1 /*
2  * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "accesstoken_manager_stub.h"
17 
18 #include <unistd.h>
19 #include "accesstoken_dfx_define.h"
20 #include "accesstoken_log.h"
21 #include "access_token_error.h"
22 #include "ipc_skeleton.h"
23 #include "memory_guard.h"
24 #include "string_ex.h"
25 #include "tokenid_kit.h"
26 #ifdef HICOLLIE_ENABLE
27 #include "xcollie/xcollie.h"
28 #endif // HICOLLIE_ENABLE
29 
30 namespace OHOS {
31 namespace Security {
32 namespace AccessToken {
33 namespace {
34 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "ATMStub"};
35 const std::string MANAGE_HAP_TOKENID_PERMISSION = "ohos.permission.MANAGE_HAP_TOKENID";
36 static const int32_t DUMP_CAPACITY_SIZE = 2 * 1024 * 1000;
37 static const int MAX_PERMISSION_SIZE = 1000;
38 const std::string GRANT_SENSITIVE_PERMISSIONS = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS";
39 const std::string REVOKE_SENSITIVE_PERMISSIONS = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS";
40 const std::string GET_SENSITIVE_PERMISSIONS = "ohos.permission.GET_SENSITIVE_PERMISSIONS";
41 const std::string DISABLE_PERMISSION_DIALOG = "ohos.permission.DISABLE_PERMISSION_DIALOG";
42 const std::string GRANT_SHORT_TERM_WRITE_MEDIAVIDEO = "ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO";
43 
44 #ifdef HICOLLIE_ENABLE
45 constexpr uint32_t TIMEOUT = 40; // 40s
46 #endif // HICOLLIE_ENABLE
47 }
48 
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)49 int32_t AccessTokenManagerStub::OnRemoteRequest(
50     uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option)
51 {
52     MemoryGuard guard;
53 
54     uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
55     ACCESSTOKEN_LOG_DEBUG(LABEL, "Code %{public}u token %{public}u", code, callingTokenID);
56     std::u16string descriptor = data.ReadInterfaceToken();
57     if (descriptor != IAccessTokenManager::GetDescriptor()) {
58         ACCESSTOKEN_LOG_ERROR(LABEL, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str());
59         return ERROR_IPC_REQUEST_FAIL;
60     }
61 
62 #ifdef HICOLLIE_ENABLE
63     std::string name = "AtmTimer";
64     int timerId = HiviewDFX::XCollie::GetInstance().SetTimer(name, TIMEOUT, nullptr, nullptr,
65         HiviewDFX::XCOLLIE_FLAG_LOG);
66 #endif // HICOLLIE_ENABLE
67 
68     auto itFunc = requestFuncMap_.find(code);
69     if (itFunc != requestFuncMap_.end()) {
70         auto requestFunc = itFunc->second;
71         if (requestFunc != nullptr) {
72             (this->*requestFunc)(data, reply);
73 
74 #ifdef HICOLLIE_ENABLE
75             HiviewDFX::XCollie::GetInstance().CancelTimer(timerId);
76 #endif // HICOLLIE_ENABLE
77 
78             return NO_ERROR;
79         }
80     }
81 
82 #ifdef HICOLLIE_ENABLE
83     HiviewDFX::XCollie::GetInstance().CancelTimer(timerId);
84 #endif // HICOLLIE_ENABLE
85 
86     return IPCObjectStub::OnRemoteRequest(code, data, reply, option); // when code invalid
87 }
88 
DeleteTokenInfoInner(MessageParcel & data,MessageParcel & reply)89 void AccessTokenManagerStub::DeleteTokenInfoInner(MessageParcel& data, MessageParcel& reply)
90 {
91     AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID();
92     if (!IsPrivilegedCalling() &&
93         (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) {
94         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
95         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
96         return;
97     }
98     AccessTokenID tokenID = data.ReadUint32();
99     int result = this->DeleteToken(tokenID);
100     reply.WriteInt32(result);
101 }
102 
GetUserGrantedPermissionUsedTypeInner(MessageParcel & data,MessageParcel & reply)103 void AccessTokenManagerStub::GetUserGrantedPermissionUsedTypeInner(MessageParcel& data, MessageParcel& reply)
104 {
105     if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) {
106         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
107         reply.WriteInt32(static_cast<int32_t>(PermUsedTypeEnum::INVALID_USED_TYPE));
108         return;
109     }
110     uint32_t tokenID;
111     if (!data.ReadUint32(tokenID)) {
112         ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read tokenID.");
113         reply.WriteInt32(static_cast<int32_t>(PermUsedTypeEnum::INVALID_USED_TYPE));
114         return;
115     }
116     std::string permissionName;
117     if (!data.ReadString(permissionName)) {
118         ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read permissionName.");
119         reply.WriteInt32(static_cast<int32_t>(PermUsedTypeEnum::INVALID_USED_TYPE));
120         return;
121     }
122     PermUsedTypeEnum result = this->GetUserGrantedPermissionUsedType(tokenID, permissionName);
123     int32_t type = static_cast<int32_t>(result);
124     if (!reply.WriteInt32(type)) {
125         ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 fail.");
126     }
127 }
128 
VerifyAccessTokenInner(MessageParcel & data,MessageParcel & reply)129 void AccessTokenManagerStub::VerifyAccessTokenInner(MessageParcel& data, MessageParcel& reply)
130 {
131     AccessTokenID tokenID = data.ReadUint32();
132     std::string permissionName = data.ReadString();
133     int result = this->VerifyAccessToken(tokenID, permissionName);
134     reply.WriteInt32(result);
135 }
136 
GetDefPermissionInner(MessageParcel & data,MessageParcel & reply)137 void AccessTokenManagerStub::GetDefPermissionInner(MessageParcel& data, MessageParcel& reply)
138 {
139     std::string permissionName = data.ReadString();
140     PermissionDefParcel permissionDefParcel;
141     int result = this->GetDefPermission(permissionName, permissionDefParcel);
142     reply.WriteInt32(result);
143     if (result != RET_SUCCESS) {
144         return;
