1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "domain_account_stub.h"
17
18 #include <securec.h>
19 #include "account_log_wrapper.h"
20 #include "account_permission_manager.h"
21 #include "domain_account_callback_proxy.h"
22 #include "ipc_skeleton.h"
23 #include "memory_guard.h"
24
25 namespace OHOS {
26 namespace AccountSA {
27 namespace {
28 const std::string MANAGE_LOCAL_ACCOUNTS = "ohos.permission.MANAGE_LOCAL_ACCOUNTS";
29 const std::string GET_LOCAL_ACCOUNTS = "ohos.permission.GET_LOCAL_ACCOUNTS";
30 const std::string ACCESS_USER_AUTH_INTERNAL = "ohos.permission.ACCESS_USER_AUTH_INTERNAL";
31 const std::string GET_DOMAIN_ACCOUNTS = "ohos.permission.GET_DOMAIN_ACCOUNTS";
32 const std::string INTERACT_ACROSS_LOCAL_ACCOUNTS = "ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS";
33 }
34
35 const std::map<DomainAccountInterfaceCode, DomainAccountStub::DomainAccountStubFunc> stubFuncMap = {
36 {
37 DomainAccountInterfaceCode::REGISTER_PLUGIN,
__anon68e3ab750202() 38 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
39 return ptr->ProcRegisterPlugin(data, reply); }
40 },
41 {
42 DomainAccountInterfaceCode::UNREGISTER_PLUGIN,
__anon68e3ab750302() 43 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
44 return ptr->ProcUnregisterPlugin(data, reply); }
45 },
46 {
47 DomainAccountInterfaceCode::DOMAIN_AUTH,
__anon68e3ab750402() 48 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
49 return ptr->ProcAuth(data, reply); }
50 },
51 {
52 DomainAccountInterfaceCode::DOMAIN_AUTH_USER,
__anon68e3ab750502() 53 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
54 return ptr->ProcAuthUser(data, reply); }
55 },
56 {
57 DomainAccountInterfaceCode::DOMAIN_ACCOUNT_STATUS_ENQUIRY,
__anon68e3ab750602() 58 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
59 return ptr->ProcGetAccountStatus(data, reply); }
60 },
61 {
62 DomainAccountInterfaceCode::DOMAIN_ACCOUNT_STATUS_LISTENER_REGISTER,
__anon68e3ab750702() 63 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
64 return ptr->ProcRegisterAccountStatusListener(data, reply); }
65 },
66 {
67 DomainAccountInterfaceCode::DOMAIN_ACCOUNT_STATUS_LISTENER_UNREGISTER,
__anon68e3ab750802() 68 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
69 return ptr->ProcUnregisterAccountStatusListener(data, reply); }
70 },
71 {
72 DomainAccountInterfaceCode::DOMAIN_AUTH_WITH_POPUP,
__anon68e3ab750902() 73 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
74 return ptr->ProcAuthWithPopup(data, reply); }
75 },
76 {
77 DomainAccountInterfaceCode::DOMAIN_HAS_DOMAIN_ACCOUNT,
__anon68e3ab750a02() 78 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
79 return ptr->ProcHasDomainAccount(data, reply); }
80 },
81 {
82 DomainAccountInterfaceCode::DOMAIN_UPDATE_ACCOUNT_TOKEN,
__anon68e3ab750b02() 83 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
84 return ptr->ProcUpdateAccountToken(data, reply); }
85 },
86 {
87 DomainAccountInterfaceCode::DOMAIN_IS_AUTHENTICATION_EXPIRED,
__anon68e3ab750c02() 88 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
89 return ptr->ProcIsAuthenticationExpired(data, reply); }
90 },
91 {
92 DomainAccountInterfaceCode::DOMAIN_SET_ACCOUNT_POLICY,
__anon68e3ab750d02() 93 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
94 return ptr->ProcSetAuthenticationExpiryThreshold(data, reply); }
95 },
96 {
97 DomainAccountInterfaceCode::DOMAIN_GET_ACCESS_TOKEN,
__anon68e3ab750e02() 98 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
99 return ptr->ProcGetDomainAccessToken(data, reply); }
100 },
101 {
102 DomainAccountInterfaceCode::DOMAIN_GET_ACCOUNT_INFO,
__anon68e3ab750f02() 103 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
104 return ptr->ProcGetDomainAccountInfo(data, reply); }
105 },
106 {
107 DomainAccountInterfaceCode::ADD_SERVER_CONFIG,
