1cf69771bSopenharmony_ci/* 2cf69771bSopenharmony_ci * Copyright (c) 2022 Huawei Device Co., Ltd. 3cf69771bSopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 4cf69771bSopenharmony_ci * you may not use this file except in compliance with the License. 5cf69771bSopenharmony_ci * You may obtain a copy of the License at 6cf69771bSopenharmony_ci * 7cf69771bSopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 8cf69771bSopenharmony_ci * 9cf69771bSopenharmony_ci * Unless required by applicable law or agreed to in writing, software 10cf69771bSopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 11cf69771bSopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12cf69771bSopenharmony_ci * See the License for the specific language governing permissions and 13cf69771bSopenharmony_ci * limitations under the License. 14cf69771bSopenharmony_ci */ 15cf69771bSopenharmony_ci 16cf69771bSopenharmony_ci#include "time_permission.h" 17cf69771bSopenharmony_ci 18cf69771bSopenharmony_ci#include "accesstoken_kit.h" 19cf69771bSopenharmony_ci#include "ipc_skeleton.h" 20cf69771bSopenharmony_ci#include "tokenid_kit.h" 21cf69771bSopenharmony_ci 22cf69771bSopenharmony_cinamespace OHOS { 23cf69771bSopenharmony_cinamespace MiscServices { 24cf69771bSopenharmony_ciconst std::string TimePermission::setTime = "ohos.permission.SET_TIME"; 25cf69771bSopenharmony_ciconst std::string TimePermission::setTimeZone = "ohos.permission.SET_TIME_ZONE"; 26cf69771bSopenharmony_cibool TimePermission::CheckCallingPermission(const std::string &permissionName) 27cf69771bSopenharmony_ci{ 28cf69771bSopenharmony_ci if (permissionName.empty()) { 29cf69771bSopenharmony_ci TIME_HILOGE(TIME_MODULE_COMMON, "permission check failed, permission name is empty."); 30cf69771bSopenharmony_ci return false; 31cf69771bSopenharmony_ci } 32cf69771bSopenharmony_ci auto callerToken = IPCSkeleton::GetCallingTokenID(); 33cf69771bSopenharmony_ci int result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName); 34cf69771bSopenharmony_ci if (result != Security::AccessToken::PERMISSION_GRANTED) { 35cf69771bSopenharmony_ci TIME_HILOGE(TIME_MODULE_COMMON, "permission check failed, result:%{public}d, permission:%{public}s", 36cf69771bSopenharmony_ci result, permissionName.c_str()); 37cf69771bSopenharmony_ci return false; 38cf69771bSopenharmony_ci } 39cf69771bSopenharmony_ci return true; 40cf69771bSopenharmony_ci} 41cf69771bSopenharmony_ci 42cf69771bSopenharmony_cibool TimePermission::CheckProxyCallingPermission() 43cf69771bSopenharmony_ci{ 44cf69771bSopenharmony_ci auto callerToken = IPCSkeleton::GetCallingTokenID(); 45cf69771bSopenharmony_ci auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken); 46cf69771bSopenharmony_ci return (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE || 47cf69771bSopenharmony_ci tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL); 48cf69771bSopenharmony_ci} 49cf69771bSopenharmony_ci 50cf69771bSopenharmony_cibool TimePermission::CheckSystemUidCallingPermission(uint64_t tokenId) 51cf69771bSopenharmony_ci{ 52cf69771bSopenharmony_ci if (CheckProxyCallingPermission()) { 53cf69771bSopenharmony_ci return true; 54cf69771bSopenharmony_ci } 55cf69771bSopenharmony_ci return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(tokenId); 56cf69771bSopenharmony_ci} 57cf69771bSopenharmony_ci} // namespace MiscServices 58cf69771bSopenharmony_ci} // namespace OHOS