1 /*
2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "app_account_manager_service.h"
17 #include "accesstoken_kit.h"
18 #include "account_log_wrapper.h"
19 #include "account_permission_manager.h"
20 #include "bundle_manager_adapter.h"
21 #include "account_hisysevent_adapter.h"
22 #include "inner_app_account_manager.h"
23 #include "ipc_skeleton.h"
24
25 namespace OHOS {
26 namespace AccountSA {
27 namespace {
28 constexpr int32_t UID_TRANSFORM_DIVISOR = 200000; // local account id = uid / UID_TRANSFORM_DIVISOR
29 const char DISTRIBUTED_DATASYNC[] = "ohos.permission.DISTRIBUTED_DATASYNC";
30 const char GET_ALL_APP_ACCOUNTS[] = "ohos.permission.GET_ALL_APP_ACCOUNTS";
31 }
32
AppAccountManagerService()33 AppAccountManagerService::AppAccountManagerService()
34 #ifdef HAS_CES_PART
35 : observer_(AppAccountCommonEventObserver::GetInstance())
36 #endif // HAS_CES_PART
37 {
38 ACCOUNT_LOGI("Constructed");
39 innerManager_ = std::make_shared<InnerAppAccountManager>();
40 }
41
~AppAccountManagerService()42 AppAccountManagerService::~AppAccountManagerService()
43 {
44 ACCOUNT_LOGI("Destroyed");
45 }
46
AddAccount(const std::string & name,const std::string & extraInfo)47 ErrCode AppAccountManagerService::AddAccount(const std::string &name, const std::string &extraInfo)
48 {
49 int32_t callingUid = -1;
50 std::string bundleName;
51 uint32_t appIndex;
52 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
53 if (ret != ERR_OK) {
54 return ret;
55 }
56 return innerManager_->AddAccount(name, extraInfo, callingUid, bundleName, appIndex);
57 }
58
AddAccountImplicitly(const std::string & owner,const std::string & authType,const AAFwk::Want & options,const sptr<IAppAccountAuthenticatorCallback> & callback)59 ErrCode AppAccountManagerService::AddAccountImplicitly(const std::string &owner, const std::string &authType,
60 const AAFwk::Want &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
61 {
62 AuthenticatorSessionRequest request;
63 request.callerPid = IPCSkeleton::GetCallingRealPid();
64 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
65 if (result != ERR_OK) {
66 return result;
67 }
68 request.owner = owner;
69 request.authType = authType;
70 request.options = options;
71 request.callback = callback;
72 request.options.SetParam(Constants::KEY_CALLER_PID, request.callerPid);
73 request.options.SetParam(Constants::KEY_CALLER_UID, request.callerUid);
74 return innerManager_->AddAccountImplicitly(request);
75 }
76
CreateAccount(const std::string & name,const CreateAccountOptions & options)77 ErrCode AppAccountManagerService::CreateAccount(const std::string &name, const CreateAccountOptions &options)
78 {
79 int32_t callingUid = -1;
80 std::string bundleName;
81 uint32_t appIndex;
82 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
83 if (ret != ERR_OK) {
84 return ret;
85 }
86 return innerManager_->CreateAccount(name, options, callingUid, bundleName, appIndex);
87 }
88
CreateAccountImplicitly(const std::string & owner,const CreateAccountImplicitlyOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback)89 ErrCode AppAccountManagerService::CreateAccountImplicitly(const std::string &owner,
90 const CreateAccountImplicitlyOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
91 {
92 AuthenticatorSessionRequest request;
93 request.callerPid = IPCSkeleton::GetCallingRealPid();
94 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
95 if (result != ERR_OK) {
96 return result;
97 }
98 request.owner = owner;
99 request.callback = callback;
100 request.createOptions = options;
101 request.createOptions.parameters.SetParam(Constants::KEY_CALLER_BUNDLE_NAME, request.callerBundleName);
102 return innerManager_->CreateAccountImplicitly(request);
103 }
104
DeleteAccount(const std::string & name)105 ErrCode AppAccountManagerService::DeleteAccount(const std::string &name)
106 {
107 int32_t callingUid = -1;
108 std::string bundleName;
109 uint32_t appIndex;
110 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
111 if (ret != ERR_OK) {
