1 /*
2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "app_account_manager_service.h"
17 #include "accesstoken_kit.h"
18 #include "account_log_wrapper.h"
19 #include "bundle_manager_adapter.h"
20 #include "account_hisysevent_adapter.h"
21 #include "inner_app_account_manager.h"
22 #include "ipc_skeleton.h"
23
24 namespace OHOS {
25 namespace AccountSA {
26 namespace {
27 constexpr int32_t UID_TRANSFORM_DIVISOR = 200000; // local account id = uid / UID_TRANSFORM_DIVISOR
28 const std::string DISTRIBUTED_DATASYNC = "ohos.permission.DISTRIBUTED_DATASYNC";
29 const std::string GET_ALL_APP_ACCOUNTS = "ohos.permission.GET_ALL_APP_ACCOUNTS";
30 }
31
AppAccountManagerService()32 AppAccountManagerService::AppAccountManagerService()
33 {
34 innerManager_ = std::make_shared<InnerAppAccountManager>();
35 #ifdef HAS_CES_PART
36 CommonEventCallback callback = {
37 [this](const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex) {
38 this->OnPackageRemoved(uid, bundleName, appIndex);
39 },
40 [this] (int32_t userId) { this->OnUserRemoved(userId); },
41 };
42 observer_ = std::make_shared<AppAccountCommonEventObserver>(callback);
43 #endif // HAS_CES_PART
44 }
45
~AppAccountManagerService()46 AppAccountManagerService::~AppAccountManagerService()
47 {}
48
AddAccount(const std::string & name,const std::string & extraInfo)49 ErrCode AppAccountManagerService::AddAccount(const std::string &name, const std::string &extraInfo)
50 {
51 int32_t callingUid = -1;
52 std::string bundleName;
53 uint32_t appIndex;
54 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
55 if (ret != ERR_OK) {
56 return ret;
57 }
58 return innerManager_->AddAccount(name, extraInfo, callingUid, bundleName, appIndex);
59 }
60
AddAccountImplicitly(const std::string & owner,const std::string & authType,const AAFwk::Want & options,const sptr<IAppAccountAuthenticatorCallback> & callback)61 ErrCode AppAccountManagerService::AddAccountImplicitly(const std::string &owner, const std::string &authType,
62 const AAFwk::Want &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
63 {
64 AuthenticatorSessionRequest request;
65 request.callerPid = IPCSkeleton::GetCallingRealPid();
66 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
67 if (result != ERR_OK) {
68 return result;
69 }
70 request.owner = owner;
71 request.authType = authType;
72 request.options = options;
73 request.callerAbilityName = options.GetStringParam(Constants::KEY_CALLER_ABILITY_NAME);
74 request.callback = callback;
75 request.options.RemoveParam(Constants::KEY_CALLER_ABILITY_NAME);
76 request.options.SetParam(Constants::KEY_CALLER_PID, request.callerPid);
77 request.options.SetParam(Constants::KEY_CALLER_UID, request.callerUid);
78 return innerManager_->AddAccountImplicitly(request);
79 }
80
CreateAccount(const std::string & name,const CreateAccountOptions & options)81 ErrCode AppAccountManagerService::CreateAccount(const std::string &name, const CreateAccountOptions &options)
82 {
83 int32_t callingUid = -1;
84 std::string bundleName;
85 uint32_t appIndex;
86 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
87 if (ret != ERR_OK) {
88 return ret;
89 }
90 return innerManager_->CreateAccount(name, options, callingUid, bundleName, appIndex);
91 }
92
CreateAccountImplicitly(const std::string & owner,const CreateAccountImplicitlyOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback)93 ErrCode AppAccountManagerService::CreateAccountImplicitly(const std::string &owner,
94 const CreateAccountImplicitlyOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
95 {
96 AuthenticatorSessionRequest request;
97 request.callerPid = IPCSkeleton::GetCallingRealPid();
98 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
99 if (result != ERR_OK) {
100 return result;
101 }
102 request.owner = owner;
103 request.callerAbilityName = options.parameters.GetStringParam(Constants::KEY_CALLER_ABILITY_NAME);
104 request.callback = callback;
105 request.createOptions = options;
106 request.createOptions.parameters.RemoveParam(Constants::KEY_CALLER_ABILITY_NAME);
107 request.createOptions.parameters.SetParam(Constants::KEY_CALLER_BUNDLE_NAME, request.callerBundleName);