145     }
146     reply.WriteParcelable(&permissionDefParcel);
147 }
148 
GetDefPermissionsInner(MessageParcel & data,MessageParcel & reply)149 void AccessTokenManagerStub::GetDefPermissionsInner(MessageParcel& data, MessageParcel& reply)
150 {
151     AccessTokenID tokenID = data.ReadUint32();
152     std::vector<PermissionDefParcel> permList;
153 
154     int result = this->GetDefPermissions(tokenID, permList);
155     reply.WriteInt32(result);
156     if (result != RET_SUCCESS) {
157         return;
158     }
159     ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s called, permList size: %{public}zu", __func__, permList.size());
160     reply.WriteUint32(permList.size());
161     for (const auto& permDef : permList) {
162         reply.WriteParcelable(&permDef);
163     }
164 }
165 
GetReqPermissionsInner(MessageParcel & data,MessageParcel & reply)166 void AccessTokenManagerStub::GetReqPermissionsInner(MessageParcel& data, MessageParcel& reply)
167 {
168     AccessTokenID tokenID = data.ReadUint32();
169     int isSystemGrant = data.ReadInt32();
170     std::vector<PermissionStateFullParcel> permList;
171 
172     int result = this->GetReqPermissions(tokenID, permList, isSystemGrant);
173     reply.WriteInt32(result);
174     if (result != RET_SUCCESS) {
175         return;
176     }
177     ACCESSTOKEN_LOG_DEBUG(LABEL, "PermList size: %{public}zu", permList.size());
178     reply.WriteUint32(permList.size());
179     for (const auto& permDef : permList) {
180         reply.WriteParcelable(&permDef);
181     }
182 }
183 
GetSelfPermissionsStateInner(MessageParcel & data,MessageParcel & reply)184 void AccessTokenManagerStub::GetSelfPermissionsStateInner(MessageParcel& data, MessageParcel& reply)
185 {
186     std::vector<PermissionListStateParcel> permList;
187     uint32_t size = 0;
188     if (!data.ReadUint32(size)) {
189         reply.WriteInt32(INVALID_OPER);
190         return;
191     }
192     ACCESSTOKEN_LOG_DEBUG(LABEL, "PermList size read from client data is %{public}d.", size);
193     if (size > MAX_PERMISSION_SIZE) {
194         ACCESSTOKEN_LOG_ERROR(LABEL, "PermList size %{public}d is invalid", size);
195         reply.WriteInt32(INVALID_OPER);
196         return;
197     }
198     for (uint32_t i = 0; i < size; i++) {
199         sptr<PermissionListStateParcel> permissionParcel = data.ReadParcelable<PermissionListStateParcel>();
200         if (permissionParcel != nullptr) {
201             permList.emplace_back(*permissionParcel);
202         }
203     }
204     PermissionGrantInfoParcel infoParcel;
205     PermissionOper result = this->GetSelfPermissionsState(permList, infoParcel);
206 
207     reply.WriteInt32(result);
208 
209     reply.WriteUint32(permList.size());
210     for (const auto& perm : permList) {
211         reply.WriteParcelable(&perm);
212     }
213     reply.WriteParcelable(&infoParcel);
214 }
215 
GetPermissionsStatusInner(MessageParcel & data,MessageParcel & reply)216 void AccessTokenManagerStub::GetPermissionsStatusInner(MessageParcel& data, MessageParcel& reply)
217 {
218     unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID();
219     if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
220         reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
221         return;
222     }
223     if (!IsPrivilegedCalling() &&
224         VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
225         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
226         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
227         return;
228     }
229 
230     AccessTokenID tokenID = data.ReadUint32();
231     std::vector<PermissionListStateParcel> permList;
232     uint32_t size = 0;
233     if (!data.ReadUint32(size)) {
234         reply.WriteInt32(INVALID_OPER);
235         return;
236     }
237     ACCESSTOKEN_LOG_DEBUG(LABEL, "PermList size read from client data is %{public}d.", size);
238     if (size > MAX_PERMISSION_SIZE) {
239         ACCESSTOKEN_LOG_ERROR(LABEL, "PermList size %{public}d is oversize", size);
240         reply.WriteInt32(INVALID_OPER);
241         return;
242     }
243     for (uint32_t i = 0; i < size; i++) {
244         sptr<PermissionListStateParcel> permissionParcel = data.ReadParcelable<PermissionListStateParcel>();
245         if (permissionParcel != nullptr) {
246             permList.emplace_back(*permissionParcel);
247         }
248     }
249     int32_t result = this->GetPermissionsStatus(tokenID, permList);
250 
251     reply.WriteInt32(result);
252     if (result != RET_SUCCESS) {
253         return;
254     }
255     reply.WriteUint32(permList.size());
256     for (const auto& perm : permList) {
257         reply.WriteParcelable(&perm);
258     }
259 }
260 
GetPermissionFlagInner(MessageParcel & data,MessageParcel & reply)261 void AccessTokenManagerStub::GetPermissionFlagInner(MessageParcel& data, MessageParcel& reply)
262 {
263     unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID();
264     if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
265         reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
266         return;
267     }
268     AccessTokenID tokenID = data.ReadUint32();
269     std::string permissionName = data.ReadString();
270     if (!IsPrivilegedCalling() &&
271         VerifyAccessToken(callingTokenID, GRANT_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED &&
272         VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED &&
273         VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
274         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
275         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
276         return;
277     }
278     uint32_t flag;
