1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "permission_verification.h"
17
18 #include "ability_manager_errors.h"
19 #include "accesstoken_kit.h"
20 #include "hilog_wrapper.h"
21 #include "permission_constants.h"
22
23 namespace OHOS {
24 namespace AAFwk {
25 const std::string DLP_PARAMS_INDEX = "ohos.dlp.params.index";
26 const std::string DLP_PARAMS_SECURITY_FLAG = "ohos.dlp.params.securityFlag";
27 const std::string DMS_PROCESS_NAME = "distributedsched";
VerifyCallingPermission(const std::string & permissionName) const28 bool PermissionVerification::VerifyCallingPermission(const std::string &permissionName) const
29 {
30 HILOG_DEBUG("VerifyCallingPermission permission %{public}s", permissionName.c_str());
31 auto callerToken = GetCallingTokenID();
32 int32_t ret = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName);
33 if (ret == Security::AccessToken::PermissionState::PERMISSION_DENIED) {
34 HILOG_ERROR("permission %{public}s: PERMISSION_DENIED", permissionName.c_str());
35 return false;
36 }
37 HILOG_DEBUG("verify AccessToken success");
38 return true;
39 }
40
IsSACall() const41 bool PermissionVerification::IsSACall() const
42 {
43 HILOG_DEBUG("%{public}s: is called.", __func__);
44 auto callerToken = GetCallingTokenID();
45 auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken);
46 if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) {
47 HILOG_DEBUG("caller tokenType is native, verify success");
48 return true;
49 }
50 HILOG_DEBUG("Not SA called.");
51 return false;
52 }
53
IsShellCall() const54 bool PermissionVerification::IsShellCall() const
55 {
56 HILOG_DEBUG("%{public}s: is called.", __func__);
57 auto callerToken = GetCallingTokenID();
58 auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken);
59 if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL) {
60 HILOG_DEBUG("caller tokenType is shell, verify success");
61 return true;
62 }
63 HILOG_DEBUG("Not shell called.");
64 return false;
65 }
66
IsGatewayCall() const67 bool PermissionVerification::IsGatewayCall() const
68 {
69 if (VerifyCallingPermission(PermissionConstants::PERMISSION_MANAGER_ABILITY_FROM_GATEWAY)) {
70 HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__);
71 return true;
72 }
73 HILOG_INFO("%{public}s: Permission verification failed.", __func__);
74 return false;
75 }
76
CheckSpecificSystemAbilityAccessPermission() const77 bool PermissionVerification::CheckSpecificSystemAbilityAccessPermission() const
78 {
79 HILOG_DEBUG("PermissionVerification::CheckSpecifidSystemAbilityAccessToken is called.");
80 if (!IsSACall()) {
81 HILOG_ERROR("caller tokenType is not native, verify failed.");
82 return false;
83 }
84 auto callerToken = GetCallingTokenID();
85 Security::AccessToken::NativeTokenInfo nativeTokenInfo;
86 int32_t result = Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(callerToken, nativeTokenInfo);
87 if (result != ERR_OK || nativeTokenInfo.processName != DMS_PROCESS_NAME) {
88 HILOG_ERROR("Check process name failed.");
89 return false;
90 }
91 return true;
92 }
93
VerifyRunningInfoPerm() const94 bool PermissionVerification::VerifyRunningInfoPerm() const
95 {
96 if (IsSACall()) {
97 HILOG_DEBUG("%{public}s: the interface called by SA.", __func__);
98 return true;
99 }
100 if (VerifyCallingPermission(PermissionConstants::PERMISSION_GET_RUNNING_INFO)) {
101 HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__);
102 return true;
103 }
104 HILOG_ERROR("%{public}s: Permission verification failed.", __func__);