__anon68e3ab751002() 108 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
109 return ptr->ProcAddServerConfig(data, reply); }
110 },
111 {
112 DomainAccountInterfaceCode::REMOVE_SERVER_CONFIG,
__anon68e3ab751102() 113 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
114 return ptr->ProcRemoveServerConfig(data, reply); }
115 },
116 {
117 DomainAccountInterfaceCode::GET_ACCOUNT_SERVER_CONFIG,
__anon68e3ab751202() 118 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
119 return ptr->ProcGetAccountServerConfig(data, reply); }
120 },
121 {
122 DomainAccountInterfaceCode::DOMAIN_UPDATE_ACCOUNT_INFO,
__anon68e3ab751302() 123 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
124 return ptr->ProcUpdateAccountInfo(data, reply); }
125 },
126 };
127
DomainAccountStub()128 DomainAccountStub::DomainAccountStub()
129 {
130 stubFuncMap_ = stubFuncMap;
131 }
132
~DomainAccountStub()133 DomainAccountStub::~DomainAccountStub()
134 {}
135
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)136 int32_t DomainAccountStub::OnRemoteRequest(
137 uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option)
138 {
139 MemoryGuard cacheGuard;
140 int32_t uid = IPCSkeleton::GetCallingUid();
141 ACCOUNT_LOGI("Received stub message: %{public}d, callingUid: %{public}d, callingPid: %{public}d", code, uid,
142 IPCSkeleton::GetCallingRealPid());
143 ErrCode errCode = CheckPermission(static_cast<DomainAccountInterfaceCode>(code), uid);
144 if (errCode != ERR_OK) {
145 ACCOUNT_LOGE("check permission failed");
146 return errCode;
147 }
148 if (data.ReadInterfaceToken() != GetDescriptor()) {
149 ACCOUNT_LOGE("check descriptor failed! code %{public}u.", code);
150 return ERR_ACCOUNT_COMMON_CHECK_DESCRIPTOR_ERROR;
151 }
152 const auto &itFunc = stubFuncMap_.find(static_cast<DomainAccountInterfaceCode>(code));
153 if (itFunc != stubFuncMap_.end()) {
154 return (itFunc->second)(this, data, reply);
155 }
156 ACCOUNT_LOGW("remote request unhandled: %{public}d", code);
157 return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
158 }
159
ProcHasDomainAccount(MessageParcel & data,MessageParcel & reply)160 ErrCode DomainAccountStub::ProcHasDomainAccount(MessageParcel &data, MessageParcel &reply)
161 {
162 std::shared_ptr<DomainAccountInfo> info(data.ReadParcelable<DomainAccountInfo>());
163 if (info == nullptr) {
164 ACCOUNT_LOGE("failed to read domain account info");
165 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
166 }
167 auto callback = iface_cast<IDomainAccountCallback>(data.ReadRemoteObject());
168 if (callback == nullptr) {
169 ACCOUNT_LOGE("failed to read domain callback");
170 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
171 }
172 ErrCode result = HasDomainAccount(*info, callback);
173 if (!reply.WriteInt32(result)) {
174 ACCOUNT_LOGE("failed to write reply, result %{public}d.", result);
175 return IPC_STUB_WRITE_PARCEL_ERR;
176 }
177 return ERR_NONE;
178 }
179
ProcUpdateAccountToken(MessageParcel & data,MessageParcel & reply)180 ErrCode DomainAccountStub::ProcUpdateAccountToken(MessageParcel &data, MessageParcel &reply)
181 {
182 std::shared_ptr<DomainAccountInfo> info(data.ReadParcelable<DomainAccountInfo>());
183 if (info == nullptr) {
184 ACCOUNT_LOGE("failed to read domain account info");
185 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
186 }
187 std::vector<uint8_t> token;
188 if (!data.ReadUInt8Vector(&token)) {
189 ACCOUNT_LOGE("fail to read token");
190 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
191 }
192 ErrCode result = UpdateAccountToken(*info, token);
193 if (!reply.WriteInt32(result)) {
194 ACCOUNT_LOGE("failed to write reply, result %{public}d.", result);
195 return IPC_STUB_WRITE_PARCEL_ERR;
196 }
197 return ERR_NONE;
198 }
199
