1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accesstoken_kit.h"
17 #include <string>
18 #include <vector>
19 #include "accesstoken_dfx_define.h"
20 #include "accesstoken_log.h"
21 #include "access_token_error.h"
22 #include "accesstoken_manager_client.h"
23 #include "constant_common.h"
24 #include "data_validator.h"
25 #include "hap_token_info.h"
26 #include "permission_def.h"
27 #include "permission_map.h"
28 #include "perm_setproc.h"
29 #include "perm_state_change_callback_customize.h"
30 #include "tokenid_kit.h"
31 #include "token_setproc.h"
32
33 namespace OHOS {
34 namespace Security {
35 namespace AccessToken {
36 namespace {
37 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenKit"};
38 static const uint64_t TOKEN_ID_LOWMASK = 0xffffffff;
39 static const int INVALID_DLP_TOKEN_FLAG = -1;
40 static const int FIRSTCALLER_TOKENID_DEFAULT = 0;
41 } // namespace
42
GetUserGrantedPermissionUsedType(AccessTokenID tokenID,const std::string & permissionName)43 PermUsedTypeEnum AccessTokenKit::GetUserGrantedPermissionUsedType(
44 AccessTokenID tokenID, const std::string& permissionName)
45 {
46 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, permissionName=%{public}s.",
47 tokenID, permissionName.c_str());
48 if ((tokenID == INVALID_TOKENID) || (!DataValidator::IsPermissionNameValid(permissionName))) {
49 ACCESSTOKEN_LOG_ERROR(LABEL, "Input param failed.");
50 return PermUsedTypeEnum::INVALID_USED_TYPE;
51 }
52 return AccessTokenManagerClient::GetInstance().GetUserGrantedPermissionUsedType(tokenID, permissionName);
53 }
54
GrantPermissionForSpecifiedTime(AccessTokenID tokenID,const std::string & permissionName,uint32_t onceTime)55 int AccessTokenKit::GrantPermissionForSpecifiedTime(
56 AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime)
57 {
58 ACCESSTOKEN_LOG_INFO(LABEL, "TokenID=%{public}d, permissionName=%{public}s, onceTime=%{public}d.",
59 tokenID, permissionName.c_str(), onceTime);
60 if (tokenID == INVALID_TOKENID) {
61 ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid tokenID");
62 return AccessTokenError::ERR_PARAM_INVALID;
63 }
64 if (!DataValidator::IsPermissionNameValid(permissionName)) {
65 ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid permissionName");
66 return AccessTokenError::ERR_PARAM_INVALID;
67 }
68 return AccessTokenManagerClient::GetInstance().GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime);
69 }
70
AllocHapToken(const HapInfoParams & info,const HapPolicyParams & policy)71 AccessTokenIDEx AccessTokenKit::AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy)
72 {
73 AccessTokenIDEx res = {0};
74 ACCESSTOKEN_LOG_INFO(LABEL, "UserID: %{public}d, bundleName :%{public}s, \
75 permList: %{public}zu, stateList: %{public}zu",
76 info.userID, info.bundleName.c_str(), policy.permList.size(), policy.permStateList.size());
77 if ((!DataValidator::IsUserIdValid(info.userID)) || !DataValidator::IsAppIDDescValid(info.appIDDesc) ||
78 !DataValidator::IsBundleNameValid(info.bundleName) || !DataValidator::IsAplNumValid(policy.apl) ||
79 !DataValidator::IsDomainValid(policy.domain) || !DataValidator::IsDlpTypeValid(info.dlpType)) {
80 ACCESSTOKEN_LOG_ERROR(LABEL, "Input param failed");
81 return res;
82 }
83 return AccessTokenManagerClient::GetInstance().AllocHapToken(info, policy);
84 }
85
InitHapToken(const HapInfoParams & info,HapPolicyParams & policy,AccessTokenIDEx & fullTokenId)86 int32_t AccessTokenKit::InitHapToken(const HapInfoParams& info, HapPolicyParams& policy,
87 AccessTokenIDEx& fullTokenId)
88 {
