1 /*
2 * Copyright (c) 2021-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accesstoken_manager_client.h"
17
18 #include "access_token_error.h"
19 #include "access_token_manager_proxy.h"
20 #include "accesstoken_callbacks.h"
21 #include "accesstoken_common_log.h"
22 #include "atm_tools_param_info_parcel.h"
23 #include "hap_token_info.h"
24 #include "hap_token_info_for_sync_parcel.h"
25 #include "idl_common.h"
26 #include "iservice_registry.h"
27 #include "parameter.h"
28 #include "perm_state_change_scope_parcel.h"
29 #include "permission_grant_info_parcel.h"
30 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
31 #include "sec_comp_enhance_data_parcel.h"
32 #endif
33
34 namespace OHOS {
35 namespace Security {
36 namespace AccessToken {
37 namespace {
38 static constexpr int32_t VALUE_MAX_LEN = 32;
39 static const char* ACCESS_TOKEN_SERVICE_INIT_KEY = "accesstoken.permission.init";
40 std::recursive_mutex g_instanceMutex;
41 static const int32_t SA_ID_ACCESSTOKEN_MANAGER_SERVICE = 3503;
42 static const int MAX_PERMISSION_SIZE = 1024;
43 static const int32_t MAX_USER_POLICY_SIZE = 1024;
44 static const int32_t MAX_EXTENDED_VALUE_LIST_SIZE = 512;
45 } // namespace
46 static const uint32_t MAX_CALLBACK_MAP_SIZE = 200;
47
GetInstance()48 AccessTokenManagerClient& AccessTokenManagerClient::GetInstance()
49 {
50 static AccessTokenManagerClient* instance = nullptr;
51 if (instance == nullptr) {
52 std::lock_guard<std::recursive_mutex> lock(g_instanceMutex);
53 if (instance == nullptr) {
54 AccessTokenManagerClient* tmp = new (std::nothrow) AccessTokenManagerClient();
55 instance = std::move(tmp);
56 }
57 }
58 return *instance;
59 }
60
AccessTokenManagerClient()61 AccessTokenManagerClient::AccessTokenManagerClient()
62 {}
63
~AccessTokenManagerClient()64 AccessTokenManagerClient::~AccessTokenManagerClient()
65 {
66 LOGE(ATM_DOMAIN, ATM_TAG, "~AccessTokenManagerClient");
67 std::lock_guard<std::mutex> lock(proxyMutex_);
68 ReleaseProxy();
69 }
70
ConvertResult(int32_t ret)71 static int32_t ConvertResult(int32_t ret)
72 {
73 switch (ret) {
74 case ERR_INVALID_DATA:
75 ret = ERR_WRITE_PARCEL_FAILED;
76 break;
77 case ERR_TRANSACTION_FAILED:
78 ret = ERR_SERVICE_ABNORMAL;
79 break;
80 default:
81 return ret;
82 }
83 return ret;
84 }
85
GetPermissionUsedType(AccessTokenID tokenID,const std::string & permissionName)86 PermUsedTypeEnum AccessTokenManagerClient::GetPermissionUsedType(
87 AccessTokenID tokenID, const std::string &permissionName)
88 {
89 auto proxy = GetProxy();
90 if (proxy == nullptr) {
91 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
92 return PermUsedTypeEnum::INVALID_USED_TYPE;
93 }
94 int32_t permUsedType;
95 int32_t errCode = proxy->GetPermissionUsedType(tokenID, permissionName, permUsedType);
96 if (errCode != RET_SUCCESS) {
97 errCode = ConvertResult(errCode);
98 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode);
99 return PermUsedTypeEnum::INVALID_USED_TYPE;
100 }
101 PermUsedTypeEnum result = static_cast<PermUsedTypeEnum>(permUsedType);
102 return result;
103 }
104
VerifyAccessToken(AccessTokenID tokenID,const std::string & permissionName)105 int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName)
106 {
107 auto proxy = GetProxy();
108 if (proxy != nullptr) {
109 int32_t state = PERMISSION_DENIED;
110 int32_t errCode = proxy->VerifyAccessToken(tokenID, permissionName, state);
111 if (errCode != RET_SUCCESS) {
112 errCode = ConvertResult(errCode);
113 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode);
114 return PERMISSION_DENIED;
115 }
116 return state;
117 }
118 char value[VALUE_MAX_LEN] = {0};
119 int32_t ret = GetParameter(ACCESS_TOKEN_SERVICE_INIT_KEY, "", value, VALUE_MAX_LEN - 1);
120 if ((ret < 0) || (static_cast<uint64_t>(std::atoll(value)) != 0)) {
121 LOGE(ATM_DOMAIN, ATM_TAG, "At service has been started, ret=%{public}d.", ret);
122 return PERMISSION_DENIED;
123 }
124 AccessTokenIDInner* idInner = reinterpret_cast<AccessTokenIDInner*>(&tokenID);
125 if (static_cast<ATokenTypeEnum>(idInner->type) == TOKEN_NATIVE) {
126 LOGI(ATM_DOMAIN, ATM_TAG, "At service has not been started.");
127 return PERMISSION_GRANTED;
128 }
129 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
130 return PERMISSION_DENIED;
131 }
132
VerifyAccessToken(AccessTokenID tokenID,const std::vector<std::string> & permissionList,std::vector<int32_t> & permStateList)133 int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID,
134 const std::vector<std::string>& permissionList, std::vector<int32_t>& permStateList)
135 {
136 auto proxy = GetProxy();
137 if (proxy == nullptr) {
138 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
139 return AccessTokenError::ERR_SERVICE_ABNORMAL;
140 }
141 int32_t errCode = proxy->VerifyAccessToken(tokenID, permissionList, permStateList);
142 if (errCode != RET_SUCCESS) {
143 errCode = ConvertResult(errCode);
144 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode);
145 }
146 return errCode;
147 }
148
GetDefPermission(const std::string & permissionName,PermissionDef & permissionDefResult)149 int AccessTokenManagerClient::GetDefPermission(
150 const std::string& permissionName, PermissionDef& permissionDefResult)
151 {
152 auto proxy = GetProxy();
153 if (proxy == nullptr) {
154 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
155 return AccessTokenError::ERR_SERVICE_ABNORMAL;
156 }
157 PermissionDefParcel permissionDefParcel;
158 int result = proxy->GetDefPermission(permissionName, permissionDefParcel);
159 permissionDefResult = permissionDefParcel.permissionDef;
160 if (result != RET_SUCCESS) {
161 result = ConvertResult(result);
162 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", result);
163 }
164 return result;
165 }
166
GetReqPermissions(AccessTokenID tokenID,std::vector<PermissionStateFull> & reqPermList,bool isSystemGrant)167 int AccessTokenManagerClient::GetReqPermissions(
168 AccessTokenID tokenID, std::vector<PermissionStateFull>& reqPermList, bool isSystemGrant)
169 {
170 auto proxy = GetProxy();
171 if (proxy == nullptr) {
172 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
