1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "permission_verification.h"
17
18 #include "ability_manager_errors.h"
19 #include "accesstoken_kit.h"
20 #include "hilog_wrapper.h"
21 #include "permission_constants.h"
22 #include "support_system_ability_permission.h"
23 #include "tokenid_kit.h"
24
25 namespace OHOS {
26 namespace AAFwk {
27 const std::string DLP_PARAMS_INDEX = "ohos.dlp.params.index";
28 const std::string DLP_PARAMS_SECURITY_FLAG = "ohos.dlp.params.securityFlag";
29 namespace {
30 const int32_t BROKER_UID = 5557;
31 }
VerifyPermissionByTokenId(const int & tokenId,const std::string & permissionName) const32 bool PermissionVerification::VerifyPermissionByTokenId(const int &tokenId, const std::string &permissionName) const
33 {
34 HILOG_DEBUG("VerifyPermissionByTokenId permission %{public}s", permissionName.c_str());
35 int32_t ret = Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenId, permissionName, false);
36 if (ret != Security::AccessToken::PermissionState::PERMISSION_GRANTED) {
37 HILOG_ERROR("permission %{public}s: PERMISSION_DENIED", permissionName.c_str());
38 return false;
39 }
40 HILOG_DEBUG("verify AccessToken success");
41 return true;
42 }
43
VerifyCallingPermission(const std::string & permissionName) const44 bool PermissionVerification::VerifyCallingPermission(const std::string &permissionName) const
45 {
46 HILOG_DEBUG("VerifyCallingPermission permission %{public}s", permissionName.c_str());
47 auto callerToken = GetCallingTokenID();
48 int32_t ret = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName, false);
49 if (ret != Security::AccessToken::PermissionState::PERMISSION_GRANTED) {
50 HILOG_ERROR("permission %{public}s: PERMISSION_DENIED", permissionName.c_str());
51 return false;
52 }
53 HILOG_DEBUG("verify AccessToken success");
54 return true;
55 }
56
IsSACall() const57 bool PermissionVerification::IsSACall() const
58 {
59 HILOG_DEBUG("%{public}s: is called.", __func__);
60 auto callerToken = GetCallingTokenID();
61 auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken);
62 if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) {
63 HILOG_DEBUG("caller tokenType is native, verify success");
64 return true;
65 }
66 HILOG_DEBUG("Not SA called.");
67 return false;
68 }
69
IsShellCall() const70 bool PermissionVerification::IsShellCall() const
71 {
72 HILOG_DEBUG("%{public}s: is called.", __func__);
73 auto callerToken = GetCallingTokenID();
74 auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken);
75 if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL) {
76 HILOG_DEBUG("caller tokenType is shell, verify success");
77 return true;
78 }
79 HILOG_DEBUG("Not shell called.");
80 return false;
81 }
82
CheckSpecificSystemAbilityAccessPermission(const std::string & processName) const83 bool PermissionVerification::CheckSpecificSystemAbilityAccessPermission(const std::string &processName) const
84 {
85 HILOG_DEBUG("PermissionVerification::CheckSpecifidSystemAbilityAccessToken is called.");
86 if (!IsSACall()) {
87 HILOG_ERROR("caller tokenType is not native, verify failed.");
88 return false;
89 }
90 auto callerToken = GetCallingTokenID();
91 Security::AccessToken::NativeTokenInfo nativeTokenInfo;
92 int32_t result = Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(callerToken, nativeTokenInfo);
93 if (result != ERR_OK || nativeTokenInfo.processName != processName) {
94 HILOG_ERROR("Check process name failed.");
95 return false;
96 }
97 return true;
98 }
99
VerifyRunningInfoPerm() const100 bool PermissionVerification::VerifyRunningInfoPerm() const
101 {
102 if (VerifyCallingPermission(PermissionConstants::PERMISSION_GET_RUNNING_INFO)) {
103 HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__);
104 return true;
105 }
106 HILOG_ERROR("%{public}s: Permission verification failed.", __func__);
107 return false;
108 }
109
VerifyControllerPerm() const110 bool PermissionVerification::VerifyControllerPerm() const
111 {
112 if (VerifyCallingPermission(PermissionConstants::PERMISSION_SET_ABILITY_CONTROLLER)) {
113 HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__);
