1 /*
2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "app_account_manager_service.h"
17 #include "accesstoken_kit.h"
18 #include "account_log_wrapper.h"
19 #include "bundle_manager_adapter.h"
20 #include "account_hisysevent_adapter.h"
21 #include "inner_app_account_manager.h"
22 #include "ipc_skeleton.h"
23
24 namespace OHOS {
25 namespace AccountSA {
26 namespace {
27 constexpr int32_t UID_TRANSFORM_DIVISOR = 200000; // local account id = uid / UID_TRANSFORM_DIVISOR
28 const std::string DISTRIBUTED_DATASYNC = "ohos.permission.DISTRIBUTED_DATASYNC";
29 const std::string GET_ALL_APP_ACCOUNTS = "ohos.permission.GET_ALL_APP_ACCOUNTS";
30 }
31
AppAccountManagerService()32 AppAccountManagerService::AppAccountManagerService()
33 {
34 innerManager_ = std::make_shared<InnerAppAccountManager>();
35 #ifdef HAS_CES_PART
36 CommonEventCallback callback = {
37 [this](const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex) {
38 this->OnPackageRemoved(uid, bundleName, appIndex);
39 },
40 [this] (int32_t userId) { this->OnUserRemoved(userId); },
41 };
42 observer_ = std::make_shared<AppAccountCommonEventObserver>(callback);
43 #endif // HAS_CES_PART
44 }
45
~AppAccountManagerService()46 AppAccountManagerService::~AppAccountManagerService()
47 {}
48
AddAccount(const std::string & name,const std::string & extraInfo)49 ErrCode AppAccountManagerService::AddAccount(const std::string &name, const std::string &extraInfo)
50 {
51 int32_t callingUid = -1;
52 std::string bundleName;
53 uint32_t appIndex;
54 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
55 if (ret != ERR_OK) {
56 return ret;
57 }
58 return innerManager_->AddAccount(name, extraInfo, callingUid, bundleName, appIndex);
59 }
60
AddAccountImplicitly(const std::string & owner,const std::string & authType,const AAFwk::Want & options,const sptr<IAppAccountAuthenticatorCallback> & callback)61 ErrCode AppAccountManagerService::AddAccountImplicitly(const std::string &owner, const std::string &authType,
62 const AAFwk::Want &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
63 {
64 AuthenticatorSessionRequest request;
65 request.callerPid = IPCSkeleton::GetCallingRealPid();
66 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
67 if (result != ERR_OK) {
68 return result;
69 }
70 request.owner = owner;
71 request.authType = authType;
72 request.options = options;
73 request.callerAbilityName = options.GetStringParam(Constants::KEY_CALLER_ABILITY_NAME);
74 request.callback = callback;
75 request.options.RemoveParam(Constants::KEY_CALLER_ABILITY_NAME);
76 request.options.SetParam(Constants::KEY_CALLER_PID, request.callerPid);
77 request.options.SetParam(Constants::KEY_CALLER_UID, request.callerUid);
78 return innerManager_->AddAccountImplicitly(request);
79 }
80
CreateAccount(const std::string & name,const CreateAccountOptions & options)81 ErrCode AppAccountManagerService::CreateAccount(const std::string &name, const CreateAccountOptions &options)
82 {
83 int32_t callingUid = -1;
84 std::string bundleName;
85 uint32_t appIndex;
86 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
87 if (ret != ERR_OK) {
88 return ret;
89 }
90 return innerManager_->CreateAccount(name, options, callingUid, bundleName, appIndex);
91 }
92
CreateAccountImplicitly(const std::string & owner,const CreateAccountImplicitlyOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback)93 ErrCode AppAccountManagerService::CreateAccountImplicitly(const std::string &owner,
94 const CreateAccountImplicitlyOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
95 {
96 AuthenticatorSessionRequest request;
97 request.callerPid = IPCSkeleton::GetCallingRealPid();
98 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
99 if (result != ERR_OK) {
100 return result;
101 }
102 request.owner = owner;
103 request.callerAbilityName = options.parameters.GetStringParam(Constants::KEY_CALLER_ABILITY_NAME);
104 request.callback = callback;
105 request.createOptions = options;
106 request.createOptions.parameters.RemoveParam(Constants::KEY_CALLER_ABILITY_NAME);
107 request.createOptions.parameters.SetParam(Constants::KEY_CALLER_BUNDLE_NAME, request.callerBundleName);
108 return innerManager_->CreateAccountImplicitly(request);
109 }
110
