1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "face_auth_service.h"
17
18 #include <cstdint>
19 #include <functional>
20 #include <map>
21 #include <memory>
22 #include <mutex>
23 #include <string>
24 #include <vector>
25
26 #include "accesstoken_kit.h"
27 #include "bundle_mgr_proxy.h"
28 #include "ibuffer_producer.h"
29 #include "idriver_manager.h"
30 #include "ipc_skeleton.h"
31 #include "iremote_object.h"
32 #include "iservice_registry.h"
33 #include "refbase.h"
34 #include "system_ability.h"
35 #include "system_ability_definition.h"
36
37 #include "iam_check.h"
38 #include "iam_logger.h"
39 #include "iam_para2str.h"
40 #include "iam_ptr.h"
41
42 #include "face_auth_defines.h"
43 #include "face_auth_driver_hdi.h"
44 #include "face_auth_interface_adapter.h"
45
46 #define LOG_LABEL UserIam::Common::LABEL_FACE_AUTH_SA
47
48 namespace OHOS {
49 namespace UserIam {
50 namespace FaceAuth {
51 namespace UserAuth = OHOS::UserIam::UserAuth;
52 using namespace OHOS::UserIam;
53 namespace {
54 const bool REGISTER_RESULT = SystemAbility::MakeAndRegisterAbility(FaceAuthService::GetInstance().get());
55 const uint16_t FACE_AUTH_DEFAULT_HDI_ID = 1;
56 const auto FACE_AUTH_DEFAULT_HDI_ADAPTER = Common::MakeShared<FaceAuthInterfaceAdapter>();
57 auto FACE_AUTH_DEFAULT_HDI = Common::MakeShared<FaceAuthDriverHdi>(FACE_AUTH_DEFAULT_HDI_ADAPTER);
58 // serviceName and HdiConfig.id must be globally unique
59 const std::map<std::string, UserAuth::HdiConfig> HDI_NAME_2_CONFIG = {
60 {"face_auth_interface_service", {FACE_AUTH_DEFAULT_HDI_ID, FACE_AUTH_DEFAULT_HDI}},
61 };
62 const std::vector<std::shared_ptr<FaceAuthDriverHdi>> FACE_AUTH_DRIVER_HDIS = {FACE_AUTH_DEFAULT_HDI};
63 } // namespace
64 std::mutex FaceAuthService::mutex_;
65 std::shared_ptr<FaceAuthService> FaceAuthService::instance_ = nullptr;
66 sptr<AppExecFwk::IBundleMgr> FaceAuthService::bundleMgr_ = nullptr;
67
FaceAuthService()68 FaceAuthService::FaceAuthService() : SystemAbility(SUBSYS_USERIAM_SYS_ABILITY_FACEAUTH, true)
69 {
70 }
71
GetInstance()72 std::shared_ptr<FaceAuthService> FaceAuthService::GetInstance()
73 {
74 if (instance_ == nullptr) {
75 std::lock_guard<std::mutex> gurard(mutex_);
76 if (instance_ == nullptr) {
77 instance_ = Common::MakeShared<FaceAuthService>();
78 if (instance_ == nullptr) {
79 IAM_LOGE("make share failed");
80 }
81 }
82 }
83 return instance_;
84 }
85
OnStart()86 void FaceAuthService::OnStart()
87 {
88 IAM_LOGI("start");
89 StartDriverManager();
90 Publish(this);
91 IAM_LOGI("success");
92 }
93
OnStop()94 void FaceAuthService::OnStop()
95 {
96 IAM_LOGE("service is persistent, OnStop is not implemented");
97 }
98
IsPermissionGranted(const std::string & permission)99 bool FaceAuthService::IsPermissionGranted(const std::string &permission)
100 {
101 IAM_LOGI("start");
102 uint32_t tokenId = this->GetCallingTokenID();
103 int ret = Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenId, permission);
104 if (ret != Security::AccessToken::RET_SUCCESS) {
105 IAM_LOGE("failed to verify access token, code = %{public}d", ret);
106 return false;
107 }
108 return true;
109 }
110
GetBundleMgr()111 sptr<AppExecFwk::IBundleMgr> FaceAuthService::GetBundleMgr()
112 {
113 IAM_LOGI("start");
114 if (bundleMgr_ != nullptr) {
115 return bundleMgr_;
116 }
117 auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
118 if (sam == nullptr) {
119 IAM_LOGE("GetSystemAbilityManager return nullptr");
120 return nullptr;
121 }
122 auto bundleMgrSa = sam->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
123 if (bundleMgrSa == nullptr) {
124 IAM_LOGE("GetSystemAbility return nullptr");
125 return nullptr;
126 }
127 bundleMgr_ = iface_cast<AppExecFwk::BundleMgrProxy>(bundleMgrSa);
128 return bundleMgr_;
129 }
130
SetBufferProducer(sptr<IBufferProducer> & producer)131 int32_t FaceAuthService::SetBufferProducer(sptr<IBufferProducer> &producer)
132 {
133 const std::string MANAGE_USER_IDM_PERMISSION = "ohos.permission.MANAGE_USER_IDM";
134 std::lock_guard<std::mutex> gurard(mutex_);
135 IAM_LOGI("set buffer producer %{public}s", Common::GetPointerNullStateString(producer).c_str());
136 int32_t uid = IPCSkeleton::GetCallingUid();
137 auto bundleMgr = GetBundleMgr();
138 if (bundleMgr == nullptr) {
139 IAM_LOGE("bundleMgr is nullptr");
140 return FACE_AUTH_ERROR;
141 }
142 if (!bundleMgr->CheckIsSystemAppByUid(uid)) {
143 IAM_LOGE("the caller is not a system application");
144 return FACE_AUTH_CHECK_SYSTEM_PERMISSION_FAILED;
145 }
146 if (!IsPermissionGranted(MANAGE_USER_IDM_PERMISSION)) {
147 IAM_LOGE("failed to check permission");
148 return FACE_AUTH_CHECK_PERMISSION_FAILED;
149 }
150 for (auto hdi : FACE_AUTH_DRIVER_HDIS) {
151 IF_FALSE_LOGE_AND_RETURN_VAL(hdi != nullptr, FACE_AUTH_ERROR);
152 int ret = hdi->SetBufferProducer(producer);
153 if (ret != FACE_AUTH_SUCCESS) {
154 IAM_LOGE("SetBufferProducer fail");
155 return FACE_AUTH_ERROR;
156 }
157 }
158 return FACE_AUTH_SUCCESS;
159 }
160
StartDriverManager()161 void FaceAuthService::StartDriverManager()
162 {
163 IAM_LOGI("start");
164 int32_t ret = UserAuth::IDriverManager::Start(HDI_NAME_2_CONFIG);
165 if (ret != FACE_AUTH_SUCCESS) {
166 IAM_LOGE("start driver manager failed");
167 }
168 }
169 } // namespace FaceAuth
170 } // namespace UserIam
171 } // namespace OHOS
172