1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "privacy_manager_stub.h"
17
18 #include "accesstoken_kit.h"
19 #include "accesstoken_log.h"
20 #include "ipc_skeleton.h"
21 #include "memory_guard.h"
22 #include "on_permission_used_record_callback_proxy.h"
23 #include "privacy_error.h"
24 #include "string_ex.h"
25 #include "tokenid_kit.h"
26 #ifdef HICOLLIE_ENABLE
27 #include "xcollie/xcollie.h"
28 #endif // HICOLLIE_ENABLE
29
30 namespace OHOS {
31 namespace Security {
32 namespace AccessToken {
33 namespace {
34 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
35 LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacyManagerStub"
36 };
37 static const uint32_t PERM_LIST_SIZE_MAX = 1024;
38 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
39 #ifdef HICOLLIE_ENABLE
40 static constexpr uint32_t TIMEOUT = 6; // 6s
41 #endif // HICOLLIE_ENABLE
42 #endif // SECURITY_COMPONENT_ENHANCE_ENABLE
43 constexpr const char* PERMISSION_USED_STATS = "ohos.permission.PERMISSION_USED_STATS";
44 constexpr const char* SET_FOREGROUND_HAP_REMINDER = "ohos.permission.SET_FOREGROUND_HAP_REMINDER";
45 constexpr const char* SET_MUTE_POLICY = "ohos.permission.SET_MUTE_POLICY";
46 }
47
PrivacyManagerStub()48 PrivacyManagerStub::PrivacyManagerStub()
49 {
50 SetPrivacyFuncInMap();
51 }
52
SetPrivacyFuncInMap()53 void PrivacyManagerStub::SetPrivacyFuncInMap()
54 {
55 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::ADD_PERMISSION_USED_RECORD)] =
56 &PrivacyManagerStub::AddPermissionUsedRecordInner;
57 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::START_USING_PERMISSION)] =
58 &PrivacyManagerStub::StartUsingPermissionInner;
59 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::START_USING_PERMISSION_CALLBACK)] =
60 &PrivacyManagerStub::StartUsingPermissionCallbackInner;
61 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::STOP_USING_PERMISSION)] =
62 &PrivacyManagerStub::StopUsingPermissionInner;
63 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::DELETE_PERMISSION_USED_RECORDS)] =
64 &PrivacyManagerStub::RemovePermissionUsedRecordsInner;
65 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORDS)] =
66 &PrivacyManagerStub::GetPermissionUsedRecordsInner;
67 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORDS_ASYNC)] =
68 &PrivacyManagerStub::GetPermissionUsedRecordsAsyncInner;
69 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::REGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK)] =
70 &PrivacyManagerStub::RegisterPermActiveStatusCallbackInner;
71 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::UNREGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK)] =
72 &PrivacyManagerStub::UnRegisterPermActiveStatusCallbackInner;
73 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::IS_ALLOWED_USING_PERMISSION)] =
74 &PrivacyManagerStub::IsAllowedUsingPermissionInner;
75 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
76 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::REGISTER_SEC_COMP_ENHANCE)] =
77 &PrivacyManagerStub::RegisterSecCompEnhanceInner;
78 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::UPDATE_SEC_COMP_ENHANCE)] =
79 &PrivacyManagerStub::UpdateSecCompEnhanceInner;
80 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::GET_SEC_COMP_ENHANCE)] =
81 &PrivacyManagerStub::GetSecCompEnhanceInner;
82 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::GET_SPECIAL_SEC_COMP_ENHANCE)] =
83 &PrivacyManagerStub::GetSpecialSecCompEnhanceInner;
84 #endif
85 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::GET_PERMISSION_USED_TYPE_INFOS)] =
86 &PrivacyManagerStub::GetPermissionUsedTypeInfosInner;
87 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::SET_MUTE_POLICY)] =
88 &PrivacyManagerStub::SetMutePolicyInner;
89 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::SET_HAP_WITH_FOREGROUND_REMINDER)] =
90 &PrivacyManagerStub::SetHapWithFGReminderInner;
91 }
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)92 int32_t PrivacyManagerStub::OnRemoteRequest(
93 uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option)
94 {
95 MemoryGuard cacheGuard;
