1 /*
2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "app_account_manager_service.h"
17 #include "accesstoken_kit.h"
18 #include "account_log_wrapper.h"
19 #include "bundle_manager_adapter.h"
20 #include "hisysevent_adapter.h"
21 #include "inner_app_account_manager.h"
22 #include "ipc_skeleton.h"
23
24 namespace OHOS {
25 namespace AccountSA {
26 namespace {
27 constexpr int32_t UID_TRANSFORM_DIVISOR = 200000; // local account id = uid / UID_TRANSFORM_DIVISOR
28 const std::string DISTRIBUTED_DATASYNC = "ohos.permission.DISTRIBUTED_DATASYNC";
29 const std::string GET_ALL_APP_ACCOUNTS = "ohos.permission.GET_ALL_APP_ACCOUNTS";
30 }
31
AppAccountManagerService()32 AppAccountManagerService::AppAccountManagerService()
33 {
34 innerManager_ = std::make_shared<InnerAppAccountManager>();
35 #ifdef HAS_CES_PART
36 CommonEventCallback callback = {
37 std::bind(&AppAccountManagerService::OnPackageRemoved,
38 this, std::placeholders::_1, std::placeholders::_2, std::placeholders::_3),
39 std::bind(&AppAccountManagerService::OnUserRemoved, this, std::placeholders::_1),
40 };
41 observer_ = std::make_shared<AppAccountCommonEventObserver>(callback);
42 #endif // HAS_CES_PART
43 }
44
~AppAccountManagerService()45 AppAccountManagerService::~AppAccountManagerService()
46 {}
47
AddAccount(const std::string & name,const std::string & extraInfo)48 ErrCode AppAccountManagerService::AddAccount(const std::string &name, const std::string &extraInfo)
49 {
50 int32_t callingUid = -1;
51 std::string bundleName;
52 uint32_t appIndex;
53 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
54 if (ret != ERR_OK) {
55 return ret;
56 }
57 return innerManager_->AddAccount(name, extraInfo, callingUid, bundleName, appIndex);
58 }
59
AddAccountImplicitly(const std::string & owner,const std::string & authType,const AAFwk::Want & options,const sptr<IAppAccountAuthenticatorCallback> & callback)60 ErrCode AppAccountManagerService::AddAccountImplicitly(const std::string &owner, const std::string &authType,
61 const AAFwk::Want &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
62 {
63 AuthenticatorSessionRequest request;
64 request.callerPid = IPCSkeleton::GetCallingPid();
65 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
66 if (result != ERR_OK) {
67 return result;
68 }
69 request.owner = owner;
70 request.authType = authType;
71 request.options = options;
72 request.callerAbilityName = options.GetStringParam(Constants::KEY_CALLER_ABILITY_NAME);
73 request.callback = callback;
74 request.options.RemoveParam(Constants::KEY_CALLER_ABILITY_NAME);
75 request.options.SetParam(Constants::KEY_CALLER_PID, request.callerPid);
76 request.options.SetParam(Constants::KEY_CALLER_UID, request.callerUid);
77 return innerManager_->AddAccountImplicitly(request);
78 }
79
CreateAccount(const std::string & name,const CreateAccountOptions & options)80 ErrCode AppAccountManagerService::CreateAccount(const std::string &name, const CreateAccountOptions &options)
81 {
82 int32_t callingUid = -1;
83 std::string bundleName;
84 uint32_t appIndex;
85 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
86 if (ret != ERR_OK) {
87 return ret;
88 }
89 return innerManager_->CreateAccount(name, options, callingUid, bundleName, appIndex);
90 }
91
CreateAccountImplicitly(const std::string & owner,const CreateAccountImplicitlyOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback)92 ErrCode AppAccountManagerService::CreateAccountImplicitly(const std::string &owner,
93 const CreateAccountImplicitlyOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
94 {
95 AuthenticatorSessionRequest request;
96 request.callerPid = IPCSkeleton::GetCallingPid();
97 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
98 if (result != ERR_OK) {
99 return result;
100 }
101 request.owner = owner;
102 request.callerAbilityName = options.parameters.GetStringParam(Constants::KEY_CALLER_ABILITY_NAME);
103 request.callback = callback;
104 request.createOptions = options;
105 request.createOptions.parameters.RemoveParam(Constants::KEY_CALLER_ABILITY_NAME);
106 request.createOptions.parameters.SetParam(Constants::KEY_CALLER_BUNDLE_NAME, request.callerBundleName);
107 return innerManager_->CreateAccountImplicitly(request);
108 }
109
DeleteAccount(const std::string & name)110 ErrCode AppAccountManagerService::DeleteAccount(const std::string &name)
111 {
112 int32_t callingUid = -1;
113 std::string bundleName;
114 uint32_t appIndex;
115 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
116 if (ret != ERR_OK) {
117 return ret;
118 }
119 return innerManager_->DeleteAccount(name, callingUid, bundleName, appIndex);
120 }
121
