1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "permission_helper.h"
17
18 #include "ipc_skeleton.h"
19 #include "tokenid_kit.h"
20
21 #include "mmi_log.h"
22
23 #undef MMI_LOG_DOMAIN
24 #define MMI_LOG_DOMAIN MMI_LOG_SERVER
25 #undef MMI_LOG_TAG
26 #define MMI_LOG_TAG "PermissionHelper"
27
28 namespace OHOS {
29 namespace MMI {
VerifySystemApp()30 bool PermissionHelper::VerifySystemApp()
31 {
32 MMI_HILOGD("verify system App");
33 auto callerToken = IPCSkeleton::GetCallingTokenID();
34 auto tokenType = OHOS::Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken);
35 MMI_HILOGD("token type is %{public}d", static_cast<int32_t>(tokenType));
36 if (tokenType == OHOS::Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE
37 || tokenType == OHOS::Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL) {
38 MMI_HILOGD("called tokenType is native, verify success");
39 return true;
40 }
41 uint64_t accessTokenIdEx = IPCSkeleton::GetCallingFullTokenID();
42 if (!OHOS::Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(accessTokenIdEx)) {
43 MMI_HILOGE("system api is called by non-system app");
44 return false;
45 }
46 return true;
47 }
48
CheckInjectPermission()49 bool PermissionHelper::CheckInjectPermission()
50 {
51 auto tokenId = IPCSkeleton::GetCallingTokenID();
52 auto tokenType = OHOS::Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId);
53 MMI_HILOGD("Token type is %{public}d", static_cast<int32_t>(tokenType));
54 if (tokenType == OHOS::Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL) {
55 MMI_HILOGD("called tokenType is shell, verify success");
56 return true;
57 }
58 std::string injectPermissionCode = "ohos.permission.INJECT_INPUT_EVENT";
59 int32_t ret = OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenId, injectPermissionCode);
60 if (ret != OHOS::Security::AccessToken::PERMISSION_GRANTED) {
61 MMI_HILOGE("Check Permission:%{public}s fail for appId:%{public}d, and ret:%{public}d",
62 injectPermissionCode.c_str(), tokenId, ret);
63 return false;
64 }
65 MMI_HILOGD("Check permission( %{public}s) permission success", injectPermissionCode.c_str());
66 return true;
67 }
68
CheckMonitor()69 bool PermissionHelper::CheckMonitor()
70 {
71 CALL_DEBUG_ENTER;
72 std::string monitorPermissionCode = "ohos.permission.INPUT_MONITORING";
73 return CheckHapPermission(monitorPermissionCode);
74 }
75
CheckInterceptor()76 bool PermissionHelper::CheckInterceptor()
77 {
78 CALL_DEBUG_ENTER;
79 std::string interceptorPermissionCode = "ohos.permission.INTERCEPT_INPUT_EVENT";
80 return CheckHapPermission(interceptorPermissionCode);
81 }
82
CheckInfraredEmmit()83 bool PermissionHelper::CheckInfraredEmmit()
84 {
85 CALL_DEBUG_ENTER;
86 std::string infraredEmmitPermissionCode = "ohos.permission.MANAGE_INPUT_INFRARED_EMITTER";
87 return CheckHapPermission(infraredEmmitPermissionCode);
88 }
89
CheckAuthorize()90 bool PermissionHelper::CheckAuthorize()
91 {
92 CALL_DEBUG_ENTER;
93 std::string injectPermissionCode = "ohos.permission.INJECT_INPUT_EVENT";
94 return CheckHapPermission(injectPermissionCode);
95 }
96
CheckHapPermission(const std::string permissionCode)97 bool PermissionHelper::CheckHapPermission(const std::string permissionCode)
98 {
99 CALL_DEBUG_ENTER;
100 auto tokenId = IPCSkeleton::GetCallingTokenID();
101 auto tokenType = OHOS::Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId);
102 if ((tokenType == OHOS::Security::AccessToken::TOKEN_HAP) ||
103 (tokenType == OHOS::Security::AccessToken::TOKEN_NATIVE)) {
104 int32_t ret = OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenId, permissionCode);
105 if (ret != OHOS::Security::AccessToken::PERMISSION_GRANTED) {
106 MMI_HILOGE("Check permission failed ret:%{public}d permission:%{public}s", ret, permissionCode.c_str());
107 return false;
108 }
109 MMI_HILOGD("Check interceptor permission success permission:%{public}s", permissionCode.c_str());
110 return true;
111 } else if (tokenType == OHOS::Security::AccessToken::TOKEN_SHELL) {
