1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "data_validator.h"
17
18 #include "access_token.h"
19 #include "accesstoken_common_log.h"
20 #include "permission_used_request.h"
21 #include "permission_used_type.h"
22 #include "privacy_param.h"
23
24 namespace OHOS {
25 namespace Security {
26 namespace AccessToken {
27
IsBundleNameValid(const std::string & bundleName)28 bool DataValidator::IsBundleNameValid(const std::string& bundleName)
29 {
30 bool ret = (!bundleName.empty() && (bundleName.length() <= MAX_LENGTH));
31 if (!ret) {
32 LOGC(ATM_DOMAIN, ATM_TAG, "bunldename %{public}s is invalid.", bundleName.c_str());
33 }
34 return ret;
35 }
36
IsLabelValid(const std::string & label)37 bool DataValidator::IsLabelValid(const std::string& label)
38 {
39 bool ret = (label.length() <= MAX_LENGTH);
40 if (!ret) {
41 LOGC(ATM_DOMAIN, ATM_TAG, "label %{public}s is invalid.", label.c_str());
42 }
43 return ret;
44 }
45
IsDescValid(const std::string & desc)46 bool DataValidator::IsDescValid(const std::string& desc)
47 {
48 bool ret = desc.length() <= MAX_LENGTH;
49 if (!ret) {
50 LOGC(ATM_DOMAIN, ATM_TAG, "desc %{public}s is invalid.", desc.c_str());
51 }
52 return ret;
53 }
54
IsPermissionNameValid(const std::string & permissionName)55 bool DataValidator::IsPermissionNameValid(const std::string& permissionName)
56 {
57 if (permissionName.empty() || (permissionName.length() > MAX_LENGTH)) {
58 LOGC(ATM_DOMAIN, ATM_TAG, "Invalid perm length(%{public}d).", static_cast<int32_t>(permissionName.length()));
59 return false;
60 }
61 return true;
62 }
63
IsUserIdValid(const int userId)64 bool DataValidator::IsUserIdValid(const int userId)
65 {
66 bool ret = (userId >= 0);
67 if (!ret) {
68 LOGC(ATM_DOMAIN, ATM_TAG, "userId %{public}d is invalid.", userId);
69 }
70 return ret;
71 }
72
IsAclExtendedMapSizeValid(const std::map<std::string,std::string> & aclExtendedMap)73 bool DataValidator::IsAclExtendedMapSizeValid(const std::map<std::string, std::string>& aclExtendedMap)
74 {
75 if (aclExtendedMap.size() > MAX_EXTENDED_MAP_SIZE) {
76 LOGC(ATM_DOMAIN, ATM_TAG, "aclExtendedMap is oversize %{public}zu.", aclExtendedMap.size());
77 return false;
78 }
79 return true;
80 }
81
IsAclExtendedMapContentValid(const std::string & permissionName,const std::string & value)82 bool DataValidator::IsAclExtendedMapContentValid(const std::string& permissionName, const std::string& value)
83 {
84 if (!IsPermissionNameValid(permissionName)) {
85 return false;
86 }
87
88 if (value.empty() || (value.length() > MAX_VALUE_LENGTH)) {
89 LOGC(ATM_DOMAIN, ATM_TAG, "Invalid value length(%{public}d).", static_cast<int32_t>(value.length()));
90 return false;
91 }
92 return true;
93 }
94
IsToggleStatusValid(const uint32_t status)95 bool DataValidator::IsToggleStatusValid(const uint32_t status)
96 {
97 return ((status == PermissionRequestToggleStatus::CLOSED) ||
98 (status == PermissionRequestToggleStatus::OPEN));
99 }
100
