1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #define LOG_TAG "BundleChecker"
16
17 #include "bundle_checker.h"
18 #include <memory>
19 #include "accesstoken_kit.h"
20 #include "hap_token_info.h"
21 #include "log_print.h"
22 #include "utils/crypto.h"
23 namespace OHOS {
24 namespace DistributedData {
25 using namespace Security::AccessToken;
26 __attribute__((used)) BundleChecker BundleChecker::instance_;
BundleChecker()27 BundleChecker::BundleChecker() noexcept
28 {
29 CheckerManager::GetInstance().RegisterPlugin(
30 "BundleChecker", [this]() -> auto { return this; });
31 }
32
~BundleChecker()33 BundleChecker::~BundleChecker()
34 {
35 }
36
Initialize()37 void BundleChecker::Initialize()
38 {
39 }
40
SetTrustInfo(const CheckerManager::Trust & trust)41 bool BundleChecker::SetTrustInfo(const CheckerManager::Trust &trust)
42 {
43 trusts_[trust.bundleName] = trust.appId;
44 return true;
45 }
46
SetDistrustInfo(const CheckerManager::Distrust & distrust)47 bool BundleChecker::SetDistrustInfo(const CheckerManager::Distrust &distrust)
48 {
49 distrusts_[distrust.bundleName] = distrust.appId;
50 return true;
51 }
52
GetAppId(const CheckerManager::StoreInfo & info)53 std::string BundleChecker::GetAppId(const CheckerManager::StoreInfo &info)
54 {
55 if (AccessTokenKit::GetTokenTypeFlag(info.tokenId) != TOKEN_HAP) {
56 return "";
57 }
58 HapTokenInfo tokenInfo;
59 auto result = AccessTokenKit::GetHapTokenInfo(info.tokenId, tokenInfo);
60 if (result != RET_SUCCESS) {
61 ZLOGE("token:0x%{public}x, result:%{public}d", info.tokenId, result);
62 return "";
63 }
64 if (!info.bundleName.empty() && tokenInfo.bundleName != info.bundleName) {
65 ZLOGE("bundlename:%{public}s <-> %{public}s", info.bundleName.c_str(), tokenInfo.bundleName.c_str());
66 return "";
67 }
68 auto it = trusts_.find(info.bundleName);
69 if (it != trusts_.end() && (it->second == tokenInfo.appID)) {
70 return info.bundleName;
71 }
72 ZLOGD("bundleName:%{public}s, appId:%{public}s", info.bundleName.c_str(), tokenInfo.appID.c_str());
73 return Crypto::Sha256(tokenInfo.appID);
74 }
75
IsValid(const CheckerManager::StoreInfo & info)76 bool BundleChecker::IsValid(const CheckerManager::StoreInfo &info)
77 {
78 if (AccessTokenKit::GetTokenTypeFlag(info.tokenId) != TOKEN_HAP) {
79 return false;
80 }
81
82 HapTokenInfo tokenInfo;
83 if (AccessTokenKit::GetHapTokenInfo(info.tokenId, tokenInfo) != RET_SUCCESS) {
84 return false;
85 }
86
87 return tokenInfo.bundleName == info.bundleName;
88 }
89
IsDistrust(const CheckerManager::StoreInfo & info)90 bool BundleChecker::IsDistrust(const CheckerManager::StoreInfo &info)
91 {
92 if (AccessTokenKit::GetTokenTypeFlag(info.tokenId) != TOKEN_HAP) {
93 return false;
94 }
95 HapTokenInfo tokenInfo;
96 auto result = AccessTokenKit::GetHapTokenInfo(info.tokenId, tokenInfo);
97 if (result != RET_SUCCESS) {
98 ZLOGE("token:0x%{public}x, result:%{public}d", info.tokenId, result);
99 return false;
100 }
101 if (!info.bundleName.empty() && tokenInfo.bundleName != info.bundleName) {
102 ZLOGE("bundlename:%{public}s <-> %{public}s", info.bundleName.c_str(), tokenInfo.bundleName.c_str());
103 return false;
104 }
105 auto it = distrusts_.find(info.bundleName);
106 if (it != distrusts_.end() && (it->second == tokenInfo.appID)) {
107 return true;
108 }
109 return false;
110 }
111 } // namespace DistributedData
112 } // namespace OHOS