279     int result = this->GetPermissionFlag(tokenID, permissionName, flag);
280     reply.WriteInt32(result);
281     if (result != RET_SUCCESS) {
282         return;
283     }
284     reply.WriteUint32(flag);
285 }
286 
SetPermissionRequestToggleStatusInner(MessageParcel & data,MessageParcel & reply)287 void AccessTokenManagerStub::SetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply)
288 {
289     uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
290     if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
291         reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
292         return;
293     }
294 
295     std::string permissionName = data.ReadString();
296     uint32_t status = data.ReadUint32();
297     int32_t userID = data.ReadInt32();
298     if (!IsPrivilegedCalling() && VerifyAccessToken(callingTokenID, DISABLE_PERMISSION_DIALOG) == PERMISSION_DENIED) {
299         HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT",
300             HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID",
301             callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "SetToggleStatus");
302         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d).", callingTokenID);
303         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
304         return;
305     }
306     int32_t result = this->SetPermissionRequestToggleStatus(permissionName, status, userID);
307     reply.WriteInt32(result);
308 }
309 
GetPermissionRequestToggleStatusInner(MessageParcel & data,MessageParcel & reply)310 void AccessTokenManagerStub::GetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply)
311 {
312     uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
313     if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
314         reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
315         return;
316     }
317 
318     std::string permissionName = data.ReadString();
319     int32_t userID = data.ReadInt32();
320     if (!IsShellProcessCalling() && !IsPrivilegedCalling() &&
321         VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
322         HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT",
323             HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID",
324             callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "GetToggleStatus");
325         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d).", callingTokenID);
326         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
327         return;
328     }
329     uint32_t status;
330     int32_t result = this->GetPermissionRequestToggleStatus(permissionName, status, userID);
331     reply.WriteInt32(result);
332     if (result != RET_SUCCESS) {
333         return;
334     }
335     reply.WriteUint32(status);
336 }
337 
GrantPermissionInner(MessageParcel & data,MessageParcel & reply)338 void AccessTokenManagerStub::GrantPermissionInner(MessageParcel& data, MessageParcel& reply)
339 {
340     unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID();
341     if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
342         reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
343         return;
344     }
345     AccessTokenID tokenID = data.ReadUint32();
346     std::string permissionName = data.ReadString();
347     uint32_t flag = data.ReadUint32();
348     if (!IsPrivilegedCalling() &&
349         VerifyAccessToken(callingTokenID, GRANT_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
350         HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT",
351             HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR,
352             "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName);
353         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
354         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
355         return;
356     }
357     int result = this->GrantPermission(tokenID, permissionName, flag);
358     reply.WriteInt32(result);
359 }
360 
RevokePermissionInner(MessageParcel & data,MessageParcel & reply)361 void AccessTokenManagerStub::RevokePermissionInner(MessageParcel& data, MessageParcel& reply)
362 {
363     unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID();
364     if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
365         reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
366         return;
367     }
368     AccessTokenID tokenID = data.ReadUint32();
369     std::string permissionName = data.ReadString();
370     uint32_t flag = data.ReadUint32();
371     if (!IsPrivilegedCalling() &&
372         VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
373         HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT",
374             HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR,
375             "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName);
376         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
377         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
378         return;
379     }
380     int result = this->RevokePermission(tokenID, permissionName, flag);
381     reply.WriteInt32(result);
382 }
383 
GrantPermissionForSpecifiedTimeInner(MessageParcel & data,MessageParcel & reply)384 void AccessTokenManagerStub::GrantPermissionForSpecifiedTimeInner(MessageParcel& data, MessageParcel& reply)
385 {
386     unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID();
387     if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
388         reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
389         return;
390     }
391     AccessTokenID tokenID = data.ReadUint32();
392     std::string permissionName = data.ReadString();
393     uint32_t onceTime = data.ReadUint32();
