• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2020-2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *    http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <ohos_errno.h>
17 #include <pthread.h>
18 #include <securec.h>
19 
20 #include "cJSON.h"
21 #include "iproxy_client.h"
22 #include "ipc_skeleton.h"
23 #include "log.h"
24 #include "pms_interface.h"
25 #include "pms_types.h"
26 #include "registry.h"
27 #include "samgr_lite.h"
28 
29 #define PERMISSION_SERVICE "permissionms"
30 #define PERM_FEATURE "PmsFeature"
31 #define PERM_INNER_FEATURE "PmsInnerFeature"
32 #define MAX_DATA_LEN 0x100
33 #define FIELD_PERMISSION "permissions"
34 #define FIELD_NAME "name"
35 #define FIELD_DESC "desc"
36 #define FIELD_IS_GRANTED "isGranted"
37 #define FIELD_FLAGS "flags"
38 #define SYS_SVC_UID_MAX 99
39 #define SYS_APP_UID_MIN 100
40 #define SYS_APP_UID_MAX 999
41 #define PERMISSION_NUM_MAX 1000
42 
43 enum FUNCID {
44     ID_CHECK_SELF = 0,
45     ID_QUERY,
46     ID_CHECK = 10,
47     ID_GRANT,
48     ID_REVOKE,
49     ID_GRANT_RUNTIME,
50     ID_REVOKE_RUNTIME,
51     ID_UPDATE_PERMS_FLAGS,
52 };
53 
54 typedef struct ClientApi {
55     INHERIT_CLIENT_IPROXY;
56     int (*CheckSelfPermission)(const char *permissionName);
57     int (*QueryPermission)(const char *identifier, PermissionSaved **permissions, int *permNum);
58 } ClientApi;
59 
60 typedef struct ClientEntry {
61     INHERIT_IUNKNOWNENTRY(ClientApi);
62 } ClientEntry;
63 
64 typedef struct InnerClientApi {
65     INHERIT_CLIENT_IPROXY;
66     int (*CheckPermission)(int uid, const char *permissionName);
67     int (*GrantPermission)(const char *identifier, const char *permName);
68     int (*RevokePermission)(const char *identifier, const char *permName);
69     int (*GrantRuntimePermission)(int uid, const char *permissionName);
70     int (*RevokeRuntimePermission)(int uid, const char *permissionName);
71     int (*UpdatePermissionFlags)(const char *identifier, const char *permissionName, int flags);
72 } InnerClientApi;
73 
74 typedef struct ClientInnerEntry {
75     INHERIT_IUNKNOWNENTRY(InnerClientApi);
76 } ClientInnerEntry;
77 
78 typedef struct RetOfQueryPerms {
79     int resultCode;
80     int length;
81     PermissionSaved *permission;
82 } RetOfQueryPerms;
83 
CreatClient(const char * service,const char * feature,uint32 size)84 void *CreatClient(const char *service, const char *feature, uint32 size)
85 {
86     (void)service;
87     (void)feature;
88     uint32 len = size + sizeof(ClientEntry);
89     if ((len < size) || (len < sizeof(ClientEntry))) {
90         return NULL;
91     }
92     uint8 *client = malloc(len);
93     if (client == NULL) {
94         return NULL;
95     }
96     (void)memset_s(client, len, 0, len);
97     ClientEntry *entry = (ClientEntry *)&client[size];
98     entry->ver = ((uint16)CLIENT_PROXY_VER | (uint16)DEFAULT_VERSION);
99     entry->ref = 1;
100     entry->iUnknown.QueryInterface = IUNKNOWN_QueryInterface;
101     entry->iUnknown.AddRef = IUNKNOWN_AddRef;
102     entry->iUnknown.Release = IUNKNOWN_Release;
103     entry->iUnknown.Invoke = NULL;
104     entry->iUnknown.CheckSelfPermission = CheckSelfPermission;
105     entry->iUnknown.QueryPermission = QueryPermission;
106     return client;
107 }
108 
DestroyClient(const char * service,const char * feature,void * iproxy)109 void DestroyClient(const char *service, const char *feature, void *iproxy)
