1 /*
2 * Copyright (C) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "permission_utils.h"
16
17 #include <unordered_set>
18
19 #include "access_token.h"
20 #include "accesstoken_kit.h"
21 #include "el5_filekey_manager_kit.h"
22 #include "ipc_skeleton.h"
23 #include "iservice_registry.h"
24 #include "media_file_utils.h"
25 #include "media_log.h"
26 #include "medialibrary_db_const.h"
27 #include "medialibrary_errno.h"
28 #include "medialibrary_tracer.h"
29 #include "privacy_kit.h"
30 #include "system_ability_definition.h"
31 #include "tokenid_kit.h"
32 #include "bundle_mgr_proxy.h"
33 #include "bundle_info.h"
34
35 namespace OHOS {
36 namespace Media {
37 using namespace std;
38 using namespace OHOS::Security::AccessToken;
39 using namespace OHOS::AppExecFwk::Constants;
40 using namespace OHOS::AppExecFwk;
41
42 const int32_t CAPACITY = 50;
43 const int32_t HDC_SHELL_UID = 2000;
44 const int32_t BASE_USER_RANGE = 200000;
45
46 std::mutex PermissionUtils::uninstallMutex_;
47 std::list<std::pair<int32_t, BundleInfo>> PermissionUtils::bundleInfoList_ = {};
48 std::unordered_map<int32_t, std::list<std::pair<int32_t, BundleInfo>>::iterator> PermissionUtils::bundleInfoMap_ = {};
49
50 bool g_isDelayTask;
51 std::mutex addPhotoPermissionRecordLock_;
52 std::thread delayTask_;
53 std::vector<Security::AccessToken::AddPermParamInfo> infos_;
54
55 sptr<AppExecFwk::IBundleMgr> PermissionUtils::bundleMgr_ = nullptr;
56 mutex PermissionUtils::bundleMgrMutex_;
GetSysBundleManager()57 sptr<AppExecFwk::IBundleMgr> PermissionUtils::GetSysBundleManager()
58 {
59 if (bundleMgr_ != nullptr) {
60 return bundleMgr_;
61 }
62
63 lock_guard<mutex> lock(bundleMgrMutex_);
64 if (bundleMgr_ != nullptr) {
65 return bundleMgr_;
66 }
67
68 auto systemAbilityMgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
69 if (systemAbilityMgr == nullptr) {
70 MEDIA_ERR_LOG("Failed to get SystemAbilityManager.");
71 return nullptr;
72 }
73
74 auto bundleObj = systemAbilityMgr->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
75 if (bundleObj == nullptr) {
76 MEDIA_ERR_LOG("Remote object is nullptr.");
77 return nullptr;
78 }
79
80 auto bundleMgr = iface_cast<AppExecFwk::IBundleMgr>(bundleObj);
81 if (bundleMgr == nullptr) {
82 MEDIA_ERR_LOG("Failed to iface_cast");
83 return nullptr;
84 }
85 bundleMgr_ = bundleMgr;
86
87 return bundleMgr_;
88 }
89
GetBundleNameFromCache(int uid,string & bundleName)90 void PermissionUtils::GetBundleNameFromCache(int uid, string &bundleName)
91 {
92 lock_guard<mutex> lock(uninstallMutex_);
93 auto iter = bundleInfoMap_.find(uid);
94 if (iter != bundleInfoMap_.end() && !iter->second->second.bundleName.empty()) {
95 bundleInfoList_.splice(bundleInfoList_.begin(), bundleInfoList_, iter->second);
96 bundleName = iter->second->second.bundleName;
97 return;
98 }
99 bundleMgr_ = GetSysBundleManager();
100 if (bundleMgr_ == nullptr) {
101 bundleName = "";
102 return;
103 }
104 auto result = bundleMgr_->GetBundleNameForUid(uid, bundleName);
105 if (!result) {
106 bundleName = "";
107 return;
108 }
109
110 UpdateBundleNameInCache(uid, bundleName);
111 }
112
GetPackageNameFromCache(int uid,const string & bundleName,string & packageName)113 void PermissionUtils::GetPackageNameFromCache(int uid, const string &bundleName, string &packageName)
114 {
115 lock_guard<mutex> lock(uninstallMutex_);
116 auto iter = bundleInfoMap_.find(uid);
117 if (iter != bundleInfoMap_.end() && !iter->second->second.packageName.empty()) {
118 bundleInfoList_.splice(bundleInfoList_.begin(), bundleInfoList_, iter->second);
