1/* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15#include "identity_checker_impl.h" 16 17#include <cinttypes> 18 19#include "ability_manager_client.h" 20#include "accesstoken_kit.h" 21#include "global.h" 22#include "tokenid_kit.h" 23#ifdef SCENE_BOARD_ENABLE 24#include "window_manager_lite.h" 25#else 26#include "window_manager.h" 27#endif 28 29namespace OHOS { 30namespace MiscServices { 31using namespace Rosen; 32using namespace Security::AccessToken; 33bool IdentityCheckerImpl::IsFocused(int64_t callingPid, uint32_t callingTokenId, int64_t focusedPid) 34{ 35 int64_t realFocusedPid = focusedPid; 36 if (realFocusedPid == INVALID_PID) { 37 FocusChangeInfo info; 38#ifdef SCENE_BOARD_ENABLE 39 WindowManagerLite::GetInstance().GetFocusWindowInfo(info); 40#else 41 WindowManager::GetInstance().GetFocusWindowInfo(info); 42#endif 43 realFocusedPid = info.pid_; 44 } 45 IMSA_HILOGD("focusedPid: %{public}" PRId64 ", pid: %{public}" PRId64 "", realFocusedPid, callingPid); 46 if (callingPid == realFocusedPid) { 47 IMSA_HILOGD("pid is same, focused app."); 48 return true; 49 } 50 return IsFocusedUIExtension(callingTokenId); 51} 52 53bool IdentityCheckerImpl::IsSystemApp(uint64_t fullTokenId) 54{ 55 return TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); 56} 57 58bool IdentityCheckerImpl::IsBundleNameValid(uint32_t tokenId, const std::string &validBundleName) 59{ 60 std::string bundleName = GetBundleNameByToken(tokenId); 61 if (bundleName.empty()) { 62 return false; 63 } 64 if (bundleName != validBundleName) { 65 IMSA_HILOGE("bundleName is invalid, caller: %{public}s, current: %{public}s", bundleName.c_str(), 66 validBundleName.c_str()); 67 return false; 68 } 69 IMSA_HILOGD("checked successfully."); 70 return true; 71} 72 73bool IdentityCheckerImpl::HasPermission(uint32_t tokenId, const std::string &permission) 74{ 75 if (AccessTokenKit::VerifyAccessToken(tokenId, permission) != PERMISSION_GRANTED) { 76 IMSA_HILOGE("Permission [%{public}s] not granted!", permission.c_str()); 77 return false; 78 } 79 IMSA_HILOGD("verify AccessToken success."); 80 return true; 81} 82 83bool IdentityCheckerImpl::IsBroker(AccessTokenID tokenId) 84{ 85 if (!IsNativeSa(tokenId)) { 86 return false; 87 } 88 NativeTokenInfo nativeTokenInfoRes; 89 AccessTokenKit::GetNativeTokenInfo(tokenId, nativeTokenInfoRes); 90 return nativeTokenInfoRes.processName == "broker"; 91} 92 93bool IdentityCheckerImpl::IsNativeSa(AccessTokenID tokenId) 94{ 95 return AccessTokenKit::GetTokenTypeFlag(tokenId) == TypeATokenTypeEnum::TOKEN_NATIVE; 96} 97 98bool IdentityCheckerImpl::IsFocusedUIExtension(uint32_t callingTokenId) 99{ 100 bool isFocused = false; 101 auto ret = AAFwk::AbilityManagerClient::GetInstance()->CheckUIExtensionIsFocused(callingTokenId, isFocused); 102 IMSA_HILOGD("tokenId: %{public}d, check result: %{public}d, isFocused: %{public}d", callingTokenId, ret, isFocused); 103 return ret == ErrorCode::NO_ERROR && isFocused; 104} 105 106std::string IdentityCheckerImpl::GetBundleNameByToken(uint32_t tokenId) 107{ 108 auto tokenType = AccessTokenKit::GetTokenTypeFlag(tokenId); 109 if (tokenType != TOKEN_HAP) { 110 IMSA_HILOGE("invalid token!"); 111 return ""; 112 } 113 HapTokenInfo info; 114 int ret = AccessTokenKit::GetHapTokenInfo(tokenId, info); 115 if (ret != ErrorCode::NO_ERROR) { 116 IMSA_HILOGE("failed to get hap info, ret: %{public}d!", ret); 117 return ""; 118 } 119 return info.bundleName; 120} 121} // namespace MiscServices 122} // namespace OHOS