1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accesstoken_kit.h"
17 #include <string>
18 #include <vector>
19 #include "accesstoken_dfx_define.h"
20 #include "accesstoken_log.h"
21 #include "access_token_error.h"
22 #include "accesstoken_manager_client.h"
23 #include "constant_common.h"
24 #include "data_validator.h"
25 #include "hap_token_info.h"
26 #include "hisysevent.h"
27 #include "permission_def.h"
28 #include "perm_state_change_callback_customize.h"
29 #include "tokenid_kit.h"
30 #include "token_setproc.h"
31
32 namespace OHOS {
33 namespace Security {
34 namespace AccessToken {
35 namespace {
36 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenKit"};
37 static const uint64_t TOKEN_ID_LOWMASK = 0xffffffff;
38 static const int INVALID_DLP_TOKEN_FLAG = -1;
39 static const int FIRSTCALLER_TOKENID_DEFAULT = 0;
40 } // namespace
41
AllocHapToken(const HapInfoParams & info,const HapPolicyParams & policy)42 AccessTokenIDEx AccessTokenKit::AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy)
43 {
44 AccessTokenIDEx res = {0};
45 ACCESSTOKEN_LOG_DEBUG(LABEL, "called!");
46 if ((!DataValidator::IsUserIdValid(info.userID)) || !DataValidator::IsAppIDDescValid(info.appIDDesc) ||
47 !DataValidator::IsBundleNameValid(info.bundleName) || !DataValidator::IsAplNumValid(policy.apl) ||
48 !DataValidator::IsDomainValid(policy.domain) || !DataValidator::IsDlpTypeValid(info.dlpType)) {
49 ACCESSTOKEN_LOG_ERROR(LABEL, "input param failed");
50 return res;
51 }
52
53 return AccessTokenManagerClient::GetInstance().AllocHapToken(info, policy);
54 }
55
AllocLocalTokenID(const std::string & remoteDeviceID,AccessTokenID remoteTokenID)56 AccessTokenID AccessTokenKit::AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID)
57 {
58 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, deviceID=%{public}s, tokenID=%{public}d",
59 ConstantCommon::EncryptDevId(remoteDeviceID).c_str(), remoteTokenID);
60 #ifdef DEBUG_API_PERFORMANCE
61 ACCESSTOKEN_LOG_DEBUG(LABEL, "api_performance:start call");
62 AccessTokenID resID = AccessTokenManagerClient::GetInstance().AllocLocalTokenID(remoteDeviceID, remoteTokenID);
63 ACCESSTOKEN_LOG_DEBUG(LABEL, "api_performance:end call");
64 return resID;
65 #else
66 return AccessTokenManagerClient::GetInstance().AllocLocalTokenID(remoteDeviceID, remoteTokenID);
67 #endif
68 }
69
UpdateHapToken(AccessTokenIDEx & tokenIdEx,bool isSystemApp,const std::string & appIDDesc,int32_t apiVersion,const HapPolicyParams & policy)70 int AccessTokenKit::UpdateHapToken(AccessTokenIDEx& tokenIdEx,
71 bool isSystemApp, const std::string& appIDDesc, int32_t apiVersion, const HapPolicyParams& policy)
72 {
73 ACCESSTOKEN_LOG_DEBUG(LABEL, "called");
74 if ((tokenIdEx.tokenIdExStruct.tokenID == INVALID_TOKENID) || (!DataValidator::IsAppIDDescValid(appIDDesc)) ||
75 (!DataValidator::IsAplNumValid(policy.apl))) {
76 ACCESSTOKEN_LOG_ERROR(LABEL, "input param failed");
77 return AccessTokenError::ERR_PARAM_INVALID;
78 }
79 return AccessTokenManagerClient::GetInstance().UpdateHapToken(
80 tokenIdEx, isSystemApp, appIDDesc, apiVersion, policy);
81 }
82
DeleteToken(AccessTokenID tokenID)83 int AccessTokenKit::DeleteToken(AccessTokenID tokenID)
84 {
85 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d", tokenID);
86 if (tokenID == INVALID_TOKENID) {
87 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
88 return AccessTokenError::ERR_PARAM_INVALID;
89 }
90 return AccessTokenManagerClient::GetInstance().DeleteToken(tokenID);
91 }
92
GetTokenType(AccessTokenID tokenID)93 ATokenTypeEnum AccessTokenKit::GetTokenType(AccessTokenID tokenID)
94 {
95 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d", tokenID);
96 if (tokenID == INVALID_TOKENID) {
97 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
98 return TOKEN_INVALID;
99 }
100 return AccessTokenManagerClient::GetInstance().GetTokenType(tokenID);
101 }
102
GetTokenTypeFlag(AccessTokenID tokenID)103 ATokenTypeEnum AccessTokenKit::GetTokenTypeFlag(AccessTokenID tokenID)
104 {
105 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d", tokenID);
106 if (tokenID == INVALID_TOKENID) {
107 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
