1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "account_iam_mgr_stub.h"
17
18 #include "access_token.h"
19 #include "account_log_wrapper.h"
20 #include "account_permission_manager.h"
21 #include "iaccount_iam_callback.h"
22 #include "ipc_skeleton.h"
23 #include "memory_guard.h"
24 #include "token_setproc.h"
25
26 namespace OHOS {
27 namespace AccountSA {
28 namespace {
29 const char ACCESS_USER_AUTH_INTERNAL[] = "ohos.permission.ACCESS_USER_AUTH_INTERNAL";
30 const char MANAGE_USER_IDM[] = "ohos.permission.MANAGE_USER_IDM";
31 const char USE_USER_IDM[] = "ohos.permission.USE_USER_IDM";
32 }
33
34 static const std::map<uint32_t, AccountIAMMgrStub::AccountIAMMessageProc> messageProcMap = {
35 {
36 static_cast<uint32_t>(AccountIAMInterfaceCode::OPEN_SESSION),
37 {
__anon310089e00202() 38 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
39 return ptr->ProcOpenSession(data, reply); },
40 .isSystemApi = true,
41 }
42 },
43 {
44 static_cast<uint32_t>(AccountIAMInterfaceCode::CLOSE_SESSION),
45 {
__anon310089e00302() 46 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
47 return ptr->ProcCloseSession(data, reply); },
48 .isSystemApi = true,
49 }
50 },
51 {
52 static_cast<uint32_t>(AccountIAMInterfaceCode::ADD_CREDENTIAL),
53 {
__anon310089e00402() 54 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
55 return ptr->ProcAddCredential(data, reply); },
56 .isSystemApi = true,
57 }
58 },
59 {
60 static_cast<uint32_t>(AccountIAMInterfaceCode::UPDATE_CREDENTIAL),
61 {
__anon310089e00502() 62 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
63 return ptr->ProcUpdateCredential(data, reply); },
64 .isSystemApi = true,
65 }
66 },
67 {
68 static_cast<uint32_t>(AccountIAMInterfaceCode::DEL_CRED),
69 {
__anon310089e00602() 70 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
71 return ptr->ProcDelCred(data, reply); },
72 .isSystemApi = true,
73 }
74 },
75 {
76 static_cast<uint32_t>(AccountIAMInterfaceCode::DEL_USER),
77 {
__anon310089e00702() 78 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
79 return ptr->ProcDelUser(data, reply); },
80 .isSystemApi = true,
81 }
82 },
83 {
84 static_cast<uint32_t>(AccountIAMInterfaceCode::CANCEL),
85 {
__anon310089e00802() 86 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
87 return ptr->ProcCancel(data, reply); },
88 .isSystemApi = true,
89 }
90 },
91 {
92 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_CREDENTIAL_INFO),
93 {
__anon310089e00902() 94 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
95 return ptr->ProcGetCredentialInfo(data, reply); },
96 .isSystemApi = true,
97 }
98 },
99 {
100 static_cast<uint32_t>(AccountIAMInterfaceCode::PREPARE_REMOTE_AUTH),
101 {
__anon310089e00a02() 102 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
103 return ptr->ProcPrepareRemoteAuth(data, reply); },
104 .isSystemApi = true,
105 }
106 },
107 {
108 static_cast<uint32_t>(AccountIAMInterfaceCode::AUTH_USER),
109 {
__anon310089e00b02() 110 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
111 return ptr->ProcAuthUser(data, reply); },
112 .isSystemApi = true,
113 }
114 },
115 {
116 static_cast<uint32_t>(AccountIAMInterfaceCode::CANCEL_AUTH),
117 {
__anon310089e00c02() 118 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
119 return ptr->ProcCancelAuth(data, reply); },
120 .isSystemApi = true,
121 }
122 },
123 {
124 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_AVAILABLE_STATUS),
125 {
__anon310089e00d02() 126 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
127 return ptr->ProcGetAvailableStatus(data, reply); },
128 .isSystemApi = true,
129 }
130 },
131 {
132 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_PROPERTY),
133 {
__anon310089e00e02() 134 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
135 return ptr->ProcGetProperty(data, reply); },
136 .isSystemApi = true,
137 }
138 },
139 {
140 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_PROPERTY_BY_CREDENTIAL_ID),
141 {
__anon310089e00f02() 142 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
143 return ptr->ProcGetPropertyById(data, reply); },
144 .isSystemApi = true,
145 }
146 },
147 {
148 static_cast<uint32_t>(AccountIAMInterfaceCode::SET_PROPERTY),
149 {
__anon310089e01002() 150 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
151 return ptr->ProcSetProperty(data, reply); },
