1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "data_validator.h"
17
18 #include "access_token.h"
19 #include "accesstoken_common_log.h"
20 #include "permission_used_request.h"
21 #include "permission_used_type.h"
22 #include "privacy_param.h"
23
24 namespace OHOS {
25 namespace Security {
26 namespace AccessToken {
27
IsBundleNameValid(const std::string & bundleName)28 bool DataValidator::IsBundleNameValid(const std::string& bundleName)
29 {
30 return !bundleName.empty() && (bundleName.length() <= MAX_LENGTH);
31 }
32
IsLabelValid(const std::string & label)33 bool DataValidator::IsLabelValid(const std::string& label)
34 {
35 return label.length() <= MAX_LENGTH;
36 }
37
IsDescValid(const std::string & desc)38 bool DataValidator::IsDescValid(const std::string& desc)
39 {
40 return desc.length() <= MAX_LENGTH;
41 }
42
IsPermissionNameValid(const std::string & permissionName)43 bool DataValidator::IsPermissionNameValid(const std::string& permissionName)
44 {
45 if (permissionName.empty() || (permissionName.length() > MAX_LENGTH)) {
46 LOGE(ATM_DOMAIN, ATM_TAG, "Invalid perm length(%{public}d).", static_cast<int32_t>(permissionName.length()));
47 return false;
48 }
49 return true;
50 }
51
IsUserIdValid(const int userId)52 bool DataValidator::IsUserIdValid(const int userId)
53 {
54 return userId >= 0;
55 }
56
IsAclExtendedMapSizeValid(const std::map<std::string,std::string> & aclExtendedMap)57 bool DataValidator::IsAclExtendedMapSizeValid(const std::map<std::string, std::string>& aclExtendedMap)
58 {
59 if (aclExtendedMap.size() > MAX_EXTENDED_MAP_SIZE) {
60 return false;
61 }
62 return true;
63 }
64
IsAclExtendedMapContentValid(const std::string & permissionName,const std::string & value)65 bool DataValidator::IsAclExtendedMapContentValid(const std::string& permissionName, const std::string& value)
66 {
67 if (!IsPermissionNameValid(permissionName)) {
68 return false;
69 }
70
71 if (value.empty() || (value.length() > MAX_VALUE_LENGTH)) {
72 LOGE(ATM_DOMAIN, ATM_TAG, "Invalid value length(%{public}d).", static_cast<int32_t>(value.length()));
73 return false;
74 }
75 return true;
76 }
77
IsToggleStatusValid(const uint32_t status)78 bool DataValidator::IsToggleStatusValid(const uint32_t status)
79 {
80 return ((status == PermissionRequestToggleStatus::CLOSED) ||
81 (status == PermissionRequestToggleStatus::OPEN));
82 }
83
IsAppIDDescValid(const std::string & appIDDesc)84 bool DataValidator::IsAppIDDescValid(const std::string& appIDDesc)
85 {
86 return !appIDDesc.empty() && (appIDDesc.length() <= MAX_APPIDDESC_LENGTH);
87 }
88
IsDomainValid(const std::string & domain)89 bool DataValidator::IsDomainValid(const std::string& domain)
90 {
91 return !domain.empty() && (domain.length() <= MAX_LENGTH);
92 }
93
IsAplNumValid(const int apl)94 bool DataValidator::IsAplNumValid(const int apl)
95 {
96 return (apl == APL_NORMAL || apl == APL_SYSTEM_BASIC || apl == APL_SYSTEM_CORE);
97 }
98
IsAvailableTypeValid(const int availableType)99 bool DataValidator::IsAvailableTypeValid(const int availableType)
100 {
101 return (availableType == NORMAL || availableType == MDM);
102 }
103
IsProcessNameValid(const std::string & processName)104 bool DataValidator::IsProcessNameValid(const std::string& processName)
105 {
106 return !processName.empty() && (processName.length() <= MAX_LENGTH);
107 }
108
IsDeviceIdValid(const std::string & deviceId)109 bool DataValidator::IsDeviceIdValid(const std::string& deviceId)