173 return AccessTokenError::ERR_SERVICE_ABNORMAL;
174 }
175 std::vector<PermissionStatusParcel> parcelList;
176 int result = proxy->GetReqPermissions(tokenID, parcelList, isSystemGrant);
177 if (result != RET_SUCCESS) {
178 result = ConvertResult(result);
179 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", result);
180 return result;
181 }
182
183 uint32_t reqPermSize = parcelList.size();
184 if (reqPermSize > MAX_PERMISSION_SIZE) {
185 LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}u) is oversize.", reqPermSize);
186 return ERR_OVERSIZE;
187 }
188
189 for (const auto& permParcel : parcelList) {
190 PermissionStateFull perm;
191 perm.permissionName = permParcel.permState.permissionName;
192 perm.isGeneral = true;
193 perm.resDeviceID.emplace_back("PHONE-001");
194 perm.grantStatus.emplace_back(permParcel.permState.grantStatus);
195 perm.grantFlags.emplace_back(permParcel.permState.grantFlag);
196 reqPermList.emplace_back(perm);
197 }
198 return result;
199 }
200
GetPermissionFlag(AccessTokenID tokenID,const std::string & permissionName,uint32_t & flag)201 int AccessTokenManagerClient::GetPermissionFlag(
202 AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag)
203 {
204 auto proxy = GetProxy();
205 if (proxy == nullptr) {
206 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
207 return AccessTokenError::ERR_SERVICE_ABNORMAL;
208 }
209 int32_t result = proxy->GetPermissionFlag(tokenID, permissionName, flag);
210 if (result != RET_SUCCESS) {
211 result = ConvertResult(result);
212 }
213 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, flag=%{public}d).", result, flag);
214 return result;
215 }
216
GetSelfPermissionStatus(const std::string & permissionName,PermissionOper & status)217 int32_t AccessTokenManagerClient::GetSelfPermissionStatus(const std::string& permissionName, PermissionOper& status)
218 {
219 auto proxy = GetProxy();
220 if (proxy == nullptr) {
221 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
222 status = INVALID_OPER;
223 return AccessTokenError::ERR_SERVICE_ABNORMAL;
224 }
225 int32_t retStatus = INVALID_OPER;
226 int32_t result = proxy->GetSelfPermissionStatus(permissionName, retStatus);
227 if (result != RET_SUCCESS) {
228 result = ConvertResult(result);
229 }
230 status = static_cast<PermissionOper>(retStatus);
231 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, status=%{public}d).", result, retStatus);
232 return result;
233 }
234
GetSelfPermissionsState(std::vector<PermissionListState> & permList,PermissionGrantInfo & info)235 PermissionOper AccessTokenManagerClient::GetSelfPermissionsState(std::vector<PermissionListState>& permList,
236 PermissionGrantInfo& info)
237 {
238 auto proxy = GetProxy();
239 if (proxy == nullptr) {
240 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
241 return INVALID_OPER;
242 }
243
244 size_t len = permList.size();
245 if (len == 0) {
246 LOGD(ATM_DOMAIN, ATM_TAG, "Len is zero.");
247 return PASS_OPER;
248 }
249
250 std::vector<PermissionListStateParcel> parcelList;
251
252 for (const auto& perm : permList) {
253 PermissionListStateParcel permParcel;
254 permParcel.permsState = perm;
255 parcelList.emplace_back(permParcel);
256 }
257 PermissionGrantInfoParcel infoParcel;
258 int32_t permOper;
259 int32_t errCode = proxy->GetSelfPermissionsState(parcelList, infoParcel, permOper);
260 if (errCode != RET_SUCCESS) {
261 errCode = ConvertResult(errCode);
262 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode);
263 return INVALID_OPER;
264 }
265
266 size_t size = parcelList.size();
267 if (size != len) {
268 LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) from server is not equal inputSize(%{public}zu)!",
269 size, len);
270 return INVALID_OPER;
271 }
272 if (size > MAX_PERMISSION_SIZE) {
273 LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) is oversize.", size);
274 return INVALID_OPER;
275 }
276
277 for (uint32_t i = 0; i < len; i++) {
278 PermissionListState perm = parcelList[i].permsState;
279 permList[i].state = perm.state;
280 permList[i].errorReason = perm.errorReason;
281 }
282
283 info = infoParcel.info;
284 return static_cast<PermissionOper>(permOper);
285 }
286
GetPermissionsStatus(AccessTokenID tokenID,std::vector<PermissionListState> & permList)287 int32_t AccessTokenManagerClient::GetPermissionsStatus(
288 AccessTokenID tokenID, std::vector<PermissionListState>& permList)
289 {
290 auto proxy = GetProxy();
291 if (proxy == nullptr) {
292 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
293 return AccessTokenError::ERR_SERVICE_ABNORMAL;
294 }
295
296 size_t len = permList.size();
297 if (len == 0) {
298 LOGE(ATM_DOMAIN, ATM_TAG, "Len is zero.");
299 return AccessTokenError::ERR_PARAM_INVALID;
300 }
301
302 std::vector<PermissionListStateParcel> parcelList;
303
304 for (const auto& perm : permList) {
305 PermissionListStateParcel permParcel;
306 permParcel.permsState = perm;
307 parcelList.emplace_back(permParcel);
308 }
309 int32_t result = proxy->GetPermissionsStatus(tokenID, parcelList);
310 if (result != RET_SUCCESS) {
311 result = ConvertResult(result);
312 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", result);
313 return result;
314 }
315
316 size_t size = parcelList.size();
317 if (size != len) {
318 LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) from server is not equal inputSize(%{public}zu)!",
319 size, len);
320 return ERR_SIZE_NOT_EQUAL;
321 }
322
323 for (uint32_t i = 0; i < len; i++) {
324 PermissionListState perm = parcelList[i].permsState;
325 permList[i].state = perm.state;
326 }
327
328 return result;
329 }
330
GrantPermission(AccessTokenID tokenID,const std::string & permissionName,uint32_t flag)331 int AccessTokenManagerClient::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag)
332 {
333 auto proxy = GetProxy();
334 if (proxy == nullptr) {
335 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
336 return AccessTokenError::ERR_SERVICE_ABNORMAL;
337 }
338 int32_t result = proxy->GrantPermission(tokenID, permissionName, flag);
339 if (result != RET_SUCCESS) {