89 ACCESSTOKEN_LOG_INFO(LABEL, "UserID: %{public}d, bundleName :%{public}s, \
90 permList: %{public}zu, stateList: %{public}zu",
91 info.userID, info.bundleName.c_str(), policy.permList.size(), policy.permStateList.size());
92 if ((!DataValidator::IsUserIdValid(info.userID)) || !DataValidator::IsAppIDDescValid(info.appIDDesc) ||
93 !DataValidator::IsBundleNameValid(info.bundleName) || !DataValidator::IsAplNumValid(policy.apl) ||
94 !DataValidator::IsDomainValid(policy.domain) || !DataValidator::IsDlpTypeValid(info.dlpType)) {
95 ACCESSTOKEN_LOG_ERROR(LABEL, "Input param failed");
96 return AccessTokenError::ERR_PARAM_INVALID;
97 }
98 return AccessTokenManagerClient::GetInstance().InitHapToken(info, policy, fullTokenId);
99 }
100
AllocLocalTokenID(const std::string & remoteDeviceID,AccessTokenID remoteTokenID)101 AccessTokenID AccessTokenKit::AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID)
102 {
103 ACCESSTOKEN_LOG_INFO(LABEL, "DeviceID=%{public}s, tokenID=%{public}d",
104 ConstantCommon::EncryptDevId(remoteDeviceID).c_str(), remoteTokenID);
105 #ifdef DEBUG_API_PERFORMANCE
106 ACCESSTOKEN_LOG_DEBUG(LABEL, "Api_performance:start call");
107 AccessTokenID resID = AccessTokenManagerClient::GetInstance().AllocLocalTokenID(remoteDeviceID, remoteTokenID);
108 ACCESSTOKEN_LOG_DEBUG(LABEL, "Api_performance:end call");
109 return resID;
110 #else
111 return AccessTokenManagerClient::GetInstance().AllocLocalTokenID(remoteDeviceID, remoteTokenID);
112 #endif
113 }
114
UpdateHapToken(AccessTokenIDEx & tokenIdEx,const UpdateHapInfoParams & info,const HapPolicyParams & policy)115 int32_t AccessTokenKit::UpdateHapToken(
116 AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, const HapPolicyParams& policy)
117 {
118 ACCESSTOKEN_LOG_INFO(LABEL, "TokenID: %{public}d, isSystemApp: %{public}d, \
119 permList: %{public}zu, stateList: %{public}zu",
120 tokenIdEx.tokenIdExStruct.tokenID, info.isSystemApp, policy.permList.size(), policy.permStateList.size());
121 if ((tokenIdEx.tokenIdExStruct.tokenID == INVALID_TOKENID) || (!DataValidator::IsAppIDDescValid(info.appIDDesc)) ||
122 (!DataValidator::IsAplNumValid(policy.apl))) {
123 ACCESSTOKEN_LOG_ERROR(LABEL, "Input param failed");
124 return AccessTokenError::ERR_PARAM_INVALID;
125 }
126 return AccessTokenManagerClient::GetInstance().UpdateHapToken(tokenIdEx, info, policy);
127 }
128
DeleteToken(AccessTokenID tokenID)129 int AccessTokenKit::DeleteToken(AccessTokenID tokenID)
130 {
131 ACCESSTOKEN_LOG_INFO(LABEL, "TokenID=%{public}d.", tokenID);
132 if (tokenID == INVALID_TOKENID) {
133 return AccessTokenError::ERR_PARAM_INVALID;
134 }
135 return AccessTokenManagerClient::GetInstance().DeleteToken(tokenID);
136 }
137
GetTokenType(AccessTokenID tokenID)138 ATokenTypeEnum AccessTokenKit::GetTokenType(AccessTokenID tokenID) __attribute__((no_sanitize("cfi")))
139 {
140 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", tokenID);
141 if (tokenID == INVALID_TOKENID) {
142 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid.");
143 return TOKEN_INVALID;
144 }
145 return AccessTokenManagerClient::GetInstance().GetTokenType(tokenID);
146 }
147
GetTokenTypeFlag(AccessTokenID tokenID)148 ATokenTypeEnum AccessTokenKit::GetTokenTypeFlag(AccessTokenID tokenID)
149 {
150 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", tokenID);
151 if (tokenID == INVALID_TOKENID) {
152 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid");
153 return TOKEN_INVALID;
154 }
155 AccessTokenIDInner *idInner = reinterpret_cast<AccessTokenIDInner *>(&tokenID);
