1 /*
2 * Copyright (c) 2021-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "app_account_manager_service.h"
17 #include "accesstoken_kit.h"
18 #include "account_log_wrapper.h"
19 #include "account_permission_manager.h"
20 #include "bundle_manager_adapter.h"
21 #include "account_hisysevent_adapter.h"
22 #include "inner_app_account_manager.h"
23 #include "ipc_skeleton.h"
24
25 namespace OHOS {
26 namespace AccountSA {
27 namespace {
28 constexpr int32_t UID_TRANSFORM_DIVISOR = 200000; // local account id = uid / UID_TRANSFORM_DIVISOR
29 const char DISTRIBUTED_DATASYNC[] = "ohos.permission.DISTRIBUTED_DATASYNC";
30 const char GET_ALL_APP_ACCOUNTS[] = "ohos.permission.GET_ALL_APP_ACCOUNTS";
31 }
32
33 #define RETURN_IF_STRING_CONTAINS_SPECIAL_CHAR(str, funcResult) \
34 if (CheckSpecialCharacters(str) != ERR_OK) { \
35 ACCOUNT_LOGE("fail to check special characters"); \
36 funcResult = ERR_ACCOUNT_COMMON_INVALID_PARAMETER; \
37 return ERR_OK; \
38 } \
39
40 #define RETURN_IF_STRING_IS_OVERSIZE(str, maxSize, msg, funcResult) \
41 if ((str).size() > (maxSize)) { \
42 ACCOUNT_LOGE("%{public}s, input size: %{public}zu, max size: %{public}zu", msg, (str).size(), maxSize); \
43 funcResult = ERR_ACCOUNT_COMMON_INVALID_PARAMETER; \
44 return ERR_OK; \
45 } \
46
47 #define RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(str, maxSize, msg, funcResult) \
48 if ((str).empty() || ((str).size() > (maxSize))) { \
49 ACCOUNT_LOGE("%{public}s, input size: %{public}zu, max size: %{public}zu", msg, (str).size(), maxSize); \
50 funcResult = ERR_ACCOUNT_COMMON_INVALID_PARAMETER; \
51 return ERR_OK; \
52 } \
53
CheckSpecialCharacters(const std::string & str)54 static ErrCode CheckSpecialCharacters(const std::string &str)
55 {
56 for (auto specialCharacter : Constants::SPECIAL_CHARACTERS) {
57 std::size_t found = str.find(specialCharacter);
58 if (found != std::string::npos) {
59 ACCOUNT_LOGE("found a special character, specialCharacter = %{public}c", specialCharacter);
60 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
61 }
62 }
63 return ERR_OK;
64 }
65
AppAccountManagerService()66 AppAccountManagerService::AppAccountManagerService()
67 #ifdef HAS_CES_PART
68 : observer_(AppAccountCommonEventObserver::GetInstance())
69 #endif // HAS_CES_PART
70 {
71 ACCOUNT_LOGI("Constructed");
72 innerManager_ = std::make_shared<InnerAppAccountManager>();
73 }
74
~AppAccountManagerService()75 AppAccountManagerService::~AppAccountManagerService()
76 {
77 ACCOUNT_LOGI("Destroyed");
78 }
79
AddAccount(const std::string & name,const std::string & extraInfo,int32_t & funcResult)80 ErrCode AppAccountManagerService::AddAccount(const std::string &name, const std::string &extraInfo, int32_t &funcResult)
81 {
82 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
83 RETURN_IF_STRING_CONTAINS_SPECIAL_CHAR(name, funcResult);
84 RETURN_IF_STRING_IS_OVERSIZE(extraInfo, Constants::EXTRA_INFO_MAX_SIZE, "extraInfo is oversize", funcResult);
85 int32_t callingUid = -1;
86 std::string bundleName;
87 uint32_t appIndex;
88 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
89 if (ret != ERR_OK) {
90 funcResult = ret;
91 return ERR_OK;
92 }
93 funcResult = innerManager_->AddAccount(name, extraInfo, callingUid, bundleName, appIndex);
94 return ERR_OK;
95 }
96
AddAccountImplicitly(const std::string & owner,const std::string & authType,const AAFwk::Want & options,const sptr<IAppAccountAuthenticatorCallback> & callback,int32_t & funcResult)97 ErrCode AppAccountManagerService::AddAccountImplicitly(const std::string &owner, const std::string &authType,
98 const AAFwk::Want &options, const sptr<IAppAccountAuthenticatorCallback> &callback, int32_t &funcResult)
99 {
100 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(owner, Constants::OWNER_MAX_SIZE, "owner is empty or oversize", funcResult);
101 RETURN_IF_STRING_IS_OVERSIZE(authType, Constants::AUTH_TYPE_MAX_SIZE, "authType is oversize", funcResult);
102 AuthenticatorSessionRequest request;
103 request.callerPid = IPCSkeleton::GetCallingRealPid();
104 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
105 if (result != ERR_OK) {
106 funcResult = result;
107 return ERR_OK;
108 }
109 request.owner = owner;
110 request.authType = authType;
111 request.options = options;
112 request.callback = callback;
113 request.options.SetParam(Constants::KEY_CALLER_PID, request.callerPid);
114 request.options.SetParam(Constants::KEY_CALLER_UID, request.callerUid);
115 funcResult = innerManager_->AddAccountImplicitly(request);
116 return ERR_OK;
117 }
118
CreateAccount(const std::string & name,const CreateAccountOptions & options,int32_t & funcResult)119 ErrCode AppAccountManagerService::CreateAccount(
120 const std::string &name, const CreateAccountOptions &options, int32_t &funcResult)
121 {
122 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
123 RETURN_IF_STRING_IS_OVERSIZE(
124 options.customData, Constants::MAX_CUSTOM_DATA_SIZE, "customData is oversize", funcResult);
125 for (const auto &it : options.customData) {
126 RETURN_IF_STRING_IS_OVERSIZE(
127 it.first, Constants::ASSOCIATED_KEY_MAX_SIZE, "customData key is oversize", funcResult);
128 RETURN_IF_STRING_IS_OVERSIZE(
129 it.second, Constants::ASSOCIATED_VALUE_MAX_SIZE, "customData value is oversize", funcResult);
130 }
131 int32_t callingUid = -1;
132 std::string bundleName;
133 uint32_t appIndex;
134 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
135 if (ret != ERR_OK) {
136 funcResult = ret;
137 return ERR_OK;
138 }
139 funcResult = innerManager_->CreateAccount(name, options, callingUid, bundleName, appIndex);
140 return ERR_OK;
141 }
142
CreateAccountImplicitly(const std::string & owner,const CreateAccountImplicitlyOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback,int32_t & funcResult)143 ErrCode AppAccountManagerService::CreateAccountImplicitly(const std::string &owner,
144 const CreateAccountImplicitlyOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback,
145 int32_t &funcResult)
146 {
147 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(owner, Constants::OWNER_MAX_SIZE, "owner is empty or oversize", funcResult);
