1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accesstoken_manager_service.h"
17
18 #include <algorithm>
19 #include <sys/types.h>
20 #include <thread>
21 #include <unistd.h>
22
23 #include "access_token.h"
24 #include "accesstoken_dfx_define.h"
25 #include "accesstoken_id_manager.h"
26 #include "accesstoken_info_manager.h"
27 #include "accesstoken_log.h"
28 #ifdef TOKEN_SYNC_ENABLE
29 #include "atm_device_state_callback.h"
30 #include "device_manager.h"
31 #endif
32 #include "constant_common.h"
33 #ifdef SUPPORT_SANDBOX_APP
34 #include "dlp_permission_set_parser.h"
35 #endif
36 #include "hap_token_info.h"
37 #include "hap_token_info_inner.h"
38 #include "hisysevent.h"
39 #include "hitrace_meter.h"
40 #include "ipc_skeleton.h"
41 #include "native_token_info_inner.h"
42 #include "native_token_receptor.h"
43 #include "permission_list_state.h"
44 #include "permission_manager.h"
45 #include "privacy_kit.h"
46 #include "string_ex.h"
47
48 namespace OHOS {
49 namespace Security {
50 namespace AccessToken {
51 namespace {
52 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
53 LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "ATMServ"
54 };
55 static const std::string ACCESS_TOKEN_PACKAGE_NAME = "ohos.security.distributed_token_sync";
56 constexpr int TWO_ARGS = 2;
57 }
58
59 const bool REGISTER_RESULT =
60 SystemAbility::MakeAndRegisterAbility(DelayedSingleton<AccessTokenManagerService>::GetInstance().get());
61
AccessTokenManagerService()62 AccessTokenManagerService::AccessTokenManagerService()
63 : SystemAbility(SA_ID_ACCESSTOKEN_MANAGER_SERVICE, true), state_(ServiceRunningState::STATE_NOT_START)
64 {
65 ACCESSTOKEN_LOG_INFO(LABEL, "AccessTokenManagerService()");
66 }
67
~AccessTokenManagerService()68 AccessTokenManagerService::~AccessTokenManagerService()
69 {
70 ACCESSTOKEN_LOG_INFO(LABEL, "~AccessTokenManagerService()");
71 }
72
OnStart()73 void AccessTokenManagerService::OnStart()
74 {
75 if (state_ == ServiceRunningState::STATE_RUNNING) {
76 ACCESSTOKEN_LOG_INFO(LABEL, "AccessTokenManagerService has already started!");
77 return;
78 }
79 ACCESSTOKEN_LOG_INFO(LABEL, "AccessTokenManagerService is starting");
80 if (!Initialize()) {
81 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to initialize");
82 return;
83 }
84 state_ = ServiceRunningState::STATE_RUNNING;
85 bool ret = Publish(DelayedSingleton<AccessTokenManagerService>::GetInstance().get());
86 if (!ret) {
87 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to publish service!");
88 return;
89 }
90 ACCESSTOKEN_LOG_INFO(LABEL, "Congratulations, AccessTokenManagerService start successfully!");
91 }
92
OnStop()93 void AccessTokenManagerService::OnStop()
94 {
95 ACCESSTOKEN_LOG_INFO(LABEL, "stop service");
96 state_ = ServiceRunningState::STATE_NOT_START;
97 #ifdef TOKEN_SYNC_ENABLE
98 DestroyDeviceListener();
99 #endif
100 }
101
VerifyAccessToken(AccessTokenID tokenID,const std::string & permissionName)102 int AccessTokenManagerService::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName)
103 {
104 StartTrace(HITRACE_TAG_ACCESS_CONTROL, "AccessTokenVerifyPermission");
105 int32_t res = PermissionManager::GetInstance().VerifyAccessToken(tokenID, permissionName);
106 ACCESSTOKEN_LOG_DEBUG(LABEL, "tokenID: %{public}d, permission: %{public}s, res %{public}d",