ProcIsAuthenticationExpired(MessageParcel & data,MessageParcel & reply)200 ErrCode DomainAccountStub::ProcIsAuthenticationExpired(MessageParcel &data, MessageParcel &reply)
201 {
202 std::shared_ptr<DomainAccountInfo> info(data.ReadParcelable<DomainAccountInfo>());
203 if (info == nullptr) {
204 ACCOUNT_LOGE("Read DomainAccountInfo failed.");
205 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
206 }
207 bool isExpired = true;
208 ErrCode result = IsAuthenticationExpired(*info, isExpired);
209 if (!reply.WriteInt32(result)) {
210 ACCOUNT_LOGE("Write reply failed.");
211 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
212 }
213 if (result != ERR_OK) {
214 ACCOUNT_LOGE("IsAuthenticationExpired failed %{public}d.", result);
215 return result;
216 }
217 if (!reply.WriteBool(isExpired)) {
218 ACCOUNT_LOGE("Write isExpired failed.");
219 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
220 }
221 return ERR_OK;
222 }
223
ProcSetAuthenticationExpiryThreshold(MessageParcel & data,MessageParcel & reply)224 ErrCode DomainAccountStub::ProcSetAuthenticationExpiryThreshold(MessageParcel &data, MessageParcel &reply)
225 {
226 DomainAccountPolicy policy;
227 if (!data.ReadInt32(policy.authenicationValidityPeriod)) {
228 ACCOUNT_LOGE("Read threshold failed.");
229 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
230 }
231 ErrCode result = SetAccountPolicy(policy);
232 if (!reply.WriteInt32(result)) {
233 ACCOUNT_LOGE("Write reply failed.");
234 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
235 }
236 return ERR_OK;
237 }
238
ProcRegisterPlugin(MessageParcel & data,MessageParcel & reply)239 ErrCode DomainAccountStub::ProcRegisterPlugin(MessageParcel &data, MessageParcel &reply)
240 {
241 auto plugin = iface_cast<IDomainAccountPlugin>(data.ReadRemoteObject());
242 if (plugin == nullptr) {
243 ACCOUNT_LOGE("Failed to read plugin");
244 return IPC_STUB_WRITE_PARCEL_ERR;
245 }
246 ErrCode result = RegisterPlugin(plugin);
247 if (!reply.WriteInt32(result)) {
248 ACCOUNT_LOGE("failed to write result");
249 return IPC_STUB_WRITE_PARCEL_ERR;
250 }
251 return ERR_NONE;
252 }
253
ProcUnregisterPlugin(MessageParcel & data,MessageParcel & reply)254 ErrCode DomainAccountStub::ProcUnregisterPlugin(MessageParcel &data, MessageParcel &reply)
255 {
256 ErrCode result = UnregisterPlugin();
257 if (!reply.WriteInt32(result)) {
258 ACCOUNT_LOGE("fail to write result");
259 return IPC_STUB_WRITE_PARCEL_ERR;
260 }
261 return ERR_NONE;
262 }
263
ProcAuth(MessageParcel & data,MessageParcel & reply)264 ErrCode DomainAccountStub::ProcAuth(MessageParcel &data, MessageParcel &reply)
265 {
266 DomainAccountInfo info;
267 if (!data.ReadString(info.accountName_)) {
268 ACCOUNT_LOGE("fail to read name");
269 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
270 }
271 if (!data.ReadString(info.domain_)) {
272 ACCOUNT_LOGE("fail to read domain");
273 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
274 }
275 std::vector<uint8_t> password;
276 if (!data.ReadUInt8Vector(&password)) {
277 ACCOUNT_LOGE("fail to read password");
278 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
279 }
280 if (!data.ReadString(info.serverConfigId_)) {
281 ACCOUNT_LOGE("fail to read serverConfigId");
282 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
283 }
284 auto callback = iface_cast<IDomainAccountCallback>(data.ReadRemoteObject());
285 ErrCode result = ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
286 if (callback == nullptr) {
287 ACCOUNT_LOGE("callback is nullptr");
288 } else {
289 result = Auth(info, password, callback);
290 }
291 (void)memset_s(password.data(), password.size(), 0, password.size());
292 if (!reply.WriteInt32(result)) {
293 ACCOUNT_LOGE("failed to write auth result");
294 return IPC_STUB_WRITE_PARCEL_ERR;
295 }
296 return ERR_NONE;
297 }
298