DeleteAccount(const std::string & name)111 ErrCode AppAccountManagerService::DeleteAccount(const std::string &name)
112 {
113 int32_t callingUid = -1;
114 std::string bundleName;
115 uint32_t appIndex;
116 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
117 if (ret != ERR_OK) {
118 return ret;
119 }
120 return innerManager_->DeleteAccount(name, callingUid, bundleName, appIndex);
121 }
122
GetAccountExtraInfo(const std::string & name,std::string & extraInfo)123 ErrCode AppAccountManagerService::GetAccountExtraInfo(const std::string &name, std::string &extraInfo)
124 {
125 int32_t callingUid = -1;
126 std::string bundleName;
127 uint32_t appIndex;
128 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
129 if (ret != ERR_OK) {
130 return ret;
131 }
132 return innerManager_->GetAccountExtraInfo(name, extraInfo, callingUid, bundleName, appIndex);
133 }
134
SetAccountExtraInfo(const std::string & name,const std::string & extraInfo)135 ErrCode AppAccountManagerService::SetAccountExtraInfo(const std::string &name, const std::string &extraInfo)
136 {
137 int32_t callingUid = -1;
138 std::string bundleName;
139 uint32_t appIndex;
140 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
141 if (ret != ERR_OK) {
142 return ret;
143 }
144 return innerManager_->SetAccountExtraInfo(name, extraInfo, callingUid, bundleName, appIndex);
145 }
146
EnableAppAccess(const std::string & name,const std::string & authorizedApp)147 ErrCode AppAccountManagerService::EnableAppAccess(
148 const std::string &name, const std::string &authorizedApp)
149 {
150 AppAccountCallingInfo appAccountCallingInfo;
151 ErrCode result = GetCallingInfo(
152 appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName, appAccountCallingInfo.appIndex);
153 if (result != ERR_OK) {
154 return result;
155 }
156 AppExecFwk::BundleInfo bundleInfo;
157 int32_t userId = appAccountCallingInfo.callingUid / UID_TRANSFORM_DIVISOR;
158 bool bundleRet = BundleManagerAdapter::GetInstance()->GetBundleInfo(
159 authorizedApp, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
160 if (!bundleRet) {
161 ACCOUNT_LOGE("failed to get bundle info");
162 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
163 }
164 if (authorizedApp == appAccountCallingInfo.bundleName) {
165 ACCOUNT_LOGE("authorizedApp is the same to owner");
166 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
167 }
168
169 return innerManager_->EnableAppAccess(name, authorizedApp, appAccountCallingInfo);
170 }
171
DisableAppAccess(const std::string & name,const std::string & authorizedApp)172 ErrCode AppAccountManagerService::DisableAppAccess(
173 const std::string &name, const std::string &authorizedApp)
174 {
175 AppAccountCallingInfo appAccountCallingInfo;
176 ErrCode ret = GetCallingInfo(
177 appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName, appAccountCallingInfo.appIndex);
178 if (ret != ERR_OK) {
179 return ret;
180 }
181 AppExecFwk::BundleInfo bundleInfo;
182
183 int32_t userId = appAccountCallingInfo.callingUid / UID_TRANSFORM_DIVISOR;
184 bool bundleRet = BundleManagerAdapter::GetInstance()->GetBundleInfo(
185 authorizedApp, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
186 if (!bundleRet) {
187 ACCOUNT_LOGE("failed to get bundle info");
188 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
189 }
190
191 if (authorizedApp == appAccountCallingInfo.bundleName) {
192 ACCOUNT_LOGE("authorizedApp is the same to owner");
193 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
194 }
195
196 return innerManager_->DisableAppAccess(name, authorizedApp, appAccountCallingInfo);
197 }
198
SetAppAccess(const std::string & name,const std::string & authorizedApp,bool isAccessible)199 ErrCode AppAccountManagerService::SetAppAccess(
200 const std::string &name, const std::string &authorizedApp, bool isAccessible)
201 {
202 AppAccountCallingInfo appAccountCallingInfo;
203 ErrCode ret = GetCallingInfo(
204 appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName, appAccountCallingInfo.appIndex);
205 if (ret != ERR_OK) {
206 return ret;
207 }
208
209 if (authorizedApp == appAccountCallingInfo.bundleName) {
210 if (isAccessible) {
211 ACCOUNT_LOGI("authorizedApp name is the self, invalid operate.");
212 return ERR_OK;
213 } else {
214 ACCOUNT_LOGE("authorizedApp is the same to owner");
