1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accesstoken_manager_stub.h"
17
18 #include <unistd.h>
19 #include "accesstoken_dfx_define.h"
20 #include "accesstoken_log.h"
21 #include "access_token_error.h"
22 #include "ipc_skeleton.h"
23 #include "memory_guard.h"
24 #include "string_ex.h"
25 #include "tokenid_kit.h"
26 #ifdef HICOLLIE_ENABLE
27 #include "xcollie/xcollie.h"
28 #endif // HICOLLIE_ENABLE
29
30 namespace OHOS {
31 namespace Security {
32 namespace AccessToken {
33 namespace {
34 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "ATMStub"};
35 const std::string MANAGE_HAP_TOKENID_PERMISSION = "ohos.permission.MANAGE_HAP_TOKENID";
36 static const int32_t DUMP_CAPACITY_SIZE = 2 * 1024 * 1000;
37 static const int MAX_PERMISSION_SIZE = 1000;
38 const std::string GRANT_SENSITIVE_PERMISSIONS = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS";
39 const std::string REVOKE_SENSITIVE_PERMISSIONS = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS";
40 const std::string GET_SENSITIVE_PERMISSIONS = "ohos.permission.GET_SENSITIVE_PERMISSIONS";
41 const std::string DISABLE_PERMISSION_DIALOG = "ohos.permission.DISABLE_PERMISSION_DIALOG";
42 const std::string GRANT_SHORT_TERM_WRITE_MEDIAVIDEO = "ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO";
43
44 #ifdef HICOLLIE_ENABLE
45 constexpr uint32_t TIMEOUT = 40; // 40s
46 #endif // HICOLLIE_ENABLE
47 }
48
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)49 int32_t AccessTokenManagerStub::OnRemoteRequest(
50 uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option)
51 {
52 MemoryGuard guard;
53
54 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
55 ACCESSTOKEN_LOG_DEBUG(LABEL, "Code %{public}u token %{public}u", code, callingTokenID);
56 std::u16string descriptor = data.ReadInterfaceToken();
57 if (descriptor != IAccessTokenManager::GetDescriptor()) {
58 ACCESSTOKEN_LOG_ERROR(LABEL, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str());
59 return ERROR_IPC_REQUEST_FAIL;
60 }
61
62 #ifdef HICOLLIE_ENABLE
63 std::string name = "AtmTimer";
64 int timerId = HiviewDFX::XCollie::GetInstance().SetTimer(name, TIMEOUT, nullptr, nullptr,
65 HiviewDFX::XCOLLIE_FLAG_LOG);
66 #endif // HICOLLIE_ENABLE
67
68 auto itFunc = requestFuncMap_.find(code);
69 if (itFunc != requestFuncMap_.end()) {
70 auto requestFunc = itFunc->second;
71 if (requestFunc != nullptr) {
72 (this->*requestFunc)(data, reply);
73
74 #ifdef HICOLLIE_ENABLE
75 HiviewDFX::XCollie::GetInstance().CancelTimer(timerId);
76 #endif // HICOLLIE_ENABLE
77
78 return NO_ERROR;
79 }
80 }
81
82 #ifdef HICOLLIE_ENABLE
83 HiviewDFX::XCollie::GetInstance().CancelTimer(timerId);
84 #endif // HICOLLIE_ENABLE
85
86 return IPCObjectStub::OnRemoteRequest(code, data, reply, option); // when code invalid
87 }
88
DeleteTokenInfoInner(MessageParcel & data,MessageParcel & reply)89 void AccessTokenManagerStub::DeleteTokenInfoInner(MessageParcel& data, MessageParcel& reply)
90 {
91 AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID();
92 if (!IsPrivilegedCalling() &&
93 (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) {
94 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
95 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
96 return;
97 }
98 AccessTokenID tokenID = data.ReadUint32();
99 int result = this->DeleteToken(tokenID);
100 reply.WriteInt32(result);
101 }
102
GetUserGrantedPermissionUsedTypeInner(MessageParcel & data,MessageParcel & reply)103 void AccessTokenManagerStub::GetUserGrantedPermissionUsedTypeInner(MessageParcel& data, MessageParcel& reply)
104 {
105 if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) {
106 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
107 reply.WriteInt32(static_cast<int32_t>(PermUsedTypeEnum::INVALID_USED_TYPE));
108 return;
109 }
110 uint32_t tokenID;
111 if (!data.ReadUint32(tokenID)) {
112 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read tokenID.");
113 reply.WriteInt32(static_cast<int32_t>(PermUsedTypeEnum::INVALID_USED_TYPE));
114 return;
115 }
116 std::string permissionName;
117 if (!data.ReadString(permissionName)) {
118 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read permissionName.");
119 reply.WriteInt32(static_cast<int32_t>(PermUsedTypeEnum::INVALID_USED_TYPE));
120 return;
121 }
122 PermUsedTypeEnum result = this->GetUserGrantedPermissionUsedType(tokenID, permissionName);
123 int32_t type = static_cast<int32_t>(result);
124 if (!reply.WriteInt32(type)) {
125 ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 fail.");
126 }
127 }
128
VerifyAccessTokenInner(MessageParcel & data,MessageParcel & reply)129 void AccessTokenManagerStub::VerifyAccessTokenInner(MessageParcel& data, MessageParcel& reply)
130 {
131 AccessTokenID tokenID = data.ReadUint32();
132 std::string permissionName = data.ReadString();
133 int result = this->VerifyAccessToken(tokenID, permissionName);
134 reply.WriteInt32(result);
135 }
136
GetDefPermissionInner(MessageParcel & data,MessageParcel & reply)137 void AccessTokenManagerStub::GetDefPermissionInner(MessageParcel& data, MessageParcel& reply)
138 {
139 std::string permissionName = data.ReadString();
140 PermissionDefParcel permissionDefParcel;
141 int result = this->GetDefPermission(permissionName, permissionDefParcel);
