1 /*
2 * Copyright (c) 2023-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "ext_permission_manager.h"
16
17 #include <sstream>
18
19 #include "accesstoken_kit.h"
20 #include "cJSON.h"
21 #include "hilog_wrapper.h"
22 #include "ipc_skeleton.h"
23 #include "tokenid_kit.h"
24
25 namespace OHOS {
26 namespace ExternalDeviceManager {
27 using namespace OHOS::Security::AccessToken;
28
Trim(const std::string & str)29 static std::string Trim(const std::string& str)
30 {
31 if (str.empty()) {
32 return str;
33 }
34
35 size_t first = str.find_first_not_of(" \t\n\r\f\v");
36 if (first == std::string::npos) {
37 return "";
38 }
39 size_t last = str.find_last_not_of(" \t\n\r\f\v");
40 return str.substr(first, last - first + 1);
41 }
42
VerifyPermission(std::string permissionName)43 bool ExtPermissionManager::VerifyPermission(std::string permissionName)
44 {
45 AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID();
46 int result = AccessTokenKit::VerifyAccessToken(callerToken, permissionName);
47 if (result == PERMISSION_GRANTED) {
48 EDM_LOGI(MODULE_DEV_MGR, "%{public}s VerifyAccessToken: %{public}d", __func__, result);
49 return true;
50 }
51 return false;
52 }
53
IsSystemApp()54 bool ExtPermissionManager::IsSystemApp()
55 {
56 uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID();
57 if (TokenIdKit::IsSystemAppByFullTokenID(fullTokenId)) {
58 return true;
59 }
60 AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID();
61 ATokenTypeEnum tokenType = AccessTokenKit::GetTokenTypeFlag(callerToken);
62 return tokenType != ATokenTypeEnum::TOKEN_HAP;
63 }
64
GetCallingTokenID()65 uint32_t ExtPermissionManager::GetCallingTokenID()
66 {
67 return IPCSkeleton::GetCallingTokenID();
68 }
69
GetPermissionValues(const std::string & permissionName,std::unordered_set<std::string> & permissionValues)70 bool ExtPermissionManager::GetPermissionValues(const std::string &permissionName,
71 std::unordered_set<std::string> &permissionValues)
72 {
73 std::string bundleNames;
74 AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID();
75 int32_t ret = AccessTokenKit::GetReqPermissionByName(callerToken, permissionName, bundleNames);
76 if (ret != 0 || bundleNames.empty()) {
77 EDM_LOGE(MODULE_DEV_MGR, "%{public}s GetReqPermissionByName: %{public}d", __func__, ret);
78 return false;
79 }
80
81 cJSON* jsonObj = cJSON_Parse(bundleNames.c_str());
82 if (jsonObj == nullptr) {
83 EDM_LOGE(MODULE_DEV_MGR, "JSON parse failed for bundleNames");
84 return false;
85 }
86 std::string keyStr = "bundleNames";
87 cJSON* jsonItem = cJSON_GetObjectItem(jsonObj, keyStr.c_str());
88 if (jsonItem == nullptr || !cJSON_IsString(jsonItem)) {
89 EDM_LOGE(MODULE_DEV_MGR, "value is not string, key:%{public}s", keyStr.c_str());
90 cJSON_Delete(jsonObj);
91 return false;
92 }
93 std::istringstream bundleNamesStram(jsonItem->valuestring);
94 std::string bundleName;
95 while (std::getline(bundleNamesStram, bundleName, ',')) {
96 permissionValues.insert(Trim(bundleName));
97 }
98 cJSON_Delete(jsonObj);
99 return !permissionValues.empty();
100 }
101 } // namespace ExternalDeviceManager
102 } // namespace OHOS