1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "account_iam_mgr_stub.h"
17
18 #include "access_token.h"
19 #include "account_log_wrapper.h"
20 #include "account_permission_manager.h"
21 #include "iaccount_iam_callback.h"
22 #include "ipc_skeleton.h"
23 #include "memory_guard.h"
24 #include "token_setproc.h"
25
26 namespace OHOS {
27 namespace AccountSA {
28 namespace {
29 const std::string ACCESS_USER_AUTH_INTERNAL = "ohos.permission.ACCESS_USER_AUTH_INTERNAL";
30 const std::string MANAGE_USER_IDM = "ohos.permission.MANAGE_USER_IDM";
31 const std::string USE_USER_IDM = "ohos.permission.USE_USER_IDM";
32 }
33
34 const std::map<uint32_t, AccountIAMMgrStub::AccountIAMMessageProc> messageProcMap = {
35 {
36 static_cast<uint32_t>(AccountIAMInterfaceCode::OPEN_SESSION),
37 {
38 .messageProcFunction = &AccountIAMMgrStub::ProcOpenSession,
39 .isSyetemApi = true,
40 }
41 },
42 {
43 static_cast<uint32_t>(AccountIAMInterfaceCode::CLOSE_SESSION),
44 {
45 .messageProcFunction = &AccountIAMMgrStub::ProcCloseSession,
46 .isSyetemApi = true,
47 }
48 },
49 {
50 static_cast<uint32_t>(AccountIAMInterfaceCode::ADD_CREDENTIAL),
51 {
52 .messageProcFunction = &AccountIAMMgrStub::ProcAddCredential,
53 .isSyetemApi = true,
54 }
55 },
56 {
57 static_cast<uint32_t>(AccountIAMInterfaceCode::UPDATE_CREDENTIAL),
58 {
59 .messageProcFunction = &AccountIAMMgrStub::ProcUpdateCredential,
60 .isSyetemApi = true,
61 }
62 },
63 {
64 static_cast<uint32_t>(AccountIAMInterfaceCode::DEL_CRED),
65 {
66 .messageProcFunction = &AccountIAMMgrStub::ProcDelCred,
67 .isSyetemApi = true,
68 }
69 },
70 {
71 static_cast<uint32_t>(AccountIAMInterfaceCode::DEL_USER),
72 {
73 .messageProcFunction = &AccountIAMMgrStub::ProcDelUser,
74 .isSyetemApi = true,
75 }
76 },
77 {
78 static_cast<uint32_t>(AccountIAMInterfaceCode::CANCEL),
79 {
80 .messageProcFunction = &AccountIAMMgrStub::ProcCancel,
81 .isSyetemApi = true,
82 }
83 },
84 {
85 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_CREDENTIAL_INFO),
86 {
87 .messageProcFunction = &AccountIAMMgrStub::ProcGetCredentialInfo,
88 .isSyetemApi = true,
89 }
90 },
91 {
92 static_cast<uint32_t>(AccountIAMInterfaceCode::AUTH_USER),
93 {
94 .messageProcFunction = &AccountIAMMgrStub::ProcAuthUser,
95 .isSyetemApi = true,
96 }
97 },
98 {
99 static_cast<uint32_t>(AccountIAMInterfaceCode::CANCEL_AUTH),
100 {
101 .messageProcFunction = &AccountIAMMgrStub::ProcCancelAuth,
102 .isSyetemApi = true,
103 }
104 },
105 {
106 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_AVAILABLE_STATUS),
107 {
108 .messageProcFunction = &AccountIAMMgrStub::ProcGetAvailableStatus,
109 .isSyetemApi = true,
110 }
111 },
112 {
113 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_PROPERTY),
114 {
115 .messageProcFunction = &AccountIAMMgrStub::ProcGetProperty,
116 .isSyetemApi = true,
117 }
118 },
119 {
120 static_cast<uint32_t>(AccountIAMInterfaceCode::SET_PROPERTY),
121 {
122 .messageProcFunction = &AccountIAMMgrStub::ProcSetProperty,
123 .isSyetemApi = true,
124 }
125 },
126 {
127 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_ACCOUNT_STATE),
128 {
129 .messageProcFunction = &AccountIAMMgrStub::ProcGetAccountState,
130 }
131 }
132 };
133
AccountIAMMgrStub()134 AccountIAMMgrStub::AccountIAMMgrStub()
135 {
136 messageProcMap_ = messageProcMap;
137 }
138
~AccountIAMMgrStub()139 AccountIAMMgrStub::~AccountIAMMgrStub()
140 {}
141
OnRemoteRequest(std::uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)142 std::int32_t AccountIAMMgrStub::OnRemoteRequest(
143 std::uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option)
144 {
145 ACCOUNT_LOGD("Received stub message: %{public}d, callingPid: %{public}d", code, IPCSkeleton::GetCallingPid());
146 MemoryGuard cacheGuard;