110 {
111     (void)service;
112     (void)feature;
113     free(iproxy);
114 }
115 
GetClientApi(void)116 static ClientApi *GetClientApi(void)
117 {
118     SAMGR_RegisterFactory(PERMISSION_SERVICE, PERM_FEATURE, CreatClient, DestroyClient);
119     ClientApi *clientApi = NULL;
120     HILOG_INFO(HILOG_MODULE_APP, "[GetFeatureApi S:%s F:%s]: BEGIN\n", PERMISSION_SERVICE, PERM_FEATURE);
121     IUnknown *iUnknown = SAMGR_GetInstance()->GetFeatureApi(PERMISSION_SERVICE, PERM_FEATURE);
122     if (iUnknown == NULL) {
123         HILOG_INFO(HILOG_MODULE_APP, "[GetFeatureApi S:%s F:%s]: error is NULL\n", PERMISSION_SERVICE, PERM_FEATURE);
124         return NULL;
125     }
126 
127     (void)iUnknown->QueryInterface(iUnknown, CLIENT_PROXY_VER, (void **)&clientApi);
128     HILOG_INFO(HILOG_MODULE_APP, "[QueryInterface CLIENT_PROXY_VER S:%s, F:%s]\n",
129                PERMISSION_SERVICE, PERM_FEATURE);
130     return clientApi;
131 }
132 
ReleaseClientApi(ClientApi * clientApi)133 static void ReleaseClientApi(ClientApi *clientApi)
134 {
135     if (clientApi == NULL) {
136         return;
137     }
138     int32 ref = clientApi->Release((IUnknown *)clientApi);
139     HILOG_INFO(HILOG_MODULE_APP, "[Release api S:%s, F:%s]: ref:%d\n",
140                PERMISSION_SERVICE, PERM_FEATURE, ref);
141 }
142 
CreatInnerClient(const char * service,const char * feature,uint32 size)143 void *CreatInnerClient(const char *service, const char *feature, uint32 size)
144 {
145     (void)service;
146     (void)feature;
147     uint32 len = size + sizeof(ClientInnerEntry);
148     if ((len < size) || (len < sizeof(ClientInnerEntry))) {
149         return NULL;
150     }
151     uint8 *client = malloc(len);
152     if (client == NULL) {
153         return NULL;
154     }
155     (void)memset_s(client, len, 0, len);
156     ClientInnerEntry *entry = (ClientInnerEntry *)&client[size];
157     entry->ver = ((uint16)CLIENT_PROXY_VER | (uint16)DEFAULT_VERSION);
158     entry->ref = 1;
159     entry->iUnknown.QueryInterface = IUNKNOWN_QueryInterface;
160     entry->iUnknown.AddRef = IUNKNOWN_AddRef;
161     entry->iUnknown.Release = IUNKNOWN_Release;
162     entry->iUnknown.Invoke = NULL;
163     entry->iUnknown.CheckPermission = CheckPermission;
164     entry->iUnknown.GrantPermission = GrantPermission;
165     entry->iUnknown.RevokePermission = RevokePermission;
166     entry->iUnknown.GrantRuntimePermission = GrantRuntimePermission;
167     entry->iUnknown.RevokeRuntimePermission = RevokeRuntimePermission;
168     entry->iUnknown.UpdatePermissionFlags = UpdatePermissionFlags;
169     return client;
170 }
171 
DestroyInnerClient(const char * service,const char * feature,void * iproxy)172 void DestroyInnerClient(const char *service, const char *feature, void *iproxy)
173 {
174     (void)service;
175     (void)feature;
176     free(iproxy);
177 }
178 
GetInnerClientApi(void)179 static InnerClientApi *GetInnerClientApi(void)
180 {
181     SAMGR_RegisterFactory(PERMISSION_SERVICE, PERM_INNER_FEATURE, CreatInnerClient, DestroyInnerClient);
182     InnerClientApi *clientApi = NULL;
183     HILOG_INFO(HILOG_MODULE_APP, "[GetFeatureApi S:%s F:%s]: BEGIN\n", PERMISSION_SERVICE, PERM_INNER_FEATURE);
184     IUnknown *iUnknown = SAMGR_GetInstance()->GetFeatureApi(PERMISSION_SERVICE, PERM_INNER_FEATURE);
