1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "account_iam_mgr_stub.h"
17
18 #include "access_token.h"
19 #include "account_log_wrapper.h"
20 #include "account_permission_manager.h"
21 #include "iaccount_iam_callback.h"
22 #include "ipc_skeleton.h"
23 #include "token_setproc.h"
24
25 namespace OHOS {
26 namespace AccountSA {
AccountIAMMgrStub()27 AccountIAMMgrStub::AccountIAMMgrStub()
28 {}
29
~AccountIAMMgrStub()30 AccountIAMMgrStub::~AccountIAMMgrStub()
31 {}
32
33 const std::map<uint32_t, AccountIAMMgrStub::MessageProcFunction> AccountIAMMgrStub::messageProcMap_ = {
34 {
35 static_cast<uint32_t>(IAccountIAM::Message::OPEN_SESSION),
36 &AccountIAMMgrStub::ProcOpenSession
37 },
38 {
39 static_cast<uint32_t>(IAccountIAM::Message::CLOSE_SESSION),
40 &AccountIAMMgrStub::ProcCloseSession
41 },
42 {
43 static_cast<uint32_t>(IAccountIAM::Message::ADD_CREDENTIAL),
44 &AccountIAMMgrStub::ProcAddCredential
45 },
46 {
47 static_cast<uint32_t>(IAccountIAM::Message::UPDATE_CREDENTIAL),
48 &AccountIAMMgrStub::ProcUpdateCredential
49 },
50 {
51 static_cast<uint32_t>(IAccountIAM::Message::DEL_CRED),
52 &AccountIAMMgrStub::ProcDelCred
53 },
54 {
55 static_cast<uint32_t>(IAccountIAM::Message::DEL_USER),
56 &AccountIAMMgrStub::ProcDelUser
57 },
58 {
59 static_cast<uint32_t>(IAccountIAM::Message::CANCEL),
60 &AccountIAMMgrStub::ProcCancel
61 },
62 {
63 static_cast<uint32_t>(IAccountIAM::Message::GET_CREDENTIAL_INFO),
64 &AccountIAMMgrStub::ProcGetCredentialInfo
65 },
66 {
67 static_cast<uint32_t>(IAccountIAM::Message::AUTH_USER),
68 &AccountIAMMgrStub::ProcAuthUser
69 },
70 {
71 static_cast<uint32_t>(IAccountIAM::Message::CANCEL_AUTH),
72 &AccountIAMMgrStub::ProcCancelAuth
73 },
74 {
75 static_cast<uint32_t>(IAccountIAM::Message::GET_AVAILABLE_STATUS),
76 &AccountIAMMgrStub::ProcGetAvailableStatus
77 },
78 {
79 static_cast<uint32_t>(IAccountIAM::Message::GET_PROPERTY),
80 &AccountIAMMgrStub::ProcGetProperty
81 },
82 {
83 static_cast<uint32_t>(IAccountIAM::Message::SET_PROPERTY),
84 &AccountIAMMgrStub::ProcSetProperty
85 },
86 {
87 static_cast<uint32_t>(IAccountIAM::Message::GET_ACCOUNT_STATE),
88 &AccountIAMMgrStub::ProcGetAccountState
89 }
90 };
91
OnRemoteRequest(std::uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)92 std::int32_t AccountIAMMgrStub::OnRemoteRequest(
93 std::uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option)
94 {
95 ACCOUNT_LOGD("Received stub message: %{public}d, callingPid: %{public}d", code, IPCSkeleton::GetCallingPid());
96 Security::AccessToken::AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
97 int result = SetFirstCallerTokenID(tokenCaller);
98 ACCOUNT_LOGD("SetFirstCallerTokenID result: %{public}d", result);
99 if (data.ReadInterfaceToken() != GetDescriptor()) {
100 ACCOUNT_LOGE("check descriptor failed! code %{public}u.", code);
101 return ERR_ACCOUNT_COMMON_CHECK_DESCRIPTOR_ERROR;
102 }
103 const auto &itFunc = messageProcMap_.find(code);
104 if (itFunc != messageProcMap_.end()) {
105 return (this->*(itFunc->second))(data, reply);
106 }
107 ACCOUNT_LOGW("remote request unhandled: %{public}d", code);
108 return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
109 }
110
ProcOpenSession(MessageParcel & data,MessageParcel & reply)111 ErrCode AccountIAMMgrStub::ProcOpenSession(MessageParcel &data, MessageParcel &reply)
112 {
113 if (!CheckPermission(AccountPermissionManager::MANAGE_USER_IDM)) {
114 return ERR_ACCOUNT_IAM_SERVICE_PERMISSION_DENIED;
115 }