107 tokenID, permissionName.c_str(), res);
108 FinishTrace(HITRACE_TAG_ACCESS_CONTROL);
109 return res;
110 }
111
GetDefPermission(const std::string & permissionName,PermissionDefParcel & permissionDefResult)112 int AccessTokenManagerService::GetDefPermission(
113 const std::string& permissionName, PermissionDefParcel& permissionDefResult)
114 {
115 ACCESSTOKEN_LOG_INFO(LABEL, "permission: %{public}s", permissionName.c_str());
116 return PermissionManager::GetInstance().GetDefPermission(permissionName, permissionDefResult.permissionDef);
117 }
118
GetDefPermissions(AccessTokenID tokenID,std::vector<PermissionDefParcel> & permList)119 int AccessTokenManagerService::GetDefPermissions(AccessTokenID tokenID, std::vector<PermissionDefParcel>& permList)
120 {
121 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x", tokenID);
122 std::vector<PermissionDef> permVec;
123 int ret = PermissionManager::GetInstance().GetDefPermissions(tokenID, permVec);
124 for (const auto& perm : permVec) {
125 PermissionDefParcel permPrcel;
126 permPrcel.permissionDef = perm;
127 permList.emplace_back(permPrcel);
128 }
129 return ret;
130 }
131
GetReqPermissions(AccessTokenID tokenID,std::vector<PermissionStateFullParcel> & reqPermList,bool isSystemGrant)132 int AccessTokenManagerService::GetReqPermissions(
133 AccessTokenID tokenID, std::vector<PermissionStateFullParcel>& reqPermList, bool isSystemGrant)
134 {
135 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x, isSystemGrant: %{public}d", tokenID, isSystemGrant);
136
137 std::vector<PermissionStateFull> permList;
138 int ret = PermissionManager::GetInstance().GetReqPermissions(tokenID, permList, isSystemGrant);
139
140 for (const auto& perm : permList) {
141 PermissionStateFullParcel permPrcel;
142 permPrcel.permStatFull = perm;
143 reqPermList.emplace_back(permPrcel);
144 }
145 return ret;
146 }
147
GetSelfPermissionsState(std::vector<PermissionListStateParcel> & reqPermList)148 PermissionOper AccessTokenManagerService::GetSelfPermissionsState(
149 std::vector<PermissionListStateParcel>& reqPermList)
150 {
151 AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID();
152
153 int32_t apiVersion = 0;
154 if (!PermissionManager::GetInstance().GetApiVersionByTokenId(callingTokenID, apiVersion)) {
155 ACCESSTOKEN_LOG_ERROR(LABEL, "get api version error");
156 return INVALID_OPER;
157 }
158 ACCESSTOKEN_LOG_INFO(LABEL, "callingTokenID: %{public}d, apiVersion: %{public}d", callingTokenID, apiVersion);
159
160 bool needRes = false;
161 std::vector<PermissionStateFull> permsList;
162 int retUserGrant = PermissionManager::GetInstance().GetReqPermissions(callingTokenID, permsList, false);
163 int retSysGrant = PermissionManager::GetInstance().GetReqPermissions(callingTokenID, permsList, true);
164 if ((retSysGrant != RET_SUCCESS) || (retUserGrant != RET_SUCCESS)) {
165 ACCESSTOKEN_LOG_ERROR(LABEL,
166 "GetReqPermissions failed, retUserGrant:%{public}d, retSysGrant:%{public}d",
167 retUserGrant, retSysGrant);
168 return INVALID_OPER;
169 }
170
171 uint32_t vagueIndex = ELEMENT_NOT_FOUND;
172 uint32_t accurateIndex = ELEMENT_NOT_FOUND;
173
174 if (apiVersion >= ACCURATE_LOCATION_API_VERSION) {
175 if (PermissionManager::GetInstance().GetLocationPermissionIndex(reqPermList, vagueIndex, accurateIndex)) {
