1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "accesstoken_remote_token_manager.h"
17 
18 #include "accesstoken_id_manager.h"
19 #include "accesstoken_log.h"
20 #include "access_token_error.h"
21 #include "data_validator.h"
22 #include "constant_common.h"
23 namespace OHOS {
24 namespace Security {
25 namespace AccessToken {
26 namespace {
27 std::recursive_mutex g_instanceMutex;
28 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE,
29     SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenRemoteTokenManager"};
30 }
AccessTokenRemoteTokenManager()31 AccessTokenRemoteTokenManager::AccessTokenRemoteTokenManager()
32 {}
33 
~AccessTokenRemoteTokenManager()34 AccessTokenRemoteTokenManager::~AccessTokenRemoteTokenManager()
35 {
36 }
37 
GetInstance()38 AccessTokenRemoteTokenManager& AccessTokenRemoteTokenManager::GetInstance()
39 {
40     static AccessTokenRemoteTokenManager* instance = nullptr;
41     if (instance == nullptr) {
42         std::lock_guard<std::recursive_mutex> lock(g_instanceMutex);
43         if (instance == nullptr) {
44             instance = new AccessTokenRemoteTokenManager();
45         }
46     }
47     return *instance;
48 }
49 
MapRemoteDeviceTokenToLocal(const std::string & deviceID,AccessTokenID remoteID)50 AccessTokenID AccessTokenRemoteTokenManager::MapRemoteDeviceTokenToLocal(const std::string& deviceID,
51     AccessTokenID remoteID)
52 {
53     if (!DataValidator::IsDeviceIdValid(deviceID) || !DataValidator::IsTokenIDValid(remoteID)) {
54         ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s or token %{public}x is invalid.",
55             ConstantCommon::EncryptDevId(deviceID).c_str(), remoteID);
56         return 0;
57     }
58     ATokenTypeEnum tokeType = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(remoteID);
59     if ((tokeType <= TOKEN_INVALID) || (tokeType >= TOKEN_TYPE_BUTT)) {
60         ACCESSTOKEN_LOG_ERROR(
61             LABEL, "Token %{public}x type is invalid.", remoteID);
62         return 0;
63     }
64     int32_t dlpFlag = AccessTokenIDManager::GetInstance().GetTokenIdDlpFlag(remoteID);
65     int32_t cloneFlag = AccessTokenIDManager::GetInstance().GetTokenIdCloneFlag(remoteID);
66 
67     AccessTokenID mapID = 0;
68     Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->remoteDeviceLock_);
69     std::map<AccessTokenID, AccessTokenID>* mapPtr = nullptr;
70     if (remoteDeviceMap_.count(deviceID) > 0) {
71         AccessTokenRemoteDevice& device = remoteDeviceMap_[deviceID];
72         if (device.MappingTokenIDPairMap_.count(remoteID) > 0) {
73             mapID = device.MappingTokenIDPairMap_[remoteID];
74             ACCESSTOKEN_LOG_ERROR(
75                 LABEL, "Device %{public}s token %{public}x has already mapped, map tokenID is %{public}x.",
76                 ConstantCommon::EncryptDevId(deviceID).c_str(), remoteID, mapID);
77             return mapID;
78         }
79         mapPtr = &device.MappingTokenIDPairMap_;
80     } else {
81         AccessTokenRemoteDevice device;
82         device.DeviceID_ = deviceID;
83         remoteDeviceMap_[deviceID] = device;
84         mapPtr = &remoteDeviceMap_[deviceID].MappingTokenIDPairMap_;
85     }
86 
87     mapID = AccessTokenIDManager::GetInstance().CreateAndRegisterTokenId(tokeType, dlpFlag, cloneFlag);
88     if (mapID == 0) {
89         ACCESSTOKEN_LOG_ERROR(
90             LABEL, "Device %{public}s token %{public}x map local Token failed.",
91             ConstantCommon::EncryptDevId(deviceID).c_str(), remoteID);
92         return 0;
93     }
94     mapPtr->insert(std::pair<AccessTokenID, AccessTokenID>(remoteID, mapID));
95     return mapID;
