1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "account_iam_mgr_stub.h"
17
18 #include "access_token.h"
19 #include "account_log_wrapper.h"
20 #include "account_permission_manager.h"
21 #include "iaccount_iam_callback.h"
22 #include "ipc_skeleton.h"
23 #include "memory_guard.h"
24 #include "token_setproc.h"
25
26 namespace OHOS {
27 namespace AccountSA {
28 namespace {
29 const std::string ACCESS_USER_AUTH_INTERNAL = "ohos.permission.ACCESS_USER_AUTH_INTERNAL";
30 const std::string MANAGE_USER_IDM = "ohos.permission.MANAGE_USER_IDM";
31 const std::string USE_USER_IDM = "ohos.permission.USE_USER_IDM";
32 }
33
34 const std::map<uint32_t, AccountIAMMgrStub::AccountIAMMessageProc> messageProcMap = {
35 {
36 static_cast<uint32_t>(AccountIAMInterfaceCode::OPEN_SESSION),
37 {
__anoncff91da00202() 38 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
39 return ptr->ProcOpenSession(data, reply); },
40 .isSyetemApi = true,
41 }
42 },
43 {
44 static_cast<uint32_t>(AccountIAMInterfaceCode::CLOSE_SESSION),
45 {
__anoncff91da00302() 46 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
47 return ptr->ProcCloseSession(data, reply); },
48 .isSyetemApi = true,
49 }
50 },
51 {
52 static_cast<uint32_t>(AccountIAMInterfaceCode::ADD_CREDENTIAL),
53 {
__anoncff91da00402() 54 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
55 return ptr->ProcAddCredential(data, reply); },
56 .isSyetemApi = true,
57 }
58 },
59 {
60 static_cast<uint32_t>(AccountIAMInterfaceCode::UPDATE_CREDENTIAL),
61 {
__anoncff91da00502() 62 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
63 return ptr->ProcUpdateCredential(data, reply); },
64 .isSyetemApi = true,
65 }
66 },
67 {
68 static_cast<uint32_t>(AccountIAMInterfaceCode::DEL_CRED),
69 {
__anoncff91da00602() 70 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
71 return ptr->ProcDelCred(data, reply); },
72 .isSyetemApi = true,
73 }
74 },
75 {
76 static_cast<uint32_t>(AccountIAMInterfaceCode::DEL_USER),
77 {
__anoncff91da00702() 78 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
79 return ptr->ProcDelUser(data, reply); },
80 .isSyetemApi = true,
81 }
82 },
83 {
84 static_cast<uint32_t>(AccountIAMInterfaceCode::CANCEL),
85 {
__anoncff91da00802() 86 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
87 return ptr->ProcCancel(data, reply); },
88 .isSyetemApi = true,
89 }
90 },
91 {
92 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_CREDENTIAL_INFO),
93 {
__anoncff91da00902() 94 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
95 return ptr->ProcGetCredentialInfo(data, reply); },
96 .isSyetemApi = true,
97 }
98 },
99 {
100 static_cast<uint32_t>(AccountIAMInterfaceCode::PREPARE_REMOTE_AUTH),
101 {
__anoncff91da00a02() 102 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
103 return ptr->ProcPrepareRemoteAuth(data, reply); },
104 .isSyetemApi = true,
105 }
106 },
107 {
108 static_cast<uint32_t>(AccountIAMInterfaceCode::AUTH_USER),
109 {
__anoncff91da00b02() 110 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
111 return ptr->ProcAuthUser(data, reply); },
112 .isSyetemApi = true,
113 }
114 },
115 {
116 static_cast<uint32_t>(AccountIAMInterfaceCode::CANCEL_AUTH),
117 {
__anoncff91da00c02() 118 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
119 return ptr->ProcCancelAuth(data, reply); },
120 .isSyetemApi = true,
121 }
122 },
123 {
124 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_AVAILABLE_STATUS),
125 {
__anoncff91da00d02() 126 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
127 return ptr->ProcGetAvailableStatus(data, reply); },
128 .isSyetemApi = true,
129 }
130 },
131 {
132 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_PROPERTY),
133 {
__anoncff91da00e02() 134 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
135 return ptr->ProcGetProperty(data, reply); },
136 .isSyetemApi = true,
137 }
138 },
139 {
140 static_cast<uint32_t>(AccountIAMInterfaceCode::SET_PROPERTY),
141 {
__anoncff91da00f02() 142 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
143 return ptr->ProcSetProperty(data, reply); },
144 .isSyetemApi = true,
