1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "permission_verification.h"
17
18 #include "ability_manager_errors.h"
19 #include "accesstoken_kit.h"
20 #include "hilog_wrapper.h"
21 #include "permission_constants.h"
22 #include "tokenid_kit.h"
23
24 namespace OHOS {
25 namespace AAFwk {
26 const std::string DLP_PARAMS_INDEX = "ohos.dlp.params.index";
27 const std::string DLP_PARAMS_SECURITY_FLAG = "ohos.dlp.params.securityFlag";
28 const std::string DMS_PROCESS_NAME = "distributedsched";
VerifyPermissionByTokenId(const int & tokenId,const std::string & permissionName) const29 bool PermissionVerification::VerifyPermissionByTokenId(const int &tokenId, const std::string &permissionName) const
30 {
31 HILOG_DEBUG("VerifyPermissionByTokenId permission %{public}s", permissionName.c_str());
32 int32_t ret = Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenId, permissionName);
33 if (ret != Security::AccessToken::PermissionState::PERMISSION_GRANTED) {
34 HILOG_ERROR("permission %{public}s: PERMISSION_DENIED", permissionName.c_str());
35 return false;
36 }
37 HILOG_DEBUG("verify AccessToken success");
38 return true;
39 }
40
VerifyCallingPermission(const std::string & permissionName) const41 bool PermissionVerification::VerifyCallingPermission(const std::string &permissionName) const
42 {
43 HILOG_DEBUG("VerifyCallingPermission permission %{public}s", permissionName.c_str());
44 auto callerToken = GetCallingTokenID();
45 int32_t ret = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName);
46 if (ret != Security::AccessToken::PermissionState::PERMISSION_GRANTED) {
47 HILOG_ERROR("permission %{public}s: PERMISSION_DENIED", permissionName.c_str());
48 return false;
49 }
50 HILOG_DEBUG("verify AccessToken success");
51 return true;
52 }
53
IsSACall() const54 bool PermissionVerification::IsSACall() const
55 {
56 HILOG_DEBUG("%{public}s: is called.", __func__);
57 auto callerToken = GetCallingTokenID();
58 auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken);
59 if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) {
60 HILOG_DEBUG("caller tokenType is native, verify success");
61 return true;
62 }
63 HILOG_DEBUG("Not SA called.");
64 return false;
65 }
66
IsShellCall() const67 bool PermissionVerification::IsShellCall() const
68 {
69 HILOG_DEBUG("%{public}s: is called.", __func__);
70 auto callerToken = GetCallingTokenID();
71 auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken);
72 if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL) {
73 HILOG_DEBUG("caller tokenType is shell, verify success");
74 return true;
75 }
76 HILOG_DEBUG("Not shell called.");
77 return false;
78 }
79
IsGatewayCall() const80 bool PermissionVerification::IsGatewayCall() const
81 {
82 if (VerifyCallingPermission(PermissionConstants::PERMISSION_MANAGER_ABILITY_FROM_GATEWAY)) {
83 HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__);
84 return true;
85 }
86 HILOG_INFO("%{public}s: Permission verification failed.", __func__);
87 return false;
88 }
89
CheckSpecificSystemAbilityAccessPermission() const90 bool PermissionVerification::CheckSpecificSystemAbilityAccessPermission() const
91 {
92 HILOG_DEBUG("PermissionVerification::CheckSpecifidSystemAbilityAccessToken is called.");
93 if (!IsSACall()) {
94 HILOG_ERROR("caller tokenType is not native, verify failed.");
95 return false;
96 }
97 auto callerToken = GetCallingTokenID();
98 Security::AccessToken::NativeTokenInfo nativeTokenInfo;
99 int32_t result = Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(callerToken, nativeTokenInfo);
100 if (result != ERR_OK || nativeTokenInfo.processName != DMS_PROCESS_NAME) {
101 HILOG_ERROR("Check process name failed.");
102 return false;
103 }
104 return true;
105 }
106
VerifyRunningInfoPerm() const107 bool PermissionVerification::VerifyRunningInfoPerm() const
108 {
109 if (IsSACall()) {
110 HILOG_DEBUG("%{public}s: the interface called by SA.", __func__);
111 return true;
112 }
113 if (VerifyCallingPermission(PermissionConstants::PERMISSION_GET_RUNNING_INFO)) {
114 HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__);
