• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #include "base_remote_command.h"
16 
17 #include "accesstoken_log.h"
18 #include "data_validator.h"
19 
20 namespace OHOS {
21 namespace Security {
22 namespace AccessToken {
23 namespace {
24 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "BaseRemoteCommand"};
25 static const std::string JSON_COMMAND_NAME = "commandName";
26 static const std::string JSON_UNIQUEID = "uniqueId";
27 static const std::string JSON_REQUEST_VERSION = "requestVersion";
28 static const std::string JSON_SRC_DEVICEID = "srcDeviceId";
29 static const std::string JSON_SRC_DEVICE_LEVEL = "srcDeviceLevel";
30 static const std::string JSON_DST_DEVICEID = "dstDeviceId";
31 static const std::string JSON_DST_DEVICE_LEVEL = "dstDeviceLevel";
32 static const std::string JSON_STATUS_CODE = "statusCode";
33 static const std::string JSON_MESSAGE = "message";
34 static const std::string JSON_RESPONSE_VERSION = "responseVersion";
35 static const std::string JSON_RESPONSE_DEVICEID = "responseDeviceId";
36 static const std::string JSON_VERSION = "version";
37 static const std::string JSON_TOKENID = "tokenID";
38 static const std::string JSON_TOKEN_ATTR = "tokenAttr";
39 static const std::string JSON_USERID = "userID";
40 static const std::string JSON_BUNDLE_NAME = "bundleName";
41 static const std::string JSON_INST_INDEX = "instIndex";
42 static const std::string JSON_DLP_TYPE = "dlpType";
43 static const std::string JSON_APPID = "appID";
44 static const std::string JSON_DEVICEID = "deviceID";
45 }
46 
GetStringFromJson(const nlohmann::json & jsonObject,const std::string & tag,std::string & out)47 static void GetStringFromJson(const nlohmann::json& jsonObject, const std::string& tag, std::string& out)
48 {
49     if (jsonObject.find(tag) != jsonObject.end() && jsonObject.at(tag).is_string()) {
50         out = jsonObject.at(tag).get<std::string>();
51     }
52 }
53 
GetIntFromJson(const nlohmann::json & jsonObject,const std::string & tag,int32_t & out)54 static void GetIntFromJson(const nlohmann::json& jsonObject, const std::string& tag, int32_t& out)
55 {
56     if (jsonObject.find(tag) != jsonObject.end() && jsonObject.at(tag).is_number()) {
57         out = jsonObject.at(tag).get<int32_t>();
58     }
59 }
60 
GetUnSignedIntFromJson(const nlohmann::json & jsonObject,const std::string & tag,unsigned int & out)61 static void GetUnSignedIntFromJson(const nlohmann::json& jsonObject, const std::string& tag,
62     unsigned int& out)
63 {
64     if (jsonObject.find(tag) != jsonObject.end() && jsonObject.at(tag).is_number()) {
65         out = jsonObject.at(tag).get<unsigned int>();
66     }
67 }
68 
FromRemoteProtocolJson(const nlohmann::json & jsonObject)69 void BaseRemoteCommand::FromRemoteProtocolJson(const nlohmann::json& jsonObject)
70 {
71     GetStringFromJson(jsonObject, JSON_COMMAND_NAME, remoteProtocol_.commandName);
72     GetStringFromJson(jsonObject, JSON_UNIQUEID, remoteProtocol_.uniqueId);
73     GetIntFromJson(jsonObject, JSON_REQUEST_VERSION, remoteProtocol_.requestVersion);
74     GetStringFromJson(jsonObject, JSON_SRC_DEVICEID, remoteProtocol_.srcDeviceId);
75     GetStringFromJson(jsonObject, JSON_SRC_DEVICE_LEVEL, remoteProtocol_.srcDeviceLevel);
76     GetStringFromJson(jsonObject, JSON_DST_DEVICEID, remoteProtocol_.dstDeviceId);
77     GetStringFromJson(jsonObject, JSON_DST_DEVICE_LEVEL, remoteProtocol_.dstDeviceLevel);
78     GetIntFromJson(jsonObject, JSON_STATUS_CODE, remoteProtocol_.statusCode);
79     GetStringFromJson(jsonObject, JSON_MESSAGE, remoteProtocol_.message);
80     GetIntFromJson(jsonObject, JSON_RESPONSE_VERSION, remoteProtocol_.responseVersion);
81     GetStringFromJson(jsonObject, JSON_RESPONSE_DEVICEID, remoteProtocol_.responseDeviceId);
