1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accesstoken_manager_client.h"
17
18 #include "accesstoken_common_log.h"
19 #include "access_token_error.h"
20 #include "accesstoken_manager_proxy.h"
21 #include "atm_tools_param_info_parcel.h"
22 #include "hap_token_info.h"
23 #include "hap_token_info_for_sync_parcel.h"
24 #include "iservice_registry.h"
25 #include "parameter.h"
26 #include "permission_grant_info_parcel.h"
27 #include "accesstoken_callbacks.h"
28
29 namespace OHOS {
30 namespace Security {
31 namespace AccessToken {
32 namespace {
33 static constexpr int32_t VALUE_MAX_LEN = 32;
34 static const char* ACCESS_TOKEN_SERVICE_INIT_KEY = "accesstoken.permission.init";
35 std::recursive_mutex g_instanceMutex;
36 } // namespace
37 static const uint32_t MAX_CALLBACK_MAP_SIZE = 200;
38
GetInstance()39 AccessTokenManagerClient& AccessTokenManagerClient::GetInstance()
40 {
41 static AccessTokenManagerClient* instance = nullptr;
42 if (instance == nullptr) {
43 std::lock_guard<std::recursive_mutex> lock(g_instanceMutex);
44 if (instance == nullptr) {
45 AccessTokenManagerClient* tmp = new AccessTokenManagerClient();
46 instance = std::move(tmp);
47 }
48 }
49 return *instance;
50 }
51
AccessTokenManagerClient()52 AccessTokenManagerClient::AccessTokenManagerClient()
53 {}
54
~AccessTokenManagerClient()55 AccessTokenManagerClient::~AccessTokenManagerClient()
56 {
57 LOGE(ATM_DOMAIN, ATM_TAG, "~AccessTokenManagerClient");
58 std::lock_guard<std::mutex> lock(proxyMutex_);
59 ReleaseProxy();
60 }
61
GetPermissionUsedType(AccessTokenID tokenID,const std::string & permissionName)62 PermUsedTypeEnum AccessTokenManagerClient::GetPermissionUsedType(
63 AccessTokenID tokenID, const std::string &permissionName)
64 {
65 auto proxy = GetProxy();
66 if (proxy == nullptr) {
67 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
68 return PermUsedTypeEnum::INVALID_USED_TYPE;
69 }
70 return proxy->GetPermissionUsedType(tokenID, permissionName);
71 }
72
VerifyAccessToken(AccessTokenID tokenID,const std::string & permissionName)73 int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName)
74 {
75 auto proxy = GetProxy();
76 if (proxy != nullptr) {
77 return proxy->VerifyAccessToken(tokenID, permissionName);
78 }
79 char value[VALUE_MAX_LEN] = {0};
80 int32_t ret = GetParameter(ACCESS_TOKEN_SERVICE_INIT_KEY, "", value, VALUE_MAX_LEN - 1);
81 if ((ret < 0) || (static_cast<uint64_t>(std::atoll(value)) != 0)) {
82 LOGE(ATM_DOMAIN, ATM_TAG, "At service has been started, ret=%{public}d.", ret);
83 return PERMISSION_DENIED;
84 }
85 AccessTokenIDInner *idInner = reinterpret_cast<AccessTokenIDInner *>(&tokenID);
86 if (static_cast<ATokenTypeEnum>(idInner->type) == TOKEN_NATIVE) {
87 LOGI(ATM_DOMAIN, ATM_TAG, "At service has not been started.");
88 return PERMISSION_GRANTED;
89 }
90 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
91 return PERMISSION_DENIED;
92 }
93
VerifyAccessToken(AccessTokenID tokenID,const std::vector<std::string> & permissionList,std::vector<int32_t> & permStateList)94 int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID,
95 const std::vector<std::string>& permissionList, std::vector<int32_t>& permStateList)
96 {
97 auto proxy = GetProxy();
98 if (proxy == nullptr) {
99 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
100 return AccessTokenError::ERR_SERVICE_ABNORMAL;
101 }
102 return proxy->VerifyAccessToken(tokenID, permissionList, permStateList);
103 }
104
GetDefPermission(const std::string & permissionName,PermissionDef & permissionDefResult)105 int AccessTokenManagerClient::GetDefPermission(
106 const std::string& permissionName, PermissionDef& permissionDefResult)
107 {
108 auto proxy = GetProxy();
109 if (proxy == nullptr) {
110 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
111 return AccessTokenError::ERR_SERVICE_ABNORMAL;
112 }
113 PermissionDefParcel permissionDefParcel;
