1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "identity_checker_impl.h"
16
17 #include <cinttypes>
18
19 #include "ability_manager_client.h"
20 #include "accesstoken_kit.h"
21 #include "global.h"
22 #include "tokenid_kit.h"
23 #include "window_manager.h"
24
25 namespace OHOS {
26 namespace MiscServices {
27 using namespace Rosen;
28 using namespace Security::AccessToken;
IsFocused(int64_t callingPid,uint32_t callingTokenId,int64_t focusedPid)29 bool IdentityCheckerImpl::IsFocused(int64_t callingPid, uint32_t callingTokenId, int64_t focusedPid)
30 {
31 int64_t realFocusedPid = focusedPid;
32 if (realFocusedPid == INVALID_PID) {
33 FocusChangeInfo info;
34 WindowManager::GetInstance().GetFocusWindowInfo(info);
35 realFocusedPid = info.pid_;
36 }
37 IMSA_HILOGD("focusedPid:%{public}" PRId64 ", pid:%{public}" PRId64 "", realFocusedPid, callingPid);
38 if (callingPid == realFocusedPid) {
39 IMSA_HILOGD("pid is same, focused app");
40 return true;
41 }
42 bool isFocused = false;
43 auto ret = AAFwk::AbilityManagerClient::GetInstance()->CheckUIExtensionIsFocused(callingTokenId, isFocused);
44 IMSA_HILOGI("tokenId: %{public}d, check result:%{public}d, isFocused:%{public}d", callingTokenId, ret, isFocused);
45 return ret == ErrorCode::NO_ERROR && isFocused;
46 }
47
IsSystemApp(uint64_t fullTokenId)48 bool IdentityCheckerImpl::IsSystemApp(uint64_t fullTokenId)
49 {
50 return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId);
51 }
52
IsBundleNameValid(uint32_t tokenId,const std::string & validBundleName)53 bool IdentityCheckerImpl::IsBundleNameValid(uint32_t tokenId, const std::string &validBundleName)
54 {
55 std::string bundleName = GetBundleNameByToken(tokenId);
56 if (bundleName.empty()) {
57 return false;
58 }
59 if (bundleName != validBundleName) {
60 IMSA_HILOGE("bundleName invalid, caller: %{public}s, current: %{public}s", bundleName.c_str(),
61 validBundleName.c_str());
62 return false;
63 }
64 IMSA_HILOGD("checked successfully");
65 return true;
66 }
67
HasPermission(uint32_t tokenId,const std::string & permission)68 bool IdentityCheckerImpl::HasPermission(uint32_t tokenId, const std::string &permission)
69 {
70 if (AccessTokenKit::VerifyAccessToken(tokenId, permission) != PERMISSION_GRANTED) {
71 IMSA_HILOGE("Permission [%{public}s] not granted", permission.c_str());
72 return false;
73 }
74 IMSA_HILOGD("verify AccessToken success");
75 return true;
76 }
77
IsBroker(AccessTokenID tokenId)78 bool IdentityCheckerImpl::IsBroker(AccessTokenID tokenId)
79 {
80 NativeTokenInfo nativeTokenInfoRes;
81 AccessTokenKit::GetNativeTokenInfo(tokenId, nativeTokenInfoRes);
82 return nativeTokenInfoRes.processName == "broker";
83 }
84
IsNativeSa(AccessTokenID tokenId)85 bool IdentityCheckerImpl::IsNativeSa(AccessTokenID tokenId)
86 {
87 return AccessTokenKit::GetTokenType(tokenId) == TypeATokenTypeEnum::TOKEN_NATIVE;
88 }
89
GetBundleNameByToken(uint32_t tokenId)90 std::string IdentityCheckerImpl::GetBundleNameByToken(uint32_t tokenId)
91 {
92 auto tokenType = AccessTokenKit::GetTokenTypeFlag(tokenId);
93 if (tokenType != TOKEN_HAP) {
94 IMSA_HILOGE("invalid token");
95 return "";
96 }
97 HapTokenInfo info;
98 int ret = AccessTokenKit::GetHapTokenInfo(tokenId, info);
99 if (ret != ErrorCode::NO_ERROR) {
100 IMSA_HILOGE("failed to get hap info, ret: %{public}d", ret);
101 return "";
102 }
103 return info.bundleName;
104 }
105 } // namespace MiscServices
106 } // namespace OHOS
107