1dfe32fa1Soh_ci/* 2dfe32fa1Soh_ci * Copyright (c) 2023 Huawei Device Co., Ltd. 3dfe32fa1Soh_ci * Licensed under the Apache License, Version 2.0 (the "License"); 4dfe32fa1Soh_ci * you may not use this file except in compliance with the License. 5dfe32fa1Soh_ci * You may obtain a copy of the License at 6dfe32fa1Soh_ci * 7dfe32fa1Soh_ci * http://www.apache.org/licenses/LICENSE-2.0 8dfe32fa1Soh_ci * 9dfe32fa1Soh_ci * Unless required by applicable law or agreed to in writing, software 10dfe32fa1Soh_ci * distributed under the License is distributed on an "AS IS" BASIS, 11dfe32fa1Soh_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12dfe32fa1Soh_ci * See the License for the specific language governing permissions and 13dfe32fa1Soh_ci * limitations under the License. 14dfe32fa1Soh_ci */ 15dfe32fa1Soh_ci 16dfe32fa1Soh_ci#include "access_token_wrapper.h" 17dfe32fa1Soh_ci 18dfe32fa1Soh_ci#include <cstring> 19dfe32fa1Soh_ci#include "securec.h" 20dfe32fa1Soh_ci 21dfe32fa1Soh_ci#include "accesstoken_kit.h" 22dfe32fa1Soh_ci#include "tokenid_kit.h" 23dfe32fa1Soh_ci#include "ipc_skeleton.h" 24dfe32fa1Soh_ci 25dfe32fa1Soh_ci#include "asset_type.h" 26dfe32fa1Soh_ci#include "asset_log.h" 27dfe32fa1Soh_ci 28dfe32fa1Soh_ciusing namespace OHOS; 29dfe32fa1Soh_ciusing namespace Security::AccessToken; 30dfe32fa1Soh_ci 31dfe32fa1Soh_cinamespace { 32dfe32fa1Soh_cibool CheckSystemApp(void) 33dfe32fa1Soh_ci{ 34dfe32fa1Soh_ci auto accessTokenId = IPCSkeleton::GetCallingFullTokenID(); 35dfe32fa1Soh_ci bool isSystemApp = TokenIdKit::IsSystemAppByFullTokenID(accessTokenId); 36dfe32fa1Soh_ci if (isSystemApp) { 37dfe32fa1Soh_ci LOGI("[INFO]Check system app success!"); 38dfe32fa1Soh_ci return true; 39dfe32fa1Soh_ci } else { 40dfe32fa1Soh_ci LOGE("[FATAL]Check system app failed"); 41dfe32fa1Soh_ci return false; 42dfe32fa1Soh_ci } 43dfe32fa1Soh_ci} 44dfe32fa1Soh_ci 45dfe32fa1Soh_ci} // namespace 46dfe32fa1Soh_ci 47dfe32fa1Soh_cibool CheckPermission(const char *permission) 48dfe32fa1Soh_ci{ 49dfe32fa1Soh_ci auto tokenId = IPCSkeleton::GetCallingTokenID(); 50dfe32fa1Soh_ci int result = AccessTokenKit::VerifyAccessToken(tokenId, permission); 51dfe32fa1Soh_ci if (result == PERMISSION_GRANTED) { 52dfe32fa1Soh_ci LOGI("[INFO]Check permission success!"); 53dfe32fa1Soh_ci return true; 54dfe32fa1Soh_ci } else { 55dfe32fa1Soh_ci LOGE("[FATAL]Check permission failed, ret=%{public}d", result); 56dfe32fa1Soh_ci return false; 57dfe32fa1Soh_ci } 58dfe32fa1Soh_ci} 59dfe32fa1Soh_ci 60dfe32fa1Soh_cibool CheckSystemHapPermission(void) 61dfe32fa1Soh_ci{ 62dfe32fa1Soh_ci auto tokenId = IPCSkeleton::GetCallingTokenID(); 63dfe32fa1Soh_ci ATokenTypeEnum tokenType = AccessTokenKit::GetTokenTypeFlag(tokenId); 64dfe32fa1Soh_ci return (tokenType == ATokenTypeEnum::TOKEN_HAP) ? CheckSystemApp() : true; 65dfe32fa1Soh_ci} 66