GetAccountExtraInfo(const std::string & name,std::string & extraInfo)122 ErrCode AppAccountManagerService::GetAccountExtraInfo(const std::string &name, std::string &extraInfo)
123 {
124 int32_t callingUid = -1;
125 std::string bundleName;
126 uint32_t appIndex;
127 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
128 if (ret != ERR_OK) {
129 return ret;
130 }
131 return innerManager_->GetAccountExtraInfo(name, extraInfo, callingUid, bundleName, appIndex);
132 }
133
SetAccountExtraInfo(const std::string & name,const std::string & extraInfo)134 ErrCode AppAccountManagerService::SetAccountExtraInfo(const std::string &name, const std::string &extraInfo)
135 {
136 int32_t callingUid = -1;
137 std::string bundleName;
138 uint32_t appIndex;
139 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
140 if (ret != ERR_OK) {
141 return ret;
142 }
143 return innerManager_->SetAccountExtraInfo(name, extraInfo, callingUid, bundleName, appIndex);
144 }
145
EnableAppAccess(const std::string & name,const std::string & authorizedApp)146 ErrCode AppAccountManagerService::EnableAppAccess(
147 const std::string &name, const std::string &authorizedApp)
148 {
149 AppAccountCallingInfo appAccountCallingInfo;
150 ErrCode result = GetCallingInfo(
151 appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName, appAccountCallingInfo.appIndex);
152 if (result != ERR_OK) {
153 return result;
154 }
155 AppExecFwk::BundleInfo bundleInfo;
156 int32_t userId = appAccountCallingInfo.callingUid / UID_TRANSFORM_DIVISOR;
157 bool bundleRet = BundleManagerAdapter::GetInstance()->GetBundleInfo(
158 authorizedApp, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
159 if (!bundleRet) {
160 ACCOUNT_LOGE("failed to get bundle info");
161 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
162 }
163 if (authorizedApp == appAccountCallingInfo.bundleName) {
164 ACCOUNT_LOGE("authorizedApp is the same to owner");
165 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
166 }
167
168 return innerManager_->EnableAppAccess(name, authorizedApp, appAccountCallingInfo);
169 }
170
DisableAppAccess(const std::string & name,const std::string & authorizedApp)171 ErrCode AppAccountManagerService::DisableAppAccess(
172 const std::string &name, const std::string &authorizedApp)
173 {
174 AppAccountCallingInfo appAccountCallingInfo;
175 ErrCode ret = GetCallingInfo(
176 appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName, appAccountCallingInfo.appIndex);
177 if (ret != ERR_OK) {
178 return ret;
179 }
180 AppExecFwk::BundleInfo bundleInfo;
181
182 int32_t userId = appAccountCallingInfo.callingUid / UID_TRANSFORM_DIVISOR;
183 bool bundleRet = BundleManagerAdapter::GetInstance()->GetBundleInfo(
184 authorizedApp, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
185 if (!bundleRet) {
186 ACCOUNT_LOGE("failed to get bundle info");
187 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
188 }
189
190 if (authorizedApp == appAccountCallingInfo.bundleName) {
191 ACCOUNT_LOGE("authorizedApp is the same to owner");
192 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
193 }
194
195 return innerManager_->DisableAppAccess(name, authorizedApp, appAccountCallingInfo);
196 }
197
SetAppAccess(const std::string & name,const std::string & authorizedApp,bool isAccessible)198 ErrCode AppAccountManagerService::SetAppAccess(
199 const std::string &name, const std::string &authorizedApp, bool isAccessible)
200 {
201 AppAccountCallingInfo appAccountCallingInfo;
202 ErrCode ret = GetCallingInfo(
203 appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName, appAccountCallingInfo.appIndex);
204 if (ret != ERR_OK) {
205 return ret;
206 }
207
208 if (authorizedApp == appAccountCallingInfo.bundleName) {
209 if (isAccessible) {
210 ACCOUNT_LOGI("authorizedApp name is the self, invalid operate.");
211 return ERR_OK;
212 } else {
213 ACCOUNT_LOGE("authorizedApp is the same to owner");
214 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
215 }
216 }
217
218 if (isAccessible) {
219 AppExecFwk::BundleInfo bundleInfo;
220 int32_t userId = appAccountCallingInfo.callingUid / UID_TRANSFORM_DIVISOR;
221 bool bundleRet = BundleManagerAdapter::GetInstance()->GetBundleInfo(
222 authorizedApp, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
223 if (!bundleRet) {
224 ACCOUNT_LOGE("failed to get bundle info");
225 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
226 }
227 return innerManager_->EnableAppAccess(name, authorizedApp, appAccountCallingInfo, Constants::API_VERSION9);
228 }
229
230 return innerManager_->DisableAppAccess(name, authorizedApp, appAccountCallingInfo, Constants::API_VERSION9);
231 }
232