142 reply.WriteInt32(result);
143 if (result != RET_SUCCESS) {
144 return;
145 }
146 reply.WriteParcelable(&permissionDefParcel);
147 }
148
GetDefPermissionsInner(MessageParcel & data,MessageParcel & reply)149 void AccessTokenManagerStub::GetDefPermissionsInner(MessageParcel& data, MessageParcel& reply)
150 {
151 AccessTokenID tokenID = data.ReadUint32();
152 std::vector<PermissionDefParcel> permList;
153
154 int result = this->GetDefPermissions(tokenID, permList);
155 reply.WriteInt32(result);
156 if (result != RET_SUCCESS) {
157 return;
158 }
159 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s called, permList size: %{public}zu", __func__, permList.size());
160 reply.WriteUint32(permList.size());
161 for (const auto& permDef : permList) {
162 reply.WriteParcelable(&permDef);
163 }
164 }
165
GetReqPermissionsInner(MessageParcel & data,MessageParcel & reply)166 void AccessTokenManagerStub::GetReqPermissionsInner(MessageParcel& data, MessageParcel& reply)
167 {
168 unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID();
169 if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
170 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
171 return;
172 }
173 if (!IsPrivilegedCalling() &&
174 VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
175 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
176 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
177 return;
178 }
179
180 AccessTokenID tokenID = data.ReadUint32();
181 int isSystemGrant = data.ReadInt32();
182 std::vector<PermissionStateFullParcel> permList;
183
184 int result = this->GetReqPermissions(tokenID, permList, isSystemGrant);
185 reply.WriteInt32(result);
186 if (result != RET_SUCCESS) {
187 return;
188 }
189 ACCESSTOKEN_LOG_DEBUG(LABEL, "PermList size: %{public}zu", permList.size());
190 reply.WriteUint32(permList.size());
191 for (const auto& permDef : permList) {
192 reply.WriteParcelable(&permDef);
193 }
194 }
195
GetSelfPermissionsStateInner(MessageParcel & data,MessageParcel & reply)196 void AccessTokenManagerStub::GetSelfPermissionsStateInner(MessageParcel& data, MessageParcel& reply)
197 {
198 std::vector<PermissionListStateParcel> permList;
199 uint32_t size = 0;
200 if (!data.ReadUint32(size)) {
201 reply.WriteInt32(INVALID_OPER);
202 return;
203 }
204 ACCESSTOKEN_LOG_DEBUG(LABEL, "PermList size read from client data is %{public}d.", size);
205 if (size > MAX_PERMISSION_SIZE) {
206 ACCESSTOKEN_LOG_ERROR(LABEL, "PermList size %{public}d is invalid", size);
207 reply.WriteInt32(INVALID_OPER);
208 return;
209 }
210 for (uint32_t i = 0; i < size; i++) {
211 sptr<PermissionListStateParcel> permissionParcel = data.ReadParcelable<PermissionListStateParcel>();
212 if (permissionParcel != nullptr) {
213 permList.emplace_back(*permissionParcel);
214 }
215 }
216 PermissionGrantInfoParcel infoParcel;
217 PermissionOper result = this->GetSelfPermissionsState(permList, infoParcel);
218
219 reply.WriteInt32(result);
220
221 reply.WriteUint32(permList.size());
222 for (const auto& perm : permList) {
223 reply.WriteParcelable(&perm);
224 }
225 reply.WriteParcelable(&infoParcel);
226 }
227
GetPermissionsStatusInner(MessageParcel & data,MessageParcel & reply)228 void AccessTokenManagerStub::GetPermissionsStatusInner(MessageParcel& data, MessageParcel& reply)
229 {
230 unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID();
231 if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
232 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
233 return;
234 }
235 if (!IsPrivilegedCalling() &&
236 VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
237 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
238 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
239 return;
240 }
241
242 AccessTokenID tokenID = data.ReadUint32();
243 std::vector<PermissionListStateParcel> permList;
244 uint32_t size = 0;
245 if (!data.ReadUint32(size)) {
246 reply.WriteInt32(INVALID_OPER);
247 return;
248 }
249 ACCESSTOKEN_LOG_DEBUG(LABEL, "PermList size read from client data is %{public}d.", size);
250 if (size > MAX_PERMISSION_SIZE) {
251 ACCESSTOKEN_LOG_ERROR(LABEL, "PermList size %{public}d is oversize", size);
252 reply.WriteInt32(INVALID_OPER);
253 return;
254 }
255 for (uint32_t i = 0; i < size; i++) {
256 sptr<PermissionListStateParcel> permissionParcel = data.ReadParcelable<PermissionListStateParcel>();
257 if (permissionParcel != nullptr) {
258 permList.emplace_back(*permissionParcel);
259 }
260 }
261 int32_t result = this->GetPermissionsStatus(tokenID, permList);
262
263 reply.WriteInt32(result);
264 if (result != RET_SUCCESS) {
265 return;
266 }
267 reply.WriteUint32(permList.size());
268 for (const auto& perm : permList) {
269 reply.WriteParcelable(&perm);
270 }
271 }
272
GetPermissionFlagInner(MessageParcel & data,MessageParcel & reply)273 void AccessTokenManagerStub::GetPermissionFlagInner(MessageParcel& data, MessageParcel& reply)
274 {
275 unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID();
276 if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
277 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
278 return;
279 }
280 AccessTokenID tokenID = data.ReadUint32();
281 std::string permissionName = data.ReadString();
282 if (!IsPrivilegedCalling() &&
