1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "native_token_info_inner.h"
17
18 #include "access_token_error.h"
19 #include "accesstoken_dfx_define.h"
20 #include "accesstoken_log.h"
21 #include "data_translator.h"
22 #include "data_validator.h"
23 #include "nlohmann/json.hpp"
24 #include "token_field_const.h"
25
26 namespace OHOS {
27 namespace Security {
28 namespace AccessToken {
29 namespace {
30 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "NativeTokenInfoInner"};
31 }
32
NativeTokenInfoInner()33 NativeTokenInfoInner::NativeTokenInfoInner() : isRemote_(false)
34 {
35 tokenInfoBasic_.ver = DEFAULT_TOKEN_VERSION;
36 tokenInfoBasic_.tokenID = 0;
37 tokenInfoBasic_.tokenAttr = 0;
38 tokenInfoBasic_.apl = APL_NORMAL;
39 }
40
NativeTokenInfoInner(NativeTokenInfo & native,const std::vector<PermissionStateFull> & permStateList)41 NativeTokenInfoInner::NativeTokenInfoInner(NativeTokenInfo& native,
42 const std::vector<PermissionStateFull>& permStateList) : isRemote_(false)
43 {
44 tokenInfoBasic_ = native;
45 permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(native.tokenID,
46 permStateList);
47 }
48
~NativeTokenInfoInner()49 NativeTokenInfoInner::~NativeTokenInfoInner()
50 {
51 ACCESSTOKEN_LOG_DEBUG(LABEL,
52 "tokenID: %{public}u destruction", tokenInfoBasic_.tokenID);
53 }
54
Init(const TokenInfo & tokenInfo,const std::vector<std::string> & dcap,const std::vector<std::string> & nativeAcls,const std::vector<PermissionStateFull> & permStateList)55 int NativeTokenInfoInner::Init(const TokenInfo& tokenInfo, const std::vector<std::string>& dcap,
56 const std::vector<std::string>& nativeAcls,
57 const std::vector<PermissionStateFull>& permStateList)
58 {
59 tokenInfoBasic_.tokenID = tokenInfo.id;
60 if (!DataValidator::IsProcessNameValid(tokenInfo.processName)) {
61 ACCESSTOKEN_LOG_ERROR(LABEL,
62 "tokenID: %{public}u process name is null", tokenInfoBasic_.tokenID);
63 return ERR_PARAM_INVALID;
64 }
65 tokenInfoBasic_.processName = tokenInfo.processName;
66 if (!DataValidator::IsAplNumValid(tokenInfo.apl)) {
67 ACCESSTOKEN_LOG_ERROR(LABEL,
68 "tokenID: %{public}u init failed, apl %{public}d is invalid",
69 tokenInfoBasic_.tokenID, tokenInfo.apl);
70 return ERR_PARAM_INVALID;
71 }
72 tokenInfoBasic_.apl = static_cast<ATokenAplEnum>(tokenInfo.apl);
73 tokenInfoBasic_.dcap = dcap;
74 tokenInfoBasic_.nativeAcls = nativeAcls;
75
76 permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(tokenInfo.id,
77 permStateList);
78 return RET_SUCCESS;
79 }
80
DcapToString(const std::vector<std::string> & dcap) const81 std::string NativeTokenInfoInner::DcapToString(const std::vector<std::string>& dcap) const
82 {
83 std::string dcapStr;
84 for (auto iter = dcap.begin(); iter != dcap.end(); iter++) {
85 dcapStr.append(*iter);
86 if (iter != (dcap.end() - 1)) {
87 dcapStr.append(",");
88 }
89 }
90 return dcapStr;
91 }
92
NativeAclsToString(const std::vector<std::string> & nativeAcls) const93 std::string NativeTokenInfoInner::NativeAclsToString(const std::vector<std::string>& nativeAcls) const
94 {
95 std::string nativeAclsStr;
96 for (auto iter = nativeAcls.begin(); iter != nativeAcls.end(); iter++) {
97 nativeAclsStr.append(*iter);
98 if (iter != (nativeAcls.end() - 1)) {
99 nativeAclsStr.append(",");
100 }
101 }
102 return nativeAclsStr;
103 }
104
TranslationIntoGenericValues(GenericValues & outGenericValues) const105 int NativeTokenInfoInner::TranslationIntoGenericValues(GenericValues& outGenericValues) const
106 {
107 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenInfoBasic_.tokenID));