108 return innerManager_->CreateAccountImplicitly(request);
109 }
110
DeleteAccount(const std::string & name)111 ErrCode AppAccountManagerService::DeleteAccount(const std::string &name)
112 {
113 int32_t callingUid = -1;
114 std::string bundleName;
115 uint32_t appIndex;
116 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
117 if (ret != ERR_OK) {
118 return ret;
119 }
120 return innerManager_->DeleteAccount(name, callingUid, bundleName, appIndex);
121 }
122
GetAccountExtraInfo(const std::string & name,std::string & extraInfo)123 ErrCode AppAccountManagerService::GetAccountExtraInfo(const std::string &name, std::string &extraInfo)
124 {
125 int32_t callingUid = -1;
126 std::string bundleName;
127 uint32_t appIndex;
128 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
129 if (ret != ERR_OK) {
130 return ret;
131 }
132 return innerManager_->GetAccountExtraInfo(name, extraInfo, callingUid, bundleName, appIndex);
133 }
134
SetAccountExtraInfo(const std::string & name,const std::string & extraInfo)135 ErrCode AppAccountManagerService::SetAccountExtraInfo(const std::string &name, const std::string &extraInfo)
136 {
137 int32_t callingUid = -1;
138 std::string bundleName;
139 uint32_t appIndex;
140 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
141 if (ret != ERR_OK) {
142 return ret;
143 }
144 return innerManager_->SetAccountExtraInfo(name, extraInfo, callingUid, bundleName, appIndex);
145 }
146
EnableAppAccess(const std::string & name,const std::string & authorizedApp)147 ErrCode AppAccountManagerService::EnableAppAccess(
148 const std::string &name, const std::string &authorizedApp)
149 {
150 AppAccountCallingInfo appAccountCallingInfo;
151 ErrCode result = GetCallingInfo(
152 appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName, appAccountCallingInfo.appIndex);
153 if (result != ERR_OK) {
154 return result;
155 }
156
157 if (authorizedApp == appAccountCallingInfo.bundleName) {
158 ACCOUNT_LOGE("AuthorizedApp is the same to owner.");
159 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
160 }
161
162 return innerManager_->EnableAppAccess(name, authorizedApp, appAccountCallingInfo);
163 }
164
DisableAppAccess(const std::string & name,const std::string & authorizedApp)165 ErrCode AppAccountManagerService::DisableAppAccess(
166 const std::string &name, const std::string &authorizedApp)
167 {
168 AppAccountCallingInfo appAccountCallingInfo;
169 ErrCode ret = GetCallingInfo(
170 appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName, appAccountCallingInfo.appIndex);
171 if (ret != ERR_OK) {
172 return ret;
173 }
174 if (authorizedApp == appAccountCallingInfo.bundleName) {
175 ACCOUNT_LOGE("AuthorizedApp is the same to owner.");
176 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
177 }
178 return innerManager_->DisableAppAccess(name, authorizedApp, appAccountCallingInfo);
179 }
180
SetAppAccess(const std::string & name,const std::string & authorizedApp,bool isAccessible)181 ErrCode AppAccountManagerService::SetAppAccess(
182 const std::string &name, const std::string &authorizedApp, bool isAccessible)
183 {
184 AppAccountCallingInfo appAccountCallingInfo;
185 ErrCode ret = GetCallingInfo(
186 appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName, appAccountCallingInfo.appIndex);
187 if (ret != ERR_OK) {
188 return ret;
189 }
190
191 if (authorizedApp == appAccountCallingInfo.bundleName) {
192 if (isAccessible) {
193 ACCOUNT_LOGI("AuthorizedApp name is the self, invalid operate.");
194 return ERR_OK;
195 } else {
196 ACCOUNT_LOGE("AuthorizedApp is the same to owner.");
197 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
198 }
199 }
200 if (isAccessible) {
201 return innerManager_->EnableAppAccess(name, authorizedApp, appAccountCallingInfo, Constants::API_VERSION9);
202 }
203
204 return innerManager_->DisableAppAccess(name, authorizedApp, appAccountCallingInfo, Constants::API_VERSION9);
205 }
206
CheckAppAccountSyncEnable(const std::string & name,bool & syncEnable)207 ErrCode AppAccountManagerService::CheckAppAccountSyncEnable(const std::string &name, bool &syncEnable)