283 VerifyAccessToken(callingTokenID, GRANT_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED &&
284 VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED &&
285 VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
286 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
287 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
288 return;
289 }
290 uint32_t flag;
291 int result = this->GetPermissionFlag(tokenID, permissionName, flag);
292 reply.WriteInt32(result);
293 if (result != RET_SUCCESS) {
294 return;
295 }
296 reply.WriteUint32(flag);
297 }
298
SetPermissionRequestToggleStatusInner(MessageParcel & data,MessageParcel & reply)299 void AccessTokenManagerStub::SetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply)
300 {
301 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
302 if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
303 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
304 return;
305 }
306
307 std::string permissionName = data.ReadString();
308 uint32_t status = data.ReadUint32();
309 int32_t userID = data.ReadInt32();
310 if (!IsPrivilegedCalling() && VerifyAccessToken(callingTokenID, DISABLE_PERMISSION_DIALOG) == PERMISSION_DENIED) {
311 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT",
312 HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID",
313 callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "SetToggleStatus");
314 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d).", callingTokenID);
315 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
316 return;
317 }
318 int32_t result = this->SetPermissionRequestToggleStatus(permissionName, status, userID);
319 reply.WriteInt32(result);
320 }
321
GetPermissionRequestToggleStatusInner(MessageParcel & data,MessageParcel & reply)322 void AccessTokenManagerStub::GetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply)
323 {
324 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
325 if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
326 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
327 return;
328 }
329
330 std::string permissionName = data.ReadString();
331 int32_t userID = data.ReadInt32();
332 if (!IsShellProcessCalling() && !IsPrivilegedCalling() &&
333 VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
334 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT",
335 HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID",
336 callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "GetToggleStatus");
337 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d).", callingTokenID);
338 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
339 return;
340 }
341 uint32_t status;
342 int32_t result = this->GetPermissionRequestToggleStatus(permissionName, status, userID);
343 reply.WriteInt32(result);
344 if (result != RET_SUCCESS) {
345 return;
346 }
347 reply.WriteUint32(status);
348 }
349
GrantPermissionInner(MessageParcel & data,MessageParcel & reply)350 void AccessTokenManagerStub::GrantPermissionInner(MessageParcel& data, MessageParcel& reply)
351 {
352 unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID();
353 if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
354 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
355 return;
356 }
357 AccessTokenID tokenID = data.ReadUint32();
358 std::string permissionName = data.ReadString();
359 uint32_t flag = data.ReadUint32();
360 if (!IsPrivilegedCalling() &&
361 VerifyAccessToken(callingTokenID, GRANT_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
362 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT",
363 HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR,
364 "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName);
365 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
366 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
367 return;
368 }
369 int result = this->GrantPermission(tokenID, permissionName, flag);
370 reply.WriteInt32(result);
371 }
372
RevokePermissionInner(MessageParcel & data,MessageParcel & reply)373 void AccessTokenManagerStub::RevokePermissionInner(MessageParcel& data, MessageParcel& reply)
374 {
375 unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID();
376 if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
377 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
378 return;
379 }
380 AccessTokenID tokenID = data.ReadUint32();
381 std::string permissionName = data.ReadString();
382 uint32_t flag = data.ReadUint32();
383 if (!IsPrivilegedCalling() &&
384 VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
385 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT",
386 HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR,
387 "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName);
388 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
389 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
390 return;
391 }
392 int result = this->RevokePermission(tokenID, permissionName, flag);
393 reply.WriteInt32(result);
394 }
395
GrantPermissionForSpecifiedTimeInner(MessageParcel & data,MessageParcel & reply)396 void AccessTokenManagerStub::GrantPermissionForSpecifiedTimeInner(MessageParcel& data, MessageParcel& reply)
397 {
398 unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID();
399 if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