116 int32_t userId;
117 if (!data.ReadInt32(userId)) {
118 ACCOUNT_LOGE("failed to read userId");
119 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
120 }
121 std::vector<uint8_t> challenge;
122 int32_t result = OpenSession(userId, challenge);
123 if (!reply.WriteInt32(result)) {
124 ACCOUNT_LOGE("failed to write result");
125 return ERR_ACCOUNT_IAM_SERVICE_WRITE_PARCEL_FAIL;
126 }
127 if (result == ERR_OK) {
128 if (!reply.WriteUInt8Vector(challenge)) {
129 ACCOUNT_LOGE("failed to write challenge");
130 return ERR_ACCOUNT_IAM_SERVICE_WRITE_PARCEL_FAIL;
131 }
132 }
133 return ERR_NONE;
134 }
135
ProcCloseSession(MessageParcel & data,MessageParcel & reply)136 ErrCode AccountIAMMgrStub::ProcCloseSession(MessageParcel &data, MessageParcel &reply)
137 {
138 if (!CheckPermission(AccountPermissionManager::MANAGE_USER_IDM)) {
139 return ERR_ACCOUNT_IAM_SERVICE_PERMISSION_DENIED;
140 }
141 int32_t userId;
142 if (!data.ReadInt32(userId)) {
143 ACCOUNT_LOGE("failed to read userId");
144 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
145 }
146 int32_t result = CloseSession(userId);
147 if (!reply.WriteInt32(result)) {
148 ACCOUNT_LOGE("failed to write result");
149 return ERR_ACCOUNT_IAM_SERVICE_WRITE_PARCEL_FAIL;
150 }
151 return ERR_NONE;
152 }
153
ReadUserIdAndAuthType(MessageParcel & data,int32_t & userId,int32_t & authType)154 ErrCode AccountIAMMgrStub::ReadUserIdAndAuthType(MessageParcel &data, int32_t &userId, int32_t &authType)
155 {
156 if (!data.ReadInt32(userId)) {
157 ACCOUNT_LOGE("failed to read userId");
158 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
159 }
160 if (!data.ReadInt32(authType)) {
161 ACCOUNT_LOGE("failed to read authType");
162 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
163 }
164 return ERR_OK;
165 }
166
AddOrUpdateCredential(MessageParcel & data,MessageParcel & reply,bool isAdd)167 ErrCode AccountIAMMgrStub::AddOrUpdateCredential(MessageParcel &data, MessageParcel &reply, bool isAdd)
168 {
169 if (!CheckPermission(AccountPermissionManager::MANAGE_USER_IDM)) {
170 return ERR_ACCOUNT_IAM_SERVICE_PERMISSION_DENIED;
171 }
172 int32_t userId;
173 int32_t authType;
174 ErrCode ret = ReadUserIdAndAuthType(data, userId, authType);
175 if (ret != ERR_OK) {
176 return ret;
177 }
178 int32_t authSubType;
179 if (!data.ReadInt32(authSubType)) {
180 ACCOUNT_LOGE("failed to read authSubType");
181 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
182 }
183 CredentialParameters credParams;
184 if (!data.ReadUInt8Vector(&credParams.token)) {
185 ACCOUNT_LOGE("failed to read token");
186 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
187 }
188 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
189 if (callback == nullptr) {
190 ACCOUNT_LOGE("callback is nullptr");
191 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
192 }
193 credParams.authType = static_cast<AuthType>(authType);
194 credParams.pinType = static_cast<PinSubType>(authSubType);
195 if (isAdd) {
196 AddCredential(userId, credParams, callback);
197 } else {
198 UpdateCredential(userId, credParams, callback);
199 }
200 return ERR_NONE;
201 }
202
ProcAddCredential(MessageParcel & data,MessageParcel & reply)203 ErrCode AccountIAMMgrStub::ProcAddCredential(MessageParcel &data, MessageParcel &reply)
204 {
205 return AddOrUpdateCredential(data, reply);
206 }
207
ProcUpdateCredential(MessageParcel & data,MessageParcel & reply)208 ErrCode AccountIAMMgrStub::ProcUpdateCredential(MessageParcel &data, MessageParcel &reply)