112 return ret;
113 }
114 return innerManager_->DeleteAccount(name, callingUid, bundleName, appIndex);
115 }
116
GetAccountExtraInfo(const std::string & name,std::string & extraInfo)117 ErrCode AppAccountManagerService::GetAccountExtraInfo(const std::string &name, std::string &extraInfo)
118 {
119 int32_t callingUid = -1;
120 std::string bundleName;
121 uint32_t appIndex;
122 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
123 if (ret != ERR_OK) {
124 return ret;
125 }
126 return innerManager_->GetAccountExtraInfo(name, extraInfo, callingUid, bundleName, appIndex);
127 }
128
SetAccountExtraInfo(const std::string & name,const std::string & extraInfo)129 ErrCode AppAccountManagerService::SetAccountExtraInfo(const std::string &name, const std::string &extraInfo)
130 {
131 int32_t callingUid = -1;
132 std::string bundleName;
133 uint32_t appIndex;
134 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
135 if (ret != ERR_OK) {
136 return ret;
137 }
138 return innerManager_->SetAccountExtraInfo(name, extraInfo, callingUid, bundleName, appIndex);
139 }
140
EnableAppAccess(const std::string & name,const std::string & authorizedApp)141 ErrCode AppAccountManagerService::EnableAppAccess(
142 const std::string &name, const std::string &authorizedApp)
143 {
144 AppAccountCallingInfo appAccountCallingInfo;
145 ErrCode result = GetCallingInfo(
146 appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName, appAccountCallingInfo.appIndex);
147 if (result != ERR_OK) {
148 return result;
149 }
150
151 if (authorizedApp == appAccountCallingInfo.bundleName) {
152 ACCOUNT_LOGE("AuthorizedApp is the same to owner.");
153 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
154 }
155
156 return innerManager_->EnableAppAccess(name, authorizedApp, appAccountCallingInfo);
157 }
158
DisableAppAccess(const std::string & name,const std::string & authorizedApp)159 ErrCode AppAccountManagerService::DisableAppAccess(
160 const std::string &name, const std::string &authorizedApp)
161 {
162 AppAccountCallingInfo appAccountCallingInfo;
163 ErrCode ret = GetCallingInfo(
164 appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName, appAccountCallingInfo.appIndex);
165 if (ret != ERR_OK) {
166 return ret;
167 }
168 if (authorizedApp == appAccountCallingInfo.bundleName) {
169 ACCOUNT_LOGE("AuthorizedApp is the same to owner.");
170 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
171 }
172 return innerManager_->DisableAppAccess(name, authorizedApp, appAccountCallingInfo);
173 }
174
SetAppAccess(const std::string & name,const std::string & authorizedApp,bool isAccessible)175 ErrCode AppAccountManagerService::SetAppAccess(
176 const std::string &name, const std::string &authorizedApp, bool isAccessible)
177 {
178 AppAccountCallingInfo appAccountCallingInfo;
179 ErrCode ret = GetCallingInfo(
180 appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName, appAccountCallingInfo.appIndex);
181 if (ret != ERR_OK) {
182 return ret;
183 }
184
185 if (authorizedApp == appAccountCallingInfo.bundleName) {
186 if (isAccessible) {
187 ACCOUNT_LOGI("AuthorizedApp name is the self, invalid operate.");
188 return ERR_OK;
189 } else {
190 ACCOUNT_LOGE("AuthorizedApp is the same to owner.");
191 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
192 }
193 }
194 if (isAccessible) {
195 return innerManager_->EnableAppAccess(name, authorizedApp, appAccountCallingInfo, Constants::API_VERSION9);
196 }
197
198 return innerManager_->DisableAppAccess(name, authorizedApp, appAccountCallingInfo, Constants::API_VERSION9);
199 }
200
CheckAppAccountSyncEnable(const std::string & name,bool & syncEnable)201 ErrCode AppAccountManagerService::CheckAppAccountSyncEnable(const std::string &name, bool &syncEnable)
202 {
203 int32_t callingUid = -1;
204 std::string bundleName;
205 uint32_t appIndex;
206 ErrCode ret = GetBundleNameAndCheckPerm(callingUid, bundleName, DISTRIBUTED_DATASYNC);
207 if (ret != ERR_OK) {
208 return ret;
209 }
210 ret = GetCallingTokenInfoAndAppIndex(appIndex);