400 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
401 return;
402 }
403 AccessTokenID tokenID = data.ReadUint32();
404 std::string permissionName = data.ReadString();
405 uint32_t onceTime = data.ReadUint32();
406 if (!IsPrivilegedCalling() &&
407 VerifyAccessToken(callingTokenID, GRANT_SHORT_TERM_WRITE_MEDIAVIDEO) == PERMISSION_DENIED) {
408 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT",
409 HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR,
410 "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName);
411 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
412 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
413 return;
414 }
415 int result = this->GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime);
416 reply.WriteInt32(result);
417 }
418
ClearUserGrantedPermissionStateInner(MessageParcel & data,MessageParcel & reply)419 void AccessTokenManagerStub::ClearUserGrantedPermissionStateInner(MessageParcel& data, MessageParcel& reply)
420 {
421 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
422 if (!IsPrivilegedCalling() &&
423 VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
424 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT",
425 HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR,
426 "CALLER_TOKENID", callingTokenID);
427 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
428 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
429 return;
430 }
431 AccessTokenID tokenID = data.ReadUint32();
432 int result = this->ClearUserGrantedPermissionState(tokenID);
433 reply.WriteInt32(result);
434 }
435
AllocHapTokenInner(MessageParcel & data,MessageParcel & reply)436 void AccessTokenManagerStub::AllocHapTokenInner(MessageParcel& data, MessageParcel& reply)
437 {
438 AccessTokenIDEx res = {0};
439 AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID();
440 if (!IsPrivilegedCalling() &&
441 (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) {
442 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", tokenID);
443 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
444 return;
445 }
446
447 sptr<HapInfoParcel> hapInfoParcel = data.ReadParcelable<HapInfoParcel>();
448 sptr<HapPolicyParcel> hapPolicyParcel = data.ReadParcelable<HapPolicyParcel>();
449 if (hapInfoParcel == nullptr || hapPolicyParcel == nullptr) {
450 ACCESSTOKEN_LOG_ERROR(LABEL, "Read hapPolicyParcel or hapInfoParcel fail");
451 reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
452 return;
453 }
454 res = this->AllocHapToken(*hapInfoParcel, *hapPolicyParcel);
455 reply.WriteUint64(res.tokenIDEx);
456 }
457
InitHapTokenInner(MessageParcel & data,MessageParcel & reply)458 void AccessTokenManagerStub::InitHapTokenInner(MessageParcel& data, MessageParcel& reply)
459 {
460 AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID();
461 if (!IsPrivilegedCalling() &&
462 (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) {
463 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", tokenID);
464 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
465 return;
466 }
467
468 sptr<HapInfoParcel> hapInfoParcel = data.ReadParcelable<HapInfoParcel>();
469 sptr<HapPolicyParcel> hapPolicyParcel = data.ReadParcelable<HapPolicyParcel>();
470 if (hapInfoParcel == nullptr || hapPolicyParcel == nullptr) {
471 ACCESSTOKEN_LOG_ERROR(LABEL, "Read hapPolicyParcel or hapInfoParcel fail");
472 reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
473 return;
474 }
475 int32_t res;
476 AccessTokenIDEx fullTokenId = { 0 };
477 res = this->InitHapToken(*hapInfoParcel, *hapPolicyParcel, fullTokenId);
478 if (!reply.WriteInt32(res)) {
479 ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 fail");
480 }
481
482 if (res != RET_SUCCESS) {
483 ACCESSTOKEN_LOG_ERROR(LABEL, "Res error %{public}d", res);
484 return;
485 }
486 reply.WriteUint64(fullTokenId.tokenIDEx);
487 }
488
GetTokenTypeInner(MessageParcel & data,MessageParcel & reply)489 void AccessTokenManagerStub::GetTokenTypeInner(MessageParcel& data, MessageParcel& reply)
490 {
491 AccessTokenID tokenID = data.ReadUint32();
492 int result = this->GetTokenType(tokenID);
493 reply.WriteInt32(result);
494 }
495
CheckNativeDCapInner(MessageParcel & data,MessageParcel & reply)496 void AccessTokenManagerStub::CheckNativeDCapInner(MessageParcel& data, MessageParcel& reply)
497 {
498 if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) {
499 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
500 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
501 return;
502 }
503 AccessTokenID tokenID = data.ReadUint32();
504 std::string dCap = data.ReadString();
505 int result = this->CheckNativeDCap(tokenID, dCap);
506 reply.WriteInt32(result);
507 }
508
GetHapTokenIDInner(MessageParcel & data,MessageParcel & reply)509 void AccessTokenManagerStub::GetHapTokenIDInner(MessageParcel& data, MessageParcel& reply)
510 {
511 if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) {
512 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
513 reply.WriteInt32(INVALID_TOKENID);
514 return;
515 }
516 int userID = data.ReadInt32();
517 std::string bundleName = data.ReadString();
518 int instIndex = data.ReadInt32();
519 AccessTokenIDEx tokenIdEx = this->GetHapTokenID(userID, bundleName, instIndex);
520 reply.WriteUint64(tokenIdEx.tokenIDEx);
