1 /*
2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "app_account_manager_service.h"
17 #include "account_info.h"
18 #include "accesstoken_kit.h"
19 #include "account_log_wrapper.h"
20 #include "bundle_manager_adapter.h"
21 #include "hisysevent_adapter.h"
22 #include "inner_app_account_manager.h"
23 #include "ipc_skeleton.h"
24
25 namespace OHOS {
26 namespace AccountSA {
AppAccountManagerService()27 AppAccountManagerService::AppAccountManagerService()
28 {
29 innerManager_ = std::make_shared<InnerAppAccountManager>();
30 permissionManagerPtr_ = DelayedSingleton<AccountPermissionManager>::GetInstance();
31 #ifdef HAS_CES_PART
32 CommonEventCallback callback = {
33 std::bind(&AppAccountManagerService::OnPackageRemoved,
34 this, std::placeholders::_1, std::placeholders::_2, std::placeholders::_3),
35 std::bind(&AppAccountManagerService::OnUserRemoved, this, std::placeholders::_1),
36 };
37 observer_ = std::make_shared<AppAccountCommonEventObserver>(callback);
38 #endif // HAS_CES_PART
39 }
40
~AppAccountManagerService()41 AppAccountManagerService::~AppAccountManagerService()
42 {}
43
AddAccount(const std::string & name,const std::string & extraInfo)44 ErrCode AppAccountManagerService::AddAccount(const std::string &name, const std::string &extraInfo)
45 {
46 int32_t callingUid = -1;
47 std::string bundleName;
48 uint32_t appIndex;
49 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
50 if (ret != ERR_OK) {
51 return ret;
52 }
53 return innerManager_->AddAccount(name, extraInfo, callingUid, bundleName, appIndex);
54 }
55
AddAccountImplicitly(const std::string & owner,const std::string & authType,const AAFwk::Want & options,const sptr<IRemoteObject> & callback)56 ErrCode AppAccountManagerService::AddAccountImplicitly(const std::string &owner, const std::string &authType,
57 const AAFwk::Want &options, const sptr<IRemoteObject> &callback)
58 {
59 AuthenticatorSessionRequest request;
60 request.callerPid = IPCSkeleton::GetCallingPid();
61 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
62 if (result != ERR_OK) {
63 return result;
64 }
65 request.owner = owner;
66 request.authType = authType;
67 request.options = options;
68 request.callerAbilityName = options.GetStringParam(Constants::KEY_CALLER_ABILITY_NAME);
69 request.callback = iface_cast<IAppAccountAuthenticatorCallback>(callback);
70 request.options.RemoveParam(Constants::KEY_CALLER_ABILITY_NAME);
71 request.options.SetParam(Constants::KEY_CALLER_PID, request.callerPid);
72 request.options.SetParam(Constants::KEY_CALLER_UID, request.callerUid);
73 return innerManager_->AddAccountImplicitly(request);
74 }
75
CreateAccount(const std::string & name,const CreateAccountOptions & options)76 ErrCode AppAccountManagerService::CreateAccount(const std::string &name, const CreateAccountOptions &options)
77 {
78 int32_t callingUid = -1;
79 std::string bundleName;
80 uint32_t appIndex;
81 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
82 if (ret != ERR_OK) {
83 return ret;
84 }
85 return innerManager_->CreateAccount(name, options, callingUid, bundleName, appIndex);
86 }
87
CreateAccountImplicitly(const std::string & owner,const CreateAccountImplicitlyOptions & options,const sptr<IRemoteObject> & callback)88 ErrCode AppAccountManagerService::CreateAccountImplicitly(const std::string &owner,
89 const CreateAccountImplicitlyOptions &options, const sptr<IRemoteObject> &callback)
90 {
91 AuthenticatorSessionRequest request;
92 request.callerPid = IPCSkeleton::GetCallingPid();
93 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
94 if (result != ERR_OK) {
95 return result;
96 }
97 request.owner = owner;
98 request.callerAbilityName = options.parameters.GetStringParam(Constants::KEY_CALLER_ABILITY_NAME);
99 request.callback = iface_cast<IAppAccountAuthenticatorCallback>(callback);
100 request.createOptions = options;
101 request.createOptions.parameters.RemoveParam(Constants::KEY_CALLER_ABILITY_NAME);
102 request.createOptions.parameters.SetParam(Constants::KEY_CALLER_BUNDLE_NAME, request.callerBundleName);
103 return innerManager_->CreateAccountImplicitly(request);
104 }
105
DeleteAccount(const std::string & name)106 ErrCode AppAccountManagerService::DeleteAccount(const std::string &name)
107 {
108 int32_t callingUid = -1;
109 std::string bundleName;
110 uint32_t appIndex;