156 return static_cast<ATokenTypeEnum>(idInner->type);
157 }
158
GetTokenType(FullTokenID tokenID)159 ATokenTypeEnum AccessTokenKit::GetTokenType(FullTokenID tokenID)
160 {
161 AccessTokenID id = tokenID & TOKEN_ID_LOWMASK;
162 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", id);
163 if (id == INVALID_TOKENID) {
164 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid");
165 return TOKEN_INVALID;
166 }
167 return AccessTokenManagerClient::GetInstance().GetTokenType(id);
168 }
169
GetTokenTypeFlag(FullTokenID tokenID)170 ATokenTypeEnum AccessTokenKit::GetTokenTypeFlag(FullTokenID tokenID)
171 {
172 AccessTokenID id = tokenID & TOKEN_ID_LOWMASK;
173 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", id);
174 if (id == INVALID_TOKENID) {
175 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid");
176 return TOKEN_INVALID;
177 }
178 AccessTokenIDInner *idInner = reinterpret_cast<AccessTokenIDInner *>(&id);
179 return static_cast<ATokenTypeEnum>(idInner->type);
180 }
181
CheckNativeDCap(AccessTokenID tokenID,const std::string & dcap)182 int AccessTokenKit::CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap)
183 {
184 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, dcap=%{public}s.", tokenID, dcap.c_str());
185 if (tokenID == INVALID_TOKENID) {
186 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid");
187 return AccessTokenError::ERR_PARAM_INVALID;
188 }
189 if (!DataValidator::IsDcapValid(dcap)) {
190 ACCESSTOKEN_LOG_ERROR(LABEL, "Dcap is invalid");
191 return AccessTokenError::ERR_PARAM_INVALID;
192 }
193 return AccessTokenManagerClient::GetInstance().CheckNativeDCap(tokenID, dcap);
194 }
195
GetHapTokenID(int32_t userID,const std::string & bundleName,int32_t instIndex)196 AccessTokenID AccessTokenKit::GetHapTokenID(
197 int32_t userID, const std::string& bundleName, int32_t instIndex) __attribute__((no_sanitize("cfi")))
198 {
199 ACCESSTOKEN_LOG_DEBUG(LABEL, "UserID=%{public}d, bundleName=%{public}s, instIndex=%{public}d.",
200 userID, bundleName.c_str(), instIndex);
201 if ((!DataValidator::IsUserIdValid(userID)) || (!DataValidator::IsBundleNameValid(bundleName))) {
202 ACCESSTOKEN_LOG_ERROR(LABEL, "Hap token param check failed");
203 return INVALID_TOKENID;
204 }
205 AccessTokenIDEx tokenIdEx =
206 AccessTokenManagerClient::GetInstance().GetHapTokenID(userID, bundleName, instIndex);
207 return tokenIdEx.tokenIdExStruct.tokenID;
208 }
209
GetHapTokenIDEx(int32_t userID,const std::string & bundleName,int32_t instIndex)210 AccessTokenIDEx AccessTokenKit::GetHapTokenIDEx(int32_t userID, const std::string& bundleName, int32_t instIndex)
211 {
212 AccessTokenIDEx tokenIdEx = {0};
213 ACCESSTOKEN_LOG_DEBUG(LABEL, "UserID=%{public}d, bundleName=%{public}s, instIndex=%{public}d.",
214 userID, bundleName.c_str(), instIndex);
215 if ((!DataValidator::IsUserIdValid(userID)) || (!DataValidator::IsBundleNameValid(bundleName))) {
216 ACCESSTOKEN_LOG_ERROR(LABEL, "Hap token param check failed");
217 return tokenIdEx;
218 }
219 return AccessTokenManagerClient::GetInstance().GetHapTokenID(userID, bundleName, instIndex);
220 }
221
GetHapTokenInfo(AccessTokenID tokenID,HapTokenInfo & hapTokenInfoRes)222 int AccessTokenKit::GetHapTokenInfo(
223 AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes) __attribute__((no_sanitize("cfi")))
224 {
225 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", tokenID);
226 if (GetTokenTypeFlag(tokenID) != TOKEN_HAP) {
227 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID =%{public}d is invalid", tokenID);