CheckAppAccountSyncEnable(const std::string & name,bool & syncEnable)233 ErrCode AppAccountManagerService::CheckAppAccountSyncEnable(const std::string &name, bool &syncEnable)
234 {
235 int32_t callingUid = -1;
236 std::string bundleName;
237 uint32_t appIndex;
238 ErrCode ret = GetBundleNameAndCheckPerm(callingUid, bundleName, DISTRIBUTED_DATASYNC);
239 if (ret != ERR_OK) {
240 return ret;
241 }
242 ret = GetCallingTokenInfoAndAppIndex(appIndex);
243 if (ret != ERR_OK) {
244 ACCOUNT_LOGE("failed to get app index");
245 return ret;
246 }
247
248 return innerManager_->CheckAppAccountSyncEnable(name, syncEnable, callingUid, bundleName, appIndex);
249 }
250
SetAppAccountSyncEnable(const std::string & name,const bool & syncEnable)251 ErrCode AppAccountManagerService::SetAppAccountSyncEnable(const std::string &name, const bool &syncEnable)
252 {
253 int32_t callingUid = -1;
254 std::string bundleName;
255 uint32_t appIndex;
256 ErrCode ret = GetBundleNameAndCheckPerm(callingUid, bundleName, DISTRIBUTED_DATASYNC);
257 if (ret != ERR_OK) {
258 return ret;
259 }
260 ret = GetCallingTokenInfoAndAppIndex(appIndex);
261 if (ret != ERR_OK) {
262 ACCOUNT_LOGE("failed to get app index");
263 return ret;
264 }
265
266 return innerManager_->SetAppAccountSyncEnable(name, syncEnable, callingUid, bundleName, appIndex);
267 }
268
GetAssociatedData(const std::string & name,const std::string & key,std::string & value)269 ErrCode AppAccountManagerService::GetAssociatedData(
270 const std::string &name, const std::string &key, std::string &value)
271 {
272 int32_t callingUid = IPCSkeleton::GetCallingUid();
273 return innerManager_->GetAssociatedData(name, key, value, callingUid);
274 }
275
SetAssociatedData(const std::string & name,const std::string & key,const std::string & value)276 ErrCode AppAccountManagerService::SetAssociatedData(
277 const std::string &name, const std::string &key, const std::string &value)
278 {
279 AppAccountCallingInfo appAccountCallingInfo;
280 ErrCode ret = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
281 appAccountCallingInfo.appIndex);
282 if (ret != ERR_OK) {
283 return ret;
284 }
285 return innerManager_->SetAssociatedData(name, key, value, appAccountCallingInfo);
286 }
287
GetAccountCredential(const std::string & name,const std::string & credentialType,std::string & credential)288 ErrCode AppAccountManagerService::GetAccountCredential(
289 const std::string &name, const std::string &credentialType, std::string &credential)
290 {
291 AppAccountCallingInfo appAccountCallingInfo;
292 ErrCode ret = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
293 appAccountCallingInfo.appIndex);
294 if (ret != ERR_OK) {
295 return ret;
296 }
297 return innerManager_->GetAccountCredential(name, credentialType, credential, appAccountCallingInfo);
298 }
299
SetAccountCredential(const std::string & name,const std::string & credentialType,const std::string & credential)300 ErrCode AppAccountManagerService::SetAccountCredential(
301 const std::string &name, const std::string &credentialType, const std::string &credential)
302 {
303 AppAccountCallingInfo appAccountCallingInfo;
304 ErrCode ret = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
305 appAccountCallingInfo.appIndex);
306 if (ret != ERR_OK) {
307 return ret;
308 }
309 return innerManager_->SetAccountCredential(name, credentialType, credential, appAccountCallingInfo);
310 }
311
Authenticate(const std::string & name,const std::string & owner,const std::string & authType,const AAFwk::Want & options,const sptr<IAppAccountAuthenticatorCallback> & callback)312 ErrCode AppAccountManagerService::Authenticate(const std::string &name, const std::string &owner,
313 const std::string &authType, const AAFwk::Want &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
314 {
315 AuthenticatorSessionRequest request;
316 request.callerPid = IPCSkeleton::GetCallingPid();
317 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
318 if (result != ERR_OK) {
319 return result;
320 }
321 request.name = name;
322 request.owner = owner;
323 request.authType = authType;
324 request.options = options;
325 request.callerAbilityName = options.GetStringParam(Constants::KEY_CALLER_ABILITY_NAME);
326 request.callback = callback;
327 request.options.RemoveParam(Constants::KEY_CALLER_ABILITY_NAME);
328 request.options.SetParam(Constants::KEY_CALLER_BUNDLE_NAME, request.callerBundleName);
329 request.options.SetParam(Constants::KEY_CALLER_UID, request.callerUid);
330 return innerManager_->Authenticate(request);
331 }
332
GetOAuthToken(const std::string & name,const std::string & owner,const std::string & authType,std::string & token)333 ErrCode AppAccountManagerService::GetOAuthToken(