215 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
216 }
217 }
218
219 if (isAccessible) {
220 AppExecFwk::BundleInfo bundleInfo;
221 int32_t userId = appAccountCallingInfo.callingUid / UID_TRANSFORM_DIVISOR;
222 bool bundleRet = BundleManagerAdapter::GetInstance()->GetBundleInfo(
223 authorizedApp, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
224 if (!bundleRet) {
225 ACCOUNT_LOGE("failed to get bundle info");
226 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
227 }
228 return innerManager_->EnableAppAccess(name, authorizedApp, appAccountCallingInfo, Constants::API_VERSION9);
229 }
230
231 return innerManager_->DisableAppAccess(name, authorizedApp, appAccountCallingInfo, Constants::API_VERSION9);
232 }
233
CheckAppAccountSyncEnable(const std::string & name,bool & syncEnable)234 ErrCode AppAccountManagerService::CheckAppAccountSyncEnable(const std::string &name, bool &syncEnable)
235 {
236 int32_t callingUid = -1;
237 std::string bundleName;
238 uint32_t appIndex;
239 ErrCode ret = GetBundleNameAndCheckPerm(callingUid, bundleName, DISTRIBUTED_DATASYNC);
240 if (ret != ERR_OK) {
241 return ret;
242 }
243 ret = GetCallingTokenInfoAndAppIndex(appIndex);
244 if (ret != ERR_OK) {
245 ACCOUNT_LOGE("failed to get app index");
246 return ret;
247 }
248
249 return innerManager_->CheckAppAccountSyncEnable(name, syncEnable, callingUid, bundleName, appIndex);
250 }
251
SetAppAccountSyncEnable(const std::string & name,const bool & syncEnable)252 ErrCode AppAccountManagerService::SetAppAccountSyncEnable(const std::string &name, const bool &syncEnable)
253 {
254 int32_t callingUid = -1;
255 std::string bundleName;
256 uint32_t appIndex;
257 ErrCode ret = GetBundleNameAndCheckPerm(callingUid, bundleName, DISTRIBUTED_DATASYNC);
258 if (ret != ERR_OK) {
259 return ret;
260 }
261 ret = GetCallingTokenInfoAndAppIndex(appIndex);
262 if (ret != ERR_OK) {
263 ACCOUNT_LOGE("failed to get app index");
264 return ret;
265 }
266
267 return innerManager_->SetAppAccountSyncEnable(name, syncEnable, callingUid, bundleName, appIndex);
268 }
269
GetAssociatedData(const std::string & name,const std::string & key,std::string & value)270 ErrCode AppAccountManagerService::GetAssociatedData(
271 const std::string &name, const std::string &key, std::string &value)
272 {
273 int32_t callingUid = IPCSkeleton::GetCallingUid();
274 return innerManager_->GetAssociatedData(name, key, value, callingUid);
275 }
276
SetAssociatedData(const std::string & name,const std::string & key,const std::string & value)277 ErrCode AppAccountManagerService::SetAssociatedData(
278 const std::string &name, const std::string &key, const std::string &value)
279 {
280 AppAccountCallingInfo appAccountCallingInfo;
281 ErrCode ret = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
282 appAccountCallingInfo.appIndex);
283 if (ret != ERR_OK) {
284 return ret;
285 }
286 return innerManager_->SetAssociatedData(name, key, value, appAccountCallingInfo);
287 }
288
GetAccountCredential(const std::string & name,const std::string & credentialType,std::string & credential)289 ErrCode AppAccountManagerService::GetAccountCredential(
290 const std::string &name, const std::string &credentialType, std::string &credential)
291 {
292 AppAccountCallingInfo appAccountCallingInfo;
293 ErrCode ret = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
294 appAccountCallingInfo.appIndex);
295 if (ret != ERR_OK) {
296 return ret;
297 }
298 return innerManager_->GetAccountCredential(name, credentialType, credential, appAccountCallingInfo);
299 }
300
SetAccountCredential(const std::string & name,const std::string & credentialType,const std::string & credential)301 ErrCode AppAccountManagerService::SetAccountCredential(
302 const std::string &name, const std::string &credentialType, const std::string &credential)
303 {
304 AppAccountCallingInfo appAccountCallingInfo;
305 ErrCode ret = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
306 appAccountCallingInfo.appIndex);
307 if (ret != ERR_OK) {
308 return ret;
309 }
310 return innerManager_->SetAccountCredential(name, credentialType, credential, appAccountCallingInfo);
311 }
312