147 Security::AccessToken::AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
148 int result = SetFirstCallerTokenID(tokenCaller);
149 ACCOUNT_LOGD("SetFirstCallerTokenID result: %{public}d", result);
150 if (data.ReadInterfaceToken() != GetDescriptor()) {
151 ACCOUNT_LOGE("check descriptor failed! code %{public}u.", code);
152 return ERR_ACCOUNT_COMMON_CHECK_DESCRIPTOR_ERROR;
153 }
154 const auto &itFunc = messageProcMap_.find(code);
155 if (itFunc != messageProcMap_.end()) {
156 if (itFunc->second.isSyetemApi) {
157 result = AccountPermissionManager::CheckSystemApp();
158 if (result != ERR_OK) {
159 ACCOUNT_LOGE("is not system application, result = %{public}u.", result);
160 return result;
161 }
162 }
163 return (this->*(itFunc->second.messageProcFunction))(data, reply);
164 }
165 ACCOUNT_LOGW("remote request unhandled: %{public}d", code);
166 return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
167 }
168
ProcOpenSession(MessageParcel & data,MessageParcel & reply)169 ErrCode AccountIAMMgrStub::ProcOpenSession(MessageParcel &data, MessageParcel &reply)
170 {
171 if (!CheckPermission(MANAGE_USER_IDM)) {
172 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
173 }
174 int32_t userId;
175 if (!data.ReadInt32(userId)) {
176 ACCOUNT_LOGE("failed to read userId");
177 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
178 }
179 std::vector<uint8_t> challenge;
180 int32_t result = OpenSession(userId, challenge);
181 if (!reply.WriteInt32(result)) {
182 ACCOUNT_LOGE("failed to write result");
183 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
184 }
185 if (result == ERR_OK) {
186 if (!reply.WriteUInt8Vector(challenge)) {
187 ACCOUNT_LOGE("failed to write challenge");
188 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
189 }
190 }
191 return ERR_NONE;
192 }
193
ProcCloseSession(MessageParcel & data,MessageParcel & reply)194 ErrCode AccountIAMMgrStub::ProcCloseSession(MessageParcel &data, MessageParcel &reply)
195 {
196 if (!CheckPermission(MANAGE_USER_IDM)) {
197 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
198 }
199 int32_t userId;
200 if (!data.ReadInt32(userId)) {
201 ACCOUNT_LOGE("failed to read userId");
202 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
203 }
204 int32_t result = CloseSession(userId);
205 if (!reply.WriteInt32(result)) {
206 ACCOUNT_LOGE("failed to write result");
207 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
208 }
209 return ERR_NONE;
210 }
211
ReadUserIdAndAuthType(MessageParcel & data,int32_t & userId,int32_t & authType)212 ErrCode AccountIAMMgrStub::ReadUserIdAndAuthType(MessageParcel &data, int32_t &userId, int32_t &authType)
213 {
214 if (!data.ReadInt32(userId)) {
215 ACCOUNT_LOGE("failed to read userId");
216 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
217 }
218 if (!data.ReadInt32(authType)) {
219 ACCOUNT_LOGE("failed to read authType");
220 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
221 }
222 return ERR_OK;
223 }
224
AddOrUpdateCredential(MessageParcel & data,MessageParcel & reply,bool isAdd)225 ErrCode AccountIAMMgrStub::AddOrUpdateCredential(MessageParcel &data, MessageParcel &reply, bool isAdd)
226 {
227 if (!CheckPermission(MANAGE_USER_IDM)) {
228 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
229 }
230 int32_t userId;
231 int32_t authType;
232 ErrCode ret = ReadUserIdAndAuthType(data, userId, authType);
233 if (ret != ERR_OK) {
234 return ret;
235 }
236 int32_t authSubType;
237 if (!data.ReadInt32(authSubType)) {
238 ACCOUNT_LOGE("failed to read authSubType");
239 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
240 }
241 CredentialParameters credParams;
242 if (!data.ReadUInt8Vector(&credParams.token)) {
243 ACCOUNT_LOGE("failed to read token");
244 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