96 }
97 
GetDeviceAllRemoteTokenID(const std::string & deviceID,std::vector<AccessTokenID> & remoteIDs)98 int AccessTokenRemoteTokenManager::GetDeviceAllRemoteTokenID(const std::string& deviceID,
99     std::vector<AccessTokenID>& remoteIDs)
100 {
101     if (!DataValidator::IsDeviceIdValid(deviceID)) {
102         ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s is valid.", ConstantCommon::EncryptDevId(deviceID).c_str());
103         return AccessTokenError::ERR_PARAM_INVALID;
104     }
105     Utils::UniqueReadGuard<Utils::RWLock> infoGuard(this->remoteDeviceLock_);
106     if (remoteDeviceMap_.count(deviceID) < 1) {
107         ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s has not mapping.",
108             ConstantCommon::EncryptDevId(deviceID).c_str());
109         return AccessTokenError::ERR_DEVICE_NOT_EXIST;
110     }
111 
112     std::transform(remoteDeviceMap_[deviceID].MappingTokenIDPairMap_.begin(),
113         remoteDeviceMap_[deviceID].MappingTokenIDPairMap_.end(),
114         std::back_inserter(remoteIDs), [](const auto& mapEntry) {
115             return mapEntry.first;
116         });
117     return RET_SUCCESS;
118 }
119 
GetDeviceMappingTokenID(const std::string & deviceID,AccessTokenID remoteID)120 AccessTokenID AccessTokenRemoteTokenManager::GetDeviceMappingTokenID(const std::string& deviceID,
121     AccessTokenID remoteID)
122 {
123     if (!DataValidator::IsDeviceIdValid(deviceID) || !DataValidator::IsTokenIDValid(remoteID)) {
124         ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s or token %{public}x is invalid.",
125             ConstantCommon::EncryptDevId(deviceID).c_str(), remoteID);
126         return 0;
127     }
128 
129     Utils::UniqueReadGuard<Utils::RWLock> infoGuard(this->remoteDeviceLock_);
130     if (remoteDeviceMap_.count(deviceID) < 1 ||
131         remoteDeviceMap_[deviceID].MappingTokenIDPairMap_.count(remoteID) < 1) {
132         ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s has not mapping.",
133             ConstantCommon::EncryptDevId(deviceID).c_str());
134         return 0;
135     }
136 
137     return remoteDeviceMap_[deviceID].MappingTokenIDPairMap_[remoteID];
138 }
139 
RemoveDeviceMappingTokenID(const std::string & deviceID,AccessTokenID remoteID)140 int AccessTokenRemoteTokenManager::RemoveDeviceMappingTokenID(const std::string& deviceID,
141     AccessTokenID remoteID)
142 {
143     if (!DataValidator::IsDeviceIdValid(deviceID) || !DataValidator::IsTokenIDValid(remoteID)) {
144         ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s or token %{public}x is invalid.",
145             ConstantCommon::EncryptDevId(deviceID).c_str(), remoteID);
146         return ERR_PARAM_INVALID;
147     }
148 
149     Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->remoteDeviceLock_);
150     if (remoteDeviceMap_.count(deviceID) < 1 ||
151         remoteDeviceMap_[deviceID].MappingTokenIDPairMap_.count(remoteID) < 1) {
152         ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s has not mapping.",
153             ConstantCommon::EncryptDevId(deviceID).c_str());
154         return ERR_TOKEN_MAP_FAILED;
155     }
156 
157     AccessTokenID mapID = remoteDeviceMap_[deviceID].MappingTokenIDPairMap_[remoteID];
158     AccessTokenIDManager::GetInstance().ReleaseTokenId(mapID);
159 
160     remoteDeviceMap_[deviceID].MappingTokenIDPairMap_.erase(remoteID);
161 
162     if (remoteDeviceMap_[deviceID].MappingTokenIDPairMap_.empty()) {
163         remoteDeviceMap_.erase(deviceID);
164     }
165     return RET_SUCCESS;
166 }
167 } // namespace AccessToken
168 } // namespace Security
169 } // namespace OHOS
170