208 {
209 int32_t callingUid = -1;
210 std::string bundleName;
211 uint32_t appIndex;
212 ErrCode ret = GetBundleNameAndCheckPerm(callingUid, bundleName, DISTRIBUTED_DATASYNC);
213 if (ret != ERR_OK) {
214 return ret;
215 }
216 ret = GetCallingTokenInfoAndAppIndex(appIndex);
217 if (ret != ERR_OK) {
218 ACCOUNT_LOGE("failed to get app index");
219 return ret;
220 }
221
222 return innerManager_->CheckAppAccountSyncEnable(name, syncEnable, callingUid, bundleName, appIndex);
223 }
224
SetAppAccountSyncEnable(const std::string & name,const bool & syncEnable)225 ErrCode AppAccountManagerService::SetAppAccountSyncEnable(const std::string &name, const bool &syncEnable)
226 {
227 int32_t callingUid = -1;
228 std::string bundleName;
229 uint32_t appIndex;
230 ErrCode ret = GetBundleNameAndCheckPerm(callingUid, bundleName, DISTRIBUTED_DATASYNC);
231 if (ret != ERR_OK) {
232 return ret;
233 }
234 ret = GetCallingTokenInfoAndAppIndex(appIndex);
235 if (ret != ERR_OK) {
236 ACCOUNT_LOGE("failed to get app index");
237 return ret;
238 }
239
240 return innerManager_->SetAppAccountSyncEnable(name, syncEnable, callingUid, bundleName, appIndex);
241 }
242
GetAssociatedData(const std::string & name,const std::string & key,std::string & value)243 ErrCode AppAccountManagerService::GetAssociatedData(
244 const std::string &name, const std::string &key, std::string &value)
245 {
246 int32_t callingUid = IPCSkeleton::GetCallingUid();
247 return innerManager_->GetAssociatedData(name, key, value, callingUid);
248 }
249
SetAssociatedData(const std::string & name,const std::string & key,const std::string & value)250 ErrCode AppAccountManagerService::SetAssociatedData(
251 const std::string &name, const std::string &key, const std::string &value)
252 {
253 AppAccountCallingInfo appAccountCallingInfo;
254 ErrCode ret = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
255 appAccountCallingInfo.appIndex);
256 if (ret != ERR_OK) {
257 return ret;
258 }
259 return innerManager_->SetAssociatedData(name, key, value, appAccountCallingInfo);
260 }
261
GetAccountCredential(const std::string & name,const std::string & credentialType,std::string & credential)262 ErrCode AppAccountManagerService::GetAccountCredential(
263 const std::string &name, const std::string &credentialType, std::string &credential)
264 {
265 AppAccountCallingInfo appAccountCallingInfo;
266 ErrCode ret = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
267 appAccountCallingInfo.appIndex);
268 if (ret != ERR_OK) {
269 return ret;
270 }
271 return innerManager_->GetAccountCredential(name, credentialType, credential, appAccountCallingInfo);
272 }
273
SetAccountCredential(const std::string & name,const std::string & credentialType,const std::string & credential)274 ErrCode AppAccountManagerService::SetAccountCredential(
275 const std::string &name, const std::string &credentialType, const std::string &credential)
276 {
277 AppAccountCallingInfo appAccountCallingInfo;
278 ErrCode ret = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
279 appAccountCallingInfo.appIndex);
280 if (ret != ERR_OK) {
281 return ret;
282 }
283 return innerManager_->SetAccountCredential(name, credentialType, credential, appAccountCallingInfo);
284 }
285
Authenticate(const std::string & name,const std::string & owner,const std::string & authType,const AAFwk::Want & options,const sptr<IAppAccountAuthenticatorCallback> & callback)286 ErrCode AppAccountManagerService::Authenticate(const std::string &name, const std::string &owner,
287 const std::string &authType, const AAFwk::Want &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
288 {
289 AuthenticatorSessionRequest request;
290 request.callerPid = IPCSkeleton::GetCallingRealPid();
291 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
292 if (result != ERR_OK) {
293 return result;
294 }
295 request.name = name;
296 request.owner = owner;
297 request.authType = authType;
298 request.options = options;
299 request.callerAbilityName = options.GetStringParam(Constants::KEY_CALLER_ABILITY_NAME);
300 request.callback = callback;