96 std::u16string descriptor = data.ReadInterfaceToken();
97 if (descriptor != IPrivacyManager::GetDescriptor()) {
98 ACCESSTOKEN_LOG_ERROR(LABEL, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str());
99 return ERROR_IPC_REQUEST_FAIL;
100 }
101
102 auto itFunc = requestMap_.find(code);
103 if (itFunc != requestMap_.end()) {
104 auto requestFunc = itFunc->second;
105 if (requestFunc != nullptr) {
106 (this->*requestFunc)(data, reply);
107 return NO_ERROR;
108 }
109 }
110
111 return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
112 }
113
AddPermissionUsedRecordInner(MessageParcel & data,MessageParcel & reply)114 void PrivacyManagerStub::AddPermissionUsedRecordInner(MessageParcel& data, MessageParcel& reply)
115 {
116 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
117 if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
118 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
119 return;
120 }
121 if (!VerifyPermission(PERMISSION_USED_STATS)) {
122 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
123 return;
124 }
125 sptr<AddPermParamInfoParcel> infoParcel = data.ReadParcelable<AddPermParamInfoParcel>();
126 if (infoParcel == nullptr) {
127 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable faild");
128 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
129 return;
130 }
131 reply.WriteInt32(this->AddPermissionUsedRecord(*infoParcel));
132 }
133
StartUsingPermissionInner(MessageParcel & data,MessageParcel & reply)134 void PrivacyManagerStub::StartUsingPermissionInner(MessageParcel& data, MessageParcel& reply)
135 {
136 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
137 if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
138 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
139 return;
140 }
141 if (!VerifyPermission(PERMISSION_USED_STATS)) {
142 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
143 return;
144 }
145 AccessTokenID tokenId = data.ReadUint32();
146 int32_t pid = data.ReadInt32();
147 std::string permissionName = data.ReadString();
148 reply.WriteInt32(this->StartUsingPermission(tokenId, pid, permissionName));
149 }
150
StartUsingPermissionCallbackInner(MessageParcel & data,MessageParcel & reply)151 void PrivacyManagerStub::StartUsingPermissionCallbackInner(MessageParcel& data, MessageParcel& reply)
152 {
153 if (!VerifyPermission(PERMISSION_USED_STATS)) {
154 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
155 return;
156 }
157 AccessTokenID tokenId = data.ReadUint32();
158 int32_t pid = data.ReadInt32();
159 std::string permissionName = data.ReadString();
160 sptr<IRemoteObject> callback = data.ReadRemoteObject();
161 if (callback == nullptr) {
162 ACCESSTOKEN_LOG_ERROR(LABEL, "Read ReadRemoteObject fail");
163 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
164 return;
165 }
166 reply.WriteInt32(this->StartUsingPermission(tokenId, pid, permissionName, callback));
167 }
168
StopUsingPermissionInner(MessageParcel & data,MessageParcel & reply)169 void PrivacyManagerStub::StopUsingPermissionInner(MessageParcel& data, MessageParcel& reply)
170 {
171 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
172 if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
173 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
174 return;
175 }
176 if (!VerifyPermission(PERMISSION_USED_STATS)) {
177 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
178 return;
179 }
180 AccessTokenID tokenId = data.ReadUint32();
181 int32_t pid = data.ReadInt32();
182 std::string permissionName = data.ReadString();
183 reply.WriteInt32(this->StopUsingPermission(tokenId, pid, permissionName));
184 }
185
RemovePermissionUsedRecordsInner(MessageParcel & data,MessageParcel & reply)186 void PrivacyManagerStub::RemovePermissionUsedRecordsInner(MessageParcel& data, MessageParcel& reply)
187 {
188 if (!IsAccessTokenCalling() && !VerifyPermission(PERMISSION_USED_STATS)) {
189 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
190 return;
191 }
192
193 AccessTokenID tokenId = data.ReadUint32();
194 std::string deviceID = data.ReadString();