111 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
112 if (ret != ERR_OK) {
113 return ret;
114 }
115 return innerManager_->DeleteAccount(name, callingUid, bundleName, appIndex);
116 }
117
GetAccountExtraInfo(const std::string & name,std::string & extraInfo)118 ErrCode AppAccountManagerService::GetAccountExtraInfo(const std::string &name, std::string &extraInfo)
119 {
120 int32_t callingUid = -1;
121 std::string bundleName;
122 uint32_t appIndex;
123 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
124 if (ret != ERR_OK) {
125 return ret;
126 }
127 return innerManager_->GetAccountExtraInfo(name, extraInfo, callingUid, bundleName, appIndex);
128 }
129
SetAccountExtraInfo(const std::string & name,const std::string & extraInfo)130 ErrCode AppAccountManagerService::SetAccountExtraInfo(const std::string &name, const std::string &extraInfo)
131 {
132 int32_t callingUid = -1;
133 std::string bundleName;
134 uint32_t appIndex;
135 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
136 if (ret != ERR_OK) {
137 return ret;
138 }
139 return innerManager_->SetAccountExtraInfo(name, extraInfo, callingUid, bundleName, appIndex);
140 }
141
EnableAppAccess(const std::string & name,const std::string & authorizedApp)142 ErrCode AppAccountManagerService::EnableAppAccess(
143 const std::string &name, const std::string &authorizedApp)
144 {
145 AppAccountCallingInfo appAccountCallingInfo;
146 ErrCode result = GetCallingInfo(
147 appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName, appAccountCallingInfo.appIndex);
148 if (result != ERR_OK) {
149 return result;
150 }
151 AppExecFwk::BundleInfo bundleInfo;
152 int32_t userId = appAccountCallingInfo.callingUid / UID_TRANSFORM_DIVISOR;
153 bool bundleRet = BundleManagerAdapter::GetInstance()->GetBundleInfo(
154 authorizedApp, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
155 if (!bundleRet) {
156 ACCOUNT_LOGE("failed to get bundle info");
157 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
158 }
159 if (authorizedApp == appAccountCallingInfo.bundleName) {
160 ACCOUNT_LOGE("authorizedApp is the same to owner");
161 return ERR_APPACCOUNT_SERVICE_BUNDLE_NAME_IS_THE_SAME;
162 }
163
164 return innerManager_->EnableAppAccess(name, authorizedApp, appAccountCallingInfo);
165 }
166
DisableAppAccess(const std::string & name,const std::string & authorizedApp)167 ErrCode AppAccountManagerService::DisableAppAccess(
168 const std::string &name, const std::string &authorizedApp)
169 {
170 AppAccountCallingInfo appAccountCallingInfo;
171 ErrCode ret = GetCallingInfo(
172 appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName, appAccountCallingInfo.appIndex);
173 if (ret != ERR_OK) {
174 return ret;
175 }
176 AppExecFwk::BundleInfo bundleInfo;
177
178 int32_t userId = appAccountCallingInfo.callingUid / UID_TRANSFORM_DIVISOR;
179 bool bundleRet = BundleManagerAdapter::GetInstance()->GetBundleInfo(
180 authorizedApp, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
181 if (!bundleRet) {
182 ACCOUNT_LOGE("failed to get bundle info");
183 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
184 }
185
186 if (authorizedApp == appAccountCallingInfo.bundleName) {
187 ACCOUNT_LOGE("authorizedApp is the same to owner");
188 return ERR_APPACCOUNT_SERVICE_BUNDLE_NAME_IS_THE_SAME;
189 }
190
191 return innerManager_->DisableAppAccess(name, authorizedApp, appAccountCallingInfo);
192 }
193
SetAppAccess(const std::string & name,const std::string & authorizedApp,bool isAccessible)194 ErrCode AppAccountManagerService::SetAppAccess(
195 const std::string &name, const std::string &authorizedApp, bool isAccessible)
196 {
197 AppAccountCallingInfo appAccountCallingInfo;
198 ErrCode ret = GetCallingInfo(
199 appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName, appAccountCallingInfo.appIndex);
200 if (ret != ERR_OK) {
201 return ret;
202 }
203
204 if (authorizedApp == appAccountCallingInfo.bundleName) {
205 if (isAccessible) {
206 ACCOUNT_LOGI("authorizedApp name is the self, invalid operate.");
207 return ERR_OK;
208 } else {
209 ACCOUNT_LOGE("authorizedApp is the same to owner");
210 return ERR_APPACCOUNT_SERVICE_BUNDLE_NAME_IS_THE_SAME;
211 }
212 }
213
214 if (isAccessible) {
215 AppExecFwk::BundleInfo bundleInfo;
216 int32_t userId = appAccountCallingInfo.callingUid / UID_TRANSFORM_DIVISOR;
