• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "proxy_authorization_uri_config.h"
17 #include <fstream>
18 #include <sstream>
19 #include <unistd.h>
20 
21 #include "accesstoken_kit.h"
22 #include "parameters.h"
23 #include "hilog_wrapper.h"
24 
25 namespace OHOS {
26 namespace AAFwk {
27 namespace {
28 const std::string CONFIG_PATH_DEFAULT = "/system/etc/proxy_authorization_uri.json";
29 const std::string CONFIG_PATH_PREFIX = "/system/variant/";
30 const std::string CONFIG_PATH = "/base/etc/proxy_authorization_uri.json";
31 
32 const std::string PROXY_AUTHORIZATION_URI_NAME = "proxyAuthorizationUri";
33 const std::string BUNDLE_NAME = "bundleName";
34 const std::string PROCESS_NAME = "processName";
35 }
36 
LoadConfiguration()37 void ProxyAuthorizationUriConfig::LoadConfiguration()
38 {
39     HILOG_DEBUG("call");
40     nlohmann::json jsonBuf;
41     std::string deviceType = OHOS::system::GetDeviceType();
42     if (deviceType == "2in1") {
43         deviceType = "pc";
44     }
45     std::string configPath = CONFIG_PATH_PREFIX + deviceType + CONFIG_PATH;
46     if (ReadFileInfoJson(configPath, jsonBuf)) {
47         LoadAllowedList(jsonBuf);
48         return;
49     }
50     nlohmann::json jsonBufDefault;
51     if (ReadFileInfoJson(CONFIG_PATH_DEFAULT, jsonBufDefault)) {
52         LoadAllowedList(jsonBufDefault);
53     }
54 }
55 
IsAuthorizationUriAllowed(uint32_t fromTokenId)56 bool ProxyAuthorizationUriConfig::IsAuthorizationUriAllowed(uint32_t fromTokenId)
57 {
58     Security::AccessToken::NativeTokenInfo nativeInfo;
59     auto result = Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(fromTokenId, nativeInfo);
60     if (result == Security::AccessToken::AccessTokenKitRet::RET_SUCCESS &&
61         processNameAllowedList_.find(nativeInfo.processName) != processNameAllowedList_.end()) {
62         return true;
63     }
64 
65     Security::AccessToken::HapTokenInfo hapInfo;
66     result = Security::AccessToken::AccessTokenKit::GetHapTokenInfo(fromTokenId, hapInfo);
67     if (result == Security::AccessToken::AccessTokenKitRet::RET_SUCCESS &&
68         bundleNameAllowedList_.find(hapInfo.bundleName) != bundleNameAllowedList_.end()) {
69         return true;
70     }
71     return false;
72 }
73 
LoadAllowedList(const nlohmann::json & object)74 void ProxyAuthorizationUriConfig::LoadAllowedList(const nlohmann::json &object)
75 {
76     if (!object.contains(PROXY_AUTHORIZATION_URI_NAME)) {
77         HILOG_ERROR("Proxy authorization uri config not existed.");
78         return;
79     }
80 
81     for (auto &item : object.at(PROXY_AUTHORIZATION_URI_NAME).items()) {
82         const nlohmann::json& jsonObject = item.value();
83         if (jsonObject.contains(BUNDLE_NAME) && jsonObject.at(BUNDLE_NAME).is_string()) {
84             std::string bundleName = jsonObject.at(BUNDLE_NAME).get<std::string>();
85             bundleNameAllowedList_.insert(bundleName);
86         }
87         if (jsonObject.contains(PROCESS_NAME) && jsonObject.at(PROCESS_NAME).is_string()) {
88             std::string processName = jsonObject.at(PROCESS_NAME).get<std::string>();
89             processNameAllowedList_.insert(processName);
90         }
91     }
92 }
93 
ReadFileInfoJson(const std::string & filePath,nlohmann::json & jsonBuf)94 bool ProxyAuthorizationUriConfig::ReadFileInfoJson(const std::string &filePath, nlohmann::json &jsonBuf)
95 {
96     if (access(filePath.c_str(), F_OK) != 0) {
97         HILOG_DEBUG("%{public}s, not existed", filePath.c_str());
98         return false;
99     }
100 
101     std::fstream in;
102     char errBuf[256];
103     errBuf[0] = '\0';
104     in.open(filePath, std::ios_base::in);
105     if (!in.is_open()) {
106         strerror_r(errno, errBuf, sizeof(errBuf));
107         HILOG_ERROR("the file cannot be open due to  %{public}s", errBuf);
108         return false;
109     }
110 
111     in.seekg(0, std::ios::end);
112     int64_t size = in.tellg();
113     if (size <= 0) {
114         HILOG_ERROR("the file is an empty file");
115         in.close();
116         return false;
117     }
118 
119     in.seekg(0, std::ios::beg);
120     jsonBuf = nlohmann::json::parse(in, nullptr, false);
121     in.close();
122     if (jsonBuf.is_discarded()) {
123         HILOG_ERROR("bad profile file");
124         return false;
125     }
126 
127     return true;
128 }
129 }
130 }