1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hap_token_info_inner.h"
17
18 #include "accesstoken_dfx_define.h"
19 #include "accesstoken_id_manager.h"
20 #include "accesstoken_log.h"
21 #include "data_translator.h"
22 #include "data_validator.h"
23 #include "token_field_const.h"
24
25 namespace OHOS {
26 namespace Security {
27 namespace AccessToken {
28 namespace {
29 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "HapTokenInfoInner"};
30 static const std::string DEFAULT_DEVICEID = "0";
31 }
32
HapTokenInfoInner()33 HapTokenInfoInner::HapTokenInfoInner() : permUpdateTimestamp_(0), isRemote_(false)
34 {
35 tokenInfoBasic_.ver = DEFAULT_TOKEN_VERSION;
36 tokenInfoBasic_.tokenID = 0;
37 tokenInfoBasic_.tokenAttr = 0;
38 tokenInfoBasic_.userID = 0;
39 tokenInfoBasic_.apiVersion = 0;
40 tokenInfoBasic_.instIndex = 0;
41 tokenInfoBasic_.dlpType = 0;
42 tokenInfoBasic_.apl = APL_NORMAL;
43 }
44
HapTokenInfoInner(AccessTokenID id,const HapInfoParams & info,const HapPolicyParams & policy)45 HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id,
46 const HapInfoParams &info, const HapPolicyParams &policy) : permUpdateTimestamp_(0), isRemote_(false)
47 {
48 tokenInfoBasic_.tokenID = id;
49 tokenInfoBasic_.userID = info.userID;
50 tokenInfoBasic_.ver = DEFAULT_TOKEN_VERSION;
51 tokenInfoBasic_.tokenAttr = 0;
52 tokenInfoBasic_.bundleName = info.bundleName;
53 tokenInfoBasic_.apiVersion = info.apiVersion;
54 tokenInfoBasic_.instIndex = info.instIndex;
55 tokenInfoBasic_.dlpType = info.dlpType;
56 tokenInfoBasic_.appID = info.appIDDesc;
57 tokenInfoBasic_.deviceID = DEFAULT_DEVICEID;
58 tokenInfoBasic_.apl = policy.apl;
59 permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, policy.permStateList);
60 }
61
HapTokenInfoInner(AccessTokenID id,const HapTokenInfo & info,const std::vector<PermissionStateFull> & permStateList)62 HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id,
63 const HapTokenInfo &info, const std::vector<PermissionStateFull>& permStateList) : isRemote_(false)
64 {
65 permUpdateTimestamp_ = 0;
66 tokenInfoBasic_ = info;
67 permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, permStateList);
68 }
69
~HapTokenInfoInner()70 HapTokenInfoInner::~HapTokenInfoInner()
71 {
72 ACCESSTOKEN_LOG_DEBUG(LABEL,
73 "tokenID: 0x%{public}x destruction", tokenInfoBasic_.tokenID);
74 }
75
Update(const std::string & appIDDesc,int32_t apiVersion,const HapPolicyParams & policy)76 void HapTokenInfoInner::Update(const std::string& appIDDesc, int32_t apiVersion, const HapPolicyParams& policy)
77 {
78 tokenInfoBasic_.appID = appIDDesc;
79 tokenInfoBasic_.apiVersion = apiVersion;
80 tokenInfoBasic_.apl = policy.apl;
81 if (permPolicySet_ == nullptr) {
82 permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(tokenInfoBasic_.tokenID,
83 policy.permStateList);
84 return;
85 }
86
87 permPolicySet_->Update(policy.permStateList);
88 return;
89 }
90
TranslateToHapTokenInfo(HapTokenInfo & infoParcel) const91 void HapTokenInfoInner::TranslateToHapTokenInfo(HapTokenInfo& infoParcel) const
92 {
93 infoParcel = tokenInfoBasic_;
94 }
95
TranslationIntoGenericValues(GenericValues & outGenericValues) const96 void HapTokenInfoInner::TranslationIntoGenericValues(GenericValues& outGenericValues) const
97 {
98 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenInfoBasic_.tokenID));
99 outGenericValues.Put(TokenFiledConst::FIELD_USER_ID, tokenInfoBasic_.userID);
100 outGenericValues.Put(TokenFiledConst::FIELD_BUNDLE_NAME, tokenInfoBasic_.bundleName);
101 outGenericValues.Put(TokenFiledConst::FIELD_API_VERSION, tokenInfoBasic_.apiVersion);
102 outGenericValues.Put(TokenFiledConst::FIELD_INST_INDEX, tokenInfoBasic_.instIndex);
103 outGenericValues.Put(TokenFiledConst::FIELD_DLP_TYPE, tokenInfoBasic_.dlpType);
104 outGenericValues.Put(TokenFiledConst::FIELD_APP_ID, tokenInfoBasic_.appID);