148 RETURN_IF_STRING_IS_OVERSIZE(
149 options.authType, Constants::AUTH_TYPE_MAX_SIZE, "authType is empty or oversize", funcResult);
150 RETURN_IF_STRING_IS_OVERSIZE(options.requiredLabels,
151 Constants::MAX_ALLOWED_ARRAY_SIZE_INPUT, "requiredLabels array is oversize", funcResult);
152 AuthenticatorSessionRequest request;
153 request.callerPid = IPCSkeleton::GetCallingRealPid();
154 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
155 if (result != ERR_OK) {
156 funcResult = result;
157 return ERR_OK;
158 }
159 request.owner = owner;
160 request.callback = callback;
161 request.createOptions = options;
162 request.createOptions.parameters.SetParam(Constants::KEY_CALLER_BUNDLE_NAME, request.callerBundleName);
163 funcResult = innerManager_->CreateAccountImplicitly(request);
164 return ERR_OK;
165 }
166
DeleteAccount(const std::string & name,int32_t & funcResult)167 ErrCode AppAccountManagerService::DeleteAccount(const std::string &name, int32_t &funcResult)
168 {
169 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
170 int32_t callingUid = -1;
171 std::string bundleName;
172 uint32_t appIndex;
173 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
174 if (ret != ERR_OK) {
175 funcResult = ret;
176 return ERR_OK;
177 }
178 funcResult = innerManager_->DeleteAccount(name, callingUid, bundleName, appIndex);
179 return ERR_OK;
180 }
181
GetAccountExtraInfo(const std::string & name,std::string & extraInfo,int32_t & funcResult)182 ErrCode AppAccountManagerService::GetAccountExtraInfo(
183 const std::string &name, std::string &extraInfo, int32_t &funcResult)
184 {
185 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
186 RETURN_IF_STRING_CONTAINS_SPECIAL_CHAR(name, funcResult);
187 int32_t callingUid = -1;
188 std::string bundleName;
189 uint32_t appIndex;
190 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
191 if (ret != ERR_OK) {
192 funcResult = ret;
193 return ERR_OK;
194 }
195 funcResult = innerManager_->GetAccountExtraInfo(name, extraInfo, callingUid, bundleName, appIndex);
196 return ERR_OK;
197 }
198
SetAccountExtraInfo(const std::string & name,const std::string & extraInfo,int32_t & funcResult)199 ErrCode AppAccountManagerService::SetAccountExtraInfo(
200 const std::string &name, const std::string &extraInfo, int32_t &funcResult)
201 {
202 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
203 RETURN_IF_STRING_CONTAINS_SPECIAL_CHAR(name, funcResult);
204 RETURN_IF_STRING_IS_OVERSIZE(extraInfo, Constants::EXTRA_INFO_MAX_SIZE, "extraInfo is oversize", funcResult);
205 int32_t callingUid = -1;
206 std::string bundleName;
207 uint32_t appIndex;
208 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
209 if (ret != ERR_OK) {
210 funcResult = ret;
211 return ERR_OK;
212 }
213 funcResult = innerManager_->SetAccountExtraInfo(name, extraInfo, callingUid, bundleName, appIndex);
214 return ERR_OK;
215 }
216
EnableAppAccess(const std::string & name,const std::string & authorizedApp,int32_t & funcResult)217 ErrCode AppAccountManagerService::EnableAppAccess(
218 const std::string &name, const std::string &authorizedApp, int32_t &funcResult)
219 {
220 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
221 RETURN_IF_STRING_CONTAINS_SPECIAL_CHAR(name, funcResult);
222 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(authorizedApp, Constants::BUNDLE_NAME_MAX_SIZE,
223 "bundleName is empty or oversize", funcResult);
224 AppAccountCallingInfo appAccountCallingInfo;
225 ErrCode result = GetCallingInfo(
226 appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName, appAccountCallingInfo.appIndex);
227 if (result != ERR_OK) {
228 funcResult = result;
229 return ERR_OK;
230 }
231
232 if (authorizedApp == appAccountCallingInfo.bundleName) {
233 ACCOUNT_LOGE("AuthorizedApp is the same to owner.");
234 funcResult = ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
235 return ERR_OK;
236 }
237
238 funcResult = innerManager_->EnableAppAccess(name, authorizedApp, appAccountCallingInfo);
239 return ERR_OK;
240 }
241
DisableAppAccess(const std::string & name,const std::string & authorizedApp,int32_t & funcResult)242 ErrCode AppAccountManagerService::DisableAppAccess(
243 const std::string &name, const std::string &authorizedApp, int32_t &funcResult)
244 {
245 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
246 RETURN_IF_STRING_CONTAINS_SPECIAL_CHAR(name, funcResult);
247 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(authorizedApp, Constants::BUNDLE_NAME_MAX_SIZE,
248 "bundleName is empty or oversize", funcResult);
249 AppAccountCallingInfo appAccountCallingInfo;
250 ErrCode ret = GetCallingInfo(
251 appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName, appAccountCallingInfo.appIndex);
252 if (ret != ERR_OK) {
253 funcResult = ret;
254 return ERR_OK;
255 }
256 if (authorizedApp == appAccountCallingInfo.bundleName) {
257 ACCOUNT_LOGE("AuthorizedApp is the same to owner.");
258 funcResult = ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
259 return ERR_OK;
260 }
261 funcResult = innerManager_->DisableAppAccess(name, authorizedApp, appAccountCallingInfo);
262 return ERR_OK;
263 }
264
SetAppAccess(const std::string & name,const std::string & authorizedApp,bool isAccessible,int32_t & funcResult)265 ErrCode AppAccountManagerService::SetAppAccess(
266 const std::string &name, const std::string &authorizedApp, bool isAccessible, int32_t &funcResult)
267 {
268 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
269 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(authorizedApp, Constants::BUNDLE_NAME_MAX_SIZE,
270 "bundleName is empty or oversize", funcResult);
271 AppAccountCallingInfo appAccountCallingInfo;
272 ErrCode ret = GetCallingInfo(
273 appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName, appAccountCallingInfo.appIndex);
274 if (ret != ERR_OK) {
275 funcResult = ret;
276 return ERR_OK;
277 }
278
279 if (authorizedApp == appAccountCallingInfo.bundleName) {
280 if (isAccessible) {
281 ACCOUNT_LOGI("AuthorizedApp name is the self, invalid operate.");
