1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "privacy_manager_stub.h"
17
18 #include "accesstoken_kit.h"
19 #include "accesstoken_log.h"
20 #include "ipc_skeleton.h"
21 #include "memory_guard.h"
22 #include "on_permission_used_record_callback_proxy.h"
23 #include "privacy_error.h"
24 #include "string_ex.h"
25 #include "tokenid_kit.h"
26 #ifdef HICOLLIE_ENABLE
27 #include "xcollie/xcollie.h"
28 #endif // HICOLLIE_ENABLE
29
30 namespace OHOS {
31 namespace Security {
32 namespace AccessToken {
33 namespace {
34 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
35 LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacyManagerStub"
36 };
37 static const uint32_t PERM_LIST_SIZE_MAX = 1024;
38 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
39 #ifdef HICOLLIE_ENABLE
40 static constexpr uint32_t TIMEOUT = 6; // 6s
41 #endif // HICOLLIE_ENABLE
42 #endif // SECURITY_COMPONENT_ENHANCE_ENABLE
43 constexpr const char* PERMISSION_USED_STATS = "ohos.permission.PERMISSION_USED_STATS";
44 constexpr const char* SET_FOREGROUND_HAP_REMINDER = "ohos.permission.SET_FOREGROUND_HAP_REMINDER";
45 }
46
PrivacyManagerStub()47 PrivacyManagerStub::PrivacyManagerStub()
48 {
49 SetPrivacyFuncInMap();
50 }
51
SetPrivacyFuncInMap()52 void PrivacyManagerStub::SetPrivacyFuncInMap()
53 {
54 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::ADD_PERMISSION_USED_RECORD)] =
55 &PrivacyManagerStub::AddPermissionUsedRecordInner;
56 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::START_USING_PERMISSION)] =
57 &PrivacyManagerStub::StartUsingPermissionInner;
58 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::START_USING_PERMISSION_CALLBACK)] =
59 &PrivacyManagerStub::StartUsingPermissionCallbackInner;
60 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::STOP_USING_PERMISSION)] =
61 &PrivacyManagerStub::StopUsingPermissionInner;
62 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::DELETE_PERMISSION_USED_RECORDS)] =
63 &PrivacyManagerStub::RemovePermissionUsedRecordsInner;
64 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORDS)] =
65 &PrivacyManagerStub::GetPermissionUsedRecordsInner;
66 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORDS_ASYNC)] =
67 &PrivacyManagerStub::GetPermissionUsedRecordsAsyncInner;
68 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::REGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK)] =
69 &PrivacyManagerStub::RegisterPermActiveStatusCallbackInner;
70 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::UNREGISTER_PERM_ACTIVE_STATUS_CHANGE_CALLBACK)] =
71 &PrivacyManagerStub::UnRegisterPermActiveStatusCallbackInner;
72 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::IS_ALLOWED_USING_PERMISSION)] =
73 &PrivacyManagerStub::IsAllowedUsingPermissionInner;
74 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
75 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::REGISTER_SEC_COMP_ENHANCE)] =
76 &PrivacyManagerStub::RegisterSecCompEnhanceInner;
77 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::UPDATE_SEC_COMP_ENHANCE)] =
78 &PrivacyManagerStub::UpdateSecCompEnhanceInner;
79 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::GET_SEC_COMP_ENHANCE)] =
80 &PrivacyManagerStub::GetSecCompEnhanceInner;
81 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::GET_SPECIAL_SEC_COMP_ENHANCE)] =
82 &PrivacyManagerStub::GetSpecialSecCompEnhanceInner;
83 #endif
84 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::GET_PERMISSION_USED_TYPE_INFOS)] =
85 &PrivacyManagerStub::GetPermissionUsedTypeInfosInner;
86 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::SET_MUTE_POLICY)] =
87 &PrivacyManagerStub::SetMutePolicyInner;
88 requestMap_[static_cast<uint32_t>(PrivacyInterfaceCode::SET_HAP_WITH_FOREGROUND_REMINDER)] =
89 &PrivacyManagerStub::SetHapWithFGReminderInner;
90 }
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)91 int32_t PrivacyManagerStub::OnRemoteRequest(
92 uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option)
93 {
94 MemoryGuard cacheGuard;