IsAppIDDescValid(const std::string & appIDDesc)101 bool DataValidator::IsAppIDDescValid(const std::string& appIDDesc)
102 {
103 return !appIDDesc.empty() && (appIDDesc.length() <= MAX_APPIDDESC_LENGTH);
104 }
105
IsDomainValid(const std::string & domain)106 bool DataValidator::IsDomainValid(const std::string& domain)
107 {
108 return !domain.empty() && (domain.length() <= MAX_LENGTH);
109 }
110
IsAplNumValid(const int apl)111 bool DataValidator::IsAplNumValid(const int apl)
112 {
113 return (apl == APL_NORMAL || apl == APL_SYSTEM_BASIC || apl == APL_SYSTEM_CORE);
114 }
115
IsAvailableTypeValid(const int availableType)116 bool DataValidator::IsAvailableTypeValid(const int availableType)
117 {
118 return (availableType == NORMAL || availableType == MDM);
119 }
120
IsProcessNameValid(const std::string & processName)121 bool DataValidator::IsProcessNameValid(const std::string& processName)
122 {
123 return !processName.empty() && (processName.length() <= MAX_LENGTH);
124 }
125
IsDeviceIdValid(const std::string & deviceId)126 bool DataValidator::IsDeviceIdValid(const std::string& deviceId)
127 {
128 if (deviceId.empty() || (deviceId.length() > MAX_LENGTH)) {
129 LOGE(ATM_DOMAIN, ATM_TAG, "Invalid deviceId length(%{public}d).", static_cast<int32_t>(deviceId.length()));
130 return false;
131 }
132 return true;
133 }
134
IsDcapValid(const std::string & dcap)135 bool DataValidator::IsDcapValid(const std::string& dcap)
136 {
137 return !dcap.empty() && (dcap.length() <= MAX_DCAP_LENGTH);
138 }
139
IsPermissionFlagValid(uint32_t flag)140 bool DataValidator::IsPermissionFlagValid(uint32_t flag)
141 {
142 uint32_t unmaskedFlag =
143 flag & (~PermissionFlag::PERMISSION_PRE_AUTHORIZED_CANCELABLE);
144 return unmaskedFlag == PermissionFlag::PERMISSION_DEFAULT_FLAG ||
145 unmaskedFlag == PermissionFlag::PERMISSION_USER_SET ||
146 unmaskedFlag == PermissionFlag::PERMISSION_USER_FIXED ||
147 unmaskedFlag == PermissionFlag::PERMISSION_SYSTEM_FIXED ||
148 unmaskedFlag == PermissionFlag::PERMISSION_COMPONENT_SET ||
149 unmaskedFlag == PermissionFlag::PERMISSION_FIXED_FOR_SECURITY_POLICY ||
150 unmaskedFlag == PermissionFlag::PERMISSION_ALLOW_THIS_TIME ||
151 unmaskedFlag == PermissionFlag::PERMISSION_FIXED_BY_ADMIN_POLICY ||
152 unmaskedFlag == PermissionFlag::PERMISSION_ADMIN_POLICIES_CANCEL;
153 }
154
IsPermissionFlagValidForAdmin(uint32_t flag)155 bool DataValidator::IsPermissionFlagValidForAdmin(uint32_t flag)
156 {
157 return flag == PermissionFlag::PERMISSION_FIXED_BY_ADMIN_POLICY ||
158 flag == PermissionFlag::PERMISSION_ADMIN_POLICIES_CANCEL;
159 }
160
IsPermissionStatusValid(int32_t status)161 bool DataValidator::IsPermissionStatusValid(int32_t status)
162 {
163 return status == PERMISSION_GRANTED || status == PERMISSION_DENIED;
164 }
165
IsTokenIDValid(AccessTokenID id)166 bool DataValidator::IsTokenIDValid(AccessTokenID id)
167 {
168 if (id == 0) {
169 LOGE(ATM_DOMAIN, ATM_TAG, "Invalid token.");
170 return false;
171 }
172 return true;
173 }
