1 /*
2 * Copyright (C) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <map>
17
18 #include "netmanager_base_permission.h"
19
20 #include "accesstoken_kit.h"
21 #include "ipc_skeleton.h"
22
23 #include "net_mgr_log_wrapper.h"
24
25 namespace OHOS {
26 namespace NetManagerStandard {
27 /**
28 * @brief Permission check by callingTokenID.
29 * @param permissionName permission name.
30 * @return Returns true on success, false on failure.
31 */
CheckPermission(const std::string & permissionName)32 bool NetManagerPermission::CheckPermission(const std::string &permissionName)
33 {
34 if (permissionName.empty()) {
35 NETMGR_LOG_E("permission check failed,permission name is empty.");
36 return false;
37 }
38
39 auto callerToken = IPCSkeleton::GetCallingTokenID();
40 auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken);
41 int result = Security::AccessToken::PERMISSION_DENIED;
42 if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) {
43 result = Security::AccessToken::PERMISSION_GRANTED;
44 } else if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_HAP) {
45 result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName);
46 } else {
47 NETMGR_LOG_E("permission check failed, callerToken:%{public}u, tokenType:%{public}d", callerToken, tokenType);
48 }
49
50 if (result != Security::AccessToken::PERMISSION_GRANTED) {
51 NETMGR_LOG_E("permission check failed, permission:%{public}s, callerToken:%{public}u, tokenType:%{public}d",
52 permissionName.c_str(), callerToken, tokenType);
53 return false;
54 }
55 return true;
56 }
57
CheckPermissionWithCache(const std::string & permissionName)58 bool NetManagerPermission::CheckPermissionWithCache(const std::string &permissionName)
59 {
60 if (permissionName.empty()) {
61 NETMGR_LOG_E("permission check failed,permission name is empty.");
62 return false;
63 }
64
65 static std::map<uint32_t, bool> permissionMap;
66 static std::mutex mutex;
67 auto callerToken = IPCSkeleton::GetCallingTokenID();
68 {
69 std::lock_guard<std::mutex> lock(mutex);
70 auto iter = permissionMap.find(callerToken);
71 if (iter != permissionMap.end()) {
72 return iter->second;
73 }
74 }
75 auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken);
76 bool res = false;
77 if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) {
78 res = true;
79 } else if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_HAP) {
80 res = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName) ==
81 Security::AccessToken::PERMISSION_GRANTED;
82 }
83 {
84 std::lock_guard<std::mutex> lock(mutex);
85 permissionMap[callerToken] = res;
86 }
87 return res;
88 }
89 } // namespace NetManagerStandard
90 } // namespace OHOS
91