176 needRes = PermissionManager::GetInstance().LocationPermissionSpecialHandle(reqPermList, apiVersion,
177 permsList, vagueIndex, accurateIndex); // api9 location permission handle here
178 }
179 }
180
181 uint32_t size = reqPermList.size();
182 for (uint32_t i = 0; i < size; i++) {
183 if (((reqPermList[i].permsState.permissionName == VAGUE_LOCATION_PERMISSION_NAME) ||
184 (reqPermList[i].permsState.permissionName == ACCURATE_LOCATION_PERMISSION_NAME)) &&
185 (apiVersion >= ACCURATE_LOCATION_API_VERSION)) {
186 continue; // api9 location permission special handle above
187 }
188
189 PermissionManager::GetInstance().GetSelfPermissionState(permsList, reqPermList[i].permsState, apiVersion);
190 if (static_cast<PermissionOper>(reqPermList[i].permsState.state) == DYNAMIC_OPER) {
191 needRes = true;
192 }
193 ACCESSTOKEN_LOG_INFO(LABEL, "perm: 0x%{public}s, state: 0x%{public}d",
194 reqPermList[i].permsState.permissionName.c_str(), reqPermList[i].permsState.state);
195 }
196 if (needRes) {
197 return DYNAMIC_OPER;
198 } else {
199 if ((vagueIndex == ELEMENT_NOT_FOUND) && (accurateIndex != ELEMENT_NOT_FOUND)) {
200 // only accurate location permission without other DYNAMIC_OPER state return INVALID_OPER
201 return INVALID_OPER;
202 }
203 }
204 return PASS_OPER;
205 }
206
GetPermissionFlag(AccessTokenID tokenID,const std::string & permissionName,int & flag)207 int AccessTokenManagerService::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, int& flag)
208 {
209 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x, permission: %{public}s",
210 tokenID, permissionName.c_str());
211 return PermissionManager::GetInstance().GetPermissionFlag(tokenID, permissionName, flag);
212 }
213
GrantPermission(AccessTokenID tokenID,const std::string & permissionName,int flag)214 int AccessTokenManagerService::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag)
215 {
216 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x, permission: %{public}s, flag: %{public}d",
217 tokenID, permissionName.c_str(), flag);
218 PermissionManager::GetInstance().GrantPermission(tokenID, permissionName, flag);
219 AccessTokenInfoManager::GetInstance().RefreshTokenInfoIfNeeded();
220 return RET_SUCCESS;
221 }
222
RevokePermission(AccessTokenID tokenID,const std::string & permissionName,int flag)223 int AccessTokenManagerService::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag)
224 {
225 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x, permission: %{public}s, flag: %{public}d",
226 tokenID, permissionName.c_str(), flag);
227 PermissionManager::GetInstance().RevokePermission(tokenID, permissionName, flag);
228 AccessTokenInfoManager::GetInstance().RefreshTokenInfoIfNeeded();
229 return RET_SUCCESS;
230 }
231
ClearUserGrantedPermissionState(AccessTokenID tokenID)232 int AccessTokenManagerService::ClearUserGrantedPermissionState(AccessTokenID tokenID)
233 {
234 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x", tokenID);
235 PermissionManager::GetInstance().ClearUserGrantedPermissionState(tokenID);
236 AccessTokenInfoManager::GetInstance().RefreshTokenInfoIfNeeded();
237 PrivacyKit::RemovePermissionUsedRecords(tokenID, "");
238 return RET_SUCCESS;
239 }
240
RegisterPermStateChangeCallback(const PermStateChangeScopeParcel & scope,const sptr<IRemoteObject> & callback)241 int32_t AccessTokenManagerService::RegisterPermStateChangeCallback(
