1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accesstoken_manager_stub.h"
17
18 #include <unistd.h>
19 #include "accesstoken_dfx_define.h"
20 #include "accesstoken_log.h"
21 #include "access_token_error.h"
22 #include "ipc_skeleton.h"
23 #include "memory_guard.h"
24 #include "string_ex.h"
25 #include "tokenid_kit.h"
26 #ifdef HICOLLIE_ENABLE
27 #include "xcollie/xcollie.h"
28 #endif // HICOLLIE_ENABLE
29
30 namespace OHOS {
31 namespace Security {
32 namespace AccessToken {
33 namespace {
34 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "ATMStub"};
35 const std::string MANAGE_HAP_TOKENID_PERMISSION = "ohos.permission.MANAGE_HAP_TOKENID";
36 static const int32_t DUMP_CAPACITY_SIZE = 2 * 1024 * 1000;
37 static const int MAX_PERMISSION_SIZE = 1000;
38 const std::string GRANT_SENSITIVE_PERMISSIONS = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS";
39 const std::string REVOKE_SENSITIVE_PERMISSIONS = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS";
40 const std::string GET_SENSITIVE_PERMISSIONS = "ohos.permission.GET_SENSITIVE_PERMISSIONS";
41 const std::string DISABLE_PERMISSION_DIALOG = "ohos.permission.DISABLE_PERMISSION_DIALOG";
42 const std::string GRANT_SHORT_TERM_WRITE_MEDIAVIDEO = "ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO";
43
44 #ifdef HICOLLIE_ENABLE
45 constexpr uint32_t TIMEOUT = 40; // 40s
46 #endif // HICOLLIE_ENABLE
47 }
48
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)49 int32_t AccessTokenManagerStub::OnRemoteRequest(
50 uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option)
51 {
52 MemoryGuard guard;
53
54 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
55 ACCESSTOKEN_LOG_DEBUG(LABEL, "Code %{public}u token %{public}u", code, callingTokenID);
56 std::u16string descriptor = data.ReadInterfaceToken();
57 if (descriptor != IAccessTokenManager::GetDescriptor()) {
58 ACCESSTOKEN_LOG_ERROR(LABEL, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str());
59 return ERROR_IPC_REQUEST_FAIL;
60 }
61
62 #ifdef HICOLLIE_ENABLE
63 std::string name = "AtmTimer";
64 int timerId = HiviewDFX::XCollie::GetInstance().SetTimer(name, TIMEOUT, nullptr, nullptr,
65 HiviewDFX::XCOLLIE_FLAG_LOG);
66 #endif // HICOLLIE_ENABLE
67
68 auto itFunc = requestFuncMap_.find(code);
69 if (itFunc != requestFuncMap_.end()) {
70 auto requestFunc = itFunc->second;
71 if (requestFunc != nullptr) {
72 (this->*requestFunc)(data, reply);
73
74 #ifdef HICOLLIE_ENABLE
75 HiviewDFX::XCollie::GetInstance().CancelTimer(timerId);
76 #endif // HICOLLIE_ENABLE
77
78 return NO_ERROR;
79 }
80 }
81
82 #ifdef HICOLLIE_ENABLE
83 HiviewDFX::XCollie::GetInstance().CancelTimer(timerId);
84 #endif // HICOLLIE_ENABLE
85
86 return IPCObjectStub::OnRemoteRequest(code, data, reply, option); // when code invalid
87 }
88
DeleteTokenInfoInner(MessageParcel & data,MessageParcel & reply)89 void AccessTokenManagerStub::DeleteTokenInfoInner(MessageParcel& data, MessageParcel& reply)
90 {
91 AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID();
92 if (!IsPrivilegedCalling() &&
93 (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) {
94 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
95 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
96 return;
97 }
98 AccessTokenID tokenID = data.ReadUint32();
99 int result = this->DeleteToken(tokenID);
100 reply.WriteInt32(result);
101 }
102
GetUserGrantedPermissionUsedTypeInner(MessageParcel & data,MessageParcel & reply)103 void AccessTokenManagerStub::GetUserGrantedPermissionUsedTypeInner(MessageParcel& data, MessageParcel& reply)
104 {
105 if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) {
106 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
107 reply.WriteInt32(static_cast<int32_t>(PermUsedTypeEnum::INVALID_USED_TYPE));
108 return;
109 }
110 uint32_t tokenID;
111 if (!data.ReadUint32(tokenID)) {
112 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read tokenID.");
113 reply.WriteInt32(static_cast<int32_t>(PermUsedTypeEnum::INVALID_USED_TYPE));
114 return;
115 }
116 std::string permissionName;
117 if (!data.ReadString(permissionName)) {
118 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read permissionName.");
119 reply.WriteInt32(static_cast<int32_t>(PermUsedTypeEnum::INVALID_USED_TYPE));
120 return;
121 }
122 PermUsedTypeEnum result = this->GetUserGrantedPermissionUsedType(tokenID, permissionName);
123 int32_t type = static_cast<int32_t>(result);
124 if (!reply.WriteInt32(type)) {
125 ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 fail.");
126 }
127 }
128
VerifyAccessTokenInner(MessageParcel & data,MessageParcel & reply)129 void AccessTokenManagerStub::VerifyAccessTokenInner(MessageParcel& data, MessageParcel& reply)
130 {
131 AccessTokenID tokenID = data.ReadUint32();
132 std::string permissionName = data.ReadString();
133 int result = this->VerifyAccessToken(tokenID, permissionName);
134 reply.WriteInt32(result);
135 }
136
GetDefPermissionInner(MessageParcel & data,MessageParcel & reply)137 void AccessTokenManagerStub::GetDefPermissionInner(MessageParcel& data, MessageParcel& reply)
138 {
139 std::string permissionName = data.ReadString();
140 PermissionDefParcel permissionDefParcel;
