1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "account_iam_client.h"
17
18 #include "accesstoken_kit.h"
19 #include "account_error_no.h"
20 #include "account_iam_callback_service.h"
21 #include "account_log_wrapper.h"
22 #include "account_proxy.h"
23 #include "account_permission_manager.h"
24 #include "ipc_skeleton.h"
25 #include "iservice_registry.h"
26 #include "os_account_manager.h"
27 #include "pinauth_register.h"
28 #include "system_ability_definition.h"
29
30 namespace OHOS {
31 namespace AccountSA {
32 namespace {
33 const std::string PERMISSION_ACCESS_PIN_AUTH = "ohos.permission.ACCESS_PIN_AUTH";
34 const std::string PERMISSION_MANAGE_USER_IDM = "ohos.permission.MANAGE_USER_IDM";
35 const std::string PERMISSION_ACCESS_USER_AUTH_INTERNAL = "ohos.permission.ACCESS_USER_AUTH_INTERNAL";
36 }
37
GetInstance()38 AccountIAMClient &AccountIAMClient::GetInstance()
39 {
40 static AccountIAMClient *instance = new (std::nothrow) AccountIAMClient();
41 return *instance;
42 }
43
OpenSession(int32_t userId,std::vector<uint8_t> & challenge)44 int32_t AccountIAMClient::OpenSession(int32_t userId, std::vector<uint8_t> &challenge)
45 {
46 if (GetAccountIAMProxy() != ERR_OK) {
47 return ERR_ACCOUNT_COMMON_GET_PROXY;
48 }
49 return proxy_->OpenSession(userId, challenge);
50 }
51
CloseSession(int32_t userId)52 int32_t AccountIAMClient::CloseSession(int32_t userId)
53 {
54 if (GetAccountIAMProxy() != ERR_OK) {
55 return ERR_ACCOUNT_COMMON_GET_PROXY;
56 }
57 return proxy_->CloseSession(userId);
58 }
59
AddCredential(int32_t userId,const CredentialParameters & credInfo,const std::shared_ptr<IDMCallback> & callback)60 void AccountIAMClient::AddCredential(
61 int32_t userId, const CredentialParameters& credInfo, const std::shared_ptr<IDMCallback> &callback)
62 {
63 if (callback == nullptr) {
64 ACCOUNT_LOGE("callback is nullptr");
65 return;
66 }
67 Attributes emptyResult;
68 if (GetAccountIAMProxy() != ERR_OK) {
69 callback->OnResult(ERR_ACCOUNT_COMMON_GET_PROXY, emptyResult);
70 return;
71 }
72 if ((userId == 0) && (!GetCurrentUserId(userId))) {
73 ACCOUNT_LOGE("fail to add credential for invalid userId");
74 callback->OnResult(ERR_ACCOUNT_COMMON_INVALID_PARAMETER, emptyResult);
75 return;
76 }
77 if (credInfo.authType == AuthType::PIN) {
78 SetAuthSubType(userId, static_cast<int32_t>(credInfo.pinType.value_or(PinSubType::PIN_MAX)));
79 }
80 sptr<IIDMCallback> wrapper = new (std::nothrow) IDMCallbackService(userId, callback);
81 proxy_->AddCredential(userId, credInfo, wrapper);
82 }
83
UpdateCredential(int32_t userId,const CredentialParameters & credInfo,const std::shared_ptr<IDMCallback> & callback)84 void AccountIAMClient::UpdateCredential(
85 int32_t userId, const CredentialParameters& credInfo, const std::shared_ptr<IDMCallback> &callback)
86 {
87 if (callback == nullptr) {
88 ACCOUNT_LOGE("callback is nullptr");
89 return;
90 }
91 Attributes emptyResult;
92 if (GetAccountIAMProxy() != ERR_OK) {
93 callback->OnResult(ERR_ACCOUNT_COMMON_GET_PROXY, emptyResult);
94 return;
95 }
96 if ((userId == 0) && (!GetCurrentUserId(userId))) {
97 ACCOUNT_LOGE("fail to update credential for invalid userId");
98 callback->OnResult(ERR_ACCOUNT_COMMON_INVALID_PARAMETER, emptyResult);
99 return;
100 }
101 if (credInfo.authType == AuthType::PIN) {
102 SetAuthSubType(userId, static_cast<int32_t>(credInfo.pinType.value_or(PinSubType::PIN_MAX)));