119 packageName = iter->second->second.packageName;
120 return;
121 }
122
123 int32_t userId = uid / BASE_USER_RANGE;
124 MEDIA_DEBUG_LOG("uid:%{private}d, userId:%{private}d", uid, userId);
125
126 AAFwk::Want want;
127 auto bundleMgr = GetSysBundleManager();
128 if (bundleMgr == nullptr) {
129 MEDIA_ERR_LOG("Get BundleManager failed");
130 packageName = "";
131 return;
132 }
133 int ret = bundleMgr->GetLaunchWantForBundle(bundleName, want, userId);
134 if (ret != ERR_OK) {
135 MEDIA_ERR_LOG("Can not get bundleName by want, err=%{public}d, userId=%{private}d", ret, userId);
136 packageName = "";
137 return;
138 }
139 string abilityName = want.GetOperation().GetAbilityName();
140 packageName = bundleMgr->GetAbilityLabel(bundleName, abilityName);
141
142 UpdatePackageNameInCache(uid, packageName);
143 }
144
GetAppIdFromCache(int uid,const string & bundleName,string & appId)145 void PermissionUtils::GetAppIdFromCache(int uid, const string &bundleName, string &appId)
146 {
147 lock_guard<mutex> lock(uninstallMutex_);
148 auto iter = bundleInfoMap_.find(uid);
149 if (iter != bundleInfoMap_.end() && !iter->second->second.appId.empty()) {
150 bundleInfoList_.splice(bundleInfoList_.begin(), bundleInfoList_, iter->second);
151 appId = iter->second->second.appId;
152 return;
153 }
154 int32_t userId = uid / BASE_USER_RANGE;
155 MEDIA_DEBUG_LOG("uid:%{private}d, userId:%{private}d", uid, userId);
156
157 auto bundleMgr_ = GetSysBundleManager();
158 if (bundleMgr_ == nullptr) {
159 MEDIA_ERR_LOG("Get BundleManager failed");
160 return;
161 }
162
163 appId = bundleMgr_->GetAppIdByBundleName(bundleName, userId);
164
165 UpdateAppIdInCache(uid, appId);
166 }
167
UpdateLatestBundleInfo(int uid,const BundleInfo & bundleInfo)168 void PermissionUtils::UpdateLatestBundleInfo(int uid, const BundleInfo &bundleInfo)
169 {
170 auto iter = bundleInfoMap_.find(uid);
171 if (iter != bundleInfoMap_.end()) {
172 bundleInfoList_.erase(iter->second);
173 }
174 bundleInfoList_.push_front(make_pair(uid, bundleInfo));
175 bundleInfoMap_[uid] = bundleInfoList_.begin();
176 if (bundleInfoMap_.size() > CAPACITY) {
177 int32_t deleteKey = bundleInfoList_.back().first;
178 bundleInfoMap_.erase(deleteKey);
179 bundleInfoList_.pop_back();
180 }
181 }
182
UpdateBundleNameInCache(int uid,const string & bundleName)183 void PermissionUtils::UpdateBundleNameInCache(int uid, const string &bundleName)
184 {
185 auto iter = bundleInfoMap_.find(uid);
186 if (iter != bundleInfoMap_.end()) {
187 BundleInfo bundleInfo = bundleInfoMap_[uid]->second;
188 bundleInfo.bundleName = bundleName;
189 UpdateLatestBundleInfo(uid, bundleInfo);
190 return;
191 }
192 BundleInfo bundleInfo { bundleName, "", "" };
193 UpdateLatestBundleInfo(uid, bundleInfo);
194 }
195
UpdatePackageNameInCache(int uid,const string & packageName)196 void PermissionUtils::UpdatePackageNameInCache(int uid, const string &packageName)
197 {
198 auto iter = bundleInfoMap_.find(uid);
199 if (iter != bundleInfoMap_.end()) {
200 BundleInfo bundleInfo = bundleInfoMap_[uid]->second;
201 bundleInfo.packageName = packageName;
202 UpdateLatestBundleInfo(uid, bundleInfo);
203 return;
204 }
205 BundleInfo bundleInfo { "", packageName, "" };
206 UpdateLatestBundleInfo(uid, bundleInfo);
207 }
208
UpdateAppIdInCache(int uid,const string & appId)209 void PermissionUtils::UpdateAppIdInCache(int uid, const string &appId)
210 {
211 BundleInfo bundleInfo { "", "", appId };
212 auto iter = bundleInfoMap_.find(uid);
213 if (iter != bundleInfoMap_.end()) {
214 bundleInfo = bundleInfoMap_[uid]->second;
