1c2b37d2cSopenharmony_ci/* 2c2b37d2cSopenharmony_ci * Copyright (c) 2021-2024 Huawei Device Co., Ltd. 3c2b37d2cSopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 4c2b37d2cSopenharmony_ci * you may not use this file except in compliance with the License. 5c2b37d2cSopenharmony_ci * You may obtain a copy of the License at 6c2b37d2cSopenharmony_ci * 7c2b37d2cSopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 8c2b37d2cSopenharmony_ci * 9c2b37d2cSopenharmony_ci * Unless required by applicable law or agreed to in writing, software 10c2b37d2cSopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 11c2b37d2cSopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12c2b37d2cSopenharmony_ci * See the License for the specific language governing permissions and 13c2b37d2cSopenharmony_ci * limitations under the License. 14c2b37d2cSopenharmony_ci */ 15c2b37d2cSopenharmony_ci 16c2b37d2cSopenharmony_ci#include "account_stub.h" 17c2b37d2cSopenharmony_ci 18c2b37d2cSopenharmony_ci#include <dlfcn.h> 19c2b37d2cSopenharmony_ci#include <ipc_types.h> 20c2b37d2cSopenharmony_ci#include "accesstoken_kit.h" 21c2b37d2cSopenharmony_ci#include "account_error_no.h" 22c2b37d2cSopenharmony_ci#include "account_helper_data.h" 23c2b37d2cSopenharmony_ci#include "account_info.h" 24c2b37d2cSopenharmony_ci#include "account_info_parcel.h" 25c2b37d2cSopenharmony_ci#include "account_log_wrapper.h" 26c2b37d2cSopenharmony_ci#include "account_mgr_service.h" 27c2b37d2cSopenharmony_ci#include "bundle_manager_adapter.h" 28c2b37d2cSopenharmony_ci#include "account_hisysevent_adapter.h" 29c2b37d2cSopenharmony_ci#include "if_system_ability_manager.h" 30c2b37d2cSopenharmony_ci#include "ipc_skeleton.h" 31c2b37d2cSopenharmony_ci#include "iservice_registry.h" 32c2b37d2cSopenharmony_ci#include "memory_guard.h" 33c2b37d2cSopenharmony_ci#include "ohos_account_kits.h" 34c2b37d2cSopenharmony_ci#include "account_constants.h" 35c2b37d2cSopenharmony_ci#ifdef HICOLLIE_ENABLE 36c2b37d2cSopenharmony_ci#include "xcollie/xcollie.h" 37c2b37d2cSopenharmony_ci#endif // HICOLLIE_ENABLE 38c2b37d2cSopenharmony_ci 39c2b37d2cSopenharmony_cinamespace OHOS { 40c2b37d2cSopenharmony_cinamespace AccountSA { 41c2b37d2cSopenharmony_cinamespace { 42c2b37d2cSopenharmony_ciconst std::string OHOS_ACCOUNT_QUIT_TIPS_TITLE = ""; 43c2b37d2cSopenharmony_ciconst std::string OHOS_ACCOUNT_QUIT_TIPS_CONTENT = ""; 44c2b37d2cSopenharmony_ciconst std::string PERMISSION_MANAGE_USERS = "ohos.permission.MANAGE_LOCAL_ACCOUNTS"; 45c2b37d2cSopenharmony_ciconst std::string PERMISSION_GET_LOCAL_ACCOUNTS = "ohos.permission.GET_LOCAL_ACCOUNTS"; 46c2b37d2cSopenharmony_ciconst std::string PERMISSION_MANAGE_DISTRIBUTED_ACCOUNTS = "ohos.permission.MANAGE_DISTRIBUTED_ACCOUNTS"; 47c2b37d2cSopenharmony_ciconst std::string PERMISSION_GET_DISTRIBUTED_ACCOUNTS = "ohos.permission.GET_DISTRIBUTED_ACCOUNTS"; 48c2b37d2cSopenharmony_ciconst std::string PERMISSION_DISTRIBUTED_DATASYNC = "ohos.permission.DISTRIBUTED_DATASYNC"; 49c2b37d2cSopenharmony_ciconst std::string INTERACT_ACROSS_LOCAL_ACCOUNTS = "ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS"; 50c2b37d2cSopenharmony_ci#ifndef IS_RELEASE_VERSION 51c2b37d2cSopenharmony_ciconstexpr std::int32_t ROOT_UID = 0; 52c2b37d2cSopenharmony_ci#endif 53c2b37d2cSopenharmony_ci#ifdef HICOLLIE_ENABLE 54c2b37d2cSopenharmony_ciconstexpr std::int32_t RECOVERY_TIMEOUT = 6; // timeout 6s 55c2b37d2cSopenharmony_ci#endif // HICOLLIE_ENABLE 56c2b37d2cSopenharmony_ciconstexpr std::int32_t INVALID_USERID = -1; 57c2b37d2cSopenharmony_ciconst std::set<std::int32_t> WHITE_LIST = { 58c2b37d2cSopenharmony_ci 3012, // DISTRIBUTED_KV_DATA_SA_UID 59c2b37d2cSopenharmony_ci 3019, // DLP_UID 60c2b37d2cSopenharmony_ci 3553, // DLP_CREDENTIAL_SA_UID 61c2b37d2cSopenharmony_ci}; 62c2b37d2cSopenharmony_ci#ifdef USE_MUSL 63c2b37d2cSopenharmony_ciconstexpr std::int32_t DSOFTBUS_UID = 1024; 64c2b37d2cSopenharmony_ci#else 65c2b37d2cSopenharmony_ciconstexpr std::int32_t DSOFTBUS_UID = 5533; 66c2b37d2cSopenharmony_ci#endif 67c2b37d2cSopenharmony_ci} // namespace 68c2b37d2cSopenharmony_ciAccountStub::AccountStub() 69c2b37d2cSopenharmony_ci{ 70c2b37d2cSopenharmony_ci stubFuncMap_[AccountMgrInterfaceCode::UPDATE_OHOS_ACCOUNT_INFO] = 