282 funcResult = ERR_OK;
283 return ERR_OK;
284 } else {
285 ACCOUNT_LOGE("AuthorizedApp is the same to owner.");
286 funcResult = ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
287 return ERR_OK;
288 }
289 }
290 if (isAccessible) {
291 funcResult = innerManager_->EnableAppAccess(
292 name, authorizedApp, appAccountCallingInfo, Constants::API_VERSION9);
293 return ERR_OK;
294 }
295
296 funcResult = innerManager_->DisableAppAccess(name, authorizedApp, appAccountCallingInfo, Constants::API_VERSION9);
297 return ERR_OK;
298 }
299
CheckAppAccountSyncEnable(const std::string & name,bool & syncEnable,int32_t & funcResult)300 ErrCode AppAccountManagerService::CheckAppAccountSyncEnable(
301 const std::string &name, bool &syncEnable, int32_t &funcResult)
302 {
303 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
304 int32_t callingUid = -1;
305 std::string bundleName;
306 uint32_t appIndex;
307 ErrCode ret = GetBundleNameAndCheckPerm(callingUid, bundleName, DISTRIBUTED_DATASYNC);
308 if (ret != ERR_OK) {
309 funcResult = ret;
310 return ERR_OK;
311 }
312 ret = GetCallingTokenInfoAndAppIndex(appIndex);
313 if (ret != ERR_OK) {
314 ACCOUNT_LOGE("failed to get app index");
315 funcResult = ret;
316 return ERR_OK;
317 }
318
319 funcResult = innerManager_->CheckAppAccountSyncEnable(name, syncEnable, callingUid, bundleName, appIndex);
320 return ERR_OK;
321 }
322
SetAppAccountSyncEnable(const std::string & name,bool syncEnable,int32_t & funcResult)323 ErrCode AppAccountManagerService::SetAppAccountSyncEnable(
324 const std::string &name, bool syncEnable, int32_t &funcResult)
325 {
326 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
327 int32_t callingUid = -1;
328 std::string bundleName;
329 uint32_t appIndex;
330 ErrCode ret = GetBundleNameAndCheckPerm(callingUid, bundleName, DISTRIBUTED_DATASYNC);
331 if (ret != ERR_OK) {
332 funcResult = ret;
333 return ERR_OK;
334 }
335 ret = GetCallingTokenInfoAndAppIndex(appIndex);
336 if (ret != ERR_OK) {
337 ACCOUNT_LOGE("failed to get app index");
338 funcResult = ret;
339 return ERR_OK;
340 }
341
342 funcResult = innerManager_->SetAppAccountSyncEnable(name, syncEnable, callingUid, bundleName, appIndex);
343 return ERR_OK;
344 }
345
GetAssociatedData(const std::string & name,const std::string & key,std::string & value,int32_t & funcResult)346 ErrCode AppAccountManagerService::GetAssociatedData(
347 const std::string &name, const std::string &key, std::string &value, int32_t &funcResult)
348 {
349 int32_t callingUid = IPCSkeleton::GetCallingUid();
350 funcResult = innerManager_->GetAssociatedData(name, key, value, callingUid);
351 return ERR_OK;
352 }
353
SetAssociatedData(const std::string & name,const std::string & key,const std::string & value,int32_t & funcResult)354 ErrCode AppAccountManagerService::SetAssociatedData(
355 const std::string &name, const std::string &key, const std::string &value, int32_t &funcResult)
356 {
357 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
358 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(
359 key, Constants::ASSOCIATED_KEY_MAX_SIZE, "key is empty or oversize", funcResult);
360 RETURN_IF_STRING_IS_OVERSIZE(value, Constants::ASSOCIATED_VALUE_MAX_SIZE, "value is oversize", funcResult);
361 AppAccountCallingInfo appAccountCallingInfo;
362 ErrCode ret = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
363 appAccountCallingInfo.appIndex);
364 if (ret != ERR_OK) {
365 funcResult = ret;
366 return ERR_OK;
367 }
368 funcResult = innerManager_->SetAssociatedData(name, key, value, appAccountCallingInfo);
369 return ERR_OK;
370 }
371
GetAccountCredential(const std::string & name,const std::string & credentialType,std::string & credential,int32_t & funcResult)372 ErrCode AppAccountManagerService::GetAccountCredential(
373 const std::string &name, const std::string &credentialType, std::string &credential, int32_t &funcResult)
374 {
375 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
376 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(credentialType, Constants::CREDENTIAL_TYPE_MAX_SIZE,
377 "credentialType is empty or oversize", funcResult);
378 AppAccountCallingInfo appAccountCallingInfo;
379 ErrCode ret = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
380 appAccountCallingInfo.appIndex);
381 if (ret != ERR_OK) {
382 funcResult = ret;
383 return ERR_OK;
384 }
385 funcResult = innerManager_->GetAccountCredential(name, credentialType, credential, appAccountCallingInfo);
386 return ERR_OK;
387 }
388
SetAccountCredential(const std::string & name,const std::string & credentialType,const std::string & credential,int32_t & funcResult)389 ErrCode AppAccountManagerService::SetAccountCredential(
390 const std::string &name, const std::string &credentialType, const std::string &credential, int32_t &funcResult)
391 {
392 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
393 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(credentialType, Constants::CREDENTIAL_TYPE_MAX_SIZE,
394 "credentialType is empty or oversize", funcResult);
395 RETURN_IF_STRING_IS_OVERSIZE(credential, Constants::CREDENTIAL_MAX_SIZE, "credential is oversize", funcResult);
396 AppAccountCallingInfo appAccountCallingInfo;
397 ErrCode ret = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
398 appAccountCallingInfo.appIndex);
399 if (ret != ERR_OK) {
400 funcResult = ret;
401 return ERR_OK;
402 }
403 funcResult = innerManager_->SetAccountCredential(name, credentialType, credential, appAccountCallingInfo);
404 return ERR_OK;
405 }
406
Authenticate(const AppAccountStringInfo & appAccountStringInfo,const AAFwk::Want & options,const sptr<IAppAccountAuthenticatorCallback> & callback,int32_t & funcResult)407 ErrCode AppAccountManagerService::Authenticate(const AppAccountStringInfo &appAccountStringInfo,
408 const AAFwk::Want &options, const sptr<IAppAccountAuthenticatorCallback> &callback, int32_t &funcResult)
409 {
410 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(
411 appAccountStringInfo.name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
