1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hap_token_info_inner.h"
17
18 #include "accesstoken_dfx_define.h"
19 #include "accesstoken_id_manager.h"
20 #include "accesstoken_log.h"
21 #include "access_token_error.h"
22 #include "data_translator.h"
23 #include "data_validator.h"
24 #include "token_field_const.h"
25
26 namespace OHOS {
27 namespace Security {
28 namespace AccessToken {
29 namespace {
30 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "HapTokenInfoInner"};
31 static const std::string DEFAULT_DEVICEID = "0";
32 static const unsigned int SYSTEM_APP_FLAG = 0x0001;
33 }
34
HapTokenInfoInner()35 HapTokenInfoInner::HapTokenInfoInner() : permUpdateTimestamp_(0), isRemote_(false)
36 {
37 tokenInfoBasic_.ver = DEFAULT_TOKEN_VERSION;
38 tokenInfoBasic_.tokenID = 0;
39 tokenInfoBasic_.tokenAttr = 0;
40 tokenInfoBasic_.userID = 0;
41 tokenInfoBasic_.apiVersion = 0;
42 tokenInfoBasic_.instIndex = 0;
43 tokenInfoBasic_.dlpType = 0;
44 tokenInfoBasic_.apl = APL_NORMAL;
45 }
46
HapTokenInfoInner(AccessTokenID id,const HapInfoParams & info,const HapPolicyParams & policy)47 HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id,
48 const HapInfoParams &info, const HapPolicyParams &policy) : permUpdateTimestamp_(0), isRemote_(false)
49 {
50 tokenInfoBasic_.tokenID = id;
51 tokenInfoBasic_.userID = info.userID;
52 tokenInfoBasic_.ver = DEFAULT_TOKEN_VERSION;
53 tokenInfoBasic_.tokenAttr = 0;
54 if (info.isSystemApp) {
55 tokenInfoBasic_.tokenAttr |= SYSTEM_APP_FLAG;
56 }
57 tokenInfoBasic_.bundleName = info.bundleName;
58 tokenInfoBasic_.apiVersion = GetApiVersion(info.apiVersion);
59 tokenInfoBasic_.instIndex = info.instIndex;
60 tokenInfoBasic_.dlpType = info.dlpType;
61 tokenInfoBasic_.appID = info.appIDDesc;
62 tokenInfoBasic_.deviceID = DEFAULT_DEVICEID;
63 tokenInfoBasic_.apl = policy.apl;
64 permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, policy.permStateList);
65 }
66
HapTokenInfoInner(AccessTokenID id,const HapTokenInfo & info,const std::vector<PermissionStateFull> & permStateList)67 HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id,
68 const HapTokenInfo &info, const std::vector<PermissionStateFull>& permStateList) : isRemote_(false)
69 {
70 permUpdateTimestamp_ = 0;
71 tokenInfoBasic_ = info;
72 permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, permStateList);
73 }
74
HapTokenInfoInner(AccessTokenID id,const HapTokenInfoForSync & info)75 HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id,
76 const HapTokenInfoForSync& info) : isRemote_(true)
77 {
78 permUpdateTimestamp_ = 0;
79 tokenInfoBasic_ = info.baseInfo;
80 permPolicySet_ = PermissionPolicySet::BuildPolicySetWithoutDefCheck(id, info.permStateList);
81 }
82
~HapTokenInfoInner()83 HapTokenInfoInner::~HapTokenInfoInner()
84 {
85 ACCESSTOKEN_LOG_DEBUG(LABEL,
86 "tokenID: 0x%{public}x destruction", tokenInfoBasic_.tokenID);
87 }
88
Update(const std::string & appIDDesc,int32_t apiVersion,const HapPolicyParams & policy,bool isSystemApp)89 void HapTokenInfoInner::Update(
90 const std::string& appIDDesc, int32_t apiVersion, const HapPolicyParams& policy, bool isSystemApp)
91 {
92 tokenInfoBasic_.appID = appIDDesc;
93 tokenInfoBasic_.apiVersion = GetApiVersion(apiVersion);
94 tokenInfoBasic_.apl = policy.apl;
95 if (isSystemApp) {
96 tokenInfoBasic_.tokenAttr |= SYSTEM_APP_FLAG;
