1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "account_stub.h"
17
18 #include <dlfcn.h>
19 #include <ipc_types.h>
20 #include "accesstoken_kit.h"
21 #include "account_error_no.h"
22 #include "account_helper_data.h"
23 #include "account_info.h"
24 #include "account_info_parcel.h"
25 #include "account_log_wrapper.h"
26 #include "account_mgr_service.h"
27 #include "bundle_manager_adapter.h"
28 #include "account_hisysevent_adapter.h"
29 #include "if_system_ability_manager.h"
30 #include "ipc_skeleton.h"
31 #include "iservice_registry.h"
32 #include "memory_guard.h"
33 #include "ohos_account_kits.h"
34 #include "account_constants.h"
35 #ifdef HICOLLIE_ENABLE
36 #include "xcollie/xcollie.h"
37 #endif // HICOLLIE_ENABLE
38
39 namespace OHOS {
40 namespace AccountSA {
41 namespace {
42 const std::string OHOS_ACCOUNT_QUIT_TIPS_TITLE = "";
43 const std::string OHOS_ACCOUNT_QUIT_TIPS_CONTENT = "";
44 const std::string PERMISSION_MANAGE_USERS = "ohos.permission.MANAGE_LOCAL_ACCOUNTS";
45 const std::string PERMISSION_GET_LOCAL_ACCOUNTS = "ohos.permission.GET_LOCAL_ACCOUNTS";
46 const std::string PERMISSION_MANAGE_DISTRIBUTED_ACCOUNTS = "ohos.permission.MANAGE_DISTRIBUTED_ACCOUNTS";
47 const std::string PERMISSION_GET_DISTRIBUTED_ACCOUNTS = "ohos.permission.GET_DISTRIBUTED_ACCOUNTS";
48 const std::string PERMISSION_DISTRIBUTED_DATASYNC = "ohos.permission.DISTRIBUTED_DATASYNC";
49 const std::string INTERACT_ACROSS_LOCAL_ACCOUNTS = "ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS";
50 #ifndef IS_RELEASE_VERSION
51 constexpr std::int32_t ROOT_UID = 0;
52 #endif
53 #ifdef HICOLLIE_ENABLE
54 constexpr std::int32_t RECOVERY_TIMEOUT = 6; // timeout 6s
55 #endif // HICOLLIE_ENABLE
56 constexpr std::int32_t INVALID_USERID = -1;
57 const std::set<std::int32_t> WHITE_LIST = {
58 3012, // DISTRIBUTED_KV_DATA_SA_UID
59 3019, // DLP_UID
60 3553, // DLP_CREDENTIAL_SA_UID
61 };
62 #ifdef USE_MUSL
63 constexpr std::int32_t DSOFTBUS_UID = 1024;
64 #else
65 constexpr std::int32_t DSOFTBUS_UID = 5533;
66 #endif
67 } // namespace
AccountStub()68 AccountStub::AccountStub()
69 {
70 stubFuncMap_[AccountMgrInterfaceCode::UPDATE_OHOS_ACCOUNT_INFO] =
71 [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdUpdateOhosAccountInfo(data, reply); };
72 stubFuncMap_[AccountMgrInterfaceCode::SET_OHOS_ACCOUNT_INFO] =
73 [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdSetOhosAccountInfo(data, reply); };
74 stubFuncMap_[AccountMgrInterfaceCode::SET_OHOS_ACCOUNT_INFO_BY_USER_ID] =
75 [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdSetOhosAccountInfoByUserId(data, reply); };
76 stubFuncMap_[AccountMgrInterfaceCode::QUERY_OHOS_ACCOUNT_INFO] =
77 [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdQueryOhosAccountInfo(data, reply); };
78 stubFuncMap_[AccountMgrInterfaceCode::QUERY_DISTRIBUTE_VIRTUAL_DEVICE_ID] =
79 [this] (MessageParcel &data, MessageParcel &reply) {
80 return this->CmdQueryDistributedVirtualDeviceId(data, reply);
81 };
82 stubFuncMap_[AccountMgrInterfaceCode::GET_OHOS_ACCOUNT_INFO] =
83 [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdGetOhosAccountInfo(data, reply); };
84 stubFuncMap_[AccountMgrInterfaceCode::QUERY_OHOS_ACCOUNT_INFO_BY_USER_ID] =
85 [this] (MessageParcel &data, MessageParcel &reply) {
86 return this->CmdQueryOhosAccountInfoByUserId(data, reply);
87 };
88 stubFuncMap_[AccountMgrInterfaceCode::GET_OHOS_ACCOUNT_INFO_BY_USER_ID] =
89 [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdGetOhosAccountInfoByUserId(data, reply); };
