1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hap_token_info_inner.h"
17
18 #include "accesstoken_dfx_define.h"
19 #include "accesstoken_id_manager.h"
20 #include "accesstoken_log.h"
21 #include "access_token_error.h"
22 #include "data_translator.h"
23 #include "data_validator.h"
24 #include "token_field_const.h"
25
26 namespace OHOS {
27 namespace Security {
28 namespace AccessToken {
29 namespace {
30 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "HapTokenInfoInner"};
31 static const std::string DEFAULT_DEVICEID = "0";
32 static const unsigned int SYSTEM_APP_FLAG = 0x0001;
33 }
34
HapTokenInfoInner()35 HapTokenInfoInner::HapTokenInfoInner() : permUpdateTimestamp_(0), isRemote_(false)
36 {
37 tokenInfoBasic_.ver = DEFAULT_TOKEN_VERSION;
38 tokenInfoBasic_.tokenID = 0;
39 tokenInfoBasic_.tokenAttr = 0;
40 tokenInfoBasic_.userID = 0;
41 tokenInfoBasic_.apiVersion = 0;
42 tokenInfoBasic_.instIndex = 0;
43 tokenInfoBasic_.dlpType = 0;
44 tokenInfoBasic_.apl = APL_NORMAL;
45 }
46
HapTokenInfoInner(AccessTokenID id,const HapInfoParams & info,const HapPolicyParams & policy)47 HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id,
48 const HapInfoParams &info, const HapPolicyParams &policy) : permUpdateTimestamp_(0), isRemote_(false)
49 {
50 tokenInfoBasic_.tokenID = id;
51 tokenInfoBasic_.userID = info.userID;
52 tokenInfoBasic_.ver = DEFAULT_TOKEN_VERSION;
53 tokenInfoBasic_.tokenAttr = 0;
54 if (info.isSystemApp) {
55 tokenInfoBasic_.tokenAttr |= SYSTEM_APP_FLAG;
56 }
57 tokenInfoBasic_.bundleName = info.bundleName;
58 tokenInfoBasic_.apiVersion = GetApiVersion(info.apiVersion);
59 tokenInfoBasic_.instIndex = info.instIndex;
60 tokenInfoBasic_.dlpType = info.dlpType;
61 tokenInfoBasic_.appID = info.appIDDesc;
62 tokenInfoBasic_.deviceID = DEFAULT_DEVICEID;
63 tokenInfoBasic_.apl = policy.apl;
64 permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, policy.permStateList);
65 }
66
HapTokenInfoInner(AccessTokenID id,const HapTokenInfo & info,const std::vector<PermissionStateFull> & permStateList)67 HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id,
68 const HapTokenInfo &info, const std::vector<PermissionStateFull>& permStateList) : isRemote_(false)
69 {
70 permUpdateTimestamp_ = 0;
71 tokenInfoBasic_ = info;
72 permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, permStateList);
73 }
74
HapTokenInfoInner(AccessTokenID id,const HapTokenInfoForSync & info)75 HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id,
76 const HapTokenInfoForSync& info) : isRemote_(true)
77 {
78 permUpdateTimestamp_ = 0;
79 tokenInfoBasic_ = info.baseInfo;
80 permPolicySet_ = PermissionPolicySet::BuildPolicySetWithoutDefCheck(id, info.permStateList);
81 }
82
~HapTokenInfoInner()83 HapTokenInfoInner::~HapTokenInfoInner()
84 {
85 ACCESSTOKEN_LOG_DEBUG(LABEL,
86 "tokenID: 0x%{public}x destruction", tokenInfoBasic_.tokenID);
87 }
88
Update(const UpdateHapInfoParams & info,const std::vector<PermissionStateFull> & permStateList,ATokenAplEnum apl)89 void HapTokenInfoInner::Update(const UpdateHapInfoParams& info,
90 const std::vector<PermissionStateFull>& permStateList, ATokenAplEnum apl)
91 {
92 tokenInfoBasic_.appID = info.appIDDesc;
93 tokenInfoBasic_.apiVersion = GetApiVersion(info.apiVersion);
94 tokenInfoBasic_.apl = apl;
95 if (info.isSystemApp) {
96 tokenInfoBasic_.tokenAttr |= SYSTEM_APP_FLAG;
97 } else {
98 tokenInfoBasic_.tokenAttr &= ~SYSTEM_APP_FLAG;