242 const PermStateChangeScopeParcel& scope, const sptr<IRemoteObject>& callback)
243 {
244 ACCESSTOKEN_LOG_INFO(LABEL, "Entry");
245 return PermissionManager::GetInstance().AddPermStateChangeCallback(scope.scope, callback);
246 }
247
UnRegisterPermStateChangeCallback(const sptr<IRemoteObject> & callback)248 int32_t AccessTokenManagerService::UnRegisterPermStateChangeCallback(const sptr<IRemoteObject>& callback)
249 {
250 ACCESSTOKEN_LOG_INFO(LABEL, "Entry");
251 return PermissionManager::GetInstance().RemovePermStateChangeCallback(callback);
252 }
253
AllocHapToken(const HapInfoParcel & info,const HapPolicyParcel & policy)254 AccessTokenIDEx AccessTokenManagerService::AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy)
255 {
256 ACCESSTOKEN_LOG_INFO(LABEL, "called!");
257 AccessTokenIDEx tokenIdEx;
258 tokenIdEx.tokenIDEx = 0LL;
259
260 int ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(
261 info.hapInfoParameter, policy.hapPolicyParameter, tokenIdEx);
262 if (ret != RET_SUCCESS) {
263 ACCESSTOKEN_LOG_INFO(LABEL, "hap token info create failed");
264 }
265 return tokenIdEx;
266 }
267
DeleteToken(AccessTokenID tokenID)268 int AccessTokenManagerService::DeleteToken(AccessTokenID tokenID)
269 {
270 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x", tokenID);
271 PrivacyKit::RemovePermissionUsedRecords(tokenID, "");
272 // only support hap token deletion
273 return AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
274 }
275
GetTokenType(AccessTokenID tokenID)276 int AccessTokenManagerService::GetTokenType(AccessTokenID tokenID)
277 {
278 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x", tokenID);
279 return AccessTokenIDManager::GetInstance().GetTokenIdType(tokenID);
280 }
281
CheckNativeDCap(AccessTokenID tokenID,const std::string & dcap)282 int AccessTokenManagerService::CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap)
283 {
284 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x, dcap: %{public}s",
285 tokenID, dcap.c_str());
286 return AccessTokenInfoManager::GetInstance().CheckNativeDCap(tokenID, dcap);
287 }
288
GetHapTokenID(int userID,const std::string & bundleName,int instIndex)289 AccessTokenID AccessTokenManagerService::GetHapTokenID(int userID, const std::string& bundleName, int instIndex)
290 {
291 ACCESSTOKEN_LOG_INFO(LABEL, "userID: %{public}d, bundle: %{public}s, instIndex: %{public}d",
292 userID, bundleName.c_str(), instIndex);
293 return AccessTokenInfoManager::GetInstance().GetHapTokenID(userID, bundleName, instIndex);
294 }
295
AllocLocalTokenID(const std::string & remoteDeviceID,AccessTokenID remoteTokenID)296 AccessTokenID AccessTokenManagerService::AllocLocalTokenID(
297 const std::string& remoteDeviceID, AccessTokenID remoteTokenID)
298 {
299 ACCESSTOKEN_LOG_INFO(LABEL, "remoteDeviceID: %{public}s, remoteTokenID: %{public}d",
300 ConstantCommon::EncryptDevId(remoteDeviceID).c_str(), remoteTokenID);
301 return AccessTokenInfoManager::GetInstance().AllocLocalTokenID(remoteDeviceID, remoteTokenID);
302 }
303
UpdateHapToken(AccessTokenID tokenID,const std::string & appIDDesc,int32_t apiVersion,const HapPolicyParcel & policyParcel)304 int AccessTokenManagerService::UpdateHapToken(
305 AccessTokenID tokenID, const std::string& appIDDesc, int32_t apiVersion, const HapPolicyParcel& policyParcel)
