1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accesstoken_kit.h"
17 #include <string>
18 #include <vector>
19 #include "accesstoken_common_log.h"
20 #include "access_token_error.h"
21 #include "accesstoken_manager_client.h"
22 #include "constant_common.h"
23 #include "data_validator.h"
24 #include "hap_token_info.h"
25 #include "permission_def.h"
26 #include "permission_map.h"
27 #include "perm_setproc.h"
28 #include "perm_state_change_callback_customize.h"
29 #include "tokenid_kit.h"
30 #include "token_setproc.h"
31
32 namespace OHOS {
33 namespace Security {
34 namespace AccessToken {
35 namespace {
36 static const uint64_t SYSTEM_APP_MASK = (static_cast<uint64_t>(1) << 32);
37 static const uint64_t TOKEN_ID_LOWMASK = 0xffffffff;
38 static const int INVALID_DLP_TOKEN_FLAG = -1;
39 static const int FIRSTCALLER_TOKENID_DEFAULT = 0;
40 } // namespace
41
GetPermissionUsedType(AccessTokenID tokenID,const std::string & permissionName)42 PermUsedTypeEnum AccessTokenKit::GetPermissionUsedType(
43 AccessTokenID tokenID, const std::string& permissionName)
44 {
45 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permissionName=%{public}s.",
46 tokenID, permissionName.c_str());
47 if ((tokenID == INVALID_TOKENID) || (!DataValidator::IsPermissionNameValid(permissionName))) {
48 LOGE(ATM_DOMAIN, ATM_TAG, "Input param failed.");
49 return PermUsedTypeEnum::INVALID_USED_TYPE;
50 }
51 return AccessTokenManagerClient::GetInstance().GetPermissionUsedType(tokenID, permissionName);
52 }
53
GrantPermissionForSpecifiedTime(AccessTokenID tokenID,const std::string & permissionName,uint32_t onceTime)54 int AccessTokenKit::GrantPermissionForSpecifiedTime(
55 AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime)
56 {
57 LOGI(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permissionName=%{public}s, onceTime=%{public}d.",
58 tokenID, permissionName.c_str(), onceTime);
59 if (tokenID == INVALID_TOKENID) {
60 LOGE(ATM_DOMAIN, ATM_TAG, "Invalid tokenID");
61 return AccessTokenError::ERR_PARAM_INVALID;
62 }
63 if (!DataValidator::IsPermissionNameValid(permissionName)) {
64 LOGE(ATM_DOMAIN, ATM_TAG, "Invalid permissionName");
65 return AccessTokenError::ERR_PARAM_INVALID;
66 }
67 return AccessTokenManagerClient::GetInstance().GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime);
68 }
69
TransferHapPolicyParams(const HapPolicyParams & policyIn,HapPolicy & policyOut)70 static void TransferHapPolicyParams(const HapPolicyParams& policyIn, HapPolicy& policyOut)
71 {
72 policyOut.apl = policyIn.apl;
73 policyOut.domain = policyIn.domain;
74 policyOut.permList.assign(policyIn.permList.begin(), policyIn.permList.end());
75 policyOut.aclRequestedList.assign(policyIn.aclRequestedList.begin(), policyIn.aclRequestedList.end());
76 policyOut.preAuthorizationInfo.assign(policyIn.preAuthorizationInfo.begin(), policyIn.preAuthorizationInfo.end());
77 for (const auto& perm : policyIn.permStateList) {
78 PermissionStatus tmp;
79 tmp.permissionName = perm.permissionName;
80 tmp.grantStatus = perm.grantStatus[0];
81 tmp.grantFlag = perm.grantFlags[0];
82 policyOut.permStateList.emplace_back(tmp);
83 }
84 policyOut.checkIgnore = policyIn.checkIgnore;
85 policyOut.aclExtendedMap = policyIn.aclExtendedMap;
86 }
87
AllocHapToken(const HapInfoParams & info,const HapPolicyParams & policy)88 AccessTokenIDEx AccessTokenKit::AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy)
89 {
90 AccessTokenIDEx res = {0};
91 LOGI(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d, bundleName :%{public}s, \
92 permList: %{public}zu, stateList: %{public}zu, checkIgnore: %{public}d",
93 info.userID, info.bundleName.c_str(), policy.permList.size(), policy.permStateList.size(), policy.checkIgnore);
94 if ((!DataValidator::IsUserIdValid(info.userID)) || !DataValidator::IsAppIDDescValid(info.appIDDesc) ||
95 !DataValidator::IsBundleNameValid(info.bundleName) || !DataValidator::IsAplNumValid(policy.apl) ||
96 !DataValidator::IsDomainValid(policy.domain) || !DataValidator::IsDlpTypeValid(info.dlpType)) {
97 LOGE(ATM_DOMAIN, ATM_TAG, "Input param failed");
98 return res;
99 }
100 HapPolicy newPolicy;
101 TransferHapPolicyParams(policy, newPolicy);
102 return AccessTokenManagerClient::GetInstance().AllocHapToken(info, newPolicy);
103 }
104
InitHapToken(const HapInfoParams & info,HapPolicyParams & policy,AccessTokenIDEx & fullTokenId)105 int32_t AccessTokenKit::InitHapToken(const HapInfoParams& info, HapPolicyParams& policy,
106 AccessTokenIDEx& fullTokenId)
107 {
108 HapInfoCheckResult result;
109 return InitHapToken(info, policy, fullTokenId, result);
110 }
111
InitHapToken(const HapInfoParams & info,HapPolicyParams & policy,AccessTokenIDEx & fullTokenId,HapInfoCheckResult & result)112 int32_t AccessTokenKit::InitHapToken(const HapInfoParams& info, HapPolicyParams& policy,
113 AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result)
114 {
