1 /* 2 * Copyright (c) 2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #include "edm_access_token_manager_impl.h" 17 18 #include "accesstoken_kit.h" 19 #include "ipc_skeleton.h" 20 #include "parameters.h" 21 #include "tokenid_kit.h" 22 23 #include "edm_log.h" 24 25 namespace OHOS { 26 namespace EDM { 27 const std::string DEVELOP_MODE_STATE = "const.security.developermode.state"; 28 IsDebug()29bool EdmAccessTokenManagerImpl::IsDebug() 30 { 31 Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID(); 32 Security::AccessToken::ATokenTypeEnum tokenType = 33 Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken); 34 if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL && 35 system::GetBoolParameter(DEVELOP_MODE_STATE, false)) { 36 EDMLOGI("EdmAccessTokenManagerImpl::caller tokenType is shell and check developer mode success."); 37 return true; 38 } 39 return false; 40 } 41 IsSystemAppOrNative()42bool EdmAccessTokenManagerImpl::IsSystemAppOrNative() 43 { 44 bool isSystemApp = 45 Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(IPCSkeleton::GetCallingFullTokenID()); 46 Security::AccessToken::ATokenTypeEnum tokenType = 47 Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(IPCSkeleton::GetCallingTokenID()); 48 if (isSystemApp || tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE || 49 tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL) { 50 EDMLOGE("EdmAccessTokenManagerImpl::not system app or native process"); 51 return true; 52 } 53 return false; 54 } 55 VerifyCallingPermission(const std::string & permissionName)56bool EdmAccessTokenManagerImpl::VerifyCallingPermission(const std::string &permissionName) 57 { 58 EDMLOGD("EdmAccessTokenManagerImpl::VerifyCallingPermission permission %{public}s", permissionName.c_str()); 59 Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID(); 60 int32_t ret = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName); 61 if (ret == Security::AccessToken::PermissionState::PERMISSION_GRANTED) { 62 EDMLOGI("EdmAccessTokenManagerImpl::permission %{public}s: PERMISSION_GRANTED", permissionName.c_str()); 63 return true; 64 } 65 EDMLOGW("EdmAccessTokenManagerImpl::verify AccessToken failed"); 66 return false; 67 } 68 } // namespace EDM 69 } // namespace OHOS