99 }
100 if (permPolicySet_ == nullptr) {
101 permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(tokenInfoBasic_.tokenID,
102 permStateList);
103 return;
104 }
105
106 permPolicySet_->Update(permStateList);
107 return;
108 }
109
TranslateToHapTokenInfo(HapTokenInfo & infoParcel) const110 void HapTokenInfoInner::TranslateToHapTokenInfo(HapTokenInfo& infoParcel) const
111 {
112 infoParcel = tokenInfoBasic_;
113 }
114
TranslationIntoGenericValues(GenericValues & outGenericValues) const115 void HapTokenInfoInner::TranslationIntoGenericValues(GenericValues& outGenericValues) const
116 {
117 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenInfoBasic_.tokenID));
118 outGenericValues.Put(TokenFiledConst::FIELD_USER_ID, tokenInfoBasic_.userID);
119 outGenericValues.Put(TokenFiledConst::FIELD_BUNDLE_NAME, tokenInfoBasic_.bundleName);
120 outGenericValues.Put(TokenFiledConst::FIELD_API_VERSION, tokenInfoBasic_.apiVersion);
121 outGenericValues.Put(TokenFiledConst::FIELD_INST_INDEX, tokenInfoBasic_.instIndex);
122 outGenericValues.Put(TokenFiledConst::FIELD_DLP_TYPE, tokenInfoBasic_.dlpType);
123 outGenericValues.Put(TokenFiledConst::FIELD_APP_ID, tokenInfoBasic_.appID);
124 outGenericValues.Put(TokenFiledConst::FIELD_DEVICE_ID, tokenInfoBasic_.deviceID);
125 outGenericValues.Put(TokenFiledConst::FIELD_APL, tokenInfoBasic_.apl);
126 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_VERSION, tokenInfoBasic_.ver);
127 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_ATTR, static_cast<int32_t>(tokenInfoBasic_.tokenAttr));
128 outGenericValues.Put(TokenFiledConst::FIELD_FORBID_PERM_DIALOG, isPermDialogForbidden_);
129 }
130
RestoreHapTokenBasicInfo(const GenericValues & inGenericValues)131 int HapTokenInfoInner::RestoreHapTokenBasicInfo(const GenericValues& inGenericValues)
132 {
133 tokenInfoBasic_.userID = inGenericValues.GetInt(TokenFiledConst::FIELD_USER_ID);
134 tokenInfoBasic_.bundleName = inGenericValues.GetString(TokenFiledConst::FIELD_BUNDLE_NAME);
135 if (!DataValidator::IsBundleNameValid(tokenInfoBasic_.bundleName)) {
136 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: 0x%{public}x bundle name is error", tokenInfoBasic_.tokenID);
137 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
138 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "bundleName error");
139 return AccessTokenError::ERR_PARAM_INVALID;
140 }
141
142 tokenInfoBasic_.apiVersion = GetApiVersion(inGenericValues.GetInt(TokenFiledConst::FIELD_API_VERSION));
143 tokenInfoBasic_.instIndex = inGenericValues.GetInt(TokenFiledConst::FIELD_INST_INDEX);
144 tokenInfoBasic_.dlpType = inGenericValues.GetInt(TokenFiledConst::FIELD_DLP_TYPE);
145 tokenInfoBasic_.appID = inGenericValues.GetString(TokenFiledConst::FIELD_APP_ID);
146 if (!DataValidator::IsAppIDDescValid(tokenInfoBasic_.appID)) {
147 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: 0x%{public}x appID is error", tokenInfoBasic_.tokenID);
148 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
149 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "appID error");
150 return AccessTokenError::ERR_PARAM_INVALID;
151 }
152
153 tokenInfoBasic_.deviceID = inGenericValues.GetString(TokenFiledConst::FIELD_DEVICE_ID);
154 if (!DataValidator::IsDeviceIdValid(tokenInfoBasic_.deviceID)) {
155 ACCESSTOKEN_LOG_ERROR(LABEL,
156 "tokenID: 0x%{public}x devId is error", tokenInfoBasic_.tokenID);
