1/* 2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16#include "permission.h" 17 18#include "accesstoken_kit.h" 19#include "ipc_skeleton.h" 20#include "tokenid_kit.h" 21 22#include "power_log.h" 23 24using namespace OHOS; 25using namespace OHOS::Security::AccessToken; 26 27namespace OHOS { 28namespace PowerMgr { 29bool Permission::IsHap() 30{ 31 AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID(); 32 pid_t pid = IPCSkeleton::GetCallingPid(); 33 pid_t uid = IPCSkeleton::GetCallingUid(); 34 ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(tokenId); 35 POWER_HILOGD(COMP_UTILS, "checking is hap calling, type=%{public}d, pid=%{public}d, uid=%{public}d", 36 static_cast<int32_t>(type), pid, uid); 37 switch (type) { 38 case ATokenTypeEnum::TOKEN_HAP: 39 return true; 40 case ATokenTypeEnum::TOKEN_NATIVE: 41 case ATokenTypeEnum::TOKEN_SHELL: 42 case ATokenTypeEnum::TOKEN_INVALID: 43 case ATokenTypeEnum::TOKEN_TYPE_BUTT: 44 return false; 45 default: 46 break; 47 } 48 return false; 49} 50 51bool Permission::IsSystem() 52{ 53 AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID(); 54 pid_t pid = IPCSkeleton::GetCallingPid(); 55 pid_t uid = IPCSkeleton::GetCallingUid(); 56 ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(tokenId); 57 POWER_HILOGD(COMP_UTILS, "checking system permission, type=%{public}d, pid=%{public}d, uid=%{public}d", 58 static_cast<int32_t>(type), pid, uid); 59 bool result = false; 60 switch (type) { 61 case ATokenTypeEnum::TOKEN_HAP: 62 result = TokenIdKit::IsSystemAppByFullTokenID(IPCSkeleton::GetCallingFullTokenID()); 63 break; 64 case ATokenTypeEnum::TOKEN_NATIVE: 65 case ATokenTypeEnum::TOKEN_SHELL: 66 result = true; 67 break; 68 case ATokenTypeEnum::TOKEN_INVALID: 69 case ATokenTypeEnum::TOKEN_TYPE_BUTT: 70 break; 71 default: 72 break; 73 } 74 if (!result) { 75 POWER_HILOGW(COMP_UTILS, "system denied, type=%{public}d, pid=%{public}d, uid=%{public}d", 76 static_cast<int32_t>(type), pid, uid); 77 return false; 78 } 79 return true; 80} 81 82bool Permission::IsPermissionGranted(const std::string& perm) 83{ 84 AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID(); 85 pid_t pid = IPCSkeleton::GetCallingPid(); 86 pid_t uid = IPCSkeleton::GetCallingUid(); 87 ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(tokenId); 88 POWER_HILOGD(COMP_UTILS, "checking permission, perm=%{public}s type=%{public}d, pid=%{public}d, uid=%{public}d", 89 perm.c_str(), static_cast<int32_t>(type), pid, uid); 90 int32_t result = PermissionState::PERMISSION_DENIED; 91 switch (type) { 92 case ATokenTypeEnum::TOKEN_HAP: 93 result = AccessTokenKit::VerifyAccessToken(tokenId, perm); 94 break; 95 case ATokenTypeEnum::TOKEN_NATIVE: 96 case ATokenTypeEnum::TOKEN_SHELL: 97 result = PermissionState::PERMISSION_GRANTED; 98 break; 99 case ATokenTypeEnum::TOKEN_INVALID: 100 case ATokenTypeEnum::TOKEN_TYPE_BUTT: 101 break; 102 default: 103 break; 104 } 105 if (result == PermissionState::PERMISSION_DENIED) { 106 POWER_HILOGW(COMP_UTILS, "permission denied, perm=%{public}s type=%{public}d, pid=%{public}d, uid=%{public}d", 107 perm.c_str(), static_cast<int32_t>(type), pid, uid); 108 return false; 109 } 110 return true; 111} 112 113bool Permission::IsNativePermissionGranted(const std::string& perm) 114{ 115 AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID(); 116 pid_t pid = IPCSkeleton::GetCallingPid(); 117 pid_t uid = IPCSkeleton::GetCallingUid(); 118 ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(tokenId); 119 POWER_HILOGD(COMP_UTILS, "checking permission, perm=%{public}s type=%{public}d, pid=%{public}d, uid=%{public}d", 120 perm.c_str(), static_cast<int32_t>(type), pid, uid); 121 int32_t result = PermissionState::PERMISSION_DENIED; 122 switch (type) { 123 case ATokenTypeEnum::TOKEN_HAP: 124 result = PermissionState::PERMISSION_GRANTED; 125 break; 126 case ATokenTypeEnum::TOKEN_NATIVE: 127 case ATokenTypeEnum::TOKEN_SHELL: 128 result = AccessTokenKit::VerifyAccessToken(tokenId, perm); 129 break; 130 case ATokenTypeEnum::TOKEN_INVALID: 131 case ATokenTypeEnum::TOKEN_TYPE_BUTT: 132 break; 133 default: 134 break; 135 } 136 if (result == PermissionState::PERMISSION_DENIED) { 137 POWER_HILOGW(COMP_UTILS, "permission denied, perm=%{public}s type=%{public}d, pid=%{public}d, uid=%{public}d", 138 perm.c_str(), static_cast<int32_t>(type), pid, uid); 139 return false; 140 } 141 return true; 142} 143} // namespace PowerMgr 144} // namespace OHOS 145