412 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(
413 appAccountStringInfo.owner, Constants::OWNER_MAX_SIZE, "owner is empty or oversize", funcResult);
414 RETURN_IF_STRING_IS_OVERSIZE(
415 appAccountStringInfo.authType, Constants::AUTH_TYPE_MAX_SIZE, "authType is oversize", funcResult);
416 AuthenticatorSessionRequest request;
417 request.callerPid = IPCSkeleton::GetCallingRealPid();
418 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
419 if (result != ERR_OK) {
420 funcResult = result;
421 return ERR_OK;
422 }
423 request.name = appAccountStringInfo.name;
424 request.owner = appAccountStringInfo.owner;
425 request.authType = appAccountStringInfo.authType;
426 request.options = options;
427 request.callback = callback;
428 request.options.SetParam(Constants::KEY_CALLER_BUNDLE_NAME, request.callerBundleName);
429 request.options.SetParam(Constants::KEY_CALLER_UID, request.callerUid);
430 funcResult = innerManager_->Authenticate(request);
431 return ERR_OK;
432 }
433
GetOAuthToken(const std::string & name,const std::string & owner,const std::string & authType,std::string & token,int32_t & funcResult)434 ErrCode AppAccountManagerService::GetOAuthToken(
435 const std::string &name, const std::string &owner, const std::string &authType, std::string &token,
436 int32_t &funcResult)
437 {
438 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
439 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(owner, Constants::OWNER_MAX_SIZE, "owner is empty or oversize", funcResult);
440 RETURN_IF_STRING_IS_OVERSIZE(authType, Constants::AUTH_TYPE_MAX_SIZE, "authType is oversize", funcResult);
441 RETURN_IF_STRING_CONTAINS_SPECIAL_CHAR(name, funcResult);
442 AuthenticatorSessionRequest request;
443 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
444 if (result != ERR_OK) {
445 funcResult = result;
446 return ERR_OK;
447 }
448 request.name = name;
449 request.owner = owner;
450 request.authType = authType;
451 funcResult = innerManager_->GetOAuthToken(request, token);
452 return ERR_OK;
453 }
454
GetAuthToken(const std::string & name,const std::string & owner,const std::string & authType,std::string & token,int32_t & funcResult)455 ErrCode AppAccountManagerService::GetAuthToken(
456 const std::string &name, const std::string &owner, const std::string &authType, std::string &token,
457 int32_t &funcResult)
458 {
459 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
460 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(owner, Constants::OWNER_MAX_SIZE, "owner is empty or oversize", funcResult);
461 RETURN_IF_STRING_IS_OVERSIZE(authType, Constants::AUTH_TYPE_MAX_SIZE, "authType is oversize", funcResult);
462 AuthenticatorSessionRequest request;
463 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
464 if (result != ERR_OK) {
465 funcResult = result;
466 return ERR_OK;
467 }
468 request.name = name;
469 request.owner = owner;
470 request.authType = authType;
471 funcResult = innerManager_->GetOAuthToken(request, token, Constants::API_VERSION9);
472 return ERR_OK;
473 }
474
SetOAuthToken(const std::string & name,const std::string & authType,const std::string & token,int32_t & funcResult)475 ErrCode AppAccountManagerService::SetOAuthToken(
476 const std::string &name, const std::string &authType, const std::string &token, int32_t &funcResult)
477 {
478 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
479 RETURN_IF_STRING_IS_OVERSIZE(authType, Constants::AUTH_TYPE_MAX_SIZE, "authType is oversize", funcResult);
480 RETURN_IF_STRING_IS_OVERSIZE(token, Constants::TOKEN_MAX_SIZE, "token is oversize", funcResult);
481 AuthenticatorSessionRequest request;
482 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
483 if (result != ERR_OK) {
484 funcResult = result;
485 return ERR_OK;
486 }
487 request.name = name;
488 request.owner = request.callerBundleName;
489 request.authType = authType;
490 request.token = token;
491 funcResult = innerManager_->SetOAuthToken(request);
492 return ERR_OK;
493 }
494
DeleteOAuthToken(const std::string & name,const std::string & owner,const std::string & authType,const std::string & token,int32_t & funcResult)495 ErrCode AppAccountManagerService::DeleteOAuthToken(
496 const std::string &name, const std::string &owner, const std::string &authType, const std::string &token,
497 int32_t &funcResult)
498 {
499 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
500 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(owner, Constants::OWNER_MAX_SIZE, "owner is empty or oversize", funcResult);
501 RETURN_IF_STRING_IS_OVERSIZE(authType, Constants::AUTH_TYPE_MAX_SIZE, "authType is oversize", funcResult);
502 RETURN_IF_STRING_IS_OVERSIZE(token, Constants::TOKEN_MAX_SIZE, "token is oversize", funcResult);
503 RETURN_IF_STRING_CONTAINS_SPECIAL_CHAR(name, funcResult);
504 AuthenticatorSessionRequest request;
505 ErrCode ret = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
506 if (ret != ERR_OK) {
507 funcResult = ret;
508 return ERR_OK;
509 }
510 request.name = name;
511 request.owner = owner;
512 request.authType = authType;
513 request.token = token;
514 funcResult = innerManager_->DeleteOAuthToken(request);
515 return ERR_OK;
516 }
517
DeleteAuthToken(const std::string & name,const std::string & owner,const std::string & authType,const std::string & token,int32_t & funcResult)518 ErrCode AppAccountManagerService::DeleteAuthToken(
519 const std::string &name, const std::string &owner, const std::string &authType, const std::string &token,
520 int32_t &funcResult)
521 {
522 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
523 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(owner, Constants::OWNER_MAX_SIZE, "owner is empty or oversize", funcResult);
524 RETURN_IF_STRING_IS_OVERSIZE(authType, Constants::AUTH_TYPE_MAX_SIZE, "authType is oversize", funcResult);
525 RETURN_IF_STRING_IS_OVERSIZE(token, Constants::TOKEN_MAX_SIZE, "token is oversize", funcResult);
526 AuthenticatorSessionRequest request;
527 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
528 if (result != ERR_OK) {