145 }
146 },
147 {
148 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_ENROLLED_ID),
149 {
__anoncff91da01002() 150 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
151 return ptr->ProcGetEnrolledId(data, reply); },
152 .isSyetemApi = true,
153 }
154 },
155 {
156 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_ACCOUNT_STATE),
157 {
__anoncff91da01102() 158 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
159 return ptr->ProcGetAccountState(data, reply); },
160 }
161 }
162 };
163
AccountIAMMgrStub()164 AccountIAMMgrStub::AccountIAMMgrStub()
165 {
166 messageProcMap_ = messageProcMap;
167 }
168
~AccountIAMMgrStub()169 AccountIAMMgrStub::~AccountIAMMgrStub()
170 {}
171
OnRemoteRequest(std::uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)172 std::int32_t AccountIAMMgrStub::OnRemoteRequest(
173 std::uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option)
174 {
175 ACCOUNT_LOGI("Received stub message: %{public}d, callingPid: %{public}d", code, IPCSkeleton::GetCallingRealPid());
176 MemoryGuard cacheGuard;
177 Security::AccessToken::AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
178 int result = SetFirstCallerTokenID(tokenCaller);
179 ACCOUNT_LOGD("SetFirstCallerTokenID result: %{public}d", result);
180 if (data.ReadInterfaceToken() != GetDescriptor()) {
181 ACCOUNT_LOGE("check descriptor failed! code %{public}u.", code);
182 return ERR_ACCOUNT_COMMON_CHECK_DESCRIPTOR_ERROR;
183 }
184 const auto &itFunc = messageProcMap_.find(code);
185 if (itFunc != messageProcMap_.end()) {
186 if (itFunc->second.isSyetemApi) {
187 result = AccountPermissionManager::CheckSystemApp();
188 if (result != ERR_OK) {
189 ACCOUNT_LOGE("is not system application, result = %{public}u.", result);
190 return result;
191 }
192 }
193 return (itFunc->second.messageProcFunction)(this, data, reply);
194 }
195 ACCOUNT_LOGW("remote request unhandled: %{public}d", code);
196 return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
197 }
198
ProcOpenSession(MessageParcel & data,MessageParcel & reply)199 ErrCode AccountIAMMgrStub::ProcOpenSession(MessageParcel &data, MessageParcel &reply)
200 {
201 if (!CheckPermission(MANAGE_USER_IDM)) {
202 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
203 }
204 int32_t userId;
205 if (!data.ReadInt32(userId)) {
206 ACCOUNT_LOGE("failed to read userId");
207 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
208 }
209 std::vector<uint8_t> challenge;
210 int32_t result = OpenSession(userId, challenge);
211 if (!reply.WriteInt32(result)) {
212 ACCOUNT_LOGE("failed to write result");
213 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
214 }
215 if (result == ERR_OK) {
216 if (!reply.WriteUInt8Vector(challenge)) {
217 ACCOUNT_LOGE("failed to write challenge");
218 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
219 }
220 }
221 return ERR_NONE;
222 }
223
ProcCloseSession(MessageParcel & data,MessageParcel & reply)224 ErrCode AccountIAMMgrStub::ProcCloseSession(MessageParcel &data, MessageParcel &reply)
225 {
226 if (!CheckPermission(MANAGE_USER_IDM)) {
227 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
228 }
229 int32_t userId;
230 if (!data.ReadInt32(userId)) {
231 ACCOUNT_LOGE("failed to read userId");
232 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
233 }
234 int32_t result = CloseSession(userId);
235 if (!reply.WriteInt32(result)) {
236 ACCOUNT_LOGE("failed to write result");
237 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
238 }
239 return ERR_NONE;
240 }
241
ReadUserIdAndAuthType(MessageParcel & data,int32_t & userId,int32_t & authType)242 ErrCode AccountIAMMgrStub::ReadUserIdAndAuthType(MessageParcel &data, int32_t &userId, int32_t &authType)
243 {
244 if (!data.ReadInt32(userId)) {
245 ACCOUNT_LOGE("failed to read userId");
246 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
247 }
248 if (!data.ReadInt32(authType)) {
249 ACCOUNT_LOGE("failed to read authType");
250 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
251 }
252 return ERR_OK;
253 }
254
