• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "account_permission_manager.h"
17 
18 #include "accesstoken_kit.h"
19 #include "account_log_wrapper.h"
20 #include "account_constants.h"
21 #include "ipc_skeleton.h"
22 #include "tokenid_kit.h"
23 
24 using namespace OHOS::Security::AccessToken;
25 
26 namespace OHOS {
27 namespace AccountSA {
VerifyPermission(const std::string & permissionName)28 ErrCode AccountPermissionManager::VerifyPermission(const std::string &permissionName)
29 {
30     AccessTokenID callingToken = IPCSkeleton::GetCallingTokenID();
31     ErrCode result = AccessTokenKit::VerifyAccessToken(callingToken, permissionName);
32     if (result == TypePermissionState::PERMISSION_DENIED) {
33         return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
34     }
35     return ERR_OK;
36 }
37 
CheckSystemApp(bool isCallStub)38 ErrCode AccountPermissionManager::CheckSystemApp(bool isCallStub)
39 {
40     uint64_t fullTokenId;
41     if (isCallStub) {
42         fullTokenId = IPCSkeleton::GetCallingFullTokenID();
43     } else {
44         fullTokenId = IPCSkeleton::GetSelfTokenID();
45     }
46     AccessTokenID tokenId = fullTokenId & TOKEN_ID_LOWMASK;
47     ATokenTypeEnum tokenType = AccessTokenKit::GetTokenType(tokenId);
48     if ((tokenType == ATokenTypeEnum::TOKEN_HAP) && (!TokenIdKit::IsSystemAppByFullTokenID(fullTokenId))) {
49         return ERR_ACCOUNT_COMMON_NOT_SYSTEM_APP_ERROR;
50     }
51     return ERR_OK;
52 }
53 }  // namespace AccountSA
54 }  // namespace OHOS
55