334 const std::string &name, const std::string &owner, const std::string &authType, std::string &token)
335 {
336 AuthenticatorSessionRequest request;
337 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
338 if (result != ERR_OK) {
339 return result;
340 }
341 request.name = name;
342 request.owner = owner;
343 request.authType = authType;
344 return innerManager_->GetOAuthToken(request, token);
345 }
346
GetAuthToken(const std::string & name,const std::string & owner,const std::string & authType,std::string & token)347 ErrCode AppAccountManagerService::GetAuthToken(
348 const std::string &name, const std::string &owner, const std::string &authType, std::string &token)
349 {
350 AuthenticatorSessionRequest request;
351 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
352 if (result != ERR_OK) {
353 return result;
354 }
355 request.name = name;
356 request.owner = owner;
357 request.authType = authType;
358 return innerManager_->GetOAuthToken(request, token, Constants::API_VERSION9);
359 }
360
SetOAuthToken(const std::string & name,const std::string & authType,const std::string & token)361 ErrCode AppAccountManagerService::SetOAuthToken(
362 const std::string &name, const std::string &authType, const std::string &token)
363 {
364 AuthenticatorSessionRequest request;
365 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
366 if (result != ERR_OK) {
367 return result;
368 }
369 request.name = name;
370 request.owner = request.callerBundleName;
371 request.authType = authType;
372 request.token = token;
373 return innerManager_->SetOAuthToken(request);
374 }
375
DeleteOAuthToken(const std::string & name,const std::string & owner,const std::string & authType,const std::string & token)376 ErrCode AppAccountManagerService::DeleteOAuthToken(
377 const std::string &name, const std::string &owner, const std::string &authType, const std::string &token)
378 {
379 AuthenticatorSessionRequest request;
380 ErrCode ret = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
381 if (ret != ERR_OK) {
382 return ret;
383 }
384 request.name = name;
385 request.owner = owner;
386 request.authType = authType;
387 request.token = token;
388 return innerManager_->DeleteOAuthToken(request);
389 }
390
DeleteAuthToken(const std::string & name,const std::string & owner,const std::string & authType,const std::string & token)391 ErrCode AppAccountManagerService::DeleteAuthToken(
392 const std::string &name, const std::string &owner, const std::string &authType, const std::string &token)
393 {
394 AuthenticatorSessionRequest request;
395 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
396 if (result != ERR_OK) {
397 return result;
398 }
399 request.name = name;
400 request.owner = owner;
401 request.authType = authType;
402 request.token = token;
403 return innerManager_->DeleteOAuthToken(request, Constants::API_VERSION9);
404 }
405
GetTokenVisibilityParam(const std::string & name,const std::string & authType,const std::string & bundleName,AuthenticatorSessionRequest & request)406 ErrCode AppAccountManagerService::GetTokenVisibilityParam(const std::string &name,
407 const std::string &authType, const std::string &bundleName, AuthenticatorSessionRequest &request)
408 {
409 ErrCode ret = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
410 if (ret != ERR_OK) {
411 return ret;
412 }
413 request.name = name;
414 request.owner = request.callerBundleName;
415 request.authType = authType;
416 request.bundleName = bundleName;
417 return ret;
418 }
419
SetOAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool isVisible)420 ErrCode AppAccountManagerService::SetOAuthTokenVisibility(
421 const std::string &name, const std::string &authType, const std::string &bundleName, bool isVisible)
422 {
423 AuthenticatorSessionRequest request;
424 ErrCode ret = GetTokenVisibilityParam(name, authType, bundleName, request);
425 if (ret != ERR_OK) {
426 return ret;
427 }
428 request.isTokenVisible = isVisible;
429 return innerManager_->SetOAuthTokenVisibility(request);
430 }
431
SetAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool isVisible)432 ErrCode AppAccountManagerService::SetAuthTokenVisibility(
433 const std::string &name, const std::string &authType, const std::string &bundleName, bool isVisible)
434 {
435 AuthenticatorSessionRequest request;
436 ErrCode result = GetTokenVisibilityParam(name, authType, bundleName, request);
437 if (result != ERR_OK) {
438 return result;
439 }
440 if (request.bundleName == request.owner) {
441 if (isVisible) {
442 ACCOUNT_LOGI("authorizedApp name is the self, invalid operate.");