185     if (iUnknown == NULL) {
186         HILOG_INFO(HILOG_MODULE_APP, "[GetFeatureApi S:%s F:%s]: error is NULL\n", PERMISSION_SERVICE,
187             PERM_INNER_FEATURE);
188         return NULL;
189     }
190     (void)iUnknown->QueryInterface(iUnknown, CLIENT_PROXY_VER, (void **)&clientApi);
191     HILOG_INFO(HILOG_MODULE_APP, "[QueryInterface CLIENT_PROXY_VER S:%s, F:%s]\n",
192                PERMISSION_SERVICE, PERM_INNER_FEATURE);
193     return clientApi;
194 }
195 
ReleaseInnerClientApi(InnerClientApi * clientApi)196 static void ReleaseInnerClientApi(InnerClientApi *clientApi)
197 {
198     if (clientApi == NULL) {
199         return;
200     }
201     int32 ref = clientApi->Release((IUnknown *)clientApi);
202     HILOG_INFO(HILOG_MODULE_APP, "[Release api S:%s, F:%s]: ref:%d\n",
203                PERMISSION_SERVICE, PERM_INNER_FEATURE, ref);
204 }
205 
ParsePermissions(const char * jsonStr,PermissionSaved ** perms,int * permNum)206 static int ParsePermissions(const char *jsonStr, PermissionSaved **perms, int *permNum)
207 {
208     cJSON *root = cJSON_Parse(jsonStr);
209     if (root == NULL) {
210         return PERM_ERRORCODE_JSONPARSE_FAIL;
211     }
212     cJSON *array = cJSON_GetObjectItem(root, FIELD_PERMISSION);
213     int pSize = cJSON_GetArraySize(array);
214     if (pSize > PERMISSION_NUM_MAX) {
215         return PERM_ERRORCODE_JSONPARSE_FAIL;
216     }
217 
218     int allocSize = sizeof(PermissionSaved) * pSize;
219     if (allocSize == 0) {
220         cJSON_Delete(root);
221         return PERM_ERRORCODE_SUCCESS;
222     }
223 
224     *perms = (PermissionSaved *) malloc(allocSize);
225     if (*perms == NULL) {
226         cJSON_Delete(root);
227         return PERM_ERRORCODE_MALLOC_FAIL;
228     }
229     for (int i = 0; i < pSize; i++) {
230         cJSON *object = cJSON_GetArrayItem(array, i);
231         cJSON *itemName = cJSON_GetObjectItem(object, FIELD_NAME);
232         cJSON *itemDesc = cJSON_GetObjectItem(object, FIELD_DESC);
233         cJSON *itemGranted = cJSON_GetObjectItem(object, FIELD_IS_GRANTED);
234         if (itemName == NULL || itemDesc == NULL || itemGranted == NULL || !cJSON_IsString(itemName)
235             || itemName->valuestring == NULL || !cJSON_IsString(itemDesc) || itemDesc->valuestring == NULL) {
236             cJSON_Delete(root);
237             free(*perms);
238             *perms = NULL;
239             return PERM_ERRORCODE_JSONPARSE_FAIL;
240         }
241         if (strcpy_s((*perms + i)->name, PERM_NAME_LEN, itemName->valuestring) != EOK) {
242             cJSON_Delete(root);
243             free(*perms);
244             *perms = NULL;
245             return PERM_ERRORCODE_COPY_ERROR;
246         }
247         if (strcpy_s((*perms + i)->desc, PERM_DESC_LEN, itemDesc->valuestring) != EOK) {
248             cJSON_Delete(root);
249             free(*perms);
250             *perms = NULL;
251             return PERM_ERRORCODE_COPY_ERROR;
252         }
253         (*perms + i)->granted = (enum IsGranted) itemGranted->valueint;
254     }
255     *permNum = pSize;
256     cJSON_Delete(root);
257     return PERM_ERRORCODE_SUCCESS;
258 }
259 
Notify(IOwner owner,int code,IpcIo * reply)260 static int Notify(IOwner owner, int code, IpcIo *reply)
261 {
262     if ((reply == NULL) || (owner == NULL)) {