82 }
83 
ToRemoteProtocolJson()84 nlohmann::json BaseRemoteCommand::ToRemoteProtocolJson()
85 {
86     nlohmann::json j;
87     j["commandName"] = remoteProtocol_.commandName;
88     j["uniqueId"] = remoteProtocol_.uniqueId;
89     j["requestVersion"] = remoteProtocol_.requestVersion;
90     j["srcDeviceId"] = remoteProtocol_.srcDeviceId;
91     j["srcDeviceLevel"] = remoteProtocol_.srcDeviceLevel;
92     j["dstDeviceId"] = remoteProtocol_.dstDeviceId;
93     j["dstDeviceLevel"] = remoteProtocol_.dstDeviceLevel;
94     j["statusCode"] = remoteProtocol_.statusCode;
95     j["message"] = remoteProtocol_.message;
96     j["responseVersion"] = remoteProtocol_.responseVersion;
97     j["responseDeviceId"] = remoteProtocol_.responseDeviceId;
98     return j;
99 }
100 
ToNativeTokenInfoJson(const NativeTokenInfoForSync & tokenInfo)101 nlohmann::json BaseRemoteCommand::ToNativeTokenInfoJson(const NativeTokenInfoForSync& tokenInfo)
102 {
103     nlohmann::json permStatesJson;
104     for (const auto& permState : tokenInfo.permStateList) {
105         nlohmann::json permStateJson;
106         ToPermStateJson(permStateJson, permState);
107         permStatesJson.emplace_back(permStateJson);
108     }
109 
110     nlohmann::json DcapsJson = nlohmann::json(tokenInfo.baseInfo.dcap);
111     nlohmann::json NativeAclsJson = nlohmann::json(tokenInfo.baseInfo.nativeAcls);
112     nlohmann::json nativeTokenJson = nlohmann::json {
113         {"processName", tokenInfo.baseInfo.processName},
114         {"apl", tokenInfo.baseInfo.apl},
115         {"version", tokenInfo.baseInfo.ver},
116         {"tokenId", tokenInfo.baseInfo.tokenID},
117         {"tokenAttr", tokenInfo.baseInfo.tokenAttr},
118         {"dcaps", DcapsJson},
119         {"nativeAcls", NativeAclsJson},
120         {"permState", permStatesJson},
121     };
122     return nativeTokenJson;
123 }
124 
ToPermStateJson(nlohmann::json & permStateJson,const PermissionStateFull & state)125 void BaseRemoteCommand::ToPermStateJson(nlohmann::json& permStateJson, const PermissionStateFull& state)
126 {
127     if (state.resDeviceID.size() != state.grantStatus.size() || state.resDeviceID.size() != state.grantFlags.size()) {
128         ACCESSTOKEN_LOG_DEBUG(LABEL, "state grant config size is invalid");
129         return;
130     }
131     nlohmann::json permConfigsJson;
132     uint32_t size = state.resDeviceID.size();
133     for (uint32_t i = 0; i < size; i++) {
134         nlohmann::json permConfigJson = nlohmann::json {
135             {"resDeviceID", state.resDeviceID[i]},
136             {"grantStatus", state.grantStatus[i]},
137             {"grantFlags", state.grantFlags[i]},
138         };
139         permConfigsJson.emplace_back(permConfigJson);
140     }
141 
142     permStateJson["permissionName"] = state.permissionName;
143     permStateJson["isGeneral"] = state.isGeneral;
144     permStateJson["grantConfig"] = permConfigsJson;
145 }
146 
ToHapTokenInfosJson(const HapTokenInfoForSync & tokenInfo)147 nlohmann::json BaseRemoteCommand::ToHapTokenInfosJson(const HapTokenInfoForSync& tokenInfo)
148 {
149     nlohmann::json permStatesJson;
150     for (const auto& permState : tokenInfo.permStateList) {
151         nlohmann::json permStateJson;
152         ToPermStateJson(permStateJson, permState);
153         permStatesJson.emplace_back(permStateJson);
154     }
155 
156     nlohmann::json hapTokensJson = nlohmann::json {
157         {"version", tokenInfo.baseInfo.ver},
158         {"tokenID", tokenInfo.baseInfo.tokenID},
159         {"tokenAttr", tokenInfo.baseInfo.tokenAttr},
160         {"userID", tokenInfo.baseInfo.userID},
161         {"bundleName", tokenInfo.baseInfo.bundleName},