115 LOGI(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d, bundleName :%{public}s, permList: %{public}zu, "
116 "stateList: %{public}zu, aclExtendedMap: %{public}zu, checkIgnore: %{public}d",
117 info.userID, info.bundleName.c_str(), policy.permList.size(), policy.permStateList.size(),
118 policy.aclExtendedMap.size(), policy.checkIgnore);
119 if ((!DataValidator::IsUserIdValid(info.userID)) || !DataValidator::IsAppIDDescValid(info.appIDDesc) ||
120 !DataValidator::IsBundleNameValid(info.bundleName) || !DataValidator::IsAplNumValid(policy.apl) ||
121 !DataValidator::IsDomainValid(policy.domain) || !DataValidator::IsDlpTypeValid(info.dlpType) ||
122 !DataValidator::IsAclExtendedMapSizeValid(policy.aclExtendedMap)) {
123 LOGE(ATM_DOMAIN, ATM_TAG, "Input param failed");
124 return AccessTokenError::ERR_PARAM_INVALID;
125 }
126 HapPolicy newPolicy;
127 TransferHapPolicyParams(policy, newPolicy);
128 return AccessTokenManagerClient::GetInstance().InitHapToken(info, newPolicy, fullTokenId, result);
129 }
130
AllocLocalTokenID(const std::string & remoteDeviceID,AccessTokenID remoteTokenID)131 AccessTokenID AccessTokenKit::AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID)
132 {
133 LOGI(ATM_DOMAIN, ATM_TAG, "DeviceID=%{public}s, tokenID=%{public}d",
134 ConstantCommon::EncryptDevId(remoteDeviceID).c_str(), remoteTokenID);
135 #ifdef DEBUG_API_PERFORMANCE
136 LOGD(ATM_DOMAIN, ATM_TAG, "Api_performance:start call");
137 AccessTokenID resID = AccessTokenManagerClient::GetInstance().AllocLocalTokenID(remoteDeviceID, remoteTokenID);
138 LOGD(ATM_DOMAIN, ATM_TAG, "Api_performance:end call");
139 return resID;
140 #else
141 return AccessTokenManagerClient::GetInstance().AllocLocalTokenID(remoteDeviceID, remoteTokenID);
142 #endif
143 }
144
UpdateHapToken(AccessTokenIDEx & tokenIdEx,const UpdateHapInfoParams & info,const HapPolicyParams & policy)145 int32_t AccessTokenKit::UpdateHapToken(
146 AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, const HapPolicyParams& policy)
147 {
148 HapInfoCheckResult result;
149 return UpdateHapToken(tokenIdEx, info, policy, result);
150 }
151
UpdateHapToken(AccessTokenIDEx & tokenIdEx,const UpdateHapInfoParams & info,const HapPolicyParams & policy,HapInfoCheckResult & result)152 int32_t AccessTokenKit::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info,
153 const HapPolicyParams& policy, HapInfoCheckResult& result)
154 {
155 LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d, isSystemApp: %{public}d, \
156 permList: %{public}zu, stateList: %{public}zu, aclExtendedMap: %{public}zu, checkIgnore: %{public}d",
157 tokenIdEx.tokenIdExStruct.tokenID, info.isSystemApp, policy.permList.size(), policy.permStateList.size(),
158 policy.aclExtendedMap.size(), policy.checkIgnore);
159 if ((tokenIdEx.tokenIdExStruct.tokenID == INVALID_TOKENID) || (!DataValidator::IsAppIDDescValid(info.appIDDesc)) ||
160 (!DataValidator::IsAplNumValid(policy.apl)) ||
161 !DataValidator::IsAclExtendedMapSizeValid(policy.aclExtendedMap)) {
162 LOGE(ATM_DOMAIN, ATM_TAG, "Input param failed");
163 return AccessTokenError::ERR_PARAM_INVALID;
164 }
165 HapPolicy newPolicy;
166 TransferHapPolicyParams(policy, newPolicy);
167 return AccessTokenManagerClient::GetInstance().UpdateHapToken(tokenIdEx, info, newPolicy, result);
168 }
169
DeleteToken(AccessTokenID tokenID)170 int AccessTokenKit::DeleteToken(AccessTokenID tokenID)
171 {
172 LOGI(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID);
173 if (tokenID == INVALID_TOKENID) {
174 return AccessTokenError::ERR_PARAM_INVALID;
175 }
176 return AccessTokenManagerClient::GetInstance().DeleteToken(tokenID);
177 }
178
GetTokenType(AccessTokenID tokenID)179 ATokenTypeEnum AccessTokenKit::GetTokenType(AccessTokenID tokenID) __attribute__((no_sanitize("cfi")))
180 {
181 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID);
182 if (tokenID == INVALID_TOKENID) {
183 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid.");
184 return TOKEN_INVALID;
185 }
186 return AccessTokenManagerClient::GetInstance().GetTokenType(tokenID);
187 }
188
GetTokenTypeFlag(AccessTokenID tokenID)189 ATokenTypeEnum AccessTokenKit::GetTokenTypeFlag(AccessTokenID tokenID)
190 {
191 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID);
192 if (tokenID == INVALID_TOKENID) {
193 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid");
194 return TOKEN_INVALID;
195 }
196 AccessTokenIDInner *idInner = reinterpret_cast<AccessTokenIDInner *>(&tokenID);
197 return static_cast<ATokenTypeEnum>(idInner->type);
198 }
199
GetTokenType(FullTokenID tokenID)200 ATokenTypeEnum AccessTokenKit::GetTokenType(FullTokenID tokenID)
201 {
202 AccessTokenID id = tokenID & TOKEN_ID_LOWMASK;
203 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", id);
204 if (id == INVALID_TOKENID) {
205 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid");
206 return TOKEN_INVALID;
207 }
208 return AccessTokenManagerClient::GetInstance().GetTokenType(id);
