• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "token_sync_manager_stub.h"
17 
18 #include "accesstoken_common_log.h"
19 #include "access_token_error.h"
20 #include "hap_token_info_for_sync_parcel.h"
21 #include "ipc_skeleton.h"
22 #include "string_ex.h"
23 
24 namespace OHOS {
25 namespace Security {
26 namespace AccessToken {
27 namespace {
28 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
29     static const int32_t ROOT_UID = 0;
30 #endif
31 }
32 
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)33 int32_t TokenSyncManagerStub::OnRemoteRequest(
34     uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option)
35 {
36     LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s called, code: %{public}d", __func__, code);
37     if (!IPCSkeleton::IsLocalCalling()) {
38         LOGE(ATM_DOMAIN, ATM_TAG, "Unsupported rpc calling.");
39         return ERROR_IPC_REQUEST_FAIL;
40     }
41     std::u16string descriptor = data.ReadInterfaceToken();
42     if (descriptor != ITokenSyncManager::GetDescriptor()) {
43         LOGE(ATM_DOMAIN, ATM_TAG, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str());
44         return ERROR_IPC_REQUEST_FAIL;
45     }
46     switch (code) {
47         case static_cast<uint32_t>(TokenSyncInterfaceCode::GET_REMOTE_HAP_TOKEN_INFO):
48             GetRemoteHapTokenInfoInner(data, reply);
49             break;
50         case static_cast<uint32_t>(TokenSyncInterfaceCode::DELETE_REMOTE_HAP_TOKEN_INFO):
51             DeleteRemoteHapTokenInfoInner(data, reply);
52             break;
53         case static_cast<uint32_t>(TokenSyncInterfaceCode::UPDATE_REMOTE_HAP_TOKEN_INFO):
54             UpdateRemoteHapTokenInfoInner(data, reply);
55             break;
56         default:
57             return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
58     }
59     return NO_ERROR;
60 }
61 
IsNativeProcessCalling() const62 bool TokenSyncManagerStub::IsNativeProcessCalling() const
63 {
64     AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
65     uint32_t type = (reinterpret_cast<AccessTokenIDInner*>(&tokenCaller))->type;
66     LOGD(ATM_DOMAIN, ATM_TAG, "Calling type: %{public}d", type);
67     return type == TOKEN_NATIVE;
68 }
69 
IsRootCalling() const70 bool TokenSyncManagerStub::IsRootCalling() const
71 {
72 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
73     int callingUid = IPCSkeleton::GetCallingUid();
74     LOGD(ATM_DOMAIN, ATM_TAG, "Calling uid: %{public}d", callingUid);
75     return callingUid == ROOT_UID;
76 #else
77     return false;
78 #endif
79 }
80 
GetRemoteHapTokenInfoInner(MessageParcel & data,MessageParcel & reply)81 void TokenSyncManagerStub::GetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply)
82 {
83     if (!IsRootCalling() && !IsNativeProcessCalling()) {
84         LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s called, permission denied", __func__);
85         reply.WriteInt32(ERR_IDENTITY_CHECK_FAILED);
86         return;
87     }
88 
89     std::string deviceID = data.ReadString();
90     AccessTokenID tokenID = data.ReadUint32();
91 
92     HapTokenInfoForSync tokenInfo;
93     int result = this->GetRemoteHapTokenInfo(deviceID, tokenID);
94     reply.WriteInt32(result);
95 }
96 
DeleteRemoteHapTokenInfoInner(MessageParcel & data,MessageParcel & reply)97 void TokenSyncManagerStub::DeleteRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply)
98 {
99     if (!IsRootCalling() && !IsNativeProcessCalling()) {
100         LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s called, permission denied", __func__);
101         reply.WriteInt32(ERR_IDENTITY_CHECK_FAILED);
102         return;
103     }
104     AccessTokenID tokenID = data.ReadUint32();
105     int result = this->DeleteRemoteHapTokenInfo(tokenID);
106     reply.WriteInt32(result);
107 }
108 
UpdateRemoteHapTokenInfoInner(MessageParcel & data,MessageParcel & reply)109 void TokenSyncManagerStub::UpdateRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply)
110 {
111     if (!IsRootCalling() && !IsNativeProcessCalling()) {
112         LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s called, permission denied", __func__);
113         reply.WriteInt32(ERR_IDENTITY_CHECK_FAILED);
114         return;
115     }
116 
117     sptr<HapTokenInfoForSyncParcel> tokenInfoParcelPtr = data.ReadParcelable<HapTokenInfoForSyncParcel>();
118     int result = RET_FAILED;
119     if (tokenInfoParcelPtr != nullptr) {
120         result = this->UpdateRemoteHapTokenInfo(tokenInfoParcelPtr->hapTokenInfoForSyncParams);
121     }
122     reply.WriteInt32(result);
123 }
124 } // namespace AccessToken
125 } // namespace Security
126 } // namespace OHOS
127