108 return TOKEN_INVALID;
109 }
110 AccessTokenIDInner *idInner = reinterpret_cast<AccessTokenIDInner *>(&tokenID);
111 return static_cast<ATokenTypeEnum>(idInner->type);
112 }
113
GetTokenType(FullTokenID tokenID)114 ATokenTypeEnum AccessTokenKit::GetTokenType(FullTokenID tokenID)
115 {
116 AccessTokenID id = tokenID & TOKEN_ID_LOWMASK;
117 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d", id);
118 if (id == INVALID_TOKENID) {
119 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
120 return TOKEN_INVALID;
121 }
122 return AccessTokenManagerClient::GetInstance().GetTokenType(id);
123 }
124
GetTokenTypeFlag(FullTokenID tokenID)125 ATokenTypeEnum AccessTokenKit::GetTokenTypeFlag(FullTokenID tokenID)
126 {
127 AccessTokenID id = tokenID & TOKEN_ID_LOWMASK;
128 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d", id);
129 if (id == INVALID_TOKENID) {
130 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
131 return TOKEN_INVALID;
132 }
133 AccessTokenIDInner *idInner = reinterpret_cast<AccessTokenIDInner *>(&id);
134 return static_cast<ATokenTypeEnum>(idInner->type);
135 }
136
CheckNativeDCap(AccessTokenID tokenID,const std::string & dcap)137 int AccessTokenKit::CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap)
138 {
139 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d, dcap=%{public}s", tokenID, dcap.c_str());
140 if (tokenID == INVALID_TOKENID) {
141 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
142 return AccessTokenError::ERR_PARAM_INVALID;
143 }
144 if (!DataValidator::IsDcapValid(dcap)) {
145 ACCESSTOKEN_LOG_ERROR(LABEL, "dcap is invalid");
146 return AccessTokenError::ERR_PARAM_INVALID;
147 }
148 return AccessTokenManagerClient::GetInstance().CheckNativeDCap(tokenID, dcap);
149 }
150
GetHapTokenID(int32_t userID,const std::string & bundleName,int32_t instIndex)151 AccessTokenID AccessTokenKit::GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex)
152 {
153 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, userID=%{public}d, bundleName=%{public}s, instIndex=%{public}d",
154 userID, bundleName.c_str(), instIndex);
155 if ((!DataValidator::IsUserIdValid(userID)) || (!DataValidator::IsBundleNameValid(bundleName))) {
156 ACCESSTOKEN_LOG_ERROR(LABEL, "hap token param check failed");
157 return INVALID_TOKENID;
158 }
159 AccessTokenIDEx tokenIdEx =
160 AccessTokenManagerClient::GetInstance().GetHapTokenID(userID, bundleName, instIndex);
161 return tokenIdEx.tokenIdExStruct.tokenID;
162 }
163
GetHapTokenIDEx(int32_t userID,const std::string & bundleName,int32_t instIndex)164 AccessTokenIDEx AccessTokenKit::GetHapTokenIDEx(int32_t userID, const std::string& bundleName, int32_t instIndex)
165 {
166 AccessTokenIDEx tokenIdEx = {0};
167 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, userID=%{public}d, bundleName=%{public}s, instIndex=%{public}d",
168 userID, bundleName.c_str(), instIndex);
169 if ((!DataValidator::IsUserIdValid(userID)) || (!DataValidator::IsBundleNameValid(bundleName))) {
170 ACCESSTOKEN_LOG_ERROR(LABEL, "hap token param check failed");
171 return tokenIdEx;
172 }
173 return AccessTokenManagerClient::GetInstance().GetHapTokenID(userID, bundleName, instIndex);
174 }
175
GetHapTokenInfo(AccessTokenID tokenID,HapTokenInfo & hapTokenInfoRes)176 int AccessTokenKit::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes)
177 {
178 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d", tokenID);
179 if (tokenID == INVALID_TOKENID) {
180 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
181 return AccessTokenError::ERR_PARAM_INVALID;
182 }
183
184 return AccessTokenManagerClient::GetInstance().GetHapTokenInfo(tokenID, hapTokenInfoRes);
185 }
186
GetNativeTokenInfo(AccessTokenID tokenID,NativeTokenInfo & nativeTokenInfoRes)187 int AccessTokenKit::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes)
188 {
189 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d", tokenID);
190 if (tokenID == INVALID_TOKENID) {
191 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
192 return AccessTokenError::ERR_PARAM_INVALID;
193 }
194 return AccessTokenManagerClient::GetInstance().GetNativeTokenInfo(tokenID, nativeTokenInfoRes);