394     if (!IsPrivilegedCalling() &&
395         VerifyAccessToken(callingTokenID, GRANT_SHORT_TERM_WRITE_MEDIAVIDEO) == PERMISSION_DENIED) {
396         HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT",
397             HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR,
398             "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName);
399         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
400         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
401         return;
402     }
403     int result = this->GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime);
404     reply.WriteInt32(result);
405 }
406 
ClearUserGrantedPermissionStateInner(MessageParcel & data,MessageParcel & reply)407 void AccessTokenManagerStub::ClearUserGrantedPermissionStateInner(MessageParcel& data, MessageParcel& reply)
408 {
409     uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
410     if (!IsPrivilegedCalling() &&
411         VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
412         HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT",
413             HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR,
414             "CALLER_TOKENID", callingTokenID);
415         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
416         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
417         return;
418     }
419     AccessTokenID tokenID = data.ReadUint32();
420     int result = this->ClearUserGrantedPermissionState(tokenID);
421     reply.WriteInt32(result);
422 }
423 
AllocHapTokenInner(MessageParcel & data,MessageParcel & reply)424 void AccessTokenManagerStub::AllocHapTokenInner(MessageParcel& data, MessageParcel& reply)
425 {
426     AccessTokenIDEx res = {0};
427     AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID();
428     if (!IsPrivilegedCalling() &&
429         (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) {
430         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", tokenID);
431         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
432         return;
433     }
434 
435     sptr<HapInfoParcel> hapInfoParcel = data.ReadParcelable<HapInfoParcel>();
436     sptr<HapPolicyParcel> hapPolicyParcel = data.ReadParcelable<HapPolicyParcel>();
437     if (hapInfoParcel == nullptr || hapPolicyParcel == nullptr) {
438         ACCESSTOKEN_LOG_ERROR(LABEL, "Read hapPolicyParcel or hapInfoParcel fail");
439         reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
440         return;
441     }
442     res = this->AllocHapToken(*hapInfoParcel, *hapPolicyParcel);
443     reply.WriteUint64(res.tokenIDEx);
444 }
445 
InitHapTokenInner(MessageParcel & data,MessageParcel & reply)446 void AccessTokenManagerStub::InitHapTokenInner(MessageParcel& data, MessageParcel& reply)
447 {
448     AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID();
449     if (!IsPrivilegedCalling() &&
450         (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) {
451         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", tokenID);
452         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
453         return;
454     }
455 
456     sptr<HapInfoParcel> hapInfoParcel = data.ReadParcelable<HapInfoParcel>();
457     sptr<HapPolicyParcel> hapPolicyParcel = data.ReadParcelable<HapPolicyParcel>();
458     if (hapInfoParcel == nullptr || hapPolicyParcel == nullptr) {
459         ACCESSTOKEN_LOG_ERROR(LABEL, "Read hapPolicyParcel or hapInfoParcel fail");
460         reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
461         return;
462     }
463     int32_t res;
464     AccessTokenIDEx fullTokenId = { 0 };
465     res = this->InitHapToken(*hapInfoParcel, *hapPolicyParcel, fullTokenId);
466     if (!reply.WriteInt32(res)) {
467         ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 fail");
468     }
469 
470     if (res != RET_SUCCESS) {
471         ACCESSTOKEN_LOG_ERROR(LABEL, "Res error %{public}d", res);
472         return;
473     }
474     reply.WriteUint64(fullTokenId.tokenIDEx);
475 }
476 
GetTokenTypeInner(MessageParcel & data,MessageParcel & reply)477 void AccessTokenManagerStub::GetTokenTypeInner(MessageParcel& data, MessageParcel& reply)
478 {
479     AccessTokenID tokenID = data.ReadUint32();
480     int result = this->GetTokenType(tokenID);
481     reply.WriteInt32(result);
482 }
483 
CheckNativeDCapInner(MessageParcel & data,MessageParcel & reply)484 void AccessTokenManagerStub::CheckNativeDCapInner(MessageParcel& data, MessageParcel& reply)
485 {
486     if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) {
487         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
488         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
489         return;
490     }
491     AccessTokenID tokenID = data.ReadUint32();
492     std::string dCap = data.ReadString();
493     int result = this->CheckNativeDCap(tokenID, dCap);
494     reply.WriteInt32(result);
495 }
496 
GetHapTokenIDInner(MessageParcel & data,MessageParcel & reply)497 void AccessTokenManagerStub::GetHapTokenIDInner(MessageParcel& data, MessageParcel& reply)
498 {
499     if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) {
500         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
501         reply.WriteInt32(INVALID_TOKENID);
502         return;
503     }
504     int userID = data.ReadInt32();
505     std::string bundleName = data.ReadString();
506     int instIndex = data.ReadInt32();
507     AccessTokenIDEx tokenIdEx = this->GetHapTokenID(userID, bundleName, instIndex);
508     reply.WriteUint64(tokenIdEx.tokenIDEx);
509 }
510 
AllocLocalTokenIDInner(MessageParcel & data,MessageParcel & reply)511 void AccessTokenManagerStub::AllocLocalTokenIDInner(MessageParcel& data, MessageParcel& reply)