71c2b37d2cSopenharmony_ci [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdUpdateOhosAccountInfo(data, reply); }; 72c2b37d2cSopenharmony_ci stubFuncMap_[AccountMgrInterfaceCode::SET_OHOS_ACCOUNT_INFO] = 73c2b37d2cSopenharmony_ci [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdSetOhosAccountInfo(data, reply); }; 74c2b37d2cSopenharmony_ci stubFuncMap_[AccountMgrInterfaceCode::SET_OHOS_ACCOUNT_INFO_BY_USER_ID] = 75c2b37d2cSopenharmony_ci [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdSetOhosAccountInfoByUserId(data, reply); }; 76c2b37d2cSopenharmony_ci stubFuncMap_[AccountMgrInterfaceCode::QUERY_OHOS_ACCOUNT_INFO] = 77c2b37d2cSopenharmony_ci [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdQueryOhosAccountInfo(data, reply); }; 78c2b37d2cSopenharmony_ci stubFuncMap_[AccountMgrInterfaceCode::GET_OHOS_ACCOUNT_INFO] = 79c2b37d2cSopenharmony_ci [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdGetOhosAccountInfo(data, reply); }; 80c2b37d2cSopenharmony_ci stubFuncMap_[AccountMgrInterfaceCode::QUERY_OHOS_ACCOUNT_INFO_BY_USER_ID] = 81c2b37d2cSopenharmony_ci [this] (MessageParcel &data, MessageParcel &reply) { 82c2b37d2cSopenharmony_ci return this->CmdQueryOhosAccountInfoByUserId(data, reply); 83c2b37d2cSopenharmony_ci }; 84c2b37d2cSopenharmony_ci stubFuncMap_[AccountMgrInterfaceCode::GET_OHOS_ACCOUNT_INFO_BY_USER_ID] = 85c2b37d2cSopenharmony_ci [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdGetOhosAccountInfoByUserId(data, reply); }; 86c2b37d2cSopenharmony_ci stubFuncMap_[AccountMgrInterfaceCode::QUERY_DEVICE_ACCOUNT_ID] = 87c2b37d2cSopenharmony_ci [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdQueryDeviceAccountId(data, reply); }; 88c2b37d2cSopenharmony_ci stubFuncMap_[AccountMgrInterfaceCode::SUBSCRIBE_DISTRIBUTED_ACCOUNT_EVENT] = 89c2b37d2cSopenharmony_ci [this] (MessageParcel &data, MessageParcel &reply) { 90c2b37d2cSopenharmony_ci return this->CmdSubscribeDistributedAccountEvent(data, reply); 91c2b37d2cSopenharmony_ci }; 92c2b37d2cSopenharmony_ci stubFuncMap_[AccountMgrInterfaceCode::UNSUBSCRIBE_DISTRIBUTED_ACCOUNT_EVENT] = 93c2b37d2cSopenharmony_ci [this] (MessageParcel &data, MessageParcel &reply) { 94c2b37d2cSopenharmony_ci return this->CmdUnsubscribeDistributedAccountEvent(data, reply); 95c2b37d2cSopenharmony_ci }; 96c2b37d2cSopenharmony_ci stubFuncMap_[AccountMgrInterfaceCode::GET_APP_ACCOUNT_SERVICE] = 97c2b37d2cSopenharmony_ci [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdGetAppAccountService(data, reply); }; 98c2b37d2cSopenharmony_ci stubFuncMap_[AccountMgrInterfaceCode::GET_OS_ACCOUNT_SERVICE] = 99c2b37d2cSopenharmony_ci [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdGetOsAccountService(data, reply); }; 100c2b37d2cSopenharmony_ci stubFuncMap_[AccountMgrInterfaceCode::GET_ACCOUNT_IAM_SERVICE] = 101c2b37d2cSopenharmony_ci [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdGetAccountIAMService(data, reply); }; 102c2b37d2cSopenharmony_ci stubFuncMap_[AccountMgrInterfaceCode::GET_DOMAIN_ACCOUNT_SERVICE] = 103c2b37d2cSopenharmony_ci [this] (MessageParcel &data, MessageParcel &reply) { return this->CmdGetDomainAccountService(data, reply); }; 104c2b37d2cSopenharmony_ci} 105c2b37d2cSopenharmony_ci 106c2b37d2cSopenharmony_cistd::int32_t AccountStub::InnerUpdateOhosAccountInfo(MessageParcel &data, MessageParcel &reply) 107c2b37d2cSopenharmony_ci{ 108c2b37d2cSopenharmony_ci // ignore the real account name 109c2b37d2cSopenharmony_ci const std::string accountName = Str16ToStr8(data.ReadString16()); 110c2b37d2cSopenharmony_ci if (accountName.empty()) { 111c2b37d2cSopenharmony_ci ACCOUNT_LOGE("empty account name!"); 112c2b37d2cSopenharmony_ci return ERR_ACCOUNT_ZIDL_ACCOUNT_STUB_ERROR; 113c2b37d2cSopenharmony_ci } 114c2b37d2cSopenharmony_ci const std::string uid = Str16ToStr8(data.ReadString16()); 115c2b37d2cSopenharmony_ci if (uid.empty()) { 116c2b37d2cSopenharmony_ci ACCOUNT_LOGE("empty uid!"); 117c2b37d2cSopenharmony_ci return ERR_ACCOUNT_ZIDL_ACCOUNT_STUB_ERROR; 118c2b37d2cSopenharmony_ci } 119c2b37d2cSopenharmony_ci const std::string eventStr = Str16ToStr8(data.ReadString16()); 120c2b37d2cSopenharmony_ci 121c2b37d2cSopenharmony_ci std::int32_t ret = ERR_OK; 