443 return ERR_OK;
444 } else {
445 ACCOUNT_LOGE("authorizedApp is the same to owner.");
446 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
447 }
448 }
449 if (isVisible) {
450 AppExecFwk::BundleInfo bundleInfo;
451 int32_t userId = request.callerUid / UID_TRANSFORM_DIVISOR;
452 bool ret = BundleManagerAdapter::GetInstance()->GetBundleInfo(
453 bundleName, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
454 if (!ret) {
455 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
456 }
457 }
458 request.isTokenVisible = isVisible;
459 return innerManager_->SetOAuthTokenVisibility(request, Constants::API_VERSION9);
460 }
461
CheckOAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool & isVisible)462 ErrCode AppAccountManagerService::CheckOAuthTokenVisibility(
463 const std::string &name, const std::string &authType, const std::string &bundleName, bool &isVisible)
464 {
465 AuthenticatorSessionRequest request;
466 ErrCode ret = GetTokenVisibilityParam(name, authType, bundleName, request);
467 if (ret != ERR_OK) {
468 return ret;
469 }
470 return innerManager_->CheckOAuthTokenVisibility(request, isVisible);
471 }
472
CheckAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool & isVisible)473 ErrCode AppAccountManagerService::CheckAuthTokenVisibility(
474 const std::string &name, const std::string &authType, const std::string &bundleName, bool &isVisible)
475 {
476 AuthenticatorSessionRequest request;
477 ErrCode ret = GetTokenVisibilityParam(name, authType, bundleName, request);
478 if (ret != ERR_OK) {
479 return ret;
480 }
481 return innerManager_->CheckOAuthTokenVisibility(request, isVisible, Constants::API_VERSION9);
482 }
483
GetAuthenticatorInfo(const std::string & owner,AuthenticatorInfo & info)484 ErrCode AppAccountManagerService::GetAuthenticatorInfo(const std::string &owner, AuthenticatorInfo &info)
485 {
486 AuthenticatorSessionRequest request;
487 request.callerUid = IPCSkeleton::GetCallingUid();
488 ErrCode result = GetCallingTokenInfoAndAppIndex(request.appIndex);
489 if (result != ERR_OK) {
490 ACCOUNT_LOGE("failed to get app index");
491 return result;
492 }
493 request.owner = owner;
494 return innerManager_->GetAuthenticatorInfo(request, info);
495 }
496
GetAllOAuthTokens(const std::string & name,const std::string & owner,std::vector<OAuthTokenInfo> & tokenInfos)497 ErrCode AppAccountManagerService::GetAllOAuthTokens(
498 const std::string &name, const std::string &owner, std::vector<OAuthTokenInfo> &tokenInfos)
499 {
500 AuthenticatorSessionRequest request;
501 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
502 if (result != ERR_OK) {
503 return result;
504 }
505 request.name = name;
506 request.owner = owner;
507 return innerManager_->GetAllOAuthTokens(request, tokenInfos);
508 }
509
GetOAuthList(const std::string & name,const std::string & authType,std::set<std::string> & oauthList)510 ErrCode AppAccountManagerService::GetOAuthList(
511 const std::string &name, const std::string &authType, std::set<std::string> &oauthList)
512 {
513 AuthenticatorSessionRequest request;
514 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
515 if (result != ERR_OK) {
516 return result;
517 }
518 request.name = name;
519 request.authType = authType;
520 return innerManager_->GetOAuthList(request, oauthList);
521 }
522
GetAuthList(const std::string & name,const std::string & authType,std::set<std::string> & oauthList)523 ErrCode AppAccountManagerService::GetAuthList(
524 const std::string &name, const std::string &authType, std::set<std::string> &oauthList)
525 {
526 AuthenticatorSessionRequest request;
527 ErrCode ret = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
528 if (ret != ERR_OK) {
529 return ret;
530 }
531 request.name = name;
532 request.authType = authType;
533 return innerManager_->GetOAuthList(request, oauthList, Constants::API_VERSION9);
534 }
535
GetAuthenticatorCallback(const std::string & sessionId,sptr<IRemoteObject> & callback)536 ErrCode AppAccountManagerService::GetAuthenticatorCallback(
537 const std::string &sessionId, sptr<IRemoteObject> &callback)
538 {
539 AuthenticatorSessionRequest request;
540 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
541 if (result != ERR_OK) {
542 return result;
543 }
544 request.sessionId = sessionId;
545 result = innerManager_->GetAuthenticatorCallback(request, callback);
546 return result;
547 }
548
GetAllAccounts(const std::string & owner,std::vector<AppAccountInfo> & appAccounts)549 ErrCode AppAccountManagerService::GetAllAccounts(const std::string &owner, std::vector<AppAccountInfo> &appAccounts)
550 {
551 int32_t callingUid = -1;