512 {
513     if ((!IsNativeProcessCalling()) && !IsPrivilegedCalling()) {
514         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
515         reply.WriteInt32(INVALID_TOKENID);
516         return;
517     }
518     std::string remoteDeviceID = data.ReadString();
519     AccessTokenID remoteTokenID = data.ReadUint32();
520     AccessTokenID result = this->AllocLocalTokenID(remoteDeviceID, remoteTokenID);
521     reply.WriteUint32(result);
522 }
523 
UpdateHapTokenInner(MessageParcel & data,MessageParcel & reply)524 void AccessTokenManagerStub::UpdateHapTokenInner(MessageParcel& data, MessageParcel& reply)
525 {
526     AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID();
527     if (!IsPrivilegedCalling() &&
528         (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) {
529         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
530         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
531         return;
532     }
533     UpdateHapInfoParams info;
534     AccessTokenID tokenID = data.ReadUint32();
535     info.isSystemApp = data.ReadBool();
536     info.appIDDesc = data.ReadString();
537     info.apiVersion = data.ReadInt32();
538     info.appDistributionType = data.ReadString();
539     AccessTokenIDEx tokenIdEx;
540     tokenIdEx.tokenIdExStruct.tokenID = tokenID;
541     sptr<HapPolicyParcel> policyParcel = data.ReadParcelable<HapPolicyParcel>();
542     if (policyParcel == nullptr) {
543         ACCESSTOKEN_LOG_ERROR(LABEL, "PolicyParcel read faild");
544         reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
545         return;
546     }
547     int32_t result = this->UpdateHapToken(tokenIdEx, info, *policyParcel);
548     reply.WriteInt32(result);
549     reply.WriteUint32(tokenIdEx.tokenIdExStruct.tokenAttr);
550 }
551 
GetHapTokenInfoInner(MessageParcel & data,MessageParcel & reply)552 void AccessTokenManagerStub::GetHapTokenInfoInner(MessageParcel& data, MessageParcel& reply)
553 {
554     if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) {
555         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
556         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
557         return;
558     }
559     HapTokenInfoParcel hapTokenInfoParcel;
560     AccessTokenID tokenID = data.ReadUint32();
561     int result = this->GetHapTokenInfo(tokenID, hapTokenInfoParcel);
562     reply.WriteInt32(result);
563     if (result != RET_SUCCESS) {
564         return;
565     }
566     reply.WriteParcelable(&hapTokenInfoParcel);
567 }
568 
GetNativeTokenInfoInner(MessageParcel & data,MessageParcel & reply)569 void AccessTokenManagerStub::GetNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply)
570 {
571     if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) {
572         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
573         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
574         return;
575     }
576     AccessTokenID tokenID = data.ReadUint32();
577     NativeTokenInfoParcel nativeTokenInfoParcel;
578     int result = this->GetNativeTokenInfo(tokenID, nativeTokenInfoParcel);
579     reply.WriteInt32(result);
580     if (result != RET_SUCCESS) {
581         return;
582     }
583     reply.WriteParcelable(&nativeTokenInfoParcel);
584 }
585 
RegisterPermStateChangeCallbackInner(MessageParcel & data,MessageParcel & reply)586 void AccessTokenManagerStub::RegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply)
587 {
588     uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
589     if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
590         reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
591         return;
592     }
593     if (VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
594         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
595         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
596         return;
597     }
598     sptr<PermStateChangeScopeParcel> scopeParcel = data.ReadParcelable<PermStateChangeScopeParcel>();
599     if (scopeParcel == nullptr) {
600         ACCESSTOKEN_LOG_ERROR(LABEL, "Read scopeParcel fail");
601         reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
602         return;
603     }
604     sptr<IRemoteObject> callback = data.ReadRemoteObject();
605     if (callback == nullptr) {
606         ACCESSTOKEN_LOG_ERROR(LABEL, "Read callback fail");
607         reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
608         return;
609     }
610     int32_t result = this->RegisterPermStateChangeCallback(*scopeParcel, callback);
611     reply.WriteInt32(result);
612 }
613 
UnRegisterPermStateChangeCallbackInner(MessageParcel & data,MessageParcel & reply)614 void AccessTokenManagerStub::UnRegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply)
615 {
616     uint32_t callingToken = IPCSkeleton::GetCallingTokenID();
617     if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) {
618         reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
619         return;
620     }
621     if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
622         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingToken);
623         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
624         return;
625     }
626     sptr<IRemoteObject> callback = data.ReadRemoteObject();
627     if (callback == nullptr) {
628         ACCESSTOKEN_LOG_ERROR(LABEL, "Read callback fail");
629         reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
630         return;
631     }
632     int32_t result = this->UnRegisterPermStateChangeCallback(callback);
633     reply.WriteInt32(result);
634 }
635 