152 .isSystemApi = true,
153 }
154 },
155 {
156 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_ENROLLED_ID),
157 {
__anon310089e01102() 158 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
159 return ptr->ProcGetEnrolledId(data, reply); },
160 .isSystemApi = true,
161 }
162 },
163 {
164 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_ACCOUNT_STATE),
165 {
__anon310089e01202() 166 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
167 return ptr->ProcGetAccountState(data, reply); },
168 }
169 }
170 };
171
AccountIAMMgrStub()172 AccountIAMMgrStub::AccountIAMMgrStub()
173 {}
174
~AccountIAMMgrStub()175 AccountIAMMgrStub::~AccountIAMMgrStub()
176 {}
177
OnRemoteRequest(std::uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)178 std::int32_t AccountIAMMgrStub::OnRemoteRequest(
179 std::uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option)
180 {
181 ACCOUNT_LOGI("Received stub message: %{public}d, callingPid: %{public}d", code, IPCSkeleton::GetCallingRealPid());
182 MemoryGuard cacheGuard;
183 Security::AccessToken::AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
184 int result = SetFirstCallerTokenID(tokenCaller);
185 ACCOUNT_LOGD("SetFirstCallerTokenID result: %{public}d", result);
186 if (data.ReadInterfaceToken() != GetDescriptor()) {
187 ACCOUNT_LOGE("check descriptor failed! code %{public}u.", code);
188 return ERR_ACCOUNT_COMMON_CHECK_DESCRIPTOR_ERROR;
189 }
190 const auto &itFunc = messageProcMap.find(code);
191 if (itFunc != messageProcMap.end()) {
192 if (itFunc->second.isSystemApi) {
193 result = AccountPermissionManager::CheckSystemApp();
194 if (result != ERR_OK) {
195 ACCOUNT_LOGE("is not system application, result = %{public}u.", result);
196 return result;
197 }
198 }
199 return (itFunc->second.messageProcFunction)(this, data, reply);
200 }
201 ACCOUNT_LOGW("remote request unhandled: %{public}d", code);
202 return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
203 }
204
ProcOpenSession(MessageParcel & data,MessageParcel & reply)205 ErrCode AccountIAMMgrStub::ProcOpenSession(MessageParcel &data, MessageParcel &reply)
206 {
207 if (!CheckPermission(MANAGE_USER_IDM)) {
208 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
209 }
210 int32_t userId;
211 if (!data.ReadInt32(userId)) {
212 ACCOUNT_LOGE("failed to read userId");
213 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
214 }
215 std::vector<uint8_t> challenge;
216 int32_t result = OpenSession(userId, challenge);
217 if (!reply.WriteInt32(result)) {
218 ACCOUNT_LOGE("failed to write result");
219 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
220 }
221 if (result == ERR_OK) {
222 if (!reply.WriteUInt8Vector(challenge)) {
223 ACCOUNT_LOGE("failed to write challenge");
224 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
225 }
226 }
227 return ERR_NONE;
228 }
229
ProcCloseSession(MessageParcel & data,MessageParcel & reply)230 ErrCode AccountIAMMgrStub::ProcCloseSession(MessageParcel &data, MessageParcel &reply)
231 {
232 if (!CheckPermission(MANAGE_USER_IDM)) {
233 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
234 }
235 int32_t userId;
236 if (!data.ReadInt32(userId)) {
237 ACCOUNT_LOGE("failed to read userId");
238 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
239 }
240 int32_t result = CloseSession(userId);
241 if (!reply.WriteInt32(result)) {
242 ACCOUNT_LOGE("failed to write result");
243 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
244 }
245 return ERR_NONE;
246 }
247
ReadUserIdAndAuthType(MessageParcel & data,int32_t & userId,int32_t & authType)248 ErrCode AccountIAMMgrStub::ReadUserIdAndAuthType(MessageParcel &data, int32_t &userId, int32_t &authType)
249 {
250 if (!data.ReadInt32(userId)) {
251 ACCOUNT_LOGE("failed to read userId");
252 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
253 }
254 if (!data.ReadInt32(authType)) {
255 ACCOUNT_LOGE("failed to read authType");
256 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
257 }
258 return ERR_OK;
259 }
260
AddOrUpdateCredential(MessageParcel & data,MessageParcel & reply,bool isAdd)261 ErrCode AccountIAMMgrStub::AddOrUpdateCredential(MessageParcel &data, MessageParcel &reply, bool isAdd)
262 {
263 if (!CheckPermission(MANAGE_USER_IDM)) {
264 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
265 }
266 int32_t userId;
