1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accesstoken_manager_service.h"
17
18 #include <algorithm>
19 #include <sys/types.h>
20 #include <unistd.h>
21
22 #include "access_token.h"
23 #include "accesstoken_dfx_define.h"
24 #include "accesstoken_id_manager.h"
25 #include "accesstoken_info_manager.h"
26 #include "accesstoken_log.h"
27 #include "constant_common.h"
28 #ifdef SUPPORT_SANDBOX_APP
29 #include "dlp_permission_set_parser.h"
30 #endif
31 #include "hap_token_info.h"
32 #include "hap_token_info_inner.h"
33 #include "hisysevent.h"
34 #ifdef HITRACE_NATIVE_ENABLE
35 #include "hitrace_meter.h"
36 #endif
37 #include "ipc_skeleton.h"
38 #include "native_token_info_inner.h"
39 #include "native_token_receptor.h"
40 #include "permission_list_state.h"
41 #include "permission_manager.h"
42 #include "privacy_kit.h"
43 #include "string_ex.h"
44 #include "system_ability_definition.h"
45
46 namespace OHOS {
47 namespace Security {
48 namespace AccessToken {
49 namespace {
50 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
51 LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "ATMServ"
52 };
53 constexpr int TWO_ARGS = 2;
54 }
55
56 const bool REGISTER_RESULT =
57 SystemAbility::MakeAndRegisterAbility(DelayedSingleton<AccessTokenManagerService>::GetInstance().get());
58
AccessTokenManagerService()59 AccessTokenManagerService::AccessTokenManagerService()
60 : SystemAbility(SA_ID_ACCESSTOKEN_MANAGER_SERVICE, true), state_(ServiceRunningState::STATE_NOT_START)
61 {
62 ACCESSTOKEN_LOG_INFO(LABEL, "AccessTokenManagerService()");
63 }
64
~AccessTokenManagerService()65 AccessTokenManagerService::~AccessTokenManagerService()
66 {
67 ACCESSTOKEN_LOG_INFO(LABEL, "~AccessTokenManagerService()");
68 }
69
OnStart()70 void AccessTokenManagerService::OnStart()
71 {
72 if (state_ == ServiceRunningState::STATE_RUNNING) {
73 ACCESSTOKEN_LOG_INFO(LABEL, "AccessTokenManagerService has already started!");
74 return;
75 }
76 ACCESSTOKEN_LOG_INFO(LABEL, "AccessTokenManagerService is starting");
77 if (!Initialize()) {
78 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to initialize");
79 return;
80 }
81 state_ = ServiceRunningState::STATE_RUNNING;
82 bool ret = Publish(DelayedSingleton<AccessTokenManagerService>::GetInstance().get());
83 if (!ret) {
84 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to publish service!");
85 return;
86 }
87 (void)AddSystemAbilityListener(SECURITY_COMPONENT_SERVICE_ID);
88 ACCESSTOKEN_LOG_INFO(LABEL, "Congratulations, AccessTokenManagerService start successfully!");
89 }
90
OnStop()91 void AccessTokenManagerService::OnStop()
92 {
93 ACCESSTOKEN_LOG_INFO(LABEL, "stop service");
94 state_ = ServiceRunningState::STATE_NOT_START;
95 }
96
OnRemoveSystemAbility(int32_t systemAbilityId,const std::string & deviceId)97 void AccessTokenManagerService::OnRemoveSystemAbility(int32_t systemAbilityId, const std::string& deviceId)
98 {
99 if (systemAbilityId == SECURITY_COMPONENT_SERVICE_ID) {
100 std::vector<AccessTokenID> tokenIdList;
101 AccessTokenIDManager::GetInstance().GetHapTokenIdList(tokenIdList);
102 PermissionManager::GetInstance().ClearAllSecCompGrantedPerm(tokenIdList);
103 return;
104 }
105 }
106
VerifyAccessToken(AccessTokenID tokenID,const std::string & permissionName)107 int AccessTokenManagerService::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName)
108 {
109 #ifdef HITRACE_NATIVE_ENABLE
110 StartTrace(HITRACE_TAG_ACCESS_CONTROL, "AccessTokenVerifyPermission");