122c2b37d2cSopenharmony_ci bool result = UpdateOhosAccountInfo(accountName, uid, eventStr); 123c2b37d2cSopenharmony_ci if (!result) { 124c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Update ohos account info failed"); 125c2b37d2cSopenharmony_ci ret = ERR_ACCOUNT_ZIDL_ACCOUNT_STUB_ERROR; 126c2b37d2cSopenharmony_ci } 127c2b37d2cSopenharmony_ci if (!reply.WriteInt32(ret)) { 128c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Write result data failed"); 129c2b37d2cSopenharmony_ci ret = ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; 130c2b37d2cSopenharmony_ci } 131c2b37d2cSopenharmony_ci return ret; 132c2b37d2cSopenharmony_ci} 133c2b37d2cSopenharmony_ci 134c2b37d2cSopenharmony_cistd::int32_t AccountStub::InnerSetOhosAccountInfo(int32_t userId, MessageParcel &data, MessageParcel &reply) 135c2b37d2cSopenharmony_ci{ 136c2b37d2cSopenharmony_ci OhosAccountInfo info; 137c2b37d2cSopenharmony_ci std::int32_t ret = ReadOhosAccountInfo(data, info); 138c2b37d2cSopenharmony_ci if (ret != ERR_OK) { 139c2b37d2cSopenharmony_ci return ret; 140c2b37d2cSopenharmony_ci } 141c2b37d2cSopenharmony_ci if (!info.IsValid()) { 142c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Check OhosAccountInfo failed"); 143c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_INVALID_PARAMETER; 144c2b37d2cSopenharmony_ci } 145c2b37d2cSopenharmony_ci // ignore the real account name 146c2b37d2cSopenharmony_ci const std::string eventStr = Str16ToStr8(data.ReadString16()); 147c2b37d2cSopenharmony_ci 148c2b37d2cSopenharmony_ci if (userId == INVALID_USERID) { 149c2b37d2cSopenharmony_ci userId = AccountMgrService::GetInstance().GetCallingUserID(); 150c2b37d2cSopenharmony_ci } 151c2b37d2cSopenharmony_ci ret = SetOhosAccountInfoByUserId(userId, info, eventStr); 152c2b37d2cSopenharmony_ci if (ret != ERR_OK) { 153c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Set ohos account info failed"); 154c2b37d2cSopenharmony_ci } 155c2b37d2cSopenharmony_ci if (!reply.WriteInt32(ret)) { 156c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Write result data failed"); 157c2b37d2cSopenharmony_ci ret = ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; 158c2b37d2cSopenharmony_ci } 159c2b37d2cSopenharmony_ci return ret; 160c2b37d2cSopenharmony_ci} 161c2b37d2cSopenharmony_ci 162c2b37d2cSopenharmony_cistd::int32_t AccountStub::CmdUpdateOhosAccountInfo(MessageParcel &data, MessageParcel &reply) 163c2b37d2cSopenharmony_ci{ 164c2b37d2cSopenharmony_ci if (!HasAccountRequestPermission(PERMISSION_MANAGE_USERS)) { 165c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Check permission failed"); 166c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_PERMISSION_DENIED; 167c2b37d2cSopenharmony_ci } 168c2b37d2cSopenharmony_ci 169c2b37d2cSopenharmony_ci return InnerUpdateOhosAccountInfo(data, reply); 170c2b37d2cSopenharmony_ci} 171c2b37d2cSopenharmony_ci 172c2b37d2cSopenharmony_cistd::int32_t AccountStub::CmdSetOhosAccountInfo(MessageParcel &data, MessageParcel &reply) 173c2b37d2cSopenharmony_ci{ 174c2b37d2cSopenharmony_ci if (!HasAccountRequestPermission(PERMISSION_MANAGE_DISTRIBUTED_ACCOUNTS)) { 175c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Check permission failed"); 176c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_PERMISSION_DENIED; 177c2b37d2cSopenharmony_ci } 178c2b37d2cSopenharmony_ci 179c2b37d2cSopenharmony_ci return InnerSetOhosAccountInfo(INVALID_USERID, data, reply); 180c2b37d2cSopenharmony_ci} 181c2b37d2cSopenharmony_ci 182c2b37d2cSopenharmony_cistatic int32_t CheckUserIdValid(const int32_t userId) 183c2b37d2cSopenharmony_ci{ 184c2b37d2cSopenharmony_ci if ((userId >= 0) && (userId < Constants::START_USER_ID)) { 185c2b37d2cSopenharmony_ci ACCOUNT_LOGE("userId %{public}d is system reserved", userId); 186c2b37d2cSopenharmony_ci return ERR_OSACCOUNT_SERVICE_MANAGER_ID_ERROR; 187c2b37d2cSopenharmony_ci } 188c2b37d2cSopenharmony_ci bool isOsAccountExist = false; 189c2b37d2cSopenharmony_ci IInnerOsAccountManager::GetInstance().IsOsAccountExists(userId, isOsAccountExist); 190c2b37d2cSopenharmony_ci if (!isOsAccountExist) { 191c2b37d2cSopenharmony_ci ACCOUNT_LOGE("os account is not exist"); 192c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_ACCOUNT_NOT_EXIST_ERROR; 