306 {
307 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x", tokenID);
308 return AccessTokenInfoManager::GetInstance().UpdateHapToken(tokenID, appIDDesc, apiVersion,
309 policyParcel.hapPolicyParameter);
310 }
311
GetHapTokenInfo(AccessTokenID tokenID,HapTokenInfoParcel & infoParcel)312 int AccessTokenManagerService::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& infoParcel)
313 {
314 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x", tokenID);
315
316 return AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, infoParcel.hapTokenInfoParams);
317 }
318
GetNativeTokenInfo(AccessTokenID tokenID,NativeTokenInfoParcel & infoParcel)319 int AccessTokenManagerService::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& infoParcel)
320 {
321 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x", tokenID);
322
323 return AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenID, infoParcel.nativeTokenInfoParams);
324 }
325
ReloadNativeTokenInfo()326 int32_t AccessTokenManagerService::ReloadNativeTokenInfo()
327 {
328 return NativeTokenReceptor::GetInstance().Init();
329 }
330
GetNativeTokenId(const std::string & processName)331 AccessTokenID AccessTokenManagerService::GetNativeTokenId(const std::string& processName)
332 {
333 return AccessTokenInfoManager::GetInstance().GetNativeTokenId(processName);
334 }
335
336 #ifdef TOKEN_SYNC_ENABLE
GetHapTokenInfoFromRemote(AccessTokenID tokenID,HapTokenInfoForSyncParcel & hapSyncParcel)337 int AccessTokenManagerService::GetHapTokenInfoFromRemote(AccessTokenID tokenID,
338 HapTokenInfoForSyncParcel& hapSyncParcel)
339 {
340 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x", tokenID);
341
342 return AccessTokenInfoManager::GetInstance().GetHapTokenInfoFromRemote(tokenID,
343 hapSyncParcel.hapTokenInfoForSyncParams);
344 }
345
GetAllNativeTokenInfo(std::vector<NativeTokenInfoForSyncParcel> & nativeTokenInfosRes)346 int AccessTokenManagerService::GetAllNativeTokenInfo(std::vector<NativeTokenInfoForSyncParcel>& nativeTokenInfosRes)
347 {
348 ACCESSTOKEN_LOG_INFO(LABEL, "called");
349
350 std::vector<NativeTokenInfoForSync> nativeVec;
351 AccessTokenInfoManager::GetInstance().GetAllNativeTokenInfo(nativeVec);
352 for (const auto& native : nativeVec) {
353 NativeTokenInfoForSyncParcel nativeParcel;
354 nativeParcel.nativeTokenInfoForSyncParams = native;
355 nativeTokenInfosRes.emplace_back(nativeParcel);
356 }
357
358 return RET_SUCCESS;
359 }
360
SetRemoteHapTokenInfo(const std::string & deviceID,HapTokenInfoForSyncParcel & hapSyncParcel)361 int AccessTokenManagerService::SetRemoteHapTokenInfo(const std::string& deviceID,
362 HapTokenInfoForSyncParcel& hapSyncParcel)
363 {
364 ACCESSTOKEN_LOG_INFO(LABEL, "deviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str());
365
366 return AccessTokenInfoManager::GetInstance().SetRemoteHapTokenInfo(deviceID,
367 hapSyncParcel.hapTokenInfoForSyncParams);
368 }
369
SetRemoteNativeTokenInfo(const std::string & deviceID,std::vector<NativeTokenInfoForSyncParcel> & nativeTokenInfoForSyncParcel)370 int AccessTokenManagerService::SetRemoteNativeTokenInfo(const std::string& deviceID,
371 std::vector<NativeTokenInfoForSyncParcel>& nativeTokenInfoForSyncParcel)
372 {
373 ACCESSTOKEN_LOG_INFO(LABEL, "deviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str());