111 #endif
112 int32_t res = PermissionManager::GetInstance().VerifyAccessToken(tokenID, permissionName);
113 ACCESSTOKEN_LOG_DEBUG(LABEL, "tokenID: %{public}d, permission: %{public}s, res %{public}d",
114 tokenID, permissionName.c_str(), res);
115 #ifdef HITRACE_NATIVE_ENABLE
116 FinishTrace(HITRACE_TAG_ACCESS_CONTROL);
117 #endif
118 return res;
119 }
120
GetDefPermission(const std::string & permissionName,PermissionDefParcel & permissionDefResult)121 int AccessTokenManagerService::GetDefPermission(
122 const std::string& permissionName, PermissionDefParcel& permissionDefResult)
123 {
124 ACCESSTOKEN_LOG_INFO(LABEL, "permission: %{public}s", permissionName.c_str());
125 return PermissionManager::GetInstance().GetDefPermission(permissionName, permissionDefResult.permissionDef);
126 }
127
GetDefPermissions(AccessTokenID tokenID,std::vector<PermissionDefParcel> & permList)128 int AccessTokenManagerService::GetDefPermissions(AccessTokenID tokenID, std::vector<PermissionDefParcel>& permList)
129 {
130 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x", tokenID);
131 std::vector<PermissionDef> permVec;
132 int ret = PermissionManager::GetInstance().GetDefPermissions(tokenID, permVec);
133 for (const auto& perm : permVec) {
134 PermissionDefParcel permParcel;
135 permParcel.permissionDef = perm;
136 permList.emplace_back(permParcel);
137 }
138 return ret;
139 }
140
GetReqPermissions(AccessTokenID tokenID,std::vector<PermissionStateFullParcel> & reqPermList,bool isSystemGrant)141 int AccessTokenManagerService::GetReqPermissions(
142 AccessTokenID tokenID, std::vector<PermissionStateFullParcel>& reqPermList, bool isSystemGrant)
143 {
144 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x, isSystemGrant: %{public}d", tokenID, isSystemGrant);
145
146 std::vector<PermissionStateFull> permList;
147 int ret = PermissionManager::GetInstance().GetReqPermissions(tokenID, permList, isSystemGrant);
148
149 for (const auto& perm : permList) {
150 PermissionStateFullParcel permParcel;
151 permParcel.permStatFull = perm;
152 reqPermList.emplace_back(permParcel);
153 }
154 return ret;
155 }
156
GetSelfPermissionsState(std::vector<PermissionListStateParcel> & reqPermList)157 PermissionOper AccessTokenManagerService::GetSelfPermissionsState(
158 std::vector<PermissionListStateParcel>& reqPermList)
159 {
160 AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID();
161
162 int32_t apiVersion = 0;
163 if (!PermissionManager::GetInstance().GetApiVersionByTokenId(callingTokenID, apiVersion)) {
164 ACCESSTOKEN_LOG_ERROR(LABEL, "get api version error");
165 return INVALID_OPER;
166 }
167 ACCESSTOKEN_LOG_INFO(LABEL, "callingTokenID: %{public}d, apiVersion: %{public}d", callingTokenID, apiVersion);
168
169 bool needRes = false;
170 std::vector<PermissionStateFull> permsList;
171 int retUserGrant = PermissionManager::GetInstance().GetReqPermissions(callingTokenID, permsList, false);
172 int retSysGrant = PermissionManager::GetInstance().GetReqPermissions(callingTokenID, permsList, true);
173 if ((retSysGrant != RET_SUCCESS) || (retUserGrant != RET_SUCCESS)) {
174 ACCESSTOKEN_LOG_ERROR(LABEL,
175 "GetReqPermissions failed, retUserGrant:%{public}d, retSysGrant:%{public}d",
176 retUserGrant, retSysGrant);
177 return INVALID_OPER;
178 }
179
180 uint32_t vagueIndex = ELEMENT_NOT_FOUND;
181 uint32_t accurateIndex = ELEMENT_NOT_FOUND;
182
183 if (apiVersion >= ACCURATE_LOCATION_API_VERSION) {