211 if (ret != ERR_OK) {
212 ACCOUNT_LOGE("failed to get app index");
213 return ret;
214 }
215
216 return innerManager_->CheckAppAccountSyncEnable(name, syncEnable, callingUid, bundleName, appIndex);
217 }
218
SetAppAccountSyncEnable(const std::string & name,const bool & syncEnable)219 ErrCode AppAccountManagerService::SetAppAccountSyncEnable(const std::string &name, const bool &syncEnable)
220 {
221 int32_t callingUid = -1;
222 std::string bundleName;
223 uint32_t appIndex;
224 ErrCode ret = GetBundleNameAndCheckPerm(callingUid, bundleName, DISTRIBUTED_DATASYNC);
225 if (ret != ERR_OK) {
226 return ret;
227 }
228 ret = GetCallingTokenInfoAndAppIndex(appIndex);
229 if (ret != ERR_OK) {
230 ACCOUNT_LOGE("failed to get app index");
231 return ret;
232 }
233
234 return innerManager_->SetAppAccountSyncEnable(name, syncEnable, callingUid, bundleName, appIndex);
235 }
236
GetAssociatedData(const std::string & name,const std::string & key,std::string & value)237 ErrCode AppAccountManagerService::GetAssociatedData(
238 const std::string &name, const std::string &key, std::string &value)
239 {
240 int32_t callingUid = IPCSkeleton::GetCallingUid();
241 return innerManager_->GetAssociatedData(name, key, value, callingUid);
242 }
243
SetAssociatedData(const std::string & name,const std::string & key,const std::string & value)244 ErrCode AppAccountManagerService::SetAssociatedData(
245 const std::string &name, const std::string &key, const std::string &value)
246 {
247 AppAccountCallingInfo appAccountCallingInfo;
248 ErrCode ret = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
249 appAccountCallingInfo.appIndex);
250 if (ret != ERR_OK) {
251 return ret;
252 }
253 return innerManager_->SetAssociatedData(name, key, value, appAccountCallingInfo);
254 }
255
GetAccountCredential(const std::string & name,const std::string & credentialType,std::string & credential)256 ErrCode AppAccountManagerService::GetAccountCredential(
257 const std::string &name, const std::string &credentialType, std::string &credential)
258 {
259 AppAccountCallingInfo appAccountCallingInfo;
260 ErrCode ret = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
261 appAccountCallingInfo.appIndex);
262 if (ret != ERR_OK) {
263 return ret;
264 }
265 return innerManager_->GetAccountCredential(name, credentialType, credential, appAccountCallingInfo);
266 }
267
SetAccountCredential(const std::string & name,const std::string & credentialType,const std::string & credential)268 ErrCode AppAccountManagerService::SetAccountCredential(
269 const std::string &name, const std::string &credentialType, const std::string &credential)
270 {
271 AppAccountCallingInfo appAccountCallingInfo;
272 ErrCode ret = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
273 appAccountCallingInfo.appIndex);
274 if (ret != ERR_OK) {
275 return ret;
276 }
277 return innerManager_->SetAccountCredential(name, credentialType, credential, appAccountCallingInfo);
278 }
279
Authenticate(const std::string & name,const std::string & owner,const std::string & authType,const AAFwk::Want & options,const sptr<IAppAccountAuthenticatorCallback> & callback)280 ErrCode AppAccountManagerService::Authenticate(const std::string &name, const std::string &owner,
281 const std::string &authType, const AAFwk::Want &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
282 {
283 AuthenticatorSessionRequest request;
284 request.callerPid = IPCSkeleton::GetCallingRealPid();
285 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
286 if (result != ERR_OK) {
287 return result;
288 }
289 request.name = name;
290 request.owner = owner;
291 request.authType = authType;
292 request.options = options;
293 request.callback = callback;
294 request.options.SetParam(Constants::KEY_CALLER_BUNDLE_NAME, request.callerBundleName);
295 request.options.SetParam(Constants::KEY_CALLER_UID, request.callerUid);
296 return innerManager_->Authenticate(request);
297 }
298