105 return false;
106 }
107
VerifyControllerPerm() const108 bool PermissionVerification::VerifyControllerPerm() const
109 {
110 if (IsSACall()) {
111 HILOG_DEBUG("%{public}s: the interface called by SA.", __func__);
112 return true;
113 }
114 if (VerifyCallingPermission(PermissionConstants::PERMISSION_SET_ABILITY_CONTROLLER)) {
115 HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__);
116 return true;
117 }
118 HILOG_ERROR("%{public}s: Permission verification failed.", __func__);
119 return false;
120 }
121
VerifyDlpPermission(Want & want) const122 bool PermissionVerification::VerifyDlpPermission(Want &want) const
123 {
124 if (want.GetIntParam(DLP_PARAMS_INDEX, 0) == 0) {
125 want.RemoveParam(DLP_PARAMS_SECURITY_FLAG);
126 return true;
127 }
128
129 if (IsSACall()) {
130 return true;
131 }
132 if (VerifyCallingPermission(PermissionConstants::PERMISSION_ACCESS_DLP)) {
133 return true;
134 }
135 HILOG_ERROR("%{public}s: Permission verification failed", __func__);
136 return false;
137 }
138
VerifyAccountPermission() const139 int PermissionVerification::VerifyAccountPermission() const
140 {
141 if (IsSACall()) {
142 return ERR_OK;
143 }
144 if (VerifyCallingPermission(PermissionConstants::PERMISSION_INTERACT_ACROSS_LOCAL_ACCOUNTS)) {
145 return ERR_OK;
146 }
147 HILOG_ERROR("%{public}s: Permission verification failed", __func__);
148 return CHECK_PERMISSION_FAILED;
149 }
150
VerifyMissionPermission() const151 bool PermissionVerification::VerifyMissionPermission() const
152 {
153 if (IsSACall()) {
154 return true;
155 }
156 if (VerifyCallingPermission(PermissionConstants::PERMISSION_MANAGE_MISSION)) {
157 HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__);
158 return true;
159 }
160 HILOG_ERROR("%{public}s: Permission verification failed", __func__);
161 return false;
162 }
163
VerifyAppStateObserverPermission() const164 int PermissionVerification::VerifyAppStateObserverPermission() const
165 {
166 if (IsSACall()) {
167 return ERR_OK;
168 }
169 if (VerifyCallingPermission(PermissionConstants::PERMISSION_RUNNING_STATE_OBSERVER)) {
170 HILOG_INFO("Permission verification succeeded.");
171 return ERR_OK;
172 }
173 HILOG_ERROR("Permission verification failed.");
174 return ERR_PERMISSION_DENIED;
175 }
176
VerifyUpdateConfigurationPerm() const177 int32_t PermissionVerification::VerifyUpdateConfigurationPerm() const
178 {
179 if (IsSACall() || VerifyCallingPermission(PermissionConstants::PERMISSION_UPDATE_CONFIGURATION)) {
180 HILOG_INFO("Verify permission %{public}s succeed.", PermissionConstants::PERMISSION_UPDATE_CONFIGURATION);
181 return ERR_OK;
182 }
183 HILOG_ERROR("Verify permission %{public}s failed.", PermissionConstants::PERMISSION_UPDATE_CONFIGURATION);
184 return ERR_PERMISSION_DENIED;
185 }
186
VerifyInstallBundlePermission() const187 bool PermissionVerification::VerifyInstallBundlePermission() const
188 {
189 if (IsSACall() || VerifyCallingPermission(PermissionConstants::PERMISSION_INSTALL_BUNDLE)) {
190 HILOG_INFO("Verify permission %{public}s succeed.", PermissionConstants::PERMISSION_INSTALL_BUNDLE);
191 return true;
192 }
193
194 HILOG_ERROR("Verify permission %{public}s failed.", PermissionConstants::PERMISSION_INSTALL_BUNDLE);
195 return false;
196 }
197
VerifyGetBundleInfoPrivilegedPermission() const198 bool PermissionVerification::VerifyGetBundleInfoPrivilegedPermission() const
199 {
200 if (IsSACall() || VerifyCallingPermission(PermissionConstants::PERMISSION_GET_BUNDLE_INFO_PRIVILEGED)) {