115 return true;
116 }
117 HILOG_ERROR("%{public}s: Permission verification failed.", __func__);
118 return false;
119 }
120
VerifyControllerPerm() const121 bool PermissionVerification::VerifyControllerPerm() const
122 {
123 if (IsSACall()) {
124 HILOG_DEBUG("%{public}s: the interface called by SA.", __func__);
125 return true;
126 }
127 if (VerifyCallingPermission(PermissionConstants::PERMISSION_SET_ABILITY_CONTROLLER)) {
128 HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__);
129 return true;
130 }
131 HILOG_ERROR("%{public}s: Permission verification failed.", __func__);
132 return false;
133 }
134
VerifyDlpPermission(Want & want) const135 bool PermissionVerification::VerifyDlpPermission(Want &want) const
136 {
137 if (want.GetIntParam(DLP_PARAMS_INDEX, 0) == 0) {
138 want.RemoveParam(DLP_PARAMS_SECURITY_FLAG);
139 return true;
140 }
141
142 if (VerifyCallingPermission(PermissionConstants::PERMISSION_ACCESS_DLP)) {
143 return true;
144 }
145 HILOG_ERROR("%{public}s: Permission verification failed", __func__);
146 return false;
147 }
148
VerifyAccountPermission() const149 int PermissionVerification::VerifyAccountPermission() const
150 {
151 if (IsSACall()) {
152 return ERR_OK;
153 }
154 if (VerifyCallingPermission(PermissionConstants::PERMISSION_INTERACT_ACROSS_LOCAL_ACCOUNTS)) {
155 return ERR_OK;
156 }
157 HILOG_ERROR("%{public}s: Permission verification failed", __func__);
158 return CHECK_PERMISSION_FAILED;
159 }
160
VerifyMissionPermission() const161 bool PermissionVerification::VerifyMissionPermission() const
162 {
163 if (IsSACall()) {
164 return true;
165 }
166 if (VerifyCallingPermission(PermissionConstants::PERMISSION_MANAGE_MISSION)) {
167 HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__);
168 return true;
169 }
170 HILOG_ERROR("%{public}s: Permission verification failed", __func__);
171 return false;
172 }
173
VerifyAppStateObserverPermission() const174 int PermissionVerification::VerifyAppStateObserverPermission() const
175 {
176 if (IsSACall()) {
177 return ERR_OK;
178 }
179 if (VerifyCallingPermission(PermissionConstants::PERMISSION_RUNNING_STATE_OBSERVER)) {
180 HILOG_DEBUG("Permission verification succeeded.");
181 return ERR_OK;
182 }
183 HILOG_ERROR("Permission verification failed.");
184 return ERR_PERMISSION_DENIED;
185 }
186
VerifyUpdateConfigurationPerm() const187 int32_t PermissionVerification::VerifyUpdateConfigurationPerm() const
188 {
189 if (IsSACall() || VerifyCallingPermission(PermissionConstants::PERMISSION_UPDATE_CONFIGURATION)) {
190 HILOG_INFO("Verify permission %{public}s succeed.", PermissionConstants::PERMISSION_UPDATE_CONFIGURATION);
191 return ERR_OK;
192 }
193 HILOG_ERROR("Verify permission %{public}s failed.", PermissionConstants::PERMISSION_UPDATE_CONFIGURATION);
194 return ERR_PERMISSION_DENIED;
195 }
196
VerifyInstallBundlePermission() const197 bool PermissionVerification::VerifyInstallBundlePermission() const
198 {
199 if (IsSACall() || VerifyCallingPermission(PermissionConstants::PERMISSION_INSTALL_BUNDLE)) {
200 HILOG_INFO("Verify permission %{public}s succeed.", PermissionConstants::PERMISSION_INSTALL_BUNDLE);
201 return true;
202 }
203
204 HILOG_ERROR("Verify permission %{public}s failed.", PermissionConstants::PERMISSION_INSTALL_BUNDLE);
205 return false;
206 }
207
VerifyGetBundleInfoPrivilegedPermission() const208 bool PermissionVerification::VerifyGetBundleInfoPrivilegedPermission() const
209 {
210 if (IsSACall() || VerifyCallingPermission(PermissionConstants::PERMISSION_GET_BUNDLE_INFO_PRIVILEGED)) {
211 HILOG_INFO("Verify permission %{public}s succeed.", PermissionConstants::PERMISSION_GET_BUNDLE_INFO_PRIVILEGED);
212 return true;
213 }
214
215 HILOG_ERROR("Verify permission %{public}s failed.", PermissionConstants::PERMISSION_GET_BUNDLE_INFO_PRIVILEGED);
216 return false;
217 }
218
CheckCallDataAbilityPermission(const VerificationInfo & verificationInfo,bool isShell) const219 int PermissionVerification::CheckCallDataAbilityPermission(const VerificationInfo &verificationInfo, bool isShell) const
220 {
221 if ((verificationInfo.apiTargetVersion > API8 || isShell) &&