90 stubFuncMap_[AccountMgrInterfaceCode::QUERY_DEVICE_ACCOUNT_ID] =
91 [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdQueryDeviceAccountId(data, reply); };
92 stubFuncMap_[AccountMgrInterfaceCode::SUBSCRIBE_DISTRIBUTED_ACCOUNT_EVENT] =
93 [this] (MessageParcel &data, MessageParcel &reply) {
94 return this->CmdSubscribeDistributedAccountEvent(data, reply);
95 };
96 stubFuncMap_[AccountMgrInterfaceCode::UNSUBSCRIBE_DISTRIBUTED_ACCOUNT_EVENT] =
97 [this] (MessageParcel &data, MessageParcel &reply) {
98 return this->CmdUnsubscribeDistributedAccountEvent(data, reply);
99 };
100 stubFuncMap_[AccountMgrInterfaceCode::GET_APP_ACCOUNT_SERVICE] =
101 [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdGetAppAccountService(data, reply); };
102 stubFuncMap_[AccountMgrInterfaceCode::GET_OS_ACCOUNT_SERVICE] =
103 [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdGetOsAccountService(data, reply); };
104 stubFuncMap_[AccountMgrInterfaceCode::GET_ACCOUNT_IAM_SERVICE] =
105 [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdGetAccountIAMService(data, reply); };
106 stubFuncMap_[AccountMgrInterfaceCode::GET_DOMAIN_ACCOUNT_SERVICE] =
107 [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdGetDomainAccountService(data, reply); };
108 }
109
InnerUpdateOhosAccountInfo(MessageParcel & data,MessageParcel & reply)110 std::int32_t AccountStub::InnerUpdateOhosAccountInfo(MessageParcel &data, MessageParcel &reply)
111 {
112 // ignore the real account name
113 const std::string accountName = Str16ToStr8(data.ReadString16());
114 if (accountName.empty()) {
115 ACCOUNT_LOGE("empty account name!");
116 return ERR_ACCOUNT_ZIDL_ACCOUNT_STUB_ERROR;
117 }
118 const std::string uid = Str16ToStr8(data.ReadString16());
119 if (uid.empty()) {
120 ACCOUNT_LOGE("empty uid!");
121 return ERR_ACCOUNT_ZIDL_ACCOUNT_STUB_ERROR;
122 }
123 const std::string eventStr = Str16ToStr8(data.ReadString16());
124
125 std::int32_t ret = ERR_OK;
126 bool result = UpdateOhosAccountInfo(accountName, uid, eventStr);
127 if (!result) {
128 ACCOUNT_LOGE("Update ohos account info failed");
129 ret = ERR_ACCOUNT_ZIDL_ACCOUNT_STUB_ERROR;
130 }
131 if (!reply.WriteInt32(ret)) {
132 ACCOUNT_LOGE("Write result data failed");
133 ret = ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
134 }
135 return ret;
136 }
137
InnerSetOhosAccountInfo(int32_t userId,MessageParcel & data,MessageParcel & reply)138 std::int32_t AccountStub::InnerSetOhosAccountInfo(int32_t userId, MessageParcel &data, MessageParcel &reply)
139 {
140 OhosAccountInfo info;
141 std::int32_t ret = ReadOhosAccountInfo(data, info);
142 if (ret != ERR_OK) {
143 return ret;
144 }
145 if (!info.IsValid()) {
146 ACCOUNT_LOGE("Check OhosAccountInfo failed");
147 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
148 }
149 // ignore the real account name
150 const std::string eventStr = Str16ToStr8(data.ReadString16());
151
152 if (userId == INVALID_USERID) {
153 userId = AccountMgrService::GetInstance().GetCallingUserID();
154 }
155 ret = SetOhosAccountInfoByUserId(userId, info, eventStr);
156 if (ret != ERR_OK) {
157 ACCOUNT_LOGE("Set ohos account info failed");
158 }
159 if (!reply.WriteInt32(ret)) {
160 ACCOUNT_LOGE("Write result data failed");
161 ret = ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
162 }
163 return ret;
164 }
165
CmdUpdateOhosAccountInfo(MessageParcel & data,MessageParcel & reply)166 std::int32_t AccountStub::CmdUpdateOhosAccountInfo(MessageParcel &data, MessageParcel &reply)