195 reply.WriteInt32(this->RemovePermissionUsedRecords(tokenId, deviceID));
196 }
197
GetPermissionUsedRecordsInner(MessageParcel & data,MessageParcel & reply)198 void PrivacyManagerStub::GetPermissionUsedRecordsInner(MessageParcel& data, MessageParcel& reply)
199 {
200 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
201 if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
202 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
203 return;
204 }
205 PermissionUsedResultParcel responseParcel;
206 if (!VerifyPermission(PERMISSION_USED_STATS)) {
207 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
208 return;
209 }
210 sptr<PermissionUsedRequestParcel> requestParcel = data.ReadParcelable<PermissionUsedRequestParcel>();
211 if (requestParcel == nullptr) {
212 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable faild");
213 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
214 return;
215 }
216 int32_t result = this->GetPermissionUsedRecords(*requestParcel, responseParcel);
217 reply.WriteInt32(result);
218 if (result != RET_SUCCESS) {
219 ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 faild");
220 return;
221 }
222 reply.WriteParcelable(&responseParcel);
223 }
224
GetPermissionUsedRecordsAsyncInner(MessageParcel & data,MessageParcel & reply)225 void PrivacyManagerStub::GetPermissionUsedRecordsAsyncInner(MessageParcel& data, MessageParcel& reply)
226 {
227 if (!VerifyPermission(PERMISSION_USED_STATS)) {
228 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
229 return;
230 }
231 sptr<PermissionUsedRequestParcel> requestParcel = data.ReadParcelable<PermissionUsedRequestParcel>();
232 if (requestParcel == nullptr) {
233 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable failed");
234 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
235 return;
236 }
237 sptr<OnPermissionUsedRecordCallback> callback = new OnPermissionUsedRecordCallbackProxy(data.ReadRemoteObject());
238 if (callback == nullptr) {
239 ACCESSTOKEN_LOG_ERROR(LABEL, "Callback is null");
240 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
241 return;
242 }
243 reply.WriteInt32(this->GetPermissionUsedRecords(*requestParcel, callback));
244 }
245
RegisterPermActiveStatusCallbackInner(MessageParcel & data,MessageParcel & reply)246 void PrivacyManagerStub::RegisterPermActiveStatusCallbackInner(MessageParcel& data, MessageParcel& reply)
247 {
248 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
249 if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
250 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
251 return;
252 }
253 if (!VerifyPermission(PERMISSION_USED_STATS)) {
254 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
255 return;
256 }
257 uint32_t permListSize = data.ReadUint32();
258 if (permListSize > PERM_LIST_SIZE_MAX) {
259 ACCESSTOKEN_LOG_ERROR(LABEL, "Read permListSize fail");
260 reply.WriteInt32(PrivacyError::ERR_OVERSIZE);
261 return;
262 }
263 std::vector<std::string> permList;
264 for (uint32_t i = 0; i < permListSize; i++) {
265 std::string perm = data.ReadString();
266 permList.emplace_back(perm);
267 }
268 sptr<IRemoteObject> callback = data.ReadRemoteObject();
269 if (callback == nullptr) {
270 ACCESSTOKEN_LOG_ERROR(LABEL, "Read ReadRemoteObject fail");
271 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
272 return;
273 }
274 reply.WriteInt32(this->RegisterPermActiveStatusCallback(permList, callback));
275 }
276
UnRegisterPermActiveStatusCallbackInner(MessageParcel & data,MessageParcel & reply)277 void PrivacyManagerStub::UnRegisterPermActiveStatusCallbackInner(MessageParcel& data, MessageParcel& reply)
278 {
279 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
280 if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
281 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
282 return;
283 }
284 if (!VerifyPermission(PERMISSION_USED_STATS)) {
285 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
286 return;
287 }
288 sptr<IRemoteObject> callback = data.ReadRemoteObject();
289 if (callback == nullptr) {
290 ACCESSTOKEN_LOG_ERROR(LABEL, "Read scopeParcel fail");