Authenticate(const std::string & name,const std::string & owner,const std::string & authType,const AAFwk::Want & options,const sptr<IAppAccountAuthenticatorCallback> & callback)313 ErrCode AppAccountManagerService::Authenticate(const std::string &name, const std::string &owner,
314 const std::string &authType, const AAFwk::Want &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
315 {
316 AuthenticatorSessionRequest request;
317 request.callerPid = IPCSkeleton::GetCallingRealPid();
318 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
319 if (result != ERR_OK) {
320 return result;
321 }
322 request.name = name;
323 request.owner = owner;
324 request.authType = authType;
325 request.options = options;
326 request.callerAbilityName = options.GetStringParam(Constants::KEY_CALLER_ABILITY_NAME);
327 request.callback = callback;
328 request.options.RemoveParam(Constants::KEY_CALLER_ABILITY_NAME);
329 request.options.SetParam(Constants::KEY_CALLER_BUNDLE_NAME, request.callerBundleName);
330 request.options.SetParam(Constants::KEY_CALLER_UID, request.callerUid);
331 return innerManager_->Authenticate(request);
332 }
333
GetOAuthToken(const std::string & name,const std::string & owner,const std::string & authType,std::string & token)334 ErrCode AppAccountManagerService::GetOAuthToken(
335 const std::string &name, const std::string &owner, const std::string &authType, std::string &token)
336 {
337 AuthenticatorSessionRequest request;
338 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
339 if (result != ERR_OK) {
340 return result;
341 }
342 request.name = name;
343 request.owner = owner;
344 request.authType = authType;
345 return innerManager_->GetOAuthToken(request, token);
346 }
347
GetAuthToken(const std::string & name,const std::string & owner,const std::string & authType,std::string & token)348 ErrCode AppAccountManagerService::GetAuthToken(
349 const std::string &name, const std::string &owner, const std::string &authType, std::string &token)
350 {
351 AuthenticatorSessionRequest request;
352 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
353 if (result != ERR_OK) {
354 return result;
355 }
356 request.name = name;
357 request.owner = owner;
358 request.authType = authType;
359 return innerManager_->GetOAuthToken(request, token, Constants::API_VERSION9);
360 }
361
SetOAuthToken(const std::string & name,const std::string & authType,const std::string & token)362 ErrCode AppAccountManagerService::SetOAuthToken(
363 const std::string &name, const std::string &authType, const std::string &token)
364 {
365 AuthenticatorSessionRequest request;
366 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
367 if (result != ERR_OK) {
368 return result;
369 }
370 request.name = name;
371 request.owner = request.callerBundleName;
372 request.authType = authType;
373 request.token = token;
374 return innerManager_->SetOAuthToken(request);
375 }
376
DeleteOAuthToken(const std::string & name,const std::string & owner,const std::string & authType,const std::string & token)377 ErrCode AppAccountManagerService::DeleteOAuthToken(
378 const std::string &name, const std::string &owner, const std::string &authType, const std::string &token)
379 {
380 AuthenticatorSessionRequest request;
381 ErrCode ret = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
382 if (ret != ERR_OK) {
383 return ret;
384 }
385 request.name = name;
386 request.owner = owner;
387 request.authType = authType;
388 request.token = token;
389 return innerManager_->DeleteOAuthToken(request);
390 }
391
DeleteAuthToken(const std::string & name,const std::string & owner,const std::string & authType,const std::string & token)392 ErrCode AppAccountManagerService::DeleteAuthToken(
393 const std::string &name, const std::string &owner, const std::string &authType, const std::string &token)
394 {
395 AuthenticatorSessionRequest request;
396 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
397 if (result != ERR_OK) {
398 return result;
399 }
400 request.name = name;
401 request.owner = owner;
402 request.authType = authType;
403 request.token = token;
404 return innerManager_->DeleteOAuthToken(request, Constants::API_VERSION9);
405 }
406
GetTokenVisibilityParam(const std::string & name,const std::string & authType,const std::string & bundleName,AuthenticatorSessionRequest & request)407 ErrCode AppAccountManagerService::GetTokenVisibilityParam(const std::string &name,
