1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "access_token_helper.h"
17 
18 #include "ans_log_wrapper.h"
19 #include "ans_permission_def.h"
20 #include "ipc_skeleton.h"
21 #include "parameters.h"
22 #include "tokenid_kit.h"
23 #include "notification_analytics_util.h"
24 
25 using namespace OHOS::Security::AccessToken;
26 
27 namespace OHOS {
28 namespace Notification {
29 namespace {
30 const std::string NOTIFICATION_ANS_CHECK_SA_PERMISSION = "notification.ces.check.sa.permission";
31 } // namespace
32 
33 std::string AccessTokenHelper::supportCheckSaPermission_ = "non-initilization";
34 
VerifyCallerPermission(const AccessTokenID & tokenCaller,const std::string & permission)35 bool AccessTokenHelper::VerifyCallerPermission(
36     const AccessTokenID &tokenCaller, const std::string &permission)
37 {
38     int result = AccessTokenKit::VerifyAccessToken(tokenCaller, permission);
39     return (result == PERMISSION_GRANTED);
40 }
41 
VerifyNativeToken(const AccessTokenID & callerToken)42 bool AccessTokenHelper::VerifyNativeToken(const AccessTokenID &callerToken)
43 {
44     ATokenTypeEnum tokenType = AccessTokenKit::GetTokenTypeFlag(callerToken);
45     return (tokenType == ATokenTypeEnum::TOKEN_NATIVE);
46 }
47 
IsSystemApp()48 bool AccessTokenHelper::IsSystemApp()
49 {
50     AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID();
51     ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(tokenId);
52     if (type == ATokenTypeEnum::TOKEN_HAP) {
53         uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID();
54         if (Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(fullTokenId)) {
55             return true;
56         }
57     }
58     return false;
59 }
60 
IsDlpHap(const AccessTokenID & callerToken)61 bool AccessTokenHelper::IsDlpHap(const AccessTokenID &callerToken)
62 {
63     ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(callerToken);
64     if (type == ATokenTypeEnum::TOKEN_HAP) {
65         HapTokenInfo info;
66         AccessTokenKit::GetHapTokenInfo(callerToken, info);
67         if (info.dlpType == DlpType::DLP_READ || info.dlpType == DlpType::DLP_FULL_CONTROL) {
68             return true;
69         }
70     }
71     return false;
72 }
73 
VerifyShellToken(const AccessTokenID & callerToken)74 bool AccessTokenHelper::VerifyShellToken(const AccessTokenID &callerToken)
75 {
76     ATokenTypeEnum tokenType = AccessTokenKit::GetTokenTypeFlag(callerToken);
77     return (tokenType == ATokenTypeEnum::TOKEN_SHELL);
78 }
79 
CheckPermission(const std::string & permission)80 bool AccessTokenHelper::CheckPermission(const std::string &permission)
81 {
82     ANS_LOGD("%{public}s", __FUNCTION__);
83     auto tokenCaller = IPCSkeleton::GetCallingTokenID();
84     int32_t callingUid = IPCSkeleton::GetCallingUid();
85     int32_t callingPid = IPCSkeleton::GetCallingPid();
86     bool result = VerifyCallerPermission(tokenCaller, permission);
87     if (!result) {
88         ANS_LOGE("CheckPermission failed %{public}s, %{public}d, %{public}d",
89             permission.c_str(), callingUid, callingPid);
90     }
91     return result;
92 }
93 }  // namespace Notification
94 }  // namespace OHOS
95