340 result = ConvertResult(result);
341 }
342 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result);
343 return result;
344 }
345
RevokePermission(AccessTokenID tokenID,const std::string & permissionName,uint32_t flag)346 int AccessTokenManagerClient::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag)
347 {
348 auto proxy = GetProxy();
349 if (proxy == nullptr) {
350 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
351 return AccessTokenError::ERR_SERVICE_ABNORMAL;
352 }
353 int32_t result = proxy->RevokePermission(tokenID, permissionName, flag);
354 if (result != RET_SUCCESS) {
355 result = ConvertResult(result);
356 }
357 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result);
358 return result;
359 }
360
GrantPermissionForSpecifiedTime(AccessTokenID tokenID,const std::string & permissionName,uint32_t onceTime)361 int AccessTokenManagerClient::GrantPermissionForSpecifiedTime(
362 AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime)
363 {
364 auto proxy = GetProxy();
365 if (proxy == nullptr) {
366 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
367 return AccessTokenError::ERR_SERVICE_ABNORMAL;
368 }
369 int32_t result = proxy->GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime);
370 if (result != RET_SUCCESS) {
371 result = ConvertResult(result);
372 }
373 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result);
374 return result;
375 }
376
ClearUserGrantedPermissionState(AccessTokenID tokenID)377 int AccessTokenManagerClient::ClearUserGrantedPermissionState(AccessTokenID tokenID)
378 {
379 auto proxy = GetProxy();
380 if (proxy == nullptr) {
381 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
382 return AccessTokenError::ERR_SERVICE_ABNORMAL;
383 }
384 int32_t result = proxy->ClearUserGrantedPermissionState(tokenID);
385 if (result != RET_SUCCESS) {
386 result = ConvertResult(result);
387 }
388 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result);
389 return result;
390 }
391
SetPermissionStatusWithPolicy(AccessTokenID tokenID,const std::vector<std::string> & permissionList,int32_t status,uint32_t flag)392 int32_t AccessTokenManagerClient::SetPermissionStatusWithPolicy(
393 AccessTokenID tokenID, const std::vector<std::string>& permissionList, int32_t status, uint32_t flag)
394 {
395 auto proxy = GetProxy();
396 if (proxy == nullptr) {
397 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
398 return AccessTokenError::ERR_SERVICE_ABNORMAL;
399 }
400 int32_t result = proxy->SetPermissionStatusWithPolicy(tokenID, permissionList, status, flag);
401 if (result != RET_SUCCESS) {
402 result = ConvertResult(result);
403 }
404 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result);
405 return result;
406 }
407
SetPermissionRequestToggleStatus(const std::string & permissionName,uint32_t status,int32_t userID=0)408 int32_t AccessTokenManagerClient::SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status,
409 int32_t userID = 0)
410 {
411 auto proxy = GetProxy();
412 if (proxy == nullptr) {
413 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
414 return AccessTokenError::ERR_SERVICE_ABNORMAL;
415 }
416 int32_t result = proxy->SetPermissionRequestToggleStatus(permissionName, status, userID);
417 if (result != RET_SUCCESS) {
418 result = ConvertResult(result);
419 }
420 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result);
421 return result;
422 }
423
GetPermissionRequestToggleStatus(const std::string & permissionName,uint32_t & status,int32_t userID=0)424 int32_t AccessTokenManagerClient::GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status,
425 int32_t userID = 0)
426 {
427 auto proxy = GetProxy();
428 if (proxy == nullptr) {
429 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
430 return AccessTokenError::ERR_SERVICE_ABNORMAL;
431 }
432 int32_t result = proxy->GetPermissionRequestToggleStatus(permissionName, status, userID);
433 if (result != RET_SUCCESS) {
434 result = ConvertResult(result);
435 }
436 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, status=%{public}d).", result, status);
437 return result;
438 }
439
RequestAppPermOnSetting(AccessTokenID tokenID)440 int32_t AccessTokenManagerClient::RequestAppPermOnSetting(AccessTokenID tokenID)
441 {
442 auto proxy = GetProxy();
443 if (proxy == nullptr) {
444 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
445 return AccessTokenError::ERR_SERVICE_ABNORMAL;
446 }
447 int32_t result = proxy->RequestAppPermOnSetting(tokenID);
448 if (result != RET_SUCCESS) {
449 result = ConvertResult(result);
450 }
451 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result);
452 return result;
453 }
454
CreatePermStateChangeCallback(const std::shared_ptr<PermStateChangeCallbackCustomize> & customizedCb,sptr<PermissionStateChangeCallback> & callback)455 int32_t AccessTokenManagerClient::CreatePermStateChangeCallback(
456 const std::shared_ptr<PermStateChangeCallbackCustomize>& customizedCb,
457 sptr<PermissionStateChangeCallback>& callback)
458 {
459 std::lock_guard<std::mutex> lock(callbackMutex_);
460 if (callbackMap_.size() == MAX_CALLBACK_MAP_SIZE) {
461 LOGE(ATM_DOMAIN, ATM_TAG, "The maximum number of callback has been reached");
462 return AccessTokenError::ERR_CALLBACKS_EXCEED_LIMITATION;
463 }
464
465 auto goalCallback = callbackMap_.find(customizedCb);
466 if (goalCallback != callbackMap_.end()) {
467 LOGE(ATM_DOMAIN, ATM_TAG, "Already has the same callback");
468 return AccessTokenError::ERR_CALLBACK_ALREADY_EXIST;
469 } else {
470 callback = new (std::nothrow) PermissionStateChangeCallback(customizedCb);
471 if (!callback) {
472 LOGE(ATM_DOMAIN, ATM_TAG, "Memory allocation for callback failed!");
473 return AccessTokenError::ERR_SERVICE_ABNORMAL;
474 }
475 }
476 return RET_SUCCESS;
477 }
478
RegisterPermStateChangeCallback(const std::shared_ptr<PermStateChangeCallbackCustomize> & customizedCb,RegisterPermChangeType type)479 int32_t AccessTokenManagerClient::RegisterPermStateChangeCallback(
480 const std::shared_ptr<PermStateChangeCallbackCustomize>& customizedCb, RegisterPermChangeType type)
