1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accesstoken_manager_proxy.h"
17
18 #include "accesstoken_log.h"
19 #include "access_token_error.h"
20
21 #include "parcel.h"
22 #include "string_ex.h"
23
24 namespace OHOS {
25 namespace Security {
26 namespace AccessToken {
27 namespace {
28 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "ATMProxy"};
29 static const int MAX_PERMISSION_SIZE = 1000;
30 #ifdef TOKEN_SYNC_ENABLE
31 static const int MAX_NATIVE_TOKEN_INFO_SIZE = 20480;
32 #endif
33 }
34
AccessTokenManagerProxy(const sptr<IRemoteObject> & impl)35 AccessTokenManagerProxy::AccessTokenManagerProxy(const sptr<IRemoteObject>& impl)
36 : IRemoteProxy<IAccessTokenManager>(impl) {
37 }
38
~AccessTokenManagerProxy()39 AccessTokenManagerProxy::~AccessTokenManagerProxy()
40 {}
41
SendRequest(AccessTokenInterfaceCode code,MessageParcel & data,MessageParcel & reply)42 bool AccessTokenManagerProxy::SendRequest(
43 AccessTokenInterfaceCode code, MessageParcel& data, MessageParcel& reply)
44 {
45 MessageOption option(MessageOption::TF_SYNC);
46
47 sptr<IRemoteObject> remote = Remote();
48 if (remote == nullptr) {
49 ACCESSTOKEN_LOG_ERROR(LABEL, "code: %{public}d remote service null.", code);
50 return false;
51 }
52 int32_t requestResult = remote->SendRequest(
53 static_cast<uint32_t>(code), data, reply, option);
54 if (requestResult != NO_ERROR) {
55 ACCESSTOKEN_LOG_ERROR(LABEL, "code: %{public}d request fail, result: %{public}d", code, requestResult);
56 return false;
57 }
58 return true;
59 }
60
VerifyAccessToken(AccessTokenID tokenID,const std::string & permissionName)61 int AccessTokenManagerProxy::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName)
62 {
63 MessageParcel data;
64 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
65 if (!data.WriteUint32(tokenID)) {
66 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
67 return PERMISSION_DENIED;
68 }
69 if (!data.WriteString(permissionName)) {
70 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName");
71 return PERMISSION_DENIED;
72 }
73
74 MessageParcel reply;
75 if (!SendRequest(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN, data, reply)) {
76 return ERR_SERVICE_ABNORMAL;
77 }
78
79 int32_t result = reply.ReadInt32();
80 ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result);
81 return result;
82 }
83
GetDefPermission(const std::string & permissionName,PermissionDefParcel & permissionDefResult)84 int AccessTokenManagerProxy::GetDefPermission(
85 const std::string& permissionName, PermissionDefParcel& permissionDefResult)
86 {
87 MessageParcel data;
88 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
89 if (!data.WriteString(permissionName)) {
90 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName");
91 return AccessTokenError::ERR_WRITE_PARCEL_FAILED;
92 }
93
94 MessageParcel reply;
95 if (!SendRequest(AccessTokenInterfaceCode::GET_DEF_PERMISSION, data, reply)) {
96 return AccessTokenError::ERR_SERVICE_ABNORMAL;
97 }
98
99 int32_t result = reply.ReadInt32();
100 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
101 if (result != RET_SUCCESS) {
102 return result;
103 }
104 sptr<PermissionDefParcel> resultSptr = reply.ReadParcelable<PermissionDefParcel>();
105 if (resultSptr == nullptr) {
106 ACCESSTOKEN_LOG_ERROR(LABEL, "read permission def parcel fail");
107 return AccessTokenError::ERR_READ_PARCEL_FAILED;
108 }
109 permissionDefResult = *resultSptr;
110 return result;
111 }
112
GetDefPermissions(AccessTokenID tokenID,std::vector<PermissionDefParcel> & permList)113 int AccessTokenManagerProxy::GetDefPermissions(AccessTokenID tokenID,
114 std::vector<PermissionDefParcel>& permList)
115 {
116 MessageParcel data;
117 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
118 if (!data.WriteUint32(tokenID)) {
119 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
120 return ERR_WRITE_PARCEL_FAILED;
121 }
122
123 MessageParcel reply;