110 {
111 if (deviceId.empty() || (deviceId.length() > MAX_LENGTH)) {
112 LOGE(ATM_DOMAIN, ATM_TAG, "Invalid deviceId length(%{public}d).", static_cast<int32_t>(deviceId.length()));
113 return false;
114 }
115 return true;
116 }
117
IsDcapValid(const std::string & dcap)118 bool DataValidator::IsDcapValid(const std::string& dcap)
119 {
120 return !dcap.empty() && (dcap.length() <= MAX_DCAP_LENGTH);
121 }
122
IsPermissionFlagValid(uint32_t flag)123 bool DataValidator::IsPermissionFlagValid(uint32_t flag)
124 {
125 uint32_t unmaskedFlag =
126 flag & (~PermissionFlag::PERMISSION_GRANTED_BY_POLICY);
127 return unmaskedFlag == PermissionFlag::PERMISSION_DEFAULT_FLAG ||
128 unmaskedFlag == PermissionFlag::PERMISSION_USER_SET ||
129 unmaskedFlag == PermissionFlag::PERMISSION_USER_FIXED ||
130 unmaskedFlag == PermissionFlag::PERMISSION_SYSTEM_FIXED ||
131 unmaskedFlag == PermissionFlag::PERMISSION_COMPONENT_SET ||
132 unmaskedFlag == PermissionFlag::PERMISSION_POLICY_FIXED ||
133 unmaskedFlag == PermissionFlag::PERMISSION_ALLOW_THIS_TIME;
134 }
135
IsTokenIDValid(AccessTokenID id)136 bool DataValidator::IsTokenIDValid(AccessTokenID id)
137 {
138 if (id == 0) {
139 LOGE(ATM_DOMAIN, ATM_TAG, "Invalid token.");
140 return false;
141 }
142 return true;
143 }
144
IsDlpTypeValid(int dlpType)145 bool DataValidator::IsDlpTypeValid(int dlpType)
146 {
147 return ((dlpType == DLP_COMMON) || (dlpType == DLP_READ) || (dlpType == DLP_FULL_CONTROL));
148 }
149
IsPermissionUsedFlagValid(uint32_t flag)150 bool DataValidator::IsPermissionUsedFlagValid(uint32_t flag)
151 {
152 return ((flag == FLAG_PERMISSION_USAGE_SUMMARY) ||
153 (flag == FLAG_PERMISSION_USAGE_DETAIL) ||
154 (flag == FLAG_PERMISSION_USAGE_SUMMARY_IN_SCREEN_LOCKED) ||
155 (flag == FLAG_PERMISSION_USAGE_SUMMARY_IN_SCREEN_UNLOCKED) ||
156 (flag == FLAG_PERMISSION_USAGE_SUMMARY_IN_APP_BACKGROUND) ||
157 (flag == FLAG_PERMISSION_USAGE_SUMMARY_IN_APP_FOREGROUND));
158 }
159
IsPermissionUsedTypeValid(uint32_t type)160 bool DataValidator::IsPermissionUsedTypeValid(uint32_t type)
161 {
162 if ((type != NORMAL_TYPE) && (type != PICKER_TYPE) && (type != SECURITY_COMPONENT_TYPE)) {
163 LOGE(ATM_DOMAIN, ATM_TAG, "Invalid type(%{public}d).", type);
164 return false;
165 }
166 return true;
167 }
168
IsPolicyTypeValid(uint32_t type)169 bool DataValidator::IsPolicyTypeValid(uint32_t type)
170 {
171 PolicyType policyType = static_cast<PolicyType>(type);
172 if ((policyType != EDM) && (policyType != PRIVACY) && (policyType != TEMPORARY)) {
173 LOGE(ATM_DOMAIN, ATM_TAG, "Invalid type(%{public}d).", type);
174 return false;
175 }
176 return true;
177 }
178
IsCallerTypeValid(uint32_t type)179 bool DataValidator::IsCallerTypeValid(uint32_t type)
180 {
181 CallerType callerType = static_cast<CallerType>(type);
182 if ((callerType != MICROPHONE) && (callerType != CAMERA)) {
183 LOGE(ATM_DOMAIN, ATM_TAG, "Invalid type(%{public}d).", type);
184 return false;
185 }
186 return true;
187 }
188
IsHapCaller(AccessTokenID id)189 bool DataValidator::IsHapCaller(AccessTokenID id)
190 {
191 AccessTokenIDInner *idInner = reinterpret_cast<AccessTokenIDInner *>(&id);
192 ATokenTypeEnum type = static_cast<ATokenTypeEnum>(idInner->type);
193 if (type != TOKEN_HAP) {
194 LOGE(ATM_DOMAIN, ATM_TAG, "Not hap(%{public}d).", id);
195 return false;
196 }
197 return true;
198 }
199 } // namespace AccessToken
200 } // namespace Security
201 } // namespace OHOS
202