1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "identity_checker_impl.h"
16
17 #include <cinttypes>
18
19 #include "ability_manager_client.h"
20 #include "accesstoken_kit.h"
21 #include "ime_info_inquirer.h"
22 #include "ipc_skeleton.h"
23 #include "global.h"
24 #include "ime_info_inquirer.h"
25 #include "tokenid_kit.h"
26 #include "window_adapter.h"
27
28 namespace OHOS {
29 namespace MiscServices {
30 using namespace Rosen;
31 using namespace Security::AccessToken;
32 using namespace OHOS::AAFwk;
IsFocused(int64_t callingPid,uint32_t callingTokenId,int64_t focusedPid,bool isAttach,sptr<IRemoteObject> abilityToken)33 bool IdentityCheckerImpl::IsFocused(int64_t callingPid, uint32_t callingTokenId, int64_t focusedPid, bool isAttach,
34 sptr<IRemoteObject> abilityToken)
35 {
36 if (focusedPid != INVALID_PID && callingPid == focusedPid) {
37 IMSA_HILOGD("focused app, pid: %{public}" PRId64 "", callingPid);
38 return true;
39 }
40 auto displayId = WindowAdapter::GetDisplayIdByPid(callingPid);
41 if (focusedPid == INVALID_PID) {
42 FocusChangeInfo focusInfo;
43 WindowAdapter::GetFocusInfo(focusInfo, displayId);
44 focusedPid = focusInfo.pid_;
45 if (callingPid == focusedPid) {
46 IMSA_HILOGD("focused app, pid: %{public}" PRId64 ", display: %{public}" PRIu64 "", callingPid, displayId);
47 return true;
48 }
49 }
50 if (isAttach && ImeInfoInquirer::GetInstance().IsInputMethodExtension(callingPid)) {
51 return false;
52 }
53 bool isFocused = IsFocusedUIExtension(callingTokenId, abilityToken);
54 if (!isFocused) {
55 IMSA_HILOGE("not focused, focusedPid: %{public}" PRId64 ", callerPid: %{public}" PRId64 ", callerToken: "
56 "%{public}d",
57 focusedPid, callingPid, callingTokenId);
58 }
59 return isFocused;
60 }
61
IsSystemApp(uint64_t fullTokenId)62 bool IdentityCheckerImpl::IsSystemApp(uint64_t fullTokenId)
63 {
64 return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId);
65 }
66
IsBundleNameValid(uint32_t tokenId,const std::string & validBundleName)67 bool IdentityCheckerImpl::IsBundleNameValid(uint32_t tokenId, const std::string &validBundleName)
68 {
69 std::string bundleName = GetBundleNameByToken(tokenId);
70 if (bundleName.empty()) {
71 return false;
72 }
73 if (bundleName != validBundleName) {
74 IMSA_HILOGE("bundleName is invalid, caller: %{public}s, current: %{public}s", bundleName.c_str(),
75 validBundleName.c_str());
76 return false;
77 }
78 IMSA_HILOGD("checked successfully.");
79 return true;
80 }
81
HasPermission(uint32_t tokenId,const std::string & permission)82 bool IdentityCheckerImpl::HasPermission(uint32_t tokenId, const std::string &permission)
83 {
84 if (AccessTokenKit::VerifyAccessToken(tokenId, permission) != PERMISSION_GRANTED) {
85 IMSA_HILOGE("Permission [%{public}s] not granted!", permission.c_str());
86 return false;
87 }
88 IMSA_HILOGD("verify AccessToken success.");
89 return true;
90 }
91
IsBroker(AccessTokenID tokenId)92 bool IdentityCheckerImpl::IsBroker(AccessTokenID tokenId)
93 {
94 if (!IsNativeSa(tokenId)) {
95 return false;
96 }
97 NativeTokenInfo nativeTokenInfoRes;
98 AccessTokenKit::GetNativeTokenInfo(tokenId, nativeTokenInfoRes);
99 return nativeTokenInfoRes.processName == "broker";
100 }
101
IsNativeSa(AccessTokenID tokenId)102 bool IdentityCheckerImpl::IsNativeSa(AccessTokenID tokenId)
103 {