193c2b37d2cSopenharmony_ci } 194c2b37d2cSopenharmony_ci return ERR_OK; 195c2b37d2cSopenharmony_ci} 196c2b37d2cSopenharmony_ci 197c2b37d2cSopenharmony_cistd::int32_t AccountStub::CmdSetOhosAccountInfoByUserId(MessageParcel &data, MessageParcel &reply) 198c2b37d2cSopenharmony_ci{ 199c2b37d2cSopenharmony_ci std::int32_t ret = AccountPermissionManager::CheckSystemApp(); 200c2b37d2cSopenharmony_ci if (ret != ERR_OK) { 201c2b37d2cSopenharmony_ci ACCOUNT_LOGE("the caller is not system application, ret = %{public}d.", ret); 202c2b37d2cSopenharmony_ci return ret; 203c2b37d2cSopenharmony_ci } 204c2b37d2cSopenharmony_ci if (!HasAccountRequestPermission(PERMISSION_MANAGE_DISTRIBUTED_ACCOUNTS)) { 205c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Check permission failed"); 206c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_PERMISSION_DENIED; 207c2b37d2cSopenharmony_ci } 208c2b37d2cSopenharmony_ci int32_t userId = data.ReadInt32(); 209c2b37d2cSopenharmony_ci ret = CheckUserIdValid(userId); 210c2b37d2cSopenharmony_ci if (ret != ERR_OK) { 211c2b37d2cSopenharmony_ci ACCOUNT_LOGE("CheckUserIdValid failed, ret = %{public}d", ret); 212c2b37d2cSopenharmony_ci return ret; 213c2b37d2cSopenharmony_ci } 214c2b37d2cSopenharmony_ci return InnerSetOhosAccountInfo(userId, data, reply); 215c2b37d2cSopenharmony_ci} 216c2b37d2cSopenharmony_ci 217c2b37d2cSopenharmony_cistd::int32_t AccountStub::InnerQueryOhosAccountInfo(MessageParcel &data, MessageParcel &reply) 218c2b37d2cSopenharmony_ci{ 219c2b37d2cSopenharmony_ci OhosAccountInfo info; 220c2b37d2cSopenharmony_ci#ifdef HICOLLIE_ENABLE 221c2b37d2cSopenharmony_ci int timerId = HiviewDFX::XCollie::GetInstance().SetTimer( 222c2b37d2cSopenharmony_ci TIMER_NAME, RECOVERY_TIMEOUT, nullptr, nullptr, HiviewDFX::XCOLLIE_FLAG_RECOVERY); 223c2b37d2cSopenharmony_ci#endif // HICOLLIE_ENABLE 224c2b37d2cSopenharmony_ci ErrCode result = QueryOhosAccountInfo(info); 225c2b37d2cSopenharmony_ci if (result != ERR_OK) { 226c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Query ohos account info failed"); 227c2b37d2cSopenharmony_ci#ifdef HICOLLIE_ENABLE 228c2b37d2cSopenharmony_ci HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); 229c2b37d2cSopenharmony_ci#endif // HICOLLIE_ENABLE 230c2b37d2cSopenharmony_ci return result; 231c2b37d2cSopenharmony_ci } 232c2b37d2cSopenharmony_ci 233c2b37d2cSopenharmony_ci std::string name = info.name_; 234c2b37d2cSopenharmony_ci std::string id = info.uid_; 235c2b37d2cSopenharmony_ci if (!reply.WriteString16(Str8ToStr16(name))) { 236c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Write name data failed"); 237c2b37d2cSopenharmony_ci#ifdef HICOLLIE_ENABLE 238c2b37d2cSopenharmony_ci HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); 239c2b37d2cSopenharmony_ci#endif // HICOLLIE_ENABLE 240c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; 241c2b37d2cSopenharmony_ci } 242c2b37d2cSopenharmony_ci if (!reply.WriteString16(Str8ToStr16(id))) { 243c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Write id data failed"); 244c2b37d2cSopenharmony_ci#ifdef HICOLLIE_ENABLE 245c2b37d2cSopenharmony_ci HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); 246c2b37d2cSopenharmony_ci#endif // HICOLLIE_ENABLE 247c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; 248c2b37d2cSopenharmony_ci } 249c2b37d2cSopenharmony_ci if (!reply.WriteInt32(info.status_)) { 250c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Write status data failed"); 251c2b37d2cSopenharmony_ci#ifdef HICOLLIE_ENABLE 252c2b37d2cSopenharmony_ci HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); 253c2b37d2cSopenharmony_ci#endif // HICOLLIE_ENABLE 254c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; 255c2b37d2cSopenharmony_ci } 256c2b37d2cSopenharmony_ci#ifdef HICOLLIE_ENABLE 257c2b37d2cSopenharmony_ci HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); 258c2b37d2cSopenharmony_ci#endif // HICOLLIE_ENABLE 259c2b37d2cSopenharmony_ci return ERR_OK; 260c2b37d2cSopenharmony_ci} 261c2b37d2cSopenharmony_ci 262c2b37d2cSopenharmony_cistd::int32_t AccountStub::InnerGetOhosAccountInfo(MessageParcel &data, MessageParcel &reply) 263c2b37d2cSopenharmony_ci{ 264c2b37d2cSopenharmony_ci