1eace7efcSopenharmony_ci/* 2eace7efcSopenharmony_ci * Copyright (c) 2024 Huawei Device Co., Ltd. 3eace7efcSopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 4eace7efcSopenharmony_ci * you may not use this file except in compliance with the License. 5eace7efcSopenharmony_ci * You may obtain a copy of the License at 6eace7efcSopenharmony_ci * 7eace7efcSopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 8eace7efcSopenharmony_ci * 9eace7efcSopenharmony_ci * Unless required by applicable law or agreed to in writing, software 10eace7efcSopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 11eace7efcSopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12eace7efcSopenharmony_ci * See the License for the specific language governing permissions and 13eace7efcSopenharmony_ci * limitations under the License. 14eace7efcSopenharmony_ci */ 15eace7efcSopenharmony_ci 16eace7efcSopenharmony_ci#include "uri_permission_utils.h" 17eace7efcSopenharmony_ci 18eace7efcSopenharmony_ci#include "ability_manager_errors.h" 19eace7efcSopenharmony_ci#include "accesstoken_kit.h" 20eace7efcSopenharmony_ci#include "bundle_mgr_client.h" 21eace7efcSopenharmony_ci#include "global_constant.h" 22eace7efcSopenharmony_ci#include "hilog_tag_wrapper.h" 23eace7efcSopenharmony_ci#include "in_process_call_wrapper.h" 24eace7efcSopenharmony_ci#include "ipc_skeleton.h" 25eace7efcSopenharmony_ci#include "os_account_manager_wrapper.h" 26eace7efcSopenharmony_ci#include "permission_verification.h" 27eace7efcSopenharmony_ci#include "tokenid_kit.h" 28eace7efcSopenharmony_ci 29eace7efcSopenharmony_cinamespace OHOS { 30eace7efcSopenharmony_cinamespace AAFwk { 31eace7efcSopenharmony_cinamespace { 32eace7efcSopenharmony_ciconstexpr int32_t DEFAULT_USER_ID = 0; 33eace7efcSopenharmony_ciconstexpr const char* FOUNDATION_PROCESS_NAME = "foundation"; 34eace7efcSopenharmony_ciconstexpr const char* NET_WORK_ID_MARK = "?networkid="; 35eace7efcSopenharmony_ci} 36eace7efcSopenharmony_ci 37eace7efcSopenharmony_cistd::shared_ptr<AppExecFwk::BundleMgrHelper> UPMSUtils::ConnectManagerHelper() 38eace7efcSopenharmony_ci{ 39eace7efcSopenharmony_ci if (bundleMgrHelper_ == nullptr) { 40eace7efcSopenharmony_ci bundleMgrHelper_ = DelayedSingleton<AppExecFwk::BundleMgrHelper>::GetInstance(); 41eace7efcSopenharmony_ci } 42eace7efcSopenharmony_ci return bundleMgrHelper_; 43eace7efcSopenharmony_ci} 44eace7efcSopenharmony_ci 45eace7efcSopenharmony_cibool UPMSUtils::SendShareUnPrivilegeUriEvent(uint32_t callerTokenId, uint32_t targetTokenId) 46eace7efcSopenharmony_ci{ 47eace7efcSopenharmony_ci std::string callerBundleName; 48eace7efcSopenharmony_ci if (!GetBundleNameByTokenId(callerTokenId, callerBundleName)) { 49eace7efcSopenharmony_ci return false; 50eace7efcSopenharmony_ci } 51eace7efcSopenharmony_ci std::string targetBundleName; 52eace7efcSopenharmony_ci if (!GetBundleNameByTokenId(targetTokenId, targetBundleName)) { 53eace7efcSopenharmony_ci return false; 54eace7efcSopenharmony_ci } 55eace7efcSopenharmony_ci AAFwk::EventInfo eventInfo; 56eace7efcSopenharmony_ci eventInfo.callerBundleName = callerBundleName; 57eace7efcSopenharmony_ci eventInfo.bundleName = targetBundleName; 58eace7efcSopenharmony_ci TAG_LOGD(AAFwkTag::URIPERMMGR, "Send SHARE_UNPRIVILEGED_FILE_URI Event"); 59eace7efcSopenharmony_ci