245 }
246 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
247 if (callback == nullptr) {
248 ACCOUNT_LOGE("callback is nullptr");
249 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
250 }
251 credParams.authType = static_cast<AuthType>(authType);
252 credParams.pinType = static_cast<PinSubType>(authSubType);
253 if (isAdd) {
254 AddCredential(userId, credParams, callback);
255 } else {
256 UpdateCredential(userId, credParams, callback);
257 }
258 return ERR_NONE;
259 }
260
ProcAddCredential(MessageParcel & data,MessageParcel & reply)261 ErrCode AccountIAMMgrStub::ProcAddCredential(MessageParcel &data, MessageParcel &reply)
262 {
263 return AddOrUpdateCredential(data, reply);
264 }
265
ProcUpdateCredential(MessageParcel & data,MessageParcel & reply)266 ErrCode AccountIAMMgrStub::ProcUpdateCredential(MessageParcel &data, MessageParcel &reply)
267 {
268 return AddOrUpdateCredential(data, reply, false);
269 }
270
ProcDelCred(MessageParcel & data,MessageParcel & reply)271 ErrCode AccountIAMMgrStub::ProcDelCred(MessageParcel &data, MessageParcel &reply)
272 {
273 if (!CheckPermission(MANAGE_USER_IDM)) {
274 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
275 }
276 int32_t userId;
277 if (!data.ReadInt32(userId)) {
278 ACCOUNT_LOGE("failed to read userId");
279 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
280 }
281 uint64_t credentialId;
282 if (!data.ReadUint64(credentialId)) {
283 ACCOUNT_LOGE("failed to read credentialId");
284 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
285 }
286 std::vector<uint8_t> authToken;
287 if (!data.ReadUInt8Vector(&authToken)) {
288 ACCOUNT_LOGE("failed to read authToken for delCred");
289 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
290 }
291 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
292 if (callback == nullptr) {
293 ACCOUNT_LOGE("callback is nullptr");
294 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
295 }
296 DelCred(userId, credentialId, authToken, callback);
297 return ERR_NONE;
298 }
299
ProcDelUser(MessageParcel & data,MessageParcel & reply)300 ErrCode AccountIAMMgrStub::ProcDelUser(MessageParcel &data, MessageParcel &reply)
301 {
302 if (!CheckPermission(MANAGE_USER_IDM)) {
303 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
304 }
305 int32_t userId;
306 if (!data.ReadInt32(userId)) {
307 ACCOUNT_LOGE("failed to read userId");
308 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
309 }
310 std::vector<uint8_t> authToken;
311 if (!data.ReadUInt8Vector(&authToken)) {
312 ACCOUNT_LOGE("failed to read authToken for delUser");
313 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
314 }
315 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
316 if (callback == nullptr) {
317 ACCOUNT_LOGE("callback is nullptr");
318 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
319 }
320 DelUser(userId, authToken, callback);
321 return ERR_NONE;
322 }
323
ProcCancel(MessageParcel & data,MessageParcel & reply)324 ErrCode AccountIAMMgrStub::ProcCancel(MessageParcel &data, MessageParcel &reply)
325 {
326 if (!CheckPermission(MANAGE_USER_IDM)) {
327 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
328 }
329 int32_t userId;
330 if (!data.ReadInt32(userId)) {
331 ACCOUNT_LOGE("failed to read userId");
332 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
333 }
334 int32_t result = Cancel(userId);
335 if (!reply.WriteInt32(result)) {
336 ACCOUNT_LOGE("failed to write result");
337 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
338 }
339 return ERR_NONE;
340 }
341
ProcGetCredentialInfo(MessageParcel & data,MessageParcel & reply)342 ErrCode AccountIAMMgrStub::ProcGetCredentialInfo(MessageParcel &data, MessageParcel &reply)
343 {
344 if (!CheckPermission(USE_USER_IDM)) {