ProcGetAccountStatus(MessageParcel & data,MessageParcel & reply)299 ErrCode DomainAccountStub::ProcGetAccountStatus(MessageParcel &data, MessageParcel &reply)
300 {
301 std::shared_ptr<DomainAccountInfo> info(data.ReadParcelable<DomainAccountInfo>());
302 if (info == nullptr) {
303 ACCOUNT_LOGE("failed to read domain account info");
304 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
305 }
306 DomainAccountStatus status;
307 ErrCode result = GetAccountStatus(*info, status);
308 if (!reply.WriteInt32(result)) {
309 ACCOUNT_LOGE("failed to write result");
310 return IPC_STUB_WRITE_PARCEL_ERR;
311 }
312 if (!reply.WriteInt32(status)) {
313 ACCOUNT_LOGE("failed to write status");
314 return IPC_STUB_WRITE_PARCEL_ERR;
315 }
316 return ERR_NONE;
317 }
318
ProcGetDomainAccountInfo(MessageParcel & data,MessageParcel & reply)319 ErrCode DomainAccountStub::ProcGetDomainAccountInfo(MessageParcel &data, MessageParcel &reply)
320 {
321 std::shared_ptr<DomainAccountInfo> info(data.ReadParcelable<DomainAccountInfo>());
322 if (info == nullptr) {
323 ACCOUNT_LOGE("failed to read domain account info");
324 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
325 }
326 auto callback = iface_cast<IDomainAccountCallback>(data.ReadRemoteObject());
327 if (callback == nullptr) {
328 ACCOUNT_LOGE("failed to read domain callback");
329 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
330 }
331 ErrCode result = GetDomainAccountInfo(*info, callback);
332 if (!reply.WriteInt32(result)) {
333 ACCOUNT_LOGE("failed to write reply, result %{public}d.", result);
334 return IPC_STUB_WRITE_PARCEL_ERR;
335 }
336 return ERR_NONE;
337 }
338
ProcUpdateAccountInfo(MessageParcel & data,MessageParcel & reply)339 ErrCode DomainAccountStub::ProcUpdateAccountInfo(MessageParcel &data, MessageParcel &reply)
340 {
341 std::shared_ptr<DomainAccountInfo> oldAccountInfo(data.ReadParcelable<DomainAccountInfo>());
342 if (oldAccountInfo == nullptr) {
343 ACCOUNT_LOGE("Failed to read oldAccountInfo");
344 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
345 }
346 std::shared_ptr<DomainAccountInfo> newAccountInfo(data.ReadParcelable<DomainAccountInfo>());
347 if (newAccountInfo == nullptr) {
348 ACCOUNT_LOGE("Failed to read newAccountInfo");
349 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
350 }
351 ErrCode result = UpdateAccountInfo(*oldAccountInfo, *newAccountInfo);
352 if (!reply.WriteInt32(result)) {
353 ACCOUNT_LOGE("Failed to write reply, result %{public}d.", result);
354 return IPC_STUB_WRITE_PARCEL_ERR;
355 }
356 return ERR_NONE;
357 }
358
ProcRegisterAccountStatusListener(MessageParcel & data,MessageParcel & reply)359 ErrCode DomainAccountStub::ProcRegisterAccountStatusListener(MessageParcel &data, MessageParcel &reply)
360 {
361 auto callback = iface_cast<IDomainAccountCallback>(data.ReadRemoteObject());
362 if (callback == nullptr) {
363 ACCOUNT_LOGE("failed to read domain callback");
364 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
365 }
366 ErrCode result = RegisterAccountStatusListener(callback);
367 if (!reply.WriteInt32(result)) {
368 ACCOUNT_LOGE("failed to write reply, result %{public}d.", result);
369 return IPC_STUB_WRITE_PARCEL_ERR;
370 }
371
372 return ERR_OK;
373 }
374
ProcUnregisterAccountStatusListener(MessageParcel & data,MessageParcel & reply)375 ErrCode DomainAccountStub::ProcUnregisterAccountStatusListener(MessageParcel &data, MessageParcel &reply)
376 {
377 auto callback = iface_cast<IDomainAccountCallback>(data.ReadRemoteObject());
378 if (callback == nullptr) {
379 ACCOUNT_LOGE("failed to read domain callback");
380 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
381 }
382 ErrCode result = UnregisterAccountStatusListener(callback);
383 if (!reply.WriteInt32(result)) {