114 int result = proxy->GetDefPermission(permissionName, permissionDefParcel);
115 permissionDefResult = permissionDefParcel.permissionDef;
116 return result;
117 }
118
GetReqPermissions(AccessTokenID tokenID,std::vector<PermissionStateFull> & reqPermList,bool isSystemGrant)119 int AccessTokenManagerClient::GetReqPermissions(
120 AccessTokenID tokenID, std::vector<PermissionStateFull>& reqPermList, bool isSystemGrant)
121 {
122 auto proxy = GetProxy();
123 if (proxy == nullptr) {
124 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
125 return AccessTokenError::ERR_SERVICE_ABNORMAL;
126 }
127 std::vector<PermissionStatusParcel> parcelList;
128 int result = proxy->GetReqPermissions(tokenID, parcelList, isSystemGrant);
129 for (const auto& permParcel : parcelList) {
130 PermissionStateFull perm;
131 perm.permissionName = permParcel.permState.permissionName;
132 perm.isGeneral = true;
133 perm.resDeviceID.emplace_back("PHONE-001");
134 perm.grantStatus.emplace_back(permParcel.permState.grantStatus);
135 perm.grantFlags.emplace_back(permParcel.permState.grantFlag);
136 reqPermList.emplace_back(perm);
137 }
138 return result;
139 }
140
GetPermissionFlag(AccessTokenID tokenID,const std::string & permissionName,uint32_t & flag)141 int AccessTokenManagerClient::GetPermissionFlag(
142 AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag)
143 {
144 auto proxy = GetProxy();
145 if (proxy == nullptr) {
146 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
147 return AccessTokenError::ERR_SERVICE_ABNORMAL;
148 }
149 return proxy->GetPermissionFlag(tokenID, permissionName, flag);
150 }
151
GetSelfPermissionsState(std::vector<PermissionListState> & permList,PermissionGrantInfo & info)152 PermissionOper AccessTokenManagerClient::GetSelfPermissionsState(std::vector<PermissionListState>& permList,
153 PermissionGrantInfo& info)
154 {
155 auto proxy = GetProxy();
156 if (proxy == nullptr) {
157 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
158 return INVALID_OPER;
159 }
160
161 size_t len = permList.size();
162 if (len == 0) {
163 LOGD(ATM_DOMAIN, ATM_TAG, "Len is zero.");
164 return PASS_OPER;
165 }
166
167 std::vector<PermissionListStateParcel> parcelList;
168
169 for (const auto& perm : permList) {
170 PermissionListStateParcel permParcel;
171 permParcel.permsState = perm;
172 parcelList.emplace_back(permParcel);
173 }
174 PermissionGrantInfoParcel infoParcel;
175 PermissionOper result = proxy->GetSelfPermissionsState(parcelList, infoParcel);
176
177 for (uint32_t i = 0; i < len; i++) {
178 PermissionListState perm = parcelList[i].permsState;
179 permList[i].state = perm.state;
180 permList[i].errorReason = perm.errorReason;
181 }
182
183 info = infoParcel.info;
184 return result;
185 }
186
GetPermissionsStatus(AccessTokenID tokenID,std::vector<PermissionListState> & permList)187 int32_t AccessTokenManagerClient::GetPermissionsStatus(
188 AccessTokenID tokenID, std::vector<PermissionListState>& permList)
189 {
190 auto proxy = GetProxy();
191 if (proxy == nullptr) {
192 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
193 return AccessTokenError::ERR_SERVICE_ABNORMAL;
194 }
195
196 size_t len = permList.size();
197 if (len == 0) {
198 LOGE(ATM_DOMAIN, ATM_TAG, "Len is zero.");
199 return AccessTokenError::ERR_PARAM_INVALID;
200 }
201
202 std::vector<PermissionListStateParcel> parcelList;
203
204 for (const auto& perm : permList) {
205 PermissionListStateParcel permParcel;
206 permParcel.permsState = perm;
207 parcelList.emplace_back(permParcel);
208 }
209 int32_t result = proxy->GetPermissionsStatus(tokenID, parcelList);
210 if (result != RET_SUCCESS) {
211 return result;
212 }
213 for (uint32_t i = 0; i < len; i++) {
214 PermissionListState perm = parcelList[i].permsState;
215 permList[i].state = perm.state;
216 }
217
218 return result;
219 }
220