209 }
210
GetTokenTypeFlag(FullTokenID tokenID)211 ATokenTypeEnum AccessTokenKit::GetTokenTypeFlag(FullTokenID tokenID)
212 {
213 AccessTokenID id = tokenID & TOKEN_ID_LOWMASK;
214 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", id);
215 if (id == INVALID_TOKENID) {
216 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid");
217 return TOKEN_INVALID;
218 }
219 AccessTokenIDInner *idInner = reinterpret_cast<AccessTokenIDInner *>(&id);
220 return static_cast<ATokenTypeEnum>(idInner->type);
221 }
222
GetHapTokenID(int32_t userID,const std::string & bundleName,int32_t instIndex)223 AccessTokenID AccessTokenKit::GetHapTokenID(
224 int32_t userID, const std::string& bundleName, int32_t instIndex) __attribute__((no_sanitize("cfi")))
225 {
226 LOGD(ATM_DOMAIN, ATM_TAG, "UserID=%{public}d, bundleName=%{public}s, instIndex=%{public}d.",
227 userID, bundleName.c_str(), instIndex);
228 if ((!DataValidator::IsUserIdValid(userID)) || (!DataValidator::IsBundleNameValid(bundleName))) {
229 LOGE(ATM_DOMAIN, ATM_TAG, "Hap token param check failed");
230 return INVALID_TOKENID;
231 }
232 AccessTokenIDEx tokenIdEx =
233 AccessTokenManagerClient::GetInstance().GetHapTokenID(userID, bundleName, instIndex);
234 return tokenIdEx.tokenIdExStruct.tokenID;
235 }
236
GetHapTokenIDEx(int32_t userID,const std::string & bundleName,int32_t instIndex)237 AccessTokenIDEx AccessTokenKit::GetHapTokenIDEx(int32_t userID, const std::string& bundleName, int32_t instIndex)
238 {
239 AccessTokenIDEx tokenIdEx = {0};
240 LOGD(ATM_DOMAIN, ATM_TAG, "UserID=%{public}d, bundleName=%{public}s, instIndex=%{public}d.",
241 userID, bundleName.c_str(), instIndex);
242 if ((!DataValidator::IsUserIdValid(userID)) || (!DataValidator::IsBundleNameValid(bundleName))) {
243 LOGE(ATM_DOMAIN, ATM_TAG, "Hap token param check failed");
244 return tokenIdEx;
245 }
246 return AccessTokenManagerClient::GetInstance().GetHapTokenID(userID, bundleName, instIndex);
247 }
248
GetTokenIDByUserID(int32_t userID,std::unordered_set<AccessTokenID> & tokenIdList)249 int32_t AccessTokenKit::GetTokenIDByUserID(int32_t userID, std::unordered_set<AccessTokenID>& tokenIdList)
250 {
251 LOGD(ATM_DOMAIN, ATM_TAG, "UserID=%{public}d.", userID);
252 if (!DataValidator::IsUserIdValid(userID)) {
253 LOGE(ATM_DOMAIN, ATM_TAG, "UserID=%{public}d is invalid", userID);
254 return AccessTokenError::ERR_PARAM_INVALID;
255 }
256 return AccessTokenManagerClient::GetInstance().GetTokenIDByUserID(userID, tokenIdList);
257 }
258
GetHapTokenInfo(AccessTokenID tokenID,HapTokenInfo & hapTokenInfoRes)259 int AccessTokenKit::GetHapTokenInfo(
260 AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes) __attribute__((no_sanitize("cfi")))
261 {
262 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID);
263 if (GetTokenTypeFlag(tokenID) != TOKEN_HAP) {
264 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID =%{public}d is invalid", tokenID);
265 return AccessTokenError::ERR_PARAM_INVALID;
266 }
267
268 return AccessTokenManagerClient::GetInstance().GetHapTokenInfo(tokenID, hapTokenInfoRes);
269 }
270
GetNativeTokenInfo(AccessTokenID tokenID,NativeTokenInfo & nativeTokenInfoRes)271 int AccessTokenKit::GetNativeTokenInfo(
272 AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes) __attribute__((no_sanitize("cfi")))
273 {
274 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID);
275 if (GetTokenTypeFlag(tokenID) != TOKEN_NATIVE && GetTokenTypeFlag(tokenID) != TOKEN_SHELL) {
276 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID =%{public}d is invalid", tokenID);
277 return AccessTokenError::ERR_PARAM_INVALID;
278 }
279 return AccessTokenManagerClient::GetInstance().GetNativeTokenInfo(tokenID, nativeTokenInfoRes);
280 }
281
GetSelfPermissionsState(std::vector<PermissionListState> & permList,PermissionGrantInfo & info)282 PermissionOper AccessTokenKit::GetSelfPermissionsState(std::vector<PermissionListState>& permList,
283 PermissionGrantInfo& info)
284 {
285 LOGD(ATM_DOMAIN, ATM_TAG, "PermList.size=%{public}zu.", permList.size());
286 return AccessTokenManagerClient::GetInstance().GetSelfPermissionsState(permList, info);
287 }
288
GetPermissionsStatus(AccessTokenID tokenID,std::vector<PermissionListState> & permList)289 int32_t AccessTokenKit::GetPermissionsStatus(AccessTokenID tokenID, std::vector<PermissionListState>& permList)
290 {
291 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permList.size=%{public}zu.", tokenID, permList.size());
292 if (tokenID == INVALID_TOKENID) {
293 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid");
294 return ERR_PARAM_INVALID;
295 }
296 return AccessTokenManagerClient::GetInstance().GetPermissionsStatus(tokenID, permList);
297 }
298
VerifyAccessToken(AccessTokenID tokenID,const std::string & permissionName,bool crossIpc)299 int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName, bool crossIpc)
300 {