481 {
482 if (customizedCb == nullptr) {
483 LOGE(ATM_DOMAIN, ATM_TAG, "CustomizedCb is nullptr");
484 return AccessTokenError::ERR_PARAM_INVALID;
485 }
486
487 sptr<PermissionStateChangeCallback> callback = nullptr;
488 int32_t result = CreatePermStateChangeCallback(customizedCb, callback);
489 if (result != RET_SUCCESS) {
490 return result;
491 }
492 auto proxy = GetProxy();
493 if (proxy == nullptr) {
494 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
495 return AccessTokenError::ERR_SERVICE_ABNORMAL;
496 }
497
498 PermStateChangeScopeParcel scopeParcel;
499 customizedCb->GetScope(scopeParcel.scope);
500
501 if (scopeParcel.scope.permList.size() > PERMS_LIST_SIZE_MAX) {
502 LOGE(ATM_DOMAIN, ATM_TAG, "PermList scope oversize");
503 return AccessTokenError::ERR_PARAM_INVALID;
504 }
505 if (type == SYSTEM_REGISTER_TYPE) {
506 if (scopeParcel.scope.tokenIDs.size() > TOKENIDS_LIST_SIZE_MAX) {
507 LOGE(ATM_DOMAIN, ATM_TAG, "TokenIDs scope oversize");
508 return AccessTokenError::ERR_PARAM_INVALID;
509 }
510 result = proxy->RegisterPermStateChangeCallback(scopeParcel, callback->AsObject());
511 } else {
512 if (scopeParcel.scope.tokenIDs.size() != 1) {
513 LOGE(ATM_DOMAIN, ATM_TAG, "TokenIDs scope invalid");
514 return AccessTokenError::ERR_PARAM_INVALID;
515 }
516 result = proxy->RegisterSelfPermStateChangeCallback(scopeParcel, callback->AsObject());
517 }
518 if (result == RET_SUCCESS) {
519 std::lock_guard<std::mutex> lock(callbackMutex_);
520 callbackMap_[customizedCb] = callback;
521 }
522 if (result != RET_SUCCESS) {
523 result = ConvertResult(result);
524 }
525 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result);
526 return result;
527 }
528
UnRegisterPermStateChangeCallback(const std::shared_ptr<PermStateChangeCallbackCustomize> & customizedCb,RegisterPermChangeType type)529 int32_t AccessTokenManagerClient::UnRegisterPermStateChangeCallback(
530 const std::shared_ptr<PermStateChangeCallbackCustomize>& customizedCb, RegisterPermChangeType type)
531 {
532 auto proxy = GetProxy();
533 if (proxy == nullptr) {
534 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
535 return AccessTokenError::ERR_SERVICE_ABNORMAL;
536 }
537
538 std::lock_guard<std::mutex> lock(callbackMutex_);
539 auto goalCallback = callbackMap_.find(customizedCb);
540 if (goalCallback == callbackMap_.end()) {
541 LOGE(ATM_DOMAIN, ATM_TAG, "GoalCallback already is not exist");
542 return AccessTokenError::ERR_INTERFACE_NOT_USED_TOGETHER;
543 }
544 if (goalCallback->second == nullptr) {
545 LOGE(ATM_DOMAIN, ATM_TAG, "GoalCallback is null");
546 return AccessTokenError::ERR_INTERFACE_NOT_USED_TOGETHER;
547 }
548 int32_t result;
549 if (type == SYSTEM_REGISTER_TYPE) {
550 result = proxy->UnRegisterPermStateChangeCallback(goalCallback->second->AsObject());
551 } else {
552 result = proxy->UnRegisterSelfPermStateChangeCallback(goalCallback->second->AsObject());
553 }
554 if (result == RET_SUCCESS) {
555 callbackMap_.erase(goalCallback);
556 }
557 if (result != RET_SUCCESS) {
558 result = ConvertResult(result);
559 }
560 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result);
561 return result;
562 }
563
AllocHapToken(const HapInfoParams & info,const HapPolicy & policy)564 AccessTokenIDEx AccessTokenManagerClient::AllocHapToken(const HapInfoParams& info, const HapPolicy& policy)
565 {
566 AccessTokenIDEx tokenIdEx = { 0 };
567 auto proxy = GetProxy();
568 if (proxy == nullptr) {
569 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
570 return tokenIdEx;
571 }
572 HapInfoParcel hapInfoParcel;
573 HapPolicyParcel hapPolicyParcel;
574 hapInfoParcel.hapInfoParameter = info;
575 hapPolicyParcel.hapPolicy = policy;
576
577 uint64_t fullTokenId;
578 int32_t errCode = proxy->AllocHapToken(hapInfoParcel, hapPolicyParcel, fullTokenId);
579 if (errCode != RET_SUCCESS) {
580 errCode = ConvertResult(errCode);
581 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode);
582 return tokenIdEx;
583 }
584 tokenIdEx.tokenIDEx = fullTokenId;
585 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}llu).", tokenIdEx.tokenIDEx);
586 return tokenIdEx;
587 }
588
InitHapToken(const HapInfoParams & info,HapPolicy & policy,AccessTokenIDEx & fullTokenId,HapInfoCheckResult & result)589 int32_t AccessTokenManagerClient::InitHapToken(const HapInfoParams& info, HapPolicy& policy,
590 AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result)
591 {
592 auto proxy = GetProxy();
593 if (proxy == nullptr) {
594 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
595 return AccessTokenError::ERR_SERVICE_ABNORMAL;
596 }
597 HapInfoParcel hapInfoParcel;
598 HapPolicyParcel hapPolicyParcel;
599 hapInfoParcel.hapInfoParameter = info;
600 hapPolicyParcel.hapPolicy = policy;
601
602 HapInfoCheckResultIdl resultInfoIdl;
603 uint64_t fullToken = 0;
604 int32_t res = proxy->InitHapToken(hapInfoParcel, hapPolicyParcel, fullToken, resultInfoIdl);
605 if (fullToken == 0 && res == RET_SUCCESS) {
606 res = AccessTokenError::ERR_PERM_REQUEST_CFG_FAILED;
607 PermissionInfoCheckResult permCheckResult;
608 permCheckResult.permissionName = resultInfoIdl.permissionName;
609 int32_t rule = static_cast<int32_t>(resultInfoIdl.rule);
610 permCheckResult.rule = static_cast<PermissionRulesEnum>(rule);
611 result.permCheckResult = permCheckResult;
612 }
613 fullTokenId.tokenIDEx = fullToken;
614 if (res != RET_SUCCESS) {
615 res = ConvertResult(res);
616 }
617 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, id=%{public}llu).",
618 res, fullTokenId.tokenIDEx);
619 return res;
620 }
621
DeleteToken(AccessTokenID tokenID)622 int AccessTokenManagerClient::DeleteToken(AccessTokenID tokenID)
623 {
624 auto proxy = GetProxy();
625 if (proxy == nullptr) {
626 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
627 return AccessTokenError::ERR_SERVICE_ABNORMAL;
628 }
629 int32_t result = proxy->DeleteToken(tokenID);
630 if (result != RET_SUCCESS) {
631 result = ConvertResult(result);
632 }
633 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, id=%{public}u).", result, tokenID);
634 return result;
635 }
636
