* Copyright (c) 2022-2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "permission.h"
#include "accesstoken_kit.h"
#include "ipc_skeleton.h"
#include "tokenid_kit.h"
#include "power_log.h"
using namespace OHOS;
using namespace OHOS::Security::AccessToken;
namespace OHOS {
namespace PowerMgr {
bool Permission::IsHap()
{
AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID();
pid_t pid = IPCSkeleton::GetCallingPid();
pid_t uid = IPCSkeleton::GetCallingUid();
ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(tokenId);
POWER_HILOGD(COMP_UTILS, "checking is hap calling, type=%{public}d, pid=%{public}d, uid=%{public}d",
static_cast<int32_t>(type), pid, uid);
switch (type) {
case ATokenTypeEnum::TOKEN_HAP:
return true;
case ATokenTypeEnum::TOKEN_NATIVE:
case ATokenTypeEnum::TOKEN_SHELL:
case ATokenTypeEnum::TOKEN_INVALID:
case ATokenTypeEnum::TOKEN_TYPE_BUTT:
return false;
default:
break;
}
return false;
}
bool Permission::IsSystem()
{
AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID();
pid_t pid = IPCSkeleton::GetCallingPid();
pid_t uid = IPCSkeleton::GetCallingUid();
ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(tokenId);
POWER_HILOGD(COMP_UTILS, "checking system permission, type=%{public}d, pid=%{public}d, uid=%{public}d",
static_cast<int32_t>(type), pid, uid);
bool result = false;
switch (type) {
case ATokenTypeEnum::TOKEN_HAP:
result = TokenIdKit::IsSystemAppByFullTokenID(IPCSkeleton::GetCallingFullTokenID());
break;
case ATokenTypeEnum::TOKEN_NATIVE:
case ATokenTypeEnum::TOKEN_SHELL:
result = true;
break;
case ATokenTypeEnum::TOKEN_INVALID:
case ATokenTypeEnum::TOKEN_TYPE_BUTT:
break;
default:
break;
}
if (!result) {
POWER_HILOGW(COMP_UTILS, "system denied, type=%{public}d, pid=%{public}d, uid=%{public}d",
static_cast<int32_t>(type), pid, uid);
return false;
}
return true;
}
bool Permission::IsPermissionGranted(const std::string& perm)
{
AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID();
pid_t pid = IPCSkeleton::GetCallingPid();
pid_t uid = IPCSkeleton::GetCallingUid();
ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(tokenId);
POWER_HILOGD(COMP_UTILS, "checking permission, perm=%{public}s type=%{public}d, pid=%{public}d, uid=%{public}d",
perm.c_str(), static_cast<int32_t>(type), pid, uid);
int32_t result = PermissionState::PERMISSION_DENIED;
switch (type) {
case ATokenTypeEnum::TOKEN_HAP:
result = AccessTokenKit::VerifyAccessToken(tokenId, perm);
break;
case ATokenTypeEnum::TOKEN_NATIVE:
case ATokenTypeEnum::TOKEN_SHELL:
result = PermissionState::PERMISSION_GRANTED;
break;
case ATokenTypeEnum::TOKEN_INVALID:
case ATokenTypeEnum::TOKEN_TYPE_BUTT:
break;
default:
break;
}
if (result == PermissionState::PERMISSION_DENIED) {
POWER_HILOGW(COMP_UTILS, "permission denied, perm=%{public}s type=%{public}d, pid=%{public}d, uid=%{public}d",
perm.c_str(), static_cast<int32_t>(type), pid, uid);
return false;
}
return true;
}
bool Permission::IsNativePermissionGranted(const std::string& perm)
{
AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID();
pid_t pid = IPCSkeleton::GetCallingPid();
pid_t uid = IPCSkeleton::GetCallingUid();
ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(tokenId);
POWER_HILOGD(COMP_UTILS, "checking permission, perm=%{public}s type=%{public}d, pid=%{public}d, uid=%{public}d",
perm.c_str(), static_cast<int32_t>(type), pid, uid);
int32_t result = PermissionState::PERMISSION_DENIED;
switch (type) {
case ATokenTypeEnum::TOKEN_HAP:
result = PermissionState::PERMISSION_GRANTED;
break;
case ATokenTypeEnum::TOKEN_NATIVE:
case ATokenTypeEnum::TOKEN_SHELL:
result = AccessTokenKit::VerifyAccessToken(tokenId, perm);
break;
case ATokenTypeEnum::TOKEN_INVALID:
case ATokenTypeEnum::TOKEN_TYPE_BUTT:
break;
default:
break;
}
if (result == PermissionState::PERMISSION_DENIED) {
POWER_HILOGW(COMP_UTILS, "permission denied, perm=%{public}s type=%{public}d, pid=%{public}d, uid=%{public}d",
perm.c_str(), static_cast<int32_t>(type), pid, uid);
return false;
}
return true;
}
}
}