GetOAuthToken(const std::string & name,const std::string & owner,const std::string & authType,std::string & token)299 ErrCode AppAccountManagerService::GetOAuthToken(
300 const std::string &name, const std::string &owner, const std::string &authType, std::string &token)
301 {
302 AuthenticatorSessionRequest request;
303 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
304 if (result != ERR_OK) {
305 return result;
306 }
307 request.name = name;
308 request.owner = owner;
309 request.authType = authType;
310 return innerManager_->GetOAuthToken(request, token);
311 }
312
GetAuthToken(const std::string & name,const std::string & owner,const std::string & authType,std::string & token)313 ErrCode AppAccountManagerService::GetAuthToken(
314 const std::string &name, const std::string &owner, const std::string &authType, std::string &token)
315 {
316 AuthenticatorSessionRequest request;
317 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
318 if (result != ERR_OK) {
319 return result;
320 }
321 request.name = name;
322 request.owner = owner;
323 request.authType = authType;
324 return innerManager_->GetOAuthToken(request, token, Constants::API_VERSION9);
325 }
326
SetOAuthToken(const std::string & name,const std::string & authType,const std::string & token)327 ErrCode AppAccountManagerService::SetOAuthToken(
328 const std::string &name, const std::string &authType, const std::string &token)
329 {
330 AuthenticatorSessionRequest request;
331 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
332 if (result != ERR_OK) {
333 return result;
334 }
335 request.name = name;
336 request.owner = request.callerBundleName;
337 request.authType = authType;
338 request.token = token;
339 return innerManager_->SetOAuthToken(request);
340 }
341
DeleteOAuthToken(const std::string & name,const std::string & owner,const std::string & authType,const std::string & token)342 ErrCode AppAccountManagerService::DeleteOAuthToken(
343 const std::string &name, const std::string &owner, const std::string &authType, const std::string &token)
344 {
345 AuthenticatorSessionRequest request;
346 ErrCode ret = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
347 if (ret != ERR_OK) {
348 return ret;
349 }
350 request.name = name;
351 request.owner = owner;
352 request.authType = authType;
353 request.token = token;
354 return innerManager_->DeleteOAuthToken(request);
355 }
356
DeleteAuthToken(const std::string & name,const std::string & owner,const std::string & authType,const std::string & token)357 ErrCode AppAccountManagerService::DeleteAuthToken(
358 const std::string &name, const std::string &owner, const std::string &authType, const std::string &token)
359 {
360 AuthenticatorSessionRequest request;
361 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
362 if (result != ERR_OK) {
363 return result;
364 }
365 request.name = name;
366 request.owner = owner;
367 request.authType = authType;
368 request.token = token;
369 return innerManager_->DeleteOAuthToken(request, Constants::API_VERSION9);
370 }
371
GetTokenVisibilityParam(const std::string & name,const std::string & authType,const std::string & bundleName,AuthenticatorSessionRequest & request)372 ErrCode AppAccountManagerService::GetTokenVisibilityParam(const std::string &name,
373 const std::string &authType, const std::string &bundleName, AuthenticatorSessionRequest &request)
374 {
375 ErrCode ret = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
376 if (ret != ERR_OK) {
377 return ret;
378 }
379 request.name = name;
380 request.owner = request.callerBundleName;
381 request.authType = authType;
382 request.bundleName = bundleName;
383 return ret;
384 }
385
SetOAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool isVisible)386 ErrCode AppAccountManagerService::SetOAuthTokenVisibility(
387 const std::string &name, const std::string &authType, const std::string &bundleName, bool isVisible)
388 {
389 AuthenticatorSessionRequest request;
390 ErrCode ret = GetTokenVisibilityParam(name, authType, bundleName, request);
391 if (ret != ERR_OK) {
392 return ret;
