1 /*
2  * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "data_validator.h"
17 
18 #include "access_token.h"
19 #include "accesstoken_log.h"
20 #include "permission_used_request.h"
21 #include "permission_used_type.h"
22 #include "privacy_param.h"
23 
24 namespace OHOS {
25 namespace Security {
26 namespace AccessToken {
27 namespace {
28 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "DataValidator"};
29 } // namespace
30 
IsBundleNameValid(const std::string & bundleName)31 bool DataValidator::IsBundleNameValid(const std::string& bundleName)
32 {
33     return !bundleName.empty() && (bundleName.length() <= MAX_LENGTH);
34 }
35 
IsLabelValid(const std::string & label)36 bool DataValidator::IsLabelValid(const std::string& label)
37 {
38     return label.length() <= MAX_LENGTH;
39 }
40 
IsDescValid(const std::string & desc)41 bool DataValidator::IsDescValid(const std::string& desc)
42 {
43     return desc.length() <= MAX_LENGTH;
44 }
45 
IsPermissionNameValid(const std::string & permissionName)46 bool DataValidator::IsPermissionNameValid(const std::string& permissionName)
47 {
48     if (permissionName.empty() || (permissionName.length() > MAX_LENGTH)) {
49         ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid perm length(%{public}d).", static_cast<int32_t>(permissionName.length()));
50         return false;
51     }
52     return true;
53 }
54 
IsUserIdValid(const int userId)55 bool DataValidator::IsUserIdValid(const int userId)
56 {
57     return userId >= 0;
58 }
59 
IsToggleStatusValid(const uint32_t status)60 bool DataValidator::IsToggleStatusValid(const uint32_t status)
61 {
62     return ((status == PermissionRequestToggleStatus::CLOSED) ||
63             (status == PermissionRequestToggleStatus::OPEN));
64 }
65 
IsAppIDDescValid(const std::string & appIDDesc)66 bool DataValidator::IsAppIDDescValid(const std::string& appIDDesc)
67 {
68     return !appIDDesc.empty() && (appIDDesc.length() <= MAX_APPIDDESC_LENGTH);
69 }
70 
IsDomainValid(const std::string & domain)71 bool DataValidator::IsDomainValid(const std::string& domain)
72 {
73     return !domain.empty() && (domain.length() <= MAX_LENGTH);
74 }
75 
IsAplNumValid(const int apl)76 bool DataValidator::IsAplNumValid(const int apl)
77 {
78     return (apl == APL_NORMAL || apl == APL_SYSTEM_BASIC || apl == APL_SYSTEM_CORE);
79 }
80 
IsAvailableTypeValid(const int availableType)81 bool DataValidator::IsAvailableTypeValid(const int availableType)
82 {
83     return (availableType == NORMAL || availableType == MDM);
84 }
85 
IsProcessNameValid(const std::string & processName)86 bool DataValidator::IsProcessNameValid(const std::string& processName)
87 {
88     return !processName.empty() && (processName.length() <= MAX_LENGTH);
89 }
90 
IsDeviceIdValid(const std::string & deviceId)91 bool DataValidator::IsDeviceIdValid(const std::string& deviceId)
92 {
93     if (deviceId.empty() || (deviceId.length() > MAX_LENGTH)) {
94         ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid deviceId length(%{public}d).", static_cast<int32_t>(deviceId.length()));
95         return false;
96     }
97     return true;
98 }
99 
IsDcapValid(const std::string & dcap)100 bool DataValidator::IsDcapValid(const std::string& dcap)
101 {
102     return !dcap.empty() && (dcap.length() <= MAX_DCAP_LENGTH);
103 }
104 
IsPermissionFlagValid(uint32_t flag)105 bool DataValidator::IsPermissionFlagValid(uint32_t flag)
106 {
107     uint32_t unmaskedFlag =
108         flag & (~PermissionFlag::PERMISSION_GRANTED_BY_POLICY);
109     return unmaskedFlag == PermissionFlag::PERMISSION_DEFAULT_FLAG ||
110         unmaskedFlag == PermissionFlag::PERMISSION_USER_SET ||
111         unmaskedFlag == PermissionFlag::PERMISSION_USER_FIXED ||
112         unmaskedFlag == PermissionFlag::PERMISSION_SYSTEM_FIXED ||
113         unmaskedFlag == PermissionFlag::PERMISSION_COMPONENT_SET ||
114         unmaskedFlag == PermissionFlag::PERMISSION_POLICY_FIXED ||
115         unmaskedFlag == PermissionFlag::PERMISSION_ALLOW_THIS_TIME;
116 }
117 
IsTokenIDValid(AccessTokenID id)118 bool DataValidator::IsTokenIDValid(AccessTokenID id)
119 {
120     if (id == 0) {
121         ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid token.");
122         return false;
123     }
124     return true;
125 }
126 
IsDlpTypeValid(int dlpType)127 bool DataValidator::IsDlpTypeValid(int dlpType)
128 {
129     return ((dlpType == DLP_COMMON) || (dlpType == DLP_READ) || (dlpType == DLP_FULL_CONTROL));
130 }
131 
IsPermissionUsedFlagValid(uint32_t flag)132 bool DataValidator::IsPermissionUsedFlagValid(uint32_t flag)
133 {
134     return ((flag == FLAG_PERMISSION_USAGE_SUMMARY) ||
135             (flag == FLAG_PERMISSION_USAGE_DETAIL) ||
136             (flag == FLAG_PERMISSION_USAGE_SUMMARY_IN_SCREEN_LOCKED) ||
137             (flag == FLAG_PERMISSION_USAGE_SUMMARY_IN_SCREEN_UNLOCKED) ||
138             (flag == FLAG_PERMISSION_USAGE_SUMMARY_IN_APP_BACKGROUND) ||
139             (flag == FLAG_PERMISSION_USAGE_SUMMARY_IN_APP_FOREGROUND));
140 }
141 
IsPermissionUsedTypeValid(uint32_t type)142 bool DataValidator::IsPermissionUsedTypeValid(uint32_t type)
143 {
144     if ((type != NORMAL_TYPE) && (type != PICKER_TYPE) && (type != SECURITY_COMPONENT_TYPE)) {
145         ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid type(%{public}d).", type);
146         return false;
147     }
148     return true;
149 }
150 
IsPolicyTypeValid(uint32_t type)151 bool DataValidator::IsPolicyTypeValid(uint32_t type)
152 {
153     PolicyType policyType = static_cast<PolicyType>(type);
154     if ((policyType != EDM) && (policyType != PRIVACY) && (policyType != TEMPORARY)) {
155         ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid type(%{public}d).", type);
156         return false;
157     }
158     return true;
159 }
160 
IsCallerTypeValid(uint32_t type)161 bool DataValidator::IsCallerTypeValid(uint32_t type)
162 {
163     CallerType callerType = static_cast<CallerType>(type);
164     if ((callerType != MICROPHONE) && (callerType != CAMERA)) {
165         ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid type(%{public}d).", type);
166         return false;
167     }
168     return true;
169 }
170 
IsHapCaller(AccessTokenID id)171 bool DataValidator::IsHapCaller(AccessTokenID id)
172 {
173     AccessTokenIDInner *idInner = reinterpret_cast<AccessTokenIDInner *>(&id);
174     ATokenTypeEnum type = static_cast<ATokenTypeEnum>(idInner->type);
175     if (type != TOKEN_HAP) {
176         ACCESSTOKEN_LOG_ERROR(LABEL, "Not hap(%{public}d).", id);
177         return false;
178     }
179     return true;
180 }
181 } // namespace AccessToken
182 } // namespace Security
183 } // namespace OHOS
184