521 }
522
AllocLocalTokenIDInner(MessageParcel & data,MessageParcel & reply)523 void AccessTokenManagerStub::AllocLocalTokenIDInner(MessageParcel& data, MessageParcel& reply)
524 {
525 if ((!IsNativeProcessCalling()) && !IsPrivilegedCalling()) {
526 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
527 reply.WriteInt32(INVALID_TOKENID);
528 return;
529 }
530 std::string remoteDeviceID = data.ReadString();
531 AccessTokenID remoteTokenID = data.ReadUint32();
532 AccessTokenID result = this->AllocLocalTokenID(remoteDeviceID, remoteTokenID);
533 reply.WriteUint32(result);
534 }
535
UpdateHapTokenInner(MessageParcel & data,MessageParcel & reply)536 void AccessTokenManagerStub::UpdateHapTokenInner(MessageParcel& data, MessageParcel& reply)
537 {
538 AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID();
539 if (!IsPrivilegedCalling() &&
540 (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) {
541 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
542 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
543 return;
544 }
545 UpdateHapInfoParams info;
546 AccessTokenID tokenID = data.ReadUint32();
547 info.isSystemApp = data.ReadBool();
548 info.appIDDesc = data.ReadString();
549 info.apiVersion = data.ReadInt32();
550 info.appDistributionType = data.ReadString();
551 AccessTokenIDEx tokenIdEx;
552 tokenIdEx.tokenIdExStruct.tokenID = tokenID;
553 sptr<HapPolicyParcel> policyParcel = data.ReadParcelable<HapPolicyParcel>();
554 if (policyParcel == nullptr) {
555 ACCESSTOKEN_LOG_ERROR(LABEL, "PolicyParcel read faild");
556 reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
557 return;
558 }
559 int32_t result = this->UpdateHapToken(tokenIdEx, info, *policyParcel);
560 reply.WriteInt32(result);
561 reply.WriteUint32(tokenIdEx.tokenIdExStruct.tokenAttr);
562 }
563
GetHapTokenInfoInner(MessageParcel & data,MessageParcel & reply)564 void AccessTokenManagerStub::GetHapTokenInfoInner(MessageParcel& data, MessageParcel& reply)
565 {
566 if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) {
567 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
568 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
569 return;
570 }
571 HapTokenInfoParcel hapTokenInfoParcel;
572 AccessTokenID tokenID = data.ReadUint32();
573 int result = this->GetHapTokenInfo(tokenID, hapTokenInfoParcel);
574 reply.WriteInt32(result);
575 if (result != RET_SUCCESS) {
576 return;
577 }
578 reply.WriteParcelable(&hapTokenInfoParcel);
579 }
580
GetNativeTokenInfoInner(MessageParcel & data,MessageParcel & reply)581 void AccessTokenManagerStub::GetNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply)
582 {
583 if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) {
584 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
585 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
586 return;
587 }
588 AccessTokenID tokenID = data.ReadUint32();
589 NativeTokenInfoParcel nativeTokenInfoParcel;
590 int result = this->GetNativeTokenInfo(tokenID, nativeTokenInfoParcel);
591 reply.WriteInt32(result);
592 if (result != RET_SUCCESS) {
593 return;
594 }
595 reply.WriteParcelable(&nativeTokenInfoParcel);
596 }
597
RegisterPermStateChangeCallbackInner(MessageParcel & data,MessageParcel & reply)598 void AccessTokenManagerStub::RegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply)
599 {
600 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
601 if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
602 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
603 return;
604 }
605 if (VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
606 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
607 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
608 return;
609 }
610 sptr<PermStateChangeScopeParcel> scopeParcel = data.ReadParcelable<PermStateChangeScopeParcel>();
611 if (scopeParcel == nullptr) {
612 ACCESSTOKEN_LOG_ERROR(LABEL, "Read scopeParcel fail");
613 reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
614 return;
615 }
616 sptr<IRemoteObject> callback = data.ReadRemoteObject();
617 if (callback == nullptr) {
618 ACCESSTOKEN_LOG_ERROR(LABEL, "Read callback fail");
619 reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
620 return;
621 }
622 int32_t result = this->RegisterPermStateChangeCallback(*scopeParcel, callback);
623 reply.WriteInt32(result);
624 }
625
UnRegisterPermStateChangeCallbackInner(MessageParcel & data,MessageParcel & reply)626 void AccessTokenManagerStub::UnRegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply)
627 {
628 uint32_t callingToken = IPCSkeleton::GetCallingTokenID();
629 if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) {
630 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
631 return;
632 }
633 if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
634 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingToken);
635 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
636 return;
637 }
638 sptr<IRemoteObject> callback = data.ReadRemoteObject();
639 if (callback == nullptr) {
640 ACCESSTOKEN_LOG_ERROR(LABEL, "Read callback fail");
641 reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
642 return;
643 }
644 int32_t result = this->UnRegisterPermStateChangeCallback(callback);
645 reply.WriteInt32(result);