301 request.options.RemoveParam(Constants::KEY_CALLER_ABILITY_NAME);
302 request.options.SetParam(Constants::KEY_CALLER_BUNDLE_NAME, request.callerBundleName);
303 request.options.SetParam(Constants::KEY_CALLER_UID, request.callerUid);
304 return innerManager_->Authenticate(request);
305 }
306
GetOAuthToken(const std::string & name,const std::string & owner,const std::string & authType,std::string & token)307 ErrCode AppAccountManagerService::GetOAuthToken(
308 const std::string &name, const std::string &owner, const std::string &authType, std::string &token)
309 {
310 AuthenticatorSessionRequest request;
311 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
312 if (result != ERR_OK) {
313 return result;
314 }
315 request.name = name;
316 request.owner = owner;
317 request.authType = authType;
318 return innerManager_->GetOAuthToken(request, token);
319 }
320
GetAuthToken(const std::string & name,const std::string & owner,const std::string & authType,std::string & token)321 ErrCode AppAccountManagerService::GetAuthToken(
322 const std::string &name, const std::string &owner, const std::string &authType, std::string &token)
323 {
324 AuthenticatorSessionRequest request;
325 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
326 if (result != ERR_OK) {
327 return result;
328 }
329 request.name = name;
330 request.owner = owner;
331 request.authType = authType;
332 return innerManager_->GetOAuthToken(request, token, Constants::API_VERSION9);
333 }
334
SetOAuthToken(const std::string & name,const std::string & authType,const std::string & token)335 ErrCode AppAccountManagerService::SetOAuthToken(
336 const std::string &name, const std::string &authType, const std::string &token)
337 {
338 AuthenticatorSessionRequest request;
339 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
340 if (result != ERR_OK) {
341 return result;
342 }
343 request.name = name;
344 request.owner = request.callerBundleName;
345 request.authType = authType;
346 request.token = token;
347 return innerManager_->SetOAuthToken(request);
348 }
349
DeleteOAuthToken(const std::string & name,const std::string & owner,const std::string & authType,const std::string & token)350 ErrCode AppAccountManagerService::DeleteOAuthToken(
351 const std::string &name, const std::string &owner, const std::string &authType, const std::string &token)
352 {
353 AuthenticatorSessionRequest request;
354 ErrCode ret = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
355 if (ret != ERR_OK) {
356 return ret;
357 }
358 request.name = name;
359 request.owner = owner;
360 request.authType = authType;
361 request.token = token;
362 return innerManager_->DeleteOAuthToken(request);
363 }
364
DeleteAuthToken(const std::string & name,const std::string & owner,const std::string & authType,const std::string & token)365 ErrCode AppAccountManagerService::DeleteAuthToken(
366 const std::string &name, const std::string &owner, const std::string &authType, const std::string &token)
367 {
368 AuthenticatorSessionRequest request;
369 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
370 if (result != ERR_OK) {
371 return result;
372 }
373 request.name = name;
374 request.owner = owner;
375 request.authType = authType;
376 request.token = token;
377 return innerManager_->DeleteOAuthToken(request, Constants::API_VERSION9);
378 }
379
GetTokenVisibilityParam(const std::string & name,const std::string & authType,const std::string & bundleName,AuthenticatorSessionRequest & request)380 ErrCode AppAccountManagerService::GetTokenVisibilityParam(const std::string &name,
381 const std::string &authType, const std::string &bundleName, AuthenticatorSessionRequest &request)
382 {
383 ErrCode ret = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
384 if (ret != ERR_OK) {
385 return ret;
386 }
387 request.name = name;
388 request.owner = request.callerBundleName;
389 request.authType = authType;
390 request.bundleName = bundleName;
391 return ret;
392 }
393
SetOAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool isVisible)394 ErrCode AppAccountManagerService::SetOAuthTokenVisibility(