97 } else {
98 tokenInfoBasic_.tokenAttr &= ~SYSTEM_APP_FLAG;
99 }
100 if (permPolicySet_ == nullptr) {
101 permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(tokenInfoBasic_.tokenID,
102 policy.permStateList);
103 return;
104 }
105
106 permPolicySet_->Update(policy.permStateList);
107 return;
108 }
109
TranslateToHapTokenInfo(HapTokenInfo & infoParcel) const110 void HapTokenInfoInner::TranslateToHapTokenInfo(HapTokenInfo& infoParcel) const
111 {
112 infoParcel = tokenInfoBasic_;
113 }
114
TranslationIntoGenericValues(GenericValues & outGenericValues) const115 void HapTokenInfoInner::TranslationIntoGenericValues(GenericValues& outGenericValues) const
116 {
117 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenInfoBasic_.tokenID));
118 outGenericValues.Put(TokenFiledConst::FIELD_USER_ID, tokenInfoBasic_.userID);
119 outGenericValues.Put(TokenFiledConst::FIELD_BUNDLE_NAME, tokenInfoBasic_.bundleName);
120 outGenericValues.Put(TokenFiledConst::FIELD_API_VERSION, tokenInfoBasic_.apiVersion);
121 outGenericValues.Put(TokenFiledConst::FIELD_INST_INDEX, tokenInfoBasic_.instIndex);
122 outGenericValues.Put(TokenFiledConst::FIELD_DLP_TYPE, tokenInfoBasic_.dlpType);
123 outGenericValues.Put(TokenFiledConst::FIELD_APP_ID, tokenInfoBasic_.appID);
124 outGenericValues.Put(TokenFiledConst::FIELD_DEVICE_ID, tokenInfoBasic_.deviceID);
125 outGenericValues.Put(TokenFiledConst::FIELD_APL, tokenInfoBasic_.apl);
126 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_VERSION, tokenInfoBasic_.ver);
127 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_ATTR, static_cast<int32_t>(tokenInfoBasic_.tokenAttr));
128 outGenericValues.Put(TokenFiledConst::FIELD_FORBID_PERM_DIALOG, isPermDialogForbidden_);
129 }
130
RestoreHapTokenBasicInfo(const GenericValues & inGenericValues)131 int HapTokenInfoInner::RestoreHapTokenBasicInfo(const GenericValues& inGenericValues)
132 {
133 tokenInfoBasic_.userID = inGenericValues.GetInt(TokenFiledConst::FIELD_USER_ID);
134 tokenInfoBasic_.bundleName = inGenericValues.GetString(TokenFiledConst::FIELD_BUNDLE_NAME);
135 if (!DataValidator::IsBundleNameValid(tokenInfoBasic_.bundleName)) {
136 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID: 0x%{public}x bundle name is error", tokenInfoBasic_.tokenID);
137 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
138 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "bundleName error");
139 return AccessTokenError::ERR_PARAM_INVALID;
140 }
141
142 tokenInfoBasic_.apiVersion = GetApiVersion(inGenericValues.GetInt(TokenFiledConst::FIELD_API_VERSION));
143 tokenInfoBasic_.instIndex = inGenericValues.GetInt(TokenFiledConst::FIELD_INST_INDEX);
144 tokenInfoBasic_.dlpType = inGenericValues.GetInt(TokenFiledConst::FIELD_DLP_TYPE);
145 tokenInfoBasic_.appID = inGenericValues.GetString(TokenFiledConst::FIELD_APP_ID);
146 if (!DataValidator::IsAppIDDescValid(tokenInfoBasic_.appID)) {
147 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID: 0x%{public}x appID is error", tokenInfoBasic_.tokenID);
148 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
149 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "appID error");
150 return AccessTokenError::ERR_PARAM_INVALID;
151 }
152
153 tokenInfoBasic_.deviceID = inGenericValues.GetString(TokenFiledConst::FIELD_DEVICE_ID);
