• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "token_sync_manager_stub.h"
17 
18 #include "accesstoken_common_log.h"
19 #include "access_token_error.h"
20 #include "hap_token_info_for_sync_parcel.h"
21 #include "ipc_skeleton.h"
22 #include "string_ex.h"
23 
24 namespace OHOS {
25 namespace Security {
26 namespace AccessToken {
27 namespace {
28 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
29     static const int32_t ROOT_UID = 0;
30 #endif
31 }
32 
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)33 int32_t TokenSyncManagerStub::OnRemoteRequest(
34     uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option)
35 {
36     LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s called, code: %{public}d", __func__, code);
37     std::u16string descriptor = data.ReadInterfaceToken();
38     if (descriptor != ITokenSyncManager::GetDescriptor()) {
39         LOGE(ATM_DOMAIN, ATM_TAG, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str());
40         return ERROR_IPC_REQUEST_FAIL;
41     }
42     switch (code) {
43         case static_cast<uint32_t>(TokenSyncInterfaceCode::GET_REMOTE_HAP_TOKEN_INFO):
44             GetRemoteHapTokenInfoInner(data, reply);
45             break;
46         case static_cast<uint32_t>(TokenSyncInterfaceCode::DELETE_REMOTE_HAP_TOKEN_INFO):
47             DeleteRemoteHapTokenInfoInner(data, reply);
48             break;
49         case static_cast<uint32_t>(TokenSyncInterfaceCode::UPDATE_REMOTE_HAP_TOKEN_INFO):
50             UpdateRemoteHapTokenInfoInner(data, reply);
51             break;
52         default:
53             return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
54     }
55     return NO_ERROR;
56 }
57 
IsNativeProcessCalling() const58 bool TokenSyncManagerStub::IsNativeProcessCalling() const
59 {
60     AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
61     uint32_t type = (reinterpret_cast<AccessTokenIDInner *>(&tokenCaller))->type;
62     LOGD(ATM_DOMAIN, ATM_TAG, "Calling type: %{public}d", type);
63     return type == TOKEN_NATIVE;
64 }
65 
IsRootCalling() const66 bool TokenSyncManagerStub::IsRootCalling() const
67 {
68 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
69     int callingUid = IPCSkeleton::GetCallingUid();
70     LOGD(ATM_DOMAIN, ATM_TAG, "Calling uid: %{public}d", callingUid);
71     return callingUid == ROOT_UID;
72 #else
73     return false;
74 #endif
75 }
76 
GetRemoteHapTokenInfoInner(MessageParcel & data,MessageParcel & reply)77 void TokenSyncManagerStub::GetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply)
78 {
79     if (!IsRootCalling() && !IsNativeProcessCalling()) {
80         LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s called, permission denied", __func__);
81         reply.WriteInt32(ERR_IDENTITY_CHECK_FAILED);
82         return;
83     }
84 
85     std::string deviceID = data.ReadString();
86     AccessTokenID tokenID = data.ReadUint32();
87 
88     HapTokenInfoForSync tokenInfo;
89     int result = this->GetRemoteHapTokenInfo(deviceID, tokenID);
90     reply.WriteInt32(result);
91 }
92 
DeleteRemoteHapTokenInfoInner(MessageParcel & data,MessageParcel & reply)93 void TokenSyncManagerStub::DeleteRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply)
94 {
95     if (!IsRootCalling() && !IsNativeProcessCalling()) {
96         LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s called, permission denied", __func__);
97         reply.WriteInt32(ERR_IDENTITY_CHECK_FAILED);
98         return;
99     }
100     AccessTokenID tokenID = data.ReadUint32();
101     int result = this->DeleteRemoteHapTokenInfo(tokenID);
102     reply.WriteInt32(result);
103 }
104 
UpdateRemoteHapTokenInfoInner(MessageParcel & data,MessageParcel & reply)105 void TokenSyncManagerStub::UpdateRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply)
106 {
107     if (!IsRootCalling() && !IsNativeProcessCalling()) {
108         LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s called, permission denied", __func__);
109         reply.WriteInt32(ERR_IDENTITY_CHECK_FAILED);
110         return;
111     }
112 
113     sptr<HapTokenInfoForSyncParcel> tokenInfoParcelPtr = data.ReadParcelable<HapTokenInfoForSyncParcel>();
114     int result = RET_FAILED;
115     if (tokenInfoParcelPtr != nullptr) {
116         result = this->UpdateRemoteHapTokenInfo(tokenInfoParcelPtr->hapTokenInfoForSyncParams);
117     }
118     reply.WriteInt32(result);
119 }
120 } // namespace AccessToken
121 } // namespace Security
122 } // namespace OHOS
123