1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hap_token_info_inner.h"
17
18 #include "accesstoken_dfx_define.h"
19 #include "accesstoken_id_manager.h"
20 #include "accesstoken_log.h"
21 #include "access_token_error.h"
22 #include "data_translator.h"
23 #include "data_validator.h"
24 #include "token_field_const.h"
25
26 namespace OHOS {
27 namespace Security {
28 namespace AccessToken {
29 namespace {
30 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "HapTokenInfoInner"};
31 static const std::string DEFAULT_DEVICEID = "0";
32 static const unsigned int SYSTEM_APP_FLAG = 0x0001;
33 }
34
HapTokenInfoInner()35 HapTokenInfoInner::HapTokenInfoInner() : permUpdateTimestamp_(0), isRemote_(false)
36 {
37 tokenInfoBasic_.ver = DEFAULT_TOKEN_VERSION;
38 tokenInfoBasic_.tokenID = 0;
39 tokenInfoBasic_.tokenAttr = 0;
40 tokenInfoBasic_.userID = 0;
41 tokenInfoBasic_.apiVersion = 0;
42 tokenInfoBasic_.instIndex = 0;
43 tokenInfoBasic_.dlpType = 0;
44 tokenInfoBasic_.apl = APL_NORMAL;
45 }
46
HapTokenInfoInner(AccessTokenID id,const HapInfoParams & info,const HapPolicyParams & policy)47 HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id,
48 const HapInfoParams &info, const HapPolicyParams &policy) : permUpdateTimestamp_(0), isRemote_(false)
49 {
50 tokenInfoBasic_.tokenID = id;
51 tokenInfoBasic_.userID = info.userID;
52 tokenInfoBasic_.ver = DEFAULT_TOKEN_VERSION;
53 tokenInfoBasic_.tokenAttr = 0;
54 if (info.isSystemApp) {
55 tokenInfoBasic_.tokenAttr |= SYSTEM_APP_FLAG;
56 }
57 tokenInfoBasic_.bundleName = info.bundleName;
58 tokenInfoBasic_.apiVersion = info.apiVersion;
59 tokenInfoBasic_.instIndex = info.instIndex;
60 tokenInfoBasic_.dlpType = info.dlpType;
61 tokenInfoBasic_.appID = info.appIDDesc;
62 tokenInfoBasic_.deviceID = DEFAULT_DEVICEID;
63 tokenInfoBasic_.apl = policy.apl;
64 permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, policy.permStateList);
65 }
66
HapTokenInfoInner(AccessTokenID id,const HapTokenInfo & info,const std::vector<PermissionStateFull> & permStateList)67 HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id,
68 const HapTokenInfo &info, const std::vector<PermissionStateFull>& permStateList) : isRemote_(false)
69 {
70 permUpdateTimestamp_ = 0;
71 tokenInfoBasic_ = info;
72 permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, permStateList);
73 }
74
~HapTokenInfoInner()75 HapTokenInfoInner::~HapTokenInfoInner()
76 {
77 ACCESSTOKEN_LOG_DEBUG(LABEL,
78 "tokenID: 0x%{public}x destruction", tokenInfoBasic_.tokenID);
79 }
80
Update(const std::string & appIDDesc,int32_t apiVersion,const HapPolicyParams & policy,bool isSystemApp)81 void HapTokenInfoInner::Update(
82 const std::string& appIDDesc, int32_t apiVersion, const HapPolicyParams& policy, bool isSystemApp)
83 {
84 tokenInfoBasic_.appID = appIDDesc;
85 tokenInfoBasic_.apiVersion = apiVersion;
86 tokenInfoBasic_.apl = policy.apl;
87 if (isSystemApp) {
88 tokenInfoBasic_.tokenAttr |= SYSTEM_APP_FLAG;
89 } else {
90 tokenInfoBasic_.tokenAttr &= ~SYSTEM_APP_FLAG;
91 }
92 if (permPolicySet_ == nullptr) {
93 permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(tokenInfoBasic_.tokenID,
94 policy.permStateList);
95 return;
96 }
97
98 permPolicySet_->Update(policy.permStateList);
99 return;
100 }
101
TranslateToHapTokenInfo(HapTokenInfo & infoParcel) const102 void HapTokenInfoInner::TranslateToHapTokenInfo(HapTokenInfo& infoParcel) const
103 {
104 infoParcel = tokenInfoBasic_;
105 }
106
TranslationIntoGenericValues(GenericValues & outGenericValues) const107 void HapTokenInfoInner::TranslationIntoGenericValues(GenericValues& outGenericValues) const
108 {
109 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenInfoBasic_.tokenID));
110 outGenericValues.Put(TokenFiledConst::FIELD_USER_ID, tokenInfoBasic_.userID);
111 outGenericValues.Put(TokenFiledConst::FIELD_BUNDLE_NAME, tokenInfoBasic_.bundleName);
112 outGenericValues.Put(TokenFiledConst::FIELD_API_VERSION, tokenInfoBasic_.apiVersion);