95 std::u16string descriptor = data.ReadInterfaceToken();
96 if (descriptor != IPrivacyManager::GetDescriptor()) {
97 ACCESSTOKEN_LOG_ERROR(LABEL, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str());
98 return ERROR_IPC_REQUEST_FAIL;
99 }
100
101 auto itFunc = requestMap_.find(code);
102 if (itFunc != requestMap_.end()) {
103 auto requestFunc = itFunc->second;
104 if (requestFunc != nullptr) {
105 (this->*requestFunc)(data, reply);
106 return NO_ERROR;
107 }
108 }
109
110 return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
111 }
112
AddPermissionUsedRecordInner(MessageParcel & data,MessageParcel & reply)113 void PrivacyManagerStub::AddPermissionUsedRecordInner(MessageParcel& data, MessageParcel& reply)
114 {
115 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
116 if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
117 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
118 return;
119 }
120 if (!VerifyPermission(PERMISSION_USED_STATS)) {
121 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
122 return;
123 }
124 sptr<AddPermParamInfoParcel> infoParcel = data.ReadParcelable<AddPermParamInfoParcel>();
125 if (infoParcel == nullptr) {
126 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable faild");
127 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
128 return;
129 }
130 reply.WriteInt32(this->AddPermissionUsedRecord(*infoParcel));
131 }
132
StartUsingPermissionInner(MessageParcel & data,MessageParcel & reply)133 void PrivacyManagerStub::StartUsingPermissionInner(MessageParcel& data, MessageParcel& reply)
134 {
135 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
136 if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
137 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
138 return;
139 }
140 if (!VerifyPermission(PERMISSION_USED_STATS)) {
141 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
142 return;
143 }
144 AccessTokenID tokenId = data.ReadUint32();
145 int32_t pid = data.ReadInt32();
146 std::string permissionName = data.ReadString();
147 reply.WriteInt32(this->StartUsingPermission(tokenId, pid, permissionName));
148 }
149
StartUsingPermissionCallbackInner(MessageParcel & data,MessageParcel & reply)150 void PrivacyManagerStub::StartUsingPermissionCallbackInner(MessageParcel& data, MessageParcel& reply)
151 {
152 if (!VerifyPermission(PERMISSION_USED_STATS)) {
153 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
154 return;
155 }
156 AccessTokenID tokenId = data.ReadUint32();
157 int32_t pid = data.ReadInt32();
158 std::string permissionName = data.ReadString();
159 sptr<IRemoteObject> callback = data.ReadRemoteObject();
160 if (callback == nullptr) {
161 ACCESSTOKEN_LOG_ERROR(LABEL, "Read ReadRemoteObject fail");
162 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
163 return;
164 }
165 reply.WriteInt32(this->StartUsingPermission(tokenId, pid, permissionName, callback));
166 }
167
StopUsingPermissionInner(MessageParcel & data,MessageParcel & reply)168 void PrivacyManagerStub::StopUsingPermissionInner(MessageParcel& data, MessageParcel& reply)
169 {
170 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
171 if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
172 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
173 return;
174 }
175 if (!VerifyPermission(PERMISSION_USED_STATS)) {
176 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
177 return;
178 }
179 AccessTokenID tokenId = data.ReadUint32();
180 int32_t pid = data.ReadInt32();
181 std::string permissionName = data.ReadString();
182 reply.WriteInt32(this->StopUsingPermission(tokenId, pid, permissionName));
183 }
184
RemovePermissionUsedRecordsInner(MessageParcel & data,MessageParcel & reply)185 void PrivacyManagerStub::RemovePermissionUsedRecordsInner(MessageParcel& data, MessageParcel& reply)
186 {
187 if (!IsAccessTokenCalling() && !VerifyPermission(PERMISSION_USED_STATS)) {
188 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
189 return;
190 }
191
192 AccessTokenID tokenId = data.ReadUint32();
193 std::string deviceID = data.ReadString();