141 int result = this->GetDefPermission(permissionName, permissionDefParcel);
142 reply.WriteInt32(result);
143 if (result != RET_SUCCESS) {
144 return;
145 }
146 reply.WriteParcelable(&permissionDefParcel);
147 }
148
GetDefPermissionsInner(MessageParcel & data,MessageParcel & reply)149 void AccessTokenManagerStub::GetDefPermissionsInner(MessageParcel& data, MessageParcel& reply)
150 {
151 AccessTokenID tokenID = data.ReadUint32();
152 std::vector<PermissionDefParcel> permList;
153
154 int result = this->GetDefPermissions(tokenID, permList);
155 reply.WriteInt32(result);
156 if (result != RET_SUCCESS) {
157 return;
158 }
159 ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s called, permList size: %{public}zu", __func__, permList.size());
160 reply.WriteUint32(permList.size());
161 for (const auto& permDef : permList) {
162 reply.WriteParcelable(&permDef);
163 }
164 }
165
GetReqPermissionsInner(MessageParcel & data,MessageParcel & reply)166 void AccessTokenManagerStub::GetReqPermissionsInner(MessageParcel& data, MessageParcel& reply)
167 {
168 AccessTokenID tokenID = data.ReadUint32();
169 int isSystemGrant = data.ReadInt32();
170 std::vector<PermissionStateFullParcel> permList;
171
172 int result = this->GetReqPermissions(tokenID, permList, isSystemGrant);
173 reply.WriteInt32(result);
174 if (result != RET_SUCCESS) {
175 return;
176 }
177 ACCESSTOKEN_LOG_DEBUG(LABEL, "PermList size: %{public}zu", permList.size());
178 reply.WriteUint32(permList.size());
179 for (const auto& permDef : permList) {
180 reply.WriteParcelable(&permDef);
181 }
182 }
183
GetSelfPermissionsStateInner(MessageParcel & data,MessageParcel & reply)184 void AccessTokenManagerStub::GetSelfPermissionsStateInner(MessageParcel& data, MessageParcel& reply)
185 {
186 std::vector<PermissionListStateParcel> permList;
187 uint32_t size = 0;
188 if (!data.ReadUint32(size)) {
189 reply.WriteInt32(INVALID_OPER);
190 return;
191 }
192 ACCESSTOKEN_LOG_DEBUG(LABEL, "PermList size read from client data is %{public}d.", size);
193 if (size > MAX_PERMISSION_SIZE) {
194 ACCESSTOKEN_LOG_ERROR(LABEL, "PermList size %{public}d is invalid", size);
195 reply.WriteInt32(INVALID_OPER);
196 return;
197 }
198 for (uint32_t i = 0; i < size; i++) {
199 sptr<PermissionListStateParcel> permissionParcel = data.ReadParcelable<PermissionListStateParcel>();
200 if (permissionParcel != nullptr) {
201 permList.emplace_back(*permissionParcel);
202 }
203 }
204 PermissionGrantInfoParcel infoParcel;
205 PermissionOper result = this->GetSelfPermissionsState(permList, infoParcel);
206
207 reply.WriteInt32(result);
208
209 reply.WriteUint32(permList.size());
210 for (const auto& perm : permList) {
211 reply.WriteParcelable(&perm);
212 }
213 reply.WriteParcelable(&infoParcel);
214 }
215
GetPermissionsStatusInner(MessageParcel & data,MessageParcel & reply)216 void AccessTokenManagerStub::GetPermissionsStatusInner(MessageParcel& data, MessageParcel& reply)
217 {
218 unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID();
219 if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
220 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
221 return;
222 }
223 if (!IsPrivilegedCalling() &&
224 VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
225 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
226 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
227 return;
228 }
229
230 AccessTokenID tokenID = data.ReadUint32();
231 std::vector<PermissionListStateParcel> permList;
232 uint32_t size = 0;
233 if (!data.ReadUint32(size)) {
234 reply.WriteInt32(INVALID_OPER);
235 return;
236 }
237 ACCESSTOKEN_LOG_DEBUG(LABEL, "PermList size read from client data is %{public}d.", size);
238 if (size > MAX_PERMISSION_SIZE) {
239 ACCESSTOKEN_LOG_ERROR(LABEL, "PermList size %{public}d is oversize", size);
240 reply.WriteInt32(INVALID_OPER);
241 return;
242 }
243 for (uint32_t i = 0; i < size; i++) {
244 sptr<PermissionListStateParcel> permissionParcel = data.ReadParcelable<PermissionListStateParcel>();
245 if (permissionParcel != nullptr) {
246 permList.emplace_back(*permissionParcel);
247 }
248 }
249 int32_t result = this->GetPermissionsStatus(tokenID, permList);
250
251 reply.WriteInt32(result);
252 if (result != RET_SUCCESS) {
253 return;
254 }
255 reply.WriteUint32(permList.size());
256 for (const auto& perm : permList) {
257 reply.WriteParcelable(&perm);
258 }
259 }
260
GetPermissionFlagInner(MessageParcel & data,MessageParcel & reply)261 void AccessTokenManagerStub::GetPermissionFlagInner(MessageParcel& data, MessageParcel& reply)
262 {
263 unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID();
264 if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
265 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
266 return;
267 }
268 AccessTokenID tokenID = data.ReadUint32();
269 std::string permissionName = data.ReadString();
270 if (!IsPrivilegedCalling() &&
271 VerifyAccessToken(callingTokenID, GRANT_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED &&
272 VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED &&
273 VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
274 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
275 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
276 return;
277 }
278 uint32_t flag;