393 }
394 request.isTokenVisible = isVisible;
395 return innerManager_->SetOAuthTokenVisibility(request);
396 }
397
SetAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool isVisible)398 ErrCode AppAccountManagerService::SetAuthTokenVisibility(
399 const std::string &name, const std::string &authType, const std::string &bundleName, bool isVisible)
400 {
401 AuthenticatorSessionRequest request;
402 ErrCode result = GetTokenVisibilityParam(name, authType, bundleName, request);
403 if (result != ERR_OK) {
404 return result;
405 }
406 if (request.bundleName == request.owner) {
407 if (isVisible) {
408 ACCOUNT_LOGI("authorizedApp name is the self, invalid operate.");
409 return ERR_OK;
410 } else {
411 ACCOUNT_LOGE("authorizedApp is the same to owner.");
412 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
413 }
414 }
415 request.isTokenVisible = isVisible;
416 return innerManager_->SetOAuthTokenVisibility(request, Constants::API_VERSION9);
417 }
418
CheckOAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool & isVisible)419 ErrCode AppAccountManagerService::CheckOAuthTokenVisibility(
420 const std::string &name, const std::string &authType, const std::string &bundleName, bool &isVisible)
421 {
422 AuthenticatorSessionRequest request;
423 ErrCode ret = GetTokenVisibilityParam(name, authType, bundleName, request);
424 if (ret != ERR_OK) {
425 return ret;
426 }
427 return innerManager_->CheckOAuthTokenVisibility(request, isVisible);
428 }
429
CheckAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool & isVisible)430 ErrCode AppAccountManagerService::CheckAuthTokenVisibility(
431 const std::string &name, const std::string &authType, const std::string &bundleName, bool &isVisible)
432 {
433 AuthenticatorSessionRequest request;
434 ErrCode ret = GetTokenVisibilityParam(name, authType, bundleName, request);
435 if (ret != ERR_OK) {
436 return ret;
437 }
438 return innerManager_->CheckOAuthTokenVisibility(request, isVisible, Constants::API_VERSION9);
439 }
440
GetAuthenticatorInfo(const std::string & owner,AuthenticatorInfo & info)441 ErrCode AppAccountManagerService::GetAuthenticatorInfo(const std::string &owner, AuthenticatorInfo &info)
442 {
443 AuthenticatorSessionRequest request;
444 request.callerUid = IPCSkeleton::GetCallingUid();
445 ErrCode result = GetCallingTokenInfoAndAppIndex(request.appIndex);
446 if (result != ERR_OK) {
447 ACCOUNT_LOGE("failed to get app index");
448 return result;
449 }
450 request.owner = owner;
451 return innerManager_->GetAuthenticatorInfo(request, info);
452 }
453
GetAllOAuthTokens(const std::string & name,const std::string & owner,std::vector<OAuthTokenInfo> & tokenInfos)454 ErrCode AppAccountManagerService::GetAllOAuthTokens(
455 const std::string &name, const std::string &owner, std::vector<OAuthTokenInfo> &tokenInfos)
456 {
457 AuthenticatorSessionRequest request;
458 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
459 if (result != ERR_OK) {
460 return result;
461 }
462 request.name = name;
463 request.owner = owner;
464 return innerManager_->GetAllOAuthTokens(request, tokenInfos);
465 }
466
GetOAuthList(const std::string & name,const std::string & authType,std::set<std::string> & oauthList)467 ErrCode AppAccountManagerService::GetOAuthList(
468 const std::string &name, const std::string &authType, std::set<std::string> &oauthList)
469 {
470 AuthenticatorSessionRequest request;
471 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
472 if (result != ERR_OK) {
473 return result;
474 }
475 request.name = name;
476 request.authType = authType;
477 return innerManager_->GetOAuthList(request, oauthList);
478 }
479
GetAuthList(const std::string & name,const std::string & authType,std::set<std::string> & oauthList)480 ErrCode AppAccountManagerService::GetAuthList(
481 const std::string &name, const std::string &authType, std::set<std::string> &oauthList)
482 {
483 AuthenticatorSessionRequest request;
484 ErrCode ret = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