108 outGenericValues.Put(TokenFiledConst::FIELD_PROCESS_NAME, tokenInfoBasic_.processName);
109 outGenericValues.Put(TokenFiledConst::FIELD_APL, tokenInfoBasic_.apl);
110 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_VERSION, tokenInfoBasic_.ver);
111 outGenericValues.Put(TokenFiledConst::FIELD_DCAP, DcapToString(tokenInfoBasic_.dcap));
112 outGenericValues.Put(TokenFiledConst::FIELD_NATIVE_ACLS, NativeAclsToString(tokenInfoBasic_.nativeAcls));
113 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_ATTR, static_cast<int32_t>(tokenInfoBasic_.tokenAttr));
114
115 return RET_SUCCESS;
116 }
117
RestoreNativeTokenInfo(AccessTokenID tokenId,const GenericValues & inGenericValues,const std::vector<GenericValues> & permStateRes)118 int NativeTokenInfoInner::RestoreNativeTokenInfo(AccessTokenID tokenId, const GenericValues& inGenericValues,
119 const std::vector<GenericValues>& permStateRes)
120 {
121 tokenInfoBasic_.tokenID = tokenId;
122 tokenInfoBasic_.processName = inGenericValues.GetString(TokenFiledConst::FIELD_PROCESS_NAME);
123 if (!DataValidator::IsProcessNameValid(tokenInfoBasic_.processName)) {
124 ACCESSTOKEN_LOG_ERROR(LABEL,
125 "tokenID: %{public}u process name is null", tokenInfoBasic_.tokenID);
126 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
127 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR,
128 "ERROR_REASON", "native token processName error");
129 return ERR_PARAM_INVALID;
130 }
131 int aplNum = inGenericValues.GetInt(TokenFiledConst::FIELD_APL);
132 if (!DataValidator::IsAplNumValid(aplNum)) {
133 ACCESSTOKEN_LOG_ERROR(LABEL,
134 "tokenID: %{public}u apl is error, value %{public}d",
135 tokenInfoBasic_.tokenID, aplNum);
136 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
137 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR,
138 "ERROR_REASON", "native token apl error");
139 return ERR_PARAM_INVALID;
140 }
141 tokenInfoBasic_.apl = static_cast<ATokenAplEnum>(aplNum);
142 tokenInfoBasic_.ver = (char)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_VERSION);
143 if (tokenInfoBasic_.ver != DEFAULT_TOKEN_VERSION) {
144 ACCESSTOKEN_LOG_ERROR(LABEL,
145 "tokenID: %{public}u version is error, version %{public}d",
146 tokenInfoBasic_.tokenID, tokenInfoBasic_.ver);
147 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
148 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR,
149 "ERROR_REASON", "native token version error");
150 return ERR_PARAM_INVALID;
151 }
152
153 SetDcaps(inGenericValues.GetString(TokenFiledConst::FIELD_DCAP));
154 SetNativeAcls(inGenericValues.GetString(TokenFiledConst::FIELD_NATIVE_ACLS));
155 tokenInfoBasic_.tokenAttr = (uint32_t)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_ATTR);
156
157 permPolicySet_ = PermissionPolicySet::RestorePermissionPolicy(tokenId, permStateRes);
158 return RET_SUCCESS;
159 }
160
TranslateToNativeTokenInfo(NativeTokenInfo & infoParcel) const161 void NativeTokenInfoInner::TranslateToNativeTokenInfo(NativeTokenInfo& infoParcel) const
162 {
163 infoParcel.apl = tokenInfoBasic_.apl;
164 infoParcel.ver = tokenInfoBasic_.ver;
165 infoParcel.processName = tokenInfoBasic_.processName;
166 infoParcel.dcap = tokenInfoBasic_.dcap;
167 infoParcel.nativeAcls = tokenInfoBasic_.nativeAcls;
168 infoParcel.tokenID = tokenInfoBasic_.tokenID;
169 infoParcel.tokenAttr = tokenInfoBasic_.tokenAttr;
170 }
171
StoreNativeInfo(std::vector<GenericValues> & valueList) const172 void NativeTokenInfoInner::StoreNativeInfo(std::vector<GenericValues>& valueList) const
173 {
174 if (isRemote_) {
175 ACCESSTOKEN_LOG_INFO(LABEL,
176 "token %{public}x is remote hap token, will not store", tokenInfoBasic_.tokenID);