301 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permissionName=%{public}s, crossIpc=%{public}d.",
302 tokenID, permissionName.c_str(), crossIpc);
303 uint32_t code;
304 if (!TransferPermissionToOpcode(permissionName, code)) {
305 LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName(%{public}s) is not exist.", permissionName.c_str());
306 return PERMISSION_DENIED;
307 }
308 if (crossIpc) {
309 return AccessTokenManagerClient::GetInstance().VerifyAccessToken(tokenID, permissionName);
310 }
311 bool isGranted = false;
312 int32_t ret = GetPermissionFromKernel(tokenID, code, isGranted);
313 if (ret != 0) {
314 return AccessTokenManagerClient::GetInstance().VerifyAccessToken(tokenID, permissionName);
315 }
316 return isGranted ? PERMISSION_GRANTED : PERMISSION_DENIED;
317 }
318
VerifyAccessToken(AccessTokenID callerTokenID,AccessTokenID firstTokenID,const std::string & permissionName,bool crossIpc)319 int AccessTokenKit::VerifyAccessToken(
320 AccessTokenID callerTokenID, AccessTokenID firstTokenID, const std::string& permissionName, bool crossIpc)
321 {
322 LOGD(ATM_DOMAIN, ATM_TAG, "CallerToken=%{public}d, firstToken=%{public}d, permissionName=%{public}s.",
323 callerTokenID, firstTokenID, permissionName.c_str());
324 int ret = AccessTokenKit::VerifyAccessToken(callerTokenID, permissionName, crossIpc);
325 if (ret != PERMISSION_GRANTED) {
326 return ret;
327 }
328 if (firstTokenID == FIRSTCALLER_TOKENID_DEFAULT) {
329 return ret;
330 }
331 return AccessTokenKit::VerifyAccessToken(firstTokenID, permissionName, crossIpc);
332 }
333
VerifyAccessToken(AccessTokenID tokenID,const std::string & permissionName)334 int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName)
335 {
336 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permissionName=%{public}s.",
337 tokenID, permissionName.c_str());
338 uint32_t code;
339 if (!TransferPermissionToOpcode(permissionName, code)) {
340 LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName(%{public}s) is not exist.", permissionName.c_str());
341 return PERMISSION_DENIED;
342 }
343 bool isGranted = false;
344 int32_t ret = GetPermissionFromKernel(tokenID, code, isGranted);
345 if (ret != 0) {
346 return AccessTokenManagerClient::GetInstance().VerifyAccessToken(tokenID, permissionName);
347 }
348 return isGranted ? PERMISSION_GRANTED : PERMISSION_DENIED;
349 }
350
VerifyAccessToken(AccessTokenID callerTokenID,AccessTokenID firstTokenID,const std::string & permissionName)351 int AccessTokenKit::VerifyAccessToken(
352 AccessTokenID callerTokenID, AccessTokenID firstTokenID, const std::string& permissionName)
353 {
354 LOGD(ATM_DOMAIN, ATM_TAG, "CallerToken=%{public}d, firstToken=%{public}d, permissionName=%{public}s.",
355 callerTokenID, firstTokenID, permissionName.c_str());
356 int ret = AccessTokenKit::VerifyAccessToken(callerTokenID, permissionName);
357 if (ret != PERMISSION_GRANTED) {
358 return ret;
359 }
360 if (firstTokenID == FIRSTCALLER_TOKENID_DEFAULT) {
361 return ret;
362 }
363 return AccessTokenKit::VerifyAccessToken(firstTokenID, permissionName);
364 }
365
VerifyAccessToken(AccessTokenID tokenID,const std::vector<std::string> & permissionList,std::vector<int32_t> & permStateList,bool crossIpc)366 int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::vector<std::string>& permissionList,
367 std::vector<int32_t>& permStateList, bool crossIpc)
368 {
369 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permissionlist.size=%{public}zu, crossIpc=%{public}d.",
370 tokenID, permissionList.size(), crossIpc);
371 permStateList.clear();
372 if (crossIpc) {
373 return AccessTokenManagerClient::GetInstance().VerifyAccessToken(tokenID, permissionList, permStateList);
374 }
375
376 permStateList.resize(permissionList.size(), PERMISSION_DENIED);
377 std::vector<std::string> permListCrossIpc;
378 std::unordered_map<size_t, size_t> permToState;
379 for (size_t i = 0; i < permissionList.size(); i++) {
380 bool isGranted = false;
381 uint32_t code;
382 if (!TransferPermissionToOpcode(permissionList[i], code)) {
383 LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName(%{public}s) is not exist.", permissionList[i].c_str());
384 permStateList[i] = PERMISSION_DENIED;
385 continue;
386 }
387 int32_t ret = GetPermissionFromKernel(tokenID, code, isGranted);
388 if (ret != 0) {
389 permToState[permListCrossIpc.size()] = i;
390 permListCrossIpc.emplace_back(permissionList[i]);
391 continue;
392 }
393 permStateList[i] = isGranted ? PERMISSION_GRANTED : PERMISSION_DENIED;
394 }
395 if (!permListCrossIpc.empty()) {
396 std::vector<int32_t> permStateCrossIpc;
397 int ret = AccessTokenManagerClient::GetInstance().VerifyAccessToken(tokenID,
398 permListCrossIpc, permStateCrossIpc);
399 if (ret != ERR_OK) {
400 return ret;
401 }
402 for (size_t i = 0; i < permStateCrossIpc.size(); i++) {
403 if (permToState.find(i) != permToState.end()) {
404 permStateList[permToState[i]] = permStateCrossIpc[i];