154 if (!DataValidator::IsDeviceIdValid(tokenInfoBasic_.deviceID)) {
155 ACCESSTOKEN_LOG_ERROR(LABEL,
156 "tokenID: 0x%{public}x devId is error", tokenInfoBasic_.tokenID);
157 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
158 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "deviceID error");
159 return AccessTokenError::ERR_PARAM_INVALID;
160 }
161 int aplNum = inGenericValues.GetInt(TokenFiledConst::FIELD_APL);
162 if (DataValidator::IsAplNumValid(aplNum)) {
163 tokenInfoBasic_.apl = static_cast<ATokenAplEnum>(aplNum);
164 } else {
165 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID: 0x%{public}x apl is error, value %{public}d",
166 tokenInfoBasic_.tokenID, aplNum);
167 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
168 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "apl error");
169 return AccessTokenError::ERR_PARAM_INVALID;
170 }
171 tokenInfoBasic_.ver = (char)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_VERSION);
172 if (tokenInfoBasic_.ver != DEFAULT_TOKEN_VERSION) {
173 ACCESSTOKEN_LOG_ERROR(LABEL, "tokenID: 0x%{public}x version is error, version %{public}d",
174 tokenInfoBasic_.tokenID, tokenInfoBasic_.ver);
175 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
176 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "version error");
177 return AccessTokenError::ERR_PARAM_INVALID;
178 }
179 tokenInfoBasic_.tokenAttr = (uint32_t)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_ATTR);
180 isPermDialogForbidden_ = inGenericValues.GetInt(TokenFiledConst::FIELD_FORBID_PERM_DIALOG);
181 return RET_SUCCESS;
182 }
183
RestoreHapTokenInfo(AccessTokenID tokenId,const GenericValues & tokenValue,const std::vector<GenericValues> & permStateRes)184 int HapTokenInfoInner::RestoreHapTokenInfo(AccessTokenID tokenId,
185 const GenericValues& tokenValue,
186 const std::vector<GenericValues>& permStateRes)
187 {
188 tokenInfoBasic_.tokenID = tokenId;
189 int ret = RestoreHapTokenBasicInfo(tokenValue);
190 if (ret != RET_SUCCESS) {
191 return ret;
192 }
193 permPolicySet_ = PermissionPolicySet::RestorePermissionPolicy(tokenId, permStateRes);
194 return RET_SUCCESS;
195 }
196
StoreHapInfo(std::vector<GenericValues> & valueList) const197 void HapTokenInfoInner::StoreHapInfo(std::vector<GenericValues>& valueList) const
198 {
199 if (isRemote_) {
200 ACCESSTOKEN_LOG_INFO(LABEL,
201 "token %{public}x is remote hap token, will not store", tokenInfoBasic_.tokenID);
202 return;
203 }
204 GenericValues genericValues;
205 TranslationIntoGenericValues(genericValues);
206 valueList.emplace_back(genericValues);
207 }
208
StorePermissionPolicy(std::vector<GenericValues> & permStateValues) const209 void HapTokenInfoInner::StorePermissionPolicy(std::vector<GenericValues>& permStateValues) const
210 {
211 if (isRemote_) {
212 ACCESSTOKEN_LOG_INFO(LABEL,
213 "token %{public}x is remote hap token, will not store", tokenInfoBasic_.tokenID);
214 return;
215 }
216 if (permPolicySet_ != nullptr) {
217 permPolicySet_->StorePermissionPolicySet(permStateValues);
218 }
219 }
220
GetHapInfoPermissionPolicySet() const221 std::shared_ptr<PermissionPolicySet> HapTokenInfoInner::GetHapInfoPermissionPolicySet() const
222 {
223 return permPolicySet_;
224 }
225
GetUserID() const226 int HapTokenInfoInner::GetUserID() const
227 {
228 return tokenInfoBasic_.userID;
229 }
230