267 int32_t authType;
268 ErrCode ret = ReadUserIdAndAuthType(data, userId, authType);
269 if (ret != ERR_OK) {
270 return ret;
271 }
272 int32_t authSubType;
273 if (!data.ReadInt32(authSubType)) {
274 ACCOUNT_LOGE("failed to read authSubType");
275 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
276 }
277 CredentialParameters credParams;
278 if (!data.ReadUInt8Vector(&credParams.token)) {
279 ACCOUNT_LOGE("failed to read token");
280 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
281 }
282 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
283 if (callback == nullptr) {
284 ACCOUNT_LOGE("callback is nullptr");
285 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
286 }
287 credParams.authType = static_cast<AuthType>(authType);
288 credParams.pinType = static_cast<PinSubType>(authSubType);
289 if (isAdd) {
290 AddCredential(userId, credParams, callback);
291 } else {
292 UpdateCredential(userId, credParams, callback);
293 }
294 return ERR_NONE;
295 }
296
ProcAddCredential(MessageParcel & data,MessageParcel & reply)297 ErrCode AccountIAMMgrStub::ProcAddCredential(MessageParcel &data, MessageParcel &reply)
298 {
299 return AddOrUpdateCredential(data, reply);
300 }
301
ProcUpdateCredential(MessageParcel & data,MessageParcel & reply)302 ErrCode AccountIAMMgrStub::ProcUpdateCredential(MessageParcel &data, MessageParcel &reply)
303 {
304 return AddOrUpdateCredential(data, reply, false);
305 }
306
ProcDelCred(MessageParcel & data,MessageParcel & reply)307 ErrCode AccountIAMMgrStub::ProcDelCred(MessageParcel &data, MessageParcel &reply)
308 {
309 if (!CheckPermission(MANAGE_USER_IDM)) {
310 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
311 }
312 int32_t userId;
313 if (!data.ReadInt32(userId)) {
314 ACCOUNT_LOGE("failed to read userId");
315 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
316 }
317 uint64_t credentialId;
318 if (!data.ReadUint64(credentialId)) {
319 ACCOUNT_LOGE("failed to read credentialId");
320 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
321 }
322 std::vector<uint8_t> authToken;
323 if (!data.ReadUInt8Vector(&authToken)) {
324 ACCOUNT_LOGE("failed to read authToken for delCred");
325 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
326 }
327 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
328 if (callback == nullptr) {
329 ACCOUNT_LOGE("callback is nullptr");
330 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
331 }
332 DelCred(userId, credentialId, authToken, callback);
333 return ERR_NONE;
334 }
335
ProcDelUser(MessageParcel & data,MessageParcel & reply)336 ErrCode AccountIAMMgrStub::ProcDelUser(MessageParcel &data, MessageParcel &reply)
337 {
338 if (!CheckPermission(MANAGE_USER_IDM)) {
339 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
340 }
341 int32_t userId;
342 if (!data.ReadInt32(userId)) {
343 ACCOUNT_LOGE("failed to read userId");
344 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
345 }
346 std::vector<uint8_t> authToken;
347 if (!data.ReadUInt8Vector(&authToken)) {
348 ACCOUNT_LOGE("failed to read authToken for delUser");
349 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
350 }
351 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
352 if (callback == nullptr) {
353 ACCOUNT_LOGE("callback is nullptr");
354 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
355 }
356 DelUser(userId, authToken, callback);
357 return ERR_NONE;
358 }
359
ProcCancel(MessageParcel & data,MessageParcel & reply)360 ErrCode AccountIAMMgrStub::ProcCancel(MessageParcel &data, MessageParcel &reply)
361 {
362 if (!CheckPermission(MANAGE_USER_IDM)) {
363 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
364 }
365 int32_t userId;
366 if (!data.ReadInt32(userId)) {
367 ACCOUNT_LOGE("failed to read userId");
368 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
369 }
370 int32_t result = Cancel(userId);
371 if (!reply.WriteInt32(result)) {
372 ACCOUNT_LOGE("failed to write result");
373 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
374 }
375 return ERR_NONE;
376 }
377
ProcGetCredentialInfo(MessageParcel & data,MessageParcel & reply)378 ErrCode AccountIAMMgrStub::ProcGetCredentialInfo(MessageParcel &data, MessageParcel &reply)
379 {
380 if (!CheckPermission(USE_USER_IDM)) {
381 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
382 }