OhosAccountInfo ohosAccountInfo; 265c2b37d2cSopenharmony_ci int ret = GetOhosAccountInfo(ohosAccountInfo); 266c2b37d2cSopenharmony_ci ohosAccountInfo.SetRawUid(""); 267c2b37d2cSopenharmony_ci if (ret != ERR_OK) { 268c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Get ohos account info failed"); 269c2b37d2cSopenharmony_ci return ERR_ACCOUNT_ZIDL_ACCOUNT_STUB_ERROR; 270c2b37d2cSopenharmony_ci } 271c2b37d2cSopenharmony_ci if (!WriteOhosAccountInfo(reply, ohosAccountInfo)) { 272c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Write ohosAccountInfo failed!"); 273c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; 274c2b37d2cSopenharmony_ci } 275c2b37d2cSopenharmony_ci return ERR_OK; 276c2b37d2cSopenharmony_ci} 277c2b37d2cSopenharmony_ci 278c2b37d2cSopenharmony_cistd::int32_t AccountStub::CmdQueryOhosAccountInfo(MessageParcel &data, MessageParcel &reply) 279c2b37d2cSopenharmony_ci{ 280c2b37d2cSopenharmony_ci if (!HasAccountRequestPermission(PERMISSION_MANAGE_USERS) && 281c2b37d2cSopenharmony_ci !HasAccountRequestPermission(PERMISSION_DISTRIBUTED_DATASYNC) && 282c2b37d2cSopenharmony_ci !HasAccountRequestPermission(PERMISSION_GET_LOCAL_ACCOUNTS)) { 283c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Check permission failed"); 284c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_PERMISSION_DENIED; 285c2b37d2cSopenharmony_ci } 286c2b37d2cSopenharmony_ci 287c2b37d2cSopenharmony_ci return InnerQueryOhosAccountInfo(data, reply); 288c2b37d2cSopenharmony_ci} 289c2b37d2cSopenharmony_ci 290c2b37d2cSopenharmony_ciErrCode AccountStub::CmdGetOhosAccountInfo(MessageParcel &data, MessageParcel &reply) 291c2b37d2cSopenharmony_ci{ 292c2b37d2cSopenharmony_ci if (!HasAccountRequestPermission(PERMISSION_MANAGE_DISTRIBUTED_ACCOUNTS) && 293c2b37d2cSopenharmony_ci !HasAccountRequestPermission(PERMISSION_DISTRIBUTED_DATASYNC) && 294c2b37d2cSopenharmony_ci !HasAccountRequestPermission(PERMISSION_GET_DISTRIBUTED_ACCOUNTS)) { 295c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Check permission failed"); 296c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_PERMISSION_DENIED; 297c2b37d2cSopenharmony_ci } 298c2b37d2cSopenharmony_ci 299c2b37d2cSopenharmony_ci return InnerGetOhosAccountInfo(data, reply); 300c2b37d2cSopenharmony_ci} 301c2b37d2cSopenharmony_ci 302c2b37d2cSopenharmony_ciErrCode AccountStub::CmdGetOhosAccountInfoByUserId(MessageParcel &data, MessageParcel &reply) 303c2b37d2cSopenharmony_ci{ 304c2b37d2cSopenharmony_ci ErrCode errCode = AccountPermissionManager::CheckSystemApp(); 305c2b37d2cSopenharmony_ci if (errCode != ERR_OK) { 306c2b37d2cSopenharmony_ci ACCOUNT_LOGE("the caller is not system application, errCode = %{public}d.", errCode); 307c2b37d2cSopenharmony_ci return errCode; 308c2b37d2cSopenharmony_ci } 309c2b37d2cSopenharmony_ci if (!HasAccountRequestPermission(PERMISSION_MANAGE_DISTRIBUTED_ACCOUNTS) && 310c2b37d2cSopenharmony_ci !HasAccountRequestPermission(INTERACT_ACROSS_LOCAL_ACCOUNTS) && 311c2b37d2cSopenharmony_ci !HasAccountRequestPermission(PERMISSION_DISTRIBUTED_DATASYNC) && 312c2b37d2cSopenharmony_ci !HasAccountRequestPermission(PERMISSION_GET_DISTRIBUTED_ACCOUNTS)) { 313c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Check permission failed"); 314c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_PERMISSION_DENIED; 315c2b37d2cSopenharmony_ci } 316c2b37d2cSopenharmony_ci int32_t userId = data.ReadInt32(); 317c2b37d2cSopenharmony_ci bool isOsAccountExits = false; 318c2b37d2cSopenharmony_ci errCode = IInnerOsAccountManager::GetInstance().IsOsAccountExists(userId, isOsAccountExits); 319c2b37d2cSopenharmony_ci if (errCode != ERR_OK) { 320c2b37d2cSopenharmony_ci ACCOUNT_LOGE("IsOsAccountExists failed errCode is %{public}d", errCode); 321c2b37d2cSopenharmony_ci return errCode; 322c2b37d2cSopenharmony_ci } 323c2b37d2cSopenharmony_ci if (!isOsAccountExits) { 324c2b37d2cSopenharmony_ci ACCOUNT_LOGE("os account is not exit"); 325c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_ACCOUNT_NOT_EXIST_ERROR; 326c2b37d2cSopenharmony_ci } 327c2b37d2cSopenharmony_ci OhosAccountInfo ohosAccountInfo; 328c2b37d2cSopenharmony_ci errCode = GetOhosAccountInfoByUserId(userId, ohosAccountInfo); 