552 std::string bundleName;
553 uint32_t appIndex;
554 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
555 if (ret != ERR_OK) {
556 return ret;
557 }
558 if ((owner != bundleName) &&
559 (AccountPermissionManager::VerifyPermission(GET_ALL_APP_ACCOUNTS) != ERR_OK)) {
560 ACCOUNT_LOGE("failed to verify permission for %{public}s", GET_ALL_APP_ACCOUNTS.c_str());
561 ReportPermissionFail(callingUid, IPCSkeleton::GetCallingPid(), GET_ALL_APP_ACCOUNTS);
562 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
563 }
564
565 AppExecFwk::BundleInfo bundleInfo;
566 int32_t userId = callingUid / UID_TRANSFORM_DIVISOR;
567 bool result = BundleManagerAdapter::GetInstance()->GetBundleInfo(
568 owner, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
569 if (!result) {
570 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
571 }
572
573 return innerManager_->GetAllAccounts(owner, appAccounts, callingUid, bundleName, appIndex);
574 }
575
GetAllAccessibleAccounts(std::vector<AppAccountInfo> & appAccounts)576 ErrCode AppAccountManagerService::GetAllAccessibleAccounts(std::vector<AppAccountInfo> &appAccounts)
577 {
578 int32_t callingUid = -1;
579 std::string bundleName;
580 uint32_t appIndex;
581 ErrCode ret = GetBundleNameAndCheckPerm(callingUid, bundleName, GET_ALL_APP_ACCOUNTS);
582 if (ret != ERR_OK) {
583 return ret;
584 }
585 ret = GetCallingTokenInfoAndAppIndex(appIndex);
586 if (ret != ERR_OK) {
587 ACCOUNT_LOGE("failed to get app index");
588 return ret;
589 }
590 return innerManager_->GetAllAccessibleAccounts(appAccounts, callingUid, bundleName, appIndex);
591 }
592
QueryAllAccessibleAccounts(const std::string & owner,std::vector<AppAccountInfo> & appAccounts)593 ErrCode AppAccountManagerService::QueryAllAccessibleAccounts(
594 const std::string &owner, std::vector<AppAccountInfo> &appAccounts)
595 {
596 int32_t callingUid = -1;
597 std::string bundleName;
598 uint32_t appIndex;
599 ErrCode result = GetCallingInfo(callingUid, bundleName, appIndex);
600 if (result != ERR_OK) {
601 return result;
602 }
603 if (owner.empty()) {
604 return innerManager_->GetAllAccessibleAccounts(appAccounts, callingUid, bundleName, appIndex);
605 }
606 AppExecFwk::BundleInfo bundleInfo;
607 int32_t userId = callingUid / UID_TRANSFORM_DIVISOR;
608 bool ret = BundleManagerAdapter::GetInstance()->GetBundleInfo(
609 owner, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
610 if (!ret) {
611 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
612 }
613 return innerManager_->GetAllAccounts(owner, appAccounts, callingUid, bundleName, appIndex);
614 }
615
CheckAppAccess(const std::string & name,const std::string & authorizedApp,bool & isAccessible)616 ErrCode AppAccountManagerService::CheckAppAccess(
617 const std::string &name, const std::string &authorizedApp, bool &isAccessible)
618 {
619 AppAccountCallingInfo appAccountCallingInfo;
620 ErrCode result = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
621 appAccountCallingInfo.appIndex);
622 if (result != ERR_OK) {
623 return result;
624 }
625 if (authorizedApp == appAccountCallingInfo.bundleName) {
626 isAccessible = true;
627 return ERR_OK;
628 }
629 return innerManager_->CheckAppAccess(name, authorizedApp, isAccessible, appAccountCallingInfo);
630 }
631
DeleteAccountCredential(const std::string & name,const std::string & credentialType)632 ErrCode AppAccountManagerService::DeleteAccountCredential(
633 const std::string &name, const std::string &credentialType)
634 {
635 int32_t callingUid = -1;
636 std::string bundleName;
637 uint32_t appIndex;
638 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
639 if (ret != ERR_OK) {
640 return ret;
641 }
642 return innerManager_->DeleteAccountCredential(name, credentialType, callingUid, bundleName, appIndex);
643 }
644
SelectAccountsByOptions(const SelectAccountsOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback)645 ErrCode AppAccountManagerService::SelectAccountsByOptions(
646 const SelectAccountsOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
647 {
648 int32_t callingUid = -1;
649 std::string bundleName;
650 uint32_t appIndex;
651 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
652 if (ret != ERR_OK) {
653 return ret;
654 }
655 return innerManager_->SelectAccountsByOptions(options, callback, callingUid, bundleName, appIndex);
656 }
657
VerifyCredential(const std::string & name,const std::string & owner,const VerifyCredentialOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback)658 ErrCode AppAccountManagerService::VerifyCredential(const std::string &name, const std::string &owner,
659 const VerifyCredentialOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