279 int result = this->GetPermissionFlag(tokenID, permissionName, flag);
280 reply.WriteInt32(result);
281 if (result != RET_SUCCESS) {
282 return;
283 }
284 reply.WriteUint32(flag);
285 }
286
SetPermissionRequestToggleStatusInner(MessageParcel & data,MessageParcel & reply)287 void AccessTokenManagerStub::SetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply)
288 {
289 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
290 if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
291 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
292 return;
293 }
294
295 std::string permissionName = data.ReadString();
296 uint32_t status = data.ReadUint32();
297 int32_t userID = data.ReadInt32();
298 if (!IsPrivilegedCalling() && VerifyAccessToken(callingTokenID, DISABLE_PERMISSION_DIALOG) == PERMISSION_DENIED) {
299 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT",
300 HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID",
301 callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "SetToggleStatus");
302 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d).", callingTokenID);
303 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
304 return;
305 }
306 int32_t result = this->SetPermissionRequestToggleStatus(permissionName, status, userID);
307 reply.WriteInt32(result);
308 }
309
GetPermissionRequestToggleStatusInner(MessageParcel & data,MessageParcel & reply)310 void AccessTokenManagerStub::GetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply)
311 {
312 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
313 if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
314 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
315 return;
316 }
317
318 std::string permissionName = data.ReadString();
319 int32_t userID = data.ReadInt32();
320 if (!IsShellProcessCalling() && !IsPrivilegedCalling() &&
321 VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
322 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT",
323 HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID",
324 callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "GetToggleStatus");
325 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d).", callingTokenID);
326 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
327 return;
328 }
329 uint32_t status;
330 int32_t result = this->GetPermissionRequestToggleStatus(permissionName, status, userID);
331 reply.WriteInt32(result);
332 if (result != RET_SUCCESS) {
333 return;
334 }
335 reply.WriteUint32(status);
336 }
337
GrantPermissionInner(MessageParcel & data,MessageParcel & reply)338 void AccessTokenManagerStub::GrantPermissionInner(MessageParcel& data, MessageParcel& reply)
339 {
340 unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID();
341 if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
342 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
343 return;
344 }
345 AccessTokenID tokenID = data.ReadUint32();
346 std::string permissionName = data.ReadString();
347 uint32_t flag = data.ReadUint32();
348 if (!IsPrivilegedCalling() &&
349 VerifyAccessToken(callingTokenID, GRANT_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
350 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT",
351 HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR,
352 "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName);
353 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
354 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
355 return;
356 }
357 int result = this->GrantPermission(tokenID, permissionName, flag);
358 reply.WriteInt32(result);
359 }
360
RevokePermissionInner(MessageParcel & data,MessageParcel & reply)361 void AccessTokenManagerStub::RevokePermissionInner(MessageParcel& data, MessageParcel& reply)
362 {
363 unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID();
364 if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
365 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
366 return;
367 }
368 AccessTokenID tokenID = data.ReadUint32();
369 std::string permissionName = data.ReadString();
370 uint32_t flag = data.ReadUint32();
371 if (!IsPrivilegedCalling() &&
372 VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
373 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT",
374 HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR,
375 "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName);
376 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
377 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
378 return;
379 }
380 int result = this->RevokePermission(tokenID, permissionName, flag);
381 reply.WriteInt32(result);
382 }
383
GrantPermissionForSpecifiedTimeInner(MessageParcel & data,MessageParcel & reply)384 void AccessTokenManagerStub::GrantPermissionForSpecifiedTimeInner(MessageParcel& data, MessageParcel& reply)
385 {
386 unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID();
387 if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
388 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
389 return;
390 }
391 AccessTokenID tokenID = data.ReadUint32();
392 std::string permissionName = data.ReadString();
393 uint32_t onceTime = data.ReadUint32();
394 if (!IsPrivilegedCalling() &&