222 !JudgeStartAbilityFromBackground(verificationInfo.isBackgroundCall, verificationInfo.withContinuousTask)) {
223 HILOG_ERROR("Application can not start DataAbility from background after API8.");
224 return CHECK_PERMISSION_FAILED;
225 }
226 if (!JudgeStartInvisibleAbility(verificationInfo.accessTokenId, verificationInfo.visible)) {
227 HILOG_ERROR("Target DataAbility is not visible, and caller does not have INVISIBLE permission.");
228 return ABILITY_VISIBLE_FALSE_DENY_REQUEST;
229 }
230 if (!JudgeAssociatedWakeUp(verificationInfo.accessTokenId, verificationInfo.associatedWakeUp)) {
231 HILOG_ERROR("Target DataAbility's associatedWakeUp is false, reject start it from other application.");
232 return CHECK_PERMISSION_FAILED;
233 }
234
235 return ERR_OK;
236 }
237
CheckCallServiceAbilityPermission(const VerificationInfo & verificationInfo) const238 int PermissionVerification::CheckCallServiceAbilityPermission(const VerificationInfo &verificationInfo) const
239 {
240 if (IsSACall()) {
241 return ERR_OK;
242 }
243
244 if ((verificationInfo.apiTargetVersion > API8 || IsShellCall()) &&
245 !JudgeStartAbilityFromBackground(verificationInfo.isBackgroundCall, verificationInfo.withContinuousTask)) {
246 HILOG_ERROR("Application can not start ServiceAbility from background after API8.");
247 return CHECK_PERMISSION_FAILED;
248 }
249 if (!JudgeStartInvisibleAbility(verificationInfo.accessTokenId, verificationInfo.visible)) {
250 HILOG_ERROR("Target ServiceAbility is not visible, and caller does not have INVISIBLE permission.");
251 return ABILITY_VISIBLE_FALSE_DENY_REQUEST;
252 }
253 if (!JudgeAssociatedWakeUp(verificationInfo.accessTokenId, verificationInfo.associatedWakeUp)) {
254 HILOG_ERROR("Target ServiceAbility's associatedWakeUp is false, reject start it from other application.");
255 return CHECK_PERMISSION_FAILED;
256 }
257
258 return ERR_OK;
259 }
260
CheckCallAbilityPermission(const VerificationInfo & verificationInfo) const261 int PermissionVerification::CheckCallAbilityPermission(const VerificationInfo &verificationInfo) const
262 {
263 return JudgeInvisibleAndBackground(verificationInfo);
264 }
265
CheckCallServiceExtensionPermission(const VerificationInfo & verificationInfo) const266 int PermissionVerification::CheckCallServiceExtensionPermission(const VerificationInfo &verificationInfo) const
267 {
268 return JudgeInvisibleAndBackground(verificationInfo);
269 }
270
CheckStartByCallPermission(const VerificationInfo & verificationInfo) const271 int PermissionVerification::CheckStartByCallPermission(const VerificationInfo &verificationInfo) const
272 {
273 if (IsSACall()) {
274 return ERR_OK;
275 }
276
277 if (IsCallFromSameAccessToken(verificationInfo.accessTokenId)) {
278 HILOG_ERROR("Not remote call, Caller is from same APP, StartAbilityByCall reject");
279 return CHECK_PERMISSION_FAILED;
280 }
281 // Different APP call, check permissions
282 if (!VerifyCallingPermission(PermissionConstants::PERMISSION_ABILITY_BACKGROUND_COMMUNICATION)) {
283 HILOG_ERROR("PERMISSION_ABILITY_BACKGROUND_COMMUNICATION verification failed, StartAbilityByCall reject");
284 return CHECK_PERMISSION_FAILED;
285 }
286 if (!JudgeStartInvisibleAbility(verificationInfo.accessTokenId, verificationInfo.visible)) {
287 return ABILITY_VISIBLE_FALSE_DENY_REQUEST;
288 }
289 if (!JudgeStartAbilityFromBackground(verificationInfo.isBackgroundCall, verificationInfo.withContinuousTask)) {
290 return CHECK_PERMISSION_FAILED;
291 }
292
293 return ERR_OK;
294 }
295
GetCallingTokenID() const296 unsigned int PermissionVerification::GetCallingTokenID() const
297 {
298 auto callerToken = IPCSkeleton::GetCallingTokenID();
299 HILOG_DEBUG("callerToken : %{private}u", callerToken);
300 return callerToken;
301 }
302
JudgeStartInvisibleAbility(const uint32_t accessTokenId,const bool visible) const303 bool PermissionVerification::JudgeStartInvisibleAbility(const uint32_t accessTokenId, const bool visible) const
304 {
305 if (visible) {
306 HILOG_DEBUG("TargetAbility visible is true, PASS.");
307 return true;
308 }
309 if (IsCallFromSameAccessToken(accessTokenId)) {