AddOrUpdateCredential(MessageParcel & data,MessageParcel & reply,bool isAdd)255 ErrCode AccountIAMMgrStub::AddOrUpdateCredential(MessageParcel &data, MessageParcel &reply, bool isAdd)
256 {
257 if (!CheckPermission(MANAGE_USER_IDM)) {
258 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
259 }
260 int32_t userId;
261 int32_t authType;
262 ErrCode ret = ReadUserIdAndAuthType(data, userId, authType);
263 if (ret != ERR_OK) {
264 return ret;
265 }
266 int32_t authSubType;
267 if (!data.ReadInt32(authSubType)) {
268 ACCOUNT_LOGE("failed to read authSubType");
269 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
270 }
271 CredentialParameters credParams;
272 if (!data.ReadUInt8Vector(&credParams.token)) {
273 ACCOUNT_LOGE("failed to read token");
274 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
275 }
276 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
277 if (callback == nullptr) {
278 ACCOUNT_LOGE("callback is nullptr");
279 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
280 }
281 credParams.authType = static_cast<AuthType>(authType);
282 credParams.pinType = static_cast<PinSubType>(authSubType);
283 if (isAdd) {
284 AddCredential(userId, credParams, callback);
285 } else {
286 UpdateCredential(userId, credParams, callback);
287 }
288 return ERR_NONE;
289 }
290
ProcAddCredential(MessageParcel & data,MessageParcel & reply)291 ErrCode AccountIAMMgrStub::ProcAddCredential(MessageParcel &data, MessageParcel &reply)
292 {
293 return AddOrUpdateCredential(data, reply);
294 }
295
ProcUpdateCredential(MessageParcel & data,MessageParcel & reply)296 ErrCode AccountIAMMgrStub::ProcUpdateCredential(MessageParcel &data, MessageParcel &reply)
297 {
298 return AddOrUpdateCredential(data, reply, false);
299 }
300
ProcDelCred(MessageParcel & data,MessageParcel & reply)301 ErrCode AccountIAMMgrStub::ProcDelCred(MessageParcel &data, MessageParcel &reply)
302 {
303 if (!CheckPermission(MANAGE_USER_IDM)) {
304 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
305 }
306 int32_t userId;
307 if (!data.ReadInt32(userId)) {
308 ACCOUNT_LOGE("failed to read userId");
309 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
310 }
311 uint64_t credentialId;
312 if (!data.ReadUint64(credentialId)) {
313 ACCOUNT_LOGE("failed to read credentialId");
314 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
315 }
316 std::vector<uint8_t> authToken;
317 if (!data.ReadUInt8Vector(&authToken)) {
318 ACCOUNT_LOGE("failed to read authToken for delCred");
319 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
320 }
321 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
322 if (callback == nullptr) {
323 ACCOUNT_LOGE("callback is nullptr");
324 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
325 }
326 DelCred(userId, credentialId, authToken, callback);
327 return ERR_NONE;
328 }
329
ProcDelUser(MessageParcel & data,MessageParcel & reply)330 ErrCode AccountIAMMgrStub::ProcDelUser(MessageParcel &data, MessageParcel &reply)
331 {
332 if (!CheckPermission(MANAGE_USER_IDM)) {
333 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
334 }
335 int32_t userId;
336 if (!data.ReadInt32(userId)) {
337 ACCOUNT_LOGE("failed to read userId");
338 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
339 }
340 std::vector<uint8_t> authToken;
341 if (!data.ReadUInt8Vector(&authToken)) {
342 ACCOUNT_LOGE("failed to read authToken for delUser");
343 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
344 }
345 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
346 if (callback == nullptr) {
347 ACCOUNT_LOGE("callback is nullptr");
348 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
349 }
350 DelUser(userId, authToken, callback);
351 return ERR_NONE;
352 }
353
ProcCancel(MessageParcel & data,MessageParcel & reply)354 ErrCode AccountIAMMgrStub::ProcCancel(MessageParcel &data, MessageParcel &reply)
355 {
356 if (!CheckPermission(MANAGE_USER_IDM)) {
357 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
358 }
359 int32_t userId;
360 if (!data.ReadInt32(userId)) {
361 ACCOUNT_LOGE("failed to read userId");
362 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
363 }
