1 /*
2  * Copyright (C) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "permission_helper.h"
17 #include "permission_utils.h"
18 #include "accesstoken_kit.h"
19 #include "ipc_skeleton.h"
20 #include "log.h"
21 
22 namespace OHOS {
23 namespace bluetooth {
24 using namespace OHOS;
25 using namespace Security::AccessToken;
26 
VerifyPermission(const std::string & permissionName,const int & pid,const int & uid)27 int PermissionHelper::VerifyPermission(const std::string &permissionName, const int &pid, const int &uid)
28 {
29     auto callerToken = IPCSkeleton::GetCallingTokenID();
30     int result;
31 
32     if (Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken) == TOKEN_NATIVE) {
33         result = Security::AccessToken::PermissionState::PERMISSION_GRANTED;
34     } else if (Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken) == TOKEN_SHELL) {
35         result = Security::AccessToken::PermissionState::PERMISSION_GRANTED;
36     } else if (Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken) == TOKEN_HAP) {
37         result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName);
38     } else {
39         LOG_INFO("callerToken=0x%{public}x is invalid token", pid);
40         return PERMISSION_DENIED;
41     }
42     if (result == Security::AccessToken::PermissionState::PERMISSION_GRANTED) {
43         return PERMISSION_GRANTED;
44     } else {
45         LOG_INFO("callerToken=0x%{public}x has no permission_name=%{public}s", pid, permissionName.c_str());
46         return PERMISSION_DENIED;
47     }
48 }
49 
VerifyPermission(const std::string & permissionName,const std::uint32_t & callerToken)50 int PermissionHelper::VerifyPermission(const std::string &permissionName, const std::uint32_t &callerToken)
51 {
52     auto  pid = IPCSkeleton::GetCallingPid();
53     int result;
54 
55     if (Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken) == TOKEN_NATIVE) {
56         result = Security::AccessToken::PermissionState::PERMISSION_GRANTED;
57     } else if (Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken) == TOKEN_SHELL) {
58         result = Security::AccessToken::PermissionState::PERMISSION_GRANTED;
59     } else if (Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken) == TOKEN_HAP) {
60         result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName);
61     } else {
62         LOG_INFO("callerToken=0x%{public}x is invalid token", pid);
63         return PERMISSION_DENIED;
64     }
65     if (result == Security::AccessToken::PermissionState::PERMISSION_GRANTED) {
66         return PERMISSION_GRANTED;
67     } else {
68         LOG_INFO("callerToken=0x%{public}x has no permission_name=%{public}s", pid, permissionName.c_str());
69         return PERMISSION_DENIED;
70     }
71 }
72 
VerifyUseBluetoothPermission(const int & pid,const int & uid)73 int PermissionHelper::VerifyUseBluetoothPermission(const int &pid, const int &uid)
74 {
75     if (VerifyPermission("ohos.permission.USE_BLUETOOTH", pid, uid) == PERMISSION_DENIED) {
76         return PERMISSION_DENIED;
77     }
78 
79     return PERMISSION_GRANTED;
80 }
81 
VerifyDiscoverBluetoothPermission(const int & pid,const int & uid)82 int PermissionHelper::VerifyDiscoverBluetoothPermission(const int &pid, const int &uid)
83 {
84     if (VerifyPermission("ohos.permission.DISCOVER_BLUETOOTH", pid, uid) == PERMISSION_DENIED) {
85         return PERMISSION_DENIED;
86     }
87 
88     return PERMISSION_GRANTED;
89 }
90 
VerifyManageBluetoothPermission(const int & pid,const int & uid)91 int PermissionHelper::VerifyManageBluetoothPermission(const int &pid, const int &uid)
92 {
93     if (VerifyPermission("ohos.permission.MANAGE_BLUETOOTH", pid, uid) == PERMISSION_DENIED) {
94         return PERMISSION_DENIED;
95     }
96 
97     return PERMISSION_GRANTED;
98 }
99 
VerifyLocationPermission(const int & pid,const int & uid)100 int PermissionHelper::VerifyLocationPermission(const int &pid, const int &uid)
101 {
102     if (VerifyPermission("ohos.permission.LOCATION", pid, uid) == PERMISSION_DENIED) {
103         return PERMISSION_DENIED;
104     }
105 
106     return PERMISSION_GRANTED;
107 }
108 
VerifyApproximatelyPermission(const int & pid,const int & uid)109 int PermissionHelper::VerifyApproximatelyPermission(const int &pid, const int &uid)
110 {
111     if (VerifyPermission("ohos.permission.APPROXIMATELY_LOCATION", pid, uid) == PERMISSION_DENIED) {
112         return PERMISSION_DENIED;
113     }
114 
115     return PERMISSION_GRANTED;
116 }
117 
VerifyAccessBluetoothPermission(const int & pid,const int & uid)118 int PermissionHelper::VerifyAccessBluetoothPermission(const int &pid, const int &uid)
119 {
120     HapTokenInfo hapTokenInfo;
121     auto callerToken = IPCSkeleton::GetCallingTokenID();
122     if (Security::AccessToken::AccessTokenKit::GetHapTokenInfo(callerToken, hapTokenInfo) == RET_SUCCESS) {
123         if (PermissionUtils::CheckSystemHapApp() &&
124             (hapTokenInfo.bundleName == "com.ohos.settings" || hapTokenInfo.bundleName == "com.ohos.systemui")) {
125             return PERMISSION_GRANTED;
126         }
127     }
128     if (VerifyPermission("ohos.permission.ACCESS_BLUETOOTH", pid, uid) == PERMISSION_DENIED) {
129         return PERMISSION_DENIED;
130     }
131 
132     return PERMISSION_GRANTED;
133 }
134 
VerifyGetBluetoothLocalMacPermission(const int & pid,const int & uid)135 int PermissionHelper::VerifyGetBluetoothLocalMacPermission(const int &pid, const int &uid)
136 {
137     if (VerifyPermission("ohos.permission.GET_BLUETOOTH_LOCAL_MAC", pid, uid) == PERMISSION_DENIED) {
138         return PERMISSION_DENIED;
139     }
140 
141     return PERMISSION_GRANTED;
142 }
143 
VerifyUseBluetoothPermission(const std::uint32_t & tokenID)144 int PermissionHelper::VerifyUseBluetoothPermission(const std::uint32_t  &tokenID)
145 {
146     if (VerifyPermission("ohos.permission.USE_BLUETOOTH", tokenID) == PERMISSION_DENIED) {
147         return PERMISSION_DENIED;
148     }
149 
150     return PERMISSION_GRANTED;
151 }
152 
VerifyDiscoverBluetoothPermission(const std::uint32_t & tokenID)153 int PermissionHelper::VerifyDiscoverBluetoothPermission(const std::uint32_t  &tokenID)
154 {
155     if (VerifyPermission("ohos.permission.DISCOVER_BLUETOOTH", tokenID) == PERMISSION_DENIED) {
156         return PERMISSION_DENIED;
157     }
158 
159     return PERMISSION_GRANTED;
160 }
161 }  // namespace bluetooth
162 }  // namespace OHOS
163