195 }
196
GetSelfPermissionsState(std::vector<PermissionListState> & permList)197 PermissionOper AccessTokenKit::GetSelfPermissionsState(std::vector<PermissionListState>& permList)
198 {
199 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, permList.size=%{public}zu.", permList.size());
200 return AccessTokenManagerClient::GetInstance().GetSelfPermissionsState(permList);
201 }
202
VerifyAccessToken(AccessTokenID tokenID,const std::string & permissionName)203 int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName)
204 {
205 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d, permissionName=%{public}s",
206 tokenID, permissionName.c_str());
207 if (!DataValidator::IsPermissionNameValid(permissionName)) {
208 ACCESSTOKEN_LOG_ERROR(LABEL, "permissionName is invalid");
209 return PERMISSION_DENIED;
210 }
211 return AccessTokenManagerClient::GetInstance().VerifyAccessToken(tokenID, permissionName);
212 }
213
VerifyAccessToken(AccessTokenID callerTokenID,AccessTokenID firstTokenID,const std::string & permissionName)214 int AccessTokenKit::VerifyAccessToken(
215 AccessTokenID callerTokenID, AccessTokenID firstTokenID, const std::string& permissionName)
216 {
217 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, callerTokenID=%{public}d, firstTokenID=%{public}d, permissionName=%{public}s",
218 callerTokenID, firstTokenID, permissionName.c_str());
219 int ret = AccessTokenKit::VerifyAccessToken(callerTokenID, permissionName);
220 if (ret != PERMISSION_GRANTED) {
221 return ret;
222 }
223 if (firstTokenID == FIRSTCALLER_TOKENID_DEFAULT) {
224 return ret;
225 }
226 return AccessTokenKit::VerifyAccessToken(firstTokenID, permissionName);
227 }
228
GetDefPermission(const std::string & permissionName,PermissionDef & permissionDefResult)229 int AccessTokenKit::GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult)
230 {
231 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, permissionName=%{public}s", permissionName.c_str());
232 if (!DataValidator::IsPermissionNameValid(permissionName)) {
233 ACCESSTOKEN_LOG_ERROR(LABEL, "permissionName is invalid");
234 return AccessTokenError::ERR_PARAM_INVALID;
235 }
236
237 int ret = AccessTokenManagerClient::GetInstance().GetDefPermission(permissionName, permissionDefResult);
238 ACCESSTOKEN_LOG_DEBUG(LABEL, "GetDefPermission bundleName = %{public}s", permissionDefResult.bundleName.c_str());
239
240 return ret;
241 }
242
GetDefPermissions(AccessTokenID tokenID,std::vector<PermissionDef> & permDefList)243 int AccessTokenKit::GetDefPermissions(AccessTokenID tokenID, std::vector<PermissionDef>& permDefList)
244 {
245 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d", tokenID);
246 if (tokenID == INVALID_TOKENID) {
247 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
248 return AccessTokenError::ERR_PARAM_INVALID;
249 }
250
251 return AccessTokenManagerClient::GetInstance().GetDefPermissions(tokenID, permDefList);
252 }
253
GetReqPermissions(AccessTokenID tokenID,std::vector<PermissionStateFull> & reqPermList,bool isSystemGrant)254 int AccessTokenKit::GetReqPermissions(
255 AccessTokenID tokenID, std::vector<PermissionStateFull>& reqPermList, bool isSystemGrant)
256 {
257 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d, isSystemGrant=%{public}d", tokenID, isSystemGrant);
258 if (tokenID == INVALID_TOKENID) {
259 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
260 return AccessTokenError::ERR_PARAM_INVALID;
261 }
262
263 return AccessTokenManagerClient::GetInstance().GetReqPermissions(tokenID, reqPermList, isSystemGrant);
264 }
265
GetPermissionFlag(AccessTokenID tokenID,const std::string & permissionName,int & flag)266 int AccessTokenKit::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, int& flag)
267 {
268 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d, permissionName=%{public}s",
269 tokenID, permissionName.c_str());
270 if (tokenID == INVALID_TOKENID) {
271 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
272 return AccessTokenError::ERR_PARAM_INVALID;
273 }
274 if (!DataValidator::IsPermissionNameValid(permissionName)) {