209 {
210 return AddOrUpdateCredential(data, reply, false);
211 }
212
ProcDelCred(MessageParcel & data,MessageParcel & reply)213 ErrCode AccountIAMMgrStub::ProcDelCred(MessageParcel &data, MessageParcel &reply)
214 {
215 if (!CheckPermission(AccountPermissionManager::MANAGE_USER_IDM)) {
216 return ERR_ACCOUNT_IAM_SERVICE_PERMISSION_DENIED;
217 }
218 int32_t userId;
219 if (!data.ReadInt32(userId)) {
220 ACCOUNT_LOGE("failed to read userId");
221 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
222 }
223 uint64_t credentialId;
224 if (!data.ReadUint64(credentialId)) {
225 ACCOUNT_LOGE("failed to read credentialId");
226 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
227 }
228 std::vector<uint8_t> authToken;
229 if (!data.ReadUInt8Vector(&authToken)) {
230 ACCOUNT_LOGE("failed to read authToken for delCred");
231 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
232 }
233 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
234 if (callback == nullptr) {
235 ACCOUNT_LOGE("callback is nullptr");
236 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
237 }
238 DelCred(userId, credentialId, authToken, callback);
239 return ERR_NONE;
240 }
241
ProcDelUser(MessageParcel & data,MessageParcel & reply)242 ErrCode AccountIAMMgrStub::ProcDelUser(MessageParcel &data, MessageParcel &reply)
243 {
244 if (!CheckPermission(AccountPermissionManager::MANAGE_USER_IDM)) {
245 return ERR_ACCOUNT_IAM_SERVICE_PERMISSION_DENIED;
246 }
247 int32_t userId;
248 if (!data.ReadInt32(userId)) {
249 ACCOUNT_LOGE("failed to read userId");
250 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
251 }
252 std::vector<uint8_t> authToken;
253 if (!data.ReadUInt8Vector(&authToken)) {
254 ACCOUNT_LOGE("failed to read authToken for delUser");
255 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
256 }
257 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
258 if (callback == nullptr) {
259 ACCOUNT_LOGE("callback is nullptr");
260 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
261 }
262 DelUser(userId, authToken, callback);
263 return ERR_NONE;
264 }
265
ProcCancel(MessageParcel & data,MessageParcel & reply)266 ErrCode AccountIAMMgrStub::ProcCancel(MessageParcel &data, MessageParcel &reply)
267 {
268 if (!CheckPermission(AccountPermissionManager::MANAGE_USER_IDM)) {
269 return ERR_ACCOUNT_IAM_SERVICE_PERMISSION_DENIED;
270 }
271 int32_t userId;
272 if (!data.ReadInt32(userId)) {
273 ACCOUNT_LOGE("failed to read userId");
274 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
275 }
276 int32_t result = Cancel(userId);
277 if (!reply.WriteInt32(result)) {
278 ACCOUNT_LOGE("failed to write result");
279 return ERR_ACCOUNT_IAM_SERVICE_WRITE_PARCEL_FAIL;
280 }
281 return ERR_NONE;
282 }
283
ProcGetCredentialInfo(MessageParcel & data,MessageParcel & reply)284 ErrCode AccountIAMMgrStub::ProcGetCredentialInfo(MessageParcel &data, MessageParcel &reply)
285 {
286 if (!CheckPermission(AccountPermissionManager::USE_USER_IDM)) {
287 return ERR_ACCOUNT_IAM_SERVICE_PERMISSION_DENIED;
288 }
289 int32_t userId;
290 int32_t authType;
291 ErrCode ret = ReadUserIdAndAuthType(data, userId, authType);
292 if (ret != ERR_OK) {
293 return ret;
294 }
295 sptr<IGetCredInfoCallback> callback = iface_cast<IGetCredInfoCallback>(data.ReadRemoteObject());
296 if (callback == nullptr) {
297 ACCOUNT_LOGE("callback is nullptr");
298 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
299 }