384 ACCOUNT_LOGE("failed to write reply, result %{public}d.", result);
385 return IPC_STUB_WRITE_PARCEL_ERR;
386 }
387 return ERR_OK;
388 }
389
ProcAuthUser(MessageParcel & data,MessageParcel & reply)390 ErrCode DomainAccountStub::ProcAuthUser(MessageParcel &data, MessageParcel &reply)
391 {
392 int32_t userId = 0;
393 if (!data.ReadInt32(userId)) {
394 ACCOUNT_LOGE("fail to read userId");
395 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
396 }
397 std::vector<uint8_t> password;
398 if (!data.ReadUInt8Vector(&password)) {
399 ACCOUNT_LOGE("fail to read password");
400 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
401 }
402 auto callback = iface_cast<IDomainAccountCallback>(data.ReadRemoteObject());
403 ErrCode result = ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
404 if (callback == nullptr) {
405 ACCOUNT_LOGE("callback is nullptr");
406 } else {
407 result = AuthUser(userId, password, callback);
408 }
409 (void)memset_s(password.data(), password.size(), 0, password.size());
410 if (!reply.WriteInt32(result)) {
411 ACCOUNT_LOGE("failed to write authUser result");
412 return IPC_STUB_WRITE_PARCEL_ERR;
413 }
414 return ERR_NONE;
415 }
416
ProcAuthWithPopup(MessageParcel & data,MessageParcel & reply)417 ErrCode DomainAccountStub::ProcAuthWithPopup(MessageParcel &data, MessageParcel &reply)
418 {
419 int32_t userId = 0;
420 if (!data.ReadInt32(userId)) {
421 ACCOUNT_LOGE("fail to read userId");
422 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
423 }
424 auto callback = iface_cast<IDomainAccountCallback>(data.ReadRemoteObject());
425 ErrCode result = ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
426 if (callback == nullptr) {
427 ACCOUNT_LOGE("callback is nullptr");
428 } else {
429 result = AuthWithPopup(userId, callback);
430 }
431 if (!reply.WriteInt32(result)) {
432 ACCOUNT_LOGE("failed to write authUser result");
433 return IPC_STUB_WRITE_PARCEL_ERR;
434 }
435 return ERR_NONE;
436 }
437
ProcGetDomainAccessToken(MessageParcel & data,MessageParcel & reply)438 ErrCode DomainAccountStub::ProcGetDomainAccessToken(MessageParcel &data, MessageParcel &reply)
439 {
440 std::shared_ptr<DomainAccountInfo> info(data.ReadParcelable<DomainAccountInfo>());
441 if (info == nullptr) {
442 ACCOUNT_LOGE("failed to read domain account info");
443 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
444 }
445 std::shared_ptr<AAFwk::WantParams> parameters(data.ReadParcelable<AAFwk::WantParams>());
446 if (parameters == nullptr) {
447 ACCOUNT_LOGE("failed to read domain parameters");
448 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
449 }
450 auto callback = iface_cast<IDomainAccountCallback>(data.ReadRemoteObject());
451 if (callback == nullptr) {
452 ACCOUNT_LOGE("failed to read domain callback");
453 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
454 }
455 ErrCode result = GetAccessToken(*info, *parameters, callback);
456 if (!reply.WriteInt32(result)) {
457 ACCOUNT_LOGE("failed to write reply, result %{public}d.", result);
458 return IPC_STUB_WRITE_PARCEL_ERR;
459 }
460 return ERR_NONE;
461 }
462
ProcAddServerConfig(MessageParcel & data,MessageParcel & reply)463 ErrCode DomainAccountStub::ProcAddServerConfig(MessageParcel &data, MessageParcel &reply)
464 {
465 std::string parameters;
466 if (!data.ReadString(parameters)) {
467 ACCOUNT_LOGE("Failed to read domain server config.");
468 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
469 }
470 DomainServerConfig config;
471 ErrCode result = AddServerConfig(parameters, config);
472 if (!reply.WriteInt32(result)) {
473 ACCOUNT_LOGE("Failed to write reply, result=%{public}d.", result);
474 return IPC_STUB_WRITE_PARCEL_ERR;
475 }
476 if (result != ERR_OK) {
477 return result;
478 }
479 if (!reply.WriteParcelable(&config)) {
480 ACCOUNT_LOGE("Failed to write identifier.");