529 funcResult = result;
530 return ERR_OK;
531 }
532 request.name = name;
533 request.owner = owner;
534 request.authType = authType;
535 request.token = token;
536 funcResult = innerManager_->DeleteOAuthToken(request, Constants::API_VERSION9);
537 return ERR_OK;
538 }
539
GetTokenVisibilityParam(const std::string & name,const std::string & authType,const std::string & bundleName,AuthenticatorSessionRequest & request)540 ErrCode AppAccountManagerService::GetTokenVisibilityParam(const std::string &name,
541 const std::string &authType, const std::string &bundleName, AuthenticatorSessionRequest &request)
542 {
543 ErrCode ret = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
544 if (ret != ERR_OK) {
545 return ret;
546 }
547 request.name = name;
548 request.owner = request.callerBundleName;
549 request.authType = authType;
550 request.bundleName = bundleName;
551 return ret;
552 }
553
SetOAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool isVisible,int32_t & funcResult)554 ErrCode AppAccountManagerService::SetOAuthTokenVisibility(
555 const std::string &name, const std::string &authType, const std::string &bundleName, bool isVisible,
556 int32_t &funcResult)
557 {
558 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
559 RETURN_IF_STRING_IS_OVERSIZE(authType, Constants::AUTH_TYPE_MAX_SIZE, "authType is oversize", funcResult);
560 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(bundleName, Constants::BUNDLE_NAME_MAX_SIZE,
561 "bundleName is empty or oversize", funcResult);
562 RETURN_IF_STRING_CONTAINS_SPECIAL_CHAR(name, funcResult);
563 AuthenticatorSessionRequest request;
564 ErrCode ret = GetTokenVisibilityParam(name, authType, bundleName, request);
565 if (ret != ERR_OK) {
566 funcResult = ret;
567 return ERR_OK;
568 }
569 request.isTokenVisible = isVisible;
570 funcResult = innerManager_->SetOAuthTokenVisibility(request);
571 return ERR_OK;
572 }
573
SetAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool isVisible,int32_t & funcResult)574 ErrCode AppAccountManagerService::SetAuthTokenVisibility(
575 const std::string &name, const std::string &authType, const std::string &bundleName, bool isVisible,
576 int32_t &funcResult)
577 {
578 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
579 RETURN_IF_STRING_IS_OVERSIZE(authType, Constants::AUTH_TYPE_MAX_SIZE, "authType is oversize", funcResult);
580 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(bundleName, Constants::BUNDLE_NAME_MAX_SIZE,
581 "bundleName is empty or oversize", funcResult);
582 AuthenticatorSessionRequest request;
583 ErrCode result = GetTokenVisibilityParam(name, authType, bundleName, request);
584 if (result != ERR_OK) {
585 funcResult = result;
586 return ERR_OK;
587 }
588 if (request.bundleName == request.owner) {
589 if (isVisible) {
590 ACCOUNT_LOGI("authorizedApp name is the self, invalid operate.");
591 funcResult = ERR_OK;
592 return ERR_OK;
593 } else {
594 ACCOUNT_LOGE("authorizedApp is the same to owner.");
595 funcResult = ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
596 return ERR_OK;
597 }
598 }
599 request.isTokenVisible = isVisible;
600 funcResult = innerManager_->SetOAuthTokenVisibility(request, Constants::API_VERSION9);
601 return ERR_OK;
602 }
603
CheckOAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool & isVisible,int32_t & funcResult)604 ErrCode AppAccountManagerService::CheckOAuthTokenVisibility(
605 const std::string &name, const std::string &authType, const std::string &bundleName, bool &isVisible,
606 int32_t &funcResult)
607 {
608 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
609 RETURN_IF_STRING_IS_OVERSIZE(authType, Constants::AUTH_TYPE_MAX_SIZE, "authType is oversize", funcResult);
610 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(bundleName, Constants::BUNDLE_NAME_MAX_SIZE,
611 "bundleName is empty or oversize", funcResult);
612 RETURN_IF_STRING_CONTAINS_SPECIAL_CHAR(name, funcResult);
613 AuthenticatorSessionRequest request;
614 ErrCode ret = GetTokenVisibilityParam(name, authType, bundleName, request);
615 if (ret != ERR_OK) {
616 funcResult = ret;
617 return ERR_OK;
618 }
619 funcResult = innerManager_->CheckOAuthTokenVisibility(request, isVisible);
620 return ERR_OK;
621 }
622
CheckAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool & isVisible,int32_t & funcResult)623 ErrCode AppAccountManagerService::CheckAuthTokenVisibility(
624 const std::string &name, const std::string &authType, const std::string &bundleName, bool &isVisible,
625 int32_t &funcResult)
626 {
627 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
628 RETURN_IF_STRING_IS_OVERSIZE(authType, Constants::AUTH_TYPE_MAX_SIZE, "authType is oversize", funcResult);
629 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(bundleName, Constants::BUNDLE_NAME_MAX_SIZE,
630 "bundleName is empty or oversize", funcResult);
631 AuthenticatorSessionRequest request;
632 ErrCode ret = GetTokenVisibilityParam(name, authType, bundleName, request);
633 if (ret != ERR_OK) {
634 funcResult = ret;
635 return ERR_OK;
636 }
637 funcResult = innerManager_->CheckOAuthTokenVisibility(request, isVisible, Constants::API_VERSION9);
638 return ERR_OK;
639 }
640
GetAuthenticatorInfo(const std::string & owner,AuthenticatorInfo & info,int32_t & funcResult)641 ErrCode AppAccountManagerService::GetAuthenticatorInfo(
642 const std::string &owner, AuthenticatorInfo &info, int32_t &funcResult)
643 {
644 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(owner, Constants::OWNER_MAX_SIZE, "owner is empty or oversize", funcResult);
645 AuthenticatorSessionRequest request;
646 request.callerUid = IPCSkeleton::GetCallingUid();
647 ErrCode result = GetCallingTokenInfoAndAppIndex(request.appIndex);
648 if (result != ERR_OK) {
649 ACCOUNT_LOGE("failed to get app index");
650 funcResult = result;
651 return ERR_OK;
652 }
653 request.owner = owner;
654 funcResult = innerManager_->GetAuthenticatorInfo(request, info);
655 return ERR_OK;
656 }
657