124 if (!SendRequest(AccessTokenInterfaceCode::GET_DEF_PERMISSIONS, data, reply)) {
125 return ERR_SERVICE_ABNORMAL;
126 }
127
128 int32_t result = reply.ReadInt32();
129 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
130 if (result != RET_SUCCESS) {
131 return result;
132 }
133 uint32_t defPermSize = reply.ReadUint32();
134 if (defPermSize > MAX_PERMISSION_SIZE) {
135 ACCESSTOKEN_LOG_ERROR(LABEL, "size = %{public}d get from request is invalid", defPermSize);
136 return ERR_OVERSIZE;
137 }
138 for (uint32_t i = 0; i < defPermSize; i++) {
139 sptr<PermissionDefParcel> permissionDef = reply.ReadParcelable<PermissionDefParcel>();
140 if (permissionDef != nullptr) {
141 permList.emplace_back(*permissionDef);
142 }
143 }
144 return result;
145 }
146
GetReqPermissions(AccessTokenID tokenID,std::vector<PermissionStateFullParcel> & reqPermList,bool isSystemGrant)147 int AccessTokenManagerProxy::GetReqPermissions(
148 AccessTokenID tokenID, std::vector<PermissionStateFullParcel>& reqPermList, bool isSystemGrant)
149 {
150 MessageParcel data;
151 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
152 if (!data.WriteUint32(tokenID)) {
153 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
154 return ERR_WRITE_PARCEL_FAILED;
155 }
156 if (!data.WriteInt32(isSystemGrant)) {
157 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write isSystemGrant");
158 return ERR_WRITE_PARCEL_FAILED;
159 }
160
161 MessageParcel reply;
162 if (!SendRequest(AccessTokenInterfaceCode::GET_REQ_PERMISSIONS, data, reply)) {
163 return ERR_SERVICE_ABNORMAL;
164 }
165
166 int32_t result = reply.ReadInt32();
167 ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result);
168 if (result != RET_SUCCESS) {
169 return result;
170 }
171 uint32_t reqPermSize = reply.ReadUint32();
172 if (reqPermSize > MAX_PERMISSION_SIZE) {
173 ACCESSTOKEN_LOG_ERROR(LABEL, "size = %{public}d get from request is invalid", reqPermSize);
174 return ERR_OVERSIZE;
175 }
176 for (uint32_t i = 0; i < reqPermSize; i++) {
177 sptr<PermissionStateFullParcel> permissionReq = reply.ReadParcelable<PermissionStateFullParcel>();
178 if (permissionReq != nullptr) {
179 reqPermList.emplace_back(*permissionReq);
180 }
181 }
182 return result;
183 }
184
GetPermissionFlag(AccessTokenID tokenID,const std::string & permissionName,uint32_t & flag)185 int AccessTokenManagerProxy::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag)
186 {
187 MessageParcel sendData;
188 sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
189 if (!sendData.WriteUint32(tokenID)) {
190 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
191 return AccessTokenError::ERR_WRITE_PARCEL_FAILED;
192 }
193 if (!sendData.WriteString(permissionName)) {
194 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName");
195 return AccessTokenError::ERR_WRITE_PARCEL_FAILED;
196 }
197
198 MessageParcel reply;
199 if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSION_FLAG, sendData, reply)) {
200 return AccessTokenError::ERR_SERVICE_ABNORMAL;
201 }
202
203 int32_t result = reply.ReadInt32();
204 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
205 if (result != RET_SUCCESS) {
206 return result;
207 }
208 flag = reply.ReadUint32();
209 return result;
210 }
211
GetSelfPermissionsState(std::vector<PermissionListStateParcel> & permListParcel,PermissionGrantInfoParcel & infoParcel)212 PermissionOper AccessTokenManagerProxy::GetSelfPermissionsState(std::vector<PermissionListStateParcel>& permListParcel,
213 PermissionGrantInfoParcel& infoParcel)
214 {
215 MessageParcel data;
216 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
217 if (!data.WriteUint32(permListParcel.size())) {
218 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permListParcel size.");
219 return INVALID_OPER;
220 }
221 for (const auto& permission : permListParcel) {
222 if (!data.WriteParcelable(&permission)) {
223 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permListParcel.");