105 outGenericValues.Put(TokenFiledConst::FIELD_DEVICE_ID, tokenInfoBasic_.deviceID);
106 outGenericValues.Put(TokenFiledConst::FIELD_APL, tokenInfoBasic_.apl);
107 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_VERSION, tokenInfoBasic_.ver);
108 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_ATTR, static_cast<int32_t>(tokenInfoBasic_.tokenAttr));
109 }
110
RestoreHapTokenBasicInfo(const GenericValues & inGenericValues)111 int HapTokenInfoInner::RestoreHapTokenBasicInfo(const GenericValues& inGenericValues)
112 {
113 tokenInfoBasic_.userID = inGenericValues.GetInt(TokenFiledConst::FIELD_USER_ID);
114 tokenInfoBasic_.bundleName = inGenericValues.GetString(TokenFiledConst::FIELD_BUNDLE_NAME);
115 if (!DataValidator::IsBundleNameValid(tokenInfoBasic_.bundleName)) {
116 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID: 0x%{public}x bundle name is error", tokenInfoBasic_.tokenID);
117 HiviewDFX::HiSysEvent::Write(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
118 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "bundleName error");
119 return RET_FAILED;
120 }
121
122 tokenInfoBasic_.apiVersion = inGenericValues.GetInt(TokenFiledConst::FIELD_API_VERSION);
123 tokenInfoBasic_.instIndex = inGenericValues.GetInt(TokenFiledConst::FIELD_INST_INDEX);
124 tokenInfoBasic_.dlpType = inGenericValues.GetInt(TokenFiledConst::FIELD_DLP_TYPE);
125 tokenInfoBasic_.appID = inGenericValues.GetString(TokenFiledConst::FIELD_APP_ID);
126 if (!DataValidator::IsAppIDDescValid(tokenInfoBasic_.appID)) {
127 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID: 0x%{public}x appID is error", tokenInfoBasic_.tokenID);
128 HiviewDFX::HiSysEvent::Write(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
129 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "appID error");
130 return RET_FAILED;
131 }
132
133 tokenInfoBasic_.deviceID = inGenericValues.GetString(TokenFiledConst::FIELD_DEVICE_ID);
134 if (!DataValidator::IsDeviceIdValid(tokenInfoBasic_.deviceID)) {
135 ACCESSTOKEN_LOG_ERROR(LABEL,
136 "tokenID: 0x%{public}x devId is error", tokenInfoBasic_.tokenID);
137 HiviewDFX::HiSysEvent::Write(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
138 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "deviceID error");
139 return RET_FAILED;
140 }
141 int aplNum = inGenericValues.GetInt(TokenFiledConst::FIELD_APL);
142 if (DataValidator::IsAplNumValid(aplNum)) {
143 tokenInfoBasic_.apl = static_cast<ATokenAplEnum>(aplNum);
144 } else {
145 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID: 0x%{public}x apl is error, value %{public}d",
146 tokenInfoBasic_.tokenID, aplNum);
147 HiviewDFX::HiSysEvent::Write(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
148 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "apl error");
149 return RET_FAILED;
150 }
151 tokenInfoBasic_.ver = (char)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_VERSION);
152 if (tokenInfoBasic_.ver != DEFAULT_TOKEN_VERSION) {
153 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID: 0x%{public}x version is error, version %{public}d",
154 tokenInfoBasic_.tokenID, tokenInfoBasic_.ver);
155 HiviewDFX::HiSysEvent::Write(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
156 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "version error");
157 return RET_FAILED;
158 }
159 tokenInfoBasic_.tokenAttr = (uint32_t)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_ATTR);
160 return RET_SUCCESS;
161 }
162
RestoreHapTokenInfo(AccessTokenID tokenId,const GenericValues & tokenValue,const std::vector<GenericValues> & permStateRes)163 int HapTokenInfoInner::RestoreHapTokenInfo(AccessTokenID tokenId,
164 const GenericValues& tokenValue,
165 const std::vector<GenericValues>& permStateRes)
166 {
167 tokenInfoBasic_.tokenID = tokenId;
168 int ret = RestoreHapTokenBasicInfo(tokenValue);