329c2b37d2cSopenharmony_ci if (errCode != ERR_OK) { 330c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Get ohos account info failed"); 331c2b37d2cSopenharmony_ci return errCode; 332c2b37d2cSopenharmony_ci } 333c2b37d2cSopenharmony_ci int32_t uid = IPCSkeleton::GetCallingUid(); 334c2b37d2cSopenharmony_ci if (WHITE_LIST.find(uid) == WHITE_LIST.end()) { 335c2b37d2cSopenharmony_ci ohosAccountInfo.SetRawUid(""); 336c2b37d2cSopenharmony_ci } 337c2b37d2cSopenharmony_ci if (!WriteOhosAccountInfo(reply, ohosAccountInfo)) { 338c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Write ohosAccountInfo failed!"); 339c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; 340c2b37d2cSopenharmony_ci } 341c2b37d2cSopenharmony_ci return ERR_OK; 342c2b37d2cSopenharmony_ci} 343c2b37d2cSopenharmony_ci 344c2b37d2cSopenharmony_cistd::int32_t AccountStub::CmdQueryOhosAccountInfoByUserId(MessageParcel &data, MessageParcel &reply) 345c2b37d2cSopenharmony_ci{ 346c2b37d2cSopenharmony_ci if ((!HasAccountRequestPermission(PERMISSION_MANAGE_USERS)) && 347c2b37d2cSopenharmony_ci (!HasAccountRequestPermission(PERMISSION_DISTRIBUTED_DATASYNC)) && 348c2b37d2cSopenharmony_ci (IPCSkeleton::GetCallingUid() != DSOFTBUS_UID)) { 349c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Check permission failed"); 350c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_PERMISSION_DENIED; 351c2b37d2cSopenharmony_ci } 352c2b37d2cSopenharmony_ci 353c2b37d2cSopenharmony_ci std::int32_t userId = data.ReadInt32(); 354c2b37d2cSopenharmony_ci if (userId < 0) { 355c2b37d2cSopenharmony_ci ACCOUNT_LOGE("negative userID %{public}d detected!", userId); 356c2b37d2cSopenharmony_ci return ERR_ACCOUNT_ZIDL_ACCOUNT_STUB_USERID_ERROR; 357c2b37d2cSopenharmony_ci } 358c2b37d2cSopenharmony_ci 359c2b37d2cSopenharmony_ci OhosAccountInfo info; 360c2b37d2cSopenharmony_ci ErrCode result = QueryOhosAccountInfoByUserId(userId, info); 361c2b37d2cSopenharmony_ci if (result != ERR_OK) { 362c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Query ohos account info failed! userId %{public}d.", userId); 363c2b37d2cSopenharmony_ci return result; 364c2b37d2cSopenharmony_ci } 365c2b37d2cSopenharmony_ci 366c2b37d2cSopenharmony_ci std::string name = info.name_; 367c2b37d2cSopenharmony_ci std::string id = info.uid_; 368c2b37d2cSopenharmony_ci if (!reply.WriteString16(Str8ToStr16(name))) { 369c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Write name data failed! userId %{public}d.", userId); 370c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; 371c2b37d2cSopenharmony_ci } 372c2b37d2cSopenharmony_ci if (!reply.WriteString16(Str8ToStr16(id))) { 373c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Write id data failed! userId %{public}d.", userId); 374c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; 375c2b37d2cSopenharmony_ci } 376c2b37d2cSopenharmony_ci if (!reply.WriteInt32(info.status_)) { 377c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Write status data failed! userId %{public}d.", userId); 378c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; 379c2b37d2cSopenharmony_ci } 380c2b37d2cSopenharmony_ci return ERR_OK; 381c2b37d2cSopenharmony_ci} 382c2b37d2cSopenharmony_ci 383c2b37d2cSopenharmony_cistd::int32_t AccountStub::CmdQueryDeviceAccountId(MessageParcel &data, MessageParcel &reply) 384c2b37d2cSopenharmony_ci{ 385c2b37d2cSopenharmony_ci std::int32_t id; 386c2b37d2cSopenharmony_ci auto ret = QueryDeviceAccountId(id); 387c2b37d2cSopenharmony_ci if (ret != ERR_OK) { 388c2b37d2cSopenharmony_ci ACCOUNT_LOGE("QueryDevice AccountId failed: %{public}d", ret); 389c2b37d2cSopenharmony_ci return ret; 390c2b37d2cSopenharmony_ci } 391c2b37d2cSopenharmony_ci 392c2b37d2cSopenharmony_ci if (!reply.WriteInt32(id)) { 393c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Write result data failed"); 394c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; 395c2b37d2cSopenharmony_ci } 396c2b37d2cSopenharmony_ci return ERR_OK; 397c2b37d2cSopenharmony_ci} 398c2b37d2cSopenharmony_ci 399c2b37d2cSopenharmony_cistd::int32_t AccountStub::CmdSubscribeDistributedAccountEvent(MessageParcel &data, MessageParcel &reply) 400c2b37d2cSopenharmony_ci{ 401c2b37d2cSopenharmony_ci int32_t type; 