485 if (ret != ERR_OK) {
486 return ret;
487 }
488 request.name = name;
489 request.authType = authType;
490 return innerManager_->GetOAuthList(request, oauthList, Constants::API_VERSION9);
491 }
492
GetAuthenticatorCallback(const std::string & sessionId,sptr<IRemoteObject> & callback)493 ErrCode AppAccountManagerService::GetAuthenticatorCallback(
494 const std::string &sessionId, sptr<IRemoteObject> &callback)
495 {
496 AuthenticatorSessionRequest request;
497 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
498 if (result != ERR_OK) {
499 return result;
500 }
501 request.sessionId = sessionId;
502 result = innerManager_->GetAuthenticatorCallback(request, callback);
503 return result;
504 }
505
GetAllAccounts(const std::string & owner,std::vector<AppAccountInfo> & appAccounts)506 ErrCode AppAccountManagerService::GetAllAccounts(const std::string &owner, std::vector<AppAccountInfo> &appAccounts)
507 {
508 int32_t callingUid = -1;
509 std::string bundleName;
510 uint32_t appIndex;
511 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
512 if (ret != ERR_OK) {
513 return ret;
514 }
515 if ((owner != bundleName) &&
516 (AccountPermissionManager::VerifyPermission(GET_ALL_APP_ACCOUNTS) != ERR_OK)) {
517 ACCOUNT_LOGE("failed to verify permission for %{public}s", GET_ALL_APP_ACCOUNTS);
518 ReportPermissionFail(callingUid, IPCSkeleton::GetCallingRealPid(), GET_ALL_APP_ACCOUNTS);
519 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
520 }
521
522 AppExecFwk::BundleInfo bundleInfo;
523 int32_t userId = callingUid / UID_TRANSFORM_DIVISOR;
524 bool result = BundleManagerAdapter::GetInstance()->GetBundleInfo(
525 owner, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
526 if (!result) {
527 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
528 }
529
530 return innerManager_->GetAllAccounts(owner, appAccounts, callingUid, bundleName, appIndex);
531 }
532
GetAllAccessibleAccounts(std::vector<AppAccountInfo> & appAccounts)533 ErrCode AppAccountManagerService::GetAllAccessibleAccounts(std::vector<AppAccountInfo> &appAccounts)
534 {
535 int32_t callingUid = -1;
536 std::string bundleName;
537 uint32_t appIndex;
538 ErrCode ret = GetBundleNameAndCheckPerm(callingUid, bundleName, GET_ALL_APP_ACCOUNTS);
539 if (ret != ERR_OK) {
540 return ret;
541 }
542 ret = GetCallingTokenInfoAndAppIndex(appIndex);
543 if (ret != ERR_OK) {
544 ACCOUNT_LOGE("failed to get app index");
545 return ret;
546 }
547 return innerManager_->GetAllAccessibleAccounts(appAccounts, callingUid, bundleName, appIndex);
548 }
549
QueryAllAccessibleAccounts(const std::string & owner,std::vector<AppAccountInfo> & appAccounts)550 ErrCode AppAccountManagerService::QueryAllAccessibleAccounts(
551 const std::string &owner, std::vector<AppAccountInfo> &appAccounts)
552 {
553 int32_t callingUid = -1;
554 std::string bundleName;
555 uint32_t appIndex;
556 ErrCode result = GetCallingInfo(callingUid, bundleName, appIndex);
557 if (result != ERR_OK) {
558 return result;
559 }
560 if (owner.empty()) {
561 return innerManager_->GetAllAccessibleAccounts(appAccounts, callingUid, bundleName, appIndex);
562 }
563 AppExecFwk::BundleInfo bundleInfo;
564 int32_t userId = callingUid / UID_TRANSFORM_DIVISOR;
565 bool ret = BundleManagerAdapter::GetInstance()->GetBundleInfo(
566 owner, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
567 if (!ret) {
568 return ERR_OK;
569 }
570 return innerManager_->GetAllAccounts(owner, appAccounts, callingUid, bundleName, appIndex);
571 }
572
CheckAppAccess(const std::string & name,const std::string & authorizedApp,bool & isAccessible)573 ErrCode AppAccountManagerService::CheckAppAccess(
574 const std::string &name, const std::string &authorizedApp, bool &isAccessible)
575 {
576 AppAccountCallingInfo appAccountCallingInfo;
577 ErrCode result = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
578 appAccountCallingInfo.appIndex);
579 if (result != ERR_OK) {
580 return result;
581 }
582 if (authorizedApp == appAccountCallingInfo.bundleName) {