112 MMI_HILOGI("Token type is shell");
113 return true;
114 } else {
115 MMI_HILOGE("Unsupported token type:%{public}d", tokenType);
116 return false;
117 }
118 }
119
CheckHapPermission(uint32_t tokenId,const std::string permissionCode)120 bool PermissionHelper::CheckHapPermission(uint32_t tokenId, const std::string permissionCode)
121 {
122 CALL_DEBUG_ENTER;
123 auto tokenType = OHOS::Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId);
124 if ((tokenType == OHOS::Security::AccessToken::TOKEN_HAP) ||
125 (tokenType == OHOS::Security::AccessToken::TOKEN_NATIVE)) {
126 } else if (tokenType == OHOS::Security::AccessToken::TOKEN_SHELL) {
127 MMI_HILOGI("Token type is shell");
128 return true;
129 } else {
130 MMI_HILOGE("Unsupported token type:%{public}d", tokenType);
131 return false;
132 }
133 std::string context = "For CheckPerm. PermiCode" + permissionCode + ";appId:" + std::to_string(tokenId);
134 int32_t ret = OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenId, permissionCode);
135 if (ret != OHOS::Security::AccessToken::PERMISSION_GRANTED) {
136 MMI_HILOGE("Check Permi:%{public}s fail for appId:%{public}d, and ret:%{public}d",
137 permissionCode.c_str(), tokenId, ret);
138 return false;
139 }
140 MMI_HILOGD("Check permission( %{public}s) permission success", permissionCode.c_str());
141 return true;
142 }
143
CheckDispatchControl()144 bool PermissionHelper::CheckDispatchControl()
145 {
146 CALL_DEBUG_ENTER;
147 std::string inputDispatchControl = "ohos.permission.INPUT_CONTROL_DISPATCHING";
148 return CheckHapPermission(inputDispatchControl);
149 }
150
GetTokenType()151 int32_t PermissionHelper::GetTokenType()
152 {
153 CALL_DEBUG_ENTER;
154 auto tokenId = IPCSkeleton::GetCallingTokenID();
155 auto tokenType = OHOS::Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId);
156 if (tokenType == OHOS::Security::AccessToken::TOKEN_HAP) {
157 uint64_t accessTokenIdEx = IPCSkeleton::GetCallingFullTokenID();
158 if (OHOS::Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(accessTokenIdEx)) {
159 return TokenType::TOKEN_SYSTEM_HAP;
160 }
161 return TokenType::TOKEN_HAP;
162 } else if (tokenType == OHOS::Security::AccessToken::TOKEN_NATIVE) {
163 return TokenType::TOKEN_NATIVE;
164 } else if (tokenType == OHOS::Security::AccessToken::TOKEN_SHELL) {
165 return TokenType::TOKEN_SHELL;
166 } else {
167 MMI_HILOGW("Unsupported token type:%{public}d", tokenType);
168 return TokenType::TOKEN_INVALID;
169 }
170 }
171
RequestFromShell()172 bool PermissionHelper::RequestFromShell()
173 {
174 CALL_DEBUG_ENTER;
175 auto tokenId = IPCSkeleton::GetCallingTokenID();
176 auto tokenType = OHOS::Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId);
177 MMI_HILOGD("Token type is %{public}d", static_cast<int32_t>(tokenType));
178 return tokenType == OHOS::Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL;
179 }
180
CheckMouseCursor()181 bool PermissionHelper::CheckMouseCursor()
182 {
183 CALL_DEBUG_ENTER;
184 std::string mousePermissionCode = "ohos.permission.MANAGE_MOUSE_CURSOR";
185 return CheckHapPermission(mousePermissionCode);
186 }
187
CheckInputEventFilter()188 bool PermissionHelper::CheckInputEventFilter()
189 {
190 CALL_DEBUG_ENTER;
191 std::string filterPermissionCode = "ohos.permission.FILTER_INPUT_EVENT";
192 return CheckHapPermission(filterPermissionCode);
193 }
194
CheckInputDeviceController()195 bool PermissionHelper::CheckInputDeviceController()
196 {
197 CALL_DEBUG_ENTER;
198 std::string filterPermissionCode = "ohos.permission.INPUT_DEVICE_CONTROLLER";
199 return CheckHapPermission(filterPermissionCode);
200 }
201
CheckFunctionKeyEnabled()202 bool PermissionHelper::CheckFunctionKeyEnabled()
203 {
204 CALL_DEBUG_ENTER;
205 std::string funcKeyStatePermissionCode = "ohos.permission.INPUT_KEYBOARD_CONTROLLER";
206 return CheckHapPermission(funcKeyStatePermissionCode);
207 }
208 } // namespace MMI
209 } // namespace OHOS
210