AAFwk::EventReport::SendGrantUriPermissionEvent(AAFwk::EventName::SHARE_UNPRIVILEGED_FILE_URI, eventInfo); 60eace7efcSopenharmony_ci return true; 61eace7efcSopenharmony_ci} 62eace7efcSopenharmony_ci 63eace7efcSopenharmony_cibool UPMSUtils::SendSystemAppGrantUriPermissionEvent(uint32_t callerTokenId, uint32_t targetTokenId, 64eace7efcSopenharmony_ci const std::vector<std::string> &uriVec, const std::vector<int32_t> &resVec) 65eace7efcSopenharmony_ci{ 66eace7efcSopenharmony_ci EventInfo eventInfo; 67eace7efcSopenharmony_ci if (!CheckAndCreateEventInfo(callerTokenId, targetTokenId, eventInfo)) { 68eace7efcSopenharmony_ci return false; 69eace7efcSopenharmony_ci } 70eace7efcSopenharmony_ci for (size_t i = 0; i < resVec.size(); i++) { 71eace7efcSopenharmony_ci if (resVec[i] == 0 || resVec[i] == -EEXIST) { 72eace7efcSopenharmony_ci eventInfo.uri = uriVec[i]; 73eace7efcSopenharmony_ci EventReport::SendGrantUriPermissionEvent(EventName::GRANT_URI_PERMISSION, eventInfo); 74eace7efcSopenharmony_ci } 75eace7efcSopenharmony_ci } 76eace7efcSopenharmony_ci TAG_LOGD(AAFwkTag::URIPERMMGR, "Send GRANT_URI_PERMISSION Event"); 77eace7efcSopenharmony_ci return true; 78eace7efcSopenharmony_ci} 79eace7efcSopenharmony_ci 80eace7efcSopenharmony_cibool UPMSUtils::CheckAndCreateEventInfo(uint32_t callerTokenId, uint32_t targetTokenId, 81eace7efcSopenharmony_ci EventInfo &eventInfo) 82eace7efcSopenharmony_ci{ 83eace7efcSopenharmony_ci std::string callerBundleName; 84eace7efcSopenharmony_ci if (!GetBundleNameByTokenId(callerTokenId, callerBundleName)) { 85eace7efcSopenharmony_ci TAG_LOGD(AAFwkTag::URIPERMMGR, "get callerBundleName failed"); 86eace7efcSopenharmony_ci return false; 87eace7efcSopenharmony_ci } 88eace7efcSopenharmony_ci if (!CheckIsSystemAppByBundleName(callerBundleName)) { 89eace7efcSopenharmony_ci TAG_LOGD(AAFwkTag::URIPERMMGR, "caller not system"); 90eace7efcSopenharmony_ci return false; 91eace7efcSopenharmony_ci } 92eace7efcSopenharmony_ci std::string targetBundleName; 93eace7efcSopenharmony_ci if (!GetBundleNameByTokenId(targetTokenId, targetBundleName)) { 94eace7efcSopenharmony_ci TAG_LOGD(AAFwkTag::URIPERMMGR, "get targetBundleName failed"); 95eace7efcSopenharmony_ci return false; 96eace7efcSopenharmony_ci } 97eace7efcSopenharmony_ci if (CheckIsSystemAppByBundleName(targetBundleName)) { 98eace7efcSopenharmony_ci TAG_LOGD(AAFwkTag::URIPERMMGR, "target is systemApp"); 99eace7efcSopenharmony_ci return false; 100eace7efcSopenharmony_ci } 101eace7efcSopenharmony_ci eventInfo.callerBundleName = callerBundleName; 102eace7efcSopenharmony_ci eventInfo.bundleName = targetBundleName; 103eace7efcSopenharmony_ci return true; 104eace7efcSopenharmony_ci} 105eace7efcSopenharmony_ci 106eace7efcSopenharmony_ciint32_t UPMSUtils::GetCurrentAccountId() 107eace7efcSopenharmony_ci{ 108eace7efcSopenharmony_ci std::vector<int32_t> osActiveAccountIds; 109eace7efcSopenharmony_ci auto ret = DelayedSingleton<AppExecFwk::OsAccountManagerWrapper>::GetInstance()-> 110eace7efcSopenharmony_ci QueryActiveOsAccountIds(osActiveAccountIds); 111eace7efcSopenharmony_ci if (ret != ERR_OK) { 112eace7efcSopenharmony_ci TAG_LOGE(AAFwkTag::URIPERMMGR, "QueryActiveOsAccountIds error"); 113eace7efcSopenharmony_ci return DEFAULT_USER_ID; 114eace7efcSopenharmony_ci } 