364 int32_t result = Cancel(userId);
365 if (!reply.WriteInt32(result)) {
366 ACCOUNT_LOGE("failed to write result");
367 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
368 }
369 return ERR_NONE;
370 }
371
ProcGetCredentialInfo(MessageParcel & data,MessageParcel & reply)372 ErrCode AccountIAMMgrStub::ProcGetCredentialInfo(MessageParcel &data, MessageParcel &reply)
373 {
374 if (!CheckPermission(USE_USER_IDM)) {
375 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
376 }
377 int32_t userId;
378 int32_t authType;
379 ErrCode ret = ReadUserIdAndAuthType(data, userId, authType);
380 if (ret != ERR_OK) {
381 return ret;
382 }
383 sptr<IGetCredInfoCallback> callback = iface_cast<IGetCredInfoCallback>(data.ReadRemoteObject());
384 if (callback == nullptr) {
385 ACCOUNT_LOGE("callback is nullptr");
386 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
387 }
388 int result = GetCredentialInfo(userId, static_cast<AuthType>(authType), callback);
389 if (!reply.WriteInt32(result)) {
390 ACCOUNT_LOGE("failed to write result");
391 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
392 }
393 return ERR_NONE;
394 }
395
ProcPrepareRemoteAuth(MessageParcel & data,MessageParcel & reply)396 ErrCode AccountIAMMgrStub::ProcPrepareRemoteAuth(MessageParcel &data, MessageParcel &reply)
397 {
398 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
399 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
400 }
401 std::string remoteNetworkId;
402 if (!data.ReadString(remoteNetworkId)) {
403 ACCOUNT_LOGE("Read remoteNetworkId failed.");
404 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
405 }
406
407 sptr<IPreRemoteAuthCallback> callback = iface_cast<IPreRemoteAuthCallback>(data.ReadRemoteObject());
408 if (callback == nullptr) {
409 ACCOUNT_LOGE("PreRemoteAuthCallback is nullptr.");
410 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
411 }
412 int result = PrepareRemoteAuth(remoteNetworkId, callback);
413 if (!reply.WriteInt32(result)) {
414 ACCOUNT_LOGE("Write result failed.");
415 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
416 }
417
418 return ERR_NONE;
419 }
420
ReadAuthParam(MessageParcel & data,AuthParam & authParam)421 ErrCode AccountIAMMgrStub::ReadAuthParam(MessageParcel &data, AuthParam &authParam)
422 {
423 if (!data.ReadInt32(authParam.userId)) {
424 ACCOUNT_LOGE("failed to read userId");
425 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
426 }
427 if (!data.ReadUInt8Vector(&authParam.challenge)) {
428 ACCOUNT_LOGE("failed to read challenge");
429 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
430 }
431 int32_t authType;
432 if (!data.ReadInt32(authType)) {
433 ACCOUNT_LOGE("failed to read authType for AuthUser");
434 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
435 }
436 authParam.authType = static_cast<AuthType>(authType);
437 uint32_t authTrustLevel;
438 if (!data.ReadUint32(authTrustLevel)) {
439 ACCOUNT_LOGE("failed to read authTrustLevel for AuthUser");
440 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
441 }
442 authParam.authTrustLevel = static_cast<AuthTrustLevel>(authTrustLevel);
443 int32_t authIntent = 0;
444 if (!data.ReadInt32(authIntent)) {
445 ACCOUNT_LOGE("failed to read authIntent for AuthUser");
446 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
447 }
448 authParam.authIntent = static_cast<AuthIntent>(authIntent);
449 return ERR_OK;
450 }
451
ReadRemoteAuthParam(MessageParcel & data,std::optional<RemoteAuthParam> & remoteAuthParam)452 ErrCode AccountIAMMgrStub::ReadRemoteAuthParam(MessageParcel &data,
453 std::optional<RemoteAuthParam> &remoteAuthParam)
454 {
455 bool res = false;
456 if (!data.ReadBool(res)) {
457 ACCOUNT_LOGE("Read RemoteAuthParam exist failed.");
458 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
459 }
460 if (!res) {
461 return ERR_OK;
462 }
463 remoteAuthParam = RemoteAuthParam();
464 if (!data.ReadBool(res)) {
465 ACCOUNT_LOGE("Read verifierNetworkId exist failed.");
466 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
467 }
468 if (res) {
469 std::string networkId;
470 if (!data.ReadString(networkId)) {