395 VerifyAccessToken(callingTokenID, GRANT_SHORT_TERM_WRITE_MEDIAVIDEO) == PERMISSION_DENIED) {
396 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT",
397 HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR,
398 "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName);
399 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
400 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
401 return;
402 }
403 int result = this->GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime);
404 reply.WriteInt32(result);
405 }
406
ClearUserGrantedPermissionStateInner(MessageParcel & data,MessageParcel & reply)407 void AccessTokenManagerStub::ClearUserGrantedPermissionStateInner(MessageParcel& data, MessageParcel& reply)
408 {
409 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
410 if (!IsPrivilegedCalling() &&
411 VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
412 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT",
413 HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR,
414 "CALLER_TOKENID", callingTokenID);
415 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
416 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
417 return;
418 }
419 AccessTokenID tokenID = data.ReadUint32();
420 int result = this->ClearUserGrantedPermissionState(tokenID);
421 reply.WriteInt32(result);
422 }
423
AllocHapTokenInner(MessageParcel & data,MessageParcel & reply)424 void AccessTokenManagerStub::AllocHapTokenInner(MessageParcel& data, MessageParcel& reply)
425 {
426 AccessTokenIDEx res = {0};
427 AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID();
428 if (!IsPrivilegedCalling() &&
429 (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) {
430 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", tokenID);
431 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
432 return;
433 }
434
435 sptr<HapInfoParcel> hapInfoParcel = data.ReadParcelable<HapInfoParcel>();
436 sptr<HapPolicyParcel> hapPolicyParcel = data.ReadParcelable<HapPolicyParcel>();
437 if (hapInfoParcel == nullptr || hapPolicyParcel == nullptr) {
438 ACCESSTOKEN_LOG_ERROR(LABEL, "Read hapPolicyParcel or hapInfoParcel fail");
439 reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
440 return;
441 }
442 res = this->AllocHapToken(*hapInfoParcel, *hapPolicyParcel);
443 reply.WriteUint64(res.tokenIDEx);
444 }
445
InitHapTokenInner(MessageParcel & data,MessageParcel & reply)446 void AccessTokenManagerStub::InitHapTokenInner(MessageParcel& data, MessageParcel& reply)
447 {
448 AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID();
449 if (!IsPrivilegedCalling() &&
450 (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) {
451 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", tokenID);
452 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
453 return;
454 }
455
456 sptr<HapInfoParcel> hapInfoParcel = data.ReadParcelable<HapInfoParcel>();
457 sptr<HapPolicyParcel> hapPolicyParcel = data.ReadParcelable<HapPolicyParcel>();
458 if (hapInfoParcel == nullptr || hapPolicyParcel == nullptr) {
459 ACCESSTOKEN_LOG_ERROR(LABEL, "Read hapPolicyParcel or hapInfoParcel fail");
460 reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
461 return;
462 }
463 int32_t res;
464 AccessTokenIDEx fullTokenId = { 0 };
465 res = this->InitHapToken(*hapInfoParcel, *hapPolicyParcel, fullTokenId);
466 if (!reply.WriteInt32(res)) {
467 ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 fail");
468 }
469
470 if (res != RET_SUCCESS) {
471 ACCESSTOKEN_LOG_ERROR(LABEL, "Res error %{public}d", res);
472 return;
473 }
474 reply.WriteUint64(fullTokenId.tokenIDEx);
475 }
476
GetTokenTypeInner(MessageParcel & data,MessageParcel & reply)477 void AccessTokenManagerStub::GetTokenTypeInner(MessageParcel& data, MessageParcel& reply)
478 {
479 AccessTokenID tokenID = data.ReadUint32();
480 int result = this->GetTokenType(tokenID);
481 reply.WriteInt32(result);
482 }
483
CheckNativeDCapInner(MessageParcel & data,MessageParcel & reply)484 void AccessTokenManagerStub::CheckNativeDCapInner(MessageParcel& data, MessageParcel& reply)
485 {
486 if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) {
487 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
488 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
489 return;
490 }
491 AccessTokenID tokenID = data.ReadUint32();
492 std::string dCap = data.ReadString();
493 int result = this->CheckNativeDCap(tokenID, dCap);
494 reply.WriteInt32(result);
495 }
496
GetHapTokenIDInner(MessageParcel & data,MessageParcel & reply)497 void AccessTokenManagerStub::GetHapTokenIDInner(MessageParcel& data, MessageParcel& reply)
498 {
499 if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) {
500 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
501 reply.WriteInt32(INVALID_TOKENID);
502 return;
503 }
504 int userID = data.ReadInt32();
505 std::string bundleName = data.ReadString();
506 int instIndex = data.ReadInt32();
507 AccessTokenIDEx tokenIdEx = this->GetHapTokenID(userID, bundleName, instIndex);
508 reply.WriteUint64(tokenIdEx.tokenIDEx);
509 }
510
AllocLocalTokenIDInner(MessageParcel & data,MessageParcel & reply)511 void AccessTokenManagerStub::AllocLocalTokenIDInner(MessageParcel& data, MessageParcel& reply)
512 {