GrantPermission(AccessTokenID tokenID,const std::string & permissionName,uint32_t flag)221 int AccessTokenManagerClient::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag)
222 {
223 auto proxy = GetProxy();
224 if (proxy == nullptr) {
225 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
226 return AccessTokenError::ERR_SERVICE_ABNORMAL;
227 }
228 return proxy->GrantPermission(tokenID, permissionName, flag);
229 }
230
RevokePermission(AccessTokenID tokenID,const std::string & permissionName,uint32_t flag)231 int AccessTokenManagerClient::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag)
232 {
233 auto proxy = GetProxy();
234 if (proxy == nullptr) {
235 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
236 return AccessTokenError::ERR_SERVICE_ABNORMAL;
237 }
238 return proxy->RevokePermission(tokenID, permissionName, flag);
239 }
240
GrantPermissionForSpecifiedTime(AccessTokenID tokenID,const std::string & permissionName,uint32_t onceTime)241 int AccessTokenManagerClient::GrantPermissionForSpecifiedTime(
242 AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime)
243 {
244 auto proxy = GetProxy();
245 if (proxy == nullptr) {
246 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
247 return AccessTokenError::ERR_SERVICE_ABNORMAL;
248 }
249 return proxy->GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime);
250 }
251
ClearUserGrantedPermissionState(AccessTokenID tokenID)252 int AccessTokenManagerClient::ClearUserGrantedPermissionState(AccessTokenID tokenID)
253 {
254 auto proxy = GetProxy();
255 if (proxy == nullptr) {
256 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
257 return AccessTokenError::ERR_SERVICE_ABNORMAL;
258 }
259 return proxy->ClearUserGrantedPermissionState(tokenID);
260 }
261
SetPermissionRequestToggleStatus(const std::string & permissionName,uint32_t status,int32_t userID=0)262 int32_t AccessTokenManagerClient::SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status,
263 int32_t userID = 0)
264 {
265 auto proxy = GetProxy();
266 if (proxy == nullptr) {
267 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
268 return AccessTokenError::ERR_SERVICE_ABNORMAL;
269 }
270 return proxy->SetPermissionRequestToggleStatus(permissionName, status, userID);
271 }
272
GetPermissionRequestToggleStatus(const std::string & permissionName,uint32_t & status,int32_t userID=0)273 int32_t AccessTokenManagerClient::GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status,
274 int32_t userID = 0)
275 {
276 auto proxy = GetProxy();
277 if (proxy == nullptr) {
278 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
279 return AccessTokenError::ERR_SERVICE_ABNORMAL;
280 }
281 return proxy->GetPermissionRequestToggleStatus(permissionName, status, userID);
282 }
283
RequestAppPermOnSetting(AccessTokenID tokenID)284 int32_t AccessTokenManagerClient::RequestAppPermOnSetting(AccessTokenID tokenID)
285 {
286 auto proxy = GetProxy();
287 if (proxy == nullptr) {
288 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
289 return AccessTokenError::ERR_SERVICE_ABNORMAL;
290 }
291 return proxy->RequestAppPermOnSetting(tokenID);
292 }
293
CreatePermStateChangeCallback(const std::shared_ptr<PermStateChangeCallbackCustomize> & customizedCb,sptr<PermissionStateChangeCallback> & callback)294 int32_t AccessTokenManagerClient::CreatePermStateChangeCallback(
295 const std::shared_ptr<PermStateChangeCallbackCustomize>& customizedCb,
296 sptr<PermissionStateChangeCallback>& callback)
297 {
298 std::lock_guard<std::mutex> lock(callbackMutex_);
299 if (callbackMap_.size() == MAX_CALLBACK_MAP_SIZE) {
300 LOGE(ATM_DOMAIN, ATM_TAG, "The maximum number of callback has been reached");
301 return AccessTokenError::ERR_CALLBACKS_EXCEED_LIMITATION;
302 }
303
304 auto goalCallback = callbackMap_.find(customizedCb);
305 if (goalCallback != callbackMap_.end()) {
306 LOGE(ATM_DOMAIN, ATM_TAG, "Already has the same callback");
307 return AccessTokenError::ERR_CALLBACK_ALREADY_EXIST;
308 } else {
