• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "permission.h"
17 
18 #include <accesstoken_kit.h>
19 #include <bundle_constants.h>
20 #include <ipc_skeleton.h>
21 #include <bundle_mgr_proxy.h>
22 #include <bundle_mgr_interface.h>
23 #include <system_ability_definition.h>
24 #include <iservice_registry.h>
25 #include <tokenid_kit.h>
26 
27 #include "window_manager_hilog.h"
28 
29 namespace OHOS {
30 namespace Rosen {
31 namespace {
32     constexpr HiviewDFX::HiLogLabel LABEL = {LOG_CORE, HILOG_DOMAIN_WINDOW, "Permission"};
33 }
34 
IsSystemServiceCalling(bool needPrintLog)35 bool Permission::IsSystemServiceCalling(bool needPrintLog)
36 {
37     Security::AccessToken::NativeTokenInfo tokenInfo;
38     Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(IPCSkeleton::GetCallingTokenID(), tokenInfo);
39     if (tokenInfo.apl == Security::AccessToken::ATokenAplEnum::APL_SYSTEM_CORE ||
40         tokenInfo.apl == Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC) {
41         return true;
42     }
43     if (needPrintLog) {
44         WLOGFE("Is not system service calling, native apl: %{public}d", tokenInfo.apl);
45     }
46     return false;
47 }
48 
IsSystemCalling()49 bool Permission::IsSystemCalling()
50 {
51     if (IsSystemServiceCalling(false)) {
52         return true;
53     }
54     uint64_t accessTokenIDEx = IPCSkeleton::GetCallingFullTokenID();
55     bool isSystemApp = Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(accessTokenIDEx);
56     return isSystemApp;
57 }
58 
CheckCallingPermission(const std::string & permission)59 bool Permission::CheckCallingPermission(const std::string& permission)
60 {
61     WLOGFD("permission:%{public}s", permission.c_str());
62 
63     if (Security::AccessToken::AccessTokenKit::VerifyAccessToken(IPCSkeleton::GetCallingTokenID(), permission) !=
64         AppExecFwk::Constants::PERMISSION_GRANTED) {
65         WLOGW("permission denied!");
66         return false;
67     }
68     WLOGFD("permission ok!");
69     return true;
70 }
71 
IsStartByHdcd()72 bool Permission::IsStartByHdcd()
73 {
74     OHOS::Security::AccessToken::NativeTokenInfo info;
75     if (Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(IPCSkeleton::GetCallingTokenID(), info) != 0) {
76         return false;
77     }
78     if (info.processName.compare("hdcd") == 0) {
79         return true;
80     }
81     return false;
82 }
83 
IsStartByInputMethod()84 bool Permission::IsStartByInputMethod()
85 {
86     sptr<ISystemAbilityManager> systemAbilityManager =
87             SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
88     if (!systemAbilityManager) {
89         WLOGFE("Failed to get system ability mgr.");
90         return false;
91     }
92     sptr<IRemoteObject> remoteObject
93         = systemAbilityManager->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
94     if (!remoteObject) {
95         WLOGFE("Failed to get display manager service.");
96         return false;
97     }
98     auto bundleManagerServiceProxy_ = iface_cast<AppExecFwk::IBundleMgr>(remoteObject);
99     if ((!bundleManagerServiceProxy_) || (!bundleManagerServiceProxy_->AsObject())) {
100         WLOGFE("Failed to get system display manager services");
101         return false;
102     }
103 
104     int uid = IPCSkeleton::GetCallingUid();
105     // reset ipc identity
106     std::string identity = IPCSkeleton::ResetCallingIdentity();
107     std::string bundleName;
108     bundleManagerServiceProxy_->GetNameForUid(uid, bundleName);
109     AppExecFwk::BundleInfo bundleInfo;
110     // 200000 use uid to caculate userId
111     int userId = uid / 200000;
112     bool result = bundleManagerServiceProxy_->GetBundleInfo(bundleName,
113         AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO, bundleInfo, userId);
114     // set ipc identity to raw
115     IPCSkeleton::SetCallingIdentity(identity);
116     if (!result) {
117         WLOGFE("failed to query extension ability info");
118         return false;
119     }
120 
121     auto extensionInfo = std::find_if(bundleInfo.extensionInfos.begin(), bundleInfo.extensionInfos.end(),
122         [](AppExecFwk::ExtensionAbilityInfo extensionInfo) {
123             return (extensionInfo.type == AppExecFwk::ExtensionAbilityType::INPUTMETHOD);
124         });
125     if (extensionInfo != bundleInfo.extensionInfos.end()) {
126         return true;
127     } else {
128         return false;
129     }
130 }
131 } // namespace Rosen
132 } // namespace OHOS