1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "static_subscriber_extension_context.h"
17 
18 #include "ability_business_error.h"
19 #include "ability_manager_client.h"
20 #include "ability_manager_errors.h"
21 #include "accesstoken_kit.h"
22 #include "event_log_wrapper.h"
23 #include "ipc_skeleton.h"
24 #include "tokenid_kit.h"
25 
26 namespace OHOS {
27 namespace EventFwk {
28 namespace {
29 constexpr const char* PERMISSION_START_ABILITIES_FROM_BACKGROUND = "ohos.permission.START_ABILITIES_FROM_BACKGROUND";
30 }
31 const size_t StaticSubscriberExtensionContext::CONTEXT_TYPE_ID(
32     std::hash<const char*> {} ("StaticSubscriberExtensionContext"));
33 
StaticSubscriberExtensionContext()34 StaticSubscriberExtensionContext::StaticSubscriberExtensionContext() {}
35 
~StaticSubscriberExtensionContext()36 StaticSubscriberExtensionContext::~StaticSubscriberExtensionContext() {}
37 
CheckCallerIsSystemApp()38 bool StaticSubscriberExtensionContext::CheckCallerIsSystemApp()
39 {
40     auto selfToken = IPCSkeleton::GetSelfTokenID();
41     if (!Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(selfToken)) {
42         EVENT_LOGE("current app is not system app, not allow.");
43         return false;
44     }
45     return true;
46 }
47 
StartAbility(const AAFwk::Want & want)48 ErrCode StaticSubscriberExtensionContext::StartAbility(const AAFwk::Want& want)
49 {
50     EVENT_LOGD("called");
51     ErrCode err = ERR_OK;
52 
53     if (!CheckCallerIsSystemApp()) {
54         EVENT_LOGE("This application is not system-app, can not use system-api");
55         err = AAFwk::ERR_NOT_SYSTEM_APP;
56         return err;
57     }
58 
59     std::string callerBundleName = GetBundleName();
60     std::string calledBundleName = want.GetBundle();
61     if (calledBundleName != callerBundleName) {
62         EVENT_LOGE("This application won't start no-self-ability.");
63         err = AAFwk::ERR_NOT_SELF_APPLICATION;
64         return err;
65     }
66 
67     if (!VerifyCallingPermission(PERMISSION_START_ABILITIES_FROM_BACKGROUND)) {
68         EVENT_LOGE("Caller has none of PERMISSION_START_ABILITIES_FROM_BACKGROUND, Fail.");
69         err = AAFwk::CHECK_PERMISSION_FAILED;
70         return err;
71     }
72 
73     err = AAFwk::AbilityManagerClient::GetInstance()->StartAbility(want, token_);
74     EVENT_LOGI("StaticSubscriberExtensionContext::StartAbility. End calling StartAbility. err=%{public}d", err);
75     return err;
76 }
77 
VerifyCallingPermission(const std::string & permissionName) const78 bool StaticSubscriberExtensionContext::VerifyCallingPermission(const std::string& permissionName) const
79 {
80     EVENT_LOGD("VerifyCallingPermission permission %{public}s", permissionName.c_str());
81     auto callerToken = IPCSkeleton::GetCallingTokenID();
82     int32_t ret = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName);
83     if (ret == Security::AccessToken::PermissionState::PERMISSION_DENIED) {
84         EVENT_LOGE("permission %{public}s: PERMISSION_DENIED", permissionName.c_str());
85         return false;
86     }
87     EVENT_LOGD("verify AccessToken success");
88     return true;
89 }
90 } // namespace EventFwk
91 } // namespace OHOS
92