• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #define LOG_TAG "PermissionProxy"
16 #include "permission_proxy.h"
17 
18 #include "accesstoken_kit.h"
19 #include "account/account_delegate.h"
20 #include "bundle_info.h"
21 #include "bundle_mgr_proxy.h"
22 #include "communication_provider.h"
23 #include "device_manager_adapter.h"
24 #include "log_print.h"
25 #include "metadata/appid_meta_data.h"
26 #include "metadata/meta_data_manager.h"
27 
28 namespace OHOS::DataShare {
29 BundleMgrProxy PermissionProxy::bmsProxy_;
QueryWritePermission(const std::string & bundleName,uint32_t tokenId,std::string & permission)30 bool PermissionProxy::QueryWritePermission(const std::string &bundleName, uint32_t tokenId, std::string &permission)
31 {
32     AppExecFwk::BundleInfo bundleInfo;
33     if (!bmsProxy_.GetBundleInfoFromBMS(bundleName, tokenId, bundleInfo)) {
34         ZLOGE("GetBundleInfoFromBMS failed!");
35         return false;
36     }
37     for (auto &item : bundleInfo.extensionInfos) {
38         if (item.type == AppExecFwk::ExtensionAbilityType::DATASHARE) {
39             permission = item.writePermission;
40             if (permission.empty()) {
41                 ZLOGW("WritePermission is empty!BundleName is %{public}s,tokenId is %{public}u", bundleName.c_str(),
42                     tokenId);
43                 return true;
44             }
45             int status = Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenId, permission);
46             if (status != Security::AccessToken::PermissionState::PERMISSION_GRANTED) {
47                 ZLOGE("Verify write permission denied!");
48                 return false;
49             }
50             return true;
51         }
52     }
53     return false;
54 }
55 
QueryReadPermission(const std::string & bundleName,uint32_t tokenId,std::string & permission)56 bool PermissionProxy::QueryReadPermission(const std::string &bundleName, uint32_t tokenId, std::string &permission)
57 {
58     AppExecFwk::BundleInfo bundleInfo;
59     if (!bmsProxy_.GetBundleInfoFromBMS(bundleName, tokenId, bundleInfo)) {
60         ZLOGE("GetBundleInfoFromBMS failed!");
61         return false;
62     }
63     for (auto &item : bundleInfo.extensionInfos) {
64         if (item.type == AppExecFwk::ExtensionAbilityType::DATASHARE) {
65             if (item.readPermission.empty()) {
66                 ZLOGW("ReadPermission is empty!BundleName is %{public}s,tokenId is %{public}u", bundleName.c_str(),
67                     tokenId);
68                 return true;
69             }
70             int status = Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenId, permission);
71             if (status != Security::AccessToken::PermissionState::PERMISSION_GRANTED) {
72                 ZLOGE("Verify Read permission denied!");
73                 return false;
74             }
75             return true;
76         }
77     }
78     return false;
79 }
80 
FillData(DistributedData::StoreMetaData & meta,int32_t userId)81 void PermissionProxy::FillData(DistributedData::StoreMetaData &meta, int32_t userId)
82 {
83     meta.deviceId = DistributedData::DeviceManagerAdapter::GetInstance().GetLocalDevice().uuid;
84     meta.user = std::to_string(userId);
85 }
86 
QueryMetaData(const std::string & bundleName,const std::string & moduleName,const std::string & storeName,DistributedData::StoreMetaData & metaData,const int32_t userId)87 bool PermissionProxy::QueryMetaData(const std::string &bundleName, const std::string &moduleName,
88     const std::string &storeName, DistributedData::StoreMetaData &metaData, const int32_t userId)
89 {
90     DistributedData::StoreMetaData meta;
91     FillData(meta, userId);
92     meta.bundleName = bundleName;
93     meta.storeId = storeName;
94     if (IsSingleAllowProvider(bundleName, storeName)) {
95         ZLOGD("This hap is allowed to access across user sessions");
96         meta.user = "0";
97     }
98     bool isCreated = DistributedData::MetaDataManager::GetInstance().LoadMeta(meta.GetKey(), metaData);
99     if (!isCreated) {
100         ZLOGE("Interface token is not equal");
101         return false;
102     }
103     return true;
104 }
105 
IsSingleAllowProvider(const std::string & bundleName,const std::string & storeName)106 inline bool PermissionProxy::IsSingleAllowProvider(const std::string &bundleName, const std::string &storeName)
107 {
108     // if settingdata public data, allow cross to user0
109     return bundleName == "com.ohos.settingsdata" && storeName == "settingsdata";
110 }
111 } // namespace OHOS::DataShare