228 return AccessTokenError::ERR_PARAM_INVALID;
229 }
230
231 return AccessTokenManagerClient::GetInstance().GetHapTokenInfo(tokenID, hapTokenInfoRes);
232 }
233
GetNativeTokenInfo(AccessTokenID tokenID,NativeTokenInfo & nativeTokenInfoRes)234 int AccessTokenKit::GetNativeTokenInfo(
235 AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes) __attribute__((no_sanitize("cfi")))
236 {
237 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", tokenID);
238 if (GetTokenTypeFlag(tokenID) != TOKEN_NATIVE && GetTokenTypeFlag(tokenID) != TOKEN_SHELL) {
239 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID =%{public}d is invalid", tokenID);
240 return AccessTokenError::ERR_PARAM_INVALID;
241 }
242 return AccessTokenManagerClient::GetInstance().GetNativeTokenInfo(tokenID, nativeTokenInfoRes);
243 }
244
GetSelfPermissionsState(std::vector<PermissionListState> & permList,PermissionGrantInfo & info)245 PermissionOper AccessTokenKit::GetSelfPermissionsState(std::vector<PermissionListState>& permList,
246 PermissionGrantInfo& info)
247 {
248 ACCESSTOKEN_LOG_DEBUG(LABEL, "PermList.size=%{public}zu.", permList.size());
249 return AccessTokenManagerClient::GetInstance().GetSelfPermissionsState(permList, info);
250 }
251
GetPermissionsStatus(AccessTokenID tokenID,std::vector<PermissionListState> & permList)252 int32_t AccessTokenKit::GetPermissionsStatus(AccessTokenID tokenID, std::vector<PermissionListState>& permList)
253 {
254 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, permList.size=%{public}zu.", tokenID, permList.size());
255 if (tokenID == INVALID_TOKENID) {
256 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid");
257 return ERR_PARAM_INVALID;
258 }
259 return AccessTokenManagerClient::GetInstance().GetPermissionsStatus(tokenID, permList);
260 }
261
VerifyAccessToken(AccessTokenID tokenID,const std::string & permissionName,bool crossIpc)262 int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName, bool crossIpc)
263 {
264 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, permissionName=%{public}s, crossIpc=%{public}d.",
265 tokenID, permissionName.c_str(), crossIpc);
266 if (!DataValidator::IsPermissionNameValid(permissionName)) {
267 ACCESSTOKEN_LOG_ERROR(LABEL, "PermissionName is invalid");
268 return PERMISSION_DENIED;
269 }
270
271 uint32_t code;
272 if (crossIpc || !TransferPermissionToOpcode(permissionName, code)) {
273 return AccessTokenManagerClient::GetInstance().VerifyAccessToken(tokenID, permissionName);
274 }
275 bool isGranted = false;
276 int32_t ret = GetPermissionFromKernel(tokenID, code, isGranted);
277 if (ret != 0) {
278 return AccessTokenManagerClient::GetInstance().VerifyAccessToken(tokenID, permissionName);
279 }
280 return isGranted ? PERMISSION_GRANTED : PERMISSION_DENIED;
281 }
282
VerifyAccessToken(AccessTokenID callerTokenID,AccessTokenID firstTokenID,const std::string & permissionName,bool crossIpc)283 int AccessTokenKit::VerifyAccessToken(
284 AccessTokenID callerTokenID, AccessTokenID firstTokenID, const std::string& permissionName, bool crossIpc)
285 {
286 ACCESSTOKEN_LOG_DEBUG(LABEL, "CallerToken=%{public}d, firstToken=%{public}d, permissionName=%{public}s.",
287 callerTokenID, firstTokenID, permissionName.c_str());
288 int ret = AccessTokenKit::VerifyAccessToken(callerTokenID, permissionName, crossIpc);
289 if (ret != PERMISSION_GRANTED) {
290 return ret;
291 }
292 if (firstTokenID == FIRSTCALLER_TOKENID_DEFAULT) {
293 return ret;
294 }
295 return AccessTokenKit::VerifyAccessToken(firstTokenID, permissionName, crossIpc);
296 }
297