201 HILOG_INFO("Verify permission %{public}s succeed.", PermissionConstants::PERMISSION_GET_BUNDLE_INFO_PRIVILEGED);
202 return true;
203 }
204
205 HILOG_ERROR("Verify permission %{public}s failed.", PermissionConstants::PERMISSION_GET_BUNDLE_INFO_PRIVILEGED);
206 return false;
207 }
208
CheckCallDataAbilityPermission(const VerificationInfo & verificationInfo) const209 int PermissionVerification::CheckCallDataAbilityPermission(const VerificationInfo &verificationInfo) const
210 {
211 if (IsSACall()) {
212 return ERR_OK;
213 }
214
215 if ((verificationInfo.apiTargetVersion > API8 || IsShellCall()) &&
216 !JudgeStartAbilityFromBackground(verificationInfo.isBackgroundCall)) {
217 HILOG_ERROR("Application can not start DataAbility from background after API8.");
218 return CHECK_PERMISSION_FAILED;
219 }
220 if (!JudgeStartInvisibleAbility(verificationInfo.accessTokenId, verificationInfo.visible)) {
221 HILOG_ERROR("Target DataAbility is not visible, and caller does not have INVISIBLE permission.");
222 return ABILITY_VISIBLE_FALSE_DENY_REQUEST;
223 }
224 if (!JudgeAssociatedWakeUp(verificationInfo.accessTokenId, verificationInfo.associatedWakeUp)) {
225 HILOG_ERROR("Target DataAbility's associatedWakeUp is false, reject start it from other application.");
226 return CHECK_PERMISSION_FAILED;
227 }
228
229 return ERR_OK;
230 }
231
CheckCallServiceAbilityPermission(const VerificationInfo & verificationInfo) const232 int PermissionVerification::CheckCallServiceAbilityPermission(const VerificationInfo &verificationInfo) const
233 {
234 if (IsSACall()) {
235 return ERR_OK;
236 }
237
238 if ((verificationInfo.apiTargetVersion > API8 || IsShellCall()) &&
239 !JudgeStartAbilityFromBackground(verificationInfo.isBackgroundCall)) {
240 HILOG_ERROR("Application can not start ServiceAbility from background after API8.");
241 return CHECK_PERMISSION_FAILED;
242 }
243 if (!JudgeStartInvisibleAbility(verificationInfo.accessTokenId, verificationInfo.visible)) {
244 HILOG_ERROR("Target ServiceAbility is not visible, and caller does not have INVISIBLE permission.");
245 return ABILITY_VISIBLE_FALSE_DENY_REQUEST;
246 }
247 if (!JudgeAssociatedWakeUp(verificationInfo.accessTokenId, verificationInfo.associatedWakeUp)) {
248 HILOG_ERROR("Target ServiceAbility's associatedWakeUp is false, reject start it from other application.");
249 return CHECK_PERMISSION_FAILED;
250 }
251
252 return ERR_OK;
253 }
254
CheckCallAbilityPermission(const VerificationInfo & verificationInfo) const255 int PermissionVerification::CheckCallAbilityPermission(const VerificationInfo &verificationInfo) const
256 {
257 return JudgeInvisibleAndBackground(verificationInfo);
258 }
259
CheckCallServiceExtensionPermission(const VerificationInfo & verificationInfo) const260 int PermissionVerification::CheckCallServiceExtensionPermission(const VerificationInfo &verificationInfo) const
261 {
262 return JudgeInvisibleAndBackground(verificationInfo);
263 }
264
CheckStartByCallPermission(const VerificationInfo & verificationInfo) const265 int PermissionVerification::CheckStartByCallPermission(const VerificationInfo &verificationInfo) const
266 {
267 if (IsSACall()) {
268 return ERR_OK;
269 }
270
271 if (IsCallFromSameAccessToken(verificationInfo.accessTokenId)) {
272 HILOG_ERROR("Not remote call, Caller is from same APP, StartAbilityByCall reject");
273 return CHECK_PERMISSION_FAILED;
274 }
275 // Different APP call, check permissions
