1/*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#include "access_token_helper.h"
17
18#include "common_event_permission_manager.h"
19#include "event_log_wrapper.h"
20#include "ipc_skeleton.h"
21#include "privacy_kit.h"
22#include "tokenid_kit.h"
23
24using namespace OHOS::Security::AccessToken;
25
26namespace OHOS {
27namespace EventFwk {
28bool __attribute__((weak)) AccessTokenHelper::VerifyNativeToken(const AccessTokenID &callerToken)
29{
30    ATokenTypeEnum tokenType = AccessTokenKit::GetTokenTypeFlag(callerToken);
31    return (tokenType == ATokenTypeEnum::TOKEN_NATIVE);
32}
33
34bool __attribute__((weak)) AccessTokenHelper::VerifyAccessToken(const AccessTokenID &callerToken,
35    const std::string &permission)
36{
37    return (AccessTokenKit::VerifyAccessToken(callerToken, permission) ==
38        AccessToken::PermissionState::PERMISSION_GRANTED);
39}
40
41void __attribute__((weak)) AccessTokenHelper::RecordSensitivePermissionUsage(const AccessTokenID &callerToken,
42    const std::string &event)
43{
44    EVENT_LOGD("enter");
45    ATokenTypeEnum tokenType = AccessTokenKit::GetTokenTypeFlag(callerToken);
46    if (tokenType != ATokenTypeEnum::TOKEN_HAP) {
47        return;
48    }
49    Permission permission = DelayedSingleton<CommonEventPermissionManager>::GetInstance()->GetEventPermission(event);
50    if (!permission.isSensitive || permission.names.empty()) {
51        return;
52    }
53    for (const auto &permissionName : permission.names) {
54        PrivacyKit::AddPermissionUsedRecord(callerToken, permissionName, 1, 0);
55    }
56}
57
58bool __attribute__((weak)) AccessTokenHelper::IsDlpHap(const AccessTokenID &callerToken)
59{
60    ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(callerToken);
61    if (type == ATokenTypeEnum::TOKEN_HAP) {
62        HapTokenInfo info;
63        AccessTokenKit::GetHapTokenInfo(callerToken, info);
64        return (info.dlpType == DlpType::DLP_READ || info.dlpType == DlpType::DLP_FULL_CONTROL);
65    }
66    return false;
67}
68
69AccessTokenID AccessTokenHelper::GetHapTokenID(int userID,
70    const std::string& bundleName, int instIndex)
71{
72    return AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex);
73}
74
75bool AccessTokenHelper::VerifyShellToken(const AccessTokenID &callerToken)
76{
77    ATokenTypeEnum tokenType = AccessTokenKit::GetTokenTypeFlag(callerToken);
78    return (tokenType == ATokenTypeEnum::TOKEN_SHELL);
79}
80
81bool __attribute__((weak)) AccessTokenHelper::IsSystemApp()
82{
83    AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID();
84    ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(tokenId);
85    if (type == ATokenTypeEnum::TOKEN_HAP) {
86        uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID();
87        if (TokenIdKit::IsSystemAppByFullTokenID(fullTokenId)) {
88            return true;
89        }
90    }
91    return false;
92}
93
94std::string AccessTokenHelper::GetCallingProcessName(const AccessTokenID &callerToken)
95{
96    AccessToken::NativeTokenInfo callingTokenInfo;
97    AccessToken::AccessTokenKit::GetNativeTokenInfo(callerToken, callingTokenInfo);
98    return callingTokenInfo.processName;
99}
100}  // namespace EventFwk
101}  // namespace OHOS
102