VerifyAccessToken(AccessTokenID tokenID,const std::string & permissionName)298 int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName)
299 {
300 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, permissionName=%{public}s.",
301 tokenID, permissionName.c_str());
302 uint32_t code;
303 if (!TransferPermissionToOpcode(permissionName, code)) {
304 return AccessTokenManagerClient::GetInstance().VerifyAccessToken(tokenID, permissionName);
305 }
306 bool isGranted = false;
307 int32_t ret = GetPermissionFromKernel(tokenID, code, isGranted);
308 if (ret != 0) {
309 return AccessTokenManagerClient::GetInstance().VerifyAccessToken(tokenID, permissionName);
310 }
311 return isGranted ? PERMISSION_GRANTED : PERMISSION_DENIED;
312 }
313
VerifyAccessToken(AccessTokenID callerTokenID,AccessTokenID firstTokenID,const std::string & permissionName)314 int AccessTokenKit::VerifyAccessToken(
315 AccessTokenID callerTokenID, AccessTokenID firstTokenID, const std::string& permissionName)
316 {
317 ACCESSTOKEN_LOG_DEBUG(LABEL, "CallerToken=%{public}d, firstToken=%{public}d, permissionName=%{public}s.",
318 callerTokenID, firstTokenID, permissionName.c_str());
319 int ret = AccessTokenKit::VerifyAccessToken(callerTokenID, permissionName);
320 if (ret != PERMISSION_GRANTED) {
321 return ret;
322 }
323 if (firstTokenID == FIRSTCALLER_TOKENID_DEFAULT) {
324 return ret;
325 }
326 return AccessTokenKit::VerifyAccessToken(firstTokenID, permissionName);
327 }
328
GetDefPermission(const std::string & permissionName,PermissionDef & permissionDefResult)329 int AccessTokenKit::GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult)
330 {
331 ACCESSTOKEN_LOG_DEBUG(LABEL, "PermissionName=%{public}s.", permissionName.c_str());
332 if (!DataValidator::IsPermissionNameValid(permissionName)) {
333 ACCESSTOKEN_LOG_ERROR(LABEL, "PermissionName is invalid");
334 return AccessTokenError::ERR_PARAM_INVALID;
335 }
336
337 int ret = AccessTokenManagerClient::GetInstance().GetDefPermission(permissionName, permissionDefResult);
338 ACCESSTOKEN_LOG_DEBUG(LABEL, "GetDefPermission bundleName = %{public}s", permissionDefResult.bundleName.c_str());
339
340 return ret;
341 }
342
GetDefPermissions(AccessTokenID tokenID,std::vector<PermissionDef> & permDefList)343 int AccessTokenKit::GetDefPermissions(
344 AccessTokenID tokenID, std::vector<PermissionDef>& permDefList) __attribute__((no_sanitize("cfi")))
345 {
346 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", tokenID);
347 if (tokenID == INVALID_TOKENID) {
348 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid");
349 return AccessTokenError::ERR_PARAM_INVALID;
350 }
351
352 return AccessTokenManagerClient::GetInstance().GetDefPermissions(tokenID, permDefList);
353 }
354
GetReqPermissions(AccessTokenID tokenID,std::vector<PermissionStateFull> & reqPermList,bool isSystemGrant)355 int AccessTokenKit::GetReqPermissions(
356 AccessTokenID tokenID, std::vector<PermissionStateFull>& reqPermList, bool isSystemGrant)
357 {
358 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, isSystemGrant=%{public}d.", tokenID, isSystemGrant);
359 if (tokenID == INVALID_TOKENID) {
360 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid");
361 return AccessTokenError::ERR_PARAM_INVALID;
362 }
363
364 return AccessTokenManagerClient::GetInstance().GetReqPermissions(tokenID, reqPermList, isSystemGrant);
365 }
366
GetPermissionFlag(AccessTokenID tokenID,const std::string & permissionName,uint32_t & flag)367 int AccessTokenKit::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag)
368 {
