1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "permission_helper.h"
17
18 #include "ipc_skeleton.h"
19 #include "tokenid_kit.h"
20
21 #include "mmi_log.h"
22
23 #undef MMI_LOG_DOMAIN
24 #define MMI_LOG_DOMAIN MMI_LOG_SERVER
25 #undef MMI_LOG_TAG
26 #define MMI_LOG_TAG "PermissionHelper"
27
28 namespace OHOS {
29 namespace MMI {
30 namespace {
31 const std::string INJECT_PERMISSION_CODE = "ohos.permission.INJECT_INPUT_EVENT";
32 const std::string MONITOR_PERMISSION_CODE = "ohos.permission.INPUT_MONITORING";
33 const std::string INTERCEPT_PERMISSION_CODE = "ohos.permission.INTERCEPT_INPUT_EVENT";
34 const std::string INFRAREDEMITTER_PERMISSION_CODE = "ohos.permission.MANAGE_INPUT_INFRARED_EMITTER";
35 const std::string CONTROL_DISPATCHING_PERMISSION_CODE = "ohos.permission.INPUT_CONTROL_DISPATCHING";
36 const std::string MOUSE_CURSOR_PERMISSION_CODE = "ohos.permission.MANAGE_MOUSE_CURSOR";
37 const std::string FILTER_PERMISSION_CODE = "ohos.permission.FILTER_INPUT_EVENT";
38 const std::string DEVICE_CONTROLLER_PERMISSION_CODE = "ohos.permission.INPUT_DEVICE_CONTROLLER";
39 const std::string KEYBOARD_CONTROLLER_PERMISSION_CODE = "ohos.permission.INPUT_KEYBOARD_CONTROLLER";
40 } // namespace
VerifySystemApp()41 bool PermissionHelper::VerifySystemApp()
42 {
43 MMI_HILOGD("verify system App");
44 auto callerToken = IPCSkeleton::GetCallingTokenID();
45 auto tokenType = OHOS::Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken);
46 MMI_HILOGD("token type is %{public}d", static_cast<int32_t>(tokenType));
47 if (tokenType == OHOS::Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE
48 || tokenType == OHOS::Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL) {
49 MMI_HILOGD("called tokenType is native, verify success");
50 return true;
51 }
52 uint64_t accessTokenIdEx = IPCSkeleton::GetCallingFullTokenID();
53 if (!OHOS::Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(accessTokenIdEx)) {
54 MMI_HILOGE("system api is called by non-system app");
55 return false;
56 }
57 return true;
58 }
59
CheckInjectPermission()60 bool PermissionHelper::CheckInjectPermission()
61 {
62 auto tokenId = IPCSkeleton::GetCallingTokenID();
63 auto tokenType = OHOS::Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId);
64 MMI_HILOGD("Token type is %{public}d", static_cast<int32_t>(tokenType));
65 if (tokenType == OHOS::Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL) {
66 MMI_HILOGD("called tokenType is shell, verify success");
67 return true;
68 }
69
70 int32_t ret = OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenId, INJECT_PERMISSION_CODE);
71 if (ret != OHOS::Security::AccessToken::PERMISSION_GRANTED) {
72 MMI_HILOGE("Check Permission:%{public}s fail for appId:%{public}d, and ret:%{public}d",
73 INJECT_PERMISSION_CODE.c_str(), tokenId, ret);
74 return false;
75 }
76 return true;
77 }
78
CheckMonitor()79 bool PermissionHelper::CheckMonitor()
80 {
81 CALL_DEBUG_ENTER;
82 return CheckHapPermission(MONITOR_PERMISSION_CODE);
83 }
84
CheckInterceptor()85 bool PermissionHelper::CheckInterceptor()
86 {
87 CALL_DEBUG_ENTER;
88 return CheckHapPermission(INTERCEPT_PERMISSION_CODE);
89 }
90
CheckInfraredEmmit()91 bool PermissionHelper::CheckInfraredEmmit()
92 {
93 CALL_DEBUG_ENTER;
94 return CheckHapPermission(INFRAREDEMITTER_PERMISSION_CODE);
95 }
96
CheckAuthorize()97 bool PermissionHelper::CheckAuthorize()
98 {
99 CALL_DEBUG_ENTER;
100 return CheckHapPermission(INJECT_PERMISSION_CODE);
101 }
102
CheckHapPermission(const std::string & permissionCode)103 bool PermissionHelper::CheckHapPermission(const std::string &permissionCode)
104 {
105 CALL_DEBUG_ENTER;
106 auto tokenId = IPCSkeleton::GetCallingTokenID();
107 auto tokenType = OHOS::Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId);
108 if ((tokenType == OHOS::Security::AccessToken::TOKEN_HAP) ||
109 (tokenType == OHOS::Security::AccessToken::TOKEN_NATIVE)) {
110 int32_t ret = OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenId, permissionCode);
