• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef OHOS_ABILITY_RUNTIME_DLP_UTILS_H
17 #define OHOS_ABILITY_RUNTIME_DLP_UTILS_H
18 
19 #include "ability_record.h"
20 #ifdef WITH_DLP
21 #include "dlp_permission_kit.h"
22 #endif // WITH_DLP
23 #include "iremote_object.h"
24 #include "permission_verification.h"
25 #include "want.h"
26 
27 namespace OHOS {
28 namespace AAFwk {
29 namespace DlpUtils {
30 #ifdef WITH_DLP
31 using Dlp = Security::DlpPermission::DlpPermissionKit;
32 #endif // WITH_DLP
DlpAccessOtherAppsCheck(const sptr<IRemoteObject> & callerToken,const Want & want)33 static bool DlpAccessOtherAppsCheck(const sptr<IRemoteObject> &callerToken, const Want &want)
34 {
35 #ifdef WITH_DLP
36     auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
37     if (isSaCall) {
38         return true;
39     }
40     if (callerToken == nullptr) {
41         return true;
42     }
43     auto abilityRecord = Token::GetAbilityRecordByToken(callerToken);
44     if (abilityRecord == nullptr) {
45         HILOG_ERROR("Ability has already been destroyed.");
46         return true;
47     }
48     if (abilityRecord->GetAppIndex() == 0) {
49         return true;
50     }
51     if (abilityRecord->GetApplicationInfo().bundleName == want.GetElement().GetBundleName()) {
52         return true;
53     }
54     int32_t uid = abilityRecord->GetApplicationInfo().uid;
55     Security::DlpPermission::SandBoxExternalAuthorType authResult;
56     int result = Dlp::GetSandboxExternalAuthorization(uid, want, authResult);
57     if (result != ERR_OK) {
58         HILOG_ERROR("GetSandboxExternalAuthorization failed %{public}d.", result);
59         return false;
60     }
61     if (authResult != Security::DlpPermission::SandBoxExternalAuthorType::ALLOW_START_ABILITY) {
62         HILOG_ERROR("Auth failed, not allow start %{public}d.", uid);
63         return false;
64     }
65 #endif // WITH_DLP
66     return true;
67 }
68 
OtherAppsAccessDlpCheck(const sptr<IRemoteObject> & callerToken,const Want & want)69 static bool OtherAppsAccessDlpCheck(const sptr<IRemoteObject> &callerToken, const Want &want)
70 {
71     if (callerToken != nullptr) {
72         auto abilityRecord = Token::GetAbilityRecordByToken(callerToken);
73         if (abilityRecord != nullptr && abilityRecord->GetAppIndex() != 0) {
74             return true;
75         }
76     }
77 
78     return PermissionVerification::GetInstance()->VerifyDlpPermission(const_cast<Want &>(want));
79 }
80 }  // namespace DlpUtils
81 }  // namespace AAFwk
82 }  // namespace OHOS
83 #endif  // OHOS_ABILITY_RUNTIME_DLP_UTILS_H
84