224 return INVALID_OPER;
225 }
226 }
227
228 MessageParcel reply;
229 if (!SendRequest(AccessTokenInterfaceCode::GET_PERMISSION_OPER_STATE, data, reply)) {
230 return INVALID_OPER;
231 }
232
233 PermissionOper result = static_cast<PermissionOper>(reply.ReadInt32());
234 size_t size = reply.ReadUint32();
235 if (size != permListParcel.size()) {
236 ACCESSTOKEN_LOG_ERROR(LABEL, "permListParcel size from server is invalid!");
237 return INVALID_OPER;
238 }
239 if (size > MAX_PERMISSION_SIZE) {
240 ACCESSTOKEN_LOG_ERROR(LABEL, "size = %{public}zu get from request is invalid", size);
241 return INVALID_OPER;
242 }
243 for (uint32_t i = 0; i < size; i++) {
244 sptr<PermissionListStateParcel> permissionReq = reply.ReadParcelable<PermissionListStateParcel>();
245 if (permissionReq != nullptr) {
246 permListParcel[i].permsState.state = permissionReq->permsState.state;
247 }
248 }
249
250 sptr<PermissionGrantInfoParcel> resultSptr = reply.ReadParcelable<PermissionGrantInfoParcel>();
251 if (resultSptr == nullptr) {
252 ACCESSTOKEN_LOG_ERROR(LABEL, "read permission grant info parcel fail");
253 return INVALID_OPER;
254 }
255 infoParcel = *resultSptr;
256
257 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
258 return result;
259 }
260
GrantPermission(AccessTokenID tokenID,const std::string & permissionName,uint32_t flag)261 int AccessTokenManagerProxy::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag)
262 {
263 MessageParcel inData;
264 inData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
265 if (!inData.WriteUint32(tokenID)) {
266 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
267 return AccessTokenError::ERR_WRITE_PARCEL_FAILED;
268 }
269 if (!inData.WriteString(permissionName)) {
270 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName");
271 return AccessTokenError::ERR_WRITE_PARCEL_FAILED;
272 }
273 if (!inData.WriteUint32(flag)) {
274 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write flag");
275 return AccessTokenError::ERR_WRITE_PARCEL_FAILED;
276 }
277
278 MessageParcel reply;
279 if (!SendRequest(AccessTokenInterfaceCode::GRANT_PERMISSION, inData, reply)) {
280 return AccessTokenError::ERR_SERVICE_ABNORMAL;
281 }
282
283 int32_t result = reply.ReadInt32();
284 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
285 return result;
286 }
287
RevokePermission(AccessTokenID tokenID,const std::string & permissionName,uint32_t flag)288 int AccessTokenManagerProxy::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag)
289 {
290 MessageParcel data;
291 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
292 if (!data.WriteUint32(tokenID)) {
293 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
294 return AccessTokenError::ERR_WRITE_PARCEL_FAILED;
295 }
296 if (!data.WriteString(permissionName)) {
297 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName");
298 return AccessTokenError::ERR_WRITE_PARCEL_FAILED;
299 }
300 if (!data.WriteUint32(flag)) {
301 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write flag");
302 return AccessTokenError::ERR_WRITE_PARCEL_FAILED;
303 }
304
305 MessageParcel reply;
306 if (!SendRequest(AccessTokenInterfaceCode::REVOKE_PERMISSION, data, reply)) {
307 return AccessTokenError::ERR_SERVICE_ABNORMAL;
308 }
309
310 int32_t result = reply.ReadInt32();
311 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
312 return result;
313 }
314
ClearUserGrantedPermissionState(AccessTokenID tokenID)315 int AccessTokenManagerProxy::ClearUserGrantedPermissionState(AccessTokenID tokenID)
316 {
317 MessageParcel data;
318 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
319 if (!data.WriteUint32(tokenID)) {
320 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
321 return ERR_WRITE_PARCEL_FAILED;
322 }
323
324 MessageParcel reply;
325 if (!SendRequest(AccessTokenInterfaceCode::CLEAR_USER_GRANT_PERMISSION, data, reply)) {
326 return ERR_SERVICE_ABNORMAL;
327 }
328