184 if (PermissionManager::GetInstance().GetLocationPermissionIndex(reqPermList, vagueIndex, accurateIndex)) {
185 needRes = PermissionManager::GetInstance().LocationPermissionSpecialHandle(reqPermList, apiVersion,
186 permsList, vagueIndex, accurateIndex); // api9 location permission handle here
187 }
188 }
189
190 uint32_t size = reqPermList.size();
191 for (uint32_t i = 0; i < size; i++) {
192 if (((reqPermList[i].permsState.permissionName == VAGUE_LOCATION_PERMISSION_NAME) ||
193 (reqPermList[i].permsState.permissionName == ACCURATE_LOCATION_PERMISSION_NAME)) &&
194 (apiVersion >= ACCURATE_LOCATION_API_VERSION)) {
195 continue; // api9 location permission special handle above
196 }
197
198 PermissionManager::GetInstance().GetSelfPermissionState(permsList, reqPermList[i].permsState, apiVersion);
199 if (static_cast<PermissionOper>(reqPermList[i].permsState.state) == DYNAMIC_OPER) {
200 needRes = true;
201 }
202 ACCESSTOKEN_LOG_INFO(LABEL, "perm: 0x%{public}s, state: 0x%{public}d",
203 reqPermList[i].permsState.permissionName.c_str(), reqPermList[i].permsState.state);
204 }
205 if (needRes) {
206 return DYNAMIC_OPER;
207 } else {
208 if ((vagueIndex == ELEMENT_NOT_FOUND) && (accurateIndex != ELEMENT_NOT_FOUND)) {
209 // only accurate location permission without other DYNAMIC_OPER state return INVALID_OPER
210 return INVALID_OPER;
211 }
212 }
213 return PASS_OPER;
214 }
215
GetPermissionFlag(AccessTokenID tokenID,const std::string & permissionName,int & flag)216 int AccessTokenManagerService::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, int& flag)
217 {
218 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x, permission: %{public}s",
219 tokenID, permissionName.c_str());
220 return PermissionManager::GetInstance().GetPermissionFlag(tokenID, permissionName, flag);
221 }
222
GrantPermission(AccessTokenID tokenID,const std::string & permissionName,int flag)223 int AccessTokenManagerService::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag)
224 {
225 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x, permission: %{public}s, flag: %{public}d",
226 tokenID, permissionName.c_str(), flag);
227 int32_t ret = PermissionManager::GetInstance().GrantPermission(tokenID, permissionName, flag);
228 AccessTokenInfoManager::GetInstance().RefreshTokenInfoIfNeeded();
229 return ret;
230 }
231
RevokePermission(AccessTokenID tokenID,const std::string & permissionName,int flag)232 int AccessTokenManagerService::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag)
233 {
234 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x, permission: %{public}s, flag: %{public}d",
235 tokenID, permissionName.c_str(), flag);
236 int32_t ret = PermissionManager::GetInstance().RevokePermission(tokenID, permissionName, flag);
237 AccessTokenInfoManager::GetInstance().RefreshTokenInfoIfNeeded();
238 return ret;
239 }
240
ClearUserGrantedPermissionState(AccessTokenID tokenID)241 int AccessTokenManagerService::ClearUserGrantedPermissionState(AccessTokenID tokenID)
242 {
243 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x", tokenID);
244 PermissionManager::GetInstance().ClearUserGrantedPermissionState(tokenID);
245 AccessTokenInfoManager::GetInstance().RefreshTokenInfoIfNeeded();
246 return RET_SUCCESS;
247 }
248
RegisterPermStateChangeCallback(const PermStateChangeScopeParcel & scope,const sptr<IRemoteObject> & callback)249 int32_t AccessTokenManagerService::RegisterPermStateChangeCallback(