162         {"instIndex", tokenInfo.baseInfo.instIndex},
163         {"dlpType", tokenInfo.baseInfo.dlpType},
164         {"appID", tokenInfo.baseInfo.appID},
165         {"deviceID", tokenInfo.baseInfo.deviceID},
166         {"apl", tokenInfo.baseInfo.apl},
167         {"permState", permStatesJson}
168     };
169     return hapTokensJson;
170 }
171 
FromHapTokenBasicInfoJson(const nlohmann::json & hapTokenJson,HapTokenInfo & hapTokenBasicInfo)172 void BaseRemoteCommand::FromHapTokenBasicInfoJson(const nlohmann::json& hapTokenJson,
173     HapTokenInfo& hapTokenBasicInfo)
174 {
175     if (hapTokenJson.find("version") != hapTokenJson.end() && hapTokenJson.at("version").is_number()) {
176         hapTokenJson.at("version").get_to(hapTokenBasicInfo.ver);
177     }
178 
179     GetUnSignedIntFromJson(hapTokenJson, JSON_TOKENID, hapTokenBasicInfo.tokenID);
180     GetUnSignedIntFromJson(hapTokenJson, JSON_TOKEN_ATTR, hapTokenBasicInfo.tokenAttr);
181     GetIntFromJson(hapTokenJson, JSON_USERID, hapTokenBasicInfo.userID);
182     GetStringFromJson(hapTokenJson, JSON_BUNDLE_NAME, hapTokenBasicInfo.bundleName);
183     GetIntFromJson(hapTokenJson, JSON_INST_INDEX, hapTokenBasicInfo.instIndex);
184     GetIntFromJson(hapTokenJson, JSON_DLP_TYPE, hapTokenBasicInfo.dlpType);
185     GetStringFromJson(hapTokenJson, JSON_APPID, hapTokenBasicInfo.appID);
186     GetStringFromJson(hapTokenJson, JSON_DEVICEID, hapTokenBasicInfo.deviceID);
187 
188     if (hapTokenJson.find("apl") != hapTokenJson.end() && hapTokenJson.at("apl").is_number()) {
189         int apl = hapTokenJson.at("apl").get<int>();
190         if (DataValidator::IsAplNumValid(apl)) {
191             hapTokenBasicInfo.apl = static_cast<ATokenAplEnum>(apl);
192         }
193     }
194 }
195 
FromPermStateListJson(const nlohmann::json & hapTokenJson,std::vector<PermissionStateFull> & permStateList)196 void BaseRemoteCommand::FromPermStateListJson(const nlohmann::json& hapTokenJson,
197     std::vector<PermissionStateFull>& permStateList)
198 {
199     if (hapTokenJson.find("permState") != hapTokenJson.end()
200         && hapTokenJson.at("permState").is_array()
201         && !hapTokenJson.at("permState").empty()) {
202         nlohmann::json permissionsJson = hapTokenJson.at("permState").get<nlohmann::json>();
203         for (const auto& permissionJson : permissionsJson) {
204             PermissionStateFull permission;
205             if (permissionJson.find("permissionName") == permissionJson.end() ||
206                 !permissionJson.at("permissionName").is_string() ||
207                 permissionJson.find("isGeneral") == permissionJson.end() ||
208                 !permissionJson.at("isGeneral").is_boolean() ||
209                 permissionJson.find("grantConfig") == permissionJson.end() ||
210                 !permissionJson.at("grantConfig").is_array() ||
211                 permissionJson.at("grantConfig").empty()) {
212                 continue;
213             }
214             permissionJson.at("permissionName").get_to(permission.permissionName);
215             permissionJson.at("isGeneral").get_to(permission.isGeneral);
216             nlohmann::json grantConfigsJson = permissionJson.at("grantConfig").get<nlohmann::json>();
217             for (const auto& grantConfigJson :grantConfigsJson) {
218                 if (grantConfigJson.find("resDeviceID") == grantConfigJson.end() ||
219                     !grantConfigJson.at("resDeviceID").is_string() ||
220                     grantConfigJson.find("grantStatus") == grantConfigJson.end() ||
221                     !grantConfigJson.at("grantStatus").is_number() ||
222                     grantConfigJson.find("grantFlags") == grantConfigJson.end() ||