263         HILOG_ERROR(HILOG_MODULE_APP, "Lite Ipc reply or owner is NULL");
264         return OHOS_FAILURE;
265     }
266 
267     int32_t *ret = (int32_t *)owner;
268     ReadInt32(reply, ret);
269 
270     return EC_SUCCESS;
271 }
272 
DealQueryReply(IOwner owner,int code,IpcIo * reply)273 static int DealQueryReply(IOwner owner, int code, IpcIo *reply)
274 {
275     if ((reply == NULL) || (owner == NULL)) {
276         return OHOS_FAILURE;
277     }
278     int resultCode;
279     ReadInt32(reply, &resultCode);
280     RetOfQueryPerms *ret = (RetOfQueryPerms *)(owner);
281     if (resultCode != PERM_ERRORCODE_SUCCESS) {
282         ret->resultCode = resultCode;
283         return resultCode;
284     }
285     char *jsonStr = (char *)ReadString(reply, NULL);
286     HILOG_INFO(HILOG_MODULE_APP, "[perms: %s]", jsonStr);
287     int retCode = ParsePermissions(jsonStr, &(ret->permission), &(ret->length));
288     ret->resultCode = retCode;
289     return retCode;
290 }
291 
CheckSelfPermission(const char * permissionName)292 int CheckSelfPermission(const char *permissionName)
293 {
294     uid_t callingUid = getuid();
295     if (callingUid <= SYS_APP_UID_MAX) {
296         return GRANTED;
297     }
298     ClientApi *proxy = GetClientApi();
299     if (proxy == NULL) {
300         return OHOS_FAILURE;
301     }
302     IpcIo request;
303     char data[MAX_DATA_LEN];
304     IpcIoInit(&request, data, MAX_DATA_LEN, 0);
305     WriteString(&request, permissionName);
306     int32_t ret = -1;
307     proxy->Invoke((IClientProxy *)proxy, ID_CHECK_SELF, &request, &ret, Notify);
308     ReleaseClientApi(proxy);
309     return ret;
310 }
311 
CheckPermission(int uid,const char * permissionName)312 int CheckPermission(int uid, const char *permissionName)
313 {
314     uid_t callingUid = getuid();
315     if (callingUid <= SYS_APP_UID_MAX) {
316         return GRANTED;
317     }
318     InnerClientApi *proxy = GetInnerClientApi();
319     if (proxy == NULL) {
320         return OHOS_FAILURE;
321     }
322     IpcIo request;
323     char data[MAX_DATA_LEN];
324     IpcIoInit(&request, data, MAX_DATA_LEN, 0);
325     WriteInt64(&request, uid);
326     WriteString(&request, permissionName);
327     int32_t ret = -1;
328     proxy->Invoke((IClientProxy *)proxy, ID_CHECK, &request, &ret, Notify);
329     ReleaseInnerClientApi(proxy);
330     return ret;
331 }
332 
QueryPermission(const char * identifier,PermissionSaved ** permissions,int * permNum)333 int QueryPermission(const char *identifier, PermissionSaved **permissions, int *permNum)
334 {
335     ClientApi *proxy = GetClientApi();
336     if (proxy == NULL) {
337         return OHOS_FAILURE;
338     }
339     if (permissions == NULL || permNum == NULL) {
340         return OHOS_FAILURE;
341     }
342     IpcIo request;
343     char data[MAX_DATA_LEN];
344     IpcIoInit(&request, data, MAX_DATA_LEN, 0);
345     WriteString(&request, identifier);
346     RetOfQueryPerms ret = {
347         .resultCode = 0,
348         .length = 0,
349         .permission = NULL
350     };
351     proxy->Invoke((IClientProxy *)proxy, ID_QUERY, &request, &ret, DealQueryReply);
352     *permissions = ret.permission;
353     *permNum = ret.length;
354     ReleaseClientApi(proxy);
355     return ret.resultCode;
356 }
357 