GetTokenType(AccessTokenID tokenID)637 ATokenTypeEnum AccessTokenManagerClient::GetTokenType(AccessTokenID tokenID)
638 {
639 auto proxy = GetProxy();
640 if (proxy == nullptr) {
641 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
642 return TOKEN_INVALID;
643 }
644 int32_t tokenType = static_cast<int32_t>(TOKEN_INVALID);
645 int32_t result = proxy->GetTokenType(tokenID, tokenType);
646 if (result != RET_SUCCESS) {
647 result = ConvertResult(result);
648 LOGE(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result);
649 }
650 return static_cast<ATokenTypeEnum>(tokenType);
651 }
652
GetHapTokenID(int32_t userID,const std::string & bundleName,int32_t instIndex)653 AccessTokenIDEx AccessTokenManagerClient::GetHapTokenID(
654 int32_t userID, const std::string& bundleName, int32_t instIndex)
655 {
656 AccessTokenIDEx result = {0};
657 auto proxy = GetProxy();
658 if (proxy == nullptr) {
659 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
660 return result;
661 }
662 uint64_t fullTokenId;
663 int32_t errCode = proxy->GetHapTokenID(userID, bundleName, instIndex, fullTokenId);
664 if (errCode != RET_SUCCESS) {
665 errCode = ConvertResult(errCode);
666 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode);
667 return result;
668 }
669 result.tokenIDEx = fullTokenId;
670 return result;
671 }
672
AllocLocalTokenID(const std::string & remoteDeviceID,AccessTokenID remoteTokenID)673 AccessTokenID AccessTokenManagerClient::AllocLocalTokenID(
674 const std::string& remoteDeviceID, AccessTokenID remoteTokenID)
675 {
676 auto proxy = GetProxy();
677 if (proxy == nullptr) {
678 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
679 return INVALID_TOKENID;
680 }
681 uint32_t tokenId;
682 int32_t errCode = proxy->AllocLocalTokenID(remoteDeviceID, remoteTokenID, tokenId);
683 if (errCode != RET_SUCCESS) {
684 errCode = ConvertResult(errCode);
685 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode);
686 return INVALID_TOKENID;
687 }
688 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}d).", tokenId);
689 return tokenId;
690 }
691
UpdateHapToken(AccessTokenIDEx & tokenIdEx,const UpdateHapInfoParams & info,const HapPolicy & policy,HapInfoCheckResult & result)692 int32_t AccessTokenManagerClient::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info,
693 const HapPolicy& policy, HapInfoCheckResult& result)
694 {
695 auto proxy = GetProxy();
696 if (proxy == nullptr) {
697 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
698 return AccessTokenError::ERR_SERVICE_ABNORMAL;
699 }
700 HapPolicyParcel hapPolicyParcel;
701 hapPolicyParcel.hapPolicy = policy;
702 UpdateHapInfoParamsIdl infoIdl;
703 infoIdl.appIDDesc = info.appIDDesc;
704 infoIdl.apiVersion = info.apiVersion;
705 infoIdl.isSystemApp = info.isSystemApp;
706 infoIdl.appDistributionType = info.appDistributionType;
707 infoIdl.isAtomicService = info.isAtomicService;
708 infoIdl.dataRefresh = info.dataRefresh;
709 HapInfoCheckResultIdl resultInfoIdl;
710 uint64_t fullTokenId = tokenIdEx.tokenIDEx;
711 int32_t res = proxy->UpdateHapToken(fullTokenId, infoIdl, hapPolicyParcel, resultInfoIdl);
712 tokenIdEx.tokenIDEx = fullTokenId;
713 if (res == RET_SUCCESS && resultInfoIdl.realResult != RET_SUCCESS) {
714 res = AccessTokenError::ERR_PERM_REQUEST_CFG_FAILED;
715 PermissionInfoCheckResult permCheckResult;
716 permCheckResult.permissionName = resultInfoIdl.permissionName;
717 int32_t rule = static_cast<int32_t>(resultInfoIdl.rule);
718 permCheckResult.rule = static_cast<PermissionRulesEnum>(rule);
719 result.permCheckResult = permCheckResult;
720 }
721 if (res != RET_SUCCESS) {
722 res = ConvertResult(res);
723 }
724 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res);
725 return res;
726 }
727
GetTokenIDByUserID(int32_t userID,std::unordered_set<AccessTokenID> & tokenIdList)728 int32_t AccessTokenManagerClient::GetTokenIDByUserID(int32_t userID, std::unordered_set<AccessTokenID>& tokenIdList)
729 {
730 auto proxy = GetProxy();
731 if (proxy == nullptr) {
732 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
733 return AccessTokenError::ERR_SERVICE_ABNORMAL;
734 }
735 std::vector<uint32_t> tokenIds;
736 auto result = proxy->GetTokenIDByUserID(userID, tokenIds);
737 if (result != RET_SUCCESS) {
738 result = ConvertResult(result);
739 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result);
740 return result;
741 }
742 std::copy(tokenIds.begin(), tokenIds.end(), std::inserter(tokenIdList, tokenIdList.begin()));
743 return result;
744 }
745
GetHapTokenInfo(AccessTokenID tokenID,HapTokenInfo & hapTokenInfoRes)746 int AccessTokenManagerClient::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes)
747 {
748 auto proxy = GetProxy();
749 if (proxy == nullptr) {
750 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
751 return AccessTokenError::ERR_SERVICE_ABNORMAL;
752 }
753 HapTokenInfoParcel hapTokenInfoParcel;
754 int res = proxy->GetHapTokenInfo(tokenID, hapTokenInfoParcel);
755 if (res != RET_SUCCESS) {
756 res = ConvertResult(res);
757 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res);
758 return res;
759 }
760
761 hapTokenInfoRes = hapTokenInfoParcel.hapTokenInfoParams;
762 return res;
763 }
764
GetNativeTokenInfo(AccessTokenID tokenID,NativeTokenInfo & nativeTokenInfoRes)765 int AccessTokenManagerClient::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes)
766 {
767 auto proxy = GetProxy();
768 if (proxy == nullptr) {
769 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
770 return AccessTokenError::ERR_SERVICE_ABNORMAL;
771 }
772 NativeTokenInfoParcel nativeTokenInfoParcel;
773 int res = proxy->GetNativeTokenInfo(tokenID, nativeTokenInfoParcel);
774 if (res != RET_SUCCESS) {
775 res = ConvertResult(res);
776 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res);
777 return res;
778 }
779 nativeTokenInfoRes = nativeTokenInfoParcel.nativeTokenInfoParams;
780 return res;
781 }
782
783 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
ReloadNativeTokenInfo()784 int32_t AccessTokenManagerClient::ReloadNativeTokenInfo()
785 {
786 auto proxy = GetProxy();