276 if (!VerifyCallingPermission(PermissionConstants::PERMISSION_ABILITY_BACKGROUND_COMMUNICATION)) {
277 HILOG_ERROR("PERMISSION_ABILITY_BACKGROUND_COMMUNICATION verification failed, StartAbilityByCall reject");
278 return CHECK_PERMISSION_FAILED;
279 }
280 if (!JudgeStartInvisibleAbility(verificationInfo.accessTokenId, verificationInfo.visible)) {
281 return ABILITY_VISIBLE_FALSE_DENY_REQUEST;
282 }
283 if (!JudgeStartAbilityFromBackground(verificationInfo.isBackgroundCall)) {
284 return CHECK_PERMISSION_FAILED;
285 }
286
287 return ERR_OK;
288 }
289
GetCallingTokenID() const290 unsigned int PermissionVerification::GetCallingTokenID() const
291 {
292 auto callerToken = IPCSkeleton::GetCallingTokenID();
293 HILOG_DEBUG("callerToken : %{private}u", callerToken);
294 return callerToken;
295 }
296
JudgeStartInvisibleAbility(const uint32_t accessTokenId,const bool visible) const297 bool PermissionVerification::JudgeStartInvisibleAbility(const uint32_t accessTokenId, const bool visible) const
298 {
299 if (visible) {
300 HILOG_DEBUG("TargetAbility visible is true, PASS.");
301 return true;
302 }
303 if (IsCallFromSameAccessToken(accessTokenId)) {
304 HILOG_DEBUG("TargetAbility is in same APP, PASS.");
305 return true;
306 }
307 if (VerifyCallingPermission(PermissionConstants::PERMISSION_START_INVISIBLE_ABILITY)) {
308 HILOG_DEBUG("Caller has PERMISSION_START_INVISIBLE_ABILITY, PASS.");
309 return true;
310 }
311 HILOG_ERROR("PERMISSION_START_INVISIBLE_ABILITY verification failed.");
312 return false;
313 }
314
JudgeStartAbilityFromBackground(const bool isBackgroundCall) const315 bool PermissionVerification::JudgeStartAbilityFromBackground(const bool isBackgroundCall) const
316 {
317 if (!isBackgroundCall) {
318 HILOG_DEBUG("Caller is not background, PASS.");
319 return true;
320 }
321 // Temporarily supports permissions with two different spellings
322 // PERMISSION_START_ABILIIES_FROM_BACKGROUND will be removed later due to misspelling
323 if (VerifyCallingPermission(PermissionConstants::PERMISSION_START_ABILITIES_FROM_BACKGROUND) ||
324 VerifyCallingPermission(PermissionConstants::PERMISSION_START_ABILIIES_FROM_BACKGROUND)) {
325 HILOG_DEBUG("Caller has PERMISSION_START_ABILITIES_FROM_BACKGROUND, PASS.");
326 return true;
327 }
328 HILOG_ERROR("PERMISSION_START_ABILITIES_FROM_BACKGROUND verification failed.");
329 return false;
330 }
331
JudgeAssociatedWakeUp(const uint32_t accessTokenId,const bool associatedWakeUp) const332 bool PermissionVerification::JudgeAssociatedWakeUp(const uint32_t accessTokenId, const bool associatedWakeUp) const
333 {
334 if (IsCallFromSameAccessToken(accessTokenId)) {
335 HILOG_DEBUG("TargetAbility is in same APP, PASS.");
336 return true;
337 }
338 if (associatedWakeUp) {
339 HILOG_DEBUG("TargetAbility is allowed associatedWakeUp, PASS.");
340 return true;
341 }
342 HILOG_ERROR("The target is not allowed associatedWakeUp.");
343 return false;
344 }
345
JudgeInvisibleAndBackground(const VerificationInfo & verificationInfo) const346 int PermissionVerification::JudgeInvisibleAndBackground(const VerificationInfo &verificationInfo) const
347 {
348 if (IsSACall()) {
349 return ERR_OK;
350 }
351 if (!JudgeStartInvisibleAbility(verificationInfo.accessTokenId, verificationInfo.visible)) {
352 return ABILITY_VISIBLE_FALSE_DENY_REQUEST;
353 }
354 if (!JudgeStartAbilityFromBackground(verificationInfo.isBackgroundCall)) {
355 return CHECK_PERMISSION_FAILED;
356 }
357
358 return ERR_OK;
359 }
360 } // namespace AAFwk
361 } // namespace OHOS
362