113 outGenericValues.Put(TokenFiledConst::FIELD_INST_INDEX, tokenInfoBasic_.instIndex);
114 outGenericValues.Put(TokenFiledConst::FIELD_DLP_TYPE, tokenInfoBasic_.dlpType);
115 outGenericValues.Put(TokenFiledConst::FIELD_APP_ID, tokenInfoBasic_.appID);
116 outGenericValues.Put(TokenFiledConst::FIELD_DEVICE_ID, tokenInfoBasic_.deviceID);
117 outGenericValues.Put(TokenFiledConst::FIELD_APL, tokenInfoBasic_.apl);
118 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_VERSION, tokenInfoBasic_.ver);
119 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_ATTR, static_cast<int32_t>(tokenInfoBasic_.tokenAttr));
120 }
121
RestoreHapTokenBasicInfo(const GenericValues & inGenericValues)122 int HapTokenInfoInner::RestoreHapTokenBasicInfo(const GenericValues& inGenericValues)
123 {
124 tokenInfoBasic_.userID = inGenericValues.GetInt(TokenFiledConst::FIELD_USER_ID);
125 tokenInfoBasic_.bundleName = inGenericValues.GetString(TokenFiledConst::FIELD_BUNDLE_NAME);
126 if (!DataValidator::IsBundleNameValid(tokenInfoBasic_.bundleName)) {
127 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID: 0x%{public}x bundle name is error", tokenInfoBasic_.tokenID);
128 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
129 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "bundleName error");
130 return AccessTokenError::ERR_PARAM_INVALID;
131 }
132
133 tokenInfoBasic_.apiVersion = inGenericValues.GetInt(TokenFiledConst::FIELD_API_VERSION);
134 tokenInfoBasic_.instIndex = inGenericValues.GetInt(TokenFiledConst::FIELD_INST_INDEX);
135 tokenInfoBasic_.dlpType = inGenericValues.GetInt(TokenFiledConst::FIELD_DLP_TYPE);
136 tokenInfoBasic_.appID = inGenericValues.GetString(TokenFiledConst::FIELD_APP_ID);
137 if (!DataValidator::IsAppIDDescValid(tokenInfoBasic_.appID)) {
138 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID: 0x%{public}x appID is error", tokenInfoBasic_.tokenID);
139 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
140 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "appID error");
141 return AccessTokenError::ERR_PARAM_INVALID;
142 }
143
144 tokenInfoBasic_.deviceID = inGenericValues.GetString(TokenFiledConst::FIELD_DEVICE_ID);
145 if (!DataValidator::IsDeviceIdValid(tokenInfoBasic_.deviceID)) {
146 ACCESSTOKEN_LOG_ERROR(LABEL,
147 "tokenID: 0x%{public}x devId is error", tokenInfoBasic_.tokenID);
148 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
149 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "deviceID error");
150 return AccessTokenError::ERR_PARAM_INVALID;
151 }
152 int aplNum = inGenericValues.GetInt(TokenFiledConst::FIELD_APL);
153 if (DataValidator::IsAplNumValid(aplNum)) {
154 tokenInfoBasic_.apl = static_cast<ATokenAplEnum>(aplNum);
155 } else {
156 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID: 0x%{public}x apl is error, value %{public}d",
157 tokenInfoBasic_.tokenID, aplNum);
158 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
159 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "apl error");
160 return AccessTokenError::ERR_PARAM_INVALID;
161 }
162 tokenInfoBasic_.ver = (char)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_VERSION);
163 if (tokenInfoBasic_.ver != DEFAULT_TOKEN_VERSION) {
164 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID: 0x%{public}x version is error, version %{public}d",
165 tokenInfoBasic_.tokenID, tokenInfoBasic_.ver);
166 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
167 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "version error");
168 return AccessTokenError::ERR_PARAM_INVALID;
169 }
170 tokenInfoBasic_.tokenAttr = (uint32_t)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_ATTR);
171 return RET_SUCCESS;
172 }
173
RestoreHapTokenInfo(AccessTokenID tokenId,const GenericValues & tokenValue,const std::vector<GenericValues> & permStateRes)174 int HapTokenInfoInner::RestoreHapTokenInfo(AccessTokenID tokenId,
175 const GenericValues& tokenValue,