217 bool bundleRet = BundleManagerAdapter::GetInstance()->GetBundleInfo(
218 authorizedApp, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
219 if (!bundleRet) {
220 ACCOUNT_LOGE("failed to get bundle info");
221 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
222 }
223 return innerManager_->EnableAppAccess(name, authorizedApp, appAccountCallingInfo, Constants::API_VERSION9);
224 }
225
226 return innerManager_->DisableAppAccess(name, authorizedApp, appAccountCallingInfo, Constants::API_VERSION9);
227 }
228
CheckAppAccountSyncEnable(const std::string & name,bool & syncEnable)229 ErrCode AppAccountManagerService::CheckAppAccountSyncEnable(const std::string &name, bool &syncEnable)
230 {
231 int32_t callingUid = -1;
232 std::string bundleName;
233 uint32_t appIndex;
234 ErrCode ret = GetBundleNameAndCheckPerm(callingUid, bundleName, AccountPermissionManager::DISTRIBUTED_DATASYNC);
235 if (ret != ERR_OK) {
236 return ret;
237 }
238 ret = GetCallingTokenInfoAndAppIndex(appIndex);
239 if (ret != ERR_OK) {
240 ACCOUNT_LOGE("failed to get app index");
241 return ret;
242 }
243
244 return innerManager_->CheckAppAccountSyncEnable(name, syncEnable, callingUid, bundleName, appIndex);
245 }
246
SetAppAccountSyncEnable(const std::string & name,const bool & syncEnable)247 ErrCode AppAccountManagerService::SetAppAccountSyncEnable(const std::string &name, const bool &syncEnable)
248 {
249 int32_t callingUid = -1;
250 std::string bundleName;
251 uint32_t appIndex;
252 ErrCode ret = GetBundleNameAndCheckPerm(callingUid, bundleName, AccountPermissionManager::DISTRIBUTED_DATASYNC);
253 if (ret != ERR_OK) {
254 return ret;
255 }
256 ret = GetCallingTokenInfoAndAppIndex(appIndex);
257 if (ret != ERR_OK) {
258 ACCOUNT_LOGE("failed to get app index");
259 return ret;
260 }
261
262 return innerManager_->SetAppAccountSyncEnable(name, syncEnable, callingUid, bundleName, appIndex);
263 }
264
GetAssociatedData(const std::string & name,const std::string & key,std::string & value)265 ErrCode AppAccountManagerService::GetAssociatedData(
266 const std::string &name, const std::string &key, std::string &value)
267 {
268 int32_t callingUid = IPCSkeleton::GetCallingUid();
269 return innerManager_->GetAssociatedData(name, key, value, callingUid);
270 }
271
SetAssociatedData(const std::string & name,const std::string & key,const std::string & value)272 ErrCode AppAccountManagerService::SetAssociatedData(
273 const std::string &name, const std::string &key, const std::string &value)
274 {
275 AppAccountCallingInfo appAccountCallingInfo;
276 ErrCode ret = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
277 appAccountCallingInfo.appIndex);
278 if (ret != ERR_OK) {
279 return ret;
280 }
281 return innerManager_->SetAssociatedData(name, key, value, appAccountCallingInfo);
282 }
283
GetAccountCredential(const std::string & name,const std::string & credentialType,std::string & credential)284 ErrCode AppAccountManagerService::GetAccountCredential(
285 const std::string &name, const std::string &credentialType, std::string &credential)
286 {
287 AppAccountCallingInfo appAccountCallingInfo;
288 ErrCode ret = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
289 appAccountCallingInfo.appIndex);
290 if (ret != ERR_OK) {
291 return ret;
292 }
293 return innerManager_->GetAccountCredential(name, credentialType, credential, appAccountCallingInfo);
294 }
295
SetAccountCredential(const std::string & name,const std::string & credentialType,const std::string & credential)296 ErrCode AppAccountManagerService::SetAccountCredential(
297 const std::string &name, const std::string &credentialType, const std::string &credential)
298 {
299 AppAccountCallingInfo appAccountCallingInfo;
300 ErrCode ret = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
301 appAccountCallingInfo.appIndex);
302 if (ret != ERR_OK) {
303 return ret;
304 }
305 return innerManager_->SetAccountCredential(name, credentialType, credential, appAccountCallingInfo);
306 }
307
Authenticate(const std::string & name,const std::string & owner,const std::string & authType,const AAFwk::Want & options,const sptr<IRemoteObject> & callback)308 ErrCode AppAccountManagerService::Authenticate(const std::string &name, const std::string &owner,