310 HILOG_DEBUG("TargetAbility is in same APP, PASS.");
311 return true;
312 }
313 if (VerifyCallingPermission(PermissionConstants::PERMISSION_START_INVISIBLE_ABILITY)) {
314 HILOG_DEBUG("Caller has PERMISSION_START_INVISIBLE_ABILITY, PASS.");
315 return true;
316 }
317 HILOG_ERROR("PERMISSION_START_INVISIBLE_ABILITY verification failed.");
318 return false;
319 }
320
JudgeStartAbilityFromBackground(const bool isBackgroundCall,bool withContinuousTask) const321 bool PermissionVerification::JudgeStartAbilityFromBackground(
322 const bool isBackgroundCall, bool withContinuousTask) const
323 {
324 if (!isBackgroundCall) {
325 HILOG_DEBUG("Caller is not background, PASS.");
326 return true;
327 }
328
329 if (withContinuousTask) {
330 HILOG_DEBUG("Caller has continuous task, PASS.");
331 return true;
332 }
333
334 // Temporarily supports permissions with two different spellings
335 // PERMISSION_START_ABILIIES_FROM_BACKGROUND will be removed later due to misspelling
336 if (VerifyCallingPermission(PermissionConstants::PERMISSION_START_ABILITIES_FROM_BACKGROUND) ||
337 VerifyCallingPermission(PermissionConstants::PERMISSION_START_ABILIIES_FROM_BACKGROUND)) {
338 HILOG_DEBUG("Caller has PERMISSION_START_ABILITIES_FROM_BACKGROUND, PASS.");
339 return true;
340 }
341 HILOG_ERROR("PERMISSION_START_ABILITIES_FROM_BACKGROUND verification failed.");
342 return false;
343 }
344
JudgeAssociatedWakeUp(const uint32_t accessTokenId,const bool associatedWakeUp) const345 bool PermissionVerification::JudgeAssociatedWakeUp(const uint32_t accessTokenId, const bool associatedWakeUp) const
346 {
347 if (IsCallFromSameAccessToken(accessTokenId)) {
348 HILOG_DEBUG("TargetAbility is in same APP, PASS.");
349 return true;
350 }
351 if (associatedWakeUp) {
352 HILOG_DEBUG("TargetAbility is allowed associatedWakeUp, PASS.");
353 return true;
354 }
355 HILOG_ERROR("The target is not allowed associatedWakeUp.");
356 return false;
357 }
358
JudgeInvisibleAndBackground(const VerificationInfo & verificationInfo) const359 int PermissionVerification::JudgeInvisibleAndBackground(const VerificationInfo &verificationInfo) const
360 {
361 if (IsSACall()) {
362 return ERR_OK;
363 }
364 if (!JudgeStartInvisibleAbility(verificationInfo.accessTokenId, verificationInfo.visible)) {
365 return ABILITY_VISIBLE_FALSE_DENY_REQUEST;
366 }
367 if (!JudgeStartAbilityFromBackground(verificationInfo.isBackgroundCall, verificationInfo.withContinuousTask)) {
368 return CHECK_PERMISSION_FAILED;
369 }
370
371 return ERR_OK;
372 }
373
JudgeCallerIsAllowedToUseSystemAPI() const374 bool PermissionVerification::JudgeCallerIsAllowedToUseSystemAPI() const
375 {
376 if (IsSACall() || IsShellCall()) {
377 return true;
378 }
379 auto callerToken = IPCSkeleton::GetCallingFullTokenID();
380 return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(callerToken);
381 }
382
IsSystemAppCall() const383 bool PermissionVerification::IsSystemAppCall() const
384 {
385 auto callerToken = IPCSkeleton::GetCallingFullTokenID();
386 return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(callerToken);
387 }
388
VerifyPrepareTerminatePermission() const389 bool PermissionVerification::VerifyPrepareTerminatePermission() const
390 {
391 if (IsSACall()) {
392 return true;
393 }
394 if (VerifyCallingPermission(PermissionConstants::PERMISSION_PREPARE_TERMINATE)) {
395 HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__);
396 return true;
397 }
398 HILOG_DEBUG("%{public}s: Permission verification failed", __func__);
399 return false;
400 }
401
VerifyPrepareTerminatePermission(const int & tokenId) const402 bool PermissionVerification::VerifyPrepareTerminatePermission(const int &tokenId) const
403 {
404 int32_t ret = Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenId,
405 PermissionConstants::PERMISSION_PREPARE_TERMINATE);
406 if (ret != Security::AccessToken::PermissionState::PERMISSION_GRANTED) {
407 HILOG_DEBUG("permission denied.");
408 return false;
409 }
410 HILOG_DEBUG("verify AccessToken success");
411 return true;
412 }
413 } // namespace AAFwk
414 } // namespace OHOS
415