405 }
406 }
407 }
408 return ERR_OK;
409 }
410
GetDefPermission(const std::string & permissionName,PermissionDef & permissionDefResult)411 int AccessTokenKit::GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult)
412 {
413 LOGD(ATM_DOMAIN, ATM_TAG, "PermissionName=%{public}s.", permissionName.c_str());
414 if (!DataValidator::IsPermissionNameValid(permissionName)) {
415 LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid");
416 return AccessTokenError::ERR_PARAM_INVALID;
417 }
418
419 PermissionBriefDef briefDef;
420 if (!GetPermissionBriefDef(permissionName, briefDef)) {
421 return AccessTokenError::ERR_PERMISSION_NOT_EXIST;
422 }
423
424 if (briefDef.grantMode == GrantMode::SYSTEM_GRANT) {
425 ConvertPermissionBriefToDef(briefDef, permissionDefResult);
426 return 0;
427 }
428
429 return AccessTokenManagerClient::GetInstance().GetDefPermission(permissionName, permissionDefResult);
430 }
431
GetReqPermissions(AccessTokenID tokenID,std::vector<PermissionStateFull> & reqPermList,bool isSystemGrant)432 int AccessTokenKit::GetReqPermissions(
433 AccessTokenID tokenID, std::vector<PermissionStateFull>& reqPermList, bool isSystemGrant)
434 {
435 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, isSystemGrant=%{public}d.", tokenID, isSystemGrant);
436 if (tokenID == INVALID_TOKENID) {
437 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid");
438 return AccessTokenError::ERR_PARAM_INVALID;
439 }
440
441 return AccessTokenManagerClient::GetInstance().GetReqPermissions(tokenID, reqPermList, isSystemGrant);
442 }
443
GetPermissionFlag(AccessTokenID tokenID,const std::string & permissionName,uint32_t & flag)444 int AccessTokenKit::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag)
445 {
446 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permissionName=%{public}s.",
447 tokenID, permissionName.c_str());
448 if (tokenID == INVALID_TOKENID) {
449 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid");
450 return AccessTokenError::ERR_PARAM_INVALID;
451 }
452 if (!DataValidator::IsPermissionNameValid(permissionName)) {
453 LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid");
454 return AccessTokenError::ERR_PARAM_INVALID;
455 }
456 return AccessTokenManagerClient::GetInstance().GetPermissionFlag(tokenID, permissionName, flag);
457 }
458
GrantPermission(AccessTokenID tokenID,const std::string & permissionName,uint32_t flag)459 int AccessTokenKit::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag)
460 {
461 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permissionName=%{public}s, flag=%{public}d.",
462 tokenID, permissionName.c_str(), flag);
463 if (tokenID == INVALID_TOKENID) {
464 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid");
465 return AccessTokenError::ERR_PARAM_INVALID;
466 }
467 if (!DataValidator::IsPermissionNameValid(permissionName)) {
468 LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid");
469 return AccessTokenError::ERR_PARAM_INVALID;
470 }
471 if (!DataValidator::IsPermissionFlagValid(flag)) {
472 LOGE(ATM_DOMAIN, ATM_TAG, "Flag is invalid");
473 return AccessTokenError::ERR_PARAM_INVALID;
474 }
475 return AccessTokenManagerClient::GetInstance().GrantPermission(tokenID, permissionName, flag);
476 }
477
RevokePermission(AccessTokenID tokenID,const std::string & permissionName,uint32_t flag)478 int AccessTokenKit::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag)
479 {
480 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permissionName=%{public}s, flag=%{public}d.",
481 tokenID, permissionName.c_str(), flag);
482 if (tokenID == INVALID_TOKENID) {
483 LOGE(ATM_DOMAIN, ATM_TAG, "Invalid tokenID");
484 return AccessTokenError::ERR_PARAM_INVALID;
485 }
486 if (!DataValidator::IsPermissionNameValid(permissionName)) {
487 LOGE(ATM_DOMAIN, ATM_TAG, "Invalid permissionName");
488 return AccessTokenError::ERR_PARAM_INVALID;
489 }
490 if (!DataValidator::IsPermissionFlagValid(flag)) {
491 LOGE(ATM_DOMAIN, ATM_TAG, "Invalid flag");
492 return AccessTokenError::ERR_PARAM_INVALID;
493 }
494 return AccessTokenManagerClient::GetInstance().RevokePermission(tokenID, permissionName, flag);
495 }
496
ClearUserGrantedPermissionState(AccessTokenID tokenID)497 int AccessTokenKit::ClearUserGrantedPermissionState(AccessTokenID tokenID)
498 {
499 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID);
500 if (tokenID == INVALID_TOKENID) {
501 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid");
502 return AccessTokenError::ERR_PARAM_INVALID;
503 }
504 return AccessTokenManagerClient::GetInstance().ClearUserGrantedPermissionState(tokenID);
505 }
506
SetPermissionRequestToggleStatus(const std::string & permissionName,uint32_t status,int32_t userID=0)507 int32_t AccessTokenKit::SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status,
508 int32_t userID = 0)
509 {
510 LOGD(ATM_DOMAIN, ATM_TAG, "PermissionName=%{public}s, status=%{public}d, userID=%{public}d.",