309 const std::string &authType, const AAFwk::Want &options, const sptr<IRemoteObject> &callback)
310 {
311 AuthenticatorSessionRequest request;
312 request.callerPid = IPCSkeleton::GetCallingPid();
313 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
314 if (result != ERR_OK) {
315 return result;
316 }
317 request.name = name;
318 request.owner = owner;
319 request.authType = authType;
320 request.options = options;
321 request.callerAbilityName = options.GetStringParam(Constants::KEY_CALLER_ABILITY_NAME);
322 request.callback = iface_cast<IAppAccountAuthenticatorCallback>(callback);
323 request.options.RemoveParam(Constants::KEY_CALLER_ABILITY_NAME);
324 request.options.SetParam(Constants::KEY_CALLER_BUNDLE_NAME, request.callerBundleName);
325 request.options.SetParam(Constants::KEY_CALLER_UID, request.callerUid);
326 return innerManager_->Authenticate(request);
327 }
328
GetOAuthToken(const std::string & name,const std::string & owner,const std::string & authType,std::string & token)329 ErrCode AppAccountManagerService::GetOAuthToken(
330 const std::string &name, const std::string &owner, const std::string &authType, std::string &token)
331 {
332 AuthenticatorSessionRequest request;
333 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
334 if (result != ERR_OK) {
335 return result;
336 }
337 request.name = name;
338 request.owner = owner;
339 request.authType = authType;
340 return innerManager_->GetOAuthToken(request, token);
341 }
342
GetAuthToken(const std::string & name,const std::string & owner,const std::string & authType,std::string & token)343 ErrCode AppAccountManagerService::GetAuthToken(
344 const std::string &name, const std::string &owner, const std::string &authType, std::string &token)
345 {
346 AuthenticatorSessionRequest request;
347 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
348 if (result != ERR_OK) {
349 return result;
350 }
351 request.name = name;
352 request.owner = owner;
353 request.authType = authType;
354 return innerManager_->GetOAuthToken(request, token, Constants::API_VERSION9);
355 }
356
SetOAuthToken(const std::string & name,const std::string & authType,const std::string & token)357 ErrCode AppAccountManagerService::SetOAuthToken(
358 const std::string &name, const std::string &authType, const std::string &token)
359 {
360 AuthenticatorSessionRequest request;
361 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
362 if (result != ERR_OK) {
363 return result;
364 }
365 request.name = name;
366 request.owner = request.callerBundleName;
367 request.authType = authType;
368 request.token = token;
369 return innerManager_->SetOAuthToken(request);
370 }
371
DeleteOAuthToken(const std::string & name,const std::string & owner,const std::string & authType,const std::string & token)372 ErrCode AppAccountManagerService::DeleteOAuthToken(
373 const std::string &name, const std::string &owner, const std::string &authType, const std::string &token)
374 {
375 AuthenticatorSessionRequest request;
376 ErrCode ret = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
377 if (ret != ERR_OK) {
378 return ret;
379 }
380 request.name = name;
381 request.owner = owner;
382 request.authType = authType;
383 request.token = token;
384 return innerManager_->DeleteOAuthToken(request);
385 }
386
DeleteAuthToken(const std::string & name,const std::string & owner,const std::string & authType,const std::string & token)387 ErrCode AppAccountManagerService::DeleteAuthToken(
388 const std::string &name, const std::string &owner, const std::string &authType, const std::string &token)
389 {
390 AuthenticatorSessionRequest request;
391 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
392 if (result != ERR_OK) {
393 return result;
394 }
395 request.name = name;
396 request.owner = owner;
397 request.authType = authType;
398 request.token = token;
399 return innerManager_->DeleteOAuthToken(request, Constants::API_VERSION9);
400 }
401
GetTokenVisibilityParam(const std::string & name,const std::string & authType,const std::string & bundleName,AuthenticatorSessionRequest & request)402 ErrCode AppAccountManagerService::GetTokenVisibilityParam(const std::string &name,
403 const std::string &authType, const std::string &bundleName, AuthenticatorSessionRequest &request)
404 {
405 ErrCode ret = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