383 int32_t userId;
384 int32_t authType;
385 ErrCode ret = ReadUserIdAndAuthType(data, userId, authType);
386 if (ret != ERR_OK) {
387 return ret;
388 }
389 sptr<IGetCredInfoCallback> callback = iface_cast<IGetCredInfoCallback>(data.ReadRemoteObject());
390 if (callback == nullptr) {
391 ACCOUNT_LOGE("callback is nullptr");
392 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
393 }
394 int result = GetCredentialInfo(userId, static_cast<AuthType>(authType), callback);
395 if (!reply.WriteInt32(result)) {
396 ACCOUNT_LOGE("failed to write result");
397 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
398 }
399 return ERR_NONE;
400 }
401
ProcPrepareRemoteAuth(MessageParcel & data,MessageParcel & reply)402 ErrCode AccountIAMMgrStub::ProcPrepareRemoteAuth(MessageParcel &data, MessageParcel &reply)
403 {
404 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
405 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
406 }
407 std::string remoteNetworkId;
408 if (!data.ReadString(remoteNetworkId)) {
409 ACCOUNT_LOGE("Read remoteNetworkId failed.");
410 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
411 }
412
413 sptr<IPreRemoteAuthCallback> callback = iface_cast<IPreRemoteAuthCallback>(data.ReadRemoteObject());
414 if (callback == nullptr) {
415 ACCOUNT_LOGE("PreRemoteAuthCallback is nullptr.");
416 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
417 }
418 int result = PrepareRemoteAuth(remoteNetworkId, callback);
419 if (!reply.WriteInt32(result)) {
420 ACCOUNT_LOGE("Write result failed.");
421 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
422 }
423
424 return ERR_NONE;
425 }
426
ReadAuthParam(MessageParcel & data,AuthParam & authParam)427 ErrCode AccountIAMMgrStub::ReadAuthParam(MessageParcel &data, AuthParam &authParam)
428 {
429 if (!data.ReadInt32(authParam.userId)) {
430 ACCOUNT_LOGE("failed to read userId");
431 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
432 }
433 if (!data.ReadUInt8Vector(&authParam.challenge)) {
434 ACCOUNT_LOGE("failed to read challenge");
435 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
436 }
437 int32_t authType;
438 if (!data.ReadInt32(authType)) {
439 ACCOUNT_LOGE("failed to read authType for AuthUser");
440 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
441 }
442 authParam.authType = static_cast<AuthType>(authType);
443 uint32_t authTrustLevel;
444 if (!data.ReadUint32(authTrustLevel)) {
445 ACCOUNT_LOGE("failed to read authTrustLevel for AuthUser");
446 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
447 }
448 authParam.authTrustLevel = static_cast<AuthTrustLevel>(authTrustLevel);
449 int32_t authIntent = 0;
450 if (!data.ReadInt32(authIntent)) {
451 ACCOUNT_LOGE("failed to read authIntent for AuthUser");
452 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
453 }
454 authParam.authIntent = static_cast<AuthIntent>(authIntent);
455 return ERR_OK;
456 }
457
ReadRemoteAuthParam(MessageParcel & data,std::optional<RemoteAuthParam> & remoteAuthParam)458 ErrCode AccountIAMMgrStub::ReadRemoteAuthParam(MessageParcel &data,
459 std::optional<RemoteAuthParam> &remoteAuthParam)
460 {
461 bool res = false;
462 if (!data.ReadBool(res)) {
463 ACCOUNT_LOGE("Read RemoteAuthParam exist failed.");
464 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
465 }
466 if (!res) {
467 return ERR_OK;
468 }
469 remoteAuthParam = RemoteAuthParam();
470 if (!data.ReadBool(res)) {
471 ACCOUNT_LOGE("Read verifierNetworkId exist failed.");
472 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
473 }
474 if (res) {
475 std::string networkId;
476 if (!data.ReadString(networkId)) {
477 ACCOUNT_LOGE("Read verifierNetworkId failed.");
478 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
479 }
480 remoteAuthParam.value().verifierNetworkId = networkId;
481 }
482 if (!data.ReadBool(res)) {
483 ACCOUNT_LOGE("Read collectorNetworkId exist failed.");
484 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
485 }
486 if (res) {
487 std::string networkId;
488 if (!data.ReadString(networkId)) {
489 ACCOUNT_LOGE("Read collectorNetworkId failed.");
490 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
491 }
492 remoteAuthParam.value().collectorNetworkId = networkId;
493 }
494 if (!data.ReadBool(res)) {
495 ACCOUNT_LOGE("Read collectorTokenId exist failed.");