395 const std::string &name, const std::string &authType, const std::string &bundleName, bool isVisible)
396 {
397 AuthenticatorSessionRequest request;
398 ErrCode ret = GetTokenVisibilityParam(name, authType, bundleName, request);
399 if (ret != ERR_OK) {
400 return ret;
401 }
402 request.isTokenVisible = isVisible;
403 return innerManager_->SetOAuthTokenVisibility(request);
404 }
405
SetAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool isVisible)406 ErrCode AppAccountManagerService::SetAuthTokenVisibility(
407 const std::string &name, const std::string &authType, const std::string &bundleName, bool isVisible)
408 {
409 AuthenticatorSessionRequest request;
410 ErrCode result = GetTokenVisibilityParam(name, authType, bundleName, request);
411 if (result != ERR_OK) {
412 return result;
413 }
414 if (request.bundleName == request.owner) {
415 if (isVisible) {
416 ACCOUNT_LOGI("authorizedApp name is the self, invalid operate.");
417 return ERR_OK;
418 } else {
419 ACCOUNT_LOGE("authorizedApp is the same to owner.");
420 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
421 }
422 }
423 request.isTokenVisible = isVisible;
424 return innerManager_->SetOAuthTokenVisibility(request, Constants::API_VERSION9);
425 }
426
CheckOAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool & isVisible)427 ErrCode AppAccountManagerService::CheckOAuthTokenVisibility(
428 const std::string &name, const std::string &authType, const std::string &bundleName, bool &isVisible)
429 {
430 AuthenticatorSessionRequest request;
431 ErrCode ret = GetTokenVisibilityParam(name, authType, bundleName, request);
432 if (ret != ERR_OK) {
433 return ret;
434 }
435 return innerManager_->CheckOAuthTokenVisibility(request, isVisible);
436 }
437
CheckAuthTokenVisibility(const std::string & name,const std::string & authType,const std::string & bundleName,bool & isVisible)438 ErrCode AppAccountManagerService::CheckAuthTokenVisibility(
439 const std::string &name, const std::string &authType, const std::string &bundleName, bool &isVisible)
440 {
441 AuthenticatorSessionRequest request;
442 ErrCode ret = GetTokenVisibilityParam(name, authType, bundleName, request);
443 if (ret != ERR_OK) {
444 return ret;
445 }
446 return innerManager_->CheckOAuthTokenVisibility(request, isVisible, Constants::API_VERSION9);
447 }
448
GetAuthenticatorInfo(const std::string & owner,AuthenticatorInfo & info)449 ErrCode AppAccountManagerService::GetAuthenticatorInfo(const std::string &owner, AuthenticatorInfo &info)
450 {
451 AuthenticatorSessionRequest request;
452 request.callerUid = IPCSkeleton::GetCallingUid();
453 ErrCode result = GetCallingTokenInfoAndAppIndex(request.appIndex);
454 if (result != ERR_OK) {
455 ACCOUNT_LOGE("failed to get app index");
456 return result;
457 }
458 request.owner = owner;
459 return innerManager_->GetAuthenticatorInfo(request, info);
460 }
461
GetAllOAuthTokens(const std::string & name,const std::string & owner,std::vector<OAuthTokenInfo> & tokenInfos)462 ErrCode AppAccountManagerService::GetAllOAuthTokens(
463 const std::string &name, const std::string &owner, std::vector<OAuthTokenInfo> &tokenInfos)
464 {
465 AuthenticatorSessionRequest request;
466 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
467 if (result != ERR_OK) {
468 return result;
469 }
470 request.name = name;
471 request.owner = owner;
472 return innerManager_->GetAllOAuthTokens(request, tokenInfos);
473 }
474
GetOAuthList(const std::string & name,const std::string & authType,std::set<std::string> & oauthList)475 ErrCode AppAccountManagerService::GetOAuthList(
476 const std::string &name, const std::string &authType, std::set<std::string> &oauthList)
477 {
478 AuthenticatorSessionRequest request;
479 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
480 if (result != ERR_OK) {
481 return result;
482 }
483 request.name = name;
484 request.authType = authType;
485 return innerManager_->GetOAuthList(request, oauthList);
486 }
487
GetAuthList(const std::string & name,const std::string & authType,std::set<std::string> & oauthList)488 ErrCode AppAccountManagerService::GetAuthList(