406 if (ret != ERR_OK) {
407 return ret;
408 }
409 request.name = name;
410 request.owner = request.callerBundleName;
411 request.authType = authType;
412 request.bundleName = bundleName;
413 return ret;
414 }
415
SetOAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool isVisible)416 ErrCode AppAccountManagerService::SetOAuthTokenVisibility(
417 const std::string &name, const std::string &authType, const std::string &bundleName, bool isVisible)
418 {
419 AuthenticatorSessionRequest request;
420 ErrCode ret = GetTokenVisibilityParam(name, authType, bundleName, request);
421 if (ret != ERR_OK) {
422 return ret;
423 }
424 request.isTokenVisible = isVisible;
425 return innerManager_->SetOAuthTokenVisibility(request);
426 }
427
SetAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool isVisible)428 ErrCode AppAccountManagerService::SetAuthTokenVisibility(
429 const std::string &name, const std::string &authType, const std::string &bundleName, bool isVisible)
430 {
431 AuthenticatorSessionRequest request;
432 ErrCode result = GetTokenVisibilityParam(name, authType, bundleName, request);
433 if (result != ERR_OK) {
434 return result;
435 }
436 if (request.bundleName == request.owner) {
437 if (isVisible) {
438 ACCOUNT_LOGI("authorizedApp name is the self, invalid operate.");
439 return ERR_OK;
440 } else {
441 ACCOUNT_LOGE("authorizedApp is the same to owner.");
442 return ERR_APPACCOUNT_SERVICE_BUNDLE_NAME_IS_THE_SAME;
443 }
444 }
445 if (isVisible) {
446 AppExecFwk::BundleInfo bundleInfo;
447 int32_t userId = request.callerUid / UID_TRANSFORM_DIVISOR;
448 bool ret = BundleManagerAdapter::GetInstance()->GetBundleInfo(
449 bundleName, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
450 if (!ret) {
451 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
452 }
453 }
454 request.isTokenVisible = isVisible;
455 return innerManager_->SetOAuthTokenVisibility(request, Constants::API_VERSION9);
456 }
457
CheckOAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool & isVisible)458 ErrCode AppAccountManagerService::CheckOAuthTokenVisibility(
459 const std::string &name, const std::string &authType, const std::string &bundleName, bool &isVisible)
460 {
461 AuthenticatorSessionRequest request;
462 ErrCode ret = GetTokenVisibilityParam(name, authType, bundleName, request);
463 if (ret != ERR_OK) {
464 return ret;
465 }
466 return innerManager_->CheckOAuthTokenVisibility(request, isVisible);
467 }
468
CheckAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool & isVisible)469 ErrCode AppAccountManagerService::CheckAuthTokenVisibility(
470 const std::string &name, const std::string &authType, const std::string &bundleName, bool &isVisible)
471 {
472 AuthenticatorSessionRequest request;
473 ErrCode ret = GetTokenVisibilityParam(name, authType, bundleName, request);
474 if (ret != ERR_OK) {
475 return ret;
476 }
477 return innerManager_->CheckOAuthTokenVisibility(request, isVisible, Constants::API_VERSION9);
478 }
479
GetAuthenticatorInfo(const std::string & owner,AuthenticatorInfo & info)480 ErrCode AppAccountManagerService::GetAuthenticatorInfo(const std::string &owner, AuthenticatorInfo &info)
481 {
482 AuthenticatorSessionRequest request;
483 request.callerUid = IPCSkeleton::GetCallingUid();
484 ErrCode result = GetCallingTokenInfoAndAppIndex(request.appIndex);
485 if (result != ERR_OK) {
486 ACCOUNT_LOGE("failed to get app index");
487 return result;
488 }
489 request.owner = owner;
490 return innerManager_->GetAuthenticatorInfo(request, info);
491 }
492
GetAllOAuthTokens(const std::string & name,const std::string & owner,std::vector<OAuthTokenInfo> & tokenInfos)493 ErrCode AppAccountManagerService::GetAllOAuthTokens(
494 const std::string &name, const std::string &owner, std::vector<OAuthTokenInfo> &tokenInfos)
495 {
496 AuthenticatorSessionRequest request;
497 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
498 if (result != ERR_OK) {
499 return result;
500 }
501 request.name = name;
502 request.owner = owner;
503 return innerManager_->GetAllOAuthTokens(request, tokenInfos);
504 }
505
GetOAuthList(const std::string & name,const std::string & authType,std::set<std::string> & oauthList)506 ErrCode AppAccountManagerService::GetOAuthList(
507 const std::string &name, const std::string &authType, std::set<std::string> &oauthList)