787 if (proxy == nullptr) {
788 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
789 return AccessTokenError::ERR_SERVICE_ABNORMAL;
790 }
791 int32_t res = proxy->ReloadNativeTokenInfo();
792 if (res != RET_SUCCESS) {
793 res = ConvertResult(res);
794 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res);
795 return res;
796 }
797 return res;
798 }
799 #endif
800
GetHapTokenInfoExtension(AccessTokenID tokenID,HapTokenInfoExt & info)801 int AccessTokenManagerClient::GetHapTokenInfoExtension(AccessTokenID tokenID, HapTokenInfoExt& info)
802 {
803 auto proxy = GetProxy();
804 if (proxy == nullptr) {
805 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
806 return AccessTokenError::ERR_SERVICE_ABNORMAL;
807 }
808
809 HapTokenInfoParcel hapTokenInfoParcel;
810 int res = proxy->GetHapTokenInfoExtension(tokenID, hapTokenInfoParcel, info.appID);
811 if (res != RET_SUCCESS) {
812 res = ConvertResult(res);
813 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res);
814 return res;
815 }
816 info.baseInfo = hapTokenInfoParcel.hapTokenInfoParams;
817 return res;
818 }
819
GetNativeTokenId(const std::string & processName)820 AccessTokenID AccessTokenManagerClient::GetNativeTokenId(const std::string& processName)
821 {
822 auto proxy = GetProxy();
823 if (proxy == nullptr) {
824 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
825 return INVALID_TOKENID;
826 }
827 uint32_t tokenID;
828 ErrCode errCode = proxy->GetNativeTokenId(processName, tokenID);
829 if (errCode != RET_SUCCESS) {
830 errCode = ConvertResult(errCode);
831 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode);
832 return INVALID_TOKENID;
833 }
834 return tokenID;
835 }
836
837 #ifdef TOKEN_SYNC_ENABLE
GetHapTokenInfoFromRemote(AccessTokenID tokenID,HapTokenInfoForSync & hapSync)838 int AccessTokenManagerClient::GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync)
839 {
840 auto proxy = GetProxy();
841 if (proxy == nullptr) {
842 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
843 return AccessTokenError::ERR_SERVICE_ABNORMAL;
844 }
845
846 HapTokenInfoForSyncParcel hapSyncParcel;
847 int res = proxy->GetHapTokenInfoFromRemote(tokenID, hapSyncParcel);
848 if (res != RET_SUCCESS) {
849 res = ConvertResult(res);
850 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", res);
851 return res;
852 }
853 hapSync = hapSyncParcel.hapTokenInfoForSyncParams;
854 return res;
855 }
856
SetRemoteHapTokenInfo(const std::string & deviceID,const HapTokenInfoForSync & hapSync)857 int AccessTokenManagerClient::SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync)
858 {
859 auto proxy = GetProxy();
860 if (proxy == nullptr) {
861 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
862 return AccessTokenError::ERR_SERVICE_ABNORMAL;
863 }
864
865 HapTokenInfoForSyncParcel hapSyncParcel;
866 hapSyncParcel.hapTokenInfoForSyncParams = hapSync;
867
868 int res = proxy->SetRemoteHapTokenInfo(deviceID, hapSyncParcel);
869 if (res != RET_SUCCESS) {
870 res = ConvertResult(res);
871 }
872 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res);
873 return res;
874 }
875
DeleteRemoteToken(const std::string & deviceID,AccessTokenID tokenID)876 int AccessTokenManagerClient::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID)
877 {
878 auto proxy = GetProxy();
879 if (proxy == nullptr) {
880 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
881 return AccessTokenError::ERR_SERVICE_ABNORMAL;
882 }
883
884 int res = proxy->DeleteRemoteToken(deviceID, tokenID);
885 if (res != RET_SUCCESS) {
886 res = ConvertResult(res);
887 }
888 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res);
889 return res;
890 }
891
GetRemoteNativeTokenID(const std::string & deviceID,AccessTokenID tokenID)892 AccessTokenID AccessTokenManagerClient::GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID)
893 {
894 auto proxy = GetProxy();
895 if (proxy == nullptr) {
896 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
897 return INVALID_TOKENID;
898 }
899
900 uint32_t tokenId;
901 ErrCode errCode = proxy->GetRemoteNativeTokenID(deviceID, tokenID, tokenId);
902 if (errCode != RET_SUCCESS) {
903 errCode = ConvertResult(errCode);
904 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode);
905 return INVALID_TOKENID;
906 }
907 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}d).", tokenId);
908 return tokenId;
909 }
910
DeleteRemoteDeviceTokens(const std::string & deviceID)911 int AccessTokenManagerClient::DeleteRemoteDeviceTokens(const std::string& deviceID)
912 {
913 auto proxy = GetProxy();
914 if (proxy == nullptr) {
915 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
916 return AccessTokenError::ERR_SERVICE_ABNORMAL;
917 }
918
919 int res = proxy->DeleteRemoteDeviceTokens(deviceID);
920 if (res != RET_SUCCESS) {
921 res = ConvertResult(res);
922 }
923 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res);
924 return res;
925 }
926
RegisterTokenSyncCallback(const std::shared_ptr<TokenSyncKitInterface> & syncCallback)927 int32_t AccessTokenManagerClient::RegisterTokenSyncCallback(
928 const std::shared_ptr<TokenSyncKitInterface>& syncCallback)
929 {
930 auto proxy = GetProxy();
931 if (proxy == nullptr) {
932 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
933 return AccessTokenError::ERR_SERVICE_ABNORMAL;
934 }
935
936 if (syncCallback == nullptr) {
937 LOGE(ATM_DOMAIN, ATM_TAG, "Input callback is null.");
938 return AccessTokenError::ERR_PARAM_INVALID;
939 }
940
941 sptr<TokenSyncCallback> callback = sptr<TokenSyncCallback>(new (std::nothrow) TokenSyncCallback(syncCallback));
942 if (callback == nullptr) {
943 LOGE(ATM_DOMAIN, ATM_TAG, "Memory allocation for callback failed!");
944 return AccessTokenError::ERR_MALLOC_FAILED;
945 }
946
947 std::lock_guard<std::mutex> lock(tokenSyncCallbackMutex_);
948 int32_t res = proxy->RegisterTokenSyncCallback(callback->AsObject());
949 if (res == RET_SUCCESS) {
950 tokenSyncCallback_ = callback;
951 syncCallbackImpl_ = syncCallback;
952 }
953 if (res != RET_SUCCESS) {
954 res = ConvertResult(res);
955 }
