncPtr);
1201 if (result != ERR_OK) {
1202 ACCOUNT_LOGE("failed to save authorized account, result %{public}d.", result);
1203 return result;
1204 }
1205 }
1206 #else // DISTRIBUTED_FEATURE_ENABLED
1207 ACCOUNT_LOGI("No distributed feature!");
1208 #endif // DISTRIBUTED_FEATURE_ENABLED
1209
1210 return ERR_OK;
1211 }
1212
SaveAuthorizedAccountIntoDataStorage(const std::string & authorizedApp,AppAccountInfo & appAccountInfo,const std::shared_ptr<AppAccountDataStorage> & dataStoragePtr)1213 ErrCode AppAccountControlManager::SaveAuthorizedAccountIntoDataStorage(const std::string &authorizedApp,
1214 AppAccountInfo &appAccountInfo, const std::shared_ptr<AppAccountDataStorage> &dataStoragePtr)
1215 {
1216 if (dataStoragePtr == nullptr) {
1217 ACCOUNT_LOGE("dataStoragePtr is nullptr");
1218 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1219 }
1220
1221 std::string authorizedAccounts;
1222 ErrCode result = dataStoragePtr->GetValueFromKvStore(AppAccountDataStorage::AUTHORIZED_ACCOUNTS,
1223 authorizedAccounts);
1224 if (result != ERR_OK) {
1225 ACCOUNT_LOGE("failed to get config by id from data storage, result %{public}d.", result);
1226 }
1227
1228 std::vector<std::string> accessibleAccounts;
1229 auto jsonObject = dataStoragePtr->GetAccessibleAccountsFromAuthorizedAccounts(
1230 authorizedAccounts, authorizedApp, accessibleAccounts);
1231
1232 auto accountId = appAccountInfo.GetPrimeKey();
1233
1234 auto it = std::find(accessibleAccounts.begin(), accessibleAccounts.end(), accountId);
1235 if (it == accessibleAccounts.end()) {
1236 accessibleAccounts.emplace_back(accountId);
1237 }
1238
1239 auto accessibleAccountArray = Json::array();
1240 std::transform(accessibleAccounts.begin(), accessibleAccounts.end(), std::back_inserter(accessibleAccountArray),
1241 [](auto account) { return account; });
1242
1243 jsonObject[authorizedApp] = accessibleAccountArray;
1244 try {
1245 authorizedAccounts = jsonObject.dump();
1246 } catch (Json::type_error& err) {
1247 ACCOUNT_LOGE("failed to dump json object, reason: %{public}s", err.what());
1248 return ERR_ACCOUNT_COMMON_DUMP_JSON_ERROR;
1249 }
1250
1251 result = dataStoragePtr->PutValueToKvStore(AppAccountDataStorage::AUTHORIZED_ACCOUNTS, authorizedAccounts);
1252 if (result != ERR_OK) {
1253 ACCOUNT_LOGE("PutValueToKvStore failed! result %{public}d.", result);
1254 }
1255 return result;
1256 }
1257
RemoveAuthorizedAccountFromDataStorage(const std::string & authorizedApp,AppAccountInfo & appAccountInfo,const std::shared_ptr<AppAccountDataStorage> & dataStoragePtr)1258 ErrCode AppAccountControlManager::RemoveAuthorizedAccountFromDataStorage(const std::string &authorizedApp,
1259 AppAccountInfo &appAccountInfo, const std::shared_ptr<AppAccountDataStorage> &dataStoragePtr)
1260 {
1261 if (dataStoragePtr == nullptr) {
1262 ACCOUNT_LOGE("dataStoragePtr is nullptr");
1263 return ERR_APPACCOUNT_SERVICE_DATA_STORAGE_PTR_IS_NULLPTR;
1264 }
1265
1266 std::string authorizedAccounts;
1267 ErrCode result = dataStoragePtr->GetValueFromKvStore(AppAccountDataStorage::AUTHORIZED_ACCOUNTS,
1268 authorizedAccounts);
1269 if (result != ERR_OK) {
1270 ACCOUNT_LOGE("failed to get config by id from data storage, result %{public}d.", result);
1271 }
1272
1273 std::vector<std::string> accessibleAccounts;
1274 auto jsonObject = dataStoragePtr->GetAccessibleAccountsFromAuthorizedAccounts(
1275 authorizedAccounts, authorizedApp, accessibleAccounts);
1276
1277 auto accountId = appAccountInfo.GetPrimeKey();
1278
1279 auto it = std::find(accessibleAccounts.begin(), accessibleAccounts.end(), accountId);
1280 if (it != accessibleAccounts.end()) {
1281 accessibleAccounts.erase(it);
1282 }
1283
1284 auto accessibleAccountArray = Json::array();
1285 std::transform(accessibleAccounts.begin(), accessibleAccounts.end(), std::back_inserter(accessibleAccountArray),
1286 [](auto account) { return account; });
1287
1288 jsonObject[authorizedApp] = accessibleAccountArray;
1289 try {
1290 authorizedAccounts = jsonObject.dump();
1291 } catch (Json::type_error& err) {
1292 ACCOUNT_LOGE("failed to dump json object, reason: %{public}s", err.what());
1293 return ERR_ACCOUNT_COMMON_DUMP_JSON_ERROR;
1294 }
1295
1296 result = dataStoragePtr->PutValueToKvStore(AppAccountDataStorage::AUTHORIZED_ACCOUNTS, authorizedAccounts);
1297 if (result != ERR_OK) {
1298 ACCOUNT_LOGE("failed to save config info, result %{public}d.", result);
1299 return result;
1300 }
1301
1302 return ERR_OK;
1303 }
1304 } // namespace AccountSA
1305 } // namespace OHOS
1306