511 permissionName.c_str(), status, userID);
512 if (!DataValidator::IsPermissionNameValid(permissionName)) {
513 LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid.");
514 return AccessTokenError::ERR_PARAM_INVALID;
515 }
516 if (!DataValidator::IsToggleStatusValid(status)) {
517 LOGE(ATM_DOMAIN, ATM_TAG, "Toggle status is invalid.");
518 return AccessTokenError::ERR_PARAM_INVALID;
519 }
520 if (!DataValidator::IsUserIdValid(userID)) {
521 LOGE(ATM_DOMAIN, ATM_TAG, "UserID is invalid.");
522 return AccessTokenError::ERR_PARAM_INVALID;
523 }
524 return AccessTokenManagerClient::GetInstance().SetPermissionRequestToggleStatus(permissionName, status, userID);
525 }
526
GetPermissionRequestToggleStatus(const std::string & permissionName,uint32_t & status,int32_t userID=0)527 int32_t AccessTokenKit::GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status,
528 int32_t userID = 0)
529 {
530 LOGD(ATM_DOMAIN, ATM_TAG, "PermissionName=%{public}s, userID=%{public}d.",
531 permissionName.c_str(), userID);
532 if (!DataValidator::IsPermissionNameValid(permissionName)) {
533 LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid.");
534 return AccessTokenError::ERR_PARAM_INVALID;
535 }
536 if (!DataValidator::IsUserIdValid(userID)) {
537 LOGE(ATM_DOMAIN, ATM_TAG, "UserID is invalid.");
538 return AccessTokenError::ERR_PARAM_INVALID;
539 }
540 return AccessTokenManagerClient::GetInstance().GetPermissionRequestToggleStatus(permissionName, status, userID);
541 }
542
RequestAppPermOnSetting(AccessTokenID tokenID)543 int32_t AccessTokenKit::RequestAppPermOnSetting(AccessTokenID tokenID)
544 {
545 LOGD(ATM_DOMAIN, ATM_TAG, "tokenID=%{public}d.", tokenID);
546 if (tokenID == INVALID_TOKENID) {
547 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid");
548 return AccessTokenError::ERR_PARAM_INVALID;
549 }
550 return AccessTokenManagerClient::GetInstance().RequestAppPermOnSetting(tokenID);
551 }
552
RegisterPermStateChangeCallback(const std::shared_ptr<PermStateChangeCallbackCustomize> & callback)553 int32_t AccessTokenKit::RegisterPermStateChangeCallback(
554 const std::shared_ptr<PermStateChangeCallbackCustomize>& callback)
555 {
556 return AccessTokenManagerClient::GetInstance().RegisterPermStateChangeCallback(callback, SYSTEM_REGISTER_TYPE);
557 }
558
UnRegisterPermStateChangeCallback(const std::shared_ptr<PermStateChangeCallbackCustomize> & callback)559 int32_t AccessTokenKit::UnRegisterPermStateChangeCallback(
560 const std::shared_ptr<PermStateChangeCallbackCustomize>& callback)
561 {
562 return AccessTokenManagerClient::GetInstance().UnRegisterPermStateChangeCallback(callback, SYSTEM_REGISTER_TYPE);
563 }
564
RegisterSelfPermStateChangeCallback(const std::shared_ptr<PermStateChangeCallbackCustomize> & callback)565 int32_t AccessTokenKit::RegisterSelfPermStateChangeCallback(
566 const std::shared_ptr<PermStateChangeCallbackCustomize>& callback)
567 {
568 return AccessTokenManagerClient::GetInstance().RegisterPermStateChangeCallback(callback, SELF_REGISTER_TYPE);
569 }
570
UnRegisterSelfPermStateChangeCallback(const std::shared_ptr<PermStateChangeCallbackCustomize> & callback)571 int32_t AccessTokenKit::UnRegisterSelfPermStateChangeCallback(
572 const std::shared_ptr<PermStateChangeCallbackCustomize>& callback)
573 {
574 return AccessTokenManagerClient::GetInstance().UnRegisterPermStateChangeCallback(callback, SELF_REGISTER_TYPE);
575 }
576
GetHapDlpFlag(AccessTokenID tokenID)577 int32_t AccessTokenKit::GetHapDlpFlag(AccessTokenID tokenID)
578 {
579 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID);
580 if (tokenID == INVALID_TOKENID) {
581 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid");
582 return INVALID_DLP_TOKEN_FLAG;
583 }
584 AccessTokenIDInner *idInner = reinterpret_cast<AccessTokenIDInner *>(&tokenID);
585 return static_cast<int32_t>(idInner->dlpFlag);
586 }
587
ReloadNativeTokenInfo()588 int32_t AccessTokenKit::ReloadNativeTokenInfo()
589 {
590 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
591 return AccessTokenManagerClient::GetInstance().ReloadNativeTokenInfo();
592 #else
593 return 0;
594 #endif
595 }
596
GetHapTokenInfoExtension(AccessTokenID tokenID,HapTokenInfoExt & info)597 int AccessTokenKit::GetHapTokenInfoExtension(AccessTokenID tokenID, HapTokenInfoExt& info)
598 {
599 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID);
600 if (GetTokenTypeFlag(tokenID) != TOKEN_HAP) {
601 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID =%{public}d is invalid.", tokenID);
602 return AccessTokenError::ERR_PARAM_INVALID;
603 }
604
605 return AccessTokenManagerClient::GetInstance().GetHapTokenInfoExtension(tokenID, info);
606 }
607
GetNativeTokenId(const std::string & processName)608 AccessTokenID AccessTokenKit::GetNativeTokenId(const std::string& processName)
609 {
610 if (!DataValidator::IsProcessNameValid(processName)) {
611 LOGE(ATM_DOMAIN, ATM_TAG, "ProcessName is invalid, processName=%{public}s", processName.c_str());