471 ACCOUNT_LOGE("Read verifierNetworkId failed.");
472 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
473 }
474 remoteAuthParam.value().verifierNetworkId = networkId;
475 }
476 if (!data.ReadBool(res)) {
477 ACCOUNT_LOGE("Read collectorNetworkId exist failed.");
478 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
479 }
480 if (res) {
481 std::string networkId;
482 if (!data.ReadString(networkId)) {
483 ACCOUNT_LOGE("Read collectorNetworkId failed.");
484 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
485 }
486 remoteAuthParam.value().collectorNetworkId = networkId;
487 }
488 if (!data.ReadBool(res)) {
489 ACCOUNT_LOGE("Read collectorTokenId exist failed.");
490 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
491 }
492 if (res) {
493 uint32_t tokenId;
494 if (!data.ReadUint32(tokenId)) {
495 ACCOUNT_LOGE("Read collectorTokenId failed.");
496 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
497 }
498 remoteAuthParam.value().collectorTokenId = tokenId;
499 }
500 return ERR_OK;
501 }
502
ProcAuthUser(MessageParcel & data,MessageParcel & reply)503 ErrCode AccountIAMMgrStub::ProcAuthUser(MessageParcel &data, MessageParcel &reply)
504 {
505 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
506 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
507 }
508 AuthParam authParam;
509 if (ReadAuthParam(data, authParam) != ERR_OK) {
510 ACCOUNT_LOGE("failed to read authParam");
511 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
512 }
513 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
514 if (callback == nullptr) {
515 ACCOUNT_LOGE("UserAuthCallbackInterface is nullptr");
516 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
517 }
518 if (ReadRemoteAuthParam(data, authParam.remoteAuthParam) != ERR_OK) {
519 ACCOUNT_LOGE("failed to read RemoteAuthParam");
520 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
521 }
522 uint64_t contextId = 0;
523 ErrCode result = AuthUser(authParam, callback, contextId);
524 if (!reply.WriteInt32(result)) {
525 ACCOUNT_LOGE("failed to write result");
526 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
527 }
528 if (!reply.WriteUint64(contextId)) {
529 ACCOUNT_LOGE("failed to write contextId");
530 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
531 }
532 return ERR_NONE;
533 }
534
ProcCancelAuth(MessageParcel & data,MessageParcel & reply)535 ErrCode AccountIAMMgrStub::ProcCancelAuth(MessageParcel &data, MessageParcel &reply)
536 {
537 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
538 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
539 }
540 uint64_t contextId;
541 if (!data.ReadUint64(contextId)) {
542 ACCOUNT_LOGE("failed to read contextId");
543 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
544 }
545 int32_t result = CancelAuth(contextId);
546 if (!reply.WriteInt32(result)) {
547 ACCOUNT_LOGE("failed to write result");
548 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
549 }
550 return ERR_NONE;
551 }
552
ProcGetAvailableStatus(MessageParcel & data,MessageParcel & reply)553 ErrCode AccountIAMMgrStub::ProcGetAvailableStatus(MessageParcel &data, MessageParcel &reply)
554 {
555 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
556 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
557 }
558 int32_t authType;
559 if (!data.ReadInt32(authType)) {
560 ACCOUNT_LOGE("failed to read authType for GetAvailableStatus");
561 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
562 }
563 uint32_t authTrustLevel;
564 if (!data.ReadUint32(authTrustLevel)) {
565 ACCOUNT_LOGE("failed to read authTrustLevel for GetAvailableStatus");
566 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
567 }
568 int32_t status;
569 int32_t result =
570 GetAvailableStatus(static_cast<AuthType>(authType), static_cast<AuthTrustLevel>(authTrustLevel), status);
571 if (!reply.WriteInt32(result)) {
572 ACCOUNT_LOGE("failed to write result");
573 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
574 }
575 if (result == ERR_OK) {
576 if (!reply.WriteInt32(status)) {
577 ACCOUNT_LOGE("failed to write status");