103 }
104 sptr<IIDMCallback> wrapper = new (std::nothrow) IDMCallbackService(userId, callback);
105 proxy_->UpdateCredential(userId, credInfo, wrapper);
106 }
107
DelCred(int32_t userId,uint64_t credentialId,const std::vector<uint8_t> & authToken,const std::shared_ptr<IDMCallback> & callback)108 void AccountIAMClient::DelCred(int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &authToken,
109 const std::shared_ptr<IDMCallback>& callback)
110 {
111 if (callback == nullptr) {
112 ACCOUNT_LOGE("callback is nullptr");
113 return;
114 }
115 Attributes emptyResult;
116 if (GetAccountIAMProxy() != ERR_OK) {
117 callback->OnResult(ERR_ACCOUNT_COMMON_GET_PROXY, emptyResult);
118 return;
119 }
120 if ((userId == 0) && (!GetCurrentUserId(userId))) {
121 callback->OnResult(ERR_ACCOUNT_COMMON_INVALID_PARAMETER, emptyResult);
122 return;
123 }
124 sptr<IIDMCallback> wrapper = new (std::nothrow) IDMCallbackService(userId, callback);
125 proxy_->DelCred(userId, credentialId, authToken, wrapper);
126 }
127
DelUser(int32_t userId,const std::vector<uint8_t> & authToken,const std::shared_ptr<IDMCallback> & callback)128 void AccountIAMClient::DelUser(
129 int32_t userId, const std::vector<uint8_t> &authToken, const std::shared_ptr<IDMCallback> &callback)
130 {
131 if (callback == nullptr) {
132 ACCOUNT_LOGE("callback is nullptr");
133 return;
134 }
135 Attributes emptyResult;
136 if (GetAccountIAMProxy() != ERR_OK) {
137 callback->OnResult(ERR_ACCOUNT_COMMON_GET_PROXY, emptyResult);
138 return;
139 }
140 if ((userId == 0) && (!GetCurrentUserId(userId))) {
141 callback->OnResult(ERR_ACCOUNT_COMMON_INVALID_PARAMETER, emptyResult);
142 return;
143 }
144 sptr<IIDMCallback> wrapper = new (std::nothrow) IDMCallbackService(userId, callback);
145 proxy_->DelUser(userId, authToken, wrapper);
146 }
147
GetCredentialInfo(int32_t userId,AuthType authType,const std::shared_ptr<GetCredInfoCallback> & callback)148 int32_t AccountIAMClient::GetCredentialInfo(
149 int32_t userId, AuthType authType, const std::shared_ptr<GetCredInfoCallback> &callback)
150 {
151 if (GetAccountIAMProxy() != ERR_OK) {
152 return ERR_ACCOUNT_COMMON_GET_PROXY;
153 }
154 sptr<IGetCredInfoCallback> wrapper = new (std::nothrow) GetCredInfoCallbackService(callback);
155 ErrCode result = proxy_->GetCredentialInfo(userId, authType, wrapper);
156 if ((result != ERR_OK) && (callback != nullptr)) {
157 std::vector<CredentialInfo> infoList;
158 callback->OnCredentialInfo(result, infoList);
159 }
160 return result;
161 }
162
Cancel(int32_t userId)163 int32_t AccountIAMClient::Cancel(int32_t userId)
164 {
165 if (GetAccountIAMProxy() != ERR_OK) {
166 return ERR_ACCOUNT_COMMON_GET_PROXY;
167 }
168 return proxy_->Cancel(userId);
169 }
170
StartDomainAuth(int32_t userId,const std::shared_ptr<IDMCallback> & callback)171 uint64_t AccountIAMClient::StartDomainAuth(int32_t userId, const std::shared_ptr<IDMCallback> &callback)
172 {
173 std::lock_guard<std::mutex> lock(domainMutex_);
174 Attributes emptyResult;
175 if (domainInputer_ == nullptr) {
176 ACCOUNT_LOGE("the registered inputer is not found or invalid");
177 callback->OnResult(ERR_ACCOUNT_IAM_KIT_INPUTER_NOT_REGISTERED, emptyResult);
178 return 0;
179 }
180 auto credentialRecipient = std::make_shared<DomainCredentialRecipient>(userId, callback);
181 if (credentialRecipient == nullptr) {