583 isAccessible = true;
584 return ERR_OK;
585 }
586 return innerManager_->CheckAppAccess(name, authorizedApp, isAccessible, appAccountCallingInfo);
587 }
588
DeleteAccountCredential(const std::string & name,const std::string & credentialType)589 ErrCode AppAccountManagerService::DeleteAccountCredential(
590 const std::string &name, const std::string &credentialType)
591 {
592 int32_t callingUid = -1;
593 std::string bundleName;
594 uint32_t appIndex;
595 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
596 if (ret != ERR_OK) {
597 return ret;
598 }
599 return innerManager_->DeleteAccountCredential(name, credentialType, callingUid, bundleName, appIndex);
600 }
601
SelectAccountsByOptions(const SelectAccountsOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback)602 ErrCode AppAccountManagerService::SelectAccountsByOptions(
603 const SelectAccountsOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
604 {
605 int32_t callingUid = -1;
606 std::string bundleName;
607 uint32_t appIndex;
608 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
609 if (ret != ERR_OK) {
610 return ret;
611 }
612 return innerManager_->SelectAccountsByOptions(options, callback, callingUid, bundleName, appIndex);
613 }
614
VerifyCredential(const std::string & name,const std::string & owner,const VerifyCredentialOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback)615 ErrCode AppAccountManagerService::VerifyCredential(const std::string &name, const std::string &owner,
616 const VerifyCredentialOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
617 {
618 AuthenticatorSessionRequest request;
619 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
620 if (result != ERR_OK) {
621 return result;
622 }
623 request.name = name;
624 request.owner = owner;
625 request.verifyCredOptions = options;
626 request.callback = callback;
627 return innerManager_->VerifyCredential(request);
628 }
629
CheckAccountLabels(const std::string & name,const std::string & owner,const std::vector<std::string> & labels,const sptr<IAppAccountAuthenticatorCallback> & callback)630 ErrCode AppAccountManagerService::CheckAccountLabels(const std::string &name, const std::string &owner,
631 const std::vector<std::string> &labels, const sptr<IAppAccountAuthenticatorCallback> &callback)
632 {
633 AuthenticatorSessionRequest request;
634 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
635 if (result != ERR_OK) {
636 return result;
637 }
638 request.labels = labels;
639 request.callback = callback;
640 request.name = name;
641 request.owner = owner;
642 return innerManager_->CheckAccountLabels(request);
643 }
644
SetAuthenticatorProperties(const std::string & owner,const SetPropertiesOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback)645 ErrCode AppAccountManagerService::SetAuthenticatorProperties(const std::string &owner,
646 const SetPropertiesOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
647 {
648 AuthenticatorSessionRequest request;
649 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
650 if (result != ERR_OK) {
651 return result;
652 }
653 request.owner = owner;
654 request.setPropOptions = options;
655 request.callback = callback;
656 return innerManager_->SetAuthenticatorProperties(request);
657 }
658
SubscribeAppAccount(AppAccountSubscribeInfo & subscribeInfo,const sptr<IRemoteObject> & eventListener)659 ErrCode AppAccountManagerService::SubscribeAppAccount(
660 AppAccountSubscribeInfo &subscribeInfo, const sptr<IRemoteObject> &eventListener)
661 {
662 int32_t callingUid = -1;
663 std::string bundleName;
664 uint32_t appIndex;
665 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
666 if (ret != ERR_OK) {
667 return ret;
668 }
669
670 std::vector<std::string> owners;
671 subscribeInfo.GetOwners(owners);
672 if (owners.size() == 0) {
673 ACCOUNT_LOGE("owners size is 0");
674 return ERR_APPACCOUNT_SERVICE_OWNERS_SIZE_IS_ZERO;
675 }
676
677 int32_t userId = callingUid / UID_TRANSFORM_DIVISOR;
678 std::vector<std::string> existOwners;