111 if (ret != OHOS::Security::AccessToken::PERMISSION_GRANTED) {
112 MMI_HILOGE("Check permission failed ret:%{public}d permission:%{public}s", ret, permissionCode.c_str());
113 return false;
114 }
115 MMI_HILOGD("Check interceptor permission success permission:%{public}s", permissionCode.c_str());
116 return true;
117 } else if (tokenType == OHOS::Security::AccessToken::TOKEN_SHELL) {
118 MMI_HILOGI("Token type is shell");
119 return true;
120 } else {
121 MMI_HILOGE("Unsupported token type:%{public}d", tokenType);
122 return false;
123 }
124 }
125
CheckHapPermission(uint32_t tokenId,const std::string & permissionCode)126 bool PermissionHelper::CheckHapPermission(uint32_t tokenId, const std::string &permissionCode)
127 {
128 CALL_DEBUG_ENTER;
129 auto tokenType = OHOS::Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId);
130 if ((tokenType == OHOS::Security::AccessToken::TOKEN_HAP) ||
131 (tokenType == OHOS::Security::AccessToken::TOKEN_NATIVE)) {
132 } else if (tokenType == OHOS::Security::AccessToken::TOKEN_SHELL) {
133 MMI_HILOGI("Token type is shell");
134 return true;
135 } else {
136 MMI_HILOGE("Unsupported token type:%{public}d", tokenType);
137 return false;
138 }
139 std::string context = "For CheckPerm. PermiCode" + permissionCode + ";appId:" + std::to_string(tokenId);
140 int32_t ret = OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenId, permissionCode);
141 if (ret != OHOS::Security::AccessToken::PERMISSION_GRANTED) {
142 MMI_HILOGE("Check Permi:%{public}s fail for appId:%{public}d, and ret:%{public}d",
143 permissionCode.c_str(), tokenId, ret);
144 return false;
145 }
146 MMI_HILOGD("Check permission( %{public}s) permission success", permissionCode.c_str());
147 return true;
148 }
149
CheckDispatchControl()150 bool PermissionHelper::CheckDispatchControl()
151 {
152 CALL_DEBUG_ENTER;
153 return CheckHapPermission(CONTROL_DISPATCHING_PERMISSION_CODE);
154 }
155
GetTokenType()156 int32_t PermissionHelper::GetTokenType()
157 {
158 CALL_DEBUG_ENTER;
159 auto tokenId = IPCSkeleton::GetCallingTokenID();
160 auto tokenType = OHOS::Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId);
161 if (tokenType == OHOS::Security::AccessToken::TOKEN_HAP) {
162 uint64_t accessTokenIdEx = IPCSkeleton::GetCallingFullTokenID();
163 if (OHOS::Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(accessTokenIdEx)) {
164 return TokenType::TOKEN_SYSTEM_HAP;
165 }
166 return TokenType::TOKEN_HAP;
167 } else if (tokenType == OHOS::Security::AccessToken::TOKEN_NATIVE) {
168 return TokenType::TOKEN_NATIVE;
169 } else if (tokenType == OHOS::Security::AccessToken::TOKEN_SHELL) {
170 return TokenType::TOKEN_SHELL;
171 } else {
172 MMI_HILOGW("Unsupported token type:%{public}d", tokenType);
173 return TokenType::TOKEN_INVALID;
174 }
175 }
176
RequestFromShell()177 bool PermissionHelper::RequestFromShell()
178 {
179 CALL_DEBUG_ENTER;
180 auto tokenId = IPCSkeleton::GetCallingTokenID();
181 auto tokenType = OHOS::Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId);
182 MMI_HILOGD("Token type is %{public}d", static_cast<int32_t>(tokenType));
183 return tokenType == OHOS::Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL;
184 }
185
CheckMouseCursor()186 bool PermissionHelper::CheckMouseCursor()
187 {
188 CALL_DEBUG_ENTER;
189 return CheckHapPermission(MOUSE_CURSOR_PERMISSION_CODE);
190 }
191
CheckInputEventFilter()192 bool PermissionHelper::CheckInputEventFilter()
193 {
194 CALL_DEBUG_ENTER;
195 return CheckHapPermission(FILTER_PERMISSION_CODE);
196 }
197
CheckInputDeviceController()198 bool PermissionHelper::CheckInputDeviceController()
199 {
200 CALL_DEBUG_ENTER;
201 return CheckHapPermission(DEVICE_CONTROLLER_PERMISSION_CODE);
202 }
203
CheckFunctionKeyEnabled()204 bool PermissionHelper::CheckFunctionKeyEnabled()
205 {
206 CALL_DEBUG_ENTER;
207 return CheckHapPermission(KEYBOARD_CONTROLLER_PERMISSION_CODE);
208 }
209 } // namespace MMI
210 } // namespace OHOS
211