369 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, permissionName=%{public}s.",
370 tokenID, permissionName.c_str());
371 if (tokenID == INVALID_TOKENID) {
372 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid");
373 return AccessTokenError::ERR_PARAM_INVALID;
374 }
375 if (!DataValidator::IsPermissionNameValid(permissionName)) {
376 ACCESSTOKEN_LOG_ERROR(LABEL, "PermissionName is invalid");
377 return AccessTokenError::ERR_PARAM_INVALID;
378 }
379 return AccessTokenManagerClient::GetInstance().GetPermissionFlag(tokenID, permissionName, flag);
380 }
381
GrantPermission(AccessTokenID tokenID,const std::string & permissionName,uint32_t flag)382 int AccessTokenKit::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag)
383 {
384 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, permissionName=%{public}s, flag=%{public}d.",
385 tokenID, permissionName.c_str(), flag);
386 if (tokenID == INVALID_TOKENID) {
387 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid");
388 return AccessTokenError::ERR_PARAM_INVALID;
389 }
390 if (!DataValidator::IsPermissionNameValid(permissionName)) {
391 ACCESSTOKEN_LOG_ERROR(LABEL, "PermissionName is invalid");
392 return AccessTokenError::ERR_PARAM_INVALID;
393 }
394 if (!DataValidator::IsPermissionFlagValid(flag)) {
395 ACCESSTOKEN_LOG_ERROR(LABEL, "Flag is invalid");
396 return AccessTokenError::ERR_PARAM_INVALID;
397 }
398 return AccessTokenManagerClient::GetInstance().GrantPermission(tokenID, permissionName, flag);
399 }
400
RevokePermission(AccessTokenID tokenID,const std::string & permissionName,uint32_t flag)401 int AccessTokenKit::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag)
402 {
403 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, permissionName=%{public}s, flag=%{public}d.",
404 tokenID, permissionName.c_str(), flag);
405 if (tokenID == INVALID_TOKENID) {
406 ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid tokenID");
407 return AccessTokenError::ERR_PARAM_INVALID;
408 }
409 if (!DataValidator::IsPermissionNameValid(permissionName)) {
410 ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid permissionName");
411 return AccessTokenError::ERR_PARAM_INVALID;
412 }
413 if (!DataValidator::IsPermissionFlagValid(flag)) {
414 ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid flag");
415 return AccessTokenError::ERR_PARAM_INVALID;
416 }
417 return AccessTokenManagerClient::GetInstance().RevokePermission(tokenID, permissionName, flag);
418 }
419
ClearUserGrantedPermissionState(AccessTokenID tokenID)420 int AccessTokenKit::ClearUserGrantedPermissionState(AccessTokenID tokenID)
421 {
422 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", tokenID);
423 if (tokenID == INVALID_TOKENID) {
424 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid");
425 return AccessTokenError::ERR_PARAM_INVALID;
426 }
427 return AccessTokenManagerClient::GetInstance().ClearUserGrantedPermissionState(tokenID);
428 }
429
SetPermissionRequestToggleStatus(const std::string & permissionName,uint32_t status,int32_t userID=0)430 int32_t AccessTokenKit::SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status,
431 int32_t userID = 0)
432 {
433 ACCESSTOKEN_LOG_DEBUG(LABEL, "PermissionName=%{public}s, status=%{public}d, userID=%{public}d.",
434 permissionName.c_str(), status, userID);
435 if (!DataValidator::IsPermissionNameValid(permissionName)) {
436 ACCESSTOKEN_LOG_ERROR(LABEL, "PermissionName is invalid.");
437 return AccessTokenError::ERR_PARAM_INVALID;
438 }
439 if (!DataValidator::IsToggleStatusValid(status)) {