115eace7efcSopenharmony_ci if (osActiveAccountIds.empty()) { 116eace7efcSopenharmony_ci TAG_LOGE(AAFwkTag::URIPERMMGR, "QueryActiveOsAccountIds empty"); 117eace7efcSopenharmony_ci return DEFAULT_USER_ID; 118eace7efcSopenharmony_ci } 119eace7efcSopenharmony_ci return osActiveAccountIds.front(); 120eace7efcSopenharmony_ci} 121eace7efcSopenharmony_ci 122eace7efcSopenharmony_cibool UPMSUtils::IsFoundationCall() 123eace7efcSopenharmony_ci{ 124eace7efcSopenharmony_ci auto callerTokenId = IPCSkeleton::GetCallingTokenID(); 125eace7efcSopenharmony_ci TAG_LOGD(AAFwkTag::ABILITYMGR, "callerTokenId is %{public}u", callerTokenId); 126eace7efcSopenharmony_ci auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerTokenId); 127eace7efcSopenharmony_ci if (tokenType != Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) { 128eace7efcSopenharmony_ci TAG_LOGI(AAFwkTag::ABILITYMGR, "not native call"); 129eace7efcSopenharmony_ci return false; 130eace7efcSopenharmony_ci } 131eace7efcSopenharmony_ci Security::AccessToken::NativeTokenInfo nativeInfo; 132eace7efcSopenharmony_ci auto result = Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(callerTokenId, nativeInfo); 133eace7efcSopenharmony_ci if (result != ERR_OK) { 134eace7efcSopenharmony_ci TAG_LOGE(AAFwkTag::URIPERMMGR, "GetNativeTokenInfo failed, callerTokenId:%{public}u", callerTokenId); 135eace7efcSopenharmony_ci return false; 136eace7efcSopenharmony_ci } 137eace7efcSopenharmony_ci TAG_LOGD(AAFwkTag::URIPERMMGR, "Caller processName:%{public}s", nativeInfo.processName.c_str()); 138eace7efcSopenharmony_ci return nativeInfo.processName == FOUNDATION_PROCESS_NAME; 139eace7efcSopenharmony_ci} 140eace7efcSopenharmony_ci 141eace7efcSopenharmony_cibool UPMSUtils::IsSAOrSystemAppCall() 142eace7efcSopenharmony_ci{ 143eace7efcSopenharmony_ci return PermissionVerification::GetInstance()->IsSystemAppCall() || 144eace7efcSopenharmony_ci PermissionVerification::GetInstance()->IsSACall(); 145eace7efcSopenharmony_ci} 146eace7efcSopenharmony_ci 147eace7efcSopenharmony_cibool UPMSUtils::IsSystemAppCall(uint32_t tokenId) 148eace7efcSopenharmony_ci{ 149eace7efcSopenharmony_ci if (UPMSUtils::IsFoundationCall()) { 150eace7efcSopenharmony_ci return UPMSUtils::CheckIsSystemAppByTokenId(tokenId); 151eace7efcSopenharmony_ci } 152eace7efcSopenharmony_ci return PermissionVerification::GetInstance()->IsSystemAppCall(); 153eace7efcSopenharmony_ci} 154eace7efcSopenharmony_ci 155eace7efcSopenharmony_cibool UPMSUtils::CheckIsSystemAppByBundleName(std::string &bundleName) 156eace7efcSopenharmony_ci{ 157eace7efcSopenharmony_ci auto bundleMgrHelper = ConnectManagerHelper(); 158eace7efcSopenharmony_ci if (bundleMgrHelper == nullptr) { 159eace7efcSopenharmony_ci TAG_LOGW(AAFwkTag::URIPERMMGR, "bundleMgrHelper null"); 160eace7efcSopenharmony_ci return false; 161eace7efcSopenharmony_ci } 162eace7efcSopenharmony_ci AppExecFwk::ApplicationInfo appInfo; 163eace7efcSopenharmony_ci if (!IN_PROCESS_CALL(bundleMgrHelper->GetApplicationInfo(bundleName, 164eace7efcSopenharmony_ci AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, GetCurrentAccountId(), appInfo))) { 165eace7efcSopenharmony_ci TAG_LOGW(AAFwkTag::URIPERMMGR, "GetApplicationInfo failed"); 166eace7efcSopenharmony_ci return false; 167eace7efcSopenharmony_ci } 