114 return true;
115 }
116 HILOG_ERROR("%{public}s: Permission verification failed.", __func__);
117 return false;
118 }
119
VerifyDlpPermission(Want & want) const120 bool PermissionVerification::VerifyDlpPermission(Want &want) const
121 {
122 if (want.GetIntParam(DLP_PARAMS_INDEX, 0) == 0) {
123 want.RemoveParam(DLP_PARAMS_SECURITY_FLAG);
124 return true;
125 }
126
127 if (VerifyCallingPermission(PermissionConstants::PERMISSION_ACCESS_DLP)) {
128 return true;
129 }
130 HILOG_ERROR("%{public}s: Permission verification failed", __func__);
131 return false;
132 }
133
VerifyAccountPermission() const134 int PermissionVerification::VerifyAccountPermission() const
135 {
136 if (VerifyCallingPermission(PermissionConstants::PERMISSION_INTERACT_ACROSS_LOCAL_ACCOUNTS)) {
137 return ERR_OK;
138 }
139 HILOG_ERROR("%{public}s: Permission verification failed", __func__);
140 return CHECK_PERMISSION_FAILED;
141 }
142
VerifyMissionPermission() const143 bool PermissionVerification::VerifyMissionPermission() const
144 {
145 if (VerifyCallingPermission(PermissionConstants::PERMISSION_MANAGE_MISSION)) {
146 HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__);
147 return true;
148 }
149 HILOG_ERROR("%{public}s: Permission verification failed", __func__);
150 return false;
151 }
152
VerifyAppStateObserverPermission() const153 int PermissionVerification::VerifyAppStateObserverPermission() const
154 {
155 if (VerifyCallingPermission(PermissionConstants::PERMISSION_RUNNING_STATE_OBSERVER)) {
156 HILOG_DEBUG("Permission verification succeeded.");
157 return ERR_OK;
158 }
159 HILOG_ERROR("Permission verification failed.");
160 return ERR_PERMISSION_DENIED;
161 }
162
VerifyUpdateConfigurationPerm() const163 int32_t PermissionVerification::VerifyUpdateConfigurationPerm() const
164 {
165 if (VerifyCallingPermission(PermissionConstants::PERMISSION_UPDATE_CONFIGURATION)) {
166 HILOG_INFO("Verify permission %{public}s succeed.", PermissionConstants::PERMISSION_UPDATE_CONFIGURATION);
167 return ERR_OK;
168 }
169 HILOG_ERROR("Verify permission %{public}s failed.", PermissionConstants::PERMISSION_UPDATE_CONFIGURATION);
170 return ERR_PERMISSION_DENIED;
171 }
172
VerifyInstallBundlePermission() const173 bool PermissionVerification::VerifyInstallBundlePermission() const
174 {
175 if (VerifyCallingPermission(PermissionConstants::PERMISSION_INSTALL_BUNDLE)) {
176 HILOG_INFO("Verify permission %{public}s succeed.", PermissionConstants::PERMISSION_INSTALL_BUNDLE);
177 return true;
178 }
179
180 HILOG_ERROR("Verify permission %{public}s failed.", PermissionConstants::PERMISSION_INSTALL_BUNDLE);
181 return false;
182 }
183
VerifyGetBundleInfoPrivilegedPermission() const184 bool PermissionVerification::VerifyGetBundleInfoPrivilegedPermission() const
185 {
186 if (VerifyCallingPermission(PermissionConstants::PERMISSION_GET_BUNDLE_INFO_PRIVILEGED)) {
187 HILOG_INFO("Verify permission %{public}s succeed.", PermissionConstants::PERMISSION_GET_BUNDLE_INFO_PRIVILEGED);
188 return true;
189 }
190
191 HILOG_ERROR("Verify permission %{public}s failed.", PermissionConstants::PERMISSION_GET_BUNDLE_INFO_PRIVILEGED);
192 return false;
193 }
194
VerifyStartRecentAbilityPermission() const195 bool PermissionVerification::VerifyStartRecentAbilityPermission() const
196 {
197 if (VerifyCallingPermission(PermissionConstants::PERMISSION_START_RECENT_ABILITY)) {
198 HILOG_INFO("Verify permission %{public}s succeed.", PermissionConstants::PERMISSION_START_RECENT_ABILITY);
199 return true;
200 }
201 return VerifyMissionPermission();
202 }
203
CheckCallDataAbilityPermission(const VerificationInfo & verificationInfo,bool isShell) const204 int PermissionVerification::CheckCallDataAbilityPermission(const VerificationInfo &verificationInfo, bool isShell) const
205 {
206 if ((verificationInfo.apiTargetVersion > API8 || isShell) &&
207 !JudgeStartAbilityFromBackground(verificationInfo.isBackgroundCall, verificationInfo.withContinuousTask)) {
208 HILOG_ERROR("Application can not start DataAbility from background after API8.");
209 return CHECK_PERMISSION_FAILED;