GetAllOAuthTokens(const std::string & name,const std::string & owner,std::vector<OAuthTokenInfo> & tokenInfos,int32_t & funcResult)658 ErrCode AppAccountManagerService::GetAllOAuthTokens(
659 const std::string &name, const std::string &owner, std::vector<OAuthTokenInfo> &tokenInfos, int32_t &funcResult)
660 {
661 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
662 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(owner, Constants::OWNER_MAX_SIZE, "owner is empty or oversize", funcResult);
663 AuthenticatorSessionRequest request;
664 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
665 if (result != ERR_OK) {
666 funcResult = result;
667 return ERR_OK;
668 }
669 request.name = name;
670 request.owner = owner;
671 funcResult = innerManager_->GetAllOAuthTokens(request, tokenInfos);
672 return ERR_OK;
673 }
674
GetOAuthList(const std::string & name,const std::string & authType,std::set<std::string> & oauthList,int32_t & funcResult)675 ErrCode AppAccountManagerService::GetOAuthList(
676 const std::string &name, const std::string &authType, std::set<std::string> &oauthList, int32_t &funcResult)
677 {
678 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
679 RETURN_IF_STRING_IS_OVERSIZE(authType, Constants::OWNER_MAX_SIZE, "authType is oversize", funcResult);
680 RETURN_IF_STRING_CONTAINS_SPECIAL_CHAR(name, funcResult);
681 AuthenticatorSessionRequest request;
682 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
683 if (result != ERR_OK) {
684 funcResult = result;
685 return ERR_OK;
686 }
687 request.name = name;
688 request.authType = authType;
689 funcResult = innerManager_->GetOAuthList(request, oauthList);
690 return ERR_OK;
691 }
692
GetAuthList(const std::string & name,const std::string & authType,std::set<std::string> & oauthList,int32_t & funcResult)693 ErrCode AppAccountManagerService::GetAuthList(
694 const std::string &name, const std::string &authType, std::set<std::string> &oauthList, int32_t &funcResult)
695 {
696 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
697 RETURN_IF_STRING_IS_OVERSIZE(authType, Constants::OWNER_MAX_SIZE, "authType is oversize", funcResult);
698 AuthenticatorSessionRequest request;
699 ErrCode ret = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
700 if (ret != ERR_OK) {
701 funcResult = ret;
702 return ERR_OK;
703 }
704 request.name = name;
705 request.authType = authType;
706 funcResult = innerManager_->GetOAuthList(request, oauthList, Constants::API_VERSION9);
707 return ERR_OK;
708 }
709
GetAuthenticatorCallback(const std::string & sessionId,int32_t & funcResult,sptr<IRemoteObject> & callback)710 ErrCode AppAccountManagerService::GetAuthenticatorCallback(
711 const std::string &sessionId, int32_t &funcResult, sptr<IRemoteObject> &callback)
712 {
713 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(sessionId, Constants::SESSION_ID_MAX_SIZE,
714 "sessionId is empty or oversize", funcResult);
715 AuthenticatorSessionRequest request;
716 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
717 if (result != ERR_OK) {
718 funcResult = result;
719 return ERR_OK;
720 }
721 request.sessionId = sessionId;
722 funcResult = innerManager_->GetAuthenticatorCallback(request, callback);
723 return ERR_OK;
724 }
725
GetAllAccounts(const std::string & owner,std::vector<AppAccountInfo> & appAccounts,int32_t & funcResult)726 ErrCode AppAccountManagerService::GetAllAccounts(
727 const std::string &owner, std::vector<AppAccountInfo> &appAccounts, int32_t &funcResult)
728 {
729 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(owner, Constants::OWNER_MAX_SIZE, "owner is empty or oversize", funcResult);
730 int32_t callingUid = -1;
731 std::string bundleName;
732 uint32_t appIndex;
733 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
734 if (ret != ERR_OK) {
735 funcResult = ret;
736 return ERR_OK;
737 }
738 if ((owner != bundleName) &&
739 (AccountPermissionManager::VerifyPermission(GET_ALL_APP_ACCOUNTS) != ERR_OK)) {
740 ACCOUNT_LOGE("failed to verify permission for %{public}s", GET_ALL_APP_ACCOUNTS);
741 REPORT_PERMISSION_FAIL();
742 funcResult = ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
743 return ERR_OK;
744 }
745
746 AppExecFwk::BundleInfo bundleInfo;
747 int32_t userId = callingUid / UID_TRANSFORM_DIVISOR;
748 bool result = BundleManagerAdapter::GetInstance()->GetBundleInfo(
749 owner, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
750 if (!result) {
751 funcResult = ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
752 return ERR_OK;
753 }
754
755 funcResult = innerManager_->GetAllAccounts(owner, appAccounts, callingUid, bundleName, appIndex);
756 return ERR_OK;
757 }
758
GetAllAccessibleAccounts(std::vector<AppAccountInfo> & appAccounts,int32_t & funcResult)759 ErrCode AppAccountManagerService::GetAllAccessibleAccounts(
760 std::vector<AppAccountInfo> &appAccounts, int32_t &funcResult)
761 {
762 int32_t callingUid = -1;
763 std::string bundleName;
764 uint32_t appIndex;
765 ErrCode ret = GetBundleNameAndCheckPerm(callingUid, bundleName, GET_ALL_APP_ACCOUNTS);
766 if (ret != ERR_OK) {
767 funcResult = ret;
768 return ERR_OK;
769 }
770 ret = GetCallingTokenInfoAndAppIndex(appIndex);
771 if (ret != ERR_OK) {
772 ACCOUNT_LOGE("failed to get app index");
773 funcResult = ret;
774 return ERR_OK;
775 }
776 funcResult = innerManager_->GetAllAccessibleAccounts(appAccounts, callingUid, bundleName, appIndex);
777 return ERR_OK;
778 }
779
QueryAllAccessibleAccounts(const std::string & owner,std::vector<AppAccountInfo> & appAccounts,int32_t & funcResult)780 ErrCode AppAccountManagerService::QueryAllAccessibleAccounts(
781 const std::string &owner, std::vector<AppAccountInfo> &appAccounts, int32_t &funcResult)
782 {
783 RETURN_IF_STRING_IS_OVERSIZE(owner, Constants::OWNER_MAX_SIZE, "owner is or oversize", funcResult);
784 int32_t callingUid = -1;
785 std::string bundleName;
786 uint32_t appIndex;
787 ErrCode result = GetCallingInfo(callingUid, bundleName, appIndex);
788 if (result != ERR_OK) {
789 funcResult = result;
790 return ERR_OK;
791 }
792 if (owner.empty()) {
793 funcResult = innerManager_->GetAllAccessibleAccounts(appAccounts, callingUid, bundleName, appIndex);