176 const std::vector<GenericValues>& permStateRes)
177 {
178 tokenInfoBasic_.tokenID = tokenId;
179 int ret = RestoreHapTokenBasicInfo(tokenValue);
180 if (ret != RET_SUCCESS) {
181 return ret;
182 }
183 permPolicySet_ = PermissionPolicySet::RestorePermissionPolicy(tokenId, permStateRes);
184 return RET_SUCCESS;
185 }
186
StoreHapBasicInfo(std::vector<GenericValues> & valueList) const187 void HapTokenInfoInner::StoreHapBasicInfo(std::vector<GenericValues>& valueList) const
188 {
189 GenericValues genericValues;
190 TranslationIntoGenericValues(genericValues);
191 valueList.emplace_back(genericValues);
192 }
193
StoreHapInfo(std::vector<GenericValues> & hapInfoValues,std::vector<GenericValues> & permStateValues) const194 void HapTokenInfoInner::StoreHapInfo(std::vector<GenericValues>& hapInfoValues,
195 std::vector<GenericValues>& permStateValues) const
196 {
197 if (isRemote_) {
198 ACCESSTOKEN_LOG_INFO(LABEL,
199 "token %{public}x is remote hap token, will not store", tokenInfoBasic_.tokenID);
200 return;
201 }
202 StoreHapBasicInfo(hapInfoValues);
203 if (permPolicySet_ != nullptr) {
204 permPolicySet_->StorePermissionPolicySet(permStateValues);
205 }
206 }
207
GetHapInfoPermissionPolicySet() const208 std::shared_ptr<PermissionPolicySet> HapTokenInfoInner::GetHapInfoPermissionPolicySet() const
209 {
210 return permPolicySet_;
211 }
212
GetUserID() const213 int HapTokenInfoInner::GetUserID() const
214 {
215 return tokenInfoBasic_.userID;
216 }
217
GetDlpType() const218 int HapTokenInfoInner::GetDlpType() const
219 {
220 return tokenInfoBasic_.dlpType;
221 }
222
GetBundleName() const223 std::string HapTokenInfoInner::GetBundleName() const
224 {
225 return tokenInfoBasic_.bundleName;
226 }
227
GetInstIndex() const228 int HapTokenInfoInner::GetInstIndex() const
229 {
230 return tokenInfoBasic_.instIndex;
231 }
232
GetTokenID() const233 AccessTokenID HapTokenInfoInner::GetTokenID() const
234 {
235 return tokenInfoBasic_.tokenID;
236 }
237
GetHapInfoBasic() const238 HapTokenInfo HapTokenInfoInner::GetHapInfoBasic() const
239 {
240 return tokenInfoBasic_;
241 }
242
SetTokenBaseInfo(const HapTokenInfo & baseInfo)243 void HapTokenInfoInner::SetTokenBaseInfo(const HapTokenInfo& baseInfo)
244 {
245 tokenInfoBasic_ = baseInfo;
246 }
247
SetPermissionPolicySet(std::shared_ptr<PermissionPolicySet> & policySet)248 void HapTokenInfoInner::SetPermissionPolicySet(std::shared_ptr<PermissionPolicySet>& policySet)
249 {
250 permPolicySet_ = policySet;
251 }
252
IsRemote() const253 bool HapTokenInfoInner::IsRemote() const
254 {
255 return isRemote_;
256 }
257
SetRemote(bool isRemote)258 void HapTokenInfoInner::SetRemote(bool isRemote)
259 {
260 isRemote_ = isRemote;
261 }
262
ToString(std::string & info) const263 void HapTokenInfoInner::ToString(std::string& info) const
264 {
265 info.append(R"({)");
266 info.append("\n");
267 info.append(R"( "tokenID": )" + std::to_string(tokenInfoBasic_.tokenID) + ",\n");
268 info.append(R"( "tokenAttr": )" + std::to_string(tokenInfoBasic_.tokenAttr) + ",\n");
269 info.append(R"( "ver": )" + std::to_string(tokenInfoBasic_.ver) + ",\n");
270 info.append(R"( "userId": )" + std::to_string(tokenInfoBasic_.userID) + ",\n");
271 info.append(R"( "bundleName": ")" + tokenInfoBasic_.bundleName + R"(")" + ",\n");
272 info.append(R"( "instIndex": )" + std::to_string(tokenInfoBasic_.instIndex) + ",\n");
273 info.append(R"( "dlpType": )" + std::to_string(tokenInfoBasic_.dlpType) + ",\n");
274 info.append(R"( "appID": ")" + tokenInfoBasic_.appID + R"(")" + ",\n");
275 info.append(R"( "deviceID": ")" + tokenInfoBasic_.deviceID + R"(")" + ",\n");
276 info.append(R"( "apl": )" + std::to_string(tokenInfoBasic_.apl) + ",\n");
277 info.append(R"( "isRemote": )" + std::to_string(isRemote_) + ",\n");
278
279 if (permPolicySet_ != nullptr) {
280 permPolicySet_->ToString(info);
281 }
282 info.append("}");
283 }
284 } // namespace AccessToken
285 } // namespace Security
286 } // namespace OHOS
287