679 for (auto owner : owners) {
680 AppExecFwk::BundleInfo bundleInfo;
681 bool bundleRet = BundleManagerAdapter::GetInstance()->GetBundleInfo(owner,
682 AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
683 if (!bundleRet) {
684 ACCOUNT_LOGE("Failed to get bundle info, name=%{public}s", owner.c_str());
685 continue;
686 }
687 existOwners.push_back(owner);
688 }
689 if (existOwners.size() == 0) {
690 ACCOUNT_LOGI("ExistOwners is empty.");
691 return ERR_OK;
692 }
693 subscribeInfo.SetOwners(existOwners);
694 return innerManager_->SubscribeAppAccount(subscribeInfo, eventListener, callingUid, bundleName, appIndex);
695 }
696
UnsubscribeAppAccount(const sptr<IRemoteObject> & eventListener)697 ErrCode AppAccountManagerService::UnsubscribeAppAccount(const sptr<IRemoteObject> &eventListener)
698 {
699 return innerManager_->UnsubscribeAppAccount(eventListener);
700 }
701
OnPackageRemoved(const uid_t & uid,const std::string & bundleName,const uint32_t & appIndex)702 ErrCode AppAccountManagerService::OnPackageRemoved(
703 const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex)
704 {
705 return innerManager_->OnPackageRemoved(uid, bundleName, appIndex);
706 }
707
OnUserRemoved(int32_t userId)708 ErrCode AppAccountManagerService::OnUserRemoved(int32_t userId)
709 {
710 return innerManager_->OnUserRemoved(userId);
711 }
712
GetBundleNameAndCheckPerm(int32_t & callingUid,std::string & bundleName,const std::string & permName)713 ErrCode AppAccountManagerService::GetBundleNameAndCheckPerm(int32_t &callingUid,
714 std::string &bundleName, const std::string &permName)
715 {
716 ErrCode result = GetBundleNameAndCallingUid(callingUid, bundleName);
717 if (result != ERR_OK) {
718 return result;
719 }
720
721 result = AccountPermissionManager::VerifyPermission(permName);
722 if (result != ERR_OK) {
723 ACCOUNT_LOGE("failed to verify permission for %{public}s, result = %{public}d",
724 permName.c_str(), result);
725 ReportPermissionFail(callingUid, IPCSkeleton::GetCallingRealPid(), permName);
726 return result;
727 }
728 return ERR_OK;
729 }
730
GetBundleNameAndCallingUid(int32_t & callingUid,std::string & bundleName)731 ErrCode AppAccountManagerService::GetBundleNameAndCallingUid(int32_t &callingUid, std::string &bundleName)
732 {
733 callingUid = IPCSkeleton::GetCallingUid();
734 ErrCode bundleRet = BundleManagerAdapter::GetInstance()->GetNameForUid(callingUid, bundleName);
735 if (bundleRet != ERR_OK) {
736 ACCOUNT_LOGE("failed to get bundle name");
737 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_NAME;
738 }
739 return ERR_OK;
740 }
741
GetCallingTokenInfoAndAppIndex(uint32_t & appIndex)742 ErrCode AppAccountManagerService::GetCallingTokenInfoAndAppIndex(uint32_t &appIndex)
743 {
744 uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID();
745 Security::AccessToken::HapTokenInfo hapTokenInfo;
746 int result = Security::AccessToken::AccessTokenKit::GetHapTokenInfo(callingTokenId, hapTokenInfo);
747 if (result) {
748 ACCOUNT_LOGE("failed to get hap token info, result = %{public}d", result);
749 return ERR_APPACCOUNT_SERVICE_GET_APP_INDEX;
750 }
751 if (hapTokenInfo.instIndex < 0) {
752 ACCOUNT_LOGE("get invalid app index from hap token info, index = %{public}d", hapTokenInfo.instIndex);
753 return ERR_APPACCOUNT_SERVICE_GET_APP_INDEX;
754 }
755 appIndex = static_cast<uint32_t>(hapTokenInfo.instIndex);
756 return ERR_OK;
757 }
758
GetCallingInfo(int32_t & callingUid,std::string & bundleName,uint32_t & appIndex)759 ErrCode AppAccountManagerService::GetCallingInfo(int32_t &callingUid, std::string &bundleName, uint32_t &appIndex)
760 {
761 ErrCode result = GetBundleNameAndCallingUid(callingUid, bundleName);
762 if (result != ERR_OK) {
763 ACCOUNT_LOGE("Failed to get bundle name");
764 return result;
765 }
766 result = GetCallingTokenInfoAndAppIndex(appIndex);
767 if (result != ERR_OK) {
768 ACCOUNT_LOGE("failed to get app index");
769 return result;
770 }
771 return result;
772 }
773 } // namespace AccountSA
774 } // namespace OHOS
775