300 int result = GetCredentialInfo(userId, static_cast<AuthType>(authType), callback);
301 if (!reply.WriteInt32(result)) {
302 ACCOUNT_LOGE("failed to write result");
303 return ERR_ACCOUNT_IAM_SERVICE_WRITE_PARCEL_FAIL;
304 }
305 return ERR_NONE;
306 }
307
ProcAuthUser(MessageParcel & data,MessageParcel & reply)308 ErrCode AccountIAMMgrStub::ProcAuthUser(MessageParcel &data, MessageParcel &reply)
309 {
310 if (!CheckPermission(AccountPermissionManager::ACCESS_USER_AUTH_INTERNAL)) {
311 return ERR_ACCOUNT_IAM_SERVICE_PERMISSION_DENIED;
312 }
313 int32_t userId;
314 if (!data.ReadInt32(userId)) {
315 ACCOUNT_LOGE("failed to read userId");
316 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
317 }
318 std::vector<uint8_t> challenge;
319 if (!data.ReadUInt8Vector(&challenge)) {
320 ACCOUNT_LOGE("failed to read challenge");
321 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
322 }
323 int32_t authType;
324 if (!data.ReadInt32(authType)) {
325 ACCOUNT_LOGE("failed to read authType for AuthUser");
326 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
327 }
328 uint32_t authTrustLevel;
329 if (!data.ReadUint32(authTrustLevel)) {
330 ACCOUNT_LOGE("failed to read authTrustLevel for AuthUser");
331 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
332 }
333 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
334 if (callback == nullptr) {
335 ACCOUNT_LOGE("UserAuthCallbackInterface is nullptr");
336 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
337 }
338 uint64_t contextId = AuthUser(userId, challenge, static_cast<AuthType>(authType),
339 static_cast<AuthTrustLevel>(authTrustLevel), callback);
340 if (!reply.WriteUint64(contextId)) {
341 ACCOUNT_LOGE("failed to write contextId");
342 return ERR_ACCOUNT_IAM_SERVICE_WRITE_PARCEL_FAIL;
343 }
344 return ERR_NONE;
345 }
346
ProcCancelAuth(MessageParcel & data,MessageParcel & reply)347 ErrCode AccountIAMMgrStub::ProcCancelAuth(MessageParcel &data, MessageParcel &reply)
348 {
349 if (!CheckPermission(AccountPermissionManager::ACCESS_USER_AUTH_INTERNAL)) {
350 return ERR_ACCOUNT_IAM_SERVICE_PERMISSION_DENIED;
351 }
352 uint64_t contextId;
353 if (!data.ReadUint64(contextId)) {
354 ACCOUNT_LOGE("failed to read contextId");
355 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
356 }
357 int32_t result = CancelAuth(contextId);
358 if (!reply.WriteInt32(result)) {
359 ACCOUNT_LOGE("failed to write result");
360 return ERR_ACCOUNT_IAM_SERVICE_WRITE_PARCEL_FAIL;
361 }
362 return ERR_NONE;
363 }
364
ProcGetAvailableStatus(MessageParcel & data,MessageParcel & reply)365 ErrCode AccountIAMMgrStub::ProcGetAvailableStatus(MessageParcel &data, MessageParcel &reply)
366 {
367 if (!CheckPermission(AccountPermissionManager::ACCESS_USER_AUTH_INTERNAL)) {
368 return ERR_ACCOUNT_IAM_SERVICE_PERMISSION_DENIED;
369 }
370 int32_t authType;
371 if (!data.ReadInt32(authType)) {
372 ACCOUNT_LOGE("failed to read authType for GetAvailableStatus");
373 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
374 }
375 uint32_t authTrustLevel;
376 if (!data.ReadUint32(authTrustLevel)) {
377 ACCOUNT_LOGE("failed to read authTrustLevel for GetAvailableStatus");
378 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
379 }
380 int32_t status;
381 int32_t result =
382 GetAvailableStatus(static_cast<AuthType>(authType), static_cast<AuthTrustLevel>(authTrustLevel), status);
383 if (!reply.WriteInt32(result)) {
384 ACCOUNT_LOGE("failed to write result");
385 return ERR_ACCOUNT_IAM_SERVICE_WRITE_PARCEL_FAIL;