345 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
346 }
347 int32_t userId;
348 int32_t authType;
349 ErrCode ret = ReadUserIdAndAuthType(data, userId, authType);
350 if (ret != ERR_OK) {
351 return ret;
352 }
353 sptr<IGetCredInfoCallback> callback = iface_cast<IGetCredInfoCallback>(data.ReadRemoteObject());
354 if (callback == nullptr) {
355 ACCOUNT_LOGE("callback is nullptr");
356 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
357 }
358 int result = GetCredentialInfo(userId, static_cast<AuthType>(authType), callback);
359 if (!reply.WriteInt32(result)) {
360 ACCOUNT_LOGE("failed to write result");
361 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
362 }
363 return ERR_NONE;
364 }
365
ProcAuthUser(MessageParcel & data,MessageParcel & reply)366 ErrCode AccountIAMMgrStub::ProcAuthUser(MessageParcel &data, MessageParcel &reply)
367 {
368 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
369 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
370 }
371 int32_t userId;
372 if (!data.ReadInt32(userId)) {
373 ACCOUNT_LOGE("failed to read userId");
374 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
375 }
376 AuthParam authParam;
377 if (!data.ReadUInt8Vector(&authParam.challenge)) {
378 ACCOUNT_LOGE("failed to read challenge");
379 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
380 }
381 int32_t authType;
382 if (!data.ReadInt32(authType)) {
383 ACCOUNT_LOGE("failed to read authType for AuthUser");
384 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
385 }
386 authParam.authType = static_cast<AuthType>(authType);
387 uint32_t authTrustLevel;
388 if (!data.ReadUint32(authTrustLevel)) {
389 ACCOUNT_LOGE("failed to read authTrustLevel for AuthUser");
390 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
391 }
392 authParam.authTrustLevel = static_cast<AuthTrustLevel>(authTrustLevel);
393 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
394 if (callback == nullptr) {
395 ACCOUNT_LOGE("UserAuthCallbackInterface is nullptr");
396 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
397 }
398 uint64_t contextId = 0;
399 ErrCode result = AuthUser(userId, authParam, callback, contextId);
400 if (!reply.WriteInt32(result)) {
401 ACCOUNT_LOGE("failed to write result");
402 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
403 }
404 if (!reply.WriteUint64(contextId)) {
405 ACCOUNT_LOGE("failed to write contextId");
406 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
407 }
408 return ERR_NONE;
409 }
410
ProcCancelAuth(MessageParcel & data,MessageParcel & reply)411 ErrCode AccountIAMMgrStub::ProcCancelAuth(MessageParcel &data, MessageParcel &reply)
412 {
413 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
414 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
415 }
416 uint64_t contextId;
417 if (!data.ReadUint64(contextId)) {
418 ACCOUNT_LOGE("failed to read contextId");
419 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
420 }
421 int32_t result = CancelAuth(contextId);
422 if (!reply.WriteInt32(result)) {
423 ACCOUNT_LOGE("failed to write result");
424 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
425 }
426 return ERR_NONE;
427 }
428
ProcGetAvailableStatus(MessageParcel & data,MessageParcel & reply)429 ErrCode AccountIAMMgrStub::ProcGetAvailableStatus(MessageParcel &data, MessageParcel &reply)
430 {
431 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
432 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
433 }
434 int32_t authType;
435 if (!data.ReadInt32(authType)) {
436 ACCOUNT_LOGE("failed to read authType for GetAvailableStatus");
437 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
438 }
439 uint32_t authTrustLevel;
440 if (!data.ReadUint32(authTrustLevel)) {
441 ACCOUNT_LOGE("failed to read authTrustLevel for GetAvailableStatus");