440 ACCESSTOKEN_LOG_ERROR(LABEL, "Toggle status is invalid.");
441 return AccessTokenError::ERR_PARAM_INVALID;
442 }
443 if (!DataValidator::IsUserIdValid(userID)) {
444 ACCESSTOKEN_LOG_ERROR(LABEL, "UserID is invalid.");
445 return AccessTokenError::ERR_PARAM_INVALID;
446 }
447 return AccessTokenManagerClient::GetInstance().SetPermissionRequestToggleStatus(permissionName, status, userID);
448 }
449
GetPermissionRequestToggleStatus(const std::string & permissionName,uint32_t & status,int32_t userID=0)450 int32_t AccessTokenKit::GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status,
451 int32_t userID = 0)
452 {
453 ACCESSTOKEN_LOG_DEBUG(LABEL, "PermissionName=%{public}s, userID=%{public}d.",
454 permissionName.c_str(), userID);
455 if (!DataValidator::IsPermissionNameValid(permissionName)) {
456 ACCESSTOKEN_LOG_ERROR(LABEL, "PermissionName is invalid.");
457 return AccessTokenError::ERR_PARAM_INVALID;
458 }
459 if (!DataValidator::IsUserIdValid(userID)) {
460 ACCESSTOKEN_LOG_ERROR(LABEL, "UserID is invalid.");
461 return AccessTokenError::ERR_PARAM_INVALID;
462 }
463 return AccessTokenManagerClient::GetInstance().GetPermissionRequestToggleStatus(permissionName, status, userID);
464 }
465
RegisterPermStateChangeCallback(const std::shared_ptr<PermStateChangeCallbackCustomize> & callback)466 int32_t AccessTokenKit::RegisterPermStateChangeCallback(
467 const std::shared_ptr<PermStateChangeCallbackCustomize>& callback)
468 {
469 ACCESSTOKEN_LOG_INFO(LABEL, "Called");
470 return AccessTokenManagerClient::GetInstance().RegisterPermStateChangeCallback(callback);
471 }
472
UnRegisterPermStateChangeCallback(const std::shared_ptr<PermStateChangeCallbackCustomize> & callback)473 int32_t AccessTokenKit::UnRegisterPermStateChangeCallback(
474 const std::shared_ptr<PermStateChangeCallbackCustomize>& callback)
475 {
476 ACCESSTOKEN_LOG_INFO(LABEL, "Called");
477 return AccessTokenManagerClient::GetInstance().UnRegisterPermStateChangeCallback(callback);
478 }
479
GetHapDlpFlag(AccessTokenID tokenID)480 int32_t AccessTokenKit::GetHapDlpFlag(AccessTokenID tokenID)
481 {
482 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", tokenID);
483 if (tokenID == INVALID_TOKENID) {
484 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid");
485 return INVALID_DLP_TOKEN_FLAG;
486 }
487 AccessTokenIDInner *idInner = reinterpret_cast<AccessTokenIDInner *>(&tokenID);
488 return static_cast<int32_t>(idInner->dlpFlag);
489 }
490
ReloadNativeTokenInfo()491 int32_t AccessTokenKit::ReloadNativeTokenInfo()
492 {
493 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
494 return AccessTokenManagerClient::GetInstance().ReloadNativeTokenInfo();
495 #else
496 return 0;
497 #endif
498 }
499
GetNativeTokenId(const std::string & processName)500 AccessTokenID AccessTokenKit::GetNativeTokenId(const std::string& processName)
501 {
502 if (!DataValidator::IsProcessNameValid(processName)) {
503 ACCESSTOKEN_LOG_ERROR(LABEL, "ProcessName is invalid, processName=%{public}s", processName.c_str());
504 return INVALID_TOKENID;
505 }
506 return AccessTokenManagerClient::GetInstance().GetNativeTokenId(processName);
507 }
508
509 #ifdef TOKEN_SYNC_ENABLE
GetHapTokenInfoFromRemote(AccessTokenID tokenID,HapTokenInfoForSync & hapSync)510 int AccessTokenKit::GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync)
511 {
512 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", tokenID);
513 if (tokenID == INVALID_TOKENID) {
514 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid");
515 return AccessTokenError::ERR_PARAM_INVALID;