194 reply.WriteInt32(this->RemovePermissionUsedRecords(tokenId, deviceID));
195 }
196
GetPermissionUsedRecordsInner(MessageParcel & data,MessageParcel & reply)197 void PrivacyManagerStub::GetPermissionUsedRecordsInner(MessageParcel& data, MessageParcel& reply)
198 {
199 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
200 if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
201 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
202 return;
203 }
204 PermissionUsedResultParcel responseParcel;
205 if (!VerifyPermission(PERMISSION_USED_STATS)) {
206 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
207 return;
208 }
209 sptr<PermissionUsedRequestParcel> requestParcel = data.ReadParcelable<PermissionUsedRequestParcel>();
210 if (requestParcel == nullptr) {
211 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable faild");
212 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
213 return;
214 }
215 int32_t result = this->GetPermissionUsedRecords(*requestParcel, responseParcel);
216 reply.WriteInt32(result);
217 if (result != RET_SUCCESS) {
218 ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 faild");
219 return;
220 }
221 reply.WriteParcelable(&responseParcel);
222 }
223
GetPermissionUsedRecordsAsyncInner(MessageParcel & data,MessageParcel & reply)224 void PrivacyManagerStub::GetPermissionUsedRecordsAsyncInner(MessageParcel& data, MessageParcel& reply)
225 {
226 if (!VerifyPermission(PERMISSION_USED_STATS)) {
227 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
228 return;
229 }
230 sptr<PermissionUsedRequestParcel> requestParcel = data.ReadParcelable<PermissionUsedRequestParcel>();
231 if (requestParcel == nullptr) {
232 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable failed");
233 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
234 return;
235 }
236 sptr<OnPermissionUsedRecordCallback> callback = new OnPermissionUsedRecordCallbackProxy(data.ReadRemoteObject());
237 if (callback == nullptr) {
238 ACCESSTOKEN_LOG_ERROR(LABEL, "Callback is null");
239 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
240 return;
241 }
242 reply.WriteInt32(this->GetPermissionUsedRecords(*requestParcel, callback));
243 }
244
RegisterPermActiveStatusCallbackInner(MessageParcel & data,MessageParcel & reply)245 void PrivacyManagerStub::RegisterPermActiveStatusCallbackInner(MessageParcel& data, MessageParcel& reply)
246 {
247 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
248 if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
249 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
250 return;
251 }
252 if (!VerifyPermission(PERMISSION_USED_STATS)) {
253 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
254 return;
255 }
256 uint32_t permListSize = data.ReadUint32();
257 if (permListSize > PERM_LIST_SIZE_MAX) {
258 ACCESSTOKEN_LOG_ERROR(LABEL, "Read permListSize fail");
259 reply.WriteInt32(PrivacyError::ERR_OVERSIZE);
260 return;
261 }
262 std::vector<std::string> permList;
263 for (uint32_t i = 0; i < permListSize; i++) {
264 std::string perm = data.ReadString();
265 permList.emplace_back(perm);
266 }
267 sptr<IRemoteObject> callback = data.ReadRemoteObject();
268 if (callback == nullptr) {
269 ACCESSTOKEN_LOG_ERROR(LABEL, "Read ReadRemoteObject fail");
270 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
271 return;
272 }
273 reply.WriteInt32(this->RegisterPermActiveStatusCallback(permList, callback));
274 }
275
UnRegisterPermActiveStatusCallbackInner(MessageParcel & data,MessageParcel & reply)276 void PrivacyManagerStub::UnRegisterPermActiveStatusCallbackInner(MessageParcel& data, MessageParcel& reply)
277 {
278 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
279 if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
280 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
281 return;
282 }
283 if (!VerifyPermission(PERMISSION_USED_STATS)) {
284 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
285 return;
286 }
287 sptr<IRemoteObject> callback = data.ReadRemoteObject();
288 if (callback == nullptr) {