402c2b37d2cSopenharmony_ci if (!data.ReadInt32(type)) { 403c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Read type failed."); 404c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; 405c2b37d2cSopenharmony_ci } 406c2b37d2cSopenharmony_ci 407c2b37d2cSopenharmony_ci sptr<IRemoteObject> eventListener = data.ReadRemoteObject(); 408c2b37d2cSopenharmony_ci if (eventListener == nullptr) { 409c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Read remote object for eventListener failed."); 410c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; 411c2b37d2cSopenharmony_ci } 412c2b37d2cSopenharmony_ci 413c2b37d2cSopenharmony_ci ErrCode result = SubscribeDistributedAccountEvent( 414c2b37d2cSopenharmony_ci static_cast<DISTRIBUTED_ACCOUNT_SUBSCRIBE_TYPE>(type), eventListener); 415c2b37d2cSopenharmony_ci if (!reply.WriteInt32(result)) { 416c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Write reply failed, result=%{public}d.", result); 417c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; 418c2b37d2cSopenharmony_ci } 419c2b37d2cSopenharmony_ci 420c2b37d2cSopenharmony_ci return ERR_OK; 421c2b37d2cSopenharmony_ci} 422c2b37d2cSopenharmony_ci 423c2b37d2cSopenharmony_cistd::int32_t AccountStub::CmdUnsubscribeDistributedAccountEvent(MessageParcel &data, MessageParcel &reply) 424c2b37d2cSopenharmony_ci{ 425c2b37d2cSopenharmony_ci int32_t type; 426c2b37d2cSopenharmony_ci if (!data.ReadInt32(type)) { 427c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Read type failed."); 428c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; 429c2b37d2cSopenharmony_ci } 430c2b37d2cSopenharmony_ci 431c2b37d2cSopenharmony_ci sptr<IRemoteObject> eventListener = data.ReadRemoteObject(); 432c2b37d2cSopenharmony_ci if (eventListener == nullptr) { 433c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Read remote object for eventListener failed."); 434c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; 435c2b37d2cSopenharmony_ci } 436c2b37d2cSopenharmony_ci 437c2b37d2cSopenharmony_ci ErrCode result = UnsubscribeDistributedAccountEvent( 438c2b37d2cSopenharmony_ci static_cast<DISTRIBUTED_ACCOUNT_SUBSCRIBE_TYPE>(type), eventListener); 439c2b37d2cSopenharmony_ci if (!reply.WriteInt32(result)) { 440c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Write reply failed, result=%{public}d.", result); 441c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; 442c2b37d2cSopenharmony_ci } 443c2b37d2cSopenharmony_ci 444c2b37d2cSopenharmony_ci return ERR_OK; 445c2b37d2cSopenharmony_ci} 446c2b37d2cSopenharmony_ci 447c2b37d2cSopenharmony_cistd::int32_t AccountStub::CmdGetAppAccountService(MessageParcel &data, MessageParcel &reply) 448c2b37d2cSopenharmony_ci{ 449c2b37d2cSopenharmony_ci auto remoteObject = GetAppAccountService(); 450c2b37d2cSopenharmony_ci if (!reply.WriteRemoteObject(remoteObject)) { 451c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Write result data failed"); 452c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; 453c2b37d2cSopenharmony_ci } 454c2b37d2cSopenharmony_ci 455c2b37d2cSopenharmony_ci return ERR_OK; 456c2b37d2cSopenharmony_ci} 457c2b37d2cSopenharmony_cistd::int32_t AccountStub::CmdGetOsAccountService(MessageParcel &data, MessageParcel &reply) 458c2b37d2cSopenharmony_ci{ 459c2b37d2cSopenharmony_ci auto remoteObject = GetOsAccountService(); 460c2b37d2cSopenharmony_ci if (!reply.WriteRemoteObject(remoteObject)) { 461c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Write result data failed"); 462c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; 463c2b37d2cSopenharmony_ci } 464c2b37d2cSopenharmony_ci 465c2b37d2cSopenharmony_ci return ERR_OK; 466c2b37d2cSopenharmony_ci} 467c2b37d2cSopenharmony_ci 468c2b37d2cSopenharmony_cistd::int32_t AccountStub::CmdGetAccountIAMService(MessageParcel &data, MessageParcel &reply) 469c2b37d2cSopenharmony_ci{ 470c2b37d2cSopenharmony_ci auto remoteObject = GetAccountIAMService(); 471c2b37d2cSopenharmony_ci if (!reply.WriteRemoteObject(remoteObject)) { 472c2b37d2cSopenharmony_ci ACCOUNT_LOGE("Write result data failed"); 473c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; 474c2b37d2cSopenharmony_ci } 475c2b37d2cSopenharmony_ci 476c2b37d2cSopenharmony_ci return ERR_OK; 