794 return ERR_OK;
795 }
796 AppExecFwk::BundleInfo bundleInfo;
797 int32_t userId = callingUid / UID_TRANSFORM_DIVISOR;
798 bool ret = BundleManagerAdapter::GetInstance()->GetBundleInfo(
799 owner, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
800 if (!ret) {
801 funcResult = ERR_OK;
802 return ERR_OK;
803 }
804 funcResult = innerManager_->GetAllAccounts(owner, appAccounts, callingUid, bundleName, appIndex);
805 return ERR_OK;
806 }
807
CheckAppAccess(const std::string & name,const std::string & authorizedApp,bool & isAccessible,int32_t & funcResult)808 ErrCode AppAccountManagerService::CheckAppAccess(
809 const std::string &name, const std::string &authorizedApp, bool &isAccessible, int32_t &funcResult)
810 {
811 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
812 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(authorizedApp, Constants::BUNDLE_NAME_MAX_SIZE,
813 "bundleName is empty or oversize", funcResult);
814 AppAccountCallingInfo appAccountCallingInfo;
815 ErrCode result = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
816 appAccountCallingInfo.appIndex);
817 if (result != ERR_OK) {
818 funcResult = result;
819 return ERR_OK;
820 }
821 if (authorizedApp == appAccountCallingInfo.bundleName) {
822 isAccessible = true;
823 funcResult = ERR_OK;
824 return ERR_OK;
825 }
826 funcResult = innerManager_->CheckAppAccess(name, authorizedApp, isAccessible, appAccountCallingInfo);
827 return ERR_OK;
828 }
829
DeleteAccountCredential(const std::string & name,const std::string & credentialType,int32_t & funcResult)830 ErrCode AppAccountManagerService::DeleteAccountCredential(
831 const std::string &name, const std::string &credentialType, int32_t &funcResult)
832 {
833 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
834 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(credentialType, Constants::CREDENTIAL_TYPE_MAX_SIZE,
835 "credentialType is empty or oversize", funcResult);
836 int32_t callingUid = -1;
837 std::string bundleName;
838 uint32_t appIndex;
839 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
840 if (ret != ERR_OK) {
841 funcResult = ret;
842 return ERR_OK;
843 }
844 funcResult = innerManager_->DeleteAccountCredential(name, credentialType, callingUid, bundleName, appIndex);
845 return ERR_OK;
846 }
847
SelectAccountsByOptions(const SelectAccountsOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback,int32_t & funcResult)848 ErrCode AppAccountManagerService::SelectAccountsByOptions(
849 const SelectAccountsOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback, int32_t &funcResult)
850 {
851 RETURN_IF_STRING_IS_OVERSIZE(options.allowedAccounts,
852 Constants::MAX_ALLOWED_ARRAY_SIZE_INPUT, "allowedAccounts array is oversize", funcResult);
853 RETURN_IF_STRING_IS_OVERSIZE(options.allowedOwners,
854 Constants::MAX_ALLOWED_ARRAY_SIZE_INPUT, "allowedOwners array is oversize", funcResult);
855 RETURN_IF_STRING_IS_OVERSIZE(options.requiredLabels,
856 Constants::MAX_ALLOWED_ARRAY_SIZE_INPUT, "requiredLabels array is oversize", funcResult);
857 int32_t callingUid = -1;
858 std::string bundleName;
859 uint32_t appIndex;
860 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
861 if (ret != ERR_OK) {
862 funcResult = ret;
863 return ERR_OK;
864 }
865 funcResult = innerManager_->SelectAccountsByOptions(options, callback, callingUid, bundleName, appIndex);
866 return ERR_OK;
867 }
868
VerifyCredential(const std::string & name,const std::string & owner,const VerifyCredentialOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback,int32_t & funcResult)869 ErrCode AppAccountManagerService::VerifyCredential(const std::string &name, const std::string &owner,
870 const VerifyCredentialOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback, int32_t &funcResult)
871 {
872 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
873 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(owner, Constants::OWNER_MAX_SIZE, "owner is empty or oversize", funcResult);
874 RETURN_IF_STRING_IS_OVERSIZE(
875 options.credentialType, Constants::CREDENTIAL_TYPE_MAX_SIZE, "the credential type is oversize", funcResult);
876 RETURN_IF_STRING_IS_OVERSIZE(
877 options.credential, Constants::CREDENTIAL_MAX_SIZE, "the credential is oversize", funcResult);
878 AuthenticatorSessionRequest request;
879 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
880 if (result != ERR_OK) {
881 funcResult = result;
882 return ERR_OK;
883 }
884 request.name = name;
885 request.owner = owner;
886 request.verifyCredOptions = options;
887 request.callback = callback;
888 funcResult = innerManager_->VerifyCredential(request);
889 return ERR_OK;
890 }
891
CheckAccountLabels(const std::string & name,const std::string & owner,const std::vector<std::string> & labels,const sptr<IAppAccountAuthenticatorCallback> & callback,int32_t & funcResult)892 ErrCode AppAccountManagerService::CheckAccountLabels(const std::string &name, const std::string &owner,
893 const std::vector<std::string> &labels, const sptr<IAppAccountAuthenticatorCallback> &callback, int32_t &funcResult)
894 {
895 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(name, Constants::NAME_MAX_SIZE, "name is empty or oversize", funcResult);
896 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(owner, Constants::OWNER_MAX_SIZE, "owner is empty or oversize", funcResult);
897 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(
898 labels, Constants::MAX_ALLOWED_ARRAY_SIZE_INPUT, "labels array is empty or oversize", funcResult);
899 AuthenticatorSessionRequest request;
900 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
901 if (result != ERR_OK) {
902 funcResult = result;
903 return ERR_OK;
904 }
905 request.labels = labels;
906 request.callback = callback;
907 request.name = name;
908 request.owner = owner;
909 funcResult = innerManager_->CheckAccountLabels(request);
910 return ERR_OK;
911 }
912
SetAuthenticatorProperties(const std::string & owner,const SetPropertiesOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback,int32_t & funcResult)913 ErrCode AppAccountManagerService::SetAuthenticatorProperties(const std::string &owner,