309 callback = new (std::nothrow) PermissionStateChangeCallback(customizedCb);
310 if (!callback) {
311 LOGE(ATM_DOMAIN, ATM_TAG, "Memory allocation for callback failed!");
312 return AccessTokenError::ERR_SERVICE_ABNORMAL;
313 }
314 }
315 return RET_SUCCESS;
316 }
317
RegisterPermStateChangeCallback(const std::shared_ptr<PermStateChangeCallbackCustomize> & customizedCb,RegisterPermChangeType type)318 int32_t AccessTokenManagerClient::RegisterPermStateChangeCallback(
319 const std::shared_ptr<PermStateChangeCallbackCustomize>& customizedCb, RegisterPermChangeType type)
320 {
321 if (customizedCb == nullptr) {
322 LOGE(ATM_DOMAIN, ATM_TAG, "CustomizedCb is nullptr");
323 return AccessTokenError::ERR_PARAM_INVALID;
324 }
325
326 sptr<PermissionStateChangeCallback> callback = nullptr;
327 int32_t result = CreatePermStateChangeCallback(customizedCb, callback);
328 if (result != RET_SUCCESS) {
329 return result;
330 }
331 auto proxy = GetProxy();
332 if (proxy == nullptr) {
333 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
334 return AccessTokenError::ERR_SERVICE_ABNORMAL;
335 }
336
337 PermStateChangeScopeParcel scopeParcel;
338 customizedCb->GetScope(scopeParcel.scope);
339
340 if (scopeParcel.scope.permList.size() > PERMS_LIST_SIZE_MAX) {
341 LOGE(ATM_DOMAIN, ATM_TAG, "PermList scope oversize");
342 return AccessTokenError::ERR_PARAM_INVALID;
343 }
344 if (type == SYSTEM_REGISTER_TYPE) {
345 if (scopeParcel.scope.tokenIDs.size() > TOKENIDS_LIST_SIZE_MAX) {
346 LOGE(ATM_DOMAIN, ATM_TAG, "TokenIDs scope oversize");
347 return AccessTokenError::ERR_PARAM_INVALID;
348 }
349 result = proxy->RegisterPermStateChangeCallback(scopeParcel, callback->AsObject());
350 } else {
351 if (scopeParcel.scope.tokenIDs.size() != 1) {
352 LOGE(ATM_DOMAIN, ATM_TAG, "TokenIDs scope invalid");
353 return AccessTokenError::ERR_PARAM_INVALID;
354 }
355 result = proxy->RegisterSelfPermStateChangeCallback(scopeParcel, callback->AsObject());
356 }
357 if (result == RET_SUCCESS) {
358 std::lock_guard<std::mutex> lock(callbackMutex_);
359 callbackMap_[customizedCb] = callback;
360 }
361 return result;
362 }
363
UnRegisterPermStateChangeCallback(const std::shared_ptr<PermStateChangeCallbackCustomize> & customizedCb,RegisterPermChangeType type)364 int32_t AccessTokenManagerClient::UnRegisterPermStateChangeCallback(
365 const std::shared_ptr<PermStateChangeCallbackCustomize>& customizedCb, RegisterPermChangeType type)
366 {
367 auto proxy = GetProxy();
368 if (proxy == nullptr) {
369 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
370 return AccessTokenError::ERR_SERVICE_ABNORMAL;
371 }
372
373 std::lock_guard<std::mutex> lock(callbackMutex_);
374 auto goalCallback = callbackMap_.find(customizedCb);
375 if (goalCallback == callbackMap_.end()) {
376 LOGE(ATM_DOMAIN, ATM_TAG, "GoalCallback already is not exist");
377 return AccessTokenError::ERR_INTERFACE_NOT_USED_TOGETHER;
378 }
379 int32_t result;
380 if (type == SYSTEM_REGISTER_TYPE) {
381 result = proxy->UnRegisterPermStateChangeCallback(goalCallback->second->AsObject());
382 } else {
383 result = proxy->UnRegisterSelfPermStateChangeCallback(goalCallback->second->AsObject());
384 }
385 if (result == RET_SUCCESS) {
386 callbackMap_.erase(goalCallback);
387 }
388 return result;
389 }
390
AllocHapToken(const HapInfoParams & info,const HapPolicy & policy)391 AccessTokenIDEx AccessTokenManagerClient::AllocHapToken(const HapInfoParams& info, const HapPolicy& policy)
392 {
393 AccessTokenIDEx tokenIdEx = { 0 };
394 auto proxy = GetProxy();
395 if (proxy == nullptr) {
396 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
397 return tokenIdEx;
398 }
399 HapInfoParcel hapInfoParcel;
400 HapPolicyParcel hapPolicyParcel;
401 hapInfoParcel.hapInfoParameter = info;
402 hapPolicyParcel.hapPolicy = policy;
403
404 return proxy->AllocHapToken(hapInfoParcel, hapPolicyParcel);
405 }
406