223                     !grantConfigJson.at("grantFlags").is_number()) {
224                     continue;
225                 }
226                 std::string deviceID;
227                 grantConfigJson.at("resDeviceID").get_to(deviceID);
228                 int grantStatus;
229                 grantConfigJson.at("grantStatus").get_to(grantStatus);
230                 int grantFlags;
231                 grantConfigJson.at("grantFlags").get_to(grantFlags);
232                 permission.resDeviceID.emplace_back(deviceID);
233                 permission.grantStatus.emplace_back(grantStatus);
234                 permission.grantFlags.emplace_back(grantFlags);
235             }
236             permStateList.emplace_back(permission);
237         }
238     }
239 }
240 
FromHapTokenInfoJson(const nlohmann::json & hapTokenJson,HapTokenInfoForSync & hapTokenInfo)241 void BaseRemoteCommand::FromHapTokenInfoJson(const nlohmann::json& hapTokenJson,
242     HapTokenInfoForSync& hapTokenInfo)
243 {
244     FromHapTokenBasicInfoJson(hapTokenJson, hapTokenInfo.baseInfo);
245     if (hapTokenInfo.baseInfo.tokenID == 0) {
246         ACCESSTOKEN_LOG_ERROR(LABEL, "Hap token basic info is error.");
247         return;
248     }
249     FromPermStateListJson(hapTokenJson, hapTokenInfo.permStateList);
250 }
251 
FromNativeTokenInfoJson(const nlohmann::json & nativeTokenJson,NativeTokenInfoForSync & nativeTokenInfo)252 void BaseRemoteCommand::FromNativeTokenInfoJson(const nlohmann::json& nativeTokenJson,
253     NativeTokenInfoForSync& nativeTokenInfo)
254 {
255     if (nativeTokenJson.find("processName") != nativeTokenJson.end() && nativeTokenJson.at("processName").is_string()) {
256         nativeTokenInfo.baseInfo.processName = nativeTokenJson.at("processName").get<std::string>();
257     }
258     if (nativeTokenJson.find("apl") != nativeTokenJson.end() && nativeTokenJson.at("apl").is_number()) {
259         int apl = nativeTokenJson.at("apl").get<int>();
260         if (DataValidator::IsAplNumValid(apl)) {
261             nativeTokenInfo.baseInfo.apl = static_cast<ATokenAplEnum>(apl);
262         }
263     }
264     if (nativeTokenJson.find("version") != nativeTokenJson.end() && nativeTokenJson.at("version").is_number()) {
265         nativeTokenInfo.baseInfo.ver = (unsigned)nativeTokenJson.at("version").get<int32_t>();
266     }
267     if (nativeTokenJson.find("tokenId") != nativeTokenJson.end() && nativeTokenJson.at("tokenId").is_number()) {
268         nativeTokenInfo.baseInfo.tokenID = (unsigned)nativeTokenJson.at("tokenId").get<int32_t>();
269     }
270     if (nativeTokenJson.find("tokenAttr") != nativeTokenJson.end() && nativeTokenJson.at("tokenAttr").is_number()) {
271         nativeTokenInfo.baseInfo.tokenAttr = (unsigned)nativeTokenJson.at("tokenAttr").get<int32_t>();
272     }
273     if (nativeTokenJson.find("dcaps") != nativeTokenJson.end() && nativeTokenJson.at("dcaps").is_array()
274         && !nativeTokenJson.at("dcaps").empty() && (nativeTokenJson.at("dcaps"))[0].is_string()) {
275         nativeTokenInfo.baseInfo.dcap = nativeTokenJson.at("dcaps").get<std::vector<std::string>>();
276     }
277     if (nativeTokenJson.find("nativeAcls") != nativeTokenJson.end() && nativeTokenJson.at("nativeAcls").is_array()
278         && !nativeTokenJson.at("nativeAcls").empty() && (nativeTokenJson.at("nativeAcls"))[0].is_string()) {
279         nativeTokenInfo.baseInfo.nativeAcls = nativeTokenJson.at("nativeAcls").get<std::vector<std::string>>();
280     }
281 
282     FromPermStateListJson(nativeTokenJson, nativeTokenInfo.permStateList);
283 }
284 }  // namespace AccessToken
285 }  // namespace Security
286 }  // namespace OHOS
287