612 return INVALID_TOKENID;
613 }
614 return AccessTokenManagerClient::GetInstance().GetNativeTokenId(processName);
615 }
616
617 #ifdef TOKEN_SYNC_ENABLE
GetHapTokenInfoFromRemote(AccessTokenID tokenID,HapTokenInfoForSync & hapSync)618 int AccessTokenKit::GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync)
619 {
620 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID);
621 if (tokenID == INVALID_TOKENID) {
622 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid");
623 return AccessTokenError::ERR_PARAM_INVALID;
624 }
625
626 return AccessTokenManagerClient::GetInstance().GetHapTokenInfoFromRemote(tokenID, hapSync);
627 }
628
SetRemoteHapTokenInfo(const std::string & deviceID,const HapTokenInfoForSync & hapSync)629 int AccessTokenKit::SetRemoteHapTokenInfo(const std::string& deviceID,
630 const HapTokenInfoForSync& hapSync)
631 {
632 LOGD(ATM_DOMAIN, ATM_TAG, "DeviceID=%{public}s, tokenID=%{public}d.",
633 ConstantCommon::EncryptDevId(deviceID).c_str(), hapSync.baseInfo.tokenID);
634 return AccessTokenManagerClient::GetInstance().SetRemoteHapTokenInfo(deviceID, hapSync);
635 }
636
DeleteRemoteToken(const std::string & deviceID,AccessTokenID tokenID)637 int AccessTokenKit::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID)
638 {
639 LOGD(ATM_DOMAIN, ATM_TAG, "DeviceID=%{public}s, tokenID=%{public}d.",
640 ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID);
641 return AccessTokenManagerClient::GetInstance().DeleteRemoteToken(deviceID, tokenID);
642 }
643
DeleteRemoteDeviceTokens(const std::string & deviceID)644 int AccessTokenKit::DeleteRemoteDeviceTokens(const std::string& deviceID)
645 {
646 LOGD(ATM_DOMAIN, ATM_TAG, "DeviceID=%{public}s.", ConstantCommon::EncryptDevId(deviceID).c_str());
647 return AccessTokenManagerClient::GetInstance().DeleteRemoteDeviceTokens(deviceID);
648 }
649
GetRemoteNativeTokenID(const std::string & deviceID,AccessTokenID tokenID)650 AccessTokenID AccessTokenKit::GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID)
651 {
652 LOGD(ATM_DOMAIN, ATM_TAG, "DeviceID=%{public}s., tokenID=%{public}d",
653 ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID);
654 return AccessTokenManagerClient::GetInstance().GetRemoteNativeTokenID(deviceID, tokenID);
655 }
656
RegisterTokenSyncCallback(const std::shared_ptr<TokenSyncKitInterface> & syncCallback)657 int32_t AccessTokenKit::RegisterTokenSyncCallback(const std::shared_ptr<TokenSyncKitInterface>& syncCallback)
658 {
659 LOGD(ATM_DOMAIN, ATM_TAG, "Call RegisterTokenSyncCallback.");
660 return AccessTokenManagerClient::GetInstance().RegisterTokenSyncCallback(syncCallback);
661 }
662
UnRegisterTokenSyncCallback()663 int32_t AccessTokenKit::UnRegisterTokenSyncCallback()
664 {
665 LOGD(ATM_DOMAIN, ATM_TAG, "Call UnRegisterTokenSyncCallback.");
666 return AccessTokenManagerClient::GetInstance().UnRegisterTokenSyncCallback();
667 }
668 #endif
669
FormatApl(ATokenAplEnum availableLevel,std::string & apl)670 static void FormatApl(ATokenAplEnum availableLevel, std::string& apl)
671 {
672 if (availableLevel == ATokenAplEnum::APL_NORMAL) {
673 apl = "NORMAL";
674 } else if (availableLevel == ATokenAplEnum::APL_SYSTEM_BASIC) {
675 apl = "SYSTEM_BASIC";
676 } else {
677 apl = "SYSTEM_CORE";
678 }
679 }
680
FormatAvailableType(ATokenAvailableTypeEnum availableType,std::string & type)681 static void FormatAvailableType(ATokenAvailableTypeEnum availableType, std::string& type)
682 {
683 if (availableType == ATokenAvailableTypeEnum::NORMAL) {
684 type = "NORMAL";
685 } else if (availableType == ATokenAvailableTypeEnum::SYSTEM) {
686 type = "SYSTEM";
687 } else if (availableType == ATokenAvailableTypeEnum::MDM) {
688 type = "MDM";
689 } else if (availableType == ATokenAvailableTypeEnum::SYSTEM_AND_MDM) {
690 type = "SYSTEM_AND_MDM";
691 } else if (availableType == ATokenAvailableTypeEnum::SERVICE) {
692 type = "SERVICE";
693 } else {
694 type = "ENTERPRISE_NORMAL";
695 }
696 }
697
PermDefinitionToString(const PermissionBriefDef & briefDef,std::string & dumpInfo)698 static void PermDefinitionToString(const PermissionBriefDef& briefDef, std::string& dumpInfo)
699 {
700 std::string grantMode = briefDef.grantMode == GrantMode::USER_GRANT ? "USER_GRANT" : "SYSTEM_GRANT";
701 std::string apl;
702 FormatApl(briefDef.availableLevel, apl);
703 std::string availableType;
704 FormatAvailableType(briefDef.availableType, availableType);
705
706 dumpInfo.append(R"({)");
707 dumpInfo.append("\n");
708 dumpInfo.append(R"( "permissionName": ")" + std::string(briefDef.permissionName) + R"(")" + ",\n");
709 dumpInfo.append(R"( "grantMode": )" + grantMode + ",\n");
710 dumpInfo.append(R"( "availableLevel": )" + apl + ",\n");
711 dumpInfo.append(R"( "availableType": )" + availableType + ",\n");
712 dumpInfo.append(R"( "provisionEnable": )" + std::string(briefDef.provisionEnable ? "true" : "false") + ",\n");