InitHapToken(const HapInfoParams & info,HapPolicy & policy,AccessTokenIDEx & fullTokenId,HapInfoCheckResult & result)407 int32_t AccessTokenManagerClient::InitHapToken(const HapInfoParams& info, HapPolicy& policy,
408 AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result)
409 {
410 auto proxy = GetProxy();
411 if (proxy == nullptr) {
412 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
413 return AccessTokenError::ERR_SERVICE_ABNORMAL;
414 }
415 HapInfoParcel hapInfoParcel;
416 HapPolicyParcel hapPolicyParcel;
417 hapInfoParcel.hapInfoParameter = info;
418 hapPolicyParcel.hapPolicy = policy;
419
420 return proxy->InitHapToken(hapInfoParcel, hapPolicyParcel, fullTokenId, result);
421 }
422
DeleteToken(AccessTokenID tokenID)423 int AccessTokenManagerClient::DeleteToken(AccessTokenID tokenID)
424 {
425 auto proxy = GetProxy();
426 if (proxy == nullptr) {
427 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
428 return AccessTokenError::ERR_SERVICE_ABNORMAL;
429 }
430 return proxy->DeleteToken(tokenID);
431 }
432
GetTokenType(AccessTokenID tokenID)433 ATokenTypeEnum AccessTokenManagerClient::GetTokenType(AccessTokenID tokenID)
434 {
435 auto proxy = GetProxy();
436 if (proxy == nullptr) {
437 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
438 return TOKEN_INVALID;
439 }
440 return static_cast<ATokenTypeEnum>(proxy->GetTokenType(tokenID));
441 }
442
GetHapTokenID(int32_t userID,const std::string & bundleName,int32_t instIndex)443 AccessTokenIDEx AccessTokenManagerClient::GetHapTokenID(
444 int32_t userID, const std::string& bundleName, int32_t instIndex)
445 {
446 AccessTokenIDEx result = {0};
447 auto proxy = GetProxy();
448 if (proxy == nullptr) {
449 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
450 return result;
451 }
452 return proxy->GetHapTokenID(userID, bundleName, instIndex);
453 }
454
AllocLocalTokenID(const std::string & remoteDeviceID,AccessTokenID remoteTokenID)455 AccessTokenID AccessTokenManagerClient::AllocLocalTokenID(
456 const std::string& remoteDeviceID, AccessTokenID remoteTokenID)
457 {
458 auto proxy = GetProxy();
459 if (proxy == nullptr) {
460 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
461 return INVALID_TOKENID;
462 }
463 return proxy->AllocLocalTokenID(remoteDeviceID, remoteTokenID);
464 }
465
UpdateHapToken(AccessTokenIDEx & tokenIdEx,const UpdateHapInfoParams & info,const HapPolicy & policy,HapInfoCheckResult & result)466 int32_t AccessTokenManagerClient::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info,
467 const HapPolicy& policy, HapInfoCheckResult& result)
468 {
469 auto proxy = GetProxy();
470 if (proxy == nullptr) {
471 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
472 return AccessTokenError::ERR_SERVICE_ABNORMAL;
473 }
474 HapPolicyParcel hapPolicyParcel;
475 hapPolicyParcel.hapPolicy = policy;
476 return proxy->UpdateHapToken(tokenIdEx, info, hapPolicyParcel, result);
477 }
478
GetTokenIDByUserID(int32_t userID,std::unordered_set<AccessTokenID> & tokenIdList)479 int32_t AccessTokenManagerClient::GetTokenIDByUserID(int32_t userID, std::unordered_set<AccessTokenID>& tokenIdList)
480 {
481 auto proxy = GetProxy();
482 if (proxy == nullptr) {
483 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
484 return AccessTokenError::ERR_SERVICE_ABNORMAL;
485 }
486 return proxy->GetTokenIDByUserID(userID, tokenIdList);
487 }
488
GetHapTokenInfo(AccessTokenID tokenID,HapTokenInfo & hapTokenInfoRes)489 int AccessTokenManagerClient::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes)
490 {
491 auto proxy = GetProxy();
492 if (proxy == nullptr) {
493 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
494 return AccessTokenError::ERR_SERVICE_ABNORMAL;
495 }
496 HapTokenInfoParcel hapTokenInfoParcel;
497 int res = proxy->GetHapTokenInfo(tokenID, hapTokenInfoParcel);
498
499 hapTokenInfoRes = hapTokenInfoParcel.hapTokenInfoParams;
500 return res;
501 }
502