408 const std::string &authType, const std::string &bundleName, AuthenticatorSessionRequest &request)
409 {
410 ErrCode ret = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
411 if (ret != ERR_OK) {
412 return ret;
413 }
414 request.name = name;
415 request.owner = request.callerBundleName;
416 request.authType = authType;
417 request.bundleName = bundleName;
418 return ret;
419 }
420
SetOAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool isVisible)421 ErrCode AppAccountManagerService::SetOAuthTokenVisibility(
422 const std::string &name, const std::string &authType, const std::string &bundleName, bool isVisible)
423 {
424 AuthenticatorSessionRequest request;
425 ErrCode ret = GetTokenVisibilityParam(name, authType, bundleName, request);
426 if (ret != ERR_OK) {
427 return ret;
428 }
429 request.isTokenVisible = isVisible;
430 return innerManager_->SetOAuthTokenVisibility(request);
431 }
432
SetAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool isVisible)433 ErrCode AppAccountManagerService::SetAuthTokenVisibility(
434 const std::string &name, const std::string &authType, const std::string &bundleName, bool isVisible)
435 {
436 AuthenticatorSessionRequest request;
437 ErrCode result = GetTokenVisibilityParam(name, authType, bundleName, request);
438 if (result != ERR_OK) {
439 return result;
440 }
441 if (request.bundleName == request.owner) {
442 if (isVisible) {
443 ACCOUNT_LOGI("authorizedApp name is the self, invalid operate.");
444 return ERR_OK;
445 } else {
446 ACCOUNT_LOGE("authorizedApp is the same to owner.");
447 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
448 }
449 }
450 if (isVisible) {
451 AppExecFwk::BundleInfo bundleInfo;
452 int32_t userId = request.callerUid / UID_TRANSFORM_DIVISOR;
453 bool ret = BundleManagerAdapter::GetInstance()->GetBundleInfo(
454 bundleName, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
455 if (!ret) {
456 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
457 }
458 }
459 request.isTokenVisible = isVisible;
460 return innerManager_->SetOAuthTokenVisibility(request, Constants::API_VERSION9);
461 }
462
CheckOAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool & isVisible)463 ErrCode AppAccountManagerService::CheckOAuthTokenVisibility(
464 const std::string &name, const std::string &authType, const std::string &bundleName, bool &isVisible)
465 {
466 AuthenticatorSessionRequest request;
467 ErrCode ret = GetTokenVisibilityParam(name, authType, bundleName, request);
468 if (ret != ERR_OK) {
469 return ret;
470 }
471 return innerManager_->CheckOAuthTokenVisibility(request, isVisible);
472 }
473
CheckAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool & isVisible)474 ErrCode AppAccountManagerService::CheckAuthTokenVisibility(
475 const std::string &name, const std::string &authType, const std::string &bundleName, bool &isVisible)
476 {
477 AuthenticatorSessionRequest request;
478 ErrCode ret = GetTokenVisibilityParam(name, authType, bundleName, request);
479 if (ret != ERR_OK) {
480 return ret;
481 }
482 return innerManager_->CheckOAuthTokenVisibility(request, isVisible, Constants::API_VERSION9);
483 }
484
GetAuthenticatorInfo(const std::string & owner,AuthenticatorInfo & info)485 ErrCode AppAccountManagerService::GetAuthenticatorInfo(const std::string &owner, AuthenticatorInfo &info)
486 {
487 AuthenticatorSessionRequest request;
488 request.callerUid = IPCSkeleton::GetCallingUid();
489 ErrCode result = GetCallingTokenInfoAndAppIndex(request.appIndex);
490 if (result != ERR_OK) {
491 ACCOUNT_LOGE("failed to get app index");
492 return result;
493 }
494 request.owner = owner;
495 return innerManager_->GetAuthenticatorInfo(request, info);
496 }
497
GetAllOAuthTokens(const std::string & name,const std::string & owner,std::vector<OAuthTokenInfo> & tokenInfos)498 ErrCode AppAccountManagerService::GetAllOAuthTokens(
499 const std::string &name, const std::string &owner, std::vector<OAuthTokenInfo> &tokenInfos)
500 {
501 AuthenticatorSessionRequest request;
502 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
503 if (result != ERR_OK) {
504 return result;
505 }
506 request.name = name;
507 request.owner = owner;
508 return innerManager_->GetAllOAuthTokens(request, tokenInfos);
