• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #include "identity_checker_impl.h"
16 
17 #include "ability_manager_client.h"
18 #include "accesstoken_kit.h"
19 #include "global.h"
20 #include "tokenid_kit.h"
21 #include <cinttypes>
22 #ifdef SCENE_BOARD_ENABLE
23 #include "window_manager_lite.h"
24 #else
25 #include "window_manager.h"
26 #endif
27 
28 namespace OHOS {
29 namespace MiscServices {
30 using namespace Rosen;
31 using namespace Security::AccessToken;
IsFocused(int64_t callingPid,uint32_t callingTokenId,int64_t focusedPid)32 bool IdentityCheckerImpl::IsFocused(int64_t callingPid, uint32_t callingTokenId, int64_t focusedPid)
33 {
34     int64_t realFocusedPid = focusedPid;
35     if (realFocusedPid == INVALID_PID) {
36         FocusChangeInfo info;
37 #ifdef SCENE_BOARD_ENABLE
38         WindowManagerLite::GetInstance().GetFocusWindowInfo(info);
39 #else
40         WindowManager::GetInstance().GetFocusWindowInfo(info);
41 #endif
42         realFocusedPid = info.pid_;
43     }
44     if (callingPid == realFocusedPid) {
45         IMSA_HILOGD("focused app, pid: %{public}" PRId64 "", callingPid);
46         return true;
47     }
48     bool isFocused = IsFocusedUIExtension(callingTokenId);
49     if (!isFocused) {
50         IMSA_HILOGE("not focused, focusedPid: %{public}" PRId64 ", callerPid: %{public}" PRId64 ", callerToken: "
51                     "%{public}d",
52             realFocusedPid, callingPid, callingTokenId);
53     }
54     return isFocused;
55 }
56 
IsSystemApp(uint64_t fullTokenId)57 bool IdentityCheckerImpl::IsSystemApp(uint64_t fullTokenId)
58 {
59     return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId);
60 }
61 
IsBundleNameValid(uint32_t tokenId,const std::string & validBundleName)62 bool IdentityCheckerImpl::IsBundleNameValid(uint32_t tokenId, const std::string &validBundleName)
63 {
64     std::string bundleName = GetBundleNameByToken(tokenId);
65     if (bundleName.empty()) {
66         return false;
67     }
68     if (bundleName != validBundleName) {
69         IMSA_HILOGE("bundleName is invalid, caller: %{public}s, current: %{public}s", bundleName.c_str(),
70             validBundleName.c_str());
71         return false;
72     }
73     IMSA_HILOGD("checked successfully.");
74     return true;
75 }
76 
HasPermission(uint32_t tokenId,const std::string & permission)77 bool IdentityCheckerImpl::HasPermission(uint32_t tokenId, const std::string &permission)
78 {
79     if (AccessTokenKit::VerifyAccessToken(tokenId, permission) != PERMISSION_GRANTED) {
80         IMSA_HILOGE("Permission [%{public}s] not granted!", permission.c_str());
81         return false;
82     }
83     IMSA_HILOGD("verify AccessToken success.");
84     return true;
85 }
86 
IsBroker(AccessTokenID tokenId)87 bool IdentityCheckerImpl::IsBroker(AccessTokenID tokenId)
88 {
89     if (!IsNativeSa(tokenId)) {
90         return false;
91     }
92     NativeTokenInfo nativeTokenInfoRes;
93     AccessTokenKit::GetNativeTokenInfo(tokenId, nativeTokenInfoRes);
94     return nativeTokenInfoRes.processName == "broker";
95 }
96 
IsNativeSa(AccessTokenID tokenId)97 bool IdentityCheckerImpl::IsNativeSa(AccessTokenID tokenId)
98 {
99     return AccessTokenKit::GetTokenTypeFlag(tokenId) == TypeATokenTypeEnum::TOKEN_NATIVE;
100 }
101 
IsFocusedUIExtension(uint32_t callingTokenId)102 bool IdentityCheckerImpl::IsFocusedUIExtension(uint32_t callingTokenId)
103 {
104     bool isFocused = false;
105     auto ret = AAFwk::AbilityManagerClient::GetInstance()->CheckUIExtensionIsFocused(callingTokenId, isFocused);
106     if (ret != ErrorCode::NO_ERROR) {
107         IMSA_HILOGE("failed to CheckUIExtensionIsFocused, ret: %{public}d", ret);
108         return false;
109     }
110     IMSA_HILOGD("tokenId: %{public}d, check result: %{public}d, isFocused: %{public}d", callingTokenId, ret, isFocused);
111     return isFocused;
112 }
113 
GetBundleNameByToken(uint32_t tokenId)114 std::string IdentityCheckerImpl::GetBundleNameByToken(uint32_t tokenId)
115 {
116     auto tokenType = AccessTokenKit::GetTokenTypeFlag(tokenId);
117     if (tokenType != TOKEN_HAP) {
118         IMSA_HILOGE("invalid token!");
119         return "";
120     }
121     HapTokenInfo info;
122     int ret = AccessTokenKit::GetHapTokenInfo(tokenId, info);
123     if (ret != ErrorCode::NO_ERROR) {
124         IMSA_HILOGE("failed to get hap info, ret: %{public}d!", ret);
125         return "";
126     }
127     return info.bundleName;
128 }
129 } // namespace MiscServices
130 } // namespace OHOS