713 dumpInfo.append(R"( "distributedSceneEnable": )" +
714 std::string(briefDef.distributedSceneEnable ? "true" : "false") + ",\n");
715 dumpInfo.append(R"( "isKernelEffect": )" + std::string(briefDef.isKernelEffect ? "true" : "false") + ",\n");
716 dumpInfo.append(R"( "hasValue": )" + std::string(briefDef.hasValue ? "true" : "false") + ",\n");
717 dumpInfo.append(R"(})");
718 dumpInfo.append("\n");
719 }
720
DumpPermDefinition(const AtmToolsParamInfo & info,std::string & dumpInfo)721 static void DumpPermDefinition(const AtmToolsParamInfo& info, std::string& dumpInfo)
722 {
723 if (info.permissionName.empty()) {
724 size_t count = GetDefPermissionsSize();
725
726 for (size_t i = 0; i < count; ++i) {
727 PermissionBriefDef briefDef;
728 GetPermissionBriefDef(i, briefDef);
729 PermDefinitionToString(briefDef, dumpInfo);
730 }
731 } else {
732 uint32_t code = 0;
733 if (TransferPermissionToOpcode(info.permissionName, code)) {
734 PermissionBriefDef briefDef;
735 GetPermissionBriefDef(code, briefDef);
736 PermDefinitionToString(briefDef, dumpInfo);
737 }
738 }
739 }
740
DumpTokenInfo(const AtmToolsParamInfo & info,std::string & dumpInfo)741 void AccessTokenKit::DumpTokenInfo(const AtmToolsParamInfo& info, std::string& dumpInfo)
742 {
743 LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, bundleName=%{public}s, processName=%{public}s.",
744 info.tokenId, info.bundleName.c_str(), info.processName.c_str());
745 if (info.type == DUMP_PERM) {
746 DumpPermDefinition(info, dumpInfo);
747 return;
748 }
749
750 AccessTokenManagerClient::GetInstance().DumpTokenInfo(info, dumpInfo);
751 }
752
GetVersion(uint32_t & version)753 int32_t AccessTokenKit::GetVersion(uint32_t& version)
754 {
755 return AccessTokenManagerClient::GetInstance().GetVersion(version);
756 }
757
SetPermDialogCap(const HapBaseInfo & hapBaseInfo,bool enable)758 int32_t AccessTokenKit::SetPermDialogCap(const HapBaseInfo& hapBaseInfo, bool enable)
759 {
760 return AccessTokenManagerClient::GetInstance().SetPermDialogCap(hapBaseInfo, enable);
761 }
762
GetPermissionManagerInfo(PermissionGrantInfo & info)763 void AccessTokenKit::GetPermissionManagerInfo(PermissionGrantInfo& info)
764 {
765 AccessTokenManagerClient::GetInstance().GetPermissionManagerInfo(info);
766 }
767
InitUserPolicy(const std::vector<UserState> & userList,const std::vector<std::string> & permList)768 int32_t AccessTokenKit::InitUserPolicy(
769 const std::vector<UserState>& userList, const std::vector<std::string>& permList)
770 {
771 LOGI(ATM_DOMAIN, ATM_TAG, "Enter.");
772 return AccessTokenManagerClient::GetInstance().InitUserPolicy(userList, permList);
773 }
774
UpdateUserPolicy(const std::vector<UserState> & userList)775 int32_t AccessTokenKit::UpdateUserPolicy(const std::vector<UserState>& userList)
776 {
777 LOGI(ATM_DOMAIN, ATM_TAG, "Enter.");
778 return AccessTokenManagerClient::GetInstance().UpdateUserPolicy(userList);
779 }
780
ClearUserPolicy()781 int32_t AccessTokenKit::ClearUserPolicy()
782 {
783 LOGI(ATM_DOMAIN, ATM_TAG, "Enter.");
784 return AccessTokenManagerClient::GetInstance().ClearUserPolicy();
785 }
786
IsSystemAppByFullTokenID(uint64_t tokenId)787 bool AccessTokenKit::IsSystemAppByFullTokenID(uint64_t tokenId)
788 {
789 return (tokenId & SYSTEM_APP_MASK) == SYSTEM_APP_MASK;
790 }
791
GetRenderTokenID(uint64_t tokenId)792 uint64_t AccessTokenKit::GetRenderTokenID(uint64_t tokenId)
793 {
794 AccessTokenID id = tokenId & TOKEN_ID_LOWMASK;
795 if (id == INVALID_TOKENID) {
796 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid");
797 return tokenId;
798 }
799 AccessTokenIDInner *idInner = reinterpret_cast<AccessTokenIDInner *>(&id);
800 idInner->renderFlag = 1;
801
802 id = *reinterpret_cast<AccessTokenID *>(idInner);
803 return static_cast<uint64_t>(id);
804 }
805
GetKernelPermissions(AccessTokenID tokenID,std::vector<PermissionWithValue> & kernelPermList)806 int32_t AccessTokenKit::GetKernelPermissions(
807 AccessTokenID tokenID, std::vector<PermissionWithValue>& kernelPermList)
808 {
809 LOGI(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID);
810 return AccessTokenManagerClient::GetInstance().GetKernelPermissions(tokenID, kernelPermList);
811 }
812
GetReqPermissionByName(AccessTokenID tokenID,const std::string & permissionName,std::string & value)813 int32_t AccessTokenKit::GetReqPermissionByName(
814 AccessTokenID tokenID, const std::string& permissionName, std::string& value)
815 {
816 LOGI(ATM_DOMAIN, ATM_TAG,
817 "TokenID=%{public}d permissionName=%{public}s.", tokenID, permissionName.c_str());
818 if (!DataValidator::IsPermissionNameValid(permissionName)) {
819 LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid.");
820 return AccessTokenError::ERR_PARAM_INVALID;
821 }
822 return AccessTokenManagerClient::GetInstance().GetReqPermissionByName(tokenID, permissionName, value);
823 }
824 } // namespace AccessToken
825 } // namespace Security
826 } // namespace OHOS
827