GrantPermission(const char * identifier,const char * permName)358 int GrantPermission(const char *identifier, const char *permName)
359 {
360     InnerClientApi *proxy = GetInnerClientApi();
361     if (proxy == NULL) {
362         return OHOS_FAILURE;
363     }
364     IpcIo request;
365     char data[MAX_DATA_LEN];
366     IpcIoInit(&request, data, MAX_DATA_LEN, 0);
367     WriteString(&request, identifier);
368     WriteString(&request, permName);
369     int32_t ret = -1;
370     proxy->Invoke((IClientProxy *)proxy, ID_GRANT, &request, &ret, Notify);
371     ReleaseInnerClientApi(proxy);
372     HILOG_INFO(HILOG_MODULE_APP, "client grant[ret: %d]", ret);
373     return ret;
374 }
375 
RevokePermission(const char * identifier,const char * permName)376 int RevokePermission(const char *identifier, const char *permName)
377 {
378     InnerClientApi *proxy = GetInnerClientApi();
379     if (proxy == NULL) {
380         return OHOS_FAILURE;
381     }
382     IpcIo request;
383     char data[MAX_DATA_LEN];
384     IpcIoInit(&request, data, MAX_DATA_LEN, 0);
385     WriteString(&request, identifier);
386     WriteString(&request, permName);
387     int32_t ret = -1;
388     proxy->Invoke((IClientProxy *)proxy, ID_REVOKE, &request, &ret, Notify);
389     ReleaseInnerClientApi(proxy);
390     HILOG_INFO(HILOG_MODULE_APP, "client revoke[ret: %d]", ret);
391     return ret;
392 }
393 
GrantRuntimePermission(int uid,const char * permissionName)394 int GrantRuntimePermission(int uid, const char *permissionName)
395 {
396     InnerClientApi *proxy = GetInnerClientApi();
397     if (proxy == NULL) {
398         return OHOS_FAILURE;
399     }
400     IpcIo request;
401     char data[MAX_DATA_LEN];
402     IpcIoInit(&request, data, MAX_DATA_LEN, 0);
403     WriteInt64(&request, uid);
404     WriteString(&request, permissionName);
405     int32_t ret = -1;
406     proxy->Invoke((IClientProxy *)proxy, ID_GRANT_RUNTIME, &request, &ret, Notify);
407     ReleaseInnerClientApi(proxy);
408     return ret;
409 }
410 
RevokeRuntimePermission(int uid,const char * permissionName)411 int RevokeRuntimePermission(int uid, const char *permissionName)
412 {
413     InnerClientApi *proxy = GetInnerClientApi();
414     if (proxy == NULL) {
415         return OHOS_FAILURE;
416     }
417     IpcIo request;
418     char data[MAX_DATA_LEN];
419     IpcIoInit(&request, data, MAX_DATA_LEN, 0);
420     WriteInt64(&request, uid);
421     WriteString(&request, permissionName);
422     int32_t ret = -1;
423     proxy->Invoke((IClientProxy *)proxy, ID_REVOKE_RUNTIME, &request, &ret, Notify);
424     ReleaseInnerClientApi(proxy);
425     return ret;
426 }
427 
UpdatePermissionFlags(const char * identifier,const char * permissionName,const int flags)428 int UpdatePermissionFlags(const char *identifier, const char *permissionName, const int flags)
429 {
430     InnerClientApi *proxy = GetInnerClientApi();
431     if (proxy == NULL) {
432         return OHOS_FAILURE;
433     }
434     IpcIo request;
435     char data[MAX_DATA_LEN];
436     IpcIoInit(&request, data, MAX_DATA_LEN, 0);
437     WriteString(&request, identifier);
438     WriteString(&request, permissionName);
439     WriteInt32(&request, flags);
440     int32_t ret = -1;
441     proxy->Invoke((IClientProxy *)proxy, ID_UPDATE_PERMS_FLAGS, &request, &ret, Notify);
442     ReleaseInnerClientApi(proxy);
443     return ret;
444 }
445 
446