1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "token_sync_manager_stub.h"
17 
18 #include "accesstoken_log.h"
19 #include "access_token_error.h"
20 #include "hap_token_info_for_sync_parcel.h"
21 #include "ipc_skeleton.h"
22 #include "native_token_info_for_sync_parcel.h"
23 #include "string_ex.h"
24 
25 namespace OHOS {
26 namespace Security {
27 namespace AccessToken {
28 namespace {
29 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "TokenSyncManagerStub"};
30 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
31     static const int32_t ROOT_UID = 0;
32 #endif
33 }
34 
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)35 int32_t TokenSyncManagerStub::OnRemoteRequest(
36     uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option)
37 {
38     ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, code: %{public}d", __func__, code);
39     std::u16string descriptor = data.ReadInterfaceToken();
40     if (descriptor != ITokenSyncManager::GetDescriptor()) {
41         ACCESSTOKEN_LOG_ERROR(LABEL, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str());
42         return ERROR_IPC_REQUEST_FAIL;
43     }
44     switch (code) {
45         case static_cast<uint32_t>(TokenSyncInterfaceCode::GET_REMOTE_HAP_TOKEN_INFO):
46             GetRemoteHapTokenInfoInner(data, reply);
47             break;
48         case static_cast<uint32_t>(TokenSyncInterfaceCode::DELETE_REMOTE_HAP_TOKEN_INFO):
49             DeleteRemoteHapTokenInfoInner(data, reply);
50             break;
51         case static_cast<uint32_t>(TokenSyncInterfaceCode::UPDATE_REMOTE_HAP_TOKEN_INFO):
52             UpdateRemoteHapTokenInfoInner(data, reply);
53             break;
54         default:
55             return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
56     }
57     return NO_ERROR;
58 }
59 
IsNativeProcessCalling() const60 bool TokenSyncManagerStub::IsNativeProcessCalling() const
61 {
62     AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
63     uint32_t type = (reinterpret_cast<AccessTokenIDInner *>(&tokenCaller))->type;
64     ACCESSTOKEN_LOG_DEBUG(LABEL, "Calling type: %{public}d", type);
65     return type == TOKEN_NATIVE;
66 }
67 
IsRootCalling() const68 bool TokenSyncManagerStub::IsRootCalling() const
69 {
70 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
71     int callingUid = IPCSkeleton::GetCallingUid();
72     ACCESSTOKEN_LOG_DEBUG(LABEL, "Calling uid: %{public}d", callingUid);
73     return callingUid == ROOT_UID;
74 #else
75     return false;
76 #endif
77 }
78 
GetRemoteHapTokenInfoInner(MessageParcel & data,MessageParcel & reply)79 void TokenSyncManagerStub::GetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply)
80 {
81     if (!IsRootCalling() && !IsNativeProcessCalling()) {
82         ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, permission denied", __func__);
83         reply.WriteInt32(ERR_IDENTITY_CHECK_FAILED);
84         return;
85     }
86 
87     std::string deviceID = data.ReadString();
88     AccessTokenID tokenID = data.ReadUint32();
89 
90     HapTokenInfoForSync tokenInfo;
91     int result = this->GetRemoteHapTokenInfo(deviceID, tokenID);
92     reply.WriteInt32(result);
93 }
94 
DeleteRemoteHapTokenInfoInner(MessageParcel & data,MessageParcel & reply)95 void TokenSyncManagerStub::DeleteRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply)
96 {
97     if (!IsRootCalling() && !IsNativeProcessCalling()) {
98         ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, permission denied", __func__);
99         reply.WriteInt32(ERR_IDENTITY_CHECK_FAILED);
100         return;
101     }
102     AccessTokenID tokenID = data.ReadUint32();
103     int result = this->DeleteRemoteHapTokenInfo(tokenID);
104     reply.WriteInt32(result);
105 }
106 
UpdateRemoteHapTokenInfoInner(MessageParcel & data,MessageParcel & reply)107 void TokenSyncManagerStub::UpdateRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply)
108 {
109     if (!IsRootCalling() && !IsNativeProcessCalling()) {
110         ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, permission denied", __func__);
111         reply.WriteInt32(ERR_IDENTITY_CHECK_FAILED);
112         return;
113     }
114 
115     sptr<HapTokenInfoForSyncParcel> tokenInfoParcelPtr = data.ReadParcelable<HapTokenInfoForSyncParcel>();
116     int result = RET_FAILED;
117     if (tokenInfoParcelPtr != nullptr) {
118         result = this->UpdateRemoteHapTokenInfo(tokenInfoParcelPtr->hapTokenInfoForSyncParams);
119     }
120     reply.WriteInt32(result);
121 }
122 } // namespace AccessToken
123 } // namespace Security
124 } // namespace OHOS
125