513 if ((!IsNativeProcessCalling()) && !IsPrivilegedCalling()) {
514 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
515 reply.WriteInt32(INVALID_TOKENID);
516 return;
517 }
518 std::string remoteDeviceID = data.ReadString();
519 AccessTokenID remoteTokenID = data.ReadUint32();
520 AccessTokenID result = this->AllocLocalTokenID(remoteDeviceID, remoteTokenID);
521 reply.WriteUint32(result);
522 }
523
UpdateHapTokenInner(MessageParcel & data,MessageParcel & reply)524 void AccessTokenManagerStub::UpdateHapTokenInner(MessageParcel& data, MessageParcel& reply)
525 {
526 AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID();
527 if (!IsPrivilegedCalling() &&
528 (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) {
529 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
530 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
531 return;
532 }
533 UpdateHapInfoParams info;
534 AccessTokenID tokenID = data.ReadUint32();
535 info.isSystemApp = data.ReadBool();
536 info.appIDDesc = data.ReadString();
537 info.apiVersion = data.ReadInt32();
538 info.appDistributionType = data.ReadString();
539 AccessTokenIDEx tokenIdEx;
540 tokenIdEx.tokenIdExStruct.tokenID = tokenID;
541 sptr<HapPolicyParcel> policyParcel = data.ReadParcelable<HapPolicyParcel>();
542 if (policyParcel == nullptr) {
543 ACCESSTOKEN_LOG_ERROR(LABEL, "PolicyParcel read faild");
544 reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
545 return;
546 }
547 int32_t result = this->UpdateHapToken(tokenIdEx, info, *policyParcel);
548 reply.WriteInt32(result);
549 reply.WriteUint32(tokenIdEx.tokenIdExStruct.tokenAttr);
550 }
551
GetHapTokenInfoInner(MessageParcel & data,MessageParcel & reply)552 void AccessTokenManagerStub::GetHapTokenInfoInner(MessageParcel& data, MessageParcel& reply)
553 {
554 if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) {
555 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
556 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
557 return;
558 }
559 HapTokenInfoParcel hapTokenInfoParcel;
560 AccessTokenID tokenID = data.ReadUint32();
561 int result = this->GetHapTokenInfo(tokenID, hapTokenInfoParcel);
562 reply.WriteInt32(result);
563 if (result != RET_SUCCESS) {
564 return;
565 }
566 reply.WriteParcelable(&hapTokenInfoParcel);
567 }
568
GetNativeTokenInfoInner(MessageParcel & data,MessageParcel & reply)569 void AccessTokenManagerStub::GetNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply)
570 {
571 if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) {
572 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
573 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
574 return;
575 }
576 AccessTokenID tokenID = data.ReadUint32();
577 NativeTokenInfoParcel nativeTokenInfoParcel;
578 int result = this->GetNativeTokenInfo(tokenID, nativeTokenInfoParcel);
579 reply.WriteInt32(result);
580 if (result != RET_SUCCESS) {
581 return;
582 }
583 reply.WriteParcelable(&nativeTokenInfoParcel);
584 }
585
RegisterPermStateChangeCallbackInner(MessageParcel & data,MessageParcel & reply)586 void AccessTokenManagerStub::RegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply)
587 {
588 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
589 if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
590 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
591 return;
592 }
593 if (VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
594 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
595 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
596 return;
597 }
598 sptr<PermStateChangeScopeParcel> scopeParcel = data.ReadParcelable<PermStateChangeScopeParcel>();
599 if (scopeParcel == nullptr) {
600 ACCESSTOKEN_LOG_ERROR(LABEL, "Read scopeParcel fail");
601 reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
602 return;
603 }
604 sptr<IRemoteObject> callback = data.ReadRemoteObject();
605 if (callback == nullptr) {
606 ACCESSTOKEN_LOG_ERROR(LABEL, "Read callback fail");
607 reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
608 return;
609 }
610 int32_t result = this->RegisterPermStateChangeCallback(*scopeParcel, callback);
611 reply.WriteInt32(result);
612 }
613
UnRegisterPermStateChangeCallbackInner(MessageParcel & data,MessageParcel & reply)614 void AccessTokenManagerStub::UnRegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply)
615 {
616 uint32_t callingToken = IPCSkeleton::GetCallingTokenID();
617 if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) {
618 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
619 return;
620 }
621 if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
622 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingToken);
623 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
624 return;
625 }
626 sptr<IRemoteObject> callback = data.ReadRemoteObject();
627 if (callback == nullptr) {
628 ACCESSTOKEN_LOG_ERROR(LABEL, "Read callback fail");
629 reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
630 return;
631 }
632 int32_t result = this->UnRegisterPermStateChangeCallback(callback);
633 reply.WriteInt32(result);
634 }
635
636 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
ReloadNativeTokenInfoInner(MessageParcel & data,MessageParcel & reply)637 void AccessTokenManagerStub::ReloadNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply)