646 }
647
648 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
ReloadNativeTokenInfoInner(MessageParcel & data,MessageParcel & reply)649 void AccessTokenManagerStub::ReloadNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply)
650 {
651 if (!IsPrivilegedCalling()) {
652 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
653 reply.WriteUint32(AccessTokenError::ERR_PERMISSION_DENIED);
654 return;
655 }
656 int32_t result = this->ReloadNativeTokenInfo();
657 reply.WriteInt32(result);
658 }
659 #endif
660
GetNativeTokenIdInner(MessageParcel & data,MessageParcel & reply)661 void AccessTokenManagerStub::GetNativeTokenIdInner(MessageParcel& data, MessageParcel& reply)
662 {
663 if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) {
664 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
665 reply.WriteUint32(INVALID_TOKENID);
666 return;
667 }
668 std::string processName;
669 if (!data.ReadString(processName)) {
670 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadString fail, processName=%{public}s", processName.c_str());
671 return;
672 }
673 AccessTokenID result = this->GetNativeTokenId(processName);
674 reply.WriteUint32(result);
675 }
676
677 #ifdef TOKEN_SYNC_ENABLE
GetHapTokenInfoFromRemoteInner(MessageParcel & data,MessageParcel & reply)678 void AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner(MessageParcel& data, MessageParcel& reply)
679 {
680 if (!IsAccessTokenCalling()) {
681 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
682 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
683 return;
684 }
685 AccessTokenID tokenID = data.ReadUint32();
686 HapTokenInfoForSyncParcel hapTokenParcel;
687
688 int result = this->GetHapTokenInfoFromRemote(tokenID, hapTokenParcel);
689 reply.WriteInt32(result);
690 if (result != RET_SUCCESS) {
691 return;
692 }
693 reply.WriteParcelable(&hapTokenParcel);
694 }
695
SetRemoteHapTokenInfoInner(MessageParcel & data,MessageParcel & reply)696 void AccessTokenManagerStub::SetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply)
697 {
698 if (!IsAccessTokenCalling()) {
699 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
700 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
701 return;
702 }
703 std::string deviceID = data.ReadString();
704 sptr<HapTokenInfoForSyncParcel> hapTokenParcel = data.ReadParcelable<HapTokenInfoForSyncParcel>();
705 if (hapTokenParcel == nullptr) {
706 ACCESSTOKEN_LOG_ERROR(LABEL, "HapTokenParcel read faild");
707 reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
708 return;
709 }
710 int result = this->SetRemoteHapTokenInfo(deviceID, *hapTokenParcel);
711 reply.WriteInt32(result);
712 }
713
DeleteRemoteTokenInner(MessageParcel & data,MessageParcel & reply)714 void AccessTokenManagerStub::DeleteRemoteTokenInner(MessageParcel& data, MessageParcel& reply)
715 {
716 if (!IsAccessTokenCalling()) {
717 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
718 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
719 return;
720 }
721 std::string deviceID = data.ReadString();
722 AccessTokenID tokenID = data.ReadUint32();
723
724 int result = this->DeleteRemoteToken(deviceID, tokenID);
725 reply.WriteInt32(result);
726 }
727
GetRemoteNativeTokenIDInner(MessageParcel & data,MessageParcel & reply)728 void AccessTokenManagerStub::GetRemoteNativeTokenIDInner(MessageParcel& data, MessageParcel& reply)
729 {
730 if (!IsAccessTokenCalling()) {
731 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
732 reply.WriteInt32(INVALID_TOKENID);
733 return;
734 }
735 std::string deviceID = data.ReadString();
736 AccessTokenID tokenID = data.ReadUint32();
737
738 AccessTokenID result = this->GetRemoteNativeTokenID(deviceID, tokenID);
739 reply.WriteUint32(result);
740 }
741
DeleteRemoteDeviceTokensInner(MessageParcel & data,MessageParcel & reply)742 void AccessTokenManagerStub::DeleteRemoteDeviceTokensInner(MessageParcel& data, MessageParcel& reply)
743 {
744 if (!IsAccessTokenCalling()) {
745 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
746 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
747 return;
748 }
749 std::string deviceID = data.ReadString();
750
751 int result = this->DeleteRemoteDeviceTokens(deviceID);
752 reply.WriteInt32(result);
753 }
754
RegisterTokenSyncCallbackInner(MessageParcel & data,MessageParcel & reply)755 void AccessTokenManagerStub::RegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply)
756 {
757 if (!IsAccessTokenCalling()) {
758 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID());
759 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
760 return;
761 }
762
763 sptr<IRemoteObject> callback = data.ReadRemoteObject();
764 if (callback == nullptr) {
765 ACCESSTOKEN_LOG_ERROR(LABEL, "Callback read failed.");
766 reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
767 return;
768 }
769 int32_t result = this->RegisterTokenSyncCallback(callback);
770 reply.WriteInt32(result);
771 }
772
UnRegisterTokenSyncCallbackInner(MessageParcel & data,MessageParcel & reply)773 void AccessTokenManagerStub::UnRegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply)
774 {
775 if (!IsAccessTokenCalling()) {
776 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID());
777 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
778 return;
779 }
780
781 int32_t result = this->UnRegisterTokenSyncCallback();
782 reply.WriteInt32(result);
783 }
784 #endif
785
GetVersionInner(MessageParcel & data,MessageParcel & reply)786 void AccessTokenManagerStub::GetVersionInner(MessageParcel& data, MessageParcel& reply)
787 {
788 uint32_t callingToken = IPCSkeleton::GetCallingTokenID();
789 if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) {
790 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
791 return;
792 }
793 uint32_t version;
794 int32_t result = this->GetVersion(version);
795 if (!reply.WriteInt32(result)) {
796 ACCESSTOKEN_LOG_ERROR(LABEL, "Write result failed.");
797 }
798 if (result != RET_SUCCESS) {
799 return;
800 }
801 if (!reply.WriteUint32(version)) {
802 ACCESSTOKEN_LOG_ERROR(LABEL, "Write Uint32 failed.");
803 }
804 }
805
DumpTokenInfoInner(MessageParcel & data,MessageParcel & reply)806 void AccessTokenManagerStub::DumpTokenInfoInner(MessageParcel& data, MessageParcel& reply)
807 {
808 if (!IsShellProcessCalling()) {
809 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
810 reply.WriteString("");
811 return;
812 }
813 sptr<AtmToolsParamInfoParcel> infoParcel = data.ReadParcelable<AtmToolsParamInfoParcel>();
814 if (infoParcel == nullptr) {
815 ACCESSTOKEN_LOG_ERROR(LABEL, "Read infoParcel fail");
816 reply.WriteString("read infoParcel fail");
817 return;
818 }
819 std::string dumpInfo = "";
820 this->DumpTokenInfo(*infoParcel, dumpInfo);
821 if (!reply.SetDataCapacity(DUMP_CAPACITY_SIZE)) {
822 ACCESSTOKEN_LOG_WARN(LABEL, "SetDataCapacity failed");
823 }
824 if (!reply.WriteString(dumpInfo)) {
825 ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString failed");
826 }
827 }
828
SetPermDialogCapInner(MessageParcel & data,MessageParcel & reply)829 void AccessTokenManagerStub::SetPermDialogCapInner(MessageParcel& data, MessageParcel& reply)
830 {
831 uint32_t callingToken = IPCSkeleton::GetCallingTokenID();
832 if (VerifyAccessToken(callingToken, DISABLE_PERMISSION_DIALOG) == PERMISSION_DENIED) {
833 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingToken);
834 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
835 return;
836 }
837
838 sptr<HapBaseInfoParcel> hapBaseInfoParcel = data.ReadParcelable<HapBaseInfoParcel>();
839 if (hapBaseInfoParcel == nullptr) {
840 ACCESSTOKEN_LOG_ERROR(LABEL, "Read hapBaseInfoParcel fail");
841 reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
842 return;
843 }
844 bool enable = data.ReadBool();
845 int32_t res = this->SetPermDialogCap(*hapBaseInfoParcel, enable);
846 reply.WriteInt32(res);
847 }
848
GetPermissionManagerInfoInner(MessageParcel & data,MessageParcel & reply)849 void AccessTokenManagerStub::GetPermissionManagerInfoInner(MessageParcel& data, MessageParcel& reply)
850 {
851 PermissionGrantInfoParcel infoParcel;
852 this->GetPermissionManagerInfo(infoParcel);
853 reply.WriteParcelable(&infoParcel);
854 }
855
IsPrivilegedCalling() const856 bool AccessTokenManagerStub::IsPrivilegedCalling() const
857 {
858 // shell process is root in debug mode.
859 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
860 int32_t callingUid = IPCSkeleton::GetCallingUid();
861 return callingUid == ROOT_UID;
862 #else
863 return false;
864 #endif
865 }
866
IsAccessTokenCalling()867 bool AccessTokenManagerStub::IsAccessTokenCalling()
868 {
869 uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID();
870 if (tokenSyncId_ == 0) {
871 tokenSyncId_ = this->GetNativeTokenId("token_sync_service");
872 }
873 return tokenCaller == tokenSyncId_;
874 }
875
IsNativeProcessCalling()876 bool AccessTokenManagerStub::IsNativeProcessCalling()
877 {
878 AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
879 return this->GetTokenType(tokenCaller) == TOKEN_NATIVE;
880 }
881
IsShellProcessCalling()882 bool AccessTokenManagerStub::IsShellProcessCalling()
883 {
884 AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
885 return this->GetTokenType(tokenCaller) == TOKEN_SHELL;
886 }
887
IsSystemAppCalling() const888 bool AccessTokenManagerStub::IsSystemAppCalling() const
889 {
890 uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID();
891 return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId);
892 }
893
894 #ifdef TOKEN_SYNC_ENABLE
SetTokenSyncFuncInMap()895 void AccessTokenManagerStub::SetTokenSyncFuncInMap()
896 {
897 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_HAP_TOKEN_FROM_REMOTE)] =
898 &AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner;
899 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::SET_REMOTE_HAP_TOKEN_INFO)] =
900 &AccessTokenManagerStub::SetRemoteHapTokenInfoInner;
901 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::DELETE_REMOTE_TOKEN_INFO)] =
902 &AccessTokenManagerStub::DeleteRemoteTokenInner;
903 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::DELETE_REMOTE_DEVICE_TOKEN)] =
904 &AccessTokenManagerStub::DeleteRemoteDeviceTokensInner;
905 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_NATIVE_REMOTE_TOKEN)] =
906 &AccessTokenManagerStub::GetRemoteNativeTokenIDInner;
907 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::REGISTER_TOKEN_SYNC_CALLBACK)] =
908 &AccessTokenManagerStub::RegisterTokenSyncCallbackInner;
909 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::UNREGISTER_TOKEN_SYNC_CALLBACK)] =
