122736c2fSopenharmony_ci/* 222736c2fSopenharmony_ci * Copyright (c) 2023 Huawei Device Co., Ltd. 322736c2fSopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 422736c2fSopenharmony_ci * you may not use this file except in compliance with the License. 522736c2fSopenharmony_ci * You may obtain a copy of the License at 622736c2fSopenharmony_ci * 722736c2fSopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 822736c2fSopenharmony_ci * 922736c2fSopenharmony_ci * Unless required by applicable law or agreed to in writing, software 1022736c2fSopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 1122736c2fSopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1222736c2fSopenharmony_ci * See the License for the specific language governing permissions and 1322736c2fSopenharmony_ci * limitations under the License. 1422736c2fSopenharmony_ci */ 1522736c2fSopenharmony_ci#include "identity_checker_impl.h" 1622736c2fSopenharmony_ci 1722736c2fSopenharmony_ci#include <cinttypes> 1822736c2fSopenharmony_ci 1922736c2fSopenharmony_ci#include "ability_manager_client.h" 2022736c2fSopenharmony_ci#include "accesstoken_kit.h" 2122736c2fSopenharmony_ci#include "global.h" 2222736c2fSopenharmony_ci#include "tokenid_kit.h" 2322736c2fSopenharmony_ci#ifdef SCENE_BOARD_ENABLE 2422736c2fSopenharmony_ci#include "window_manager_lite.h" 2522736c2fSopenharmony_ci#else 2622736c2fSopenharmony_ci#include "window_manager.h" 2722736c2fSopenharmony_ci#endif 2822736c2fSopenharmony_ci 2922736c2fSopenharmony_cinamespace OHOS { 3022736c2fSopenharmony_cinamespace MiscServices { 3122736c2fSopenharmony_ciusing namespace Rosen; 3222736c2fSopenharmony_ciusing namespace Security::AccessToken; 3322736c2fSopenharmony_cibool IdentityCheckerImpl::IsFocused(int64_t callingPid, uint32_t callingTokenId, int64_t focusedPid) 3422736c2fSopenharmony_ci{ 3522736c2fSopenharmony_ci int64_t realFocusedPid = focusedPid; 3622736c2fSopenharmony_ci if (realFocusedPid == INVALID_PID) { 3722736c2fSopenharmony_ci FocusChangeInfo info; 3822736c2fSopenharmony_ci#ifdef SCENE_BOARD_ENABLE 3922736c2fSopenharmony_ci WindowManagerLite::GetInstance().GetFocusWindowInfo(info); 4022736c2fSopenharmony_ci#else 4122736c2fSopenharmony_ci WindowManager::GetInstance().GetFocusWindowInfo(info); 4222736c2fSopenharmony_ci#endif 4322736c2fSopenharmony_ci realFocusedPid = info.pid_; 4422736c2fSopenharmony_ci } 4522736c2fSopenharmony_ci IMSA_HILOGD("focusedPid: %{public}" PRId64 ", pid: %{public}" PRId64 "", realFocusedPid, callingPid); 4622736c2fSopenharmony_ci if (callingPid == realFocusedPid) { 4722736c2fSopenharmony_ci IMSA_HILOGD("pid is same, focused app."); 4822736c2fSopenharmony_ci return true; 4922736c2fSopenharmony_ci } 5022736c2fSopenharmony_ci return IsFocusedUIExtension(callingTokenId); 5122736c2fSopenharmony_ci} 5222736c2fSopenharmony_ci 5322736c2fSopenharmony_cibool IdentityCheckerImpl::IsSystemApp(uint64_t fullTokenId) 5422736c2fSopenharmony_ci{ 5522736c2fSopenharmony_ci return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); 5622736c2fSopenharmony_ci} 5722736c2fSopenharmony_ci 5822736c2fSopenharmony_cibool IdentityCheckerImpl::IsBundleNameValid(uint32_t tokenId, const std::string &validBundleName) 5922736c2fSopenharmony_ci{ 6022736c2fSopenharmony_ci std::string bundleName = GetBundleNameByToken(tokenId); 6122736c2fSopenharmony_ci if (bundleName.empty()) { 6222736c2fSopenharmony_ci