638 {
639 if (!IsPrivilegedCalling()) {
640 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
641 reply.WriteUint32(AccessTokenError::ERR_PERMISSION_DENIED);
642 return;
643 }
644 int32_t result = this->ReloadNativeTokenInfo();
645 reply.WriteInt32(result);
646 }
647 #endif
648
GetNativeTokenIdInner(MessageParcel & data,MessageParcel & reply)649 void AccessTokenManagerStub::GetNativeTokenIdInner(MessageParcel& data, MessageParcel& reply)
650 {
651 if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) {
652 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
653 reply.WriteUint32(INVALID_TOKENID);
654 return;
655 }
656 std::string processName;
657 if (!data.ReadString(processName)) {
658 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadString fail, processName=%{public}s", processName.c_str());
659 return;
660 }
661 AccessTokenID result = this->GetNativeTokenId(processName);
662 reply.WriteUint32(result);
663 }
664
665 #ifdef TOKEN_SYNC_ENABLE
GetHapTokenInfoFromRemoteInner(MessageParcel & data,MessageParcel & reply)666 void AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner(MessageParcel& data, MessageParcel& reply)
667 {
668 if (!IsAccessTokenCalling()) {
669 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
670 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
671 return;
672 }
673 AccessTokenID tokenID = data.ReadUint32();
674 HapTokenInfoForSyncParcel hapTokenParcel;
675
676 int result = this->GetHapTokenInfoFromRemote(tokenID, hapTokenParcel);
677 reply.WriteInt32(result);
678 if (result != RET_SUCCESS) {
679 return;
680 }
681 reply.WriteParcelable(&hapTokenParcel);
682 }
683
SetRemoteHapTokenInfoInner(MessageParcel & data,MessageParcel & reply)684 void AccessTokenManagerStub::SetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply)
685 {
686 if (!IsAccessTokenCalling()) {
687 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
688 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
689 return;
690 }
691 std::string deviceID = data.ReadString();
692 sptr<HapTokenInfoForSyncParcel> hapTokenParcel = data.ReadParcelable<HapTokenInfoForSyncParcel>();
693 if (hapTokenParcel == nullptr) {
694 ACCESSTOKEN_LOG_ERROR(LABEL, "HapTokenParcel read faild");
695 reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
696 return;
697 }
698 int result = this->SetRemoteHapTokenInfo(deviceID, *hapTokenParcel);
699 reply.WriteInt32(result);
700 }
701
DeleteRemoteTokenInner(MessageParcel & data,MessageParcel & reply)702 void AccessTokenManagerStub::DeleteRemoteTokenInner(MessageParcel& data, MessageParcel& reply)
703 {
704 if (!IsAccessTokenCalling()) {
705 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
706 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
707 return;
708 }
709 std::string deviceID = data.ReadString();
710 AccessTokenID tokenID = data.ReadUint32();
711
712 int result = this->DeleteRemoteToken(deviceID, tokenID);
713 reply.WriteInt32(result);
714 }
715
GetRemoteNativeTokenIDInner(MessageParcel & data,MessageParcel & reply)716 void AccessTokenManagerStub::GetRemoteNativeTokenIDInner(MessageParcel& data, MessageParcel& reply)
717 {
718 if (!IsAccessTokenCalling()) {
719 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
720 reply.WriteInt32(INVALID_TOKENID);
721 return;
722 }
723 std::string deviceID = data.ReadString();
724 AccessTokenID tokenID = data.ReadUint32();
725
726 AccessTokenID result = this->GetRemoteNativeTokenID(deviceID, tokenID);
727 reply.WriteUint32(result);
728 }
729
DeleteRemoteDeviceTokensInner(MessageParcel & data,MessageParcel & reply)730 void AccessTokenManagerStub::DeleteRemoteDeviceTokensInner(MessageParcel& data, MessageParcel& reply)
731 {
732 if (!IsAccessTokenCalling()) {
733 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
734 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
735 return;
736 }
737 std::string deviceID = data.ReadString();
738
739 int result = this->DeleteRemoteDeviceTokens(deviceID);
740 reply.WriteInt32(result);
741 }
742
RegisterTokenSyncCallbackInner(MessageParcel & data,MessageParcel & reply)743 void AccessTokenManagerStub::RegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply)
744 {
745 if (!IsAccessTokenCalling()) {
746 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID());
747 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
748 return;
749 }
750
751 sptr<IRemoteObject> callback = data.ReadRemoteObject();
752 if (callback == nullptr) {
753 ACCESSTOKEN_LOG_ERROR(LABEL, "Callback read failed.");
754 reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
755 return;
756 }
757 int32_t result = this->RegisterTokenSyncCallback(callback);
758 reply.WriteInt32(result);
759 }
760
UnRegisterTokenSyncCallbackInner(MessageParcel & data,MessageParcel & reply)761 void AccessTokenManagerStub::UnRegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply)
762 {
763 if (!IsAccessTokenCalling()) {
764 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID());
765 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
766 return;
767 }
768
769 int32_t result = this->UnRegisterTokenSyncCallback();
770 reply.WriteInt32(result);
771 }