250 const PermStateChangeScopeParcel& scope, const sptr<IRemoteObject>& callback)
251 {
252 ACCESSTOKEN_LOG_INFO(LABEL, "Entry");
253 return PermissionManager::GetInstance().AddPermStateChangeCallback(scope.scope, callback);
254 }
255
UnRegisterPermStateChangeCallback(const sptr<IRemoteObject> & callback)256 int32_t AccessTokenManagerService::UnRegisterPermStateChangeCallback(const sptr<IRemoteObject>& callback)
257 {
258 ACCESSTOKEN_LOG_INFO(LABEL, "Entry");
259 return PermissionManager::GetInstance().RemovePermStateChangeCallback(callback);
260 }
261
AllocHapToken(const HapInfoParcel & info,const HapPolicyParcel & policy)262 AccessTokenIDEx AccessTokenManagerService::AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy)
263 {
264 ACCESSTOKEN_LOG_INFO(LABEL, "called!");
265 AccessTokenIDEx tokenIdEx;
266 tokenIdEx.tokenIDEx = 0LL;
267
268 int ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(
269 info.hapInfoParameter, policy.hapPolicyParameter, tokenIdEx);
270 if (ret != RET_SUCCESS) {
271 ACCESSTOKEN_LOG_INFO(LABEL, "hap token info create failed");
272 }
273 return tokenIdEx;
274 }
275
DeleteToken(AccessTokenID tokenID)276 int AccessTokenManagerService::DeleteToken(AccessTokenID tokenID)
277 {
278 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x", tokenID);
279 PrivacyKit::RemovePermissionUsedRecords(tokenID, "");
280 // only support hap token deletion
281 return AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
282 }
283
GetTokenType(AccessTokenID tokenID)284 int AccessTokenManagerService::GetTokenType(AccessTokenID tokenID)
285 {
286 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x", tokenID);
287 return AccessTokenIDManager::GetInstance().GetTokenIdType(tokenID);
288 }
289
CheckNativeDCap(AccessTokenID tokenID,const std::string & dcap)290 int AccessTokenManagerService::CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap)
291 {
292 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x, dcap: %{public}s",
293 tokenID, dcap.c_str());
294 return AccessTokenInfoManager::GetInstance().CheckNativeDCap(tokenID, dcap);
295 }
296
GetHapTokenID(int32_t userID,const std::string & bundleName,int32_t instIndex)297 AccessTokenIDEx AccessTokenManagerService::GetHapTokenID(
298 int32_t userID, const std::string& bundleName, int32_t instIndex)
299 {
300 ACCESSTOKEN_LOG_INFO(LABEL, "userID: %{public}d, bundle: %{public}s, instIndex: %{public}d",
301 userID, bundleName.c_str(), instIndex);
302 return AccessTokenInfoManager::GetInstance().GetHapTokenID(userID, bundleName, instIndex);
303 }
304
AllocLocalTokenID(const std::string & remoteDeviceID,AccessTokenID remoteTokenID)305 AccessTokenID AccessTokenManagerService::AllocLocalTokenID(
306 const std::string& remoteDeviceID, AccessTokenID remoteTokenID)
307 {
308 ACCESSTOKEN_LOG_INFO(LABEL, "remoteDeviceID: %{public}s, remoteTokenID: %{public}d",
309 ConstantCommon::EncryptDevId(remoteDeviceID).c_str(), remoteTokenID);
310 return AccessTokenInfoManager::GetInstance().AllocLocalTokenID(remoteDeviceID, remoteTokenID);
311 }
312
UpdateHapToken(AccessTokenIDEx & tokenIdEx,bool isSystemApp,const std::string & appIDDesc,int32_t apiVersion,const HapPolicyParcel & policyParcel)313 int AccessTokenManagerService::UpdateHapToken(AccessTokenIDEx& tokenIdEx,
314 bool isSystemApp, const std::string& appIDDesc, int32_t apiVersion, const HapPolicyParcel& policyParcel)
315 {
316 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x", tokenIdEx.tokenIdExStruct.tokenID);
317
