• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "permission_checker.h"
17 
18 #include "accesstoken_kit.h"
19 #include "avsession_log.h"
20 #include "ipc_skeleton.h"
21 #include "bundle_mgr_client.h"
22 
23 namespace OHOS::AVSession {
24 using namespace Security::AccessToken;
25 using AppExecFwk::BundleMgrClient;
GetInstance()26 PermissionChecker& PermissionChecker::GetInstance()
27 {
28     static PermissionChecker permissionChecker;
29     return permissionChecker;
30 }
31 
CheckSystemPermission(Security::AccessToken::AccessTokenID tokenId)32 bool PermissionChecker::CheckSystemPermission(Security::AccessToken::AccessTokenID tokenId)
33 {
34     if (AccessTokenKit::GetTokenTypeFlag(tokenId) == TOKEN_NATIVE) {
35         return true;
36     }
37 
38     if (AccessTokenKit::GetTokenTypeFlag(tokenId) == TOKEN_SHELL) {
39         return true;
40     }
41 
42     int32_t res = AccessTokenKit::VerifyAccessToken(tokenId, MANAGE_MEDIA_RESOURCES);
43     if (res == PERMISSION_GRANTED) {
44         return true;
45     }
46     SLOGI("permission reject tokenid=%{public}u", tokenId);
47     return false;
48 }
49 
CheckSystemPermission()50 bool PermissionChecker::CheckSystemPermission()
51 {
52     AccessTokenID callerToken = OHOS::IPCSkeleton::GetCallingTokenID();
53     return CheckSystemPermission(callerToken);
54 }
55 
CheckSystemPermissionByUid(int uid)56 bool PermissionChecker::CheckSystemPermissionByUid(int uid)
57 {
58     BundleMgrClient client;
59     std::string bundleName;
60     if (!client.GetBundleNameForUid(uid, bundleName)) {
61         return true;
62     }
63 
64     auto tokenId = AccessTokenKit::GetHapTokenID(uid / UID_TRANSFORM_DIVISOR, bundleName, 0);
65     if (tokenId == INVALID_TOKENID) {
66         SLOGE("get token id failed");
67         return false;
68     }
69 
70     return CheckSystemPermission(tokenId);
71 }
72 } // namespace OHOS::AVSession