772 #endif
773
GetVersionInner(MessageParcel & data,MessageParcel & reply)774 void AccessTokenManagerStub::GetVersionInner(MessageParcel& data, MessageParcel& reply)
775 {
776 uint32_t callingToken = IPCSkeleton::GetCallingTokenID();
777 if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) {
778 reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
779 return;
780 }
781 uint32_t version;
782 int32_t result = this->GetVersion(version);
783 if (!reply.WriteInt32(result)) {
784 ACCESSTOKEN_LOG_ERROR(LABEL, "Write result failed.");
785 }
786 if (result != RET_SUCCESS) {
787 return;
788 }
789 if (!reply.WriteUint32(version)) {
790 ACCESSTOKEN_LOG_ERROR(LABEL, "Write Uint32 failed.");
791 }
792 }
793
DumpTokenInfoInner(MessageParcel & data,MessageParcel & reply)794 void AccessTokenManagerStub::DumpTokenInfoInner(MessageParcel& data, MessageParcel& reply)
795 {
796 if (!IsShellProcessCalling()) {
797 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
798 reply.WriteString("");
799 return;
800 }
801 sptr<AtmToolsParamInfoParcel> infoParcel = data.ReadParcelable<AtmToolsParamInfoParcel>();
802 if (infoParcel == nullptr) {
803 ACCESSTOKEN_LOG_ERROR(LABEL, "Read infoParcel fail");
804 reply.WriteString("read infoParcel fail");
805 return;
806 }
807 std::string dumpInfo = "";
808 this->DumpTokenInfo(*infoParcel, dumpInfo);
809 if (!reply.SetDataCapacity(DUMP_CAPACITY_SIZE)) {
810 ACCESSTOKEN_LOG_WARN(LABEL, "SetDataCapacity failed");
811 }
812 if (!reply.WriteString(dumpInfo)) {
813 ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString failed");
814 }
815 }
816
SetPermDialogCapInner(MessageParcel & data,MessageParcel & reply)817 void AccessTokenManagerStub::SetPermDialogCapInner(MessageParcel& data, MessageParcel& reply)
818 {
819 uint32_t callingToken = IPCSkeleton::GetCallingTokenID();
820 if (VerifyAccessToken(callingToken, DISABLE_PERMISSION_DIALOG) == PERMISSION_DENIED) {
821 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingToken);
822 reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
823 return;
824 }
825
826 sptr<HapBaseInfoParcel> hapBaseInfoParcel = data.ReadParcelable<HapBaseInfoParcel>();
827 if (hapBaseInfoParcel == nullptr) {
828 ACCESSTOKEN_LOG_ERROR(LABEL, "Read hapBaseInfoParcel fail");
829 reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
830 return;
831 }
832 bool enable = data.ReadBool();
833 int32_t res = this->SetPermDialogCap(*hapBaseInfoParcel, enable);
834 reply.WriteInt32(res);
835 }
836
GetPermissionManagerInfoInner(MessageParcel & data,MessageParcel & reply)837 void AccessTokenManagerStub::GetPermissionManagerInfoInner(MessageParcel& data, MessageParcel& reply)
838 {
839 PermissionGrantInfoParcel infoParcel;
840 this->GetPermissionManagerInfo(infoParcel);
841 reply.WriteParcelable(&infoParcel);
842 }
843
IsPrivilegedCalling() const844 bool AccessTokenManagerStub::IsPrivilegedCalling() const
845 {
846 // shell process is root in debug mode.
847 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
848 int32_t callingUid = IPCSkeleton::GetCallingUid();
849 return callingUid == ROOT_UID;
850 #else
851 return false;
852 #endif
853 }
854
IsAccessTokenCalling()855 bool AccessTokenManagerStub::IsAccessTokenCalling()
856 {
857 uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID();
858 if (tokenSyncId_ == 0) {
859 tokenSyncId_ = this->GetNativeTokenId("token_sync_service");
860 }
861 return tokenCaller == tokenSyncId_;
862 }
863
IsNativeProcessCalling()864 bool AccessTokenManagerStub::IsNativeProcessCalling()
865 {
866 AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
867 return this->GetTokenType(tokenCaller) == TOKEN_NATIVE;
868 }
869
IsShellProcessCalling()870 bool AccessTokenManagerStub::IsShellProcessCalling()
871 {
872 AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
873 return this->GetTokenType(tokenCaller) == TOKEN_SHELL;
874 }
875
IsSystemAppCalling() const876 bool AccessTokenManagerStub::IsSystemAppCalling() const
877 {
878 uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID();
879 return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId);
880 }
881
882 #ifdef TOKEN_SYNC_ENABLE
SetTokenSyncFuncInMap()883 void AccessTokenManagerStub::SetTokenSyncFuncInMap()
884 {
885 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_HAP_TOKEN_FROM_REMOTE)] =
886 &AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner;
887 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::SET_REMOTE_HAP_TOKEN_INFO)] =
888 &AccessTokenManagerStub::SetRemoteHapTokenInfoInner;
889 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::DELETE_REMOTE_TOKEN_INFO)] =
890 &AccessTokenManagerStub::DeleteRemoteTokenInner;
891 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::DELETE_REMOTE_DEVICE_TOKEN)] =
892 &AccessTokenManagerStub::DeleteRemoteDeviceTokensInner;
893 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_NATIVE_REMOTE_TOKEN)] =
894 &AccessTokenManagerStub::GetRemoteNativeTokenIDInner;
895 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::REGISTER_TOKEN_SYNC_CALLBACK)] =
896 &AccessTokenManagerStub::RegisterTokenSyncCallbackInner;
897 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::UNREGISTER_TOKEN_SYNC_CALLBACK)] =