215 bundleInfo.appId = appId;
216 }
217 UpdateLatestBundleInfo(uid, bundleInfo);
218 }
219
ClearBundleInfoInCache()220 void PermissionUtils::ClearBundleInfoInCache()
221 {
222 lock_guard<mutex> lock(uninstallMutex_);
223 bundleInfoMap_.clear();
224 bundleInfoList_.clear();
225 MEDIA_INFO_LOG("clear all info from cache");
226 }
227
GetClientBundle(const int uid,string & bundleName)228 void PermissionUtils::GetClientBundle(const int uid, string &bundleName)
229 {
230 GetBundleNameFromCache(uid, bundleName);
231 }
232
GetPackageName(const int uid,std::string & packageName)233 void PermissionUtils::GetPackageName(const int uid, std::string &packageName)
234 {
235 packageName = "";
236 string bundleName;
237 GetClientBundle(uid, bundleName);
238 if (bundleName.empty()) {
239 MEDIA_ERR_LOG("Get bundle name failed");
240 return;
241 }
242
243 GetPackageNameFromCache(uid, bundleName, packageName);
244 }
245
246 // not available for clone app
GetMainTokenId(const string & appId,int64_t & tokenId)247 int64_t PermissionUtils::GetMainTokenId(const string &appId, int64_t &tokenId)
248 {
249 bundleMgr_ = GetSysBundleManager();
250 if (bundleMgr_ == nullptr) {
251 MEDIA_ERR_LOG("Get bundleMgr failed");
252 return E_ERR;
253 }
254 string bundleName;
255 int32_t err = bundleMgr_->GetBundleNameByAppId(appId, bundleName);
256 if (err != E_OK) {
257 MEDIA_ERR_LOG("Get bundle name failed");
258 return err;
259 }
260 int32_t uid = static_cast<int32_t>(getuid());
261 int32_t userId = uid / BASE_USER_RANGE;
262 OHOS::AppExecFwk::BundleInfo bundleInfo;
263 err = bundleMgr_->GetBundleInfoV9(bundleName,
264 static_cast<int32_t>(GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_APPLICATION), bundleInfo, userId);
265 CHECK_AND_RETURN_RET_LOG(err == E_OK, false, "main app tokenid from appId fail");
266 tokenId = static_cast<int64_t>(bundleInfo.applicationInfo.accessTokenId);
267 return E_OK;
268 }
269
ShouldAddPermissionRecord(const AccessTokenID & token)270 bool inline ShouldAddPermissionRecord(const AccessTokenID &token)
271 {
272 return (AccessTokenKit::GetTokenTypeFlag(token) == TOKEN_HAP);
273 }
274
AddPermissionRecord(const AccessTokenID & token,const string & perm,const bool permGranted)275 void AddPermissionRecord(const AccessTokenID &token, const string &perm, const bool permGranted)
276 {
277 if (!ShouldAddPermissionRecord(token)) {
278 return;
279 }
280
281 int res = PrivacyKit::AddPermissionUsedRecord(token, perm, !!permGranted, !permGranted, true);
282 if (res != 0) {
283 /* Failed to add permission used record, not fatal */
284 MEDIA_WARN_LOG("Failed to add permission used record: %{public}s, permGranted: %{public}d, err: %{public}d",
285 perm.c_str(), permGranted, res);
286 }
287 }
288
GetPermissionRecord()289 vector<AddPermParamInfo> GetPermissionRecord()
290 {
291 lock_guard<mutex> lock(addPhotoPermissionRecordLock_);
292 vector<AddPermParamInfo> result = infos_;
293 infos_.clear();
294 return result;
295 }
296
AddPermissionRecord()297 void AddPermissionRecord()
298 {
299 vector<AddPermParamInfo> infos = GetPermissionRecord();
300 for (const auto &info : infos) {
301 int32_t ret = PrivacyKit::AddPermissionUsedRecord(info, true);
302 if (ret != 0) {
303 /* Failed to add permission used record, not fatal */
304 MEDIA_WARN_LOG("Failed to add permission used record: %{public}s, permGranted: %{public}d, err: %{public}d",
305 info.permissionName.c_str(), info.successCount, ret);
306 }
307 MEDIA_DEBUG_LOG("Info: token = %{private}d, perm = %{private}s, permGranted = %{private}d, \