182 ACCOUNT_LOGE("failed to create DomainCredentialRecipient");
183 callback->OnResult(ERR_ACCOUNT_COMMON_INSUFFICIENT_MEMORY_ERROR, emptyResult);
184 return 0;
185 }
186 domainInputer_->OnGetData(IAMAuthType::DOMAIN, credentialRecipient);
187 return 0;
188 }
189
Auth(const std::vector<uint8_t> & challenge,AuthType authType,AuthTrustLevel authTrustLevel,const std::shared_ptr<IDMCallback> & callback)190 uint64_t AccountIAMClient::Auth(const std::vector<uint8_t> &challenge, AuthType authType,
191 AuthTrustLevel authTrustLevel, const std::shared_ptr<IDMCallback> &callback)
192 {
193 return AuthUser(0, challenge, authType, authTrustLevel, callback);
194 }
195
AuthUser(int32_t userId,const std::vector<uint8_t> & challenge,AuthType authType,AuthTrustLevel authTrustLevel,const std::shared_ptr<IDMCallback> & callback)196 uint64_t AccountIAMClient::AuthUser(
197 int32_t userId, const std::vector<uint8_t> &challenge, AuthType authType,
198 AuthTrustLevel authTrustLevel, const std::shared_ptr<IDMCallback> &callback)
199 {
200 uint64_t contextId = 0;
201 if (callback == nullptr) {
202 ACCOUNT_LOGE("callback is nullptr");
203 return contextId;
204 }
205 if (GetAccountIAMProxy() != ERR_OK) {
206 return contextId;
207 }
208 if ((userId == 0) && (!GetCurrentUserId(userId))) {
209 return contextId;
210 }
211 if (static_cast<int32_t>(authType) == static_cast<int32_t>(IAMAuthType::DOMAIN)) {
212 return StartDomainAuth(userId, callback);
213 }
214 sptr<IIDMCallback> wrapper = new (std::nothrow) IDMCallbackService(userId, callback);
215 AuthParam authParam;
216 authParam.challenge = challenge;
217 authParam.authType = authType;
218 authParam.authTrustLevel = authTrustLevel;
219 ErrCode result = proxy_->AuthUser(userId, authParam, wrapper, contextId);
220 if (result != ERR_OK) {
221 Attributes emptyResult;
222 callback->OnResult(result, emptyResult);
223 }
224 return contextId;
225 }
226
CancelAuth(uint64_t contextId)227 int32_t AccountIAMClient::CancelAuth(uint64_t contextId)
228 {
229 if (GetAccountIAMProxy() != ERR_OK) {
230 return ERR_ACCOUNT_COMMON_GET_PROXY;
231 }
232 return proxy_->CancelAuth(contextId);
233 }
234
GetAvailableStatus(AuthType authType,AuthTrustLevel authTrustLevel,int32_t & status)235 int32_t AccountIAMClient::GetAvailableStatus(AuthType authType, AuthTrustLevel authTrustLevel, int32_t &status)
236 {
237 if (GetAccountIAMProxy() != ERR_OK) {
238 return ERR_ACCOUNT_COMMON_GET_PROXY;
239 }
240 if (authTrustLevel < UserIam::UserAuth::ATL1 || authTrustLevel > UserIam::UserAuth::ATL4) {
241 ACCOUNT_LOGE("authTrustLevel is not in correct range");
242 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
243 }
244 if (authType < UserIam::UserAuth::ALL) {
245 ACCOUNT_LOGE("authType is not in correct range");
246 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
247 }
248 return proxy_->GetAvailableStatus(authType, authTrustLevel, status);
249 }
250
GetProperty(int32_t userId,const GetPropertyRequest & request,const std::shared_ptr<GetSetPropCallback> & callback)251 void AccountIAMClient::GetProperty(
252 int32_t userId, const GetPropertyRequest &request, const std::shared_ptr<GetSetPropCallback> &callback)
253 {
254 if (callback == nullptr) {
255 ACCOUNT_LOGE("callback is nullptr");
256 return;
257 }
258 Attributes emptyResult;
259 if (GetAccountIAMProxy() != ERR_OK) {