157 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
158 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "deviceID error");
159 return AccessTokenError::ERR_PARAM_INVALID;
160 }
161 int aplNum = inGenericValues.GetInt(TokenFiledConst::FIELD_APL);
162 if (DataValidator::IsAplNumValid(aplNum)) {
163 tokenInfoBasic_.apl = static_cast<ATokenAplEnum>(aplNum);
164 } else {
165 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: 0x%{public}x apl is error, value %{public}d",
166 tokenInfoBasic_.tokenID, aplNum);
167 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
168 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "apl error");
169 return AccessTokenError::ERR_PARAM_INVALID;
170 }
171 tokenInfoBasic_.ver = (char)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_VERSION);
172 if (tokenInfoBasic_.ver != DEFAULT_TOKEN_VERSION) {
173 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: 0x%{public}x version is error, version %{public}d",
174 tokenInfoBasic_.tokenID, tokenInfoBasic_.ver);
175 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
176 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "version error");
177 return AccessTokenError::ERR_PARAM_INVALID;
178 }
179 tokenInfoBasic_.tokenAttr = (uint32_t)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_ATTR);
180 isPermDialogForbidden_ = inGenericValues.GetInt(TokenFiledConst::FIELD_FORBID_PERM_DIALOG);
181 return RET_SUCCESS;
182 }
183
RestoreHapTokenInfo(AccessTokenID tokenId,const GenericValues & tokenValue,const std::vector<GenericValues> & permStateRes)184 int HapTokenInfoInner::RestoreHapTokenInfo(AccessTokenID tokenId,
185 const GenericValues& tokenValue,
186 const std::vector<GenericValues>& permStateRes)
187 {
188 tokenInfoBasic_.tokenID = tokenId;
189 int ret = RestoreHapTokenBasicInfo(tokenValue);
190 if (ret != RET_SUCCESS) {
191 return ret;
192 }
193 permPolicySet_ = PermissionPolicySet::RestorePermissionPolicy(tokenId, permStateRes);
194 return RET_SUCCESS;
195 }
196
StoreHapInfo(std::vector<GenericValues> & valueList) const197 void HapTokenInfoInner::StoreHapInfo(std::vector<GenericValues>& valueList) const
198 {
199 if (isRemote_) {
200 ACCESSTOKEN_LOG_INFO(LABEL,
201 "token %{public}x is remote hap token, will not store", tokenInfoBasic_.tokenID);
202 return;
203 }
204 GenericValues genericValues;
205 TranslationIntoGenericValues(genericValues);
206 valueList.emplace_back(genericValues);
207 }
208
StorePermissionPolicy(std::vector<GenericValues> & permStateValues) const209 void HapTokenInfoInner::StorePermissionPolicy(std::vector<GenericValues>& permStateValues) const
210 {
211 if (isRemote_) {
212 ACCESSTOKEN_LOG_INFO(LABEL,
213 "token %{public}x is remote hap token, will not store", tokenInfoBasic_.tokenID);
214 return;
215 }
216 if (permPolicySet_ != nullptr) {
217 permPolicySet_->StorePermissionPolicySet(permStateValues);
218 }
219 }
220
GetHapInfoPermissionPolicySet() const221 std::shared_ptr<PermissionPolicySet> HapTokenInfoInner::GetHapInfoPermissionPolicySet() const
222 {
223 return permPolicySet_;
224 }
225
GetReqPermissionSize() const226 uint32_t HapTokenInfoInner::GetReqPermissionSize() const
227 {
228 if (permPolicySet_ == nullptr) {
229 return static_cast<uint32_t>(0);
230 }
231 return permPolicySet_->GetReqPermissionSize();
232 }
233
GetUserID() const234 int HapTokenInfoInner::GetUserID() const
235 {
236 return tokenInfoBasic_.userID;
237 }
238