898 &AccessTokenManagerStub::UnRegisterTokenSyncCallbackInner;
899 }
900 #endif
901
SetLocalTokenOpFuncInMap()902 void AccessTokenManagerStub::SetLocalTokenOpFuncInMap()
903 {
904 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::ALLOC_TOKEN_HAP)] =
905 &AccessTokenManagerStub::AllocHapTokenInner;
906 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::INIT_TOKEN_HAP)] =
907 &AccessTokenManagerStub::InitHapTokenInner;
908 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::TOKEN_DELETE)] =
909 &AccessTokenManagerStub::DeleteTokenInfoInner;
910 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_TOKEN_TYPE)] =
911 &AccessTokenManagerStub::GetTokenTypeInner;
912 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::CHECK_NATIVE_DCAP)] =
913 &AccessTokenManagerStub::CheckNativeDCapInner;
914 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_HAP_TOKEN_ID)] =
915 &AccessTokenManagerStub::GetHapTokenIDInner;
916 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::ALLOC_LOCAL_TOKEN_ID)] =
917 &AccessTokenManagerStub::AllocLocalTokenIDInner;
918 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_NATIVE_TOKENINFO)] =
919 &AccessTokenManagerStub::GetNativeTokenInfoInner;
920 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_HAP_TOKENINFO)] =
921 &AccessTokenManagerStub::GetHapTokenInfoInner;
922 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::UPDATE_HAP_TOKEN)] =
923 &AccessTokenManagerStub::UpdateHapTokenInner;
924 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
925 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::RELOAD_NATIVE_TOKEN_INFO)] =
926 &AccessTokenManagerStub::ReloadNativeTokenInfoInner;
927 #endif
928 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_NATIVE_TOKEN_ID)] =
929 &AccessTokenManagerStub::GetNativeTokenIdInner;
930 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::SET_PERM_DIALOG_CAPABILITY)] =
931 &AccessTokenManagerStub::SetPermDialogCapInner;
932 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_PERMISSION_MANAGER_INFO)] =
933 &AccessTokenManagerStub::GetPermissionManagerInfoInner;
934 }
935
SetPermissionOpFuncInMap()936 void AccessTokenManagerStub::SetPermissionOpFuncInMap()
937 {
938 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_USER_GRANTED_PERMISSION_USED_TYPE)] =
939 &AccessTokenManagerStub::GetUserGrantedPermissionUsedTypeInner;
940 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN)] =
941 &AccessTokenManagerStub::VerifyAccessTokenInner;
942 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_DEF_PERMISSION)] =
943 &AccessTokenManagerStub::GetDefPermissionInner;
944 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_DEF_PERMISSIONS)] =
945 &AccessTokenManagerStub::GetDefPermissionsInner;
946 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_REQ_PERMISSIONS)] =
947 &AccessTokenManagerStub::GetReqPermissionsInner;
948 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_PERMISSION_FLAG)] =
949 &AccessTokenManagerStub::GetPermissionFlagInner;
950 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GRANT_PERMISSION)] =
951 &AccessTokenManagerStub::GrantPermissionInner;
952 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::REVOKE_PERMISSION)] =
953 &AccessTokenManagerStub::RevokePermissionInner;
954 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GRANT_PERMISSION_FOR_SPECIFIEDTIME)] =
955 &AccessTokenManagerStub::GrantPermissionForSpecifiedTimeInner;
956 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::CLEAR_USER_GRANT_PERMISSION)] =
957 &AccessTokenManagerStub::ClearUserGrantedPermissionStateInner;
958 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_PERMISSION_OPER_STATE)] =
959 &AccessTokenManagerStub::GetSelfPermissionsStateInner;
960 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_PERMISSIONS_STATUS)] =
961 &AccessTokenManagerStub::GetPermissionsStatusInner;
962 requestFuncMap_[
963 static_cast<uint32_t>(AccessTokenInterfaceCode::REGISTER_PERM_STATE_CHANGE_CALLBACK)] =
964 &AccessTokenManagerStub::RegisterPermStateChangeCallbackInner;
965 requestFuncMap_[
966 static_cast<uint32_t>(AccessTokenInterfaceCode::UNREGISTER_PERM_STATE_CHANGE_CALLBACK)] =
967 &AccessTokenManagerStub::UnRegisterPermStateChangeCallbackInner;
968 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::DUMP_TOKENINFO)] =
969 &AccessTokenManagerStub::DumpTokenInfoInner;
970 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_VERSION)] =
971 &AccessTokenManagerStub::GetVersionInner;
972 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::SET_PERMISSION_REQUEST_TOGGLE_STATUS)] =
973 &AccessTokenManagerStub::SetPermissionRequestToggleStatusInner;
974 requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_PERMISSION_REQUEST_TOGGLE_STATUS)] =
975 &AccessTokenManagerStub::GetPermissionRequestToggleStatusInner;
976 }
977
AccessTokenManagerStub()978 AccessTokenManagerStub::AccessTokenManagerStub()
979 {
980 SetPermissionOpFuncInMap();
981 SetLocalTokenOpFuncInMap();
982 #ifdef TOKEN_SYNC_ENABLE
983 SetTokenSyncFuncInMap();
984 #endif
985 }
986
~AccessTokenManagerStub()987 AccessTokenManagerStub::~AccessTokenManagerStub()
988 {
989 requestFuncMap_.clear();
990 }
991 } // namespace AccessToken
992 } // namespace Security
993 } // namespace OHOS
994