GetNativeTokenInfo(AccessTokenID tokenID,NativeTokenInfo & nativeTokenInfoRes)503 int AccessTokenManagerClient::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes)
504 {
505 auto proxy = GetProxy();
506 if (proxy == nullptr) {
507 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
508 return AccessTokenError::ERR_SERVICE_ABNORMAL;
509 }
510 NativeTokenInfoParcel nativeTokenInfoParcel;
511 int res = proxy->GetNativeTokenInfo(tokenID, nativeTokenInfoParcel);
512 nativeTokenInfoRes = nativeTokenInfoParcel.nativeTokenInfoParams;
513 return res;
514 }
515
516 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
ReloadNativeTokenInfo()517 int32_t AccessTokenManagerClient::ReloadNativeTokenInfo()
518 {
519 auto proxy = GetProxy();
520 if (proxy == nullptr) {
521 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
522 return AccessTokenError::ERR_SERVICE_ABNORMAL;
523 }
524 return proxy->ReloadNativeTokenInfo();
525 }
526 #endif
527
GetHapTokenInfoExtension(AccessTokenID tokenID,HapTokenInfoExt & info)528 int AccessTokenManagerClient::GetHapTokenInfoExtension(AccessTokenID tokenID, HapTokenInfoExt& info)
529 {
530 auto proxy = GetProxy();
531 if (proxy == nullptr) {
532 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
533 return AccessTokenError::ERR_SERVICE_ABNORMAL;
534 }
535
536 HapTokenInfoParcel hapTokenInfoParcel;
537 int res = proxy->GetHapTokenInfoExtension(tokenID, hapTokenInfoParcel, info.appID);
538 info.baseInfo = hapTokenInfoParcel.hapTokenInfoParams;
539 return res;
540 }
541
GetNativeTokenId(const std::string & processName)542 AccessTokenID AccessTokenManagerClient::GetNativeTokenId(const std::string& processName)
543 {
544 auto proxy = GetProxy();
545 if (proxy == nullptr) {
546 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
547 return INVALID_TOKENID;
548 }
549 return proxy->GetNativeTokenId(processName);
550 }
551
552 #ifdef TOKEN_SYNC_ENABLE
GetHapTokenInfoFromRemote(AccessTokenID tokenID,HapTokenInfoForSync & hapSync)553 int AccessTokenManagerClient::GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync)
554 {
555 auto proxy = GetProxy();
556 if (proxy == nullptr) {
557 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
558 return AccessTokenError::ERR_SERVICE_ABNORMAL;
559 }
560
561 HapTokenInfoForSyncParcel hapSyncParcel;
562 int res = proxy->GetHapTokenInfoFromRemote(tokenID, hapSyncParcel);
563 hapSync = hapSyncParcel.hapTokenInfoForSyncParams;
564 return res;
565 }
566
SetRemoteHapTokenInfo(const std::string & deviceID,const HapTokenInfoForSync & hapSync)567 int AccessTokenManagerClient::SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync)
568 {
569 auto proxy = GetProxy();
570 if (proxy == nullptr) {
571 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
572 return AccessTokenError::ERR_SERVICE_ABNORMAL;
573 }
574
575 HapTokenInfoForSyncParcel hapSyncParcel;
576 hapSyncParcel.hapTokenInfoForSyncParams = hapSync;
577
578 int res = proxy->SetRemoteHapTokenInfo(deviceID, hapSyncParcel);
579 return res;
580 }
581
DeleteRemoteToken(const std::string & deviceID,AccessTokenID tokenID)582 int AccessTokenManagerClient::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID)
583 {
584 auto proxy = GetProxy();
585 if (proxy == nullptr) {
586 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
587 return AccessTokenError::ERR_SERVICE_ABNORMAL;
588 }
589
590 int res = proxy->DeleteRemoteToken(deviceID, tokenID);
591 return res;
592 }
593
GetRemoteNativeTokenID(const std::string & deviceID,AccessTokenID tokenID)594 AccessTokenID AccessTokenManagerClient::GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID)
595 {
596 auto proxy = GetProxy();
597 if (proxy == nullptr) {
598 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
599 return INVALID_TOKENID;
600 }
601
602 AccessTokenID res = proxy->GetRemoteNativeTokenID(deviceID, tokenID);
603 return res;
604 }
605