275 ACCESSTOKEN_LOG_ERROR(LABEL, "permissionName is invalid");
276 return AccessTokenError::ERR_PARAM_INVALID;
277 }
278 return AccessTokenManagerClient::GetInstance().GetPermissionFlag(tokenID, permissionName, flag);
279 }
280
GrantPermission(AccessTokenID tokenID,const std::string & permissionName,int flag)281 int AccessTokenKit::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag)
282 {
283 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d, permissionName=%{public}s, flag=%{public}d",
284 tokenID, permissionName.c_str(), flag);
285 if (tokenID == INVALID_TOKENID) {
286 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
287 return AccessTokenError::ERR_PARAM_INVALID;
288 }
289 if (!DataValidator::IsPermissionNameValid(permissionName)) {
290 ACCESSTOKEN_LOG_ERROR(LABEL, "permissionName is invalid");
291 return AccessTokenError::ERR_PARAM_INVALID;
292 }
293 if (!DataValidator::IsPermissionFlagValid(flag)) {
294 ACCESSTOKEN_LOG_ERROR(LABEL, "flag is invalid");
295 return AccessTokenError::ERR_PARAM_INVALID;
296 }
297 return AccessTokenManagerClient::GetInstance().GrantPermission(tokenID, permissionName, flag);
298 }
299
RevokePermission(AccessTokenID tokenID,const std::string & permissionName,int flag)300 int AccessTokenKit::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag)
301 {
302 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d, permissionName=%{public}s, flag=%{public}d",
303 tokenID, permissionName.c_str(), flag);
304 if (tokenID == INVALID_TOKENID) {
305 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
306 return AccessTokenError::ERR_PARAM_INVALID;
307 }
308 if (!DataValidator::IsPermissionNameValid(permissionName)) {
309 ACCESSTOKEN_LOG_ERROR(LABEL, "permissionName is invalid");
310 return AccessTokenError::ERR_PARAM_INVALID;
311 }
312 if (!DataValidator::IsPermissionFlagValid(flag)) {
313 ACCESSTOKEN_LOG_ERROR(LABEL, "flag is invalid");
314 return AccessTokenError::ERR_PARAM_INVALID;
315 }
316 return AccessTokenManagerClient::GetInstance().RevokePermission(tokenID, permissionName, flag);
317 }
318
ClearUserGrantedPermissionState(AccessTokenID tokenID)319 int AccessTokenKit::ClearUserGrantedPermissionState(AccessTokenID tokenID)
320 {
321 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d", tokenID);
322 if (tokenID == INVALID_TOKENID) {
323 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
324 return AccessTokenError::ERR_PARAM_INVALID;
325 }
326 return AccessTokenManagerClient::GetInstance().ClearUserGrantedPermissionState(tokenID);
327 }
328
RegisterPermStateChangeCallback(const std::shared_ptr<PermStateChangeCallbackCustomize> & callback)329 int32_t AccessTokenKit::RegisterPermStateChangeCallback(
330 const std::shared_ptr<PermStateChangeCallbackCustomize>& callback)
331 {
332 ACCESSTOKEN_LOG_INFO(LABEL, "called");
333 return AccessTokenManagerClient::GetInstance().RegisterPermStateChangeCallback(callback);
334 }
335
UnRegisterPermStateChangeCallback(const std::shared_ptr<PermStateChangeCallbackCustomize> & callback)336 int32_t AccessTokenKit::UnRegisterPermStateChangeCallback(
337 const std::shared_ptr<PermStateChangeCallbackCustomize>& callback)
338 {
339 ACCESSTOKEN_LOG_INFO(LABEL, "called");
340 return AccessTokenManagerClient::GetInstance().UnRegisterPermStateChangeCallback(callback);
341 }
342
GetHapDlpFlag(AccessTokenID tokenID)343 int32_t AccessTokenKit::GetHapDlpFlag(AccessTokenID tokenID)
344 {
345 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d", tokenID);
346 if (tokenID == INVALID_TOKENID) {
347 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
348 return INVALID_DLP_TOKEN_FLAG;
349 }
350 AccessTokenIDInner *idInner = reinterpret_cast<AccessTokenIDInner *>(&tokenID);
351 return static_cast<int32_t>(idInner->dlpFlag);
352 }
353
ReloadNativeTokenInfo()354 int32_t AccessTokenKit::ReloadNativeTokenInfo()
355 {
356 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
357 return AccessTokenManagerClient::GetInstance().ReloadNativeTokenInfo();
358 #else
359 return 0;
360 #endif
361 }
362
GetNativeTokenId(const std::string & processName)363 AccessTokenID AccessTokenKit::GetNativeTokenId(const std::string& processName)
364 {