260 callback->OnResult(ERR_ACCOUNT_COMMON_GET_PROXY, emptyResult);
261 return;
262 }
263 sptr<IGetSetPropCallback> wrapper = new (std::nothrow) GetSetPropCallbackService(callback);
264 proxy_->GetProperty(userId, request, wrapper);
265 }
266
SetProperty(int32_t userId,const SetPropertyRequest & request,const std::shared_ptr<GetSetPropCallback> & callback)267 void AccountIAMClient::SetProperty(
268 int32_t userId, const SetPropertyRequest &request, const std::shared_ptr<GetSetPropCallback> &callback)
269 {
270 if (callback == nullptr) {
271 ACCOUNT_LOGE("callback is nullptr");
272 return;
273 }
274 Attributes emptyResult;
275 if (GetAccountIAMProxy() != ERR_OK) {
276 callback->OnResult(ERR_ACCOUNT_COMMON_GET_PROXY, emptyResult);
277 return;
278 }
279 sptr<IGetSetPropCallback> wrapper = new (std::nothrow) GetSetPropCallbackService(callback);
280 proxy_->SetProperty(userId, request, wrapper);
281 }
282
RegisterPINInputer(const std::shared_ptr<IInputer> & inputer)283 ErrCode AccountIAMClient::RegisterPINInputer(const std::shared_ptr<IInputer> &inputer)
284 {
285 std::lock_guard<std::mutex> lock(pinMutex_);
286 ErrCode result = AccountPermissionManager::CheckSystemApp(false);
287 if (result != ERR_OK) {
288 ACCOUNT_LOGE("is not system application, result = %{public}u.", result);
289 return result;
290 }
291 if (pinInputer_ != nullptr) {
292 ACCOUNT_LOGE("inputer is already registered");
293 return ERR_ACCOUNT_IAM_KIT_INPUTER_ALREADY_REGISTERED;
294 }
295 int32_t userId = 0;
296 if (!GetCurrentUserId(userId)) {
297 return ERR_ACCOUNT_IAM_KIT_GET_USERID_FAIL;
298 }
299 auto iamInputer = std::make_shared<IAMInputer>(userId, inputer);
300 if (iamInputer == nullptr) {
301 ACCOUNT_LOGE("failed to create IAMInputer");
302 return ERR_ACCOUNT_COMMON_INSUFFICIENT_MEMORY_ERROR;
303 }
304 if (UserIam::PinAuth::PinAuthRegister::GetInstance().RegisterInputer(iamInputer)) {
305 pinInputer_ = inputer;
306 return ERR_OK;
307 }
308 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
309 }
310
CheckSelfPermission(const std::string & permissionName)311 bool AccountIAMClient::CheckSelfPermission(const std::string &permissionName)
312 {
313 Security::AccessToken::AccessTokenID tokenId = IPCSkeleton::GetSelfTokenID();
314 ErrCode result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenId, permissionName);
315 return result == Security::AccessToken::TypePermissionState::PERMISSION_GRANTED;
316 }
317
RegisterDomainInputer(const std::shared_ptr<IInputer> & inputer)318 ErrCode AccountIAMClient::RegisterDomainInputer(const std::shared_ptr<IInputer> &inputer)
319 {
320 std::lock_guard<std::mutex> lock(domainMutex_);
321 if (domainInputer_ != nullptr) {
322 ACCOUNT_LOGE("inputer is already registered");
323 return ERR_ACCOUNT_IAM_KIT_INPUTER_ALREADY_REGISTERED;
324 }
325 domainInputer_ = inputer;
326 return ERR_OK;
327 }
328
RegisterInputer(int32_t authType,const std::shared_ptr<IInputer> & inputer)329 ErrCode AccountIAMClient::RegisterInputer(int32_t authType, const std::shared_ptr<IInputer> &inputer)
330 {
331 ErrCode result = AccountPermissionManager::CheckSystemApp(false);
332 if (result != ERR_OK) {
333 ACCOUNT_LOGE("is not system application, result = %{public}u.", result);
334 return result;
335 }
336 if ((!CheckSelfPermission(PERMISSION_ACCESS_USER_AUTH_INTERNAL)) &&
337 (!CheckSelfPermission(PERMISSION_MANAGE_USER_IDM))) {