167 {
168 if (!HasAccountRequestPermission(PERMISSION_MANAGE_USERS)) {
169 ACCOUNT_LOGE("Check permission failed");
170 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
171 }
172
173 return InnerUpdateOhosAccountInfo(data, reply);
174 }
175
CmdSetOhosAccountInfo(MessageParcel & data,MessageParcel & reply)176 std::int32_t AccountStub::CmdSetOhosAccountInfo(MessageParcel &data, MessageParcel &reply)
177 {
178 if (!HasAccountRequestPermission(PERMISSION_MANAGE_DISTRIBUTED_ACCOUNTS)) {
179 ACCOUNT_LOGE("Check permission failed");
180 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
181 }
182
183 return InnerSetOhosAccountInfo(INVALID_USERID, data, reply);
184 }
185
CheckUserIdValid(const int32_t userId)186 static int32_t CheckUserIdValid(const int32_t userId)
187 {
188 if ((userId >= 0) && (userId < Constants::START_USER_ID)) {
189 ACCOUNT_LOGE("userId %{public}d is system reserved", userId);
190 return ERR_OSACCOUNT_SERVICE_MANAGER_ID_ERROR;
191 }
192 bool isOsAccountExist = false;
193 IInnerOsAccountManager::GetInstance().IsOsAccountExists(userId, isOsAccountExist);
194 if (!isOsAccountExist) {
195 ACCOUNT_LOGE("os account is not exist");
196 return ERR_ACCOUNT_COMMON_ACCOUNT_NOT_EXIST_ERROR;
197 }
198 return ERR_OK;
199 }
200
CmdSetOhosAccountInfoByUserId(MessageParcel & data,MessageParcel & reply)201 std::int32_t AccountStub::CmdSetOhosAccountInfoByUserId(MessageParcel &data, MessageParcel &reply)
202 {
203 std::int32_t ret = AccountPermissionManager::CheckSystemApp();
204 if (ret != ERR_OK) {
205 ACCOUNT_LOGE("the caller is not system application, ret = %{public}d.", ret);
206 return ret;
207 }
208 if (!HasAccountRequestPermission(PERMISSION_MANAGE_DISTRIBUTED_ACCOUNTS)) {
209 ACCOUNT_LOGE("Check permission failed");
210 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
211 }
212 int32_t userId = data.ReadInt32();
213 ret = CheckUserIdValid(userId);
214 if (ret != ERR_OK) {
215 ACCOUNT_LOGE("CheckUserIdValid failed, ret = %{public}d", ret);
216 return ret;
217 }
218 return InnerSetOhosAccountInfo(userId, data, reply);
219 }
220
InnerQueryDistributedVirtualDeviceId(MessageParcel & data,MessageParcel & reply)221 ErrCode AccountStub::InnerQueryDistributedVirtualDeviceId(MessageParcel &data, MessageParcel &reply)
222 {
223 std::string dvid = "";
224 ErrCode result = QueryDistributedVirtualDeviceId(dvid);
225 if (!reply.WriteInt32(result)) {
226 ACCOUNT_LOGE("Failed to write reply, result=%{public}d.", result);
227 return IPC_STUB_WRITE_PARCEL_ERR;
228 }
229 if (result != ERR_OK) {
230 ACCOUNT_LOGE("Failed to get dvid");
231 return result;
232 }
233 if (!reply.WriteString(dvid)) {
234 ACCOUNT_LOGE("Failed to write dvid");
235 return IPC_STUB_WRITE_PARCEL_ERR;
236 }
237 return result;
238 }
239
InnerQueryOhosAccountInfo(MessageParcel & data,MessageParcel & reply)240 std::int32_t AccountStub::InnerQueryOhosAccountInfo(MessageParcel &data, MessageParcel &reply)
241 {
242 OhosAccountInfo info;
243 #ifdef HICOLLIE_ENABLE
244 unsigned int flag = HiviewDFX::XCOLLIE_FLAG_LOG | HiviewDFX::XCOLLIE_FLAG_RECOVERY;
245 XCollieCallback callbackFunc = [](void *) {
246 ACCOUNT_LOGE("InnerQueryOhosAccountInfo failed due to timeout.");
247 ReportOhosAccountOperationFail(IPCSkeleton::GetCallingUid() / UID_TRANSFORM_DIVISOR,
248 "watchDog", -1, "Query ohos account info time out");
249 };
250 int timerId = HiviewDFX::XCollie::GetInstance().SetTimer(
251 TIMER_NAME, RECOVERY_TIMEOUT, callbackFunc, nullptr, flag);
252 #endif // HICOLLIE_ENABLE
253 ErrCode result = QueryOhosAccountInfo(info);
254 if (result != ERR_OK) {
255 ACCOUNT_LOGE("Query ohos account info failed");
256 #ifdef HICOLLIE_ENABLE
257 HiviewDFX::XCollie::GetInstance().CancelTimer(timerId);
258 #endif // HICOLLIE_ENABLE
259 return result;
260 }
261
262 std::string name = info.name_;
263 std::string id = info.uid_;
264 if (!reply.WriteString16(Str8ToStr16(name))) {
265 ACCOUNT_LOGE("Write name data failed");
266 #ifdef HICOLLIE_ENABLE
267 HiviewDFX::XCollie::GetInstance().CancelTimer(timerId);
268 #endif // HICOLLIE_ENABLE
269 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
270 }
271 if (!reply.WriteString16(Str8ToStr16(id))) {
272 ACCOUNT_LOGE("Write id data failed");
273 #ifdef HICOLLIE_ENABLE
274 HiviewDFX::XCollie::GetInstance().CancelTimer(timerId);
275 #endif // HICOLLIE_ENABLE
276 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
277 }
278 if (!reply.WriteInt32(info.status_)) {
279 ACCOUNT_LOGE("Write status data failed");
280 #ifdef HICOLLIE_ENABLE
281 HiviewDFX::XCollie::GetInstance().CancelTimer(timerId);
282 #endif // HICOLLIE_ENABLE
283 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
284 }
285 #ifdef HICOLLIE_ENABLE
286 HiviewDFX::XCollie::GetInstance().CancelTimer(timerId);
287 #endif // HICOLLIE_ENABLE
288 return ERR_OK;
289 }
290
InnerGetOhosAccountInfo(MessageParcel & data,MessageParcel & reply)291 std::int32_t AccountStub::InnerGetOhosAccountInfo(MessageParcel &data, MessageParcel &reply)
292 {
293 OhosAccountInfo ohosAccountInfo;
294 int ret = GetOhosAccountInfo(ohosAccountInfo);
295 ohosAccountInfo.SetRawUid("");
296 if (ret != ERR_OK) {
297 ACCOUNT_LOGE("Get ohos account info failed");
298 return ERR_ACCOUNT_ZIDL_ACCOUNT_STUB_ERROR;
299 }
300 if (!WriteOhosAccountInfo(reply, ohosAccountInfo)) {
301 ACCOUNT_LOGE("Write ohosAccountInfo failed!");
302 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
303 }
304 return ERR_OK;
305 }
306
CmdQueryDistributedVirtualDeviceId(MessageParcel & data,MessageParcel & reply)307 ErrCode AccountStub::CmdQueryDistributedVirtualDeviceId(MessageParcel &data, MessageParcel &reply)
308 {
309 if (!HasAccountRequestPermission(PERMISSION_MANAGE_USERS) &&
310 !HasAccountRequestPermission(PERMISSION_DISTRIBUTED_DATASYNC)) {
311 ACCOUNT_LOGE("Check permission failed");
312 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
313 }
314 return InnerQueryDistributedVirtualDeviceId(data, reply);
315 }
316
CmdQueryOhosAccountInfo(MessageParcel & data,MessageParcel & reply)317 std::int32_t AccountStub::CmdQueryOhosAccountInfo(MessageParcel &data, MessageParcel &reply)
318 {
319 if (!HasAccountRequestPermission(PERMISSION_MANAGE_USERS) &&
320 !HasAccountRequestPermission(PERMISSION_DISTRIBUTED_DATASYNC) &&
321 !HasAccountRequestPermission(PERMISSION_GET_LOCAL_ACCOUNTS)) {
322 ACCOUNT_LOGE("Check permission failed");
323 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
324 }
325
326 return InnerQueryOhosAccountInfo(data, reply);
327 }
328
CmdGetOhosAccountInfo(MessageParcel & data,MessageParcel & reply)329 ErrCode AccountStub::CmdGetOhosAccountInfo(MessageParcel &data, MessageParcel &reply)
330 {
331 if (!HasAccountRequestPermission(PERMISSION_MANAGE_DISTRIBUTED_ACCOUNTS) &&
332 !HasAccountRequestPermission(PERMISSION_DISTRIBUTED_DATASYNC) &&
333 !HasAccountRequestPermission(PERMISSION_GET_DISTRIBUTED_ACCOUNTS)) {