329 int32_t result = reply.ReadInt32();
330 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
331 return result;
332 }
333
RegisterPermStateChangeCallback(const PermStateChangeScopeParcel & scope,const sptr<IRemoteObject> & callback)334 int32_t AccessTokenManagerProxy::RegisterPermStateChangeCallback(
335 const PermStateChangeScopeParcel& scope, const sptr<IRemoteObject>& callback)
336 {
337 MessageParcel data;
338 if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) {
339 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken.");
340 return AccessTokenError::ERR_WRITE_PARCEL_FAILED;
341 }
342 if (!data.WriteParcelable(&scope)) {
343 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write PermStateChangeScopeParcel.");
344 return AccessTokenError::ERR_WRITE_PARCEL_FAILED;
345 }
346 if (!data.WriteRemoteObject(callback)) {
347 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write remote object.");
348 return AccessTokenError::ERR_WRITE_PARCEL_FAILED;
349 }
350 MessageParcel reply;
351 if (!SendRequest(AccessTokenInterfaceCode::REGISTER_PERM_STATE_CHANGE_CALLBACK, data, reply)) {
352 return AccessTokenError::ERR_SERVICE_ABNORMAL;
353 }
354
355 int32_t ret;
356 if (!reply.ReadInt32(ret)) {
357 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadInt32 fail");
358 return AccessTokenError::ERR_READ_PARCEL_FAILED;
359 }
360 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", ret);
361 return ret;
362 }
363
UnRegisterPermStateChangeCallback(const sptr<IRemoteObject> & callback)364 int32_t AccessTokenManagerProxy::UnRegisterPermStateChangeCallback(const sptr<IRemoteObject>& callback)
365 {
366 MessageParcel data;
367 if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) {
368 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken.");
369 return AccessTokenError::ERR_WRITE_PARCEL_FAILED;
370 }
371 if (!data.WriteRemoteObject(callback)) {
372 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write remote object.");
373 return AccessTokenError::ERR_WRITE_PARCEL_FAILED;
374 }
375
376 MessageParcel reply;
377 if (!SendRequest(
378 AccessTokenInterfaceCode::UNREGISTER_PERM_STATE_CHANGE_CALLBACK, data, reply)) {
379 return AccessTokenError::ERR_SERVICE_ABNORMAL;
380 }
381
382 int32_t result;
383 if (!reply.ReadInt32(result)) {
384 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadInt32 fail");
385 return AccessTokenError::ERR_READ_PARCEL_FAILED;
386 }
387 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
388 return result;
389 }
390
AllocHapToken(const HapInfoParcel & hapInfo,const HapPolicyParcel & policyParcel)391 AccessTokenIDEx AccessTokenManagerProxy::AllocHapToken(
392 const HapInfoParcel& hapInfo, const HapPolicyParcel& policyParcel)
393 {
394 MessageParcel data;
395 AccessTokenIDEx res = { 0 };
396 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
397
398 if (!data.WriteParcelable(&hapInfo)) {
399 return res;
400 }
401 if (!data.WriteParcelable(&policyParcel)) {
402 return res;
403 }
404
405 MessageParcel reply;
406 if (!SendRequest(AccessTokenInterfaceCode::ALLOC_TOKEN_HAP, data, reply)) {
407 return res;
408 }
409
410 unsigned long long result = reply.ReadUint64();
411 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}llu", result);
412 res.tokenIDEx = result;
413 return res;
414 }
415
DeleteToken(AccessTokenID tokenID)416 int AccessTokenManagerProxy::DeleteToken(AccessTokenID tokenID)
417 {
418 MessageParcel data;
419 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
420
421 if (!data.WriteUint32(tokenID)) {
422 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
423 return ERR_WRITE_PARCEL_FAILED;
424 }
425
426 MessageParcel reply;
427 if (!SendRequest(AccessTokenInterfaceCode::TOKEN_DELETE, data, reply)) {
428 return ERR_SERVICE_ABNORMAL;
429 }
430
431 int result = reply.ReadInt32();
432 ACCESSTOKEN_LOG_INFO(LABEL, "tokenID = %{public}u, result = %{public}d", tokenID, result);
433 return result;
434 }
435
GetTokenType(AccessTokenID tokenID)436 int AccessTokenManagerProxy::GetTokenType(AccessTokenID tokenID)
437 {
438 MessageParcel data;
439 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
440
441 if (!data.WriteUint32(tokenID)) {
442 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
443 return ERR_WRITE_PARCEL_FAILED;
444 }
445
446 MessageParcel reply;
447 if (!SendRequest(AccessTokenInterfaceCode::GET_TOKEN_TYPE, data, reply)) {
448 return ERR_SERVICE_ABNORMAL;
449 }
450
451 int result = reply.ReadInt32();
452 ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result);
453 return result;
454 }
455
CheckNativeDCap(AccessTokenID tokenID,const std::string & dcap)456 int AccessTokenManagerProxy::CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap)
457 {
458 MessageParcel data;
459 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
460
461 if (!data.WriteUint32(tokenID)) {
462 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
463 return ERR_WRITE_PARCEL_FAILED;
464 }
465 if (!data.WriteString(dcap)) {
466 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write dcap");
467 return ERR_WRITE_PARCEL_FAILED;
468 }
469 MessageParcel reply;
470 if (!SendRequest(AccessTokenInterfaceCode::CHECK_NATIVE_DCAP, data, reply)) {
471 return ERR_SERVICE_ABNORMAL;
472 }
473
474 int result = reply.ReadInt32();
475 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
476 return result;
477 }
478
GetHapTokenID(int32_t userID,const std::string & bundleName,int32_t instIndex)479 AccessTokenIDEx AccessTokenManagerProxy::GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex)
480 {
481 AccessTokenIDEx tokenIdEx = {0};
482 MessageParcel data;
483 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
484
485 if (!data.WriteInt32(userID)) {
486 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID");
487 return tokenIdEx;
488 }
489 if (!data.WriteString(bundleName)) {
490 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write dcap");
491 return tokenIdEx;
492 }
493 if (!data.WriteInt32(instIndex)) {
494 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write dcap");
495 return tokenIdEx;
496 }
497 MessageParcel reply;
498 if (!SendRequest(AccessTokenInterfaceCode::GET_HAP_TOKEN_ID, data, reply)) {
499 return tokenIdEx;
500 }
501
502 tokenIdEx.tokenIDEx = reply.ReadUint64();
503 ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}llu", tokenIdEx.tokenIDEx);
504 return tokenIdEx;
505 }
506
AllocLocalTokenID(const std::string & remoteDeviceID,AccessTokenID remoteTokenID)507 AccessTokenID AccessTokenManagerProxy::AllocLocalTokenID(
508 const std::string& remoteDeviceID, AccessTokenID remoteTokenID)
509 {
510 MessageParcel data;
511 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
512
513 if (!data.WriteString(remoteDeviceID)) {
514 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write dcap");
515 return 0;
516 }
517 if (!data.WriteUint32(remoteTokenID)) {
518 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write dcap");
519 return 0;
520 }
521 MessageParcel reply;
522 if (!SendRequest(AccessTokenInterfaceCode::ALLOC_LOCAL_TOKEN_ID, data, reply)) {
523 return ERR_SERVICE_ABNORMAL;
524 }
525
526 AccessTokenID result = reply.ReadUint32();
527 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
528 return result;
529 }
530
GetNativeTokenInfo(AccessTokenID tokenID,NativeTokenInfoParcel & nativeTokenInfoRes)531 int AccessTokenManagerProxy::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& nativeTokenInfoRes)
532 {
533 MessageParcel data;
534 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
535 if (!data.WriteUint32(tokenID)) {
536 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName");
537 return ERR_WRITE_PARCEL_FAILED;
538 }
539
540 MessageParcel reply;
541 if (!SendRequest(AccessTokenInterfaceCode::GET_NATIVE_TOKENINFO, data, reply)) {
542 return ERR_SERVICE_ABNORMAL;
543 }
544
545 int32_t result = reply.ReadInt32();
546 ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result);
547 if (result != RET_SUCCESS) {
548 return result;
549 }
550 sptr<NativeTokenInfoParcel> resultSptr = reply.ReadParcelable<NativeTokenInfoParcel>();
551 if (resultSptr == nullptr) {
552 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable fail");
553 return ERR_READ_PARCEL_FAILED;
554 }
555 nativeTokenInfoRes = *resultSptr;
556 return result;
557 }
558
GetHapTokenInfo(AccessTokenID tokenID,HapTokenInfoParcel & hapTokenInfoRes)559 int AccessTokenManagerProxy::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes)
560 {
561 MessageParcel data;
562 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
563 if (!data.WriteUint32(tokenID)) {
564 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName");
565 return ERR_WRITE_PARCEL_FAILED;
566 }
567
568 MessageParcel reply;
569 if (!SendRequest(AccessTokenInterfaceCode::GET_HAP_TOKENINFO, data, reply)) {
570 return ERR_SERVICE_ABNORMAL;
571 }
572
573 int32_t result = reply.ReadInt32();
574 ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result);
575 if (result != RET_SUCCESS) {
576 return result;
577 }
578 sptr<HapTokenInfoParcel> resultSptr = reply.ReadParcelable<HapTokenInfoParcel>();
579 if (resultSptr == nullptr) {
580 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable fail");
581 return ERR_READ_PARCEL_FAILED;
582 }
583 hapTokenInfoRes = *resultSptr;
584 return result;
585 }
586
UpdateHapToken(AccessTokenIDEx & tokenIdEx,bool isSystemApp,const std::string & appIDDesc,int32_t apiVersion,const HapPolicyParcel & policyParcel)587 int AccessTokenManagerProxy::UpdateHapToken(AccessTokenIDEx& tokenIdEx,
588 bool isSystemApp, const std::string& appIDDesc, int32_t apiVersion, const HapPolicyParcel& policyParcel)
589 {
590 AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
591 MessageParcel data;
592 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
593 if (!data.WriteUint32(tokenID)) {
594 return ERR_WRITE_PARCEL_FAILED;
595 }
596 if (!data.WriteBool(isSystemApp)) {
597 return ERR_WRITE_PARCEL_FAILED;
598 }
599 if (!data.WriteString(appIDDesc)) {
600 return ERR_WRITE_PARCEL_FAILED;
601 }
602 if (!data.WriteInt32(apiVersion)) {
603 return ERR_WRITE_PARCEL_FAILED;
604 }
605 if (!data.WriteParcelable(&policyParcel)) {
606 return ERR_WRITE_PARCEL_FAILED;
607 }
608
609 MessageParcel reply;
610 if (!SendRequest(AccessTokenInterfaceCode::UPDATE_HAP_TOKEN, data, reply)) {
611 return ERR_SERVICE_ABNORMAL;
612 }
613 int32_t result = reply.ReadInt32();
614 tokenIdEx.tokenIdExStruct.tokenAttr = reply.ReadUint32();
615 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
616 return result;
617 }
618
619 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
ReloadNativeTokenInfo()620 int32_t AccessTokenManagerProxy::ReloadNativeTokenInfo()
621 {
622 MessageParcel data;
623 if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) {
624 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken.");
625 return ERR_WRITE_PARCEL_FAILED;
626 }
627 MessageParcel reply;
628 if (!SendRequest(AccessTokenInterfaceCode::RELOAD_NATIVE_TOKEN_INFO, data, reply)) {
629 return ERR_SERVICE_ABNORMAL;
630 }
631
632 int32_t result = reply.ReadInt32();
633 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
634 return result;
635 }
636 #endif
637
GetNativeTokenId(const std::string & processName)638 AccessTokenID AccessTokenManagerProxy::GetNativeTokenId(const std::string& processName)
639 {
640 MessageParcel data;
641 if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) {
642 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken.");
643 return INVALID_TOKENID;
644 }
645
646 if (!data.WriteString(processName)) {
647 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write processName");
648 return INVALID_TOKENID;
649 }
650 MessageParcel reply;
651 if (!SendRequest(AccessTokenInterfaceCode::GET_NATIVE_TOKEN_ID, data, reply)) {
652 return ERR_SERVICE_ABNORMAL;
653 }
654 AccessTokenID result;
655 if (!reply.ReadUint32(result)) {
656 ACCESSTOKEN_LOG_INFO(LABEL, "readInt32 failed, result: %{public}d", result);
657 return INVALID_TOKENID;
658 }
659 ACCESSTOKEN_LOG_DEBUG(LABEL, "result from server data = %{public}d", result);
660 return result;
661 }
662
663 #ifdef TOKEN_SYNC_ENABLE
GetHapTokenInfoFromRemote(AccessTokenID tokenID,HapTokenInfoForSyncParcel & hapSyncParcel)664 int AccessTokenManagerProxy::GetHapTokenInfoFromRemote(AccessTokenID tokenID,
665 HapTokenInfoForSyncParcel& hapSyncParcel)
666 {
667 MessageParcel data;
668 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
669 if (!data.WriteUint32(tokenID)) {
670 return ERR_WRITE_PARCEL_FAILED;
671 }
672
673 MessageParcel reply;
674 if (!SendRequest(AccessTokenInterfaceCode::GET_HAP_TOKEN_FROM_REMOTE, data, reply)) {
675 return ERR_SERVICE_ABNORMAL;
676 }
677
678 int32_t result = reply.ReadInt32();
679 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
680 if (result != RET_SUCCESS) {
681 return result;
682 }
683 sptr<HapTokenInfoForSyncParcel> hapResult = reply.ReadParcelable<HapTokenInfoForSyncParcel>();
684 if (hapResult == nullptr) {
685 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable fail");
686 return ERR_READ_PARCEL_FAILED;
687 }
688 hapSyncParcel = *hapResult;
689 return result;
690 }
691
GetAllNativeTokenInfo(std::vector<NativeTokenInfoForSyncParcel> & nativeTokenInfoRes)692 int AccessTokenManagerProxy::GetAllNativeTokenInfo(std::vector<NativeTokenInfoForSyncParcel>& nativeTokenInfoRes)
693 {
694 MessageParcel data;
695 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
696
697 MessageParcel reply;
698 if (!SendRequest(AccessTokenInterfaceCode::GET_ALL_NATIVE_TOKEN_FROM_REMOTE, data, reply)) {
699 return ERR_SERVICE_ABNORMAL;
700 }
701
702 int32_t result = reply.ReadInt32();
703 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
704 if (result != RET_SUCCESS) {
705 return result;
706 }
707 uint32_t size = reply.ReadUint32();
708 if (size > MAX_NATIVE_TOKEN_INFO_SIZE) {
709 ACCESSTOKEN_LOG_ERROR(LABEL, "size = %{public}d get from request is invalid", size);
710 return ERR_OVERSIZE;
711 }
712 for (uint32_t i = 0; i < size; i++) {
713 sptr<NativeTokenInfoForSyncParcel> nativeResult = reply.ReadParcelable<NativeTokenInfoForSyncParcel>();
714 if (nativeResult != nullptr) {
715 nativeTokenInfoRes.emplace_back(*nativeResult);
716 }
717 }
718
719 return result;
720 }
721
SetRemoteHapTokenInfo(const std::string & deviceID,HapTokenInfoForSyncParcel & hapSyncParcel)722 int AccessTokenManagerProxy::SetRemoteHapTokenInfo(const std::string& deviceID,
723 HapTokenInfoForSyncParcel& hapSyncParcel)
724 {
725 MessageParcel data;
726 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
727 if (!data.WriteString(deviceID)) {
728 return ERR_WRITE_PARCEL_FAILED;
729 }
730 if (!data.WriteParcelable(&hapSyncParcel)) {
731 return ERR_WRITE_PARCEL_FAILED;
732 }
733
734 MessageParcel reply;
735 if (!SendRequest(AccessTokenInterfaceCode::SET_REMOTE_HAP_TOKEN_INFO, data, reply)) {
736 return ERR_SERVICE_ABNORMAL;
737 }
738
739 int32_t result = reply.ReadInt32();
740 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
741 return result;
742 }
743
SetRemoteNativeTokenInfo(const std::string & deviceID,std::vector<NativeTokenInfoForSyncParcel> & nativeTokenInfoForSyncParcel)744 int AccessTokenManagerProxy::SetRemoteNativeTokenInfo(const std::string& deviceID,
745 std::vector<NativeTokenInfoForSyncParcel>& nativeTokenInfoForSyncParcel)
746 {
747 MessageParcel data;
748 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
749 if (!data.WriteString(deviceID)) {
750 return ERR_WRITE_PARCEL_FAILED;
751 }
752 if (!data.WriteUint32(nativeTokenInfoForSyncParcel.size())) {
753 return ERR_WRITE_PARCEL_FAILED;
754 }
755 for (const NativeTokenInfoForSyncParcel& parcel : nativeTokenInfoForSyncParcel) {
756 if (!data.WriteParcelable(&parcel)) {
757 return ERR_WRITE_PARCEL_FAILED;
758 }
759 }
760
761 MessageParcel reply;
762 if (!SendRequest(AccessTokenInterfaceCode::SET_REMOTE_NATIVE_TOKEN_INFO, data, reply)) {
763 return ERR_SERVICE_ABNORMAL;
764 }
765
766 int32_t result = reply.ReadInt32();
767 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
768 return result;
769 }
770
DeleteRemoteToken(const std::string & deviceID,AccessTokenID tokenID)771 int AccessTokenManagerProxy::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID)
772 {
773 MessageParcel data;
774 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
775 if (!data.WriteString(deviceID)) {
776 return ERR_WRITE_PARCEL_FAILED;
777 }
778
779 if (!data.WriteUint32(tokenID)) {
780 return ERR_WRITE_PARCEL_FAILED;
781 }
782
783 MessageParcel reply;
784 if (!SendRequest(AccessTokenInterfaceCode::DELETE_REMOTE_TOKEN_INFO, data, reply)) {
785 return ERR_SERVICE_ABNORMAL;
786 }
787
788 int32_t result = reply.ReadInt32();
789 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
790 return result;
791 }
792
GetRemoteNativeTokenID(const std::string & deviceID,AccessTokenID tokenID)793 AccessTokenID AccessTokenManagerProxy::GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID)
794 {
795 MessageParcel data;
796 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
797 if (!data.WriteString(deviceID)) {
798 return 0;
799 }
800
801 if (!data.WriteUint32(tokenID)) {
802 return 0;
803 }
804
805 MessageParcel reply;
806 if (!SendRequest(AccessTokenInterfaceCode::GET_NATIVE_REMOTE_TOKEN, data, reply)) {
807 return ERR_SERVICE_ABNORMAL;
808 }
809
810 AccessTokenID result = reply.ReadUint32();
811 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
812 return result;
813 }
814
DeleteRemoteDeviceTokens(const std::string & deviceID)815 int AccessTokenManagerProxy::DeleteRemoteDeviceTokens(const std::string& deviceID)
816 {
817 MessageParcel data;
818 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
819 if (!data.WriteString(deviceID)) {
820 return ERR_WRITE_PARCEL_FAILED;
821 }
822
823 MessageParcel reply;
824 if (!SendRequest(AccessTokenInterfaceCode::DELETE_REMOTE_DEVICE_TOKEN, data, reply)) {
825 return ERR_SERVICE_ABNORMAL;
826 }
827
828 int32_t result = reply.ReadInt32();
829 ACCESSTOKEN_LOG_INFO(LABEL, "result from server data = %{public}d", result);
830 return result;
831 }
832 #endif
833
DumpTokenInfo(const AtmToolsParamInfoParcel & infoParcel,std::string & dumpInfo)834 void AccessTokenManagerProxy::DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo)
835 {
836 MessageParcel data;
837 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
838
839 if (!data.WriteParcelable(&infoParcel)) {
840 return;
841 }
842 MessageParcel reply;
843 if (!SendRequest(AccessTokenInterfaceCode::DUMP_TOKENINFO, data, reply)) {
844 return;
845 }
846 if (!reply.ReadString(dumpInfo)) {
847 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadString failed.");
848 }
849 ACCESSTOKEN_LOG_INFO(LABEL, "result from server dumpInfo = %{public}s", dumpInfo.c_str());
850 }
851
SetPermDialogCap(const HapBaseInfoParcel & hapBaseInfo,bool enable)852 int32_t AccessTokenManagerProxy::SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfo, bool enable)
853 {
854 MessageParcel data;
855 data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
856
857 if (!data.WriteParcelable(&hapBaseInfo)) {
858 ACCESSTOKEN_LOG_ERROR(LABEL, "write hapBaseInfo failed");
859 return ERR_WRITE_PARCEL_FAILED;
860 }
861 if (!data.WriteBool(enable)) {
862 ACCESSTOKEN_LOG_ERROR(LABEL, "write enable failed");
863 return ERR_WRITE_PARCEL_FAILED;
864 }
865
866 MessageParcel reply;
867 if (!SendRequest(AccessTokenInterfaceCode::SET_PERM_DIALOG_CAPABILITY, data, reply)) {
868 ACCESSTOKEN_LOG_ERROR(LABEL, "read replay failed");
869 return ERR_SERVICE_ABNORMAL;
870 }
871 return reply.ReadInt32();
872 }
873 } // namespace AccessToken
874 } // namespace Security
875 } // namespace OHOS
876