910 &AccessTokenManagerStub::UnRegisterTokenSyncCallbackInner;
911 }
912 #endif
913
SetLocalTokenOpFuncInMap()914 void AccessTokenManagerStub::SetLocalTokenOpFuncInMap()
915 {
916 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::ALLOC_TOKEN_HAP)] =
917 &AccessTokenManagerStub::AllocHapTokenInner;
918 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::INIT_TOKEN_HAP)] =
919 &AccessTokenManagerStub::InitHapTokenInner;
920 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::TOKEN_DELETE)] =
921 &AccessTokenManagerStub::DeleteTokenInfoInner;
922 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_TOKEN_TYPE)] =
923 &AccessTokenManagerStub::GetTokenTypeInner;
924 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::CHECK_NATIVE_DCAP)] =
925 &AccessTokenManagerStub::CheckNativeDCapInner;
926 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_HAP_TOKEN_ID)] =
927 &AccessTokenManagerStub::GetHapTokenIDInner;
928 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::ALLOC_LOCAL_TOKEN_ID)] =
929 &AccessTokenManagerStub::AllocLocalTokenIDInner;
930 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_NATIVE_TOKENINFO)] =
931 &AccessTokenManagerStub::GetNativeTokenInfoInner;
932 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_HAP_TOKENINFO)] =
933 &AccessTokenManagerStub::GetHapTokenInfoInner;
934 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::UPDATE_HAP_TOKEN)] =
935 &AccessTokenManagerStub::UpdateHapTokenInner;
936 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
937 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::RELOAD_NATIVE_TOKEN_INFO)] =
938 &AccessTokenManagerStub::ReloadNativeTokenInfoInner;
939 #endif
940 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_NATIVE_TOKEN_ID)] =
941 &AccessTokenManagerStub::GetNativeTokenIdInner;
942 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::SET_PERM_DIALOG_CAPABILITY)] =
943 &AccessTokenManagerStub::SetPermDialogCapInner;
944 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_PERMISSION_MANAGER_INFO)] =
945 &AccessTokenManagerStub::GetPermissionManagerInfoInner;
946 }
947
SetPermissionOpFuncInMap()948 void AccessTokenManagerStub::SetPermissionOpFuncInMap()
949 {
950 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_USER_GRANTED_PERMISSION_USED_TYPE)] =
951 &AccessTokenManagerStub::GetUserGrantedPermissionUsedTypeInner;
952 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN)] =
953 &AccessTokenManagerStub::VerifyAccessTokenInner;
954 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_DEF_PERMISSION)] =
955 &AccessTokenManagerStub::GetDefPermissionInner;
956 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_DEF_PERMISSIONS)] =
957 &AccessTokenManagerStub::GetDefPermissionsInner;
958 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_REQ_PERMISSIONS)] =
959 &AccessTokenManagerStub::GetReqPermissionsInner;
960 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_PERMISSION_FLAG)] =
961 &AccessTokenManagerStub::GetPermissionFlagInner;
962 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GRANT_PERMISSION)] =
963 &AccessTokenManagerStub::GrantPermissionInner;
964 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::REVOKE_PERMISSION)] =
965 &AccessTokenManagerStub::RevokePermissionInner;
966 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GRANT_PERMISSION_FOR_SPECIFIEDTIME)] =
967 &AccessTokenManagerStub::GrantPermissionForSpecifiedTimeInner;
968 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::CLEAR_USER_GRANT_PERMISSION)] =
969 &AccessTokenManagerStub::ClearUserGrantedPermissionStateInner;
970 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_PERMISSION_OPER_STATE)] =
971 &AccessTokenManagerStub::GetSelfPermissionsStateInner;
972 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_PERMISSIONS_STATUS)] =
973 &AccessTokenManagerStub::GetPermissionsStatusInner;
974 requestFuncMap_[
975 static_cast<uint32_t>(AccessTokenInterfaceCode::REGISTER_PERM_STATE_CHANGE_CALLBACK)] =
976 &AccessTokenManagerStub::RegisterPermStateChangeCallbackInner;
977 requestFuncMap_[
978 static_cast<uint32_t>(AccessTokenInterfaceCode::UNREGISTER_PERM_STATE_CHANGE_CALLBACK)] =
979 &AccessTokenManagerStub::UnRegisterPermStateChangeCallbackInner;
980 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::DUMP_TOKENINFO)] =
981 &AccessTokenManagerStub::DumpTokenInfoInner;
982 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_VERSION)] =
983 &AccessTokenManagerStub::GetVersionInner;
984 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::SET_PERMISSION_REQUEST_TOGGLE_STATUS)] =
985 &AccessTokenManagerStub::SetPermissionRequestToggleStatusInner;
986 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_PERMISSION_REQUEST_TOGGLE_STATUS)] =
987 &AccessTokenManagerStub::GetPermissionRequestToggleStatusInner;
988 }
989
AccessTokenManagerStub()990 AccessTokenManagerStub::AccessTokenManagerStub()
991 {
992 SetPermissionOpFuncInMap();
993 SetLocalTokenOpFuncInMap();
994 #ifdef TOKEN_SYNC_ENABLE
995 SetTokenSyncFuncInMap();
996 #endif
997 }
998
~AccessTokenManagerStub()999 AccessTokenManagerStub::~AccessTokenManagerStub()
1000 {
1001 requestFuncMap_.clear();
1002 }
1003 } // namespace AccessToken
1004 } // namespace Security
1005 } // namespace OHOS
1006