334 ACCOUNT_LOGE("Check permission failed");
335 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
336 }
337
338 return InnerGetOhosAccountInfo(data, reply);
339 }
340
CmdGetOhosAccountInfoByUserId(MessageParcel & data,MessageParcel & reply)341 ErrCode AccountStub::CmdGetOhosAccountInfoByUserId(MessageParcel &data, MessageParcel &reply)
342 {
343 ErrCode errCode = AccountPermissionManager::CheckSystemApp();
344 if (errCode != ERR_OK) {
345 ACCOUNT_LOGE("the caller is not system application, errCode = %{public}d.", errCode);
346 return errCode;
347 }
348 if (!HasAccountRequestPermission(PERMISSION_MANAGE_DISTRIBUTED_ACCOUNTS) &&
349 !HasAccountRequestPermission(INTERACT_ACROSS_LOCAL_ACCOUNTS) &&
350 !HasAccountRequestPermission(PERMISSION_DISTRIBUTED_DATASYNC) &&
351 !HasAccountRequestPermission(PERMISSION_GET_DISTRIBUTED_ACCOUNTS)) {
352 ACCOUNT_LOGE("Check permission failed");
353 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
354 }
355 int32_t userId = data.ReadInt32();
356 bool isOsAccountExits = false;
357 errCode = IInnerOsAccountManager::GetInstance().IsOsAccountExists(userId, isOsAccountExits);
358 if (errCode != ERR_OK) {
359 ACCOUNT_LOGE("IsOsAccountExists failed errCode is %{public}d", errCode);
360 return errCode;
361 }
362 if (!isOsAccountExits) {
363 ACCOUNT_LOGE("os account is not exit");
364 return ERR_ACCOUNT_COMMON_ACCOUNT_NOT_EXIST_ERROR;
365 }
366 OhosAccountInfo ohosAccountInfo;
367 errCode = GetOhosAccountInfoByUserId(userId, ohosAccountInfo);
368 if (errCode != ERR_OK) {
369 ACCOUNT_LOGE("Get ohos account info failed");
370 return errCode;
371 }
372 int32_t uid = IPCSkeleton::GetCallingUid();
373 if (WHITE_LIST.find(uid) == WHITE_LIST.end()) {
374 ohosAccountInfo.SetRawUid("");
375 }
376 if (!WriteOhosAccountInfo(reply, ohosAccountInfo)) {
377 ACCOUNT_LOGE("Write ohosAccountInfo failed!");
378 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
379 }
380 return ERR_OK;
381 }
382
CmdQueryOhosAccountInfoByUserId(MessageParcel & data,MessageParcel & reply)383 std::int32_t AccountStub::CmdQueryOhosAccountInfoByUserId(MessageParcel &data, MessageParcel &reply)
384 {
385 if ((!HasAccountRequestPermission(PERMISSION_MANAGE_USERS)) &&
386 (!HasAccountRequestPermission(PERMISSION_DISTRIBUTED_DATASYNC)) &&
387 (IPCSkeleton::GetCallingUid() != DSOFTBUS_UID)) {
388 ACCOUNT_LOGE("Check permission failed");
389 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
390 }
391
392 std::int32_t userId = data.ReadInt32();
393 if (userId < 0) {
394 ACCOUNT_LOGE("negative userID %{public}d detected!", userId);
395 return ERR_ACCOUNT_ZIDL_ACCOUNT_STUB_USERID_ERROR;
396 }
397
398 OhosAccountInfo info;
399 ErrCode result = QueryOhosAccountInfoByUserId(userId, info);
400 if (result != ERR_OK) {
401 ACCOUNT_LOGE("Query ohos account info failed! userId %{public}d.", userId);
402 return result;
403 }
404
405 std::string name = info.name_;
406 std::string id = info.uid_;
407 if (!reply.WriteString16(Str8ToStr16(name))) {
408 ACCOUNT_LOGE("Write name data failed! userId %{public}d.", userId);
409 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
410 }
411 if (!reply.WriteString16(Str8ToStr16(id))) {
412 ACCOUNT_LOGE("Write id data failed! userId %{public}d.", userId);
413 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
414 }
415 if (!reply.WriteInt32(info.status_)) {
416 ACCOUNT_LOGE("Write status data failed! userId %{public}d.", userId);
417 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
418 }