956 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res);
957 return res;
958 }
959
UnRegisterTokenSyncCallback()960 int32_t AccessTokenManagerClient::UnRegisterTokenSyncCallback()
961 {
962 auto proxy = GetProxy();
963 if (proxy == nullptr) {
964 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
965 return AccessTokenError::ERR_SERVICE_ABNORMAL;
966 }
967 std::lock_guard<std::mutex> lock(tokenSyncCallbackMutex_);
968 int32_t res = proxy->UnRegisterTokenSyncCallback();
969 if (res == RET_SUCCESS) {
970 tokenSyncCallback_ = nullptr;
971 syncCallbackImpl_ = nullptr;
972 }
973 if (res != RET_SUCCESS) {
974 res = ConvertResult(res);
975 }
976 LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", res);
977 return res;
978 }
979 #endif
980
DumpTokenInfo(const AtmToolsParamInfo & info,std::string & dumpInfo)981 void AccessTokenManagerClient::DumpTokenInfo(const AtmToolsParamInfo& info, std::string& dumpInfo)
982 {
983 auto proxy = GetProxy();
984 if (proxy == nullptr) {
985 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
986 return;
987 }
988
989 AtmToolsParamInfoParcel infoParcel;
990 infoParcel.info = info;
991 int32_t errCode = proxy->DumpTokenInfo(infoParcel, dumpInfo);
992 if (errCode != RET_SUCCESS) {
993 errCode = ConvertResult(errCode);
994 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode);
995 }
996 }
997
GetVersion(uint32_t & version)998 int32_t AccessTokenManagerClient::GetVersion(uint32_t& version)
999 {
1000 auto proxy = GetProxy();
1001 if (proxy == nullptr) {
1002 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
1003 return AccessTokenError::ERR_SERVICE_ABNORMAL;
1004 }
1005
1006 int32_t errCode = proxy->GetVersion(version);
1007 if (errCode != RET_SUCCESS) {
1008 errCode = ConvertResult(errCode);
1009 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode);
1010 }
1011 return errCode;
1012 }
1013
InitProxy()1014 void AccessTokenManagerClient::InitProxy()
1015 {
1016 if (proxy_ == nullptr || proxy_->AsObject() == nullptr || proxy_->AsObject()->IsObjectDead()) {
1017 auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
1018 if (sam == nullptr) {
1019 LOGE(ATM_DOMAIN, ATM_TAG, "GetSystemAbilityManager is null");
1020 return;
1021 }
1022 sptr<IRemoteObject> accesstokenSa =
1023 sam->GetSystemAbility(SA_ID_ACCESSTOKEN_MANAGER_SERVICE);
1024 if (accesstokenSa == nullptr) {
1025 LOGE(ATM_DOMAIN, ATM_TAG, "GetSystemAbility %{public}d is null",
1026 SA_ID_ACCESSTOKEN_MANAGER_SERVICE);
1027 return;
1028 }
1029
1030 serviceDeathObserver_ = sptr<AccessTokenDeathRecipient>::MakeSptr();
1031 if (serviceDeathObserver_ != nullptr) {
1032 accesstokenSa->AddDeathRecipient(serviceDeathObserver_);
1033 }
1034 proxy_ = new (std::nothrow) AccessTokenManagerProxy(accesstokenSa);
1035 if (proxy_ == nullptr || proxy_->AsObject() == nullptr || proxy_->AsObject()->IsObjectDead()) {
1036 LOGE(ATM_DOMAIN, ATM_TAG, "Iface_cast get null");
1037 }
1038 }
1039 }
1040
OnRemoteDiedHandle()1041 void AccessTokenManagerClient::OnRemoteDiedHandle()
1042 {
1043 {
1044 std::lock_guard<std::mutex> lock(proxyMutex_);
1045 ReleaseProxy();
1046 InitProxy();
1047 }
1048
1049 #ifdef TOKEN_SYNC_ENABLE
1050 if (syncCallbackImpl_ != nullptr) {
1051 RegisterTokenSyncCallback(syncCallbackImpl_); // re-register callback when AT crashes
1052 }
1053 #endif // TOKEN_SYNC_ENABLE
1054 }
1055
GetProxy()1056 sptr<IAccessTokenManager> AccessTokenManagerClient::GetProxy()
1057 {
1058 std::lock_guard<std::mutex> lock(proxyMutex_);
1059 if (proxy_ == nullptr || proxy_->AsObject() == nullptr || proxy_->AsObject()->IsObjectDead()) {
1060 InitProxy();
1061 }
1062 return proxy_;
1063 }
1064
SetPermDialogCap(const HapBaseInfo & hapBaseInfo,bool enable)1065 int32_t AccessTokenManagerClient::SetPermDialogCap(const HapBaseInfo& hapBaseInfo, bool enable)
1066 {
1067 auto proxy = GetProxy();
1068 if (proxy == nullptr) {
1069 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
1070 return AccessTokenError::ERR_SERVICE_ABNORMAL;
1071 }
1072 HapBaseInfoParcel hapBaseInfoParcel;
1073 hapBaseInfoParcel.hapBaseInfo = hapBaseInfo;
1074 int32_t errCode = proxy->SetPermDialogCap(hapBaseInfoParcel, enable);
1075 if (errCode != RET_SUCCESS) {
1076 errCode = ConvertResult(errCode);
1077 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode);
1078 }
1079 return errCode;
1080 }
1081
GetPermissionManagerInfo(PermissionGrantInfo & info)1082 void AccessTokenManagerClient::GetPermissionManagerInfo(PermissionGrantInfo& info)
1083 {
1084 auto proxy = GetProxy();
1085 if (proxy == nullptr) {
1086 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
1087 return;
1088 }
1089 PermissionGrantInfoParcel infoParcel;
1090 int32_t errorCode = proxy->GetPermissionManagerInfo(infoParcel);
1091 if (errorCode != RET_SUCCESS) {
1092 errorCode = ConvertResult(errorCode);
1093 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errorCode);
1094 return;
1095 }
1096 info = infoParcel.info;
1097 }
1098
InitUserPolicy(const std::vector<UserState> & userList,const std::vector<std::string> & permList)1099 int32_t AccessTokenManagerClient::InitUserPolicy(
1100 const std::vector<UserState>& userList, const std::vector<std::string>& permList)
1101 {
1102 auto proxy = GetProxy();
1103 if (proxy == nullptr) {
1104 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
1105 return AccessTokenError::ERR_SERVICE_ABNORMAL;
1106 }
1107
1108 size_t userLen = userList.size();
1109 size_t permLen = permList.size();
1110 if ((userLen == 0) || (userLen > MAX_USER_POLICY_SIZE) || (permLen == 0) || (permLen > MAX_USER_POLICY_SIZE)) {
1111 LOGE(ATM_DOMAIN, ATM_TAG, "UserLen %{public}zu or permLen %{public}zu is invalid", userLen, permLen);
1112 return AccessTokenError::ERR_PARAM_INVALID;
1113 }
1114
1115 std::vector<UserStateIdl> userIdlList;
1116 for (const auto& userSate : userList) {
1117 UserStateIdl userIdl;
1118 userIdl.userId = userSate.userId;
1119 userIdl.isActive = userSate.isActive;
1120 userIdlList.emplace_back(userIdl);
1121 }
1122 int32_t errCode = proxy->InitUserPolicy(userIdlList, permList);
1123 if (errCode != RET_SUCCESS) {