508 {
509 AuthenticatorSessionRequest request;
510 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
511 if (result != ERR_OK) {
512 return result;
513 }
514 request.name = name;
515 request.authType = authType;
516 return innerManager_->GetOAuthList(request, oauthList);
517 }
518
GetAuthList(const std::string & name,const std::string & authType,std::set<std::string> & oauthList)519 ErrCode AppAccountManagerService::GetAuthList(
520 const std::string &name, const std::string &authType, std::set<std::string> &oauthList)
521 {
522 AuthenticatorSessionRequest request;
523 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
524 if (result != ERR_OK) {
525 return result;
526 }
527 request.name = name;
528 request.authType = authType;
529 return innerManager_->GetOAuthList(request, oauthList, Constants::API_VERSION9);
530 }
531
GetAuthenticatorCallback(const std::string & sessionId,sptr<IRemoteObject> & callback)532 ErrCode AppAccountManagerService::GetAuthenticatorCallback(
533 const std::string &sessionId, sptr<IRemoteObject> &callback)
534 {
535 AuthenticatorSessionRequest request;
536 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
537 if (result != ERR_OK) {
538 return result;
539 }
540 request.sessionId = sessionId;
541 result = innerManager_->GetAuthenticatorCallback(request, callback);
542 return result;
543 }
544
GetAllAccounts(const std::string & owner,std::vector<AppAccountInfo> & appAccounts)545 ErrCode AppAccountManagerService::GetAllAccounts(const std::string &owner, std::vector<AppAccountInfo> &appAccounts)
546 {
547 int32_t callingUid = -1;
548 std::string bundleName;
549 uint32_t appIndex;
550 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
551 if (ret != ERR_OK) {
552 return ret;
553 }
554 if ((owner != bundleName) &&
555 (permissionManagerPtr_->VerifyPermission(AccountPermissionManager::GET_ALL_APP_ACCOUNTS) != ERR_OK)) {
556 ACCOUNT_LOGE("failed to verify permission for %{public}s",
557 AccountPermissionManager::GET_ALL_APP_ACCOUNTS.c_str());
558 ReportPermissionFail(callingUid, IPCSkeleton::GetCallingPid(),
559 AccountPermissionManager::GET_ALL_APP_ACCOUNTS);
560 return ERR_APPACCOUNT_SERVICE_PERMISSION_DENIED;
561 }
562
563 AppExecFwk::BundleInfo bundleInfo;
564 int32_t userId = callingUid / UID_TRANSFORM_DIVISOR;
565 bool result = BundleManagerAdapter::GetInstance()->GetBundleInfo(
566 owner, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
567 if (!result) {
568 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
569 }
570
571 return innerManager_->GetAllAccounts(owner, appAccounts, callingUid, bundleName, appIndex);
572 }
573
GetAllAccessibleAccounts(std::vector<AppAccountInfo> & appAccounts)574 ErrCode AppAccountManagerService::GetAllAccessibleAccounts(std::vector<AppAccountInfo> &appAccounts)
575 {
576 int32_t callingUid = -1;
577 std::string bundleName;
578 uint32_t appIndex;
579 ErrCode ret = GetBundleNameAndCheckPerm(callingUid, bundleName, AccountPermissionManager::GET_ALL_APP_ACCOUNTS);
580 if (ret != ERR_OK) {
581 return ret;
582 }
583 ret = GetCallingTokenInfoAndAppIndex(appIndex);
584 if (ret != ERR_OK) {
585 ACCOUNT_LOGE("failed to get app index");
586 return ret;
587 }
588 return innerManager_->GetAllAccessibleAccounts(appAccounts, callingUid, bundleName, appIndex);
589 }
590
QueryAllAccessibleAccounts(const std::string & owner,std::vector<AppAccountInfo> & appAccounts)591 ErrCode AppAccountManagerService::QueryAllAccessibleAccounts(
592 const std::string &owner, std::vector<AppAccountInfo> &appAccounts)
593 {
594 int32_t callingUid = -1;
595 std::string bundleName;
596 uint32_t appIndex;
597 ErrCode result = GetCallingInfo(callingUid, bundleName, appIndex);
598 if (result != ERR_OK) {
599 return result;
600 }
601 if (owner.empty()) {
602 return innerManager_->GetAllAccessibleAccounts(appAccounts, callingUid, bundleName, appIndex);
603 }
604 AppExecFwk::BundleInfo bundleInfo;
605 int32_t userId = callingUid / UID_TRANSFORM_DIVISOR;
606 bool ret = BundleManagerAdapter::GetInstance()->GetBundleInfo(
607 owner, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
608 if (!ret) {
609 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
610 }
611 return innerManager_->GetAllAccounts(owner, appAccounts, callingUid, bundleName, appIndex);
612 }