169 if (ret != RET_SUCCESS) {
170 return RET_FAILED;
171 }
172 permPolicySet_ = PermissionPolicySet::RestorePermissionPolicy(tokenId, permStateRes);
173 return RET_SUCCESS;
174 }
175
StoreHapBasicInfo(std::vector<GenericValues> & valueList) const176 void HapTokenInfoInner::StoreHapBasicInfo(std::vector<GenericValues>& valueList) const
177 {
178 GenericValues genericValues;
179 TranslationIntoGenericValues(genericValues);
180 valueList.emplace_back(genericValues);
181 }
182
StoreHapInfo(std::vector<GenericValues> & hapInfoValues,std::vector<GenericValues> & permStateValues) const183 void HapTokenInfoInner::StoreHapInfo(std::vector<GenericValues>& hapInfoValues,
184 std::vector<GenericValues>& permStateValues) const
185 {
186 if (isRemote_) {
187 ACCESSTOKEN_LOG_INFO(LABEL,
188 "token %{public}x is remote hap token, will not store", tokenInfoBasic_.tokenID);
189 return;
190 }
191 StoreHapBasicInfo(hapInfoValues);
192 if (permPolicySet_ != nullptr) {
193 permPolicySet_->StorePermissionPolicySet(permStateValues);
194 }
195 }
196
GetHapInfoPermissionPolicySet() const197 std::shared_ptr<PermissionPolicySet> HapTokenInfoInner::GetHapInfoPermissionPolicySet() const
198 {
199 return permPolicySet_;
200 }
201
GetUserID() const202 int HapTokenInfoInner::GetUserID() const
203 {
204 return tokenInfoBasic_.userID;
205 }
206
GetDlpType() const207 int HapTokenInfoInner::GetDlpType() const
208 {
209 return tokenInfoBasic_.dlpType;
210 }
211
GetBundleName() const212 std::string HapTokenInfoInner::GetBundleName() const
213 {
214 return tokenInfoBasic_.bundleName;
215 }
216
GetInstIndex() const217 int HapTokenInfoInner::GetInstIndex() const
218 {
219 return tokenInfoBasic_.instIndex;
220 }
221
GetTokenID() const222 AccessTokenID HapTokenInfoInner::GetTokenID() const
223 {
224 return tokenInfoBasic_.tokenID;
225 }
226
GetHapInfoBasic() const227 HapTokenInfo HapTokenInfoInner::GetHapInfoBasic() const
228 {
229 return tokenInfoBasic_;
230 }
231
SetTokenBaseInfo(const HapTokenInfo & baseInfo)232 void HapTokenInfoInner::SetTokenBaseInfo(const HapTokenInfo& baseInfo)
233 {
234 tokenInfoBasic_ = baseInfo;
235 }
236
SetPermissionPolicySet(std::shared_ptr<PermissionPolicySet> & policySet)237 void HapTokenInfoInner::SetPermissionPolicySet(std::shared_ptr<PermissionPolicySet>& policySet)
238 {
239 permPolicySet_ = policySet;
240 }
241
IsRemote() const242 bool HapTokenInfoInner::IsRemote() const
243 {
244 return isRemote_;
245 }
246
SetRemote(bool isRemote)247 void HapTokenInfoInner::SetRemote(bool isRemote)
248 {
249 isRemote_ = isRemote;
250 }
251
ToString(std::string & info) const252 void HapTokenInfoInner::ToString(std::string& info) const
253 {
254 info.append(R"({)");
255 info.append("\n");
256 info.append(R"( "tokenID": )" + std::to_string(tokenInfoBasic_.tokenID) + ",\n");
257 info.append(R"( "tokenAttr": )" + std::to_string(tokenInfoBasic_.tokenAttr) + ",\n");
258 info.append(R"( "ver": )" + std::to_string(tokenInfoBasic_.ver) + ",\n");
259 info.append(R"( "userId": )" + std::to_string(tokenInfoBasic_.userID) + ",\n");
260 info.append(R"( "bundleName": ")" + tokenInfoBasic_.bundleName + R"(")" + ",\n");
261 info.append(R"( "instIndex": )" + std::to_string(tokenInfoBasic_.instIndex) + ",\n");
262 info.append(R"( "dlpType": )" + std::to_string(tokenInfoBasic_.dlpType) + ",\n");
263 info.append(R"( "appID": ")" + tokenInfoBasic_.appID + R"(")" + ",\n");
264 info.append(R"( "deviceID": ")" + tokenInfoBasic_.deviceID + R"(")" + ",\n");
265 info.append(R"( "apl": )" + std::to_string(tokenInfoBasic_.apl) + ",\n");
266 info.append(R"( "isRemote": )" + std::to_string(isRemote_) + ",\n");
267
268 if (permPolicySet_ != nullptr) {
269 permPolicySet_->ToString(info);
270 }
271 info.append("}");
272 }
273 } // namespace AccessToken
274 } // namespace Security
275 } // namespace OHOS
276