914 const SetPropertiesOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback, int32_t &funcResult)
915 {
916 RETURN_IF_STRING_IS_EMPTY_OR_OVERSIZE(owner, Constants::OWNER_MAX_SIZE, "owner is empty or oversize", funcResult);
917 AuthenticatorSessionRequest request;
918 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
919 if (result != ERR_OK) {
920 funcResult = result;
921 return ERR_OK;
922 }
923 request.owner = owner;
924 request.setPropOptions = options;
925 request.callback = callback;
926 funcResult = innerManager_->SetAuthenticatorProperties(request);
927 return ERR_OK;
928 }
929
SubscribeAppAccount(const AppAccountSubscribeInfo & subscribeInfo,const sptr<IRemoteObject> & eventListener,int32_t & funcResult)930 ErrCode AppAccountManagerService::SubscribeAppAccount(
931 const AppAccountSubscribeInfo &subscribeInfo, const sptr<IRemoteObject> &eventListener, int32_t &funcResult)
932 {
933 auto subscribeInfoCopy = subscribeInfo;
934 int32_t callingUid = -1;
935 std::string bundleName;
936 uint32_t appIndex;
937 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
938 if (ret != ERR_OK) {
939 funcResult = ret;
940 return ERR_OK;
941 }
942
943 std::vector<std::string> owners;
944 subscribeInfoCopy.GetOwners(owners);
945 if (owners.size() == 0) {
946 ACCOUNT_LOGE("owners size is 0");
947 funcResult = ERR_APPACCOUNT_SERVICE_OWNERS_SIZE_IS_ZERO;
948 return ERR_OK;
949 }
950
951 int32_t userId = callingUid / UID_TRANSFORM_DIVISOR;
952 std::vector<std::string> existOwners;
953 for (auto owner : owners) {
954 AppExecFwk::BundleInfo bundleInfo;
955 bool bundleRet = BundleManagerAdapter::GetInstance()->GetBundleInfo(owner,
956 AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
957 if (!bundleRet) {
958 ACCOUNT_LOGE("Failed to get bundle info, name=%{public}s", owner.c_str());
959 continue;
960 }
961 existOwners.push_back(owner);
962 }
963 if (existOwners.size() == 0) {
964 ACCOUNT_LOGI("ExistOwners is empty.");
965 funcResult = ERR_OK;
966 return ERR_OK;
967 }
968 subscribeInfoCopy.SetOwners(existOwners);
969 funcResult = innerManager_->SubscribeAppAccount(subscribeInfoCopy, eventListener, callingUid, bundleName, appIndex);
970 return ERR_OK;
971 }
972
UnsubscribeAppAccount(const sptr<IRemoteObject> & eventListener,const std::vector<std::string> & owners,int32_t & funcResult)973 ErrCode AppAccountManagerService::UnsubscribeAppAccount(const sptr<IRemoteObject> &eventListener,
974 const std::vector<std::string> &owners, int32_t &funcResult)
975 {
976 RETURN_IF_STRING_IS_OVERSIZE(
977 owners, Constants::MAX_ALLOWED_ARRAY_SIZE_INPUT, "owners array is empty or oversize", funcResult);
978 std::vector<std::string> ownerList = owners;
979 funcResult = innerManager_->UnsubscribeAppAccount(eventListener, ownerList);
980 return ERR_OK;
981 }
982
OnPackageRemoved(const uid_t & uid,const std::string & bundleName,const uint32_t & appIndex)983 ErrCode AppAccountManagerService::OnPackageRemoved(
984 const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex)
985 {
986 return innerManager_->OnPackageRemoved(uid, bundleName, appIndex);
987 }
988
OnUserRemoved(int32_t userId)989 ErrCode AppAccountManagerService::OnUserRemoved(int32_t userId)
990 {
991 return innerManager_->OnUserRemoved(userId);
992 }
993
GetBundleNameAndCheckPerm(int32_t & callingUid,std::string & bundleName,const std::string & permName)994 ErrCode AppAccountManagerService::GetBundleNameAndCheckPerm(int32_t &callingUid,
995 std::string &bundleName, const std::string &permName)
996 {
997 ErrCode result = GetBundleNameAndCallingUid(callingUid, bundleName);
998 if (result != ERR_OK) {
999 return result;
1000 }
1001
1002 result = AccountPermissionManager::VerifyPermission(permName);
1003 if (result != ERR_OK) {
1004 ACCOUNT_LOGE("failed to verify permission for %{public}s, result = %{public}d",
1005 permName.c_str(), result);
1006 ReportPermissionFail(callingUid, IPCSkeleton::GetCallingRealPid(), permName);
1007 return result;
1008 }
1009 return ERR_OK;
1010 }
1011
GetBundleNameAndCallingUid(int32_t & callingUid,std::string & bundleName)1012 ErrCode AppAccountManagerService::GetBundleNameAndCallingUid(int32_t &callingUid, std::string &bundleName)
1013 {
1014 callingUid = IPCSkeleton::GetCallingUid();
1015 ErrCode bundleRet = BundleManagerAdapter::GetInstance()->GetNameForUid(callingUid, bundleName);
1016 if (bundleRet != ERR_OK) {
1017 ACCOUNT_LOGE("failed to get bundle name");
1018 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_NAME;
1019 }
1020 return ERR_OK;
1021 }
1022
GetCallingTokenInfoAndAppIndex(uint32_t & appIndex)1023 ErrCode AppAccountManagerService::GetCallingTokenInfoAndAppIndex(uint32_t &appIndex)
1024 {
1025 uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID();
1026 Security::AccessToken::HapTokenInfo hapTokenInfo;
1027 int result = Security::AccessToken::AccessTokenKit::GetHapTokenInfo(callingTokenId, hapTokenInfo);
1028 if (result) {
1029 ACCOUNT_LOGE("failed to get hap token info, result = %{public}d", result);
1030 return ERR_APPACCOUNT_SERVICE_GET_APP_INDEX;
1031 }
1032 if (hapTokenInfo.instIndex < 0) {
1033 ACCOUNT_LOGE("get invalid app index from hap token info, index = %{public}d", hapTokenInfo.instIndex);
1034 return ERR_APPACCOUNT_SERVICE_GET_APP_INDEX;
1035 }
1036 appIndex = static_cast<uint32_t>(hapTokenInfo.instIndex);
1037 return ERR_OK;
1038 }
1039
GetCallingInfo(int32_t & callingUid,std::string & bundleName,uint32_t & appIndex)1040 ErrCode AppAccountManagerService::GetCallingInfo(int32_t &callingUid, std::string &bundleName, uint32_t &appIndex)
1041 {
1042 ErrCode result = GetBundleNameAndCallingUid(callingUid, bundleName);
1043 if (result != ERR_OK) {
1044 ACCOUNT_LOGE("Failed to get bundle name");
1045 return result;
1046 }
1047 result = GetCallingTokenInfoAndAppIndex(appIndex);
1048 if (result != ERR_OK) {
1049 ACCOUNT_LOGE("failed to get app index");
1050 return result;
1051 }
1052 return result;
1053 }
1054 } // namespace AccountSA
1055 } // namespace OHOS
1056