308 !permGranted = %{private}d, type = %{public}d", info.tokenId, info.permissionName.c_str(),
309 info.successCount, info.failCount, info.type);
310 }
311 infos.clear();
312 }
313
DelayAddPermissionRecord()314 void DelayAddPermissionRecord()
315 {
316 string name("DelayAddPermissionRecord");
317 pthread_setname_np(pthread_self(), name.c_str());
318 MEDIA_INFO_LOG("DelayTask start");
319 std::this_thread::sleep_for(std::chrono::seconds(1));
320 AddPermissionRecord();
321 g_isDelayTask = false;
322 MEDIA_INFO_LOG("DelayTask end");
323 }
324
DelayTaskInit()325 void DelayTaskInit()
326 {
327 if (!g_isDelayTask) {
328 MEDIA_INFO_LOG("DelayTaskInit");
329 delayTask_ = thread(DelayAddPermissionRecord);
330 delayTask_.detach();
331 g_isDelayTask = true;
332 }
333 }
334
CollectPermissionRecord(const AccessTokenID & token,const string & perm,const bool permGranted,const PermissionUsedType type)335 void CollectPermissionRecord(const AccessTokenID &token, const string &perm,
336 const bool permGranted, const PermissionUsedType type)
337 {
338 lock_guard<mutex> lock(addPhotoPermissionRecordLock_);
339 DelayTaskInit();
340
341 if (!ShouldAddPermissionRecord(token)) {
342 return;
343 }
344
345 AddPermParamInfo info = {token, perm, permGranted, !permGranted, type};
346 auto iter = find_if(infos_.begin(), infos_.end(), [&token, &perm, type](auto &info) {
347 return info.tokenId == token && info.permissionName == perm && info.type == type;
348 });
349 if (iter == infos_.end()) {
350 infos_.push_back(info);
351 } else if (permGranted) {
352 iter->successCount += 1;
353 } else if (!permGranted) {
354 iter->failCount += 1;
355 }
356 }
357
CollectPermissionInfo(const string & permission,const bool permGranted,const PermissionUsedType type)358 void PermissionUtils::CollectPermissionInfo(const string &permission,
359 const bool permGranted, const PermissionUsedType type)
360 {
361 AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
362 CollectPermissionRecord(tokenCaller, permission, permGranted, type);
363 }
364
CheckPhotoCallerPermission(const string & permission)365 bool PermissionUtils::CheckPhotoCallerPermission(const string &permission)
366 {
367 PermissionUsedType type = PermissionUsedTypeValue::NORMAL_TYPE;
368 AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
369 int res = AccessTokenKit::VerifyAccessToken(tokenCaller, permission);
370 if (res != PermissionState::PERMISSION_GRANTED) {
371 MEDIA_ERR_LOG("Have no media permission: %{public}s", permission.c_str());
372 CollectPermissionRecord(tokenCaller, permission, false, type);
373 return false;
374 }
375 CollectPermissionRecord(tokenCaller, permission, true, type);
376 return true;
377 }
378
CheckPhotoCallerPermission(const vector<string> & perms)379 bool PermissionUtils::CheckPhotoCallerPermission(const vector<string> &perms)
380 {
381 if (perms.empty()) {
382 return false;
383 }
384
385 for (const auto &perm : perms) {
386 if (!CheckPhotoCallerPermission(perm)) {
387 return false;
388 }
389 }
390 return true;
391 }
392
CheckPhotoCallerPermission(const string & permission,const AccessTokenID & tokenCaller)393 bool PermissionUtils::CheckPhotoCallerPermission(const string &permission, const AccessTokenID &tokenCaller)
394 {
395 PermissionUsedType type = PermissionUsedTypeValue::NORMAL_TYPE;
396 int res = AccessTokenKit::VerifyAccessToken(tokenCaller, permission);
397 if (res != PermissionState::PERMISSION_GRANTED) {
398 CollectPermissionRecord(tokenCaller, permission, false, type);
399 return false;
400 }