291 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
292 return;
293 }
294 reply.WriteInt32(this->UnRegisterPermActiveStatusCallback(callback));
295 }
296
IsAllowedUsingPermissionInner(MessageParcel & data,MessageParcel & reply)297 void PrivacyManagerStub::IsAllowedUsingPermissionInner(MessageParcel& data, MessageParcel& reply)
298 {
299 if (!VerifyPermission(PERMISSION_USED_STATS)) {
300 reply.WriteBool(false);
301 return;
302 }
303 AccessTokenID tokenId = data.ReadUint32();
304
305 std::string permissionName = data.ReadString();
306 bool result = this->IsAllowedUsingPermission(tokenId, permissionName);
307 if (!reply.WriteBool(result)) {
308 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteBool(%{public}s)", permissionName.c_str());
309 reply.WriteBool(false);
310 return;
311 }
312 }
313
314 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
RegisterSecCompEnhanceInner(MessageParcel & data,MessageParcel & reply)315 void PrivacyManagerStub::RegisterSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply)
316 {
317 #ifdef HICOLLIE_ENABLE
318 std::string name = "PrivacyTimer";
319 int timerId = HiviewDFX::XCollie::GetInstance().SetTimer(name, TIMEOUT, nullptr, nullptr,
320 HiviewDFX::XCOLLIE_FLAG_LOG);
321 #endif // HICOLLIE_ENABLE
322
323 sptr<SecCompEnhanceDataParcel> requestParcel = data.ReadParcelable<SecCompEnhanceDataParcel>();
324 if (requestParcel == nullptr) {
325 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable faild");
326 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
327
328 #ifdef HICOLLIE_ENABLE
329 HiviewDFX::XCollie::GetInstance().CancelTimer(timerId);
330 #endif // HICOLLIE_ENABLE
331
332 return;
333 }
334 reply.WriteInt32(this->RegisterSecCompEnhance(*requestParcel));
335
336 #ifdef HICOLLIE_ENABLE
337 HiviewDFX::XCollie::GetInstance().CancelTimer(timerId);
338 #endif // HICOLLIE_ENABLE
339 }
340
UpdateSecCompEnhanceInner(MessageParcel & data,MessageParcel & reply)341 void PrivacyManagerStub::UpdateSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply)
342 {
343 if (!IsSecCompServiceCalling()) {
344 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
345 return;
346 }
347
348 int32_t pid = data.ReadInt32();
349 uint32_t seqNum = data.ReadUint32();
350 reply.WriteInt32(this->UpdateSecCompEnhance(pid, seqNum));
351 }
352
GetSecCompEnhanceInner(MessageParcel & data,MessageParcel & reply)353 void PrivacyManagerStub::GetSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply)
354 {
355 if (!IsSecCompServiceCalling()) {
356 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
357 return;
358 }
359
360 int32_t pid = data.ReadInt32();
361 SecCompEnhanceDataParcel parcel;
362 int32_t result = this->GetSecCompEnhance(pid, parcel);
363 reply.WriteInt32(result);
364 if (result != RET_SUCCESS) {
365 return;
366 }
367
368 reply.WriteParcelable(&parcel);
369 }
370
GetSpecialSecCompEnhanceInner(MessageParcel & data,MessageParcel & reply)371 void PrivacyManagerStub::GetSpecialSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply)
372 {
373 if (!IsSecCompServiceCalling()) {
374 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
375 return;
376 }
377
378 std::string bundleName = data.ReadString();
379 std::vector<SecCompEnhanceDataParcel> parcelList;
380 int32_t result = this->GetSpecialSecCompEnhance(bundleName, parcelList);
381 reply.WriteInt32(result);
382 if (result != RET_SUCCESS) {
383 return;
384 }
385 reply.WriteUint32(parcelList.size());
386 for (const auto& parcel : parcelList) {
387 reply.WriteParcelable(&parcel);
388 }
389 }
390
IsSecCompServiceCalling()391 bool PrivacyManagerStub::IsSecCompServiceCalling()
392 {
393 uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID();
394 if (secCompTokenId_ == 0) {
395 secCompTokenId_ = AccessTokenKit::GetNativeTokenId("security_component_service");
396 }
397 return tokenCaller == secCompTokenId_;
398 }
399 #endif
400
GetPermissionUsedTypeInfosInner(MessageParcel & data,MessageParcel & reply)401 void PrivacyManagerStub::GetPermissionUsedTypeInfosInner(MessageParcel& data, MessageParcel& reply)
402 {
403 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