489 const std::string &name, const std::string &authType, std::set<std::string> &oauthList)
490 {
491 AuthenticatorSessionRequest request;
492 ErrCode ret = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
493 if (ret != ERR_OK) {
494 return ret;
495 }
496 request.name = name;
497 request.authType = authType;
498 return innerManager_->GetOAuthList(request, oauthList, Constants::API_VERSION9);
499 }
500
GetAuthenticatorCallback(const std::string & sessionId,sptr<IRemoteObject> & callback)501 ErrCode AppAccountManagerService::GetAuthenticatorCallback(
502 const std::string &sessionId, sptr<IRemoteObject> &callback)
503 {
504 AuthenticatorSessionRequest request;
505 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
506 if (result != ERR_OK) {
507 return result;
508 }
509 request.sessionId = sessionId;
510 result = innerManager_->GetAuthenticatorCallback(request, callback);
511 return result;
512 }
513
GetAllAccounts(const std::string & owner,std::vector<AppAccountInfo> & appAccounts)514 ErrCode AppAccountManagerService::GetAllAccounts(const std::string &owner, std::vector<AppAccountInfo> &appAccounts)
515 {
516 int32_t callingUid = -1;
517 std::string bundleName;
518 uint32_t appIndex;
519 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
520 if (ret != ERR_OK) {
521 return ret;
522 }
523 if ((owner != bundleName) &&
524 (AccountPermissionManager::VerifyPermission(GET_ALL_APP_ACCOUNTS) != ERR_OK)) {
525 ACCOUNT_LOGE("failed to verify permission for %{public}s", GET_ALL_APP_ACCOUNTS.c_str());
526 ReportPermissionFail(callingUid, IPCSkeleton::GetCallingRealPid(), GET_ALL_APP_ACCOUNTS);
527 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
528 }
529
530 AppExecFwk::BundleInfo bundleInfo;
531 int32_t userId = callingUid / UID_TRANSFORM_DIVISOR;
532 bool result = BundleManagerAdapter::GetInstance()->GetBundleInfo(
533 owner, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
534 if (!result) {
535 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_INFO;
536 }
537
538 return innerManager_->GetAllAccounts(owner, appAccounts, callingUid, bundleName, appIndex);
539 }
540
GetAllAccessibleAccounts(std::vector<AppAccountInfo> & appAccounts)541 ErrCode AppAccountManagerService::GetAllAccessibleAccounts(std::vector<AppAccountInfo> &appAccounts)
542 {
543 int32_t callingUid = -1;
544 std::string bundleName;
545 uint32_t appIndex;
546 ErrCode ret = GetBundleNameAndCheckPerm(callingUid, bundleName, GET_ALL_APP_ACCOUNTS);
547 if (ret != ERR_OK) {
548 return ret;
549 }
550 ret = GetCallingTokenInfoAndAppIndex(appIndex);
551 if (ret != ERR_OK) {
552 ACCOUNT_LOGE("failed to get app index");
553 return ret;
554 }
555 return innerManager_->GetAllAccessibleAccounts(appAccounts, callingUid, bundleName, appIndex);
556 }
557
QueryAllAccessibleAccounts(const std::string & owner,std::vector<AppAccountInfo> & appAccounts)558 ErrCode AppAccountManagerService::QueryAllAccessibleAccounts(
559 const std::string &owner, std::vector<AppAccountInfo> &appAccounts)
560 {
561 int32_t callingUid = -1;
562 std::string bundleName;
563 uint32_t appIndex;
564 ErrCode result = GetCallingInfo(callingUid, bundleName, appIndex);
565 if (result != ERR_OK) {
566 return result;
567 }
568 if (owner.empty()) {
569 return innerManager_->GetAllAccessibleAccounts(appAccounts, callingUid, bundleName, appIndex);
570 }
571 AppExecFwk::BundleInfo bundleInfo;
572 int32_t userId = callingUid / UID_TRANSFORM_DIVISOR;
573 bool ret = BundleManagerAdapter::GetInstance()->GetBundleInfo(
574 owner, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
575 if (!ret) {
576 return ERR_OK;
577 }
578 return innerManager_->GetAllAccounts(owner, appAccounts, callingUid, bundleName, appIndex);
579 }
580
CheckAppAccess(const std::string & name,const std::string & authorizedApp,bool & isAccessible)581 ErrCode AppAccountManagerService::CheckAppAccess(
582 const std::string &name, const std::string &authorizedApp, bool &isAccessible)
583 {
584 AppAccountCallingInfo appAccountCallingInfo;
585 ErrCode result = GetCallingInfo(appAccountCallingInfo.callingUid, appAccountCallingInfo.bundleName,
586 appAccountCallingInfo.appIndex);