DeleteRemoteDeviceTokens(const std::string & deviceID)606 int AccessTokenManagerClient::DeleteRemoteDeviceTokens(const std::string& deviceID)
607 {
608 auto proxy = GetProxy();
609 if (proxy == nullptr) {
610 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
611 return AccessTokenError::ERR_SERVICE_ABNORMAL;
612 }
613
614 int res = proxy->DeleteRemoteDeviceTokens(deviceID);
615 return res;
616 }
617
RegisterTokenSyncCallback(const std::shared_ptr<TokenSyncKitInterface> & syncCallback)618 int32_t AccessTokenManagerClient::RegisterTokenSyncCallback(
619 const std::shared_ptr<TokenSyncKitInterface>& syncCallback)
620 {
621 auto proxy = GetProxy();
622 if (proxy == nullptr) {
623 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
624 return AccessTokenError::ERR_SERVICE_ABNORMAL;
625 }
626
627 if (syncCallback == nullptr) {
628 LOGE(ATM_DOMAIN, ATM_TAG, "Input callback is null.");
629 return AccessTokenError::ERR_PARAM_INVALID;
630 }
631
632 sptr<TokenSyncCallback> callback = sptr<TokenSyncCallback>(new TokenSyncCallback(syncCallback));
633
634 std::lock_guard<std::mutex> lock(tokenSyncCallbackMutex_);
635 int32_t res = proxy->RegisterTokenSyncCallback(callback->AsObject());
636 if (res == RET_SUCCESS) {
637 tokenSyncCallback_ = callback;
638 syncCallbackImpl_ = syncCallback;
639 }
640 return res;
641 }
642
UnRegisterTokenSyncCallback()643 int32_t AccessTokenManagerClient::UnRegisterTokenSyncCallback()
644 {
645 auto proxy = GetProxy();
646 if (proxy == nullptr) {
647 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
648 return AccessTokenError::ERR_SERVICE_ABNORMAL;
649 }
650 std::lock_guard<std::mutex> lock(tokenSyncCallbackMutex_);
651 int32_t res = proxy->UnRegisterTokenSyncCallback();
652 if (res == RET_SUCCESS) {
653 tokenSyncCallback_ = nullptr;
654 syncCallbackImpl_ = nullptr;
655 }
656 return res;
657 }
658 #endif
659
DumpTokenInfo(const AtmToolsParamInfo & info,std::string & dumpInfo)660 void AccessTokenManagerClient::DumpTokenInfo(const AtmToolsParamInfo& info, std::string& dumpInfo)
661 {
662 auto proxy = GetProxy();
663 if (proxy == nullptr) {
664 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
665 return;
666 }
667
668 AtmToolsParamInfoParcel infoParcel;
669 infoParcel.info = info;
670 proxy->DumpTokenInfo(infoParcel, dumpInfo);
671 }
672
GetVersion(uint32_t & version)673 int32_t AccessTokenManagerClient::GetVersion(uint32_t& version)
674 {
675 auto proxy = GetProxy();
676 if (proxy == nullptr) {
677 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
678 return AccessTokenError::ERR_SERVICE_ABNORMAL;
679 }
680
681 return proxy->GetVersion(version);
682 }
683
InitProxy()684 void AccessTokenManagerClient::InitProxy()
685 {
686 if (proxy_ == nullptr || proxy_->AsObject() == nullptr || proxy_->AsObject()->IsObjectDead()) {
687 auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
688 if (sam == nullptr) {
689 LOGE(ATM_DOMAIN, ATM_TAG, "GetSystemAbilityManager is null");
690 return;
691 }
692 sptr<IRemoteObject> accesstokenSa =
693 sam->GetSystemAbility(IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE);
694 if (accesstokenSa == nullptr) {
695 LOGE(ATM_DOMAIN, ATM_TAG, "GetSystemAbility %{public}d is null",
696 IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE);
697 return;
698 }
699
700 serviceDeathObserver_ = sptr<AccessTokenDeathRecipient>::MakeSptr();
701 if (serviceDeathObserver_ != nullptr) {
702 accesstokenSa->AddDeathRecipient(serviceDeathObserver_);
703 }
704 proxy_ = new AccessTokenManagerProxy(accesstokenSa);
705 if (proxy_ == nullptr || proxy_->AsObject() == nullptr || proxy_->AsObject()->IsObjectDead()) {
706 LOGE(ATM_DOMAIN, ATM_TAG, "Iface_cast get null");
707 }
708 }
709 }
710
OnRemoteDiedHandle()711 void AccessTokenManagerClient::OnRemoteDiedHandle()
712 {
713 {
714 std::lock_guard<std::mutex> lock(proxyMutex_);
715 ReleaseProxy();
716 InitProxy();
717 }
718
719 #ifdef TOKEN_SYNC_ENABLE