401 CollectPermissionRecord(tokenCaller, permission, true, type);
402 return true;
403 }
404
GetTokenCallerForUid(const int & uid,AccessTokenID & tokenCaller)405 bool PermissionUtils::GetTokenCallerForUid(const int &uid, AccessTokenID &tokenCaller)
406 {
407 string bundleName;
408 int32_t appIndex;
409 bundleMgr_ = GetSysBundleManager();
410 if (bundleMgr_ == nullptr) {
411 MEDIA_ERR_LOG("Get BundleManager failed");
412 return false;
413 }
414 auto err = bundleMgr_->GetNameAndIndexForUid(uid, bundleName, appIndex);
415 if (err != E_OK) {
416 MEDIA_ERR_LOG("Get bundleName failed");
417 return false;
418 }
419 OHOS::AppExecFwk::BundleInfo bundleInfo;
420 int32_t userId = uid / BASE_USER_RANGE;
421 if (appIndex == 0) {
422 err = bundleMgr_->GetBundleInfoV9(bundleName,
423 static_cast<int32_t>(GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_APPLICATION), bundleInfo, userId);
424 CHECK_AND_RETURN_RET_LOG(err == E_OK, false, "main app tokenid from uid fail");
425 } else {
426 err = bundleMgr_->GetCloneBundleInfo(bundleName,
427 static_cast<int32_t>(GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_APPLICATION), appIndex, bundleInfo, userId);
428 CHECK_AND_RETURN_RET_LOG(err == E_OK, false, "clone app get tokenid from uid fail");
429 }
430 tokenCaller = bundleInfo.applicationInfo.accessTokenId;
431 return true;
432 }
433
CollectPermissionInfo(const string & permission,const bool permGranted,const PermissionUsedType type,const int & uid)434 void PermissionUtils::CollectPermissionInfo(const string &permission,
435 const bool permGranted, const PermissionUsedType type, const int &uid)
436 {
437 AccessTokenID tokenCaller = INVALID_TOKENID;
438 GetTokenCallerForUid(uid, tokenCaller);
439 CollectPermissionRecord(tokenCaller, permission, permGranted, type);
440 }
441
CheckPhotoCallerPermission(const vector<string> & perms,const int & uid,AccessTokenID & tokenCaller)442 bool PermissionUtils::CheckPhotoCallerPermission(const vector<string> &perms, const int &uid,
443 AccessTokenID &tokenCaller)
444 {
445 bool err = GetTokenCallerForUid(uid, tokenCaller);
446 CHECK_AND_RETURN_RET(!perms.empty(), false);
447 CHECK_AND_RETURN_RET(err != false, false);
448 for (const auto &perm : perms) {
449 CHECK_AND_RETURN_RET(CheckPhotoCallerPermission(perm, tokenCaller), false);
450 }
451 return true;
452 }
453
CheckCallerPermission(const string & permission)454 bool PermissionUtils::CheckCallerPermission(const string &permission)
455 {
456 MediaLibraryTracer tracer;
457 tracer.Start("CheckCallerPermission");
458
459 AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
460 int res = AccessTokenKit::VerifyAccessToken(tokenCaller, permission);
461 if (res != PermissionState::PERMISSION_GRANTED) {
462 MEDIA_ERR_LOG("Have no media permission: %{public}s", permission.c_str());
463 AddPermissionRecord(tokenCaller, permission, false);
464 return false;
465 }
466 AddPermissionRecord(tokenCaller, permission, true);
467
468 return true;
469 }
470
CheckCallerPermission(const string & permission,const int & uid)471 bool PermissionUtils::CheckCallerPermission(const string &permission, const int &uid)
472 {
473 AccessTokenID tokenCaller;
474 bool err = GetTokenCallerForUid(uid, tokenCaller);
475 if (err == false) {
476 MEDIA_ERR_LOG("get tokenid fail");
477 return false;
478 }
479 int res = AccessTokenKit::VerifyAccessToken(tokenCaller, permission);
480 if (res != PermissionState::PERMISSION_GRANTED) {
481 MEDIA_ERR_LOG("Have no media permission: %{public}s", permission.c_str());
482 AddPermissionRecord(tokenCaller, permission, false);