365 if (!DataValidator::IsProcessNameValid(processName)) {
366 ACCESSTOKEN_LOG_ERROR(LABEL, "processName is invalid, processName=%{public}s", processName.c_str());
367 return INVALID_TOKENID;
368 }
369 return AccessTokenManagerClient::GetInstance().GetNativeTokenId(processName);
370 }
371
372 #ifdef TOKEN_SYNC_ENABLE
GetHapTokenInfoFromRemote(AccessTokenID tokenID,HapTokenInfoForSync & hapSync)373 int AccessTokenKit::GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync)
374 {
375 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d", tokenID);
376 if (tokenID == INVALID_TOKENID) {
377 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID is invalid");
378 return AccessTokenError::ERR_PARAM_INVALID;
379 }
380
381 return AccessTokenManagerClient::GetInstance().GetHapTokenInfoFromRemote(tokenID, hapSync);
382 }
383
GetAllNativeTokenInfo(std::vector<NativeTokenInfoForSync> & nativeTokenInfosRes)384 int AccessTokenKit::GetAllNativeTokenInfo(std::vector<NativeTokenInfoForSync>& nativeTokenInfosRes)
385 {
386 ACCESSTOKEN_LOG_DEBUG(LABEL, "called");
387
388 return AccessTokenManagerClient::GetInstance().GetAllNativeTokenInfo(nativeTokenInfosRes);
389 }
390
SetRemoteHapTokenInfo(const std::string & deviceID,const HapTokenInfoForSync & hapSync)391 int AccessTokenKit::SetRemoteHapTokenInfo(const std::string& deviceID,
392 const HapTokenInfoForSync& hapSync)
393 {
394 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, deviceID=%{public}s, tokenID=%{public}d",
395 ConstantCommon::EncryptDevId(deviceID).c_str(), hapSync.baseInfo.tokenID);
396 return AccessTokenManagerClient::GetInstance().SetRemoteHapTokenInfo(deviceID, hapSync);
397 }
398
SetRemoteNativeTokenInfo(const std::string & deviceID,const std::vector<NativeTokenInfoForSync> & nativeTokenInfoList)399 int AccessTokenKit::SetRemoteNativeTokenInfo(const std::string& deviceID,
400 const std::vector<NativeTokenInfoForSync>& nativeTokenInfoList)
401 {
402 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, deviceID=%{public}s", ConstantCommon::EncryptDevId(deviceID).c_str());
403 return AccessTokenManagerClient::GetInstance().SetRemoteNativeTokenInfo(deviceID, nativeTokenInfoList);
404 }
405
DeleteRemoteToken(const std::string & deviceID,AccessTokenID tokenID)406 int AccessTokenKit::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID)
407 {
408 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, deviceID=%{public}s, tokenID=%{public}d",
409 ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID);
410 return AccessTokenManagerClient::GetInstance().DeleteRemoteToken(deviceID, tokenID);
411 }
412
DeleteRemoteDeviceTokens(const std::string & deviceID)413 int AccessTokenKit::DeleteRemoteDeviceTokens(const std::string& deviceID)
414 {
415 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, deviceID=%{public}s", ConstantCommon::EncryptDevId(deviceID).c_str());
416 return AccessTokenManagerClient::GetInstance().DeleteRemoteDeviceTokens(deviceID);
417 }
418
GetRemoteNativeTokenID(const std::string & deviceID,AccessTokenID tokenID)419 AccessTokenID AccessTokenKit::GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID)
420 {
421 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, deviceID=%{public}s, tokenID=%{public}d",
422 ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID);
423 return AccessTokenManagerClient::GetInstance().GetRemoteNativeTokenID(deviceID, tokenID);
424 }
425 #endif
426
DumpTokenInfo(AccessTokenID tokenID,std::string & dumpInfo)427 void AccessTokenKit::DumpTokenInfo(AccessTokenID tokenID, std::string& dumpInfo)
428 {
429 ACCESSTOKEN_LOG_DEBUG(LABEL, "called, tokenID=%{public}d", tokenID);
430 AccessTokenManagerClient::GetInstance().DumpTokenInfo(tokenID, dumpInfo);
431 }
432
GetVersion(void)433 int32_t AccessTokenKit::GetVersion(void)
434 {
435 uint64_t fullTokenId = GetSelfTokenID();
436 bool isSystemApp = TokenIdKit::IsSystemAppByFullTokenID(fullTokenId);
437 if ((GetTokenTypeFlag(fullTokenId) == TOKEN_HAP) && (!isSystemApp)) {
438 return ERR_NOT_SYSTEM_APP;
439 }
440 return DEFAULT_TOKEN_VERSION;
441 }
442 } // namespace AccessToken
443 } // namespace Security
444 } // namespace OHOS
445