338 ACCOUNT_LOGE("failed to check permission");
339 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
340 }
341 if (inputer == nullptr) {
342 ACCOUNT_LOGE("inputer is nullptr");
343 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
344 }
345 switch (authType) {
346 case IAMAuthType::DOMAIN:
347 return RegisterDomainInputer(inputer);
348 default:
349 return ERR_ACCOUNT_IAM_UNSUPPORTED_AUTH_TYPE;
350 }
351 }
352
UnregisterInputer(int32_t authType)353 ErrCode AccountIAMClient::UnregisterInputer(int32_t authType)
354 {
355 ErrCode result = AccountPermissionManager::CheckSystemApp(false);
356 if (result != ERR_OK) {
357 ACCOUNT_LOGE("is not system application, result = %{public}u.", result);
358 return result;
359 }
360 if ((!CheckSelfPermission(PERMISSION_ACCESS_USER_AUTH_INTERNAL)) &&
361 (!CheckSelfPermission(PERMISSION_MANAGE_USER_IDM))) {
362 ACCOUNT_LOGE("failed to check permission");
363 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
364 }
365 switch (authType) {
366 case IAMAuthType::DOMAIN:
367 return UnregisterDomainInputer();
368 default:
369 return ERR_ACCOUNT_IAM_UNSUPPORTED_AUTH_TYPE;
370 }
371 return ERR_OK;
372 }
373
UnregisterPINInputer()374 ErrCode AccountIAMClient::UnregisterPINInputer()
375 {
376 ErrCode result = AccountPermissionManager::CheckSystemApp(false);
377 if (result != ERR_OK) {
378 ACCOUNT_LOGE("is not system application, result = %{public}u.", result);
379 return result;
380 }
381 if (!CheckSelfPermission(PERMISSION_ACCESS_PIN_AUTH)) {
382 ACCOUNT_LOGE("failed to check permission");
383 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
384 }
385 UserIam::PinAuth::PinAuthRegister::GetInstance().UnRegisterInputer();
386 std::lock_guard<std::mutex> lock(pinMutex_);
387 pinInputer_ = nullptr;
388 return ERR_OK;
389 }
390
UnregisterDomainInputer()391 ErrCode AccountIAMClient::UnregisterDomainInputer()
392 {
393 std::lock_guard<std::mutex> lock(domainMutex_);
394 domainInputer_ = nullptr;
395 return ERR_OK;
396 }
397
GetAccountState(int32_t userId)398 IAMState AccountIAMClient::GetAccountState(int32_t userId)
399 {
400 if (GetAccountIAMProxy() != ERR_OK) {
401 return IDLE;
402 }
403 return proxy_->GetAccountState(userId);
404 }
405
GetCredential(int32_t userId,CredentialItem & credItem)406 void AccountIAMClient::GetCredential(int32_t userId, CredentialItem &credItem)
407 {
408 std::lock_guard<std::mutex> lock(mutex_);
409 auto it = credentialMap_.find(userId);
410 if (it != credentialMap_.end()) {
411 credItem = it->second;
412 }
413 }
414
SetCredential(int32_t userId,const std::vector<uint8_t> & credential)415 void AccountIAMClient::SetCredential(int32_t userId, const std::vector<uint8_t> &credential)
416 {
417 std::lock_guard<std::mutex> lock(mutex_);
418 auto it = credentialMap_.find(userId);
419 if (it != credentialMap_.end()) {
420 it->second.oldCredential = it->second.credential;
421 it->second.credential = credential;
422 return;
423 }
424 credentialMap_[userId] = {
425 .credential = credential
426 };
427 }
428
ClearCredential(int32_t userId)429 void AccountIAMClient::ClearCredential(int32_t userId)
430 {
431 std::lock_guard<std::mutex> lock(mutex_);
432 credentialMap_.erase(userId);
433 }
434
SetAuthSubType(int32_t userId,int32_t authSubType)435 void AccountIAMClient::SetAuthSubType(int32_t userId, int32_t authSubType)
436 {