318 return AccessTokenInfoManager::GetInstance().UpdateHapToken(tokenIdEx, isSystemApp, appIDDesc, apiVersion,
319 policyParcel.hapPolicyParameter);
320 }
321
GetHapTokenInfo(AccessTokenID tokenID,HapTokenInfoParcel & infoParcel)322 int AccessTokenManagerService::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& infoParcel)
323 {
324 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x", tokenID);
325
326 return AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, infoParcel.hapTokenInfoParams);
327 }
328
GetNativeTokenInfo(AccessTokenID tokenID,NativeTokenInfoParcel & infoParcel)329 int AccessTokenManagerService::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& infoParcel)
330 {
331 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x", tokenID);
332
333 return AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenID, infoParcel.nativeTokenInfoParams);
334 }
335
336 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
ReloadNativeTokenInfo()337 int32_t AccessTokenManagerService::ReloadNativeTokenInfo()
338 {
339 return NativeTokenReceptor::GetInstance().Init();
340 }
341 #endif
342
GetNativeTokenId(const std::string & processName)343 AccessTokenID AccessTokenManagerService::GetNativeTokenId(const std::string& processName)
344 {
345 return AccessTokenInfoManager::GetInstance().GetNativeTokenId(processName);
346 }
347
348 #ifdef TOKEN_SYNC_ENABLE
GetHapTokenInfoFromRemote(AccessTokenID tokenID,HapTokenInfoForSyncParcel & hapSyncParcel)349 int AccessTokenManagerService::GetHapTokenInfoFromRemote(AccessTokenID tokenID,
350 HapTokenInfoForSyncParcel& hapSyncParcel)
351 {
352 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID: 0x%{public}x", tokenID);
353
354 return AccessTokenInfoManager::GetInstance().GetHapTokenInfoFromRemote(tokenID,
355 hapSyncParcel.hapTokenInfoForSyncParams);
356 }
357
GetAllNativeTokenInfo(std::vector<NativeTokenInfoForSyncParcel> & nativeTokenInfosRes)358 int AccessTokenManagerService::GetAllNativeTokenInfo(std::vector<NativeTokenInfoForSyncParcel>& nativeTokenInfosRes)
359 {
360 ACCESSTOKEN_LOG_INFO(LABEL, "called");
361
362 std::vector<NativeTokenInfoForSync> nativeVec;
363 AccessTokenInfoManager::GetInstance().GetAllNativeTokenInfo(nativeVec);
364 for (const auto& native : nativeVec) {
365 NativeTokenInfoForSyncParcel nativeParcel;
366 nativeParcel.nativeTokenInfoForSyncParams = native;
367 nativeTokenInfosRes.emplace_back(nativeParcel);
368 }
369
370 return RET_SUCCESS;
371 }
372
SetRemoteHapTokenInfo(const std::string & deviceID,HapTokenInfoForSyncParcel & hapSyncParcel)373 int AccessTokenManagerService::SetRemoteHapTokenInfo(const std::string& deviceID,
374 HapTokenInfoForSyncParcel& hapSyncParcel)
375 {
376 ACCESSTOKEN_LOG_INFO(LABEL, "deviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str());
377
378 return AccessTokenInfoManager::GetInstance().SetRemoteHapTokenInfo(deviceID,
379 hapSyncParcel.hapTokenInfoForSyncParams);
380 }
381
SetRemoteNativeTokenInfo(const std::string & deviceID,std::vector<NativeTokenInfoForSyncParcel> & nativeTokenInfoForSyncParcel)382 int AccessTokenManagerService::SetRemoteNativeTokenInfo(const std::string& deviceID,
383 std::vector<NativeTokenInfoForSyncParcel>& nativeTokenInfoForSyncParcel)
384 {
385 ACCESSTOKEN_LOG_INFO(LABEL, "deviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str());
386
387 std::vector<NativeTokenInfoForSync> nativeList;
388 std::transform(nativeTokenInfoForSyncParcel.begin(),
389 nativeTokenInfoForSyncParcel.end(), std::back_inserter(nativeList),
390 [](const auto& nativeParcel) { return nativeParcel.nativeTokenInfoForSyncParams; });
391
392 return AccessTokenInfoManager::GetInstance().SetRemoteNativeTokenInfo(deviceID, nativeList);
393 }
394
DeleteRemoteToken(const std::string & deviceID,AccessTokenID tokenID)395 int AccessTokenManagerService::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID)
396 {
397 ACCESSTOKEN_LOG_INFO(LABEL, "deviceID: %{public}s, token id %{public}d",
398 ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID);
399
400 return AccessTokenInfoManager::GetInstance().DeleteRemoteToken(deviceID, tokenID);
401 }
402
GetRemoteNativeTokenID(const std::string & deviceID,AccessTokenID tokenID)403 AccessTokenID AccessTokenManagerService::GetRemoteNativeTokenID(const std::string& deviceID,
404 AccessTokenID tokenID)
405 {
406 ACCESSTOKEN_LOG_INFO(LABEL, "deviceID: %{public}s, token id %{public}d",
407 ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID);
408
409 return AccessTokenInfoManager::GetInstance().GetRemoteNativeTokenID(deviceID, tokenID);
410 }
411
DeleteRemoteDeviceTokens(const std::string & deviceID)412 int AccessTokenManagerService::DeleteRemoteDeviceTokens(const std::string& deviceID)
413 {
414 ACCESSTOKEN_LOG_INFO(LABEL, "deviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str());
415
416 return AccessTokenInfoManager::GetInstance().DeleteRemoteDeviceTokens(deviceID);
417 }
418 #endif
419
DumpTokenInfo(AccessTokenID tokenID,std::string & dumpInfo)420 void AccessTokenManagerService::DumpTokenInfo(AccessTokenID tokenID, std::string& dumpInfo)
421 {
422 ACCESSTOKEN_LOG_INFO(LABEL, "called");
423
424 AccessTokenInfoManager::GetInstance().DumpTokenInfo(tokenID, dumpInfo);
425 }
426
Dump(int fd,const std::vector<std::u16string> & args)427 int AccessTokenManagerService::Dump(int fd, const std::vector<std::u16string>& args)
428 {
429 if (fd < 0) {
430 return ERR_INVALID_VALUE;
431 }
432
433 dprintf(fd, "AccessToken Dump:\n");
434 std::string arg0 = ((args.size() == 0)? "" : Str16ToStr8(args.at(0)));
435 if (arg0.compare("-h") == 0) {
436 dprintf(fd, "Usage:\n");
437 dprintf(fd, " -h: command help\n");
438 dprintf(fd, " -a: dump all tokens\n");
439 dprintf(fd, " -t <TOKEN_ID>: dump special token id\n");
440 } else if (arg0.compare("-t") == 0) {
441 if (args.size() < TWO_ARGS) {
442 return ERR_INVALID_VALUE;
443 }
444 long long tokenID = atoll(static_cast<const char *>(Str16ToStr8(args.at(1)).c_str()));
445 if (tokenID <= 0) {
446 return ERR_INVALID_VALUE;
447 }
448 std::string dumpStr;
449 DumpTokenInfo(static_cast<AccessTokenID>(tokenID), dumpStr);
450 dprintf(fd, "%s\n", dumpStr.c_str());
451 } else if (arg0.compare("-a") == 0 || arg0 == "") {
452 std::string dumpStr;
453 DumpTokenInfo(static_cast<AccessTokenID>(0), dumpStr);
454 dprintf(fd, "%s\n", dumpStr.c_str());
455 }
456 return ERR_OK;
457 }
458
Initialize() const459 bool AccessTokenManagerService::Initialize() const
460 {
461 AccessTokenInfoManager::GetInstance().Init();
462 NativeTokenReceptor::GetInstance().Init();
463 #ifdef SUPPORT_SANDBOX_APP
464 DlpPermissionSetParser::GetInstance().Init();
465 #endif
466 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK_EVENT",
467 HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "CODE", ACCESS_TOKEN_SERVICE_INIT_EVENT,
468 "PID_INFO", getpid());
469 return true;
470 }
471 } // namespace AccessToken
472 } // namespace Security
473 } // namespace OHOS
474