GetDlpType() const239 int HapTokenInfoInner::GetDlpType() const
240 {
241 return tokenInfoBasic_.dlpType;
242 }
243
GetBundleName() const244 std::string HapTokenInfoInner::GetBundleName() const
245 {
246 return tokenInfoBasic_.bundleName;
247 }
248
GetInstIndex() const249 int HapTokenInfoInner::GetInstIndex() const
250 {
251 return tokenInfoBasic_.instIndex;
252 }
253
GetTokenID() const254 AccessTokenID HapTokenInfoInner::GetTokenID() const
255 {
256 return tokenInfoBasic_.tokenID;
257 }
258
GetHapInfoBasic() const259 HapTokenInfo HapTokenInfoInner::GetHapInfoBasic() const
260 {
261 return tokenInfoBasic_;
262 }
263
SetTokenBaseInfo(const HapTokenInfo & baseInfo)264 void HapTokenInfoInner::SetTokenBaseInfo(const HapTokenInfo& baseInfo)
265 {
266 tokenInfoBasic_ = baseInfo;
267 }
268
SetPermissionPolicySet(std::shared_ptr<PermissionPolicySet> & policySet)269 void HapTokenInfoInner::SetPermissionPolicySet(std::shared_ptr<PermissionPolicySet>& policySet)
270 {
271 permPolicySet_ = policySet;
272 }
273
IsRemote() const274 bool HapTokenInfoInner::IsRemote() const
275 {
276 return isRemote_;
277 }
278
SetRemote(bool isRemote)279 void HapTokenInfoInner::SetRemote(bool isRemote)
280 {
281 isRemote_ = isRemote;
282 }
283
IsPermDialogForbidden() const284 bool HapTokenInfoInner::IsPermDialogForbidden() const
285 {
286 ACCESSTOKEN_LOG_INFO(LABEL, "%{public}d", isPermDialogForbidden_);
287 return isPermDialogForbidden_;
288 }
289
SetPermDialogForbidden(bool isForbidden)290 void HapTokenInfoInner::SetPermDialogForbidden(bool isForbidden)
291 {
292 isPermDialogForbidden_ = isForbidden;
293 }
294
GetApiVersion(int32_t apiVersion)295 int32_t HapTokenInfoInner::GetApiVersion(int32_t apiVersion)
296 {
297 uint32_t apiSize = 3; // 3: api version length
298 std::string apiStr = std::to_string(apiVersion);
299 uint32_t inputSize = apiStr.length();
300 if (inputSize <= apiSize) {
301 return apiVersion;
302 }
303 std::string api = apiStr.substr(inputSize - apiSize);
304 return std::stoi(api);
305 }
306
ToString(std::string & info) const307 void HapTokenInfoInner::ToString(std::string& info) const
308 {
309 info.append(R"({)");
310 info.append("\n");
311 info.append(R"( "tokenID": )" + std::to_string(tokenInfoBasic_.tokenID) + ",\n");
312 info.append(R"( "tokenAttr": )" + std::to_string(tokenInfoBasic_.tokenAttr) + ",\n");
313 info.append(R"( "ver": )" + std::to_string(tokenInfoBasic_.ver) + ",\n");
314 info.append(R"( "userId": )" + std::to_string(tokenInfoBasic_.userID) + ",\n");
315 info.append(R"( "bundleName": ")" + tokenInfoBasic_.bundleName + R"(")" + ",\n");
316 info.append(R"( "instIndex": )" + std::to_string(tokenInfoBasic_.instIndex) + ",\n");
317 info.append(R"( "dlpType": )" + std::to_string(tokenInfoBasic_.dlpType) + ",\n");
318 info.append(R"( "appID": ")" + tokenInfoBasic_.appID + R"(")" + ",\n");
319 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
320 info.append(R"( "deviceID": ")" + tokenInfoBasic_.deviceID + R"(")" + ",\n");
321 #endif
322 info.append(R"( "apl": )" + std::to_string(tokenInfoBasic_.apl) + ",\n");
323 info.append(R"( "isRemote": )" + std::to_string(isRemote_) + ",\n");
324 info.append(R"( "isPermDialogForbidden": )" + std::to_string(isPermDialogForbidden_) + ",\n");
325
326 if (permPolicySet_ != nullptr) {
327 permPolicySet_->ToString(info);
328 }
329 info.append("}");
330 }
331 } // namespace AccessToken
332 } // namespace Security
333 } // namespace OHOS
334