404 if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
405 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
406 return;
407 }
408 if (!VerifyPermission(PERMISSION_USED_STATS)) {
409 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
410 return;
411 }
412 AccessTokenID tokenId = data.ReadUint32();
413 std::string permissionName = data.ReadString();
414 std::vector<PermissionUsedTypeInfoParcel> resultsParcel;
415 int32_t result = this->GetPermissionUsedTypeInfos(tokenId, permissionName, resultsParcel);
416 if (!reply.WriteInt32(result)) {
417 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteInt32(%{public}d-%{public}s)", tokenId, permissionName.c_str());
418 return;
419 }
420 reply.WriteUint32(resultsParcel.size());
421 for (const auto& parcel : resultsParcel) {
422 reply.WriteParcelable(&parcel);
423 }
424 }
425
SetMutePolicyInner(MessageParcel & data,MessageParcel & reply)426 void PrivacyManagerStub::SetMutePolicyInner(MessageParcel& data, MessageParcel& reply)
427 {
428 if (!VerifyPermission(SET_MUTE_POLICY)) {
429 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
430 return;
431 }
432 uint32_t policyType;
433 if (!data.ReadUint32(policyType)) {
434 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read policyType.");
435 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
436 return;
437 }
438 uint32_t callerType;
439 if (!data.ReadUint32(callerType)) {
440 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read callerType.");
441 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
442 return;
443 }
444 bool isMute;
445 if (!data.ReadBool(isMute)) {
446 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read isMute.");
447 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
448 return;
449 }
450 uint32_t tokenID;
451 if (!data.ReadUint32(tokenID)) {
452 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read tokenID.");
453 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
454 return;
455 }
456
457 int32_t result = this->SetMutePolicy(policyType, callerType, isMute, tokenID);
458 if (!reply.WriteInt32(result)) {
459 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteInt32.");
460 return;
461 }
462 }
463
SetHapWithFGReminderInner(MessageParcel & data,MessageParcel & reply)464 void PrivacyManagerStub::SetHapWithFGReminderInner(MessageParcel& data, MessageParcel& reply)
465 {
466 if (!VerifyPermission(SET_FOREGROUND_HAP_REMINDER)) {
467 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
468 return;
469 }
470 uint32_t tokenId;
471 if (!data.ReadUint32(tokenId)) {
472 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read tokenId.");
473 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
474 return;
475 }
476 bool isAllowed;
477 if (!data.ReadBool(isAllowed)) {
478 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read isAllowed.");
479 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
480 return;
481 }
482
483 int32_t result = this->SetHapWithFGReminder(tokenId, isAllowed);
484 if (!reply.WriteInt32(result)) {
485 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteInt32.");
486 return;
487 }
488 }
489
IsAccessTokenCalling() const490 bool PrivacyManagerStub::IsAccessTokenCalling() const
491 {
492 int32_t callingUid = IPCSkeleton::GetCallingUid();
493 return callingUid == ACCESSTOKEN_UID;
494 }
495
IsSystemAppCalling() const496 bool PrivacyManagerStub::IsSystemAppCalling() const
497 {
498 uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID();
499 return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId);
500 }
501
VerifyPermission(const std::string & permission) const502 bool PrivacyManagerStub::VerifyPermission(const std::string& permission) const
503 {
504 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
505 if (AccessTokenKit::VerifyAccessToken(callingTokenID, permission) == PERMISSION_DENIED) {
506 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(callingTokenID=%{public}d)", callingTokenID);
507 return false;
508 }
509 return true;
510 }
511 } // namespace AccessToken
512 } // namespace Security
513 } // namespace OHOS
514