289 ACCESSTOKEN_LOG_ERROR(LABEL, "Read scopeParcel fail");
290 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
291 return;
292 }
293 reply.WriteInt32(this->UnRegisterPermActiveStatusCallback(callback));
294 }
295
IsAllowedUsingPermissionInner(MessageParcel & data,MessageParcel & reply)296 void PrivacyManagerStub::IsAllowedUsingPermissionInner(MessageParcel& data, MessageParcel& reply)
297 {
298 if (!VerifyPermission(PERMISSION_USED_STATS)) {
299 reply.WriteBool(false);
300 return;
301 }
302 AccessTokenID tokenId = data.ReadUint32();
303
304 std::string permissionName = data.ReadString();
305 bool result = this->IsAllowedUsingPermission(tokenId, permissionName);
306 if (!reply.WriteBool(result)) {
307 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteBool(%{public}s)", permissionName.c_str());
308 reply.WriteBool(false);
309 return;
310 }
311 }
312
313 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
RegisterSecCompEnhanceInner(MessageParcel & data,MessageParcel & reply)314 void PrivacyManagerStub::RegisterSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply)
315 {
316 #ifdef HICOLLIE_ENABLE
317 std::string name = "PrivacyTimer";
318 int timerId = HiviewDFX::XCollie::GetInstance().SetTimer(name, TIMEOUT, nullptr, nullptr,
319 HiviewDFX::XCOLLIE_FLAG_LOG);
320 #endif // HICOLLIE_ENABLE
321
322 sptr<SecCompEnhanceDataParcel> requestParcel = data.ReadParcelable<SecCompEnhanceDataParcel>();
323 if (requestParcel == nullptr) {
324 ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable faild");
325 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
326
327 #ifdef HICOLLIE_ENABLE
328 HiviewDFX::XCollie::GetInstance().CancelTimer(timerId);
329 #endif // HICOLLIE_ENABLE
330
331 return;
332 }
333 reply.WriteInt32(this->RegisterSecCompEnhance(*requestParcel));
334
335 #ifdef HICOLLIE_ENABLE
336 HiviewDFX::XCollie::GetInstance().CancelTimer(timerId);
337 #endif // HICOLLIE_ENABLE
338 }
339
UpdateSecCompEnhanceInner(MessageParcel & data,MessageParcel & reply)340 void PrivacyManagerStub::UpdateSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply)
341 {
342 if (!IsSecCompServiceCalling()) {
343 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
344 return;
345 }
346
347 int32_t pid = data.ReadInt32();
348 uint32_t seqNum = data.ReadUint32();
349 reply.WriteInt32(this->UpdateSecCompEnhance(pid, seqNum));
350 }
351
GetSecCompEnhanceInner(MessageParcel & data,MessageParcel & reply)352 void PrivacyManagerStub::GetSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply)
353 {
354 if (!IsSecCompServiceCalling()) {
355 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
356 return;
357 }
358
359 int32_t pid = data.ReadInt32();
360 SecCompEnhanceDataParcel parcel;
361 int32_t result = this->GetSecCompEnhance(pid, parcel);
362 reply.WriteInt32(result);
363 if (result != RET_SUCCESS) {
364 return;
365 }
366
367 reply.WriteParcelable(&parcel);
368 }
369
GetSpecialSecCompEnhanceInner(MessageParcel & data,MessageParcel & reply)370 void PrivacyManagerStub::GetSpecialSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply)
371 {
372 if (!IsSecCompServiceCalling()) {
373 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
374 return;
375 }
376
377 std::string bundleName = data.ReadString();
378 std::vector<SecCompEnhanceDataParcel> parcelList;
379 int32_t result = this->GetSpecialSecCompEnhance(bundleName, parcelList);
380 reply.WriteInt32(result);
381 if (result != RET_SUCCESS) {
382 return;
383 }
384 reply.WriteUint32(parcelList.size());
385 for (const auto& parcel : parcelList) {
386 reply.WriteParcelable(&parcel);
387 }
388 }
389
IsSecCompServiceCalling()390 bool PrivacyManagerStub::IsSecCompServiceCalling()
391 {
392 uint32_t tokenCaller = IPCSkeleton::GetCallingTokenID();
393 if (secCompTokenId_ == 0) {
394 secCompTokenId_ = AccessTokenKit::GetNativeTokenId("security_component_service");
395 }
396 return tokenCaller == secCompTokenId_;
397 }
398 #endif
399
GetPermissionUsedTypeInfosInner(MessageParcel & data,MessageParcel & reply)400 void PrivacyManagerStub::GetPermissionUsedTypeInfosInner(MessageParcel& data, MessageParcel& reply)