481 return IPC_STUB_WRITE_PARCEL_ERR;
482 }
483 return ERR_NONE;
484 }
485
ProcRemoveServerConfig(MessageParcel & data,MessageParcel & reply)486 ErrCode DomainAccountStub::ProcRemoveServerConfig(MessageParcel &data, MessageParcel &reply)
487 {
488 std::string configId;
489 if (!data.ReadString(configId)) {
490 ACCOUNT_LOGE("Fail to configId");
491 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
492 }
493 ErrCode result = RemoveServerConfig(configId);
494 if (!reply.WriteInt32(result)) {
495 ACCOUNT_LOGE("Failed to write reply, result=%{public}d.", result);
496 return IPC_STUB_WRITE_PARCEL_ERR;
497 }
498 return result;
499 }
500
ProcGetAccountServerConfig(MessageParcel & data,MessageParcel & reply)501 ErrCode DomainAccountStub::ProcGetAccountServerConfig(MessageParcel &data, MessageParcel &reply)
502 {
503 std::shared_ptr<DomainAccountInfo> info(data.ReadParcelable<DomainAccountInfo>());
504 if (info == nullptr) {
505 ACCOUNT_LOGE("Failed to read domain server config.");
506 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
507 }
508 DomainServerConfig config;
509 ErrCode result = GetAccountServerConfig(*info, config);
510 if (!reply.WriteInt32(result)) {
511 ACCOUNT_LOGE("Failed to write reply, result=%{public}d.", result);
512 return IPC_STUB_WRITE_PARCEL_ERR;
513 }
514 if (result != ERR_OK) {
515 return result;
516 }
517 if (!reply.WriteParcelable(&config)) {
518 ACCOUNT_LOGE("Failed to write identifier.");
519 return IPC_STUB_WRITE_PARCEL_ERR;
520 }
521 return ERR_NONE;
522 }
523
CheckPermission(DomainAccountInterfaceCode code,int32_t uid)524 ErrCode DomainAccountStub::CheckPermission(DomainAccountInterfaceCode code, int32_t uid)
525 {
526 ErrCode errCode = AccountPermissionManager::CheckSystemApp();
527 if (errCode != ERR_OK) {
528 ACCOUNT_LOGE("the caller is not system application, errCode = %{public}d.", errCode);
529 return errCode;
530 }
531 if (uid == 0) {
532 return ERR_OK;
533 }
534 std::vector<std::string> orPermissions;
535 switch (code) {
536 case DomainAccountInterfaceCode::REGISTER_PLUGIN:
537 case DomainAccountInterfaceCode::UNREGISTER_PLUGIN:
538 case DomainAccountInterfaceCode::DOMAIN_SET_ACCOUNT_POLICY:
539 case DomainAccountInterfaceCode::DOMAIN_HAS_DOMAIN_ACCOUNT:
540 case DomainAccountInterfaceCode::DOMAIN_UPDATE_ACCOUNT_TOKEN:
541 case DomainAccountInterfaceCode::ADD_SERVER_CONFIG:
542 case DomainAccountInterfaceCode::REMOVE_SERVER_CONFIG:
543 case DomainAccountInterfaceCode::GET_ACCOUNT_SERVER_CONFIG:
544 case DomainAccountInterfaceCode::DOMAIN_UPDATE_ACCOUNT_INFO:
545 orPermissions.emplace_back(MANAGE_LOCAL_ACCOUNTS);
546 break;
547 case DomainAccountInterfaceCode::DOMAIN_ACCOUNT_STATUS_ENQUIRY:
548 case DomainAccountInterfaceCode::DOMAIN_ACCOUNT_STATUS_LISTENER_REGISTER:
549 case DomainAccountInterfaceCode::DOMAIN_ACCOUNT_STATUS_LISTENER_UNREGISTER:
550 orPermissions.emplace_back(GET_LOCAL_ACCOUNTS);
551 break;
552 case DomainAccountInterfaceCode::DOMAIN_AUTH:
553 case DomainAccountInterfaceCode::DOMAIN_AUTH_USER:
554 orPermissions.emplace_back(ACCESS_USER_AUTH_INTERNAL);
555 break;
556 case DomainAccountInterfaceCode::DOMAIN_GET_ACCOUNT_INFO:
557 orPermissions.emplace_back(GET_DOMAIN_ACCOUNTS);
558 break;
559 case DomainAccountInterfaceCode::DOMAIN_IS_AUTHENTICATION_EXPIRED:
560 orPermissions.emplace_back(MANAGE_LOCAL_ACCOUNTS);
561 orPermissions.emplace_back(INTERACT_ACROSS_LOCAL_ACCOUNTS);
562 break;
563 default:
564 break;
565 }
566 for (const auto &permission : orPermissions) {
567 errCode = AccountPermissionManager::VerifyPermission(permission);
568 if (errCode == ERR_OK) {
569 return ERR_OK;
570 }
571 }
572 return orPermissions.empty() ? ERR_OK : ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
573 }
574 } // namespace AccountSA
575 } // namespace OHOS
576