• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "cert_manager_permission_check.h"
17 
18 #include "accesstoken_kit.h"
19 #include "ipc_skeleton.h"
20 #include "tokenid_kit.h"
21 
22 #include "cm_log.h"
23 
24 using namespace OHOS::Security::AccessToken;
25 
HasPermission(const std::string & permissionName)26 static bool HasPermission(const std::string &permissionName)
27 {
28     AccessTokenID tokenId = OHOS::IPCSkeleton::GetCallingTokenID();
29 
30     int result = AccessTokenKit::VerifyAccessToken(tokenId, permissionName);
31     if (result == PERMISSION_GRANTED) {
32         return true;
33     }
34 
35     return false;
36 }
37 
CmHasPrivilegedPermission(void)38 bool CmHasPrivilegedPermission(void)
39 {
40     return HasPermission("ohos.permission.ACCESS_CERT_MANAGER_INTERNAL");
41 }
42 
CmHasCommonPermission(void)43 bool CmHasCommonPermission(void)
44 {
45     return HasPermission("ohos.permission.ACCESS_CERT_MANAGER");
46 }
47 
CmIsSystemApp(void)48 bool CmIsSystemApp(void)
49 {
50     AccessTokenID tokenId = OHOS::IPCSkeleton::GetCallingTokenID();
51     auto tokenType = AccessTokenKit::GetTokenType(tokenId);
52     if (tokenType == TOKEN_HAP) { /* only care about hap type */
53         uint64_t fullTokenId = OHOS::IPCSkeleton::GetCallingFullTokenID();
54         return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId);
55     }
56     return true;
57 }
58 
CmIsSystemAppByStoreType(const uint32_t store)59 bool CmIsSystemAppByStoreType(const uint32_t store)
60 {
61     if (store == CM_CREDENTIAL_STORE) { /* only care about public credential */
62         return CmIsSystemApp();
63     }
64     return true;
65 }
66 
CmPermissionCheck(const uint32_t store)67 bool CmPermissionCheck(const uint32_t store)
68 {
69     switch (store) {
70         case CM_CREDENTIAL_STORE:
71             return CmHasPrivilegedPermission() && CmHasCommonPermission();
72         case CM_PRI_CREDENTIAL_STORE:
73             return CmHasCommonPermission();
74         default:
75             return false;
76     }
77 }
78