210 }
211 if (!JudgeStartInvisibleAbility(verificationInfo.accessTokenId, verificationInfo.visible)) {
212 HILOG_ERROR("Target DataAbility is not visible, and caller does not have INVISIBLE permission.");
213 return ABILITY_VISIBLE_FALSE_DENY_REQUEST;
214 }
215 if (!JudgeAssociatedWakeUp(verificationInfo.accessTokenId, verificationInfo.associatedWakeUp)) {
216 HILOG_ERROR("Target DataAbility's associatedWakeUp is false, reject start it from other application.");
217 return CHECK_PERMISSION_FAILED;
218 }
219
220 return ERR_OK;
221 }
222
CheckCallServiceAbilityPermission(const VerificationInfo & verificationInfo) const223 int PermissionVerification::CheckCallServiceAbilityPermission(const VerificationInfo &verificationInfo) const
224 {
225 if (IPCSkeleton::GetCallingUid() != BROKER_UID &&
226 SupportSystemAbilityPermission::IsSupportSaCallPermission() && IsSACall()) {
227 HILOG_DEBUG("Add switch for suites");
228 return ERR_OK;
229 }
230 if ((verificationInfo.apiTargetVersion > API8 || IsShellCall()) &&
231 !JudgeStartAbilityFromBackground(verificationInfo.isBackgroundCall, verificationInfo.withContinuousTask)) {
232 HILOG_ERROR("Application can not start ServiceAbility from background after API8.");
233 return CHECK_PERMISSION_FAILED;
234 }
235 if (!JudgeStartInvisibleAbility(verificationInfo.accessTokenId, verificationInfo.visible)) {
236 HILOG_ERROR("Target ServiceAbility is not visible, and caller does not have INVISIBLE permission.");
237 return ABILITY_VISIBLE_FALSE_DENY_REQUEST;
238 }
239 if (!JudgeAssociatedWakeUp(verificationInfo.accessTokenId, verificationInfo.associatedWakeUp)) {
240 HILOG_ERROR("Target ServiceAbility's associatedWakeUp is false, reject start it from other application.");
241 return CHECK_PERMISSION_FAILED;
242 }
243
244 return ERR_OK;
245 }
246
CheckCallAbilityPermission(const VerificationInfo & verificationInfo) const247 int PermissionVerification::CheckCallAbilityPermission(const VerificationInfo &verificationInfo) const
248 {
249 return JudgeInvisibleAndBackground(verificationInfo);
250 }
251
CheckCallServiceExtensionPermission(const VerificationInfo & verificationInfo) const252 int PermissionVerification::CheckCallServiceExtensionPermission(const VerificationInfo &verificationInfo) const
253 {
254 return JudgeInvisibleAndBackground(verificationInfo);
255 }
256
CheckStartByCallPermission(const VerificationInfo & verificationInfo) const257 int PermissionVerification::CheckStartByCallPermission(const VerificationInfo &verificationInfo) const
258 {
259 if (IsCallFromSameAccessToken(verificationInfo.accessTokenId)) {
260 HILOG_ERROR("Not remote call, Caller is from same APP, StartAbilityByCall reject");
261 return CHECK_PERMISSION_FAILED;
262 }
263 // Different APP call, check permissions
264 if (!VerifyCallingPermission(PermissionConstants::PERMISSION_ABILITY_BACKGROUND_COMMUNICATION)) {
265 HILOG_ERROR("PERMISSION_ABILITY_BACKGROUND_COMMUNICATION verification failed, StartAbilityByCall reject");
266 return CHECK_PERMISSION_FAILED;
267 }
268 if (!JudgeStartInvisibleAbility(verificationInfo.accessTokenId, verificationInfo.visible)) {
269 return ABILITY_VISIBLE_FALSE_DENY_REQUEST;
270 }
271 if (!JudgeStartAbilityFromBackground(verificationInfo.isBackgroundCall, verificationInfo.withContinuousTask)) {
272 return CHECK_PERMISSION_FAILED;
273 }
274
275 return ERR_OK;
276 }
277
GetCallingTokenID() const278 unsigned int PermissionVerification::GetCallingTokenID() const
279 {
280 auto callerToken = IPCSkeleton::GetCallingTokenID();
281 HILOG_DEBUG("callerToken : %{private}u", callerToken);
282 return callerToken;
283 }
284
JudgeStartInvisibleAbility(const uint32_t accessTokenId,const bool visible) const285 bool PermissionVerification::JudgeStartInvisibleAbility(const uint32_t accessTokenId, const bool visible) const
286 {
287 if (visible) {
288 HILOG_DEBUG("TargetAbility visible is true, PASS.");
289 return true;
290 }
291 if (IsCallFromSameAccessToken(accessTokenId)) {
292 HILOG_DEBUG("TargetAbility is in same APP, PASS.");
293 return true;
294 }