636 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
ReloadNativeTokenInfoInner(MessageParcel & data,MessageParcel & reply)637 void AccessTokenManagerStub::ReloadNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply)
638 {
639     if (!IsPrivilegedCalling()) {
640         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
641         reply.WriteUint32(AccessTokenError::ERR_PERMISSION_DENIED);
642         return;
643     }
644     int32_t result = this->ReloadNativeTokenInfo();
645     reply.WriteInt32(result);
646 }
647 #endif
648 
GetNativeTokenIdInner(MessageParcel & data,MessageParcel & reply)649 void AccessTokenManagerStub::GetNativeTokenIdInner(MessageParcel& data, MessageParcel& reply)
650 {
651     if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) {
652         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
653         reply.WriteUint32(INVALID_TOKENID);
654         return;
655     }
656     std::string processName;
657     if (!data.ReadString(processName)) {
658         ACCESSTOKEN_LOG_ERROR(LABEL, "ReadString fail, processName=%{public}s", processName.c_str());
659         return;
660     }
661     AccessTokenID result = this->GetNativeTokenId(processName);
662     reply.WriteUint32(result);
663 }
664 
665 #ifdef TOKEN_SYNC_ENABLE
GetHapTokenInfoFromRemoteInner(MessageParcel & data,MessageParcel & reply)666 void AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner(MessageParcel& data, MessageParcel& reply)
667 {
668     if (!IsAccessTokenCalling()) {
669         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
670         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
671         return;
672     }
673     AccessTokenID tokenID = data.ReadUint32();
674     HapTokenInfoForSyncParcel hapTokenParcel;
675 
676     int result = this->GetHapTokenInfoFromRemote(tokenID, hapTokenParcel);
677     reply.WriteInt32(result);
678     if (result != RET_SUCCESS) {
679         return;
680     }
681     reply.WriteParcelable(&hapTokenParcel);
682 }
683 
SetRemoteHapTokenInfoInner(MessageParcel & data,MessageParcel & reply)684 void AccessTokenManagerStub::SetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply)
685 {
686     if (!IsAccessTokenCalling()) {
687         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
688         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
689         return;
690     }
691     std::string deviceID = data.ReadString();
692     sptr<HapTokenInfoForSyncParcel> hapTokenParcel = data.ReadParcelable<HapTokenInfoForSyncParcel>();
693     if (hapTokenParcel == nullptr) {
694         ACCESSTOKEN_LOG_ERROR(LABEL, "HapTokenParcel read faild");
695         reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
696         return;
697     }
698     int result = this->SetRemoteHapTokenInfo(deviceID, *hapTokenParcel);
699     reply.WriteInt32(result);
700 }
701 
DeleteRemoteTokenInner(MessageParcel & data,MessageParcel & reply)702 void AccessTokenManagerStub::DeleteRemoteTokenInner(MessageParcel& data, MessageParcel& reply)
703 {
704     if (!IsAccessTokenCalling()) {
705         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
706         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
707         return;
708     }
709     std::string deviceID = data.ReadString();
710     AccessTokenID tokenID = data.ReadUint32();
711 
712     int result = this->DeleteRemoteToken(deviceID, tokenID);
713     reply.WriteInt32(result);
714 }
715 
GetRemoteNativeTokenIDInner(MessageParcel & data,MessageParcel & reply)716 void AccessTokenManagerStub::GetRemoteNativeTokenIDInner(MessageParcel& data, MessageParcel& reply)
717 {
718     if (!IsAccessTokenCalling()) {
719         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
720         reply.WriteInt32(INVALID_TOKENID);
721         return;
722     }
723     std::string deviceID = data.ReadString();
724     AccessTokenID tokenID = data.ReadUint32();
725 
726     AccessTokenID result = this->GetRemoteNativeTokenID(deviceID, tokenID);
727     reply.WriteUint32(result);
728 }
729 
DeleteRemoteDeviceTokensInner(MessageParcel & data,MessageParcel & reply)730 void AccessTokenManagerStub::DeleteRemoteDeviceTokensInner(MessageParcel& data, MessageParcel& reply)
731 {
732     if (!IsAccessTokenCalling()) {
733         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
734         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
735         return;
736     }
737     std::string deviceID = data.ReadString();
738 
739     int result = this->DeleteRemoteDeviceTokens(deviceID);
740     reply.WriteInt32(result);
741 }
742 
RegisterTokenSyncCallbackInner(MessageParcel & data,MessageParcel & reply)743 void AccessTokenManagerStub::RegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply)
744 {
745     if (!IsAccessTokenCalling()) {
746         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID());
747         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
748         return;
749     }
750 
751     sptr<IRemoteObject> callback = data.ReadRemoteObject();
752     if (callback == nullptr) {
753         ACCESSTOKEN_LOG_ERROR(LABEL, "Callback read failed.");
754         reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
755         return;
756     }
757     int32_t result = this->RegisterTokenSyncCallback(callback);
758     reply.WriteInt32(result);
759 }
760 
UnRegisterTokenSyncCallbackInner(MessageParcel & data,MessageParcel & reply)761 void AccessTokenManagerStub::UnRegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply)
762 {
763     if (!IsAccessTokenCalling()) {
764         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID());
765         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