496 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
497 }
498 if (res) {
499 uint32_t tokenId;
500 if (!data.ReadUint32(tokenId)) {
501 ACCOUNT_LOGE("Read collectorTokenId failed.");
502 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
503 }
504 remoteAuthParam.value().collectorTokenId = tokenId;
505 }
506 return ERR_OK;
507 }
508
ProcAuthUser(MessageParcel & data,MessageParcel & reply)509 ErrCode AccountIAMMgrStub::ProcAuthUser(MessageParcel &data, MessageParcel &reply)
510 {
511 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
512 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
513 }
514 AuthParam authParam;
515 if (ReadAuthParam(data, authParam) != ERR_OK) {
516 ACCOUNT_LOGE("failed to read authParam");
517 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
518 }
519 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
520 if (callback == nullptr) {
521 ACCOUNT_LOGE("UserAuthCallbackInterface is nullptr");
522 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
523 }
524 if (ReadRemoteAuthParam(data, authParam.remoteAuthParam) != ERR_OK) {
525 ACCOUNT_LOGE("failed to read RemoteAuthParam");
526 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
527 }
528 uint64_t contextId = 0;
529 ErrCode result = AuthUser(authParam, callback, contextId);
530 if (!reply.WriteInt32(result)) {
531 ACCOUNT_LOGE("failed to write result");
532 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
533 }
534 if (!reply.WriteUint64(contextId)) {
535 ACCOUNT_LOGE("failed to write contextId");
536 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
537 }
538 return ERR_NONE;
539 }
540
ProcCancelAuth(MessageParcel & data,MessageParcel & reply)541 ErrCode AccountIAMMgrStub::ProcCancelAuth(MessageParcel &data, MessageParcel &reply)
542 {
543 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
544 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
545 }
546 uint64_t contextId;
547 if (!data.ReadUint64(contextId)) {
548 ACCOUNT_LOGE("failed to read contextId");
549 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
550 }
551 int32_t result = CancelAuth(contextId);
552 if (!reply.WriteInt32(result)) {
553 ACCOUNT_LOGE("failed to write result");
554 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
555 }
556 return ERR_NONE;
557 }
558
ProcGetAvailableStatus(MessageParcel & data,MessageParcel & reply)559 ErrCode AccountIAMMgrStub::ProcGetAvailableStatus(MessageParcel &data, MessageParcel &reply)
560 {
561 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
562 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
563 }
564 int32_t authType;
565 if (!data.ReadInt32(authType)) {
566 ACCOUNT_LOGE("failed to read authType for GetAvailableStatus");
567 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
568 }
569 uint32_t authTrustLevel;
570 if (!data.ReadUint32(authTrustLevel)) {
571 ACCOUNT_LOGE("failed to read authTrustLevel for GetAvailableStatus");
572 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
573 }
574 int32_t status;
575 int32_t result =
576 GetAvailableStatus(static_cast<AuthType>(authType), static_cast<AuthTrustLevel>(authTrustLevel), status);
577 if (!reply.WriteInt32(result)) {
578 ACCOUNT_LOGE("failed to write result");
579 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
580 }
581 if (result == ERR_OK) {
582 if (!reply.WriteInt32(status)) {
583 ACCOUNT_LOGE("failed to write status");
584 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
585 }
586 }
587 return ERR_NONE;
588 }
589
ProcGetProperty(MessageParcel & data,MessageParcel & reply)590 ErrCode AccountIAMMgrStub::ProcGetProperty(MessageParcel &data,
591 MessageParcel &reply) __attribute__((no_sanitize("cfi")))
592 {
593 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
594 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
595 }
596 int32_t userId;
597 int32_t authType;
598 if (ReadUserIdAndAuthType(data, userId, authType) != ERR_OK) {
599 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
600 }
601 std::vector<uint32_t> keys;
602 if (!data.ReadUInt32Vector(&keys)) {
603 ACCOUNT_LOGE("failed to read attribute keys");
604 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
605 }
606 sptr<IGetSetPropCallback> callback = iface_cast<IGetSetPropCallback>(data.ReadRemoteObject());
607 if (callback == nullptr) {
608 ACCOUNT_LOGE("IGetSetPropCallback is nullptr");