613
CheckAppAccess(const std::string & name,const std::string & authorizedApp,bool & isAccessible)614 ErrCode AppAccountManagerService::CheckAppAccess(
615 const std::string &name, const std::string &authorizedApp, bool &isAccessible)
616 {
617 AppAccountCallingInfo appAccountCallingInfo;
618 ErrCode result = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
619 appAccountCallingInfo.appIndex);
620 if (result != ERR_OK) {
621 return result;
622 }
623 if (authorizedApp == appAccountCallingInfo.bundleName) {
624 isAccessible = true;
625 return ERR_OK;
626 }
627 return innerManager_->CheckAppAccess(name, authorizedApp, isAccessible, appAccountCallingInfo);
628 }
629
DeleteAccountCredential(const std::string & name,const std::string & credentialType)630 ErrCode AppAccountManagerService::DeleteAccountCredential(
631 const std::string &name, const std::string &credentialType)
632 {
633 int32_t callingUid = -1;
634 std::string bundleName;
635 uint32_t appIndex;
636 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
637 if (ret != ERR_OK) {
638 return ret;
639 }
640 return innerManager_->DeleteAccountCredential(name, credentialType, callingUid, bundleName, appIndex);
641 }
642
SelectAccountsByOptions(const SelectAccountsOptions & options,const sptr<IRemoteObject> & callback)643 ErrCode AppAccountManagerService::SelectAccountsByOptions(
644 const SelectAccountsOptions &options, const sptr<IRemoteObject> &callback)
645 {
646 int32_t callingUid = -1;
647 std::string bundleName;
648 uint32_t appIndex;
649 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
650 if (ret != ERR_OK) {
651 return ret;
652 }
653 auto authenticatorCallback = iface_cast<IAppAccountAuthenticatorCallback>(callback);
654 return innerManager_->SelectAccountsByOptions(options, authenticatorCallback, callingUid, bundleName, appIndex);
655 }
656
VerifyCredential(const std::string & name,const std::string & owner,const VerifyCredentialOptions & options,const sptr<IRemoteObject> & callback)657 ErrCode AppAccountManagerService::VerifyCredential(const std::string &name, const std::string &owner,
658 const VerifyCredentialOptions &options, const sptr<IRemoteObject> &callback)
659 {
660 AuthenticatorSessionRequest request;
661 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
662 if (result != ERR_OK) {
663 return result;
664 }
665 request.name = name;
666 request.owner = owner;
667 request.verifyCredOptions = options;
668 request.callback = iface_cast<IAppAccountAuthenticatorCallback>(callback);
669 return innerManager_->VerifyCredential(request);
670 }
671
CheckAccountLabels(const std::string & name,const std::string & owner,const std::vector<std::string> & labels,const sptr<IRemoteObject> & callback)672 ErrCode AppAccountManagerService::CheckAccountLabels(const std::string &name, const std::string &owner,
673 const std::vector<std::string> &labels, const sptr<IRemoteObject> &callback)
674 {
675 AuthenticatorSessionRequest request;
676 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
677 if (result != ERR_OK) {
678 return result;
679 }
680 request.labels = labels;
681 request.callback = iface_cast<IAppAccountAuthenticatorCallback>(callback);
682 request.name = name;
683 request.owner = owner;
684 return innerManager_->CheckAccountLabels(request);
685 }
686
SetAuthenticatorProperties(const std::string & owner,const SetPropertiesOptions & options,const sptr<IRemoteObject> & callback)687 ErrCode AppAccountManagerService::SetAuthenticatorProperties(
688 const std::string &owner, const SetPropertiesOptions &options, const sptr<IRemoteObject> &callback)
689 {
690 AuthenticatorSessionRequest request;
691 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
692 if (result != ERR_OK) {
693 return result;
694 }
695 request.owner = owner;
696 request.setPropOptions = options;
697 request.callback = iface_cast<IAppAccountAuthenticatorCallback>(callback);
698 return innerManager_->SetAuthenticatorProperties(request);
699 }
700
SubscribeAppAccount(const AppAccountSubscribeInfo & subscribeInfo,const sptr<IRemoteObject> & eventListener)701 ErrCode AppAccountManagerService::SubscribeAppAccount(
702 const AppAccountSubscribeInfo &subscribeInfo, const sptr<IRemoteObject> &eventListener)
703 {
704 int32_t callingUid = -1;
705 std::string bundleName;
706 uint32_t appIndex;