177 return;
178 }
179 GenericValues genericValues;
180 TranslationIntoGenericValues(genericValues);
181 valueList.emplace_back(genericValues);
182 }
183
StorePermissionPolicy(std::vector<GenericValues> & permStateValues) const184 void NativeTokenInfoInner::StorePermissionPolicy(std::vector<GenericValues>& permStateValues) const
185 {
186 if (isRemote_) {
187 ACCESSTOKEN_LOG_INFO(LABEL,
188 "token %{public}x is remote hap token, will not store", tokenInfoBasic_.tokenID);
189 return;
190 }
191 if (permPolicySet_ != nullptr) {
192 permPolicySet_->StorePermissionPolicySet(permStateValues);
193 }
194 }
195
GetTokenID() const196 AccessTokenID NativeTokenInfoInner::GetTokenID() const
197 {
198 return tokenInfoBasic_.tokenID;
199 }
200
GetDcap() const201 std::vector<std::string> NativeTokenInfoInner::GetDcap() const
202 {
203 return tokenInfoBasic_.dcap;
204 }
205
GetNativeAcls() const206 std::vector<std::string> NativeTokenInfoInner::GetNativeAcls() const
207 {
208 return tokenInfoBasic_.nativeAcls;
209 }
210
GetProcessName() const211 std::string NativeTokenInfoInner::GetProcessName() const
212 {
213 return tokenInfoBasic_.processName;
214 }
215
GetNativeInfoPermissionPolicySet() const216 std::shared_ptr<PermissionPolicySet> NativeTokenInfoInner::GetNativeInfoPermissionPolicySet() const
217 {
218 return permPolicySet_;
219 }
220
IsRemote() const221 bool NativeTokenInfoInner::IsRemote() const
222 {
223 return isRemote_;
224 }
225
SetRemote(bool isRemote)226 void NativeTokenInfoInner::SetRemote(bool isRemote)
227 {
228 isRemote_ = isRemote;
229 }
230
SetDcaps(const std::string & dcapStr)231 void NativeTokenInfoInner::SetDcaps(const std::string& dcapStr)
232 {
233 std::string::size_type start = 0;
234 while (true) {
235 std::string::size_type offset = dcapStr.find(',', start);
236 if (offset == std::string::npos) {
237 tokenInfoBasic_.dcap.push_back(dcapStr.substr(start));
238 break;
239 }
240 tokenInfoBasic_.dcap.push_back(dcapStr.substr(start, offset));
241 start = offset + 1;
242 }
243 }
244
SetNativeAcls(const std::string & AclsStr)245 void NativeTokenInfoInner::SetNativeAcls(const std::string& AclsStr)
246 {
247 std::string::size_type start = 0;
248 while (true) {
249 std::string::size_type offset = AclsStr.find(',', start);
250 if (offset == std::string::npos) {
251 tokenInfoBasic_.nativeAcls.push_back(AclsStr.substr(start));
252 break;
253 }
254 tokenInfoBasic_.nativeAcls.push_back(AclsStr.substr(start, offset));
255 start = offset + 1;
256 }
257 }
258
ToString(std::string & info) const259 void NativeTokenInfoInner::ToString(std::string& info) const
260 {
261 info.append(R"({)");
262 info.append("\n");
263 info.append(R"( "tokenID": )" + std::to_string(tokenInfoBasic_.tokenID) + ",\n");
264 info.append(R"( "tokenAttr": )" + std::to_string(tokenInfoBasic_.tokenAttr) + ",\n");
265 info.append(R"( "ver": )" + std::to_string(tokenInfoBasic_.ver) + ",\n");
266 info.append(R"( "processName": ")" + tokenInfoBasic_.processName + R"(")" + ",\n");
267 info.append(R"( "apl": )" + std::to_string(tokenInfoBasic_.apl) + ",\n");
268 info.append(R"( "dcap": ")" + DcapToString(tokenInfoBasic_.dcap) + R"(")" + ",\n");
269 info.append(R"( "nativeAcls": ")" + NativeAclsToString(tokenInfoBasic_.nativeAcls) + R"(")" + ",\n");
270 info.append(R"( "isRemote": )" + std::to_string(isRemote_? 1 : 0) + ",\n");
271 if (permPolicySet_ != nullptr) {
272 permPolicySet_->PermStateToString(tokenInfoBasic_.apl, tokenInfoBasic_.nativeAcls, info);
273 }
274 info.append("}");
275 }
276 } // namespace AccessToken
277 } // namespace Security
278 } // namespace OHOS
279