483 return false;
484 }
485 AddPermissionRecord(tokenCaller, permission, true);
486
487 return true;
488 }
489
490 /* Check whether caller has at least one of @perms */
CheckHasPermission(const vector<string> & perms)491 bool PermissionUtils::CheckHasPermission(const vector<string> &perms)
492 {
493 CHECK_AND_RETURN_RET(!perms.empty(), false);
494 for (const auto &perm : perms) {
495 CHECK_AND_RETURN_RET(!CheckCallerPermission(perm), true);
496 }
497 return false;
498 }
499
500 /* Check whether caller has all the @perms */
CheckCallerPermission(const vector<string> & perms)501 bool PermissionUtils::CheckCallerPermission(const vector<string> &perms)
502 {
503 if (perms.empty()) {
504 return false;
505 }
506
507 for (const auto &perm : perms) {
508 if (!CheckCallerPermission(perm)) {
509 return false;
510 }
511 }
512 return true;
513 }
514
GetTokenId()515 uint32_t PermissionUtils::GetTokenId()
516 {
517 return IPCSkeleton::GetCallingTokenID();
518 }
519
IsSystemApp()520 bool PermissionUtils::IsSystemApp()
521 {
522 uint64_t tokenId = IPCSkeleton::GetCallingFullTokenID();
523 return TokenIdKit::IsSystemAppByFullTokenID(tokenId);
524 }
525
CheckIsSystemAppByUid()526 bool PermissionUtils::CheckIsSystemAppByUid()
527 {
528 int uid = IPCSkeleton::GetCallingUid();
529 bundleMgr_ = GetSysBundleManager();
530 if (bundleMgr_ == nullptr) {
531 MEDIA_ERR_LOG("Can not get bundleMgr");
532 return false;
533 }
534 return bundleMgr_->CheckIsSystemAppByUid(uid);
535 }
536
IsNativeSAApp()537 bool PermissionUtils::IsNativeSAApp()
538 {
539 uint32_t tokenId = IPCSkeleton::GetCallingTokenID();
540 ATokenTypeEnum tokenType = AccessTokenKit::GetTokenTypeFlag(tokenId);
541 MEDIA_DEBUG_LOG("check if native sa token, tokenId:%{public}d, tokenType:%{public}d",
542 tokenId, tokenType);
543 if (tokenType == ATokenTypeEnum::TOKEN_NATIVE) {
544 return true;
545 }
546 return false;
547 }
548
IsRootShell()549 bool PermissionUtils::IsRootShell()
550 {
551 return IPCSkeleton::GetCallingUid() == 0;
552 }
553
IsHdcShell()554 bool PermissionUtils::IsHdcShell()
555 {
556 return IPCSkeleton::GetCallingUid() == HDC_SHELL_UID;
557 }
558
GetPackageNameByBundleName(const string & bundleName)559 string PermissionUtils::GetPackageNameByBundleName(const string &bundleName)
560 {
561 const static int32_t INVALID_UID = -1;
562
563 string packageName = "";
564 int uid = IPCSkeleton::GetCallingUid();
565 if (uid <= INVALID_UID) {
566 MEDIA_ERR_LOG("Get INVALID_UID UID %{public}d", uid);
567 return packageName;
568 }
569 GetPackageNameFromCache(uid, bundleName, packageName);
570
571 return packageName;
572 }
573
GetAppIdByBundleName(const string & bundleName)574 string PermissionUtils::GetAppIdByBundleName(const string &bundleName)
575 {
576 int uid = IPCSkeleton::GetCallingUid();
577 return GetAppIdByBundleName(bundleName, uid);
578 }
579
GetAppIdByBundleName(const string & bundleName,int32_t uid)580 string PermissionUtils::GetAppIdByBundleName(const string &bundleName, int32_t uid)
581 {
582 if (uid <= INVALID_UID) {
583 MEDIA_ERR_LOG("Get INVALID_UID UID %{public}d", uid);
584 return "";
585 }
586 string appId = "";
587 GetAppIdFromCache(uid, bundleName, appId);
588
589 return appId;
590 }
591
SetEPolicy()592 bool PermissionUtils::SetEPolicy()
593 {
594 MEDIA_INFO_LOG("SetEPolicy for directory");
595 int ret = Security::AccessToken::El5FilekeyManagerKit::SetFilePathPolicy();
596 CHECK_AND_RETURN_RET_LOG(ret == 0, false, "SetEPolicy fail of %{public}d", ret);
597 return true;
598 }
599 } // namespace Media
600 } // namespace OHOS
601