587 if (result != ERR_OK) {
588 return result;
589 }
590 if (authorizedApp == appAccountCallingInfo.bundleName) {
591 isAccessible = true;
592 return ERR_OK;
593 }
594 return innerManager_->CheckAppAccess(name, authorizedApp, isAccessible, appAccountCallingInfo);
595 }
596
DeleteAccountCredential(const std::string & name,const std::string & credentialType)597 ErrCode AppAccountManagerService::DeleteAccountCredential(
598 const std::string &name, const std::string &credentialType)
599 {
600 int32_t callingUid = -1;
601 std::string bundleName;
602 uint32_t appIndex;
603 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
604 if (ret != ERR_OK) {
605 return ret;
606 }
607 return innerManager_->DeleteAccountCredential(name, credentialType, callingUid, bundleName, appIndex);
608 }
609
SelectAccountsByOptions(const SelectAccountsOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback)610 ErrCode AppAccountManagerService::SelectAccountsByOptions(
611 const SelectAccountsOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
612 {
613 int32_t callingUid = -1;
614 std::string bundleName;
615 uint32_t appIndex;
616 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
617 if (ret != ERR_OK) {
618 return ret;
619 }
620 return innerManager_->SelectAccountsByOptions(options, callback, callingUid, bundleName, appIndex);
621 }
622
VerifyCredential(const std::string & name,const std::string & owner,const VerifyCredentialOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback)623 ErrCode AppAccountManagerService::VerifyCredential(const std::string &name, const std::string &owner,
624 const VerifyCredentialOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
625 {
626 AuthenticatorSessionRequest request;
627 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
628 if (result != ERR_OK) {
629 return result;
630 }
631 request.name = name;
632 request.owner = owner;
633 request.verifyCredOptions = options;
634 request.callback = callback;
635 return innerManager_->VerifyCredential(request);
636 }
637
CheckAccountLabels(const std::string & name,const std::string & owner,const std::vector<std::string> & labels,const sptr<IAppAccountAuthenticatorCallback> & callback)638 ErrCode AppAccountManagerService::CheckAccountLabels(const std::string &name, const std::string &owner,
639 const std::vector<std::string> &labels, const sptr<IAppAccountAuthenticatorCallback> &callback)
640 {
641 AuthenticatorSessionRequest request;
642 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
643 if (result != ERR_OK) {
644 return result;
645 }
646 request.labels = labels;
647 request.callback = callback;
648 request.name = name;
649 request.owner = owner;
650 return innerManager_->CheckAccountLabels(request);
651 }
652
SetAuthenticatorProperties(const std::string & owner,const SetPropertiesOptions & options,const sptr<IAppAccountAuthenticatorCallback> & callback)653 ErrCode AppAccountManagerService::SetAuthenticatorProperties(const std::string &owner,
654 const SetPropertiesOptions &options, const sptr<IAppAccountAuthenticatorCallback> &callback)
655 {
656 AuthenticatorSessionRequest request;
657 ErrCode result = GetCallingInfo(request.callerUid, request.callerBundleName, request.appIndex);
658 if (result != ERR_OK) {
659 return result;
660 }
661 request.owner = owner;
662 request.setPropOptions = options;
663 request.callback = callback;
664 return innerManager_->SetAuthenticatorProperties(request);
665 }
666
SubscribeAppAccount(AppAccountSubscribeInfo & subscribeInfo,const sptr<IRemoteObject> & eventListener)667 ErrCode AppAccountManagerService::SubscribeAppAccount(
668 AppAccountSubscribeInfo &subscribeInfo, const sptr<IRemoteObject> &eventListener)
669 {
670 int32_t callingUid = -1;
671 std::string bundleName;
672 uint32_t appIndex;
673 ErrCode ret = GetCallingInfo(callingUid, bundleName, appIndex);
674 if (ret != ERR_OK) {
675 return ret;
676 }
677
678 std::vector<std::string> owners;
679 subscribeInfo.GetOwners(owners);
680 if (owners.size() == 0) {
681 ACCOUNT_LOGE("owners size is 0");
682 return ERR_APPACCOUNT_SERVICE_OWNERS_SIZE_IS_ZERO;
683 }
684