720 if (syncCallbackImpl_ != nullptr) {
721 RegisterTokenSyncCallback(syncCallbackImpl_); // re-register callback when AT crashes
722 }
723 #endif // TOKEN_SYNC_ENABLE
724 }
725
GetProxy()726 sptr<IAccessTokenManager> AccessTokenManagerClient::GetProxy()
727 {
728 std::lock_guard<std::mutex> lock(proxyMutex_);
729 if (proxy_ == nullptr || proxy_->AsObject() == nullptr || proxy_->AsObject()->IsObjectDead()) {
730 InitProxy();
731 }
732 return proxy_;
733 }
734
SetPermDialogCap(const HapBaseInfo & hapBaseInfo,bool enable)735 int32_t AccessTokenManagerClient::SetPermDialogCap(const HapBaseInfo& hapBaseInfo, bool enable)
736 {
737 auto proxy = GetProxy();
738 if (proxy == nullptr) {
739 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
740 return AccessTokenError::ERR_SERVICE_ABNORMAL;
741 }
742 HapBaseInfoParcel hapBaseInfoParcel;
743 hapBaseInfoParcel.hapBaseInfo = hapBaseInfo;
744 return proxy->SetPermDialogCap(hapBaseInfoParcel, enable);
745 }
746
GetPermissionManagerInfo(PermissionGrantInfo & info)747 void AccessTokenManagerClient::GetPermissionManagerInfo(PermissionGrantInfo& info)
748 {
749 auto proxy = GetProxy();
750 if (proxy == nullptr) {
751 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
752 return;
753 }
754 PermissionGrantInfoParcel infoParcel;
755 proxy->GetPermissionManagerInfo(infoParcel);
756 info = infoParcel.info;
757 }
758
InitUserPolicy(const std::vector<UserState> & userList,const std::vector<std::string> & permList)759 int32_t AccessTokenManagerClient::InitUserPolicy(
760 const std::vector<UserState>& userList, const std::vector<std::string>& permList)
761 {
762 auto proxy = GetProxy();
763 if (proxy == nullptr) {
764 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
765 return AccessTokenError::ERR_SERVICE_ABNORMAL;
766 }
767 return proxy->InitUserPolicy(userList, permList);
768 }
769
ClearUserPolicy()770 int32_t AccessTokenManagerClient::ClearUserPolicy()
771 {
772 auto proxy = GetProxy();
773 if (proxy == nullptr) {
774 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
775 return AccessTokenError::ERR_SERVICE_ABNORMAL;
776 }
777 return proxy->ClearUserPolicy();
778 }
779
UpdateUserPolicy(const std::vector<UserState> & userList)780 int32_t AccessTokenManagerClient::UpdateUserPolicy(const std::vector<UserState>& userList)
781 {
782 auto proxy = GetProxy();
783 if (proxy == nullptr) {
784 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
785 return AccessTokenError::ERR_SERVICE_ABNORMAL;
786 }
787 return proxy->UpdateUserPolicy(userList);
788 }
789
ReleaseProxy()790 void AccessTokenManagerClient::ReleaseProxy()
791 {
792 if (proxy_ != nullptr && serviceDeathObserver_ != nullptr) {
793 proxy_->AsObject()->RemoveDeathRecipient(serviceDeathObserver_);
794 }
795 proxy_ = nullptr;
796 serviceDeathObserver_ = nullptr;
797 }
798
GetKernelPermissions(AccessTokenID tokenId,std::vector<PermissionWithValue> & kernelPermList)799 int32_t AccessTokenManagerClient::GetKernelPermissions(
800 AccessTokenID tokenId, std::vector<PermissionWithValue>& kernelPermList)
801 {
802 auto proxy = GetProxy();
803 if (proxy == nullptr) {
804 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
805 return AccessTokenError::ERR_SERVICE_ABNORMAL;
806 }
807 return proxy->GetKernelPermissions(tokenId, kernelPermList);
808 }
809
GetReqPermissionByName(AccessTokenID tokenId,const std::string & permissionName,std::string & value)810 int32_t AccessTokenManagerClient::GetReqPermissionByName(
811 AccessTokenID tokenId, const std::string& permissionName, std::string& value)
812 {
813 auto proxy = GetProxy();
814 if (proxy == nullptr) {
815 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
816 return AccessTokenError::ERR_SERVICE_ABNORMAL;
817 }
818 return proxy->GetReqPermissionByName(tokenId, permissionName, value);
819 }
820 } // namespace AccessToken
821 } // namespace Security
822 } // namespace OHOS
823