• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "permission_manager.h"
17 
18 #include "ipc_skeleton.h"
19 #include "access_token.h"
20 #include "hap_token_info.h"
21 #include "native_token_info.h"
22 #include "accesstoken_kit.h"
23 #include "dm_log.h"
24 
25 using namespace OHOS::Security::AccessToken;
26 
27 namespace OHOS {
28 namespace DistributedHardware {
29 IMPLEMENT_SINGLE_INSTANCE(PermissionManager);
30 
31 namespace {
32 constexpr const char* DM_SERVICE_ACCESS_PERMISSION = "ohos.permission.ACCESS_SERVICE_DM";
33 constexpr const char* DM_SERVICE_ACCESS_NEWPERMISSION = "ohos.permission.DISTRIBUTED_DATASYNC";
34 }
35 
CheckPermission(void)36 bool PermissionManager::CheckPermission(void)
37 {
38     LOGI("Enter PermissionManager::CheckPermission");
39     AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
40     if (tokenCaller == 0) {
41         return false;
42     }
43     LOGI("PermissionManager::tokenCaller ID == %d", tokenCaller);
44 
45     ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller);
46     if (tokenTypeFlag == ATokenTypeEnum::TOKEN_HAP || tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) {
47         int32_t ret = AccessTokenKit::VerifyAccessToken(tokenCaller, DM_SERVICE_ACCESS_PERMISSION);
48         if (ret == PermissionState::PERMISSION_GRANTED) {
49             return true;
50         }
51     }
52     LOGE("DM service access is denied, please apply for corresponding permissions");
53     return false;
54 }
55 
CheckNewPermission(void)56 bool PermissionManager::CheckNewPermission(void)
57 {
58     LOGI("Enter PermissionManager::CheckNewPermission");
59     AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
60     if (tokenCaller == 0) {
61         return false;
62     }
63     LOGI("PermissionManager::tokenCaller ID == %d", tokenCaller);
64 
65     ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller);
66     if (tokenTypeFlag == ATokenTypeEnum::TOKEN_HAP || tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) {
67         int32_t ret = AccessTokenKit::VerifyAccessToken(tokenCaller, DM_SERVICE_ACCESS_NEWPERMISSION);
68         if (ret == PermissionState::PERMISSION_GRANTED) {
69             return true;
70         }
71     }
72     LOGE("DM service access is denied, please apply for corresponding new permissions");
73     return false;
74 }
75 
76 } // namespace DistributedHardware
77 } // namespace OHOS
78