• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "access_token_helper.h"
17 
18 #include "common_event_permission_manager.h"
19 #include "event_log_wrapper.h"
20 #include "ipc_skeleton.h"
21 #include "privacy_kit.h"
22 
23 using namespace OHOS::Security::AccessToken;
24 
25 namespace OHOS {
26 namespace EventFwk {
VerifyNativeToken(const AccessTokenID & callerToken)27 bool AccessTokenHelper::VerifyNativeToken(const AccessTokenID &callerToken)
28 {
29     ATokenTypeEnum tokenType = AccessTokenKit::GetTokenTypeFlag(callerToken);
30     return (tokenType == ATokenTypeEnum::TOKEN_NATIVE || tokenType == ATokenTypeEnum::TOKEN_SHELL);
31 }
32 
VerifyAccessToken(const AccessTokenID & callerToken,const std::string & permission)33 bool AccessTokenHelper::VerifyAccessToken(const AccessTokenID &callerToken,
34     const std::string &permission)
35 {
36     return (AccessTokenKit::VerifyAccessToken(callerToken, permission) ==
37         AccessToken::PermissionState::PERMISSION_GRANTED);
38 }
39 
RecordSensitivePermissionUsage(const AccessTokenID & callerToken,const std::string & event)40 void AccessTokenHelper::RecordSensitivePermissionUsage(const AccessTokenID &callerToken,
41     const std::string &event)
42 {
43     EVENT_LOGI("enter");
44     ATokenTypeEnum tokenType = AccessTokenKit::GetTokenTypeFlag(callerToken);
45     if (tokenType != ATokenTypeEnum::TOKEN_HAP) {
46         EVENT_LOGE("tokenType != ATokenTypeEnum::TOKEN_HAP");
47         return;
48     }
49     Permission permission = DelayedSingleton<CommonEventPermissionManager>::GetInstance()->GetEventPermission(event);
50     if (!permission.isSensitive || permission.names.empty()) {
51         EVENT_LOGE("permission denied");
52         return;
53     }
54     for (const auto &permissionName : permission.names) {
55         PrivacyKit::AddPermissionUsedRecord(callerToken, permissionName, 1, 0);
56     }
57 }
58 
IsDlpHap(const AccessTokenID & callerToken)59 bool AccessTokenHelper::IsDlpHap(const AccessTokenID &callerToken)
60 {
61     ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(callerToken);
62     if (type == ATokenTypeEnum::TOKEN_HAP) {
63         HapTokenInfo info;
64         AccessTokenKit::GetHapTokenInfo(callerToken, info);
65         return (info.dlpType == DlpType::DLP_READ || info.dlpType == DlpType::DLP_FULL_CONTROL);
66     }
67     return false;
68 }
69 
GetHapTokenID(int userID,const std::string & bundleName,int instIndex)70 AccessTokenID AccessTokenHelper::GetHapTokenID(int userID,
71     const std::string& bundleName, int instIndex)
72 {
73     return AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex);
74 }
75 }  // namespace EventFwk
76 }  // namespace OHOS
77