295 if (VerifyCallingPermission(PermissionConstants::PERMISSION_START_INVISIBLE_ABILITY)) {
296 HILOG_DEBUG("Caller has PERMISSION_START_INVISIBLE_ABILITY, PASS.");
297 return true;
298 }
299 HILOG_ERROR("PERMISSION_START_INVISIBLE_ABILITY verification failed.");
300 return false;
301 }
302
JudgeStartAbilityFromBackground(const bool isBackgroundCall,bool withContinuousTask) const303 bool PermissionVerification::JudgeStartAbilityFromBackground(
304 const bool isBackgroundCall, bool withContinuousTask) const
305 {
306 if (!isBackgroundCall) {
307 HILOG_DEBUG("Caller is not background, PASS.");
308 return true;
309 }
310
311 if (withContinuousTask) {
312 HILOG_DEBUG("Caller has continuous task, PASS.");
313 return true;
314 }
315
316 // Temporarily supports permissions with two different spellings
317 // PERMISSION_START_ABILIIES_FROM_BACKGROUND will be removed later due to misspelling
318 if (VerifyCallingPermission(PermissionConstants::PERMISSION_START_ABILITIES_FROM_BACKGROUND) ||
319 VerifyCallingPermission(PermissionConstants::PERMISSION_START_ABILIIES_FROM_BACKGROUND)) {
320 HILOG_DEBUG("Caller has PERMISSION_START_ABILITIES_FROM_BACKGROUND, PASS.");
321 return true;
322 }
323 HILOG_ERROR("PERMISSION_START_ABILITIES_FROM_BACKGROUND verification failed.");
324 return false;
325 }
326
JudgeAssociatedWakeUp(const uint32_t accessTokenId,const bool associatedWakeUp) const327 bool PermissionVerification::JudgeAssociatedWakeUp(const uint32_t accessTokenId, const bool associatedWakeUp) const
328 {
329 if (IsCallFromSameAccessToken(accessTokenId)) {
330 HILOG_DEBUG("TargetAbility is in same APP, PASS.");
331 return true;
332 }
333 if (associatedWakeUp) {
334 HILOG_DEBUG("TargetAbility is allowed associatedWakeUp, PASS.");
335 return true;
336 }
337 HILOG_ERROR("The target is not allowed associatedWakeUp.");
338 return false;
339 }
340
JudgeInvisibleAndBackground(const VerificationInfo & verificationInfo) const341 int PermissionVerification::JudgeInvisibleAndBackground(const VerificationInfo &verificationInfo) const
342 {
343 if (IPCSkeleton::GetCallingUid() != BROKER_UID &&
344 SupportSystemAbilityPermission::IsSupportSaCallPermission() && IsSACall()) {
345 HILOG_DEBUG("Support SA call");
346 return ERR_OK;
347 }
348 if (!JudgeStartInvisibleAbility(verificationInfo.accessTokenId, verificationInfo.visible)) {
349 return ABILITY_VISIBLE_FALSE_DENY_REQUEST;
350 }
351 if (!JudgeStartAbilityFromBackground(verificationInfo.isBackgroundCall, verificationInfo.withContinuousTask)) {
352 return CHECK_PERMISSION_FAILED;
353 }
354
355 return ERR_OK;
356 }
357
JudgeCallerIsAllowedToUseSystemAPI() const358 bool PermissionVerification::JudgeCallerIsAllowedToUseSystemAPI() const
359 {
360 if (IsSACall() || IsShellCall()) {
361 return true;
362 }
363 auto callerToken = IPCSkeleton::GetCallingFullTokenID();
364 return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(callerToken);
365 }
366
IsSystemAppCall() const367 bool PermissionVerification::IsSystemAppCall() const
368 {
369 auto callerToken = IPCSkeleton::GetCallingFullTokenID();
370 return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(callerToken);
371 }
372
VerifyPrepareTerminatePermission() const373 bool PermissionVerification::VerifyPrepareTerminatePermission() const
374 {
375 if (VerifyCallingPermission(PermissionConstants::PERMISSION_PREPARE_TERMINATE)) {
376 HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__);
377 return true;
378 }
379 HILOG_DEBUG("%{public}s: Permission verification failed", __func__);
380 return false;
381 }
382
VerifyPrepareTerminatePermission(const int & tokenId) const383 bool PermissionVerification::VerifyPrepareTerminatePermission(const int &tokenId) const
384 {
385 int32_t ret = Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenId,
386 PermissionConstants::PERMISSION_PREPARE_TERMINATE, false);
387 if (ret != Security::AccessToken::PermissionState::PERMISSION_GRANTED) {
388 HILOG_DEBUG("permission denied.");
389 return false;
390 }
391 HILOG_DEBUG("verify AccessToken success");
392 return true;
393 }
394 } // namespace AAFwk
395 } // namespace OHOS
396