return false; 6322736c2fSopenharmony_ci } 6422736c2fSopenharmony_ci if (bundleName != validBundleName) { 6522736c2fSopenharmony_ci IMSA_HILOGE("bundleName is invalid, caller: %{public}s, current: %{public}s", bundleName.c_str(), 6622736c2fSopenharmony_ci validBundleName.c_str()); 6722736c2fSopenharmony_ci return false; 6822736c2fSopenharmony_ci } 6922736c2fSopenharmony_ci IMSA_HILOGD("checked successfully."); 7022736c2fSopenharmony_ci return true; 7122736c2fSopenharmony_ci} 7222736c2fSopenharmony_ci 7322736c2fSopenharmony_cibool IdentityCheckerImpl::HasPermission(uint32_t tokenId, const std::string &permission) 7422736c2fSopenharmony_ci{ 7522736c2fSopenharmony_ci if (AccessTokenKit::VerifyAccessToken(tokenId, permission) != PERMISSION_GRANTED) { 7622736c2fSopenharmony_ci IMSA_HILOGE("Permission [%{public}s] not granted!", permission.c_str()); 7722736c2fSopenharmony_ci return false; 7822736c2fSopenharmony_ci } 7922736c2fSopenharmony_ci IMSA_HILOGD("verify AccessToken success."); 8022736c2fSopenharmony_ci return true; 8122736c2fSopenharmony_ci} 8222736c2fSopenharmony_ci 8322736c2fSopenharmony_cibool IdentityCheckerImpl::IsBroker(AccessTokenID tokenId) 8422736c2fSopenharmony_ci{ 8522736c2fSopenharmony_ci if (!IsNativeSa(tokenId)) { 8622736c2fSopenharmony_ci return false; 8722736c2fSopenharmony_ci } 8822736c2fSopenharmony_ci NativeTokenInfo nativeTokenInfoRes; 8922736c2fSopenharmony_ci AccessTokenKit::GetNativeTokenInfo(tokenId, nativeTokenInfoRes); 9022736c2fSopenharmony_ci return nativeTokenInfoRes.processName == "broker"; 9122736c2fSopenharmony_ci} 9222736c2fSopenharmony_ci 9322736c2fSopenharmony_cibool IdentityCheckerImpl::IsNativeSa(AccessTokenID tokenId) 9422736c2fSopenharmony_ci{ 9522736c2fSopenharmony_ci return AccessTokenKit::GetTokenTypeFlag(tokenId) == TypeATokenTypeEnum::TOKEN_NATIVE; 9622736c2fSopenharmony_ci} 9722736c2fSopenharmony_ci 9822736c2fSopenharmony_cibool IdentityCheckerImpl::IsFocusedUIExtension(uint32_t callingTokenId) 9922736c2fSopenharmony_ci{ 10022736c2fSopenharmony_ci bool isFocused = false; 10122736c2fSopenharmony_ci auto ret = AAFwk::AbilityManagerClient::GetInstance()->CheckUIExtensionIsFocused(callingTokenId, isFocused); 10222736c2fSopenharmony_ci IMSA_HILOGD("tokenId: %{public}d, check result: %{public}d, isFocused: %{public}d", callingTokenId, ret, isFocused); 10322736c2fSopenharmony_ci return ret == ErrorCode::NO_ERROR && isFocused; 10422736c2fSopenharmony_ci} 10522736c2fSopenharmony_ci 10622736c2fSopenharmony_cistd::string IdentityCheckerImpl::GetBundleNameByToken(uint32_t tokenId) 10722736c2fSopenharmony_ci{ 10822736c2fSopenharmony_ci auto tokenType = AccessTokenKit::GetTokenTypeFlag(tokenId); 10922736c2fSopenharmony_ci if (tokenType != TOKEN_HAP) { 11022736c2fSopenharmony_ci IMSA_HILOGE("invalid token!"); 11122736c2fSopenharmony_ci return ""; 11222736c2fSopenharmony_ci } 11322736c2fSopenharmony_ci HapTokenInfo info; 11422736c2fSopenharmony_ci int ret = AccessTokenKit::GetHapTokenInfo(tokenId, info); 11522736c2fSopenharmony_ci if (ret != ErrorCode::NO_ERROR) { 11622736c2fSopenharmony_ci IMSA_HILOGE("failed to get hap info, ret: %{public}d!", ret); 11722736c2fSopenharmony_ci return ""; 11822736c2fSopenharmony_ci } 11922736c2fSopenharmony_ci return info.bundleName; 12022736c2fSopenharmony_ci} 12122736c2fSopenharmony_ci} // namespace MiscServices 12222736c2fSopenharmony_ci} // namespace OHOS