578 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
579 }
580 }
581 return ERR_NONE;
582 }
583
ProcGetProperty(MessageParcel & data,MessageParcel & reply)584 ErrCode AccountIAMMgrStub::ProcGetProperty(MessageParcel &data,
585 MessageParcel &reply) __attribute__((no_sanitize("cfi")))
586 {
587 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
588 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
589 }
590 int32_t userId;
591 int32_t authType;
592 if (ReadUserIdAndAuthType(data, userId, authType) != ERR_OK) {
593 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
594 }
595 std::vector<uint32_t> keys;
596 if (!data.ReadUInt32Vector(&keys)) {
597 ACCOUNT_LOGE("failed to read attribute keys");
598 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
599 }
600 sptr<IGetSetPropCallback> callback = iface_cast<IGetSetPropCallback>(data.ReadRemoteObject());
601 if (callback == nullptr) {
602 ACCOUNT_LOGE("IGetSetPropCallback is nullptr");
603 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
604 }
605 GetPropertyRequest request;
606 request.authType = static_cast<AuthType>(authType);
607 for (auto &key : keys) {
608 request.keys.push_back(static_cast<Attributes::AttributeKey>(key));
609 }
610 GetProperty(userId, request, callback);
611 return ERR_NONE;
612 }
613
ProcSetProperty(MessageParcel & data,MessageParcel & reply)614 ErrCode AccountIAMMgrStub::ProcSetProperty(MessageParcel &data, MessageParcel &reply)
615 {
616 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
617 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
618 }
619 int32_t userId;
620 int32_t authType;
621 if (ReadUserIdAndAuthType(data, userId, authType) != ERR_OK) {
622 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
623 }
624 std::vector<uint8_t> attr;
625 if (!data.ReadUInt8Vector(&attr)) {
626 ACCOUNT_LOGE("failed to read attributes");
627 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
628 }
629 sptr<IGetSetPropCallback> callback = iface_cast<IGetSetPropCallback>(data.ReadRemoteObject());
630 if (callback == nullptr) {
631 ACCOUNT_LOGE("SetExecutorPropertyCallbackInterface is nullptr");
632 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
633 }
634 SetPropertyRequest request = {
635 .authType = static_cast<AuthType>(authType),
636 .attrs = Attributes(attr)
637 };
638 SetProperty(userId, request, callback);
639 return ERR_NONE;
640 }
641
ProcGetAccountState(MessageParcel & data,MessageParcel & reply)642 ErrCode AccountIAMMgrStub::ProcGetAccountState(MessageParcel &data, MessageParcel &reply)
643 {
644 int32_t userId;
645 if (!data.ReadInt32(userId)) {
646 ACCOUNT_LOGE("failed to read userId");
647 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
648 }
649 IAMState state = GetAccountState(userId);
650 if (!reply.WriteInt32(state)) {
651 ACCOUNT_LOGE("failed to write state");
652 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
653 }
654 return ERR_NONE;
655 }
656
ProcGetEnrolledId(MessageParcel & data,MessageParcel & reply)657 ErrCode AccountIAMMgrStub::ProcGetEnrolledId(MessageParcel &data, MessageParcel &reply)
658 {
659 if (!CheckPermission(USE_USER_IDM)) {
660 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
661 }
662 int32_t accountId;
663 int32_t authType;
664 ErrCode ret = ReadUserIdAndAuthType(data, accountId, authType);
665 if (ret != ERR_OK) {
666 return ret;
667 }
668 sptr<IGetEnrolledIdCallback> callback = iface_cast<IGetEnrolledIdCallback>(data.ReadRemoteObject());
669 if (callback == nullptr) {
670 ACCOUNT_LOGE("Callback is nullptr");
671 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
672 }
673 GetEnrolledId(accountId, static_cast<AuthType>(authType), callback);
674 return ERR_NONE;
675 }
676
CheckPermission(const std::string & permission)677 bool AccountIAMMgrStub::CheckPermission(const std::string &permission)
678 {
679 if (AccountPermissionManager::VerifyPermission(permission) != ERR_OK) {
680 ACCOUNT_LOGE("check permission failed, permission name: %{public}s", permission.c_str());
681 return false;
682 }
683 return true;
684 }
685 } // AccountSA
686 } // OHOS
687