174
IsDlpTypeValid(int dlpType)175 bool DataValidator::IsDlpTypeValid(int dlpType)
176 {
177 return ((dlpType == DLP_COMMON) || (dlpType == DLP_READ) || (dlpType == DLP_FULL_CONTROL));
178 }
179
IsPermissionUsedFlagValid(uint32_t flag)180 bool DataValidator::IsPermissionUsedFlagValid(uint32_t flag)
181 {
182 return ((flag == FLAG_PERMISSION_USAGE_SUMMARY) ||
183 (flag == FLAG_PERMISSION_USAGE_DETAIL) ||
184 (flag == FLAG_PERMISSION_USAGE_SUMMARY_IN_SCREEN_LOCKED) ||
185 (flag == FLAG_PERMISSION_USAGE_SUMMARY_IN_SCREEN_UNLOCKED) ||
186 (flag == FLAG_PERMISSION_USAGE_SUMMARY_IN_APP_BACKGROUND) ||
187 (flag == FLAG_PERMISSION_USAGE_SUMMARY_IN_APP_FOREGROUND));
188 }
189
IsPermissionUsedTypeValid(uint32_t type)190 bool DataValidator::IsPermissionUsedTypeValid(uint32_t type)
191 {
192 if ((type != NORMAL_TYPE) && (type != PICKER_TYPE) && (type != SECURITY_COMPONENT_TYPE)) {
193 LOGE(ATM_DOMAIN, ATM_TAG, "Invalid type(%{public}d).", type);
194 return false;
195 }
196 return true;
197 }
198
IsPolicyTypeValid(uint32_t type)199 bool DataValidator::IsPolicyTypeValid(uint32_t type)
200 {
201 PolicyType policyType = static_cast<PolicyType>(type);
202 if ((policyType != EDM) && (policyType != PRIVACY) && (policyType != TEMPORARY)) {
203 LOGE(ATM_DOMAIN, ATM_TAG, "Invalid type(%{public}d).", type);
204 return false;
205 }
206 return true;
207 }
208
IsCallerTypeValid(uint32_t type)209 bool DataValidator::IsCallerTypeValid(uint32_t type)
210 {
211 CallerType callerType = static_cast<CallerType>(type);
212 if ((callerType != MICROPHONE) && (callerType != CAMERA)) {
213 LOGE(ATM_DOMAIN, ATM_TAG, "Invalid type(%{public}d).", type);
214 return false;
215 }
216 return true;
217 }
218
IsNativeCaller(AccessTokenID id)219 bool DataValidator::IsNativeCaller(AccessTokenID id)
220 {
221 AccessTokenIDInner* idInner = reinterpret_cast<AccessTokenIDInner*>(&id);
222 ATokenTypeEnum type = static_cast<ATokenTypeEnum>(idInner->type);
223 if (type != TOKEN_NATIVE) {
224 LOGE(ATM_DOMAIN, ATM_TAG, "Not Native(%{public}d).", id);
225 return false;
226 }
227 return true;
228 }
229
IsHapCaller(AccessTokenID id)230 bool DataValidator::IsHapCaller(AccessTokenID id)
231 {
232 AccessTokenIDInner* idInner = reinterpret_cast<AccessTokenIDInner*>(&id);
233 ATokenTypeEnum type = static_cast<ATokenTypeEnum>(idInner->type);
234 if (type != TOKEN_HAP) {
235 LOGE(ATM_DOMAIN, ATM_TAG, "Not hap(%{public}d).", id);
236 return false;
237 }
238 return true;
239 }
240
IsPermissionListSizeValid(const std::vector<std::string> & permissionList)241 bool DataValidator::IsPermissionListSizeValid(const std::vector<std::string>& permissionList)
242 {
243 if (permissionList.size() <= 0 || permissionList.size() > MAX_PERMISSION_LIST_SIZE) {
244 LOGE(ATM_DOMAIN, ATM_TAG, "Permission list size is invalid(%{public}zu).", permissionList.size());
245 return false;
246 }
247 return true;
248 }
249 } // namespace AccessToken
250 } // namespace Security
251 } // namespace OHOS
252