509 }
510
GetOAuthList(const std::string & name,const std::string & authType,std::set<std::string> & oauthList)511 ErrCode AppAccountManagerService::GetOAuthList(
512 const std::string &name, const std::string &authType, std::set<std::string> &oauthList)
513 {
514 AuthenticatorSessionRequest request;
515 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
516 if (result != ERR_OK) {
517 return result;
518 }
519 request.name = name;
520 request.authType = authType;
521 return innerManager_->GetOAuthList(request, oauthList);
522 }
523
GetAuthList(const std::string & name,const std::string & authType,std::set<std::string> & oauthList)524 ErrCode AppAccountManagerService::GetAuthList(
525 const std::string &name, const std::string &authType, std::set<std::string> &oauthList)
526 {
527 AuthenticatorSessionRequest request;
528 ErrCode ret = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
529 if (ret != ERR_OK) {
530 return ret;
531 }
532 request.name = name;
533 request.authType = authType;
534 return innerManager_->GetOAuthList(request, oauthList, Constants::API_VERSION9);
535 }
536
GetAuthenticatorCallback(const std::string & sessionId,sptr<IRemoteObject> & callback)537 ErrCode AppAccountManagerService::GetAuthenticatorCallback(
538 const std::string &sessionId, sptr<IRemoteObject> &callback)
539 {
540 AuthenticatorSessionRequest request;
541 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
542 if (result != ERR_OK) {
543 return result;
544 }
545 request.sessionId = sessionId;
546 result = innerManager_->GetAuthenticatorCallback(request, callback);
547 return result;
548 }
549
GetAllAccounts(const std::string & owner,std::vector<AppAccountInfo> & appAccounts)550 ErrCode AppAccountManagerService::GetAllAccounts(const std::string &owner, std::vector<AppAccountInfo> &appAccounts)
551 {
552 int32_t callingUid = -1;
553 std::string bundleName;
554 uint32_t appIndex;
555 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
556 if (ret != ERR_OK) {
557 return ret;
558 }
559 if ((owner != bundleName) &&
560 (AccountPermissionManager::VerifyPermission(GET_ALL_APP_ACCOUNTS) != ERR_OK)) {
561 ACCOUNT_LOGE("failed to verify permission for %{public}s", GET_ALL_APP_ACCOUNTS.c_str());
562 ReportPermissionFail(callingUid, IPCSkeleton::GetCallingRealPid(), GET_ALL_APP_ACCOUNTS);
563 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
564 }
565
566 AppExecFwk::BundleInfo bundleInfo;
567 int32_t userId = callingUid / UID_TRANSFORM_DIVISOR;
568 bool result = BundleManagerAdapter::GetInstance()->GetBundleInfo(
569 owner, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
570 if (!result) {
571 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
572 }
573
574 return innerManager_->GetAllAccounts(owner, appAccounts, callingUid, bundleName, appIndex);
575 }
576
GetAllAccessibleAccounts(std::vector<AppAccountInfo> & appAccounts)577 ErrCode AppAccountManagerService::GetAllAccessibleAccounts(std::vector<AppAccountInfo> &appAccounts)
578 {
579 int32_t callingUid = -1;
580 std::string bundleName;
581 uint32_t appIndex;
582 ErrCode ret = GetBundleNameAndCheckPerm(callingUid, bundleName, GET_ALL_APP_ACCOUNTS);
583 if (ret != ERR_OK) {
584 return ret;
585 }
586 ret = GetCallingTokenInfoAndAppIndex(appIndex);
587 if (ret != ERR_OK) {
588 ACCOUNT_LOGE("failed to get app index");
589 return ret;
590 }
591 return innerManager_->GetAllAccessibleAccounts(appAccounts, callingUid, bundleName, appIndex);
592 }
593
QueryAllAccessibleAccounts(const std::string & owner,std::vector<AppAccountInfo> & appAccounts)594 ErrCode AppAccountManagerService::QueryAllAccessibleAccounts(
595 const std::string &owner, std::vector<AppAccountInfo> &appAccounts)
596 {
597 int32_t callingUid = -1;
598 std::string bundleName;
599 uint32_t appIndex;
600 ErrCode result = GetCallingInfo(callingUid, bundleName, appIndex);
601 if (result != ERR_OK) {
602 return result;
603 }
604 if (owner.empty()) {
605 return innerManager_->GetAllAccessibleAccounts(appAccounts, callingUid, bundleName, appIndex);
606 }
607 AppExecFwk::BundleInfo bundleInfo;
608 int32_t userId = callingUid / UID_TRANSFORM_DIVISOR;
609 bool ret = BundleManagerAdapter::GetInstance()->GetBundleInfo(
610 owner, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