1124 errCode = ConvertResult(errCode);
1125 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode);
1126 }
1127 return errCode;
1128 }
1129
ClearUserPolicy()1130 int32_t AccessTokenManagerClient::ClearUserPolicy()
1131 {
1132 auto proxy = GetProxy();
1133 if (proxy == nullptr) {
1134 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
1135 return AccessTokenError::ERR_SERVICE_ABNORMAL;
1136 }
1137 int32_t errCode = proxy->ClearUserPolicy();
1138 if (errCode != RET_SUCCESS) {
1139 errCode = ConvertResult(errCode);
1140 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode);
1141 }
1142 return errCode;
1143 }
1144
UpdateUserPolicy(const std::vector<UserState> & userList)1145 int32_t AccessTokenManagerClient::UpdateUserPolicy(const std::vector<UserState>& userList)
1146 {
1147 auto proxy = GetProxy();
1148 if (proxy == nullptr) {
1149 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
1150 return AccessTokenError::ERR_SERVICE_ABNORMAL;
1151 }
1152
1153 size_t userLen = userList.size();
1154 if ((userLen == 0) || (userLen > MAX_USER_POLICY_SIZE)) {
1155 LOGE(ATM_DOMAIN, ATM_TAG, "UserLen %{public}zu is invalid.", userLen);
1156 return AccessTokenError::ERR_PARAM_INVALID;
1157 }
1158
1159 std::vector<UserStateIdl> userIdlList;
1160 for (const auto& userSate : userList) {
1161 UserStateIdl userIdl;
1162 userIdl.userId = userSate.userId;
1163 userIdl.isActive = userSate.isActive;
1164 userIdlList.emplace_back(userIdl);
1165 }
1166 int32_t errCode = proxy->UpdateUserPolicy(userIdlList);
1167 if (errCode != RET_SUCCESS) {
1168 errCode = ConvertResult(errCode);
1169 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode);
1170 }
1171 return errCode;
1172 }
1173
ReleaseProxy()1174 void AccessTokenManagerClient::ReleaseProxy()
1175 {
1176 if (proxy_ != nullptr && serviceDeathObserver_ != nullptr) {
1177 proxy_->AsObject()->RemoveDeathRecipient(serviceDeathObserver_);
1178 }
1179 proxy_ = nullptr;
1180 serviceDeathObserver_ = nullptr;
1181 }
1182
GetKernelPermissions(AccessTokenID tokenId,std::vector<PermissionWithValue> & kernelPermList)1183 int32_t AccessTokenManagerClient::GetKernelPermissions(
1184 AccessTokenID tokenId, std::vector<PermissionWithValue>& kernelPermList)
1185 {
1186 auto proxy = GetProxy();
1187 if (proxy == nullptr) {
1188 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
1189 return AccessTokenError::ERR_SERVICE_ABNORMAL;
1190 }
1191 std::vector<PermissionWithValueIdl> kernelPermIdlList;
1192 int32_t errCode = proxy->GetKernelPermissions(tokenId, kernelPermIdlList);
1193 if (errCode != RET_SUCCESS) {
1194 errCode = ConvertResult(errCode);
1195 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode);
1196 return errCode;
1197 }
1198
1199 if (kernelPermIdlList.size() > MAX_EXTENDED_VALUE_LIST_SIZE) {
1200 return AccessTokenError::ERR_OVERSIZE;
1201 }
1202
1203 for (const auto& item : kernelPermIdlList) {
1204 PermissionWithValue tmp;
1205 tmp.permissionName = item.permissionName;
1206 tmp.value = item.value;
1207 if (tmp.value == "true") {
1208 tmp.value.clear();
1209 }
1210 kernelPermList.emplace_back(tmp);
1211 }
1212
1213 return errCode;
1214 }
1215
GetReqPermissionByName(AccessTokenID tokenId,const std::string & permissionName,std::string & value)1216 int32_t AccessTokenManagerClient::GetReqPermissionByName(
1217 AccessTokenID tokenId, const std::string& permissionName, std::string& value)
1218 {
1219 auto proxy = GetProxy();
1220 if (proxy == nullptr) {
1221 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null");
1222 return AccessTokenError::ERR_SERVICE_ABNORMAL;
1223 }
1224 int32_t errCode = proxy->GetReqPermissionByName(tokenId, permissionName, value);
1225 if (errCode != RET_SUCCESS) {
1226 errCode = ConvertResult(errCode);
1227 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode);
1228 }
1229 return errCode;
1230 }
1231
1232 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
RegisterSecCompEnhance(const SecCompEnhanceData & enhance)1233 int32_t AccessTokenManagerClient::RegisterSecCompEnhance(const SecCompEnhanceData& enhance)
1234 {
1235 auto proxy = GetProxy();
1236 if (proxy == nullptr) {
1237 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
1238 return AccessTokenError::ERR_PARAM_INVALID;
1239 }
1240 SecCompEnhanceDataParcel registerParcel;
1241 registerParcel.enhanceData = enhance;
1242 int32_t ret = proxy->RegisterSecCompEnhance(registerParcel);
1243 return ConvertResult(ret);
1244 }
1245
UpdateSecCompEnhance(int32_t pid,uint32_t seqNum)1246 int32_t AccessTokenManagerClient::UpdateSecCompEnhance(int32_t pid, uint32_t seqNum)
1247 {
1248 auto proxy = GetProxy();
1249 if (proxy == nullptr) {
1250 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
1251 return AccessTokenError::ERR_PARAM_INVALID;
1252 }
1253 int32_t ret = proxy->UpdateSecCompEnhance(pid, seqNum);
1254 return ConvertResult(ret);
1255 }
1256
GetSecCompEnhance(int32_t pid,SecCompEnhanceData & enhance)1257 int32_t AccessTokenManagerClient::GetSecCompEnhance(int32_t pid, SecCompEnhanceData& enhance)
1258 {
1259 auto proxy = GetProxy();
1260 if (proxy == nullptr) {
1261 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
1262 return AccessTokenError::ERR_PARAM_INVALID;
1263 }
1264 SecCompEnhanceDataParcel parcel;
1265 int32_t res = proxy->GetSecCompEnhance(pid, parcel);
1266 if (res != RET_SUCCESS) {
1267 return ConvertResult(res);
1268 }
1269 enhance = parcel.enhanceData;
1270 return RET_SUCCESS;
1271 }
1272 #endif
1273
IsToastShownNeeded(int32_t pid)1274 bool AccessTokenManagerClient::IsToastShownNeeded(int32_t pid)
1275 {
1276 auto proxy = GetProxy();
1277 if (proxy == nullptr) {
1278 LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
1279 return true;
1280 }
1281
1282 bool needToShow;
1283 int32_t errCode = proxy->IsToastShownNeeded(pid, needToShow);
1284 if (errCode != RET_SUCCESS) {
1285 errCode = ConvertResult(errCode);
1286 LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode);
1287 return true;
1288 }
1289
1290 return needToShow;
1291 }
1292 } // namespace AccessToken
1293 } // namespace Security
1294 } // namespace OHOS
1295