419 return ERR_OK;
420 }
421
CmdQueryDeviceAccountId(MessageParcel & data,MessageParcel & reply)422 std::int32_t AccountStub::CmdQueryDeviceAccountId(MessageParcel &data, MessageParcel &reply)
423 {
424 std::int32_t id;
425 auto ret = QueryDeviceAccountId(id);
426 if (ret != ERR_OK) {
427 ACCOUNT_LOGE("QueryDevice AccountId failed: %{public}d", ret);
428 return ret;
429 }
430
431 if (!reply.WriteInt32(id)) {
432 ACCOUNT_LOGE("Write result data failed");
433 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
434 }
435 return ERR_OK;
436 }
437
CmdSubscribeDistributedAccountEvent(MessageParcel & data,MessageParcel & reply)438 std::int32_t AccountStub::CmdSubscribeDistributedAccountEvent(MessageParcel &data, MessageParcel &reply)
439 {
440 int32_t type;
441 if (!data.ReadInt32(type)) {
442 ACCOUNT_LOGE("Read type failed.");
443 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
444 }
445
446 sptr<IRemoteObject> eventListener = data.ReadRemoteObject();
447 if (eventListener == nullptr) {
448 ACCOUNT_LOGE("Read remote object for eventListener failed.");
449 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
450 }
451
452 ErrCode result = SubscribeDistributedAccountEvent(
453 static_cast<DISTRIBUTED_ACCOUNT_SUBSCRIBE_TYPE>(type), eventListener);
454 if (!reply.WriteInt32(result)) {
455 ACCOUNT_LOGE("Write reply failed, result=%{public}d.", result);
456 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
457 }
458
459 return ERR_OK;
460 }
461
CmdUnsubscribeDistributedAccountEvent(MessageParcel & data,MessageParcel & reply)462 std::int32_t AccountStub::CmdUnsubscribeDistributedAccountEvent(MessageParcel &data, MessageParcel &reply)
463 {
464 int32_t type;
465 if (!data.ReadInt32(type)) {
466 ACCOUNT_LOGE("Read type failed.");
467 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
468 }
469
470 sptr<IRemoteObject> eventListener = data.ReadRemoteObject();
471 if (eventListener == nullptr) {
472 ACCOUNT_LOGE("Read remote object for eventListener failed.");
473 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
474 }
475
476 ErrCode result = UnsubscribeDistributedAccountEvent(
477 static_cast<DISTRIBUTED_ACCOUNT_SUBSCRIBE_TYPE>(type), eventListener);
478 if (!reply.WriteInt32(result)) {
479 ACCOUNT_LOGE("Write reply failed, result=%{public}d.", result);
480 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
481 }
482
483 return ERR_OK;
484 }
485
CmdGetAppAccountService(MessageParcel & data,MessageParcel & reply)486 std::int32_t AccountStub::CmdGetAppAccountService(MessageParcel &data, MessageParcel &reply)
487 {
488 auto remoteObject = GetAppAccountService();
489 if (!reply.WriteRemoteObject(remoteObject)) {
490 ACCOUNT_LOGE("Write result data failed");
491 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
492 }
493
494 return ERR_OK;
495 }
CmdGetOsAccountService(MessageParcel & data,MessageParcel & reply)496 std::int32_t AccountStub::CmdGetOsAccountService(MessageParcel &data, MessageParcel &reply)
497 {
498 auto remoteObject = GetOsAccountService();
499 if (!reply.WriteRemoteObject(remoteObject)) {
500 ACCOUNT_LOGE("Write result data failed");
501 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
502 }
503
504 return ERR_OK;
505 }
506
CmdGetAccountIAMService(MessageParcel & data,MessageParcel & reply)507 std::int32_t AccountStub::CmdGetAccountIAMService(MessageParcel &data, MessageParcel &reply)
508 {
509 auto remoteObject = GetAccountIAMService();
510 if (!reply.WriteRemoteObject(remoteObject)) {