685 int32_t userId = callingUid / UID_TRANSFORM_DIVISOR;
686 std::vector<std::string> existOwners;
687 for (auto owner : owners) {
688 AppExecFwk::BundleInfo bundleInfo;
689 bool bundleRet = BundleManagerAdapter::GetInstance()->GetBundleInfo(owner,
690 AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId);
691 if (!bundleRet) {
692 ACCOUNT_LOGE("Failed to get bundle info, name=%{public}s", owner.c_str());
693 continue;
694 }
695 existOwners.push_back(owner);
696 }
697 if (existOwners.size() == 0) {
698 ACCOUNT_LOGI("ExistOwners is empty.");
699 return ERR_OK;
700 }
701 subscribeInfo.SetOwners(existOwners);
702 return innerManager_->SubscribeAppAccount(subscribeInfo, eventListener, callingUid, bundleName, appIndex);
703 }
704
UnsubscribeAppAccount(const sptr<IRemoteObject> & eventListener)705 ErrCode AppAccountManagerService::UnsubscribeAppAccount(const sptr<IRemoteObject> &eventListener)
706 {
707 return innerManager_->UnsubscribeAppAccount(eventListener);
708 }
709
OnPackageRemoved(const uid_t & uid,const std::string & bundleName,const uint32_t & appIndex)710 ErrCode AppAccountManagerService::OnPackageRemoved(
711 const uid_t &uid, const std::string &bundleName, const uint32_t &appIndex)
712 {
713 return innerManager_->OnPackageRemoved(uid, bundleName, appIndex);
714 }
715
OnUserRemoved(int32_t userId)716 ErrCode AppAccountManagerService::OnUserRemoved(int32_t userId)
717 {
718 return innerManager_->OnUserRemoved(userId);
719 }
720
GetBundleNameAndCheckPerm(int32_t & callingUid,std::string & bundleName,const std::string & permName)721 ErrCode AppAccountManagerService::GetBundleNameAndCheckPerm(int32_t &callingUid,
722 std::string &bundleName, const std::string &permName)
723 {
724 ErrCode result = GetBundleNameAndCallingUid(callingUid, bundleName);
725 if (result != ERR_OK) {
726 return result;
727 }
728
729 result = AccountPermissionManager::VerifyPermission(permName);
730 if (result != ERR_OK) {
731 ACCOUNT_LOGE("failed to verify permission for %{public}s, result = %{public}d",
732 permName.c_str(), result);
733 ReportPermissionFail(callingUid, IPCSkeleton::GetCallingRealPid(), permName);
734 return result;
735 }
736 return ERR_OK;
737 }
738
GetBundleNameAndCallingUid(int32_t & callingUid,std::string & bundleName)739 ErrCode AppAccountManagerService::GetBundleNameAndCallingUid(int32_t &callingUid, std::string &bundleName)
740 {
741 callingUid = IPCSkeleton::GetCallingUid();
742 ErrCode bundleRet = BundleManagerAdapter::GetInstance()->GetNameForUid(callingUid, bundleName);
743 if (bundleRet != ERR_OK) {
744 ACCOUNT_LOGE("failed to get bundle name");
745 return ERR_APPACCOUNT_SERVICE_GET_BUNDLE_NAME;
746 }
747 return ERR_OK;
748 }
749
GetCallingTokenInfoAndAppIndex(uint32_t & appIndex)750 ErrCode AppAccountManagerService::GetCallingTokenInfoAndAppIndex(uint32_t &appIndex)
751 {
752 uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID();
753 Security::AccessToken::HapTokenInfo hapTokenInfo;
754 int result = Security::AccessToken::AccessTokenKit::GetHapTokenInfo(callingTokenId, hapTokenInfo);
755 if (result) {
756 ACCOUNT_LOGE("failed to get hap token info, result = %{public}d", result);
757 return ERR_APPACCOUNT_SERVICE_GET_APP_INDEX;
758 }
759 if (hapTokenInfo.instIndex < 0) {
760 ACCOUNT_LOGE("get invalid app index from hap token info, index = %{public}d", hapTokenInfo.instIndex);
761 return ERR_APPACCOUNT_SERVICE_GET_APP_INDEX;
762 }
763 appIndex = static_cast<uint32_t>(hapTokenInfo.instIndex);
764 return ERR_OK;
765 }
766
GetCallingInfo(int32_t & callingUid,std::string & bundleName,uint32_t & appIndex)767 ErrCode AppAccountManagerService::GetCallingInfo(int32_t &callingUid, std::string &bundleName, uint32_t &appIndex)
768 {
769 ErrCode result = GetBundleNameAndCallingUid(callingUid, bundleName);
770 if (result != ERR_OK) {
771 ACCOUNT_LOGD("failed to get bundle name");
772 return result;
773 }
774 result = GetCallingTokenInfoAndAppIndex(appIndex);
775 if (result != ERR_OK) {
776 ACCOUNT_LOGE("failed to get app index");
777 return result;
778 }
779 return result;
780 }
781 } // namespace AccountSA
782 } // namespace OHOS
783