374
375 std::vector<NativeTokenInfoForSync> nativeList;
376 std::transform(nativeTokenInfoForSyncParcel.begin(),
377 nativeTokenInfoForSyncParcel.end(), std::back_inserter(nativeList),
378 [](const auto& nativeParcel) { return nativeParcel.nativeTokenInfoForSyncParams; });
379
380 return AccessTokenInfoManager::GetInstance().SetRemoteNativeTokenInfo(deviceID, nativeList);
381 }
382
DeleteRemoteToken(const std::string & deviceID,AccessTokenID tokenID)383 int AccessTokenManagerService::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID)
384 {
385 ACCESSTOKEN_LOG_INFO(LABEL, "deviceID: %{public}s, token id %{public}d",
386 ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID);
387
388 return AccessTokenInfoManager::GetInstance().DeleteRemoteToken(deviceID, tokenID);
389 }
390
GetRemoteNativeTokenID(const std::string & deviceID,AccessTokenID tokenID)391 AccessTokenID AccessTokenManagerService::GetRemoteNativeTokenID(const std::string& deviceID,
392 AccessTokenID tokenID)
393 {
394 ACCESSTOKEN_LOG_INFO(LABEL, "deviceID: %{public}s, token id %{public}d",
395 ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID);
396
397 return AccessTokenInfoManager::GetInstance().GetRemoteNativeTokenID(deviceID, tokenID);
398 }
399
DeleteRemoteDeviceTokens(const std::string & deviceID)400 int AccessTokenManagerService::DeleteRemoteDeviceTokens(const std::string& deviceID)
401 {
402 ACCESSTOKEN_LOG_INFO(LABEL, "deviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str());
403
404 return AccessTokenInfoManager::GetInstance().DeleteRemoteDeviceTokens(deviceID);
405 }
406 #endif
407
DumpTokenInfo(AccessTokenID tokenID,std::string & dumpInfo)408 void AccessTokenManagerService::DumpTokenInfo(AccessTokenID tokenID, std::string& dumpInfo)
409 {
410 ACCESSTOKEN_LOG_INFO(LABEL, "called");
411
412 AccessTokenInfoManager::GetInstance().DumpTokenInfo(tokenID, dumpInfo);
413 }
414 #ifdef TOKEN_SYNC_ENABLE
CreateDeviceListener()415 void AccessTokenManagerService::CreateDeviceListener()
416 {
417 static const int32_t RETRY_SLEEP_TIME_MS = 1000;
418 static const int32_t DM_INIT_RETRY_TIMES = 30;
419 std::function<void()> runner = [&]() {
420 auto retrySleepTime = std::chrono::milliseconds(RETRY_SLEEP_TIME_MS);
421 int32_t count = 0;
422 while (1) {
423 if (count >= DM_INIT_RETRY_TIMES) {
424 ACCESSTOKEN_LOG_INFO(LABEL, "retry times has reach the max, break the loop.");
425 break;
426 }
427
428 count++;
429
430 std::unique_lock<std::mutex> lock(mutex_);
431
432 std::string packageName = ACCESS_TOKEN_PACKAGE_NAME;
433 std::shared_ptr<AtmDmInitCallback> ptrDmInitCallback = std::make_shared<AtmDmInitCallback>();
434
435 int32_t ret =
436 DistributedHardware::DeviceManager::GetInstance().InitDeviceManager(packageName, ptrDmInitCallback);
437 if (ret != RET_SUCCESS) {
438 ACCESSTOKEN_LOG_ERROR(LABEL, "Initialize: InitDeviceManager error, result: %{public}d", ret);
439 std::this_thread::sleep_for(retrySleepTime);
440 continue;
441 }
442
443 ACCESSTOKEN_LOG_INFO(LABEL, "device manager init success.");
444
445 std::string extra = "";
446 std::shared_ptr<AtmDeviceStateCallback> ptrAtmDeviceStateCallback =
447 std::make_shared<AtmDeviceStateCallback>();
448 ret = DistributedHardware::DeviceManager::GetInstance().RegisterDevStateCallback(packageName, extra,
449 ptrAtmDeviceStateCallback);