766         return;
767     }
768 
769     int32_t result = this->UnRegisterTokenSyncCallback();
770     reply.WriteInt32(result);
771 }
772 #endif
773 
GetVersionInner(MessageParcel & data,MessageParcel & reply)774 void AccessTokenManagerStub::GetVersionInner(MessageParcel& data, MessageParcel& reply)
775 {
776     uint32_t callingToken = IPCSkeleton::GetCallingTokenID();
777     if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) {
778         reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
779         return;
780     }
781     uint32_t version;
782     int32_t result = this->GetVersion(version);
783     if (!reply.WriteInt32(result)) {
784         ACCESSTOKEN_LOG_ERROR(LABEL, "Write result failed.");
785     }
786     if (result != RET_SUCCESS) {
787         return;
788     }
789     if (!reply.WriteUint32(version)) {
790         ACCESSTOKEN_LOG_ERROR(LABEL, "Write Uint32 failed.");
791     }
792 }
793 
DumpTokenInfoInner(MessageParcel & data,MessageParcel & reply)794 void AccessTokenManagerStub::DumpTokenInfoInner(MessageParcel& data, MessageParcel& reply)
795 {
796     if (!IsShellProcessCalling()) {
797         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID());
798         reply.WriteString("");
799         return;
800     }
801     sptr<AtmToolsParamInfoParcel> infoParcel = data.ReadParcelable<AtmToolsParamInfoParcel>();
802     if (infoParcel == nullptr) {
803         ACCESSTOKEN_LOG_ERROR(LABEL, "Read infoParcel fail");
804         reply.WriteString("read infoParcel fail");
805         return;
806     }
807     std::string dumpInfo = "";
808     this->DumpTokenInfo(*infoParcel, dumpInfo);
809     if (!reply.SetDataCapacity(DUMP_CAPACITY_SIZE)) {
810         ACCESSTOKEN_LOG_WARN(LABEL, "SetDataCapacity failed");
811     }
812     if (!reply.WriteString(dumpInfo)) {
813         ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString failed");
814     }
815 }
816 
SetPermDialogCapInner(MessageParcel & data,MessageParcel & reply)817 void AccessTokenManagerStub::SetPermDialogCapInner(MessageParcel& data, MessageParcel& reply)
818 {
819     uint32_t callingToken = IPCSkeleton::GetCallingTokenID();
820     if (VerifyAccessToken(callingToken, DISABLE_PERMISSION_DIALOG) == PERMISSION_DENIED) {
821         ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingToken);
822         reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
823         return;
824     }
825 
826     sptr<HapBaseInfoParcel> hapBaseInfoParcel = data.ReadParcelable<HapBaseInfoParcel>();
827     if (hapBaseInfoParcel == nullptr) {
828         ACCESSTOKEN_LOG_ERROR(LABEL, "Read hapBaseInfoParcel fail");
829         reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
830         return;
831     }
832     bool enable = data.ReadBool();
833     int32_t res = this->SetPermDialogCap(*hapBaseInfoParcel, enable);
834     reply.WriteInt32(res);
835 }
836 
GetPermissionManagerInfoInner(MessageParcel & data,MessageParcel & reply)837 void AccessTokenManagerStub::GetPermissionManagerInfoInner(MessageParcel& data, MessageParcel& reply)
838 {
839     PermissionGrantInfoParcel infoParcel;
840     this->GetPermissionManagerInfo(infoParcel);
841     reply.WriteParcelable(&infoParcel);
842 }
843 
IsPrivilegedCalling() const844 bool AccessTokenManagerStub::IsPrivilegedCalling() const
845 {
846     // shell process is root in debug mode.
847 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
848     int32_t callingUid = IPCSkeleton::GetCallingUid();
849     return callingUid == ROOT_UID;
850 #else
851     return false;
852 #endif
853 }
854 
IsAccessTokenCalling()855 bool AccessTokenManagerStub::IsAccessTokenCalling()
856 {
857     uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID();
858     if (tokenSyncId_ == 0) {
859         tokenSyncId_ = this->GetNativeTokenId("token_sync_service");
860     }
861     return tokenCaller == tokenSyncId_;
862 }
863 
IsNativeProcessCalling()864 bool AccessTokenManagerStub::IsNativeProcessCalling()
865 {
866     AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
867     return this->GetTokenType(tokenCaller) == TOKEN_NATIVE;
868 }
869 
IsShellProcessCalling()870 bool AccessTokenManagerStub::IsShellProcessCalling()
871 {
872     AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
873     return this->GetTokenType(tokenCaller) == TOKEN_SHELL;
874 }
875 
IsSystemAppCalling() const876 bool AccessTokenManagerStub::IsSystemAppCalling() const
877 {
878     uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID();
879     return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId);
880 }
881 
882 #ifdef TOKEN_SYNC_ENABLE
SetTokenSyncFuncInMap()883 void AccessTokenManagerStub::SetTokenSyncFuncInMap()
884 {
885     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_HAP_TOKEN_FROM_REMOTE)] =
886         &AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner;
887     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::SET_REMOTE_HAP_TOKEN_INFO)] =
888         &AccessTokenManagerStub::SetRemoteHapTokenInfoInner;
889     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::DELETE_REMOTE_TOKEN_INFO)] =
890         &AccessTokenManagerStub::DeleteRemoteTokenInner;
891     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::DELETE_REMOTE_DEVICE_TOKEN)] =
892         &AccessTokenManagerStub::DeleteRemoteDeviceTokensInner;
893     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_NATIVE_REMOTE_TOKEN)] =
894         &AccessTokenManagerStub::GetRemoteNativeTokenIDInner;
895     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::REGISTER_TOKEN_SYNC_CALLBACK)] =
896         &AccessTokenManagerStub::RegisterTokenSyncCallbackInner;