386 }
387 if (result == ERR_OK) {
388 if (!reply.WriteInt32(status)) {
389 ACCOUNT_LOGE("failed to write status");
390 return ERR_ACCOUNT_IAM_SERVICE_WRITE_PARCEL_FAIL;
391 }
392 }
393 return ERR_NONE;
394 }
395
ProcGetProperty(MessageParcel & data,MessageParcel & reply)396 ErrCode AccountIAMMgrStub::ProcGetProperty(MessageParcel &data, MessageParcel &reply)
397 {
398 if (!CheckPermission(AccountPermissionManager::ACCESS_USER_AUTH_INTERNAL)) {
399 return ERR_ACCOUNT_IAM_SERVICE_PERMISSION_DENIED;
400 }
401 int32_t userId;
402 int32_t authType;
403 if (ReadUserIdAndAuthType(data, userId, authType) != ERR_OK) {
404 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
405 }
406 std::vector<uint32_t> keys;
407 if (!data.ReadUInt32Vector(&keys)) {
408 ACCOUNT_LOGE("failed to read attribute keys");
409 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
410 }
411 sptr<IGetSetPropCallback> callback = iface_cast<IGetSetPropCallback>(data.ReadRemoteObject());
412 if (callback == nullptr) {
413 ACCOUNT_LOGE("IGetSetPropCallback is nullptr");
414 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
415 }
416 GetPropertyRequest request;
417 request.authType = static_cast<AuthType>(authType);
418 for (auto &key : keys) {
419 request.keys.push_back(static_cast<Attributes::AttributeKey>(key));
420 }
421 GetProperty(userId, request, callback);
422 return ERR_NONE;
423 }
424
ProcSetProperty(MessageParcel & data,MessageParcel & reply)425 ErrCode AccountIAMMgrStub::ProcSetProperty(MessageParcel &data, MessageParcel &reply)
426 {
427 if (!CheckPermission(AccountPermissionManager::ACCESS_USER_AUTH_INTERNAL)) {
428 return ERR_ACCOUNT_IAM_SERVICE_PERMISSION_DENIED;
429 }
430 int32_t userId;
431 int32_t authType;
432 if (ReadUserIdAndAuthType(data, userId, authType) != ERR_OK) {
433 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
434 }
435 std::vector<uint8_t> attr;
436 if (!data.ReadUInt8Vector(&attr)) {
437 ACCOUNT_LOGE("failed to read attributes");
438 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
439 }
440 sptr<IGetSetPropCallback> callback = iface_cast<IGetSetPropCallback>(data.ReadRemoteObject());
441 if (callback == nullptr) {
442 ACCOUNT_LOGE("SetExecutorPropertyCallbackInterface is nullptr");
443 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
444 }
445 SetPropertyRequest request = {
446 .authType = static_cast<AuthType>(authType),
447 .attrs = Attributes(attr)
448 };
449 SetProperty(userId, request, callback);
450 return ERR_NONE;
451 }
452
ProcGetAccountState(MessageParcel & data,MessageParcel & reply)453 ErrCode AccountIAMMgrStub::ProcGetAccountState(MessageParcel &data, MessageParcel &reply)
454 {
455 int32_t userId;
456 if (!data.ReadInt32(userId)) {
457 ACCOUNT_LOGE("failed to read userId");
458 return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
459 }
460 IAMState state = GetAccountState(userId);
461 if (!reply.WriteInt32(state)) {
462 ACCOUNT_LOGE("failed to write state");
463 return ERR_ACCOUNT_IAM_SERVICE_WRITE_PARCEL_FAIL;
464 }
465 return ERR_NONE;
466 }
467
CheckPermission(const std::string & permission)468 bool AccountIAMMgrStub::CheckPermission(const std::string &permission)
469 {
470 if (AccountPermissionManager::GetInstance()->VerifyPermission(permission) != ERR_OK) {
471 ACCOUNT_LOGE("check permission failed, permission name: %{public}s", permission.c_str());
472 return false;
473 }
474 return true;
475 }
476 } // AccountSA
477 } // OHOS
478