437 std::lock_guard<std::mutex> lock(mutex_);
438 auto it = credentialMap_.find(userId);
439 if (it != credentialMap_.end()) {
440 return;
441 }
442 credentialMap_[userId] = {
443 .type = authSubType
444 };
445 }
446
GetAuthSubType(int32_t userId)447 int32_t AccountIAMClient::GetAuthSubType(int32_t userId)
448 {
449 std::lock_guard<std::mutex> lock(mutex_);
450 auto it = credentialMap_.find(userId);
451 if (it != credentialMap_.end()) {
452 return it->second.type;
453 }
454 return 0;
455 }
456
GetCurrentUserId(int32_t & userId)457 bool AccountIAMClient::GetCurrentUserId(int32_t &userId)
458 {
459 std::vector<int32_t> userIds;
460 if ((OsAccountManager::QueryActiveOsAccountIds(userIds) != ERR_OK) || userIds.empty()) {
461 ACCOUNT_LOGE("fail to get activated os account ids");
462 return false;
463 }
464 userId = userIds[0];
465 return true;
466 }
467
ResetAccountIAMProxy(const wptr<IRemoteObject> & remote)468 void AccountIAMClient::ResetAccountIAMProxy(const wptr<IRemoteObject>& remote)
469 {
470 std::lock_guard<std::mutex> lock(mutex_);
471 if (proxy_ == nullptr) {
472 ACCOUNT_LOGE("proxy is nullptr");
473 return;
474 }
475 auto serviceRemote = proxy_->AsObject();
476 if ((serviceRemote != nullptr) && (serviceRemote == remote.promote())) {
477 serviceRemote->RemoveDeathRecipient(deathRecipient_);
478 proxy_ = nullptr;
479 }
480 }
481
OnRemoteDied(const wptr<IRemoteObject> & remote)482 void AccountIAMClient::AccountIAMDeathRecipient::OnRemoteDied(const wptr<IRemoteObject> &remote)
483 {
484 if (remote == nullptr) {
485 ACCOUNT_LOGE("remote is nullptr");
486 return;
487 }
488 AccountIAMClient::GetInstance().ResetAccountIAMProxy(remote);
489 }
490
GetAccountIAMProxy()491 ErrCode AccountIAMClient::GetAccountIAMProxy()
492 {
493 std::lock_guard<std::mutex> lock(mutex_);
494 if (proxy_ != nullptr) {
495 return ERR_OK;
496 }
497 sptr<ISystemAbilityManager> saMgr =
498 SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
499 if (saMgr == nullptr) {
500 ACCOUNT_LOGE("failed to get system ability manager");
501 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER;
502 }
503 sptr<IRemoteObject> remoteObject = saMgr->GetSystemAbility(SUBSYS_ACCOUNT_SYS_ABILITY_ID_BEGIN);
504 if (remoteObject == nullptr) {
505 ACCOUNT_LOGE("failed to get account system ability");
506 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY;
507 }
508 sptr<IAccount> accountProxy = iface_cast<AccountProxy>(remoteObject);
509 if (accountProxy == nullptr) {
510 ACCOUNT_LOGE("failed to cast account proxy");
511 return ERR_ACCOUNT_COMMON_GET_PROXY;
512 }
513 proxy_ = iface_cast<IAccountIAM>(accountProxy->GetAccountIAMService());
514 if ((proxy_ == nullptr) || (proxy_->AsObject() == nullptr)) {
515 ACCOUNT_LOGE("failed to cast account iam proxy");
516 return ERR_ACCOUNT_COMMON_GET_PROXY;
517 }
518 deathRecipient_ = new (std::nothrow) AccountIAMDeathRecipient();
519 if (deathRecipient_ == nullptr) {
520 ACCOUNT_LOGE("failed to create account iam death recipient");
521 proxy_ = nullptr;
522 return ERR_ACCOUNT_COMMON_CREATE_DEATH_RECIPIENT;
523 }
524 if (!proxy_->AsObject()->AddDeathRecipient(deathRecipient_)) {
525 ACCOUNT_LOGE("failed to add account iam death recipient");
526 proxy_ = nullptr;
527 return ERR_ACCOUNT_COMMON_ADD_DEATH_RECIPIENT;
528 }
529 return ERR_OK;
530 }
531 } // namespace AccountSA
532 } // namespace OHOS
533