611 if (!ret) {
612 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
613 }
614 return innerManager_->GetAllAccounts(owner, appAccounts, callingUid, bundleName, appIndex);
615 }
616
CheckAppAccess(const std::string & name,const std::string & authorizedApp,bool & isAccessible)617 ErrCode AppAccountManagerService::CheckAppAccess(
618 const std::string &name, const std::string &authorizedApp, bool &isAccessible)
619 {
620 AppAccountCallingInfo appAccountCallingInfo;
621 ErrCode result = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
622 appAccountCallingInfo.appIndex);
623 if (result != ERR_OK) {
624 return result;
625 }
626 if (authorizedApp == appAccountCallingInfo.bundleName) {
627 isAccessible = true;
628 return ERR_OK;
629 }
630 return innerManager_->CheckAppAccess(name, authorizedApp, isAccessible, appAccountCallingInfo);
631 }
632
DeleteAccountCredential(const std::string & name,const std::string & credentialType)633 ErrCode AppAccountManagerService::DeleteAccountCredential(
634 const std::string &name, const std::string &credentialType)
635 {
636 int32_t callingUid = -1;
637 std::string bundleName;
638 uint32_t appIndex;
639 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
640 if (ret != ERR_OK) {
641 return ret;
642 }
643 return innerManager_->DeleteAccountCredential(name, credentialType, callingUid, bundleName, appIndex);
644 }
645
SelectAccountsByOptions(const SelectAccountsOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback)646 ErrCode AppAccountManagerService::SelectAccountsByOptions(
647 const SelectAccountsOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
648 {
649 int32_t callingUid = -1;
650 std::string bundleName;
651 uint32_t appIndex;
652 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
653 if (ret != ERR_OK) {
654 return ret;
655 }
656 return innerManager_->SelectAccountsByOptions(options, callback, callingUid, bundleName, appIndex);
657 }
658
VerifyCredential(const std::string & name,const std::string & owner,const VerifyCredentialOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback)659 ErrCode AppAccountManagerService::VerifyCredential(const std::string &name, const std::string &owner,
660 const VerifyCredentialOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
661 {
662 AuthenticatorSessionRequest request;
663 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
664 if (result != ERR_OK) {
665 return result;
666 }
667 request.name = name;
668 request.owner = owner;
669 request.verifyCredOptions = options;
670 request.callback = callback;
671 return innerManager_->VerifyCredential(request);
672 }
673
CheckAccountLabels(const std::string & name,const std::string & owner,const std::vector<std::string> & labels,const sptr<IAppAccountAuthenticatorCallback> & callback)674 ErrCode AppAccountManagerService::CheckAccountLabels(const std::string &name, const std::string &owner,
675 const std::vector<std::string> &labels, const sptr<IAppAccountAuthenticatorCallback> &callback)
676 {
677 AuthenticatorSessionRequest request;
678 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
679 if (result != ERR_OK) {
680 return result;
681 }
682 request.labels = labels;
683 request.callback = callback;
684 request.name = name;
685 request.owner = owner;
686 return innerManager_->CheckAccountLabels(request);
687 }
688
SetAuthenticatorProperties(const std::string & owner,const SetPropertiesOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback)689 ErrCode AppAccountManagerService::SetAuthenticatorProperties(const std::string &owner,
690 const SetPropertiesOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
691 {
692 AuthenticatorSessionRequest request;
693 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
694 if (result != ERR_OK) {
695 return result;
696 }
697 request.owner = owner;
698 request.setPropOptions = options;
699 request.callback = callback;
700 return innerManager_->SetAuthenticatorProperties(request);
701 }
702
SubscribeAppAccount(const AppAccountSubscribeInfo & subscribeInfo,const sptr<IRemoteObject> & eventListener)703 ErrCode AppAccountManagerService::SubscribeAppAccount(
704 const AppAccountSubscribeInfo &subscribeInfo, const sptr<IRemoteObject> &eventListener)
705 {
706 int32_t callingUid = -1;