511 ACCOUNT_LOGE("Write result data failed");
512 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
513 }
514
515 return ERR_OK;
516 }
517
CmdGetDomainAccountService(MessageParcel & data,MessageParcel & reply)518 std::int32_t AccountStub::CmdGetDomainAccountService(MessageParcel &data, MessageParcel &reply)
519 {
520 auto remoteObject = GetDomainAccountService();
521 if (!reply.WriteRemoteObject(remoteObject)) {
522 ACCOUNT_LOGE("failed to write remote object");
523 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
524 }
525 return ERR_OK;
526 }
527
OnRemoteRequest(std::uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)528 std::int32_t AccountStub::OnRemoteRequest(
529 std::uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option)
530 {
531 ACCOUNT_LOGD("Received stub message: %{public}d, callingUid: %{public}d", code, IPCSkeleton::GetCallingUid());
532 MemoryGuard cacheGuard;
533 if (!IsServiceStarted()) {
534 ACCOUNT_LOGE("account mgr not ready");
535 return ERR_ACCOUNT_ZIDL_MGR_NOT_READY_ERROR;
536 }
537
538 if (data.ReadInterfaceToken() != GetDescriptor()) {
539 ACCOUNT_LOGE("check descriptor failed! code %{public}u.", code);
540 return ERR_ACCOUNT_COMMON_CHECK_DESCRIPTOR_ERROR;
541 }
542
543 #ifdef HICOLLIE_ENABLE
544 int timerId =
545 HiviewDFX::XCollie::GetInstance().SetTimer(TIMER_NAME, TIMEOUT, nullptr, nullptr, HiviewDFX::XCOLLIE_FLAG_LOG);
546 #endif // HICOLLIE_ENABLE
547
548 AccountMgrInterfaceCode interfaceCode = static_cast<AccountMgrInterfaceCode>(code);
549 const auto &itFunc = stubFuncMap_.find(interfaceCode);
550 if (itFunc == stubFuncMap_.end()) {
551 #ifdef HICOLLIE_ENABLE
552 HiviewDFX::XCollie::GetInstance().CancelTimer(timerId);
553 #endif // HICOLLIE_ENABLE
554 ACCOUNT_LOGW("remote request unhandled: %{public}d", code);
555 return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
556 }
557 int32_t ret = (itFunc->second)(data, reply);
558 #ifdef HICOLLIE_ENABLE
559 HiviewDFX::XCollie::GetInstance().CancelTimer(timerId);
560 #endif // HICOLLIE_ENABLE
561 return ret;
562 }
563
HasAccountRequestPermission(const std::string & permissionName)564 bool AccountStub::HasAccountRequestPermission(const std::string &permissionName)
565 {
566 std::int32_t uid = IPCSkeleton::GetCallingUid();
567 #ifndef IS_RELEASE_VERSION
568 // root check in none release version for test
569 if (uid == ROOT_UID) {
570 return true;
571 }
572 #endif
573
574 // check permission
575 Security::AccessToken::AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID();
576 if (Security::AccessToken::AccessTokenKit::VerifyAccessToken(callingTokenID, permissionName) ==
577 Security::AccessToken::TypePermissionState::PERMISSION_GRANTED) {
578 return true;
579 }
580
581 ReportPermissionFail(uid, IPCSkeleton::GetCallingRealPid(), permissionName);
582 ACCOUNT_LOGE("permission %{public}s denied!", permissionName.c_str());
583 return false;
584 }
585
CheckCallerForTrustList()586 bool AccountStub::CheckCallerForTrustList()
587 {
588 std::string bundleName;
589 std::int32_t uid = IPCSkeleton::GetCallingUid();
590 if (BundleManagerAdapter::GetInstance()->GetNameForUid(uid, bundleName) != ERR_OK) {
591 return false;
592 }
593
594 std::vector<std::string> trustList = AccountHelperData::GetBundleNameTrustList();
595 if (std::find(trustList.begin(), trustList.end(), bundleName) == trustList.end()) {
596 return false;
597 }
598
599 return true;
600 }
601 } // namespace AccountSA
602 } // namespace OHOS
603