516 }
517
518 return AccessTokenManagerClient::GetInstance().GetHapTokenInfoFromRemote(tokenID, hapSync);
519 }
520
SetRemoteHapTokenInfo(const std::string & deviceID,const HapTokenInfoForSync & hapSync)521 int AccessTokenKit::SetRemoteHapTokenInfo(const std::string& deviceID,
522 const HapTokenInfoForSync& hapSync)
523 {
524 ACCESSTOKEN_LOG_DEBUG(LABEL, "DeviceID=%{public}s, tokenID=%{public}d.",
525 ConstantCommon::EncryptDevId(deviceID).c_str(), hapSync.baseInfo.tokenID);
526 return AccessTokenManagerClient::GetInstance().SetRemoteHapTokenInfo(deviceID, hapSync);
527 }
528
DeleteRemoteToken(const std::string & deviceID,AccessTokenID tokenID)529 int AccessTokenKit::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID)
530 {
531 ACCESSTOKEN_LOG_DEBUG(LABEL, "DeviceID=%{public}s, tokenID=%{public}d.",
532 ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID);
533 return AccessTokenManagerClient::GetInstance().DeleteRemoteToken(deviceID, tokenID);
534 }
535
DeleteRemoteDeviceTokens(const std::string & deviceID)536 int AccessTokenKit::DeleteRemoteDeviceTokens(const std::string& deviceID)
537 {
538 ACCESSTOKEN_LOG_DEBUG(LABEL, "DeviceID=%{public}s.", ConstantCommon::EncryptDevId(deviceID).c_str());
539 return AccessTokenManagerClient::GetInstance().DeleteRemoteDeviceTokens(deviceID);
540 }
541
GetRemoteNativeTokenID(const std::string & deviceID,AccessTokenID tokenID)542 AccessTokenID AccessTokenKit::GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID)
543 {
544 ACCESSTOKEN_LOG_DEBUG(LABEL, "DeviceID=%{public}s., tokenID=%{public}d",
545 ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID);
546 return AccessTokenManagerClient::GetInstance().GetRemoteNativeTokenID(deviceID, tokenID);
547 }
548
RegisterTokenSyncCallback(const std::shared_ptr<TokenSyncKitInterface> & syncCallback)549 int32_t AccessTokenKit::RegisterTokenSyncCallback(const std::shared_ptr<TokenSyncKitInterface>& syncCallback)
550 {
551 ACCESSTOKEN_LOG_DEBUG(LABEL, "Call RegisterTokenSyncCallback.");
552 return AccessTokenManagerClient::GetInstance().RegisterTokenSyncCallback(syncCallback);
553 }
554
UnRegisterTokenSyncCallback()555 int32_t AccessTokenKit::UnRegisterTokenSyncCallback()
556 {
557 ACCESSTOKEN_LOG_DEBUG(LABEL, "Call UnRegisterTokenSyncCallback.");
558 return AccessTokenManagerClient::GetInstance().UnRegisterTokenSyncCallback();
559 }
560 #endif
561
DumpTokenInfo(const AtmToolsParamInfo & info,std::string & dumpInfo)562 void AccessTokenKit::DumpTokenInfo(const AtmToolsParamInfo& info, std::string& dumpInfo)
563 {
564 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, bundleName=%{public}s, processName=%{public}s.",
565 info.tokenId, info.bundleName.c_str(), info.processName.c_str());
566 AccessTokenManagerClient::GetInstance().DumpTokenInfo(info, dumpInfo);
567 }
568
GetVersion(uint32_t & version)569 int32_t AccessTokenKit::GetVersion(uint32_t& version)
570 {
571 return AccessTokenManagerClient::GetInstance().GetVersion(version);
572 }
573
SetPermDialogCap(const HapBaseInfo & hapBaseInfo,bool enable)574 int32_t AccessTokenKit::SetPermDialogCap(const HapBaseInfo& hapBaseInfo, bool enable)
575 {
576 return AccessTokenManagerClient::GetInstance().SetPermDialogCap(hapBaseInfo, enable);
577 }
578
GetPermissionManagerInfo(PermissionGrantInfo & info)579 void AccessTokenKit::GetPermissionManagerInfo(PermissionGrantInfo& info)
580 {
581 AccessTokenManagerClient::GetInstance().GetPermissionManagerInfo(info);
582 }
583 } // namespace AccessToken
584 } // namespace Security
585 } // namespace OHOS
586