450 if (ret != RET_SUCCESS) {
451 ACCESSTOKEN_LOG_ERROR(LABEL, "Initialize: RegisterDevStateCallback error, result: %{public}d", ret);
452 std::this_thread::sleep_for(retrySleepTime);
453 continue;
454 }
455
456 isListened_ = true;
457
458 ACCESSTOKEN_LOG_INFO(LABEL, "device state Listener register success.");
459
460 return;
461 }
462 };
463
464 std::thread initThread(runner);
465 initThread.detach();
466
467 ACCESSTOKEN_LOG_DEBUG(LABEL, "start a thread to listen device state.");
468 }
469
DestroyDeviceListener()470 void AccessTokenManagerService::DestroyDeviceListener()
471 {
472 ACCESSTOKEN_LOG_DEBUG(LABEL, "destroy, init: %{public}d", isListened_);
473
474 std::unique_lock<std::mutex> lock(mutex_);
475
476 if (!isListened_) {
477 ACCESSTOKEN_LOG_DEBUG(LABEL, "not listened, skip");
478 return;
479 }
480
481 std::string packageName = ACCESS_TOKEN_PACKAGE_NAME;
482
483 int32_t ret = DistributedHardware::DeviceManager::GetInstance().UnRegisterDevStateCallback(packageName);
484 if (ret != RET_SUCCESS) {
485 ACCESSTOKEN_LOG_ERROR(LABEL, "UnRegisterDevStateCallback failed, code: %{public}d", ret);
486 }
487
488 ret = DistributedHardware::DeviceManager::GetInstance().UnInitDeviceManager(packageName);
489 if (ret != RET_SUCCESS) {
490 ACCESSTOKEN_LOG_ERROR(LABEL, "UnInitDeviceManager failed, code: %{public}d", ret);
491 }
492
493 isListened_ = false;
494
495 ACCESSTOKEN_LOG_INFO(LABEL, "device state listener unregister success.");
496 }
497 #endif
498
Dump(int fd,const std::vector<std::u16string> & args)499 int AccessTokenManagerService::Dump(int fd, const std::vector<std::u16string>& args)
500 {
501 if (fd < 0) {
502 return ERR_INVALID_VALUE;
503 }
504
505 dprintf(fd, "AccessToken Dump:\n");
506 std::string arg0 = ((args.size() == 0)? "" : Str16ToStr8(args.at(0)));
507 if (arg0.compare("-h") == 0) {
508 dprintf(fd, "Usage:\n");
509 dprintf(fd, " -h: command help\n");
510 dprintf(fd, " -a: dump all tokens\n");
511 dprintf(fd, " -t <TOKEN_ID>: dump special token id\n");
512 } else if (arg0.compare("-t") == 0) {
513 if (args.size() < TWO_ARGS) {
514 return ERR_INVALID_VALUE;
515 }
516 long long tokenID = atoll(static_cast<const char *>(Str16ToStr8(args.at(1)).c_str()));
517 if (tokenID <= 0) {
518 return ERR_INVALID_VALUE;
519 }
520 std::string dumpStr;
521 DumpTokenInfo(static_cast<AccessTokenID>(tokenID), dumpStr);
522 dprintf(fd, "%s\n", dumpStr.c_str());
523 } else if (arg0.compare("-a") == 0 || arg0 == "") {
524 std::string dumpStr;
525 DumpTokenInfo(static_cast<AccessTokenID>(0), dumpStr);
526 dprintf(fd, "%s\n", dumpStr.c_str());
527 }
528 return ERR_OK;
529 }
530
Initialize()531 bool AccessTokenManagerService::Initialize()
532 {
533 AccessTokenInfoManager::GetInstance().Init();
534 NativeTokenReceptor::GetInstance().Init();
535 #ifdef TOKEN_SYNC_ENABLE
536 CreateDeviceListener(); // for start tokensync when remote devivce online
537 #endif
538 #ifdef SUPPORT_SANDBOX_APP
539 DlpPermissionSetParser::GetInstance().Init();
540 #endif
541 HiviewDFX::HiSysEvent::Write(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK_EVENT",
542 HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "CODE", ACCESS_TOKEN_SERVICE_INIT_EVENT,
543 "PID_INFO", getpid());
544 return true;
545 }
546 } // namespace AccessToken
547 } // namespace Security
548 } // namespace OHOS
549