104 return AccessTokenKit::GetTokenTypeFlag(tokenId) == TypeATokenTypeEnum::TOKEN_NATIVE;
105 }
106
IsFormShell(AccessTokenID tokenId)107 bool IdentityCheckerImpl::IsFormShell(AccessTokenID tokenId)
108 {
109 return AccessTokenKit::GetTokenTypeFlag(tokenId) == TypeATokenTypeEnum::TOKEN_SHELL;
110 }
111
IsFocusedUIExtension(uint32_t callingTokenId,sptr<IRemoteObject> abilityToken)112 bool IdentityCheckerImpl::IsFocusedUIExtension(uint32_t callingTokenId, sptr<IRemoteObject> abilityToken)
113 {
114 AAFwk::UIExtensionSessionInfo info;
115 AAFwk::AbilityManagerClient::GetInstance()->GetUIExtensionSessionInfo(abilityToken, info);
116 auto windowId = info.hostWindowId;
117 auto displayIdByWindow = WindowAdapter::GetDisplayIdByWindowId(windowId);
118 if (displayIdByWindow != DEFAULT_DISPLAY_ID) {
119 FocusChangeInfo focusInfo;
120 WindowAdapter::GetFocusInfo(focusInfo, displayIdByWindow);
121 return windowId == static_cast<uint32_t>(focusInfo.windowId_);
122 }
123
124 bool isFocused = false;
125 auto client = AbilityManagerClient::GetInstance();
126 if (client == nullptr) {
127 IMSA_HILOGE("AbilityManagerClient is nullptr");
128 return false;
129 }
130 auto ret = client->CheckUIExtensionIsFocused(callingTokenId, isFocused);
131 if (ret != ErrorCode::NO_ERROR) {
132 IMSA_HILOGE("failed to CheckUIExtensionIsFocused, ret: %{public}d", ret);
133 return false;
134 }
135 IMSA_HILOGD("tokenId: %{public}d, isFocused: %{public}d", callingTokenId, isFocused);
136 return isFocused;
137 }
138
GetBundleNameByToken(uint32_t tokenId)139 std::string IdentityCheckerImpl::GetBundleNameByToken(uint32_t tokenId)
140 {
141 auto tokenType = AccessTokenKit::GetTokenTypeFlag(tokenId);
142 if (tokenType != TOKEN_HAP) {
143 IMSA_HILOGE("invalid token!");
144 return "";
145 }
146 HapTokenInfo info;
147 int ret = AccessTokenKit::GetHapTokenInfo(tokenId, info);
148 if (ret != ErrorCode::NO_ERROR) {
149 IMSA_HILOGE("failed to get hap info, ret: %{public}d!", ret);
150 return "";
151 }
152 return info.bundleName;
153 }
154
GetDisplayIdByWindowId(int32_t callingWindowId)155 uint64_t IdentityCheckerImpl::GetDisplayIdByWindowId(int32_t callingWindowId)
156 {
157 return WindowAdapter::GetDisplayIdByWindowId(callingWindowId);
158 }
159
GetDisplayIdByPid(int64_t callingPid,sptr<IRemoteObject> abilityToken)160 uint64_t IdentityCheckerImpl::GetDisplayIdByPid(int64_t callingPid, sptr<IRemoteObject> abilityToken)
161 {
162 uint64_t displayId = 0;
163 bool ret = WindowAdapter::GetDisplayId(callingPid, displayId);
164 if (ret || abilityToken == nullptr) {
165 return displayId;
166 }
167 AAFwk::UIExtensionSessionInfo info;
168 AAFwk::AbilityManagerClient::GetInstance()->GetUIExtensionSessionInfo(abilityToken, info);
169 auto windowId = info.hostWindowId;
170 displayId = WindowAdapter::GetDisplayIdByWindowId(windowId);
171 IMSA_HILOGD("GetDisplayIdByPid displayId: %{public}" PRIu64 "", displayId);
172 return displayId;
173 }
174
IsValidVirtualIme(int32_t callingUid)175 bool IdentityCheckerImpl::IsValidVirtualIme(int32_t callingUid)
176 {
177 return ImeInfoInquirer::GetInstance().IsProxyIme(callingUid);
178 }
179
IsSpecialSaUid()180 bool IdentityCheckerImpl::IsSpecialSaUid()
181 {
182 auto callingUid = IPCSkeleton::GetCallingUid();
183 return ImeInfoInquirer::GetInstance().IsSpecialSaUid(callingUid);
184 }
185 } // namespace MiscServices
186 } // namespace OHOS