1 /* 2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #include "account_permission_manager.h" 17 18 #include "accesstoken_kit.h" 19 #include "account_log_wrapper.h" 20 #include "account_constants.h" 21 #include "ipc_skeleton.h" 22 #include "tokenid_kit.h" 23 24 using namespace OHOS::Security::AccessToken; 25 26 namespace OHOS { 27 namespace AccountSA { VerifyPermission(const std::string & permissionName)28ErrCode AccountPermissionManager::VerifyPermission(const std::string &permissionName) 29 { 30 AccessTokenID callingToken = IPCSkeleton::GetCallingTokenID(); 31 ErrCode result = AccessTokenKit::VerifyAccessToken(callingToken, permissionName); 32 if (result == TypePermissionState::PERMISSION_DENIED) { 33 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED; 34 } 35 return ERR_OK; 36 } 37 CheckSystemApp(bool isCallStub)38ErrCode AccountPermissionManager::CheckSystemApp(bool isCallStub) 39 { 40 uint64_t fullTokenId; 41 if (isCallStub) { 42 fullTokenId = IPCSkeleton::GetCallingFullTokenID(); 43 } else { 44 fullTokenId = IPCSkeleton::GetSelfTokenID(); 45 } 46 AccessTokenID tokenId = fullTokenId & TOKEN_ID_LOWMASK; 47 ATokenTypeEnum tokenType = AccessTokenKit::GetTokenType(tokenId); 48 if ((tokenType == ATokenTypeEnum::TOKEN_HAP) && (!TokenIdKit::IsSystemAppByFullTokenID(fullTokenId))) { 49 return ERR_ACCOUNT_COMMON_NOT_SYSTEM_APP_ERROR; 50 } 51 return ERR_OK; 52 } 53 } // namespace AccountSA 54 } // namespace OHOS 55