401 {
402 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
403 if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
404 reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP);
405 return;
406 }
407 if (!VerifyPermission(PERMISSION_USED_STATS)) {
408 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
409 return;
410 }
411 AccessTokenID tokenId = data.ReadUint32();
412 std::string permissionName = data.ReadString();
413 std::vector<PermissionUsedTypeInfoParcel> resultsParcel;
414 int32_t result = this->GetPermissionUsedTypeInfos(tokenId, permissionName, resultsParcel);
415 if (!reply.WriteInt32(result)) {
416 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteInt32(%{public}d-%{public}s)", tokenId, permissionName.c_str());
417 return;
418 }
419 reply.WriteUint32(resultsParcel.size());
420 for (const auto& parcel : resultsParcel) {
421 reply.WriteParcelable(&parcel);
422 }
423 }
424
SetMutePolicyInner(MessageParcel & data,MessageParcel & reply)425 void PrivacyManagerStub::SetMutePolicyInner(MessageParcel& data, MessageParcel& reply)
426 {
427 if (!VerifyPermission(PERMISSION_USED_STATS)) {
428 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
429 return;
430 }
431 uint32_t policyType;
432 if (!data.ReadUint32(policyType)) {
433 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read policyType.");
434 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
435 return;
436 }
437 uint32_t callerType;
438 if (!data.ReadUint32(callerType)) {
439 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read callerType.");
440 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
441 return;
442 }
443 bool isMute;
444 if (!data.ReadBool(isMute)) {
445 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read isMute.");
446 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
447 return;
448 }
449
450 int32_t result = this->SetMutePolicy(policyType, callerType, isMute);
451 if (!reply.WriteInt32(result)) {
452 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteInt32.");
453 return;
454 }
455 }
456
SetHapWithFGReminderInner(MessageParcel & data,MessageParcel & reply)457 void PrivacyManagerStub::SetHapWithFGReminderInner(MessageParcel& data, MessageParcel& reply)
458 {
459 if (!VerifyPermission(SET_FOREGROUND_HAP_REMINDER)) {
460 reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED);
461 return;
462 }
463 uint32_t tokenId;
464 if (!data.ReadUint32(tokenId)) {
465 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read tokenId.");
466 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
467 return;
468 }
469 bool isAllowed;
470 if (!data.ReadBool(isAllowed)) {
471 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read isAllowed.");
472 reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED);
473 return;
474 }
475
476 int32_t result = this->SetHapWithFGReminder(tokenId, isAllowed);
477 if (!reply.WriteInt32(result)) {
478 ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteInt32.");
479 return;
480 }
481 }
482
IsAccessTokenCalling() const483 bool PrivacyManagerStub::IsAccessTokenCalling() const
484 {
485 int32_t callingUid = IPCSkeleton::GetCallingUid();
486 return callingUid == ACCESSTOKEN_UID;
487 }
488
IsSystemAppCalling() const489 bool PrivacyManagerStub::IsSystemAppCalling() const
490 {
491 uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID();
492 return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId);
493 }
494
VerifyPermission(const std::string & permission) const495 bool PrivacyManagerStub::VerifyPermission(const std::string& permission) const
496 {
497 uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
498 if (AccessTokenKit::VerifyAccessToken(callingTokenID, permission) == PERMISSION_DENIED) {
499 ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(callingTokenID=%{public}d)", callingTokenID);
500 return false;
501 }
502 return true;
503 }
504 } // namespace AccessToken
505 } // namespace Security
506 } // namespace OHOS
507