707 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
708 if (ret != ERR_OK) {
709 return ret;
710 }
711
712 std::vector<std::string> owners;
713 if (subscribeInfo.GetOwners(owners) != ERR_OK) {
714 ACCOUNT_LOGE("failed to get owners");
715 return ERR_APPACCOUNT_SERVICE_GET_OWNERS;
716 }
717
718 if (owners.size() == 0) {
719 ACCOUNT_LOGE("owners size is 0");
720 return ERR_APPACCOUNT_SERVICE_OWNERS_SIZE_IS_ZERO;
721 }
722
723 int32_t userId = callingUid / UID_TRANSFORM_DIVISOR;
724 for (auto owner : owners) {
725 AppExecFwk::BundleInfo bundleInfo;
726 bool bundleRet = BundleManagerAdapter::GetInstance()->GetBundleInfo(owner,
727 AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
728 if (!bundleRet) {
729 ACCOUNT_LOGE("failed to get bundle info");
730 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
731 }
732 }
733
734 return innerManager_->SubscribeAppAccount(subscribeInfo, eventListener, callingUid, bundleName, appIndex);
735 }
736
UnsubscribeAppAccount(const sptr<IRemoteObject> & eventListener)737 ErrCode AppAccountManagerService::UnsubscribeAppAccount(const sptr<IRemoteObject> &eventListener)
738 {
739 return innerManager_->UnsubscribeAppAccount(eventListener);
740 }
741
OnPackageRemoved(const uid_t & uid,const std::string & bundleName,const uint32_t & appIndex)742 ErrCode AppAccountManagerService::OnPackageRemoved(
743 const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex)
744 {
745 return innerManager_->OnPackageRemoved(uid, bundleName, appIndex);
746 }
747
OnUserRemoved(int32_t userId)748 ErrCode AppAccountManagerService::OnUserRemoved(int32_t userId)
749 {
750 return innerManager_->OnUserRemoved(userId);
751 }
752
GetBundleNameAndCheckPerm(int32_t & callingUid,std::string & bundleName,const std::string & permName)753 ErrCode AppAccountManagerService::GetBundleNameAndCheckPerm(int32_t &callingUid,
754 std::string &bundleName, const std::string &permName)
755 {
756 ErrCode result = GetBundleNameAndCallingUid(callingUid, bundleName);
757 if (result != ERR_OK) {
758 return result;
759 }
760
761 result = permissionManagerPtr_->VerifyPermission(permName);
762 if (result != ERR_OK) {
763 ACCOUNT_LOGE("failed to verify permission for %{public}s, result = %{public}d",
764 permName.c_str(), result);
765 ReportPermissionFail(callingUid, IPCSkeleton::GetCallingPid(), permName);
766 return result;
767 }
768 return ERR_OK;
769 }
770
GetBundleNameAndCallingUid(int32_t & callingUid,std::string & bundleName)771 ErrCode AppAccountManagerService::GetBundleNameAndCallingUid(int32_t &callingUid, std::string &bundleName)
772 {
773 callingUid = IPCSkeleton::GetCallingUid();
774 bool bundleRet = BundleManagerAdapter::GetInstance()->GetBundleNameForUid(callingUid, bundleName);
775 if (!bundleRet) {
776 ACCOUNT_LOGE("failed to get bundle name");
777 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_NAME;
778 }
779 return ERR_OK;
780 }
781
GetCallingTokenInfoAndAppIndex(uint32_t & appIndex)782 ErrCode AppAccountManagerService::GetCallingTokenInfoAndAppIndex(uint32_t &appIndex)
783 {
784 uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID();
785 Security::AccessToken::HapTokenInfo hapTokenInfo;
786 int result = Security::AccessToken::AccessTokenKit::GetHapTokenInfo(callingTokenId, hapTokenInfo);
787 if (result) {
788 ACCOUNT_LOGE("failed to get hap token info, result = %{public}d", result);
789 return ERR_APPACCOUNT_SERVICE_GET_APP_INDEX;
790 }
791 if (hapTokenInfo.instIndex < 0) {
792 ACCOUNT_LOGE("get invalid app index from hap token info, index = %{public}d", hapTokenInfo.instIndex);
793 return ERR_APPACCOUNT_SERVICE_GET_APP_INDEX;
794 }
795 appIndex = hapTokenInfo.instIndex;
796 return ERR_OK;
797 }
798
GetCallingInfo(int32_t & callingUid,std::string & bundleName,uint32_t & appIndex)799 ErrCode AppAccountManagerService::GetCallingInfo(int32_t &callingUid, std::string &bundleName, uint32_t &appIndex)
800 {
801 ErrCode result = GetBundleNameAndCallingUid(callingUid, bundleName);
802 if (result != ERR_OK) {
803 ACCOUNT_LOGD("failed to get bundle name");
804 return result;
805 }
806 result = GetCallingTokenInfoAndAppIndex(appIndex);
807 if (result != ERR_OK) {
808 ACCOUNT_LOGE("failed to get app index");
809 return result;
810 }
811 return result;
812 }
813 } // namespace AccountSA
814 } // namespace OHOS
815