660 {
661 AuthenticatorSessionRequest request;
662 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
663 if (result != ERR_OK) {
664 return result;
665 }
666 request.name = name;
667 request.owner = owner;
668 request.verifyCredOptions = options;
669 request.callback = callback;
670 return innerManager_->VerifyCredential(request);
671 }
672
CheckAccountLabels(const std::string & name,const std::string & owner,const std::vector<std::string> & labels,const sptr<IAppAccountAuthenticatorCallback> & callback)673 ErrCode AppAccountManagerService::CheckAccountLabels(const std::string &name, const std::string &owner,
674 const std::vector<std::string> &labels, const sptr<IAppAccountAuthenticatorCallback> &callback)
675 {
676 AuthenticatorSessionRequest request;
677 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
678 if (result != ERR_OK) {
679 return result;
680 }
681 request.labels = labels;
682 request.callback = callback;
683 request.name = name;
684 request.owner = owner;
685 return innerManager_->CheckAccountLabels(request);
686 }
687
SetAuthenticatorProperties(const std::string & owner,const SetPropertiesOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback)688 ErrCode AppAccountManagerService::SetAuthenticatorProperties(const std::string &owner,
689 const SetPropertiesOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
690 {
691 AuthenticatorSessionRequest request;
692 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
693 if (result != ERR_OK) {
694 return result;
695 }
696 request.owner = owner;
697 request.setPropOptions = options;
698 request.callback = callback;
699 return innerManager_->SetAuthenticatorProperties(request);
700 }
701
QueryAbilityInfo(const std::string & bundleName,const std::string & abilityName,int32_t userId,AppExecFwk::ExtensionAbilityInfo & extensionInfo)702 static bool QueryAbilityInfo(const std::string &bundleName, const std::string &abilityName, int32_t userId,
703 AppExecFwk::ExtensionAbilityInfo &extensionInfo)
704 {
705 if (abilityName.size() != 0) {
706 AAFwk::Want want;
707 AppExecFwk::ElementName element;
708 element.SetBundleName(bundleName);
709 element.SetAbilityName(abilityName);
710 want.SetElement(element);
711 std::vector<AppExecFwk::ExtensionAbilityInfo> extensionInfos;
712 bool result = BundleManagerAdapter::GetInstance()->QueryExtensionAbilityInfos(want,
713 AppExecFwk::ExtensionAbilityType::APP_ACCOUNT_AUTHORIZATION,
714 AppExecFwk::ExtensionAbilityInfoFlag::GET_EXTENSION_INFO_DEFAULT, userId, extensionInfos);
715 if ((!result) || (extensionInfos.size() == 0)) {
716 ACCOUNT_LOGE("failed to query ability info");
717 return false;
718 }
719 extensionInfo = extensionInfos[0];
720 return true;
721 }
722 AppExecFwk::BundleInfo bundleInfo;
723 bool bundleRet = BundleManagerAdapter::GetInstance()->GetBundleInfo(bundleName,
724 AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO, bundleInfo, userId);
725 if ((!bundleRet) || (bundleInfo.extensionInfos.size() == 0)) {
726 ACCOUNT_LOGE("failed to query bundle info");
727 return false;
728 }
729 uint32_t targetCount = 0;
730 for (auto iter : bundleInfo.extensionInfos) {
731 if (iter.type == AppExecFwk::ExtensionAbilityType::APP_ACCOUNT_AUTHORIZATION) {
732 targetCount++;
733 extensionInfo = iter;
734 if (targetCount > 1) {
735 ACCOUNT_LOGE("failed to get target ability info");
736 return false;
737 }
738 }
739 }
740 if (targetCount != 1) {
741 ACCOUNT_LOGE("failed to get target ability info");
742 return false;
743 }
744 return true;
745 }
746
ExecuteRequest(const AccountCapabilityRequest & request,const sptr<IAppAccountAuthorizationExtensionCallback> & callback)747 ErrCode AppAccountManagerService::ExecuteRequest(const AccountCapabilityRequest &request,
748 const sptr<IAppAccountAuthorizationExtensionCallback> &callback)
749 {
750 AuthorizationRequest innerRequest;
751 std::string callerBundleName;
752 uint32_t appIndex;
753 ErrCode result = GetCallingInfo(innerRequest.callerUid, callerBundleName, appIndex);
754 if (result != ERR_OK) {
755 return result;
756 }
757 innerRequest.parameters = request.parameters;
758 innerRequest.isEnableContext = request.isEnableContext;
759 innerRequest.callback = callback;
760 if (innerRequest.callback == nullptr) {
761 return ERR_JS_SYSTEM_SERVICE_EXCEPTION;
762 }
763
764 AAFwk::WantParams Params;
765 AppExecFwk::ExtensionAbilityInfo extensionInfo;
766 int32_t userId = innerRequest.callerUid / UID_TRANSFORM_DIVISOR;
767 if (!QueryAbilityInfo(request.bundleName, request.abilityName, userId, extensionInfo)) {
768 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
769 }