442 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
443 }
444 int32_t status;
445 int32_t result =
446 GetAvailableStatus(static_cast<AuthType>(authType), static_cast<AuthTrustLevel>(authTrustLevel), status);
447 if (!reply.WriteInt32(result)) {
448 ACCOUNT_LOGE("failed to write result");
449 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
450 }
451 if (result == ERR_OK) {
452 if (!reply.WriteInt32(status)) {
453 ACCOUNT_LOGE("failed to write status");
454 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
455 }
456 }
457 return ERR_NONE;
458 }
459
ProcGetProperty(MessageParcel & data,MessageParcel & reply)460 ErrCode AccountIAMMgrStub::ProcGetProperty(MessageParcel &data, MessageParcel &reply)
461 {
462 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
463 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
464 }
465 int32_t userId;
466 int32_t authType;
467 if (ReadUserIdAndAuthType(data, userId, authType) != ERR_OK) {
468 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
469 }
470 std::vector<uint32_t> keys;
471 if (!data.ReadUInt32Vector(&keys)) {
472 ACCOUNT_LOGE("failed to read attribute keys");
473 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
474 }
475 sptr<IGetSetPropCallback> callback = iface_cast<IGetSetPropCallback>(data.ReadRemoteObject());
476 if (callback == nullptr) {
477 ACCOUNT_LOGE("IGetSetPropCallback is nullptr");
478 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
479 }
480 GetPropertyRequest request;
481 request.authType = static_cast<AuthType>(authType);
482 for (auto &key : keys) {
483 request.keys.push_back(static_cast<Attributes::AttributeKey>(key));
484 }
485 GetProperty(userId, request, callback);
486 return ERR_NONE;
487 }
488
ProcSetProperty(MessageParcel & data,MessageParcel & reply)489 ErrCode AccountIAMMgrStub::ProcSetProperty(MessageParcel &data, MessageParcel &reply)
490 {
491 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
492 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
493 }
494 int32_t userId;
495 int32_t authType;
496 if (ReadUserIdAndAuthType(data, userId, authType) != ERR_OK) {
497 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
498 }
499 std::vector<uint8_t> attr;
500 if (!data.ReadUInt8Vector(&attr)) {
501 ACCOUNT_LOGE("failed to read attributes");
502 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
503 }
504 sptr<IGetSetPropCallback> callback = iface_cast<IGetSetPropCallback>(data.ReadRemoteObject());
505 if (callback == nullptr) {
506 ACCOUNT_LOGE("SetExecutorPropertyCallbackInterface is nullptr");
507 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
508 }
509 SetPropertyRequest request = {
510 .authType = static_cast<AuthType>(authType),
511 .attrs = Attributes(attr)
512 };
513 SetProperty(userId, request, callback);
514 return ERR_NONE;
515 }
516
ProcGetAccountState(MessageParcel & data,MessageParcel & reply)517 ErrCode AccountIAMMgrStub::ProcGetAccountState(MessageParcel &data, MessageParcel &reply)
518 {
519 int32_t userId;
520 if (!data.ReadInt32(userId)) {
521 ACCOUNT_LOGE("failed to read userId");
522 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
523 }
524 IAMState state = GetAccountState(userId);
525 if (!reply.WriteInt32(state)) {
526 ACCOUNT_LOGE("failed to write state");
527 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
528 }
529 return ERR_NONE;
530 }
531
CheckPermission(const std::string & permission)532 bool AccountIAMMgrStub::CheckPermission(const std::string &permission)
533 {
534 if (AccountPermissionManager::VerifyPermission(permission) != ERR_OK) {
535 ACCOUNT_LOGE("check permission failed, permission name: %{public}s", permission.c_str());
536 return false;
537 }
538 return true;
539 }
540 } // AccountSA
541 } // OHOS
542