897     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::UNREGISTER_TOKEN_SYNC_CALLBACK)] =
898         &AccessTokenManagerStub::UnRegisterTokenSyncCallbackInner;
899 }
900 #endif
901 
SetLocalTokenOpFuncInMap()902 void AccessTokenManagerStub::SetLocalTokenOpFuncInMap()
903 {
904     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::ALLOC_TOKEN_HAP)] =
905         &AccessTokenManagerStub::AllocHapTokenInner;
906     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::INIT_TOKEN_HAP)] =
907         &AccessTokenManagerStub::InitHapTokenInner;
908     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::TOKEN_DELETE)] =
909         &AccessTokenManagerStub::DeleteTokenInfoInner;
910     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_TOKEN_TYPE)] =
911         &AccessTokenManagerStub::GetTokenTypeInner;
912     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::CHECK_NATIVE_DCAP)] =
913         &AccessTokenManagerStub::CheckNativeDCapInner;
914     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_HAP_TOKEN_ID)] =
915         &AccessTokenManagerStub::GetHapTokenIDInner;
916     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::ALLOC_LOCAL_TOKEN_ID)] =
917         &AccessTokenManagerStub::AllocLocalTokenIDInner;
918     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_NATIVE_TOKENINFO)] =
919         &AccessTokenManagerStub::GetNativeTokenInfoInner;
920     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_HAP_TOKENINFO)] =
921         &AccessTokenManagerStub::GetHapTokenInfoInner;
922     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::UPDATE_HAP_TOKEN)] =
923         &AccessTokenManagerStub::UpdateHapTokenInner;
924 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
925     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::RELOAD_NATIVE_TOKEN_INFO)] =
926         &AccessTokenManagerStub::ReloadNativeTokenInfoInner;
927 #endif
928     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_NATIVE_TOKEN_ID)] =
929         &AccessTokenManagerStub::GetNativeTokenIdInner;
930     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::SET_PERM_DIALOG_CAPABILITY)] =
931         &AccessTokenManagerStub::SetPermDialogCapInner;
932     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_PERMISSION_MANAGER_INFO)] =
933         &AccessTokenManagerStub::GetPermissionManagerInfoInner;
934 }
935 
SetPermissionOpFuncInMap()936 void AccessTokenManagerStub::SetPermissionOpFuncInMap()
937 {
938     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_USER_GRANTED_PERMISSION_USED_TYPE)] =
939         &AccessTokenManagerStub::GetUserGrantedPermissionUsedTypeInner;
940     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN)] =
941         &AccessTokenManagerStub::VerifyAccessTokenInner;
942     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_DEF_PERMISSION)] =
943         &AccessTokenManagerStub::GetDefPermissionInner;
944     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_DEF_PERMISSIONS)] =
945         &AccessTokenManagerStub::GetDefPermissionsInner;
946     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_REQ_PERMISSIONS)] =
947         &AccessTokenManagerStub::GetReqPermissionsInner;
948     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_PERMISSION_FLAG)] =
949         &AccessTokenManagerStub::GetPermissionFlagInner;
950     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GRANT_PERMISSION)] =
951         &AccessTokenManagerStub::GrantPermissionInner;
952     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::REVOKE_PERMISSION)] =
953         &AccessTokenManagerStub::RevokePermissionInner;
954     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GRANT_PERMISSION_FOR_SPECIFIEDTIME)] =
955         &AccessTokenManagerStub::GrantPermissionForSpecifiedTimeInner;
956     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::CLEAR_USER_GRANT_PERMISSION)] =
957         &AccessTokenManagerStub::ClearUserGrantedPermissionStateInner;
958     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_PERMISSION_OPER_STATE)] =
959         &AccessTokenManagerStub::GetSelfPermissionsStateInner;
960     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_PERMISSIONS_STATUS)] =
961         &AccessTokenManagerStub::GetPermissionsStatusInner;
962     requestFuncMap_[
963         static_cast<uint32_t>(AccessTokenInterfaceCode::REGISTER_PERM_STATE_CHANGE_CALLBACK)] =
964         &AccessTokenManagerStub::RegisterPermStateChangeCallbackInner;
965     requestFuncMap_[
966         static_cast<uint32_t>(AccessTokenInterfaceCode::UNREGISTER_PERM_STATE_CHANGE_CALLBACK)] =
967         &AccessTokenManagerStub::UnRegisterPermStateChangeCallbackInner;
968     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::DUMP_TOKENINFO)] =
969         &AccessTokenManagerStub::DumpTokenInfoInner;
970     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_VERSION)] =
971         &AccessTokenManagerStub::GetVersionInner;
972     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::SET_PERMISSION_REQUEST_TOGGLE_STATUS)] =
973         &AccessTokenManagerStub::SetPermissionRequestToggleStatusInner;
974     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_PERMISSION_REQUEST_TOGGLE_STATUS)] =
975         &AccessTokenManagerStub::GetPermissionRequestToggleStatusInner;
976 }
977 
AccessTokenManagerStub()978 AccessTokenManagerStub::AccessTokenManagerStub()
979 {
980     SetPermissionOpFuncInMap();
981     SetLocalTokenOpFuncInMap();
982 #ifdef TOKEN_SYNC_ENABLE
983     SetTokenSyncFuncInMap();
984 #endif
985 }
986 
~AccessTokenManagerStub()987 AccessTokenManagerStub::~AccessTokenManagerStub()
988 {
989     requestFuncMap_.clear();
990 }
991 } // namespace AccessToken
992 } // namespace Security
993 } // namespace OHOS
994