707 std::string bundleName;
708 uint32_t appIndex;
709 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
710 if (ret != ERR_OK) {
711 return ret;
712 }
713
714 std::vector<std::string> owners;
715 subscribeInfo.GetOwners(owners);
716 if (owners.size() == 0) {
717 ACCOUNT_LOGE("owners size is 0");
718 return ERR_APPACCOUNT_SERVICE_OWNERS_SIZE_IS_ZERO;
719 }
720
721 int32_t userId = callingUid / UID_TRANSFORM_DIVISOR;
722 for (auto owner : owners) {
723 AppExecFwk::BundleInfo bundleInfo;
724 bool bundleRet = BundleManagerAdapter::GetInstance()->GetBundleInfo(owner,
725 AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
726 if (!bundleRet) {
727 ACCOUNT_LOGE("failed to get bundle info");
728 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
729 }
730 }
731
732 return innerManager_->SubscribeAppAccount(subscribeInfo, eventListener, callingUid, bundleName, appIndex);
733 }
734
UnsubscribeAppAccount(const sptr<IRemoteObject> & eventListener)735 ErrCode AppAccountManagerService::UnsubscribeAppAccount(const sptr<IRemoteObject> &eventListener)
736 {
737 return innerManager_->UnsubscribeAppAccount(eventListener);
738 }
739
OnPackageRemoved(const uid_t & uid,const std::string & bundleName,const uint32_t & appIndex)740 ErrCode AppAccountManagerService::OnPackageRemoved(
741 const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex)
742 {
743 return innerManager_->OnPackageRemoved(uid, bundleName, appIndex);
744 }
745
OnUserRemoved(int32_t userId)746 ErrCode AppAccountManagerService::OnUserRemoved(int32_t userId)
747 {
748 return innerManager_->OnUserRemoved(userId);
749 }
750
GetBundleNameAndCheckPerm(int32_t & callingUid,std::string & bundleName,const std::string & permName)751 ErrCode AppAccountManagerService::GetBundleNameAndCheckPerm(int32_t &callingUid,
752 std::string &bundleName, const std::string &permName)
753 {
754 ErrCode result = GetBundleNameAndCallingUid(callingUid, bundleName);
755 if (result != ERR_OK) {
756 return result;
757 }
758
759 result = AccountPermissionManager::VerifyPermission(permName);
760 if (result != ERR_OK) {
761 ACCOUNT_LOGE("failed to verify permission for %{public}s, result = %{public}d",
762 permName.c_str(), result);
763 ReportPermissionFail(callingUid, IPCSkeleton::GetCallingRealPid(), permName);
764 return result;
765 }
766 return ERR_OK;
767 }
768
GetBundleNameAndCallingUid(int32_t & callingUid,std::string & bundleName)769 ErrCode AppAccountManagerService::GetBundleNameAndCallingUid(int32_t &callingUid, std::string &bundleName)
770 {
771 callingUid = IPCSkeleton::GetCallingUid();
772 ErrCode bundleRet = BundleManagerAdapter::GetInstance()->GetNameForUid(callingUid, bundleName);
773 if (bundleRet != ERR_OK) {
774 ACCOUNT_LOGE("failed to get bundle name");
775 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_NAME;
776 }
777 return ERR_OK;
778 }
779
GetCallingTokenInfoAndAppIndex(uint32_t & appIndex)780 ErrCode AppAccountManagerService::GetCallingTokenInfoAndAppIndex(uint32_t &appIndex)
781 {
782 uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID();
783 Security::AccessToken::HapTokenInfo hapTokenInfo;
784 int result = Security::AccessToken::AccessTokenKit::GetHapTokenInfo(callingTokenId, hapTokenInfo);
785 if (result) {
786 ACCOUNT_LOGE("failed to get hap token info, result = %{public}d", result);
787 return ERR_APPACCOUNT_SERVICE_GET_APP_INDEX;
788 }
789 if (hapTokenInfo.instIndex < 0) {
790 ACCOUNT_LOGE("get invalid app index from hap token info, index = %{public}d", hapTokenInfo.instIndex);
791 return ERR_APPACCOUNT_SERVICE_GET_APP_INDEX;
792 }
793 appIndex = static_cast<uint32_t>(hapTokenInfo.instIndex);
794 return ERR_OK;
795 }
796
GetCallingInfo(int32_t & callingUid,std::string & bundleName,uint32_t & appIndex)797 ErrCode AppAccountManagerService::GetCallingInfo(int32_t &callingUid, std::string &bundleName, uint32_t &appIndex)
798 {
799 ErrCode result = GetBundleNameAndCallingUid(callingUid, bundleName);
800 if (result != ERR_OK) {
801 ACCOUNT_LOGD("failed to get bundle name");
802 return result;
803 }
804 result = GetCallingTokenInfoAndAppIndex(appIndex);
805 if (result != ERR_OK) {
806 ACCOUNT_LOGE("failed to get app index");
807 return result;
808 }
809 return result;
810 }
811 } // namespace AccountSA
812 } // namespace OHOS
813