770 return innerManager_->ExecuteRequest(innerRequest, request.bundleName, request.abilityName, extensionInfo);
771 }
772
SubscribeAppAccount(const AppAccountSubscribeInfo & subscribeInfo,const sptr<IRemoteObject> & eventListener)773 ErrCode AppAccountManagerService::SubscribeAppAccount(
774 const AppAccountSubscribeInfo &subscribeInfo, const sptr<IRemoteObject> &eventListener)
775 {
776 int32_t callingUid = -1;
777 std::string bundleName;
778 uint32_t appIndex;
779 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
780 if (ret != ERR_OK) {
781 return ret;
782 }
783
784 std::vector<std::string> owners;
785 subscribeInfo.GetOwners(owners);
786 if (owners.size() == 0) {
787 ACCOUNT_LOGE("owners size is 0");
788 return ERR_APPACCOUNT_SERVICE_OWNERS_SIZE_IS_ZERO;
789 }
790
791 int32_t userId = callingUid / UID_TRANSFORM_DIVISOR;
792 for (auto owner : owners) {
793 AppExecFwk::BundleInfo bundleInfo;
794 bool bundleRet = BundleManagerAdapter::GetInstance()->GetBundleInfo(owner,
795 AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
796 if (!bundleRet) {
797 ACCOUNT_LOGE("failed to get bundle info");
798 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
799 }
800 }
801
802 return innerManager_->SubscribeAppAccount(subscribeInfo, eventListener, callingUid, bundleName, appIndex);
803 }
804
UnsubscribeAppAccount(const sptr<IRemoteObject> & eventListener)805 ErrCode AppAccountManagerService::UnsubscribeAppAccount(const sptr<IRemoteObject> &eventListener)
806 {
807 return innerManager_->UnsubscribeAppAccount(eventListener);
808 }
809
OnPackageRemoved(const uid_t & uid,const std::string & bundleName,const uint32_t & appIndex)810 ErrCode AppAccountManagerService::OnPackageRemoved(
811 const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex)
812 {
813 return innerManager_->OnPackageRemoved(uid, bundleName, appIndex);
814 }
815
OnUserRemoved(int32_t userId)816 ErrCode AppAccountManagerService::OnUserRemoved(int32_t userId)
817 {
818 return innerManager_->OnUserRemoved(userId);
819 }
820
GetBundleNameAndCheckPerm(int32_t & callingUid,std::string & bundleName,const std::string & permName)821 ErrCode AppAccountManagerService::GetBundleNameAndCheckPerm(int32_t &callingUid,
822 std::string &bundleName, const std::string &permName)
823 {
824 ErrCode result = GetBundleNameAndCallingUid(callingUid, bundleName);
825 if (result != ERR_OK) {
826 return result;
827 }
828
829 result = AccountPermissionManager::VerifyPermission(permName);
830 if (result != ERR_OK) {
831 ACCOUNT_LOGE("failed to verify permission for %{public}s, result = %{public}d",
832 permName.c_str(), result);
833 ReportPermissionFail(callingUid, IPCSkeleton::GetCallingPid(), permName);
834 return result;
835 }
836 return ERR_OK;
837 }
838
GetBundleNameAndCallingUid(int32_t & callingUid,std::string & bundleName)839 ErrCode AppAccountManagerService::GetBundleNameAndCallingUid(int32_t &callingUid, std::string &bundleName)
840 {
841 callingUid = IPCSkeleton::GetCallingUid();
842 ErrCode bundleRet = BundleManagerAdapter::GetInstance()->GetNameForUid(callingUid, bundleName);
843 if (bundleRet != ERR_OK) {
844 ACCOUNT_LOGE("failed to get bundle name");
845 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_NAME;
846 }
847 return ERR_OK;
848 }
849
GetCallingTokenInfoAndAppIndex(uint32_t & appIndex)850 ErrCode AppAccountManagerService::GetCallingTokenInfoAndAppIndex(uint32_t &appIndex)
851 {
852 uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID();
853 Security::AccessToken::HapTokenInfo hapTokenInfo;
854 int result = Security::AccessToken::AccessTokenKit::GetHapTokenInfo(callingTokenId, hapTokenInfo);
855 if (result) {
856 ACCOUNT_LOGE("failed to get hap token info, result = %{public}d", result);
857 return ERR_APPACCOUNT_SERVICE_GET_APP_INDEX;
858 }
859 if (hapTokenInfo.instIndex < 0) {
860 ACCOUNT_LOGE("get invalid app index from hap token info, index = %{public}d", hapTokenInfo.instIndex);
861 return ERR_APPACCOUNT_SERVICE_GET_APP_INDEX;
862 }
863 appIndex = hapTokenInfo.instIndex;
864 return ERR_OK;
865 }
866
GetCallingInfo(int32_t & callingUid,std::string & bundleName,uint32_t & appIndex)867 ErrCode AppAccountManagerService::GetCallingInfo(int32_t &callingUid, std::string &bundleName, uint32_t &appIndex)
868 {
869 ErrCode result = GetBundleNameAndCallingUid(callingUid, bundleName);
870 if (result != ERR_OK) {
871 ACCOUNT_LOGD("failed to get bundle name");
872 return result;
873 }
874 result = GetCallingTokenInfoAndAppIndex(appIndex);
875 if (result != ERR_OK) {
876 ACCOUNT_LOGE("failed to get app index");
877 return result;
878 }
879 return result;
880 }
881 } // namespace AccountSA
882 } // namespace OHOS
883