GetDlpType() const231 int HapTokenInfoInner::GetDlpType() const
232 {
233 return tokenInfoBasic_.dlpType;
234 }
235
GetBundleName() const236 std::string HapTokenInfoInner::GetBundleName() const
237 {
238 return tokenInfoBasic_.bundleName;
239 }
240
GetInstIndex() const241 int HapTokenInfoInner::GetInstIndex() const
242 {
243 return tokenInfoBasic_.instIndex;
244 }
245
GetTokenID() const246 AccessTokenID HapTokenInfoInner::GetTokenID() const
247 {
248 return tokenInfoBasic_.tokenID;
249 }
250
GetHapInfoBasic() const251 HapTokenInfo HapTokenInfoInner::GetHapInfoBasic() const
252 {
253 return tokenInfoBasic_;
254 }
255
SetTokenBaseInfo(const HapTokenInfo & baseInfo)256 void HapTokenInfoInner::SetTokenBaseInfo(const HapTokenInfo& baseInfo)
257 {
258 tokenInfoBasic_ = baseInfo;
259 }
260
SetPermissionPolicySet(std::shared_ptr<PermissionPolicySet> & policySet)261 void HapTokenInfoInner::SetPermissionPolicySet(std::shared_ptr<PermissionPolicySet>& policySet)
262 {
263 permPolicySet_ = policySet;
264 }
265
IsRemote() const266 bool HapTokenInfoInner::IsRemote() const
267 {
268 return isRemote_;
269 }
270
SetRemote(bool isRemote)271 void HapTokenInfoInner::SetRemote(bool isRemote)
272 {
273 isRemote_ = isRemote;
274 }
275
IsPermDialogForbidden() const276 bool HapTokenInfoInner::IsPermDialogForbidden() const
277 {
278 return isPermDialogForbidden_;
279 }
280
SetPermDialogForbidden(bool isForbidden)281 void HapTokenInfoInner::SetPermDialogForbidden(bool isForbidden)
282 {
283 isPermDialogForbidden_ = isForbidden;
284 }
285
GetApiVersion(int32_t apiVersion)286 int32_t HapTokenInfoInner::GetApiVersion(int32_t apiVersion)
287 {
288 uint32_t apiSize = 3; // 3: api verision length
289 std::string apiStr = std::to_string(apiVersion);
290 uint32_t inputSize = apiStr.length();
291 if (inputSize <= apiSize) {
292 return apiVersion;
293 }
294 std::string api = apiStr.substr(inputSize - apiSize);
295 return std::stoi(api);
296 }
297
ToString(std::string & info) const298 void HapTokenInfoInner::ToString(std::string& info) const
299 {
300 info.append(R"({)");
301 info.append("\n");
302 info.append(R"( "tokenID": )" + std::to_string(tokenInfoBasic_.tokenID) + ",\n");
303 info.append(R"( "tokenAttr": )" + std::to_string(tokenInfoBasic_.tokenAttr) + ",\n");
304 info.append(R"( "ver": )" + std::to_string(tokenInfoBasic_.ver) + ",\n");
305 info.append(R"( "userId": )" + std::to_string(tokenInfoBasic_.userID) + ",\n");
306 info.append(R"( "bundleName": ")" + tokenInfoBasic_.bundleName + R"(")" + ",\n");
307 info.append(R"( "instIndex": )" + std::to_string(tokenInfoBasic_.instIndex) + ",\n");
308 info.append(R"( "dlpType": )" + std::to_string(tokenInfoBasic_.dlpType) + ",\n");
309 info.append(R"( "appID": ")" + tokenInfoBasic_.appID + R"(")" + ",\n");
310 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
311 info.append(R"( "deviceID": ")" + tokenInfoBasic_.deviceID + R"(")" + ",\n");
312 #endif
313 info.append(R"( "apl": )" + std::to_string(tokenInfoBasic_.apl) + ",\n");
314 info.append(R"( "isRemote": )" + std::to_string(isRemote_) + ",\n");
315 info.append(R"( "isPermDialogForbidden": )" + std::to_string(isPermDialogForbidden_) + ",\n");
316
317 if (permPolicySet_ != nullptr) {
318 permPolicySet_->ToString(info);
319 }
320 info.append("}");
321 }
322 } // namespace AccessToken
323 } // namespace Security
324 } // namespace OHOS
325