477c2b37d2cSopenharmony_ci} 478c2b37d2cSopenharmony_ci 479c2b37d2cSopenharmony_cistd::int32_t AccountStub::CmdGetDomainAccountService(MessageParcel &data, MessageParcel &reply) 480c2b37d2cSopenharmony_ci{ 481c2b37d2cSopenharmony_ci auto remoteObject = GetDomainAccountService(); 482c2b37d2cSopenharmony_ci if (!reply.WriteRemoteObject(remoteObject)) { 483c2b37d2cSopenharmony_ci ACCOUNT_LOGE("failed to write remote object"); 484c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; 485c2b37d2cSopenharmony_ci } 486c2b37d2cSopenharmony_ci return ERR_OK; 487c2b37d2cSopenharmony_ci} 488c2b37d2cSopenharmony_ci 489c2b37d2cSopenharmony_cistd::int32_t AccountStub::OnRemoteRequest( 490c2b37d2cSopenharmony_ci std::uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) 491c2b37d2cSopenharmony_ci{ 492c2b37d2cSopenharmony_ci ACCOUNT_LOGD("Received stub message: %{public}d, callingUid: %{public}d", code, IPCSkeleton::GetCallingUid()); 493c2b37d2cSopenharmony_ci MemoryGuard cacheGuard; 494c2b37d2cSopenharmony_ci if (!IsServiceStarted()) { 495c2b37d2cSopenharmony_ci ACCOUNT_LOGE("account mgr not ready"); 496c2b37d2cSopenharmony_ci return ERR_ACCOUNT_ZIDL_MGR_NOT_READY_ERROR; 497c2b37d2cSopenharmony_ci } 498c2b37d2cSopenharmony_ci 499c2b37d2cSopenharmony_ci if (data.ReadInterfaceToken() != GetDescriptor()) { 500c2b37d2cSopenharmony_ci ACCOUNT_LOGE("check descriptor failed! code %{public}u.", code); 501c2b37d2cSopenharmony_ci return ERR_ACCOUNT_COMMON_CHECK_DESCRIPTOR_ERROR; 502c2b37d2cSopenharmony_ci } 503c2b37d2cSopenharmony_ci 504c2b37d2cSopenharmony_ci#ifdef HICOLLIE_ENABLE 505c2b37d2cSopenharmony_ci int timerId = 506c2b37d2cSopenharmony_ci HiviewDFX::XCollie::GetInstance().SetTimer(TIMER_NAME, TIMEOUT, nullptr, nullptr, HiviewDFX::XCOLLIE_FLAG_LOG); 507c2b37d2cSopenharmony_ci#endif // HICOLLIE_ENABLE 508c2b37d2cSopenharmony_ci 509c2b37d2cSopenharmony_ci AccountMgrInterfaceCode interfaceCode = static_cast<AccountMgrInterfaceCode>(code); 510c2b37d2cSopenharmony_ci const auto &itFunc = stubFuncMap_.find(interfaceCode); 511c2b37d2cSopenharmony_ci if (itFunc == stubFuncMap_.end()) { 512c2b37d2cSopenharmony_ci#ifdef HICOLLIE_ENABLE 513c2b37d2cSopenharmony_ci HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); 514c2b37d2cSopenharmony_ci#endif // HICOLLIE_ENABLE 515c2b37d2cSopenharmony_ci ACCOUNT_LOGW("remote request unhandled: %{public}d", code); 516c2b37d2cSopenharmony_ci return IPCObjectStub::OnRemoteRequest(code, data, reply, option); 517c2b37d2cSopenharmony_ci } 518c2b37d2cSopenharmony_ci int32_t ret = (itFunc->second)(data, reply); 519c2b37d2cSopenharmony_ci#ifdef HICOLLIE_ENABLE 520c2b37d2cSopenharmony_ci HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); 521c2b37d2cSopenharmony_ci#endif // HICOLLIE_ENABLE 522c2b37d2cSopenharmony_ci return ret; 523c2b37d2cSopenharmony_ci} 524c2b37d2cSopenharmony_ci 525c2b37d2cSopenharmony_cibool AccountStub::HasAccountRequestPermission(const std::string &permissionName) 526c2b37d2cSopenharmony_ci{ 527c2b37d2cSopenharmony_ci std::int32_t uid = IPCSkeleton::GetCallingUid(); 528c2b37d2cSopenharmony_ci#ifndef IS_RELEASE_VERSION 529c2b37d2cSopenharmony_ci // root check in none release version for test 530c2b37d2cSopenharmony_ci if (uid == ROOT_UID) { 531c2b37d2cSopenharmony_ci return true; 532c2b37d2cSopenharmony_ci } 533c2b37d2cSopenharmony_ci#endif 534c2b37d2cSopenharmony_ci 535c2b37d2cSopenharmony_ci // check permission 536c2b37d2cSopenharmony_ci Security::AccessToken::AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); 537c2b37d2cSopenharmony_ci if (Security::AccessToken::AccessTokenKit::VerifyAccessToken(callingTokenID, permissionName) == 538c2b37d2cSopenharmony_ci Security::AccessToken::TypePermissionState::PERMISSION_GRANTED) { 539c2b37d2cSopenharmony_ci return true; 540c2b37d2cSopenharmony_ci } 541c2b37d2cSopenharmony_ci 542c2b37d2cSopenharmony_ci ReportPermissionFail(uid, IPCSkeleton::GetCallingRealPid(), permissionName); 543c2b37d2cSopenharmony_ci ACCOUNT_LOGE("permission %{public}s denied!", permissionName.c_str()); 544c2b37d2cSopenharmony_ci return false; 545c2b37d2cSopenharmony_ci} 546c2b37d2cSopenharmony_ci} // namespace AccountSA 547c2b37d2cSopenharmony_ci} // namespace OHOS 548