609 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
610 }
611 GetPropertyRequest request;
612 request.authType = static_cast<AuthType>(authType);
613 for (auto &key : keys) {
614 request.keys.push_back(static_cast<Attributes::AttributeKey>(key));
615 }
616 GetProperty(userId, request, callback);
617 return ERR_NONE;
618 }
619
ProcGetPropertyById(MessageParcel & data,MessageParcel & reply)620 ErrCode AccountIAMMgrStub::ProcGetPropertyById(MessageParcel &data,
621 MessageParcel &reply) __attribute__((no_sanitize("cfi")))
622 {
623 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
624 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
625 }
626 uint64_t credentialId;
627 if (!data.ReadUint64(credentialId)) {
628 ACCOUNT_LOGE("Failed to read credentialId");
629 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
630 }
631 std::vector<uint32_t> tempKeys;
632 if (!data.ReadUInt32Vector(&tempKeys)) {
633 ACCOUNT_LOGE("Failed to read attribute keys");
634 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
635 }
636 sptr<IGetSetPropCallback> callback = iface_cast<IGetSetPropCallback>(data.ReadRemoteObject());
637 if (callback == nullptr) {
638 ACCOUNT_LOGE("IGetSetPropCallback is nullptr");
639 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
640 }
641 std::vector<Attributes::AttributeKey> keys;
642 for (auto &key : tempKeys) {
643 keys.push_back(static_cast<Attributes::AttributeKey>(key));
644 }
645 GetPropertyByCredentialId(credentialId, keys, callback);
646 return ERR_NONE;
647 }
648
ProcSetProperty(MessageParcel & data,MessageParcel & reply)649 ErrCode AccountIAMMgrStub::ProcSetProperty(MessageParcel &data, MessageParcel &reply)
650 {
651 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
652 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
653 }
654 int32_t userId;
655 int32_t authType;
656 if (ReadUserIdAndAuthType(data, userId, authType) != ERR_OK) {
657 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
658 }
659 std::vector<uint8_t> attr;
660 if (!data.ReadUInt8Vector(&attr)) {
661 ACCOUNT_LOGE("failed to read attributes");
662 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
663 }
664 sptr<IGetSetPropCallback> callback = iface_cast<IGetSetPropCallback>(data.ReadRemoteObject());
665 if (callback == nullptr) {
666 ACCOUNT_LOGE("SetExecutorPropertyCallbackInterface is nullptr");
667 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
668 }
669 SetPropertyRequest request = {
670 .authType = static_cast<AuthType>(authType),
671 .attrs = Attributes(attr)
672 };
673 SetProperty(userId, request, callback);
674 return ERR_NONE;
675 }
676
ProcGetAccountState(MessageParcel & data,MessageParcel & reply)677 ErrCode AccountIAMMgrStub::ProcGetAccountState(MessageParcel &data, MessageParcel &reply)
678 {
679 int32_t userId;
680 if (!data.ReadInt32(userId)) {
681 ACCOUNT_LOGE("failed to read userId");
682 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
683 }
684 IAMState state = GetAccountState(userId);
685 if (!reply.WriteInt32(state)) {
686 ACCOUNT_LOGE("failed to write state");
687 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
688 }
689 return ERR_NONE;
690 }
691
ProcGetEnrolledId(MessageParcel & data,MessageParcel & reply)692 ErrCode AccountIAMMgrStub::ProcGetEnrolledId(MessageParcel &data, MessageParcel &reply)
693 {
694 if (!CheckPermission(USE_USER_IDM)) {
695 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
696 }
697 int32_t accountId;
698 int32_t authType;
699 ErrCode ret = ReadUserIdAndAuthType(data, accountId, authType);
700 if (ret != ERR_OK) {
701 return ret;
702 }
703 sptr<IGetEnrolledIdCallback> callback = iface_cast<IGetEnrolledIdCallback>(data.ReadRemoteObject());
704 if (callback == nullptr) {
705 ACCOUNT_LOGE("Callback is nullptr");
706 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
707 }
708 GetEnrolledId(accountId, static_cast<AuthType>(authType), callback);
709 return ERR_NONE;
710 }
711
CheckPermission(const std::string & permission)712 bool AccountIAMMgrStub::CheckPermission(const std::string &permission)
713 {
714 if (AccountPermissionManager::VerifyPermission(permission) != ERR_OK) {
715 ACCOUNT_LOGE("check permission failed, permission name: %{public}s", permission.c_str());
716 return false;
717 }
718 return true;
719 }
720 } // AccountSA
721 } // OHOS
722