168eace7efcSopenharmony_ci auto isSystemApp = Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(appInfo.accessTokenIdEx); 169eace7efcSopenharmony_ci TAG_LOGD(AAFwkTag::URIPERMMGR, "BundleName:%{public}s, isSystemApp:%{public}d", bundleName.c_str(), 170eace7efcSopenharmony_ci static_cast<int32_t>(isSystemApp)); 171eace7efcSopenharmony_ci return isSystemApp; 172eace7efcSopenharmony_ci} 173eace7efcSopenharmony_ci 174eace7efcSopenharmony_cibool UPMSUtils::CheckIsSystemAppByTokenId(uint32_t tokenId) 175eace7efcSopenharmony_ci{ 176eace7efcSopenharmony_ci std::string bundleName; 177eace7efcSopenharmony_ci if (GetBundleNameByTokenId(tokenId, bundleName)) { 178eace7efcSopenharmony_ci return CheckIsSystemAppByBundleName(bundleName); 179eace7efcSopenharmony_ci } 180eace7efcSopenharmony_ci return false; 181eace7efcSopenharmony_ci} 182eace7efcSopenharmony_ci 183eace7efcSopenharmony_cibool UPMSUtils::GetDirByBundleNameAndAppIndex(const std::string &bundleName, int32_t appIndex, std::string &dirName) 184eace7efcSopenharmony_ci{ 185eace7efcSopenharmony_ci auto bmsClient = DelayedSingleton<AppExecFwk::BundleMgrClient>::GetInstance(); 186eace7efcSopenharmony_ci if (bmsClient == nullptr) { 187eace7efcSopenharmony_ci TAG_LOGE(AAFwkTag::URIPERMMGR, "bundleMgrClient is nullptr."); 188eace7efcSopenharmony_ci return false; 189eace7efcSopenharmony_ci } 190eace7efcSopenharmony_ci auto bmsRet = bmsClient->GetDirByBundleNameAndAppIndex(bundleName, appIndex, dirName); 191eace7efcSopenharmony_ci if (bmsRet != ERR_OK) { 192eace7efcSopenharmony_ci TAG_LOGE(AAFwkTag::URIPERMMGR, "GetDirByBundleNameAndAppIndex failed, ret:%{public}d", bmsRet); 193eace7efcSopenharmony_ci return false; 194eace7efcSopenharmony_ci } 195eace7efcSopenharmony_ci return true; 196eace7efcSopenharmony_ci} 197eace7efcSopenharmony_ci 198eace7efcSopenharmony_cibool UPMSUtils::GetAlterableBundleNameByTokenId(uint32_t tokenId, std::string &bundleName) 199eace7efcSopenharmony_ci{ 200eace7efcSopenharmony_ci auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId); 201eace7efcSopenharmony_ci if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_HAP) { 202eace7efcSopenharmony_ci Security::AccessToken::HapTokenInfo hapInfo; 203eace7efcSopenharmony_ci auto ret = Security::AccessToken::AccessTokenKit::GetHapTokenInfo(tokenId, hapInfo); 204eace7efcSopenharmony_ci if (ret != Security::AccessToken::AccessTokenKitRet::RET_SUCCESS) { 205eace7efcSopenharmony_ci TAG_LOGE(AAFwkTag::URIPERMMGR, "GetHapTokenInfo failed, ret:%{public}d", ret); 206eace7efcSopenharmony_ci return false; 207eace7efcSopenharmony_ci } 208eace7efcSopenharmony_ci return GetDirByBundleNameAndAppIndex(hapInfo.bundleName, hapInfo.instIndex, bundleName); 209eace7efcSopenharmony_ci } 210eace7efcSopenharmony_ci return false; 211eace7efcSopenharmony_ci} 212eace7efcSopenharmony_ci 213eace7efcSopenharmony_cibool UPMSUtils::GetBundleNameByTokenId(uint32_t tokenId, std::string &bundleName) 214eace7efcSopenharmony_ci{ 215eace7efcSopenharmony_ci auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId); 216eace7efcSopenharmony_ci if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_HAP) { 217eace7efcSopenharmony_ci Security::AccessToken::HapTokenInfo hapInfo; 218eace7efcSopenharmony_ci auto ret = Security::AccessToken::AccessTokenKit::GetