1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "privacy_manager_stub.h"
17
18 #include "accesstoken_kit.h"
19 #include "accesstoken_log.h"
20 #include "ipc_skeleton.h"
21 #include "memory_guard.h"
22 #include "privacy_error.h"
23 #include "string_ex.h"
24 #include "tokenid_kit.h"
25
26 namespace OHOS {
27 namespace Security {
28 namespace AccessToken {
29 namespace {
30 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
31 LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacyManagerStub"
32 };
33 static const uint32_t PERM_LIST_SIZE_MAX = 1024;
34 static const std::string PERMISSION_USED_STATS = "ohos.permission.PERMISSION_USED_STATS";
35 }
36
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)37 int32_t PrivacyManagerStub::OnRemoteRequest(
38 uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option)
39 {
40 MemoryGuard cacheGuard;
41 std::u16string descriptor = data.ReadInterfaceToken();
42 if (descriptor != IPrivacyManager::GetDescriptor()) {
43 ACCESSTOKEN_LOG_ERROR(LABEL, "get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str());
44 return ERROR_IPC_REQUEST_FAIL;
45 }
46 switch (code) {
47 case static_cast<uint32_t>(PrivacyInterfaceCode::ADD_PERMISSION_USED_RECORD):
48 AddPermissionUsedRecordInner(data, reply);
49 break;
50 case static_cast<uint32_t>(PrivacyInterfaceCode::START_USING_PERMISSION):
51 StartUsingPermissionInner(data, reply);
52 break;
53 case static_cast<uint32_t>(PrivacyInterfaceCode::START_USING_PERMISSION_CALLBACK):
54 StartUsingPermissionCallbackInner(data, reply);
55 break;
56 case static_cast<uint32_t>(PrivacyInterfaceCode::STOP_USING_PERMISSION):
57 StopUsingPermissionInner(data, reply);
58 break;
59 case static_cast<uint32_t>(PrivacyInterfaceCode::DELETE_PERMISSION_USED_RECORDS):
60 RemovePermissionUsedRecordsInner(data, reply);
61 break;
62 case static_cast<uint32_t>(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORDS):
63 GetPermissionUsedRecordsInner(data, reply);
64 break;
65 case static_cast<uint32_t>(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORDS_ASYNC):
66 GetPermissionUsedRecordsAsyncInner(data, reply);
67 break;
68 case static_cast<uint32_t>(PrivacyInterfaceCode::REGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK):
69 RegisterPermActiveStatusCallbackInner(data, reply);
70 break;
71 case static_cast<uint32_t>(
72 PrivacyInterfaceCode::UNREGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK):
73 UnRegisterPermActiveStatusCallbackInner(data, reply);
74 break;
75 case static_cast<uint32_t>(PrivacyInterfaceCode::IS_ALLOWED_USING_PERMISSION):
76 IsAllowedUsingPermissionInner(data, reply);
77 break;
78 default:
79 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
80 if (HandleSecCompReq(code, data, reply)) {
81 return NO_ERROR;
82 }
83 #endif
84 return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
85 }
86 return NO_ERROR;
87 }
88
AddPermissionUsedRecordInner(MessageParcel & data,MessageParcel & reply)89 void PrivacyManagerStub::AddPermissionUsedRecordInner(MessageParcel& data, MessageParcel& reply)
90 {
91 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
92 if ((AccessTokenKit::GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
93 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
94 return;
95 }
96 if (!VerifyPermission(PERMISSION_USED_STATS)) {
97 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
98 return;
99 }
100 AccessTokenID tokenId = data.ReadUint32();
101 std::string permissionName = data.ReadString();
102 int32_t successCount = data.ReadInt32();
103 int32_t failCount = data.ReadInt32();
104 int32_t result = this->AddPermissionUsedRecord(tokenId, permissionName, successCount, failCount);
105 reply.WriteInt32(result);
106 }
107
StartUsingPermissionInner(MessageParcel & data,MessageParcel & reply)108 void PrivacyManagerStub::StartUsingPermissionInner(MessageParcel& data, MessageParcel& reply)
109 {
110 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
111 if ((AccessTokenKit::GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
112 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
113 return;
114 }
115 if (!VerifyPermission(PERMISSION_USED_STATS)) {
116 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
117 return;
118 }
119 AccessTokenID tokenId = data.ReadUint32();
120 std::string permissionName = data.ReadString();
121 int32_t result = this->StartUsingPermission(tokenId, permissionName);
122 reply.WriteInt32(result);
123 }
124
StartUsingPermissionCallbackInner(MessageParcel & data,MessageParcel & reply)125 void PrivacyManagerStub::StartUsingPermissionCallbackInner(MessageParcel& data, MessageParcel& reply)
126 {
127 if (!VerifyPermission(PERMISSION_USED_STATS)) {
128 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
129 return;
130 }
131 AccessTokenID tokenId = data.ReadUint32();
132 std::string permissionName = data.ReadString();
133 sptr<IRemoteObject> callback = data.ReadRemoteObject();
134 if (callback == nullptr) {
135 ACCESSTOKEN_LOG_ERROR(LABEL, "read ReadRemoteObject fail");
136 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
137 return;
138 }
139 int32_t result = this->StartUsingPermission(tokenId, permissionName, callback);
140 reply.WriteInt32(result);
141 }
142
StopUsingPermissionInner(MessageParcel & data,MessageParcel & reply)143 void PrivacyManagerStub::StopUsingPermissionInner(MessageParcel& data, MessageParcel& reply)
144 {
145 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
146 if ((AccessTokenKit::GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
147 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
148 return;
149 }
150 if (!VerifyPermission(PERMISSION_USED_STATS)) {
151 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
152 return;
153 }
154 AccessTokenID tokenId = data.ReadUint32();
155 std::string permissionName = data.ReadString();
156 int32_t result = this->StopUsingPermission(tokenId, permissionName);
157 reply.WriteInt32(result);
158 }
159
RemovePermissionUsedRecordsInner(MessageParcel & data,MessageParcel & reply)160 void PrivacyManagerStub::RemovePermissionUsedRecordsInner(MessageParcel& data, MessageParcel& reply)
161 {
162 if (!IsAccessTokenCalling() && !VerifyPermission(PERMISSION_USED_STATS)) {
163 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
164 return;
165 }
166
167 AccessTokenID tokenId = data.ReadUint32();
168 std::string deviceID = data.ReadString();
169 int32_t result = this->RemovePermissionUsedRecords(tokenId, deviceID);
170 reply.WriteInt32(result);
171 }
172
GetPermissionUsedRecordsInner(MessageParcel & data,MessageParcel & reply)173 void PrivacyManagerStub::GetPermissionUsedRecordsInner(MessageParcel& data, MessageParcel& reply)
174 {
175 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
176 if ((AccessTokenKit::GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
177 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
178 return;
179 }
180 PermissionUsedResultParcel responseParcel;
181 if (!VerifyPermission(PERMISSION_USED_STATS)) {
182 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
183 return;
184 }
185 sptr<PermissionUsedRequestParcel> requestParcel = data.ReadParcelable<PermissionUsedRequestParcel>();
186 if (requestParcel == nullptr) {
187 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable faild");
188 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
189 return;
190 }
191 int32_t result = this->GetPermissionUsedRecords(*requestParcel, responseParcel);
192 reply.WriteInt32(result);
193 reply.WriteParcelable(&responseParcel);
194 }
195
GetPermissionUsedRecordsAsyncInner(MessageParcel & data,MessageParcel & reply)196 void PrivacyManagerStub::GetPermissionUsedRecordsAsyncInner(MessageParcel& data, MessageParcel& reply)
197 {
198 if (!VerifyPermission(PERMISSION_USED_STATS)) {
199 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
200 return;
201 }
202 sptr<PermissionUsedRequestParcel> requestParcel = data.ReadParcelable<PermissionUsedRequestParcel>();
203 if (requestParcel == nullptr) {
204 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable failed");
205 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
206 return;
207 }
208 sptr<OnPermissionUsedRecordCallback> callback = iface_cast<OnPermissionUsedRecordCallback>(data.ReadRemoteObject());
209 if (callback == nullptr) {
210 ACCESSTOKEN_LOG_ERROR(LABEL, "callback is null");
211 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
212 return;
213 }
214 int32_t result = this->GetPermissionUsedRecords(*requestParcel, callback);
215 reply.WriteInt32(result);
216 }
217
RegisterPermActiveStatusCallbackInner(MessageParcel & data,MessageParcel & reply)218 void PrivacyManagerStub::RegisterPermActiveStatusCallbackInner(MessageParcel& data, MessageParcel& reply)
219 {
220 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
221 if ((AccessTokenKit::GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
222 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
223 return;
224 }
225 if (!VerifyPermission(PERMISSION_USED_STATS)) {
226 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
227 return;
228 }
229 uint32_t permListSize = data.ReadUint32();
230 if (permListSize > PERM_LIST_SIZE_MAX) {
231 ACCESSTOKEN_LOG_ERROR(LABEL, "read permListSize fail");
232 reply.WriteInt32(PrivacyError::ERR_OVERSIZE);
233 return;
234 }
235 std::vector<std::string> permList;
236 for (uint32_t i = 0; i < permListSize; i++) {
237 std::string perm = data.ReadString();
238 permList.emplace_back(perm);
239 }
240 sptr<IRemoteObject> callback = data.ReadRemoteObject();
241 if (callback == nullptr) {
242 ACCESSTOKEN_LOG_ERROR(LABEL, "read ReadRemoteObject fail");
243 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
244 return;
245 }
246 int32_t result = this->RegisterPermActiveStatusCallback(permList, callback);
247 reply.WriteInt32(result);
248 }
249
UnRegisterPermActiveStatusCallbackInner(MessageParcel & data,MessageParcel & reply)250 void PrivacyManagerStub::UnRegisterPermActiveStatusCallbackInner(MessageParcel& data, MessageParcel& reply)
251 {
252 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
253 if ((AccessTokenKit::GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
254 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
255 return;
256 }
257 if (!VerifyPermission(PERMISSION_USED_STATS)) {
258 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
259 return;
260 }
261 sptr<IRemoteObject> callback = data.ReadRemoteObject();
262 if (callback == nullptr) {
263 ACCESSTOKEN_LOG_ERROR(LABEL, "read scopeParcel fail");
264 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
265 return;
266 }
267
268 int32_t result = this->UnRegisterPermActiveStatusCallback(callback);
269 reply.WriteInt32(result);
270 }
271
IsAllowedUsingPermissionInner(MessageParcel & data,MessageParcel & reply)272 void PrivacyManagerStub::IsAllowedUsingPermissionInner(MessageParcel& data, MessageParcel& reply)
273 {
274 if (!VerifyPermission(PERMISSION_USED_STATS)) {
275 reply.WriteBool(false);
276 return;
277 }
278 AccessTokenID tokenId = data.ReadUint32();
279
280 std::string permissionName = data.ReadString();
281 bool result = this->IsAllowedUsingPermission(tokenId, permissionName);
282 if (!reply.WriteBool(result)) {
283 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteBool(%{public}s)", permissionName.c_str());
284 return;
285 }
286 }
287
288 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
HandleSecCompReq(uint32_t code,MessageParcel & data,MessageParcel & reply)289 bool PrivacyManagerStub::HandleSecCompReq(uint32_t code, MessageParcel& data, MessageParcel& reply)
290 {
291 switch (code) {
292 case static_cast<uint32_t>(PrivacyInterfaceCode::REGISTER_SEC_COMP_ENHANCE):
293 RegisterSecCompEnhanceInner(data, reply);
294 break;
295 case static_cast<uint32_t>(PrivacyInterfaceCode::GET_SEC_COMP_ENHANCE):
296 GetSecCompEnhanceInner(data, reply);
297 break;
298 case static_cast<uint32_t>(PrivacyInterfaceCode::GET_SPECIAL_SEC_COMP_ENHANCE):
299 GetSpecialSecCompEnhanceInner(data, reply);
300 break;
301 default:
302 return false;
303 }
304 return true;
305 }
306
RegisterSecCompEnhanceInner(MessageParcel & data,MessageParcel & reply)307 void PrivacyManagerStub::RegisterSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply)
308 {
309 sptr<SecCompEnhanceDataParcel> requestParcel = data.ReadParcelable<SecCompEnhanceDataParcel>();
310 if (requestParcel == nullptr) {
311 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable faild");
312 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
313 return;
314 }
315 int32_t result = this->RegisterSecCompEnhance(*requestParcel);
316 reply.WriteInt32(result);
317 }
318
GetSecCompEnhanceInner(MessageParcel & data,MessageParcel & reply)319 void PrivacyManagerStub::GetSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply)
320 {
321 if (!IsSecCompServiceCalling()) {
322 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
323 return;
324 }
325
326 int32_t pid = data.ReadInt32();
327 SecCompEnhanceDataParcel parcel;
328 int32_t result = this->GetSecCompEnhance(pid, parcel);
329 reply.WriteInt32(result);
330 if (result != RET_SUCCESS) {
331 return;
332 }
333
334 reply.WriteParcelable(&parcel);
335 }
336
GetSpecialSecCompEnhanceInner(MessageParcel & data,MessageParcel & reply)337 void PrivacyManagerStub::GetSpecialSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply)
338 {
339 if (!IsSecCompServiceCalling()) {
340 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
341 return;
342 }
343
344 std::string bundleName = data.ReadString();
345
346 std::vector<SecCompEnhanceDataParcel> parcelList;
347 int32_t result = this->GetSpecialSecCompEnhance(bundleName, parcelList);
348 reply.WriteInt32(result);
349 if (result != RET_SUCCESS) {
350 return;
351 }
352 reply.WriteUint32(parcelList.size());
353 for (const auto& parcel : parcelList) {
354 reply.WriteParcelable(&parcel);
355 }
356 }
357
IsSecCompServiceCalling()358 bool PrivacyManagerStub::IsSecCompServiceCalling()
359 {
360 uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID();
361 if (secCompTokenId_ == 0) {
362 secCompTokenId_ = AccessTokenKit::GetNativeTokenId("security_component_service");
363 }
364 return tokenCaller == secCompTokenId_;
365 }
366 #endif
367
IsAccessTokenCalling() const368 bool PrivacyManagerStub::IsAccessTokenCalling() const
369 {
370 int32_t callingUid = IPCSkeleton::GetCallingUid();
371 return callingUid == ACCESSTOKEN_UID;
372 }
373
IsSystemAppCalling() const374 bool PrivacyManagerStub::IsSystemAppCalling() const
375 {
376 uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID();
377 return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId);
378 }
379
VerifyPermission(const std::string & permission) const380 bool PrivacyManagerStub::VerifyPermission(const std::string& permission) const
381 {
382 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
383 if (AccessTokenKit::VerifyAccessToken(callingTokenID, permission, true) == PERMISSION_DENIED) {
384 ACCESSTOKEN_LOG_ERROR(LABEL, "permission denied(callingTokenID=%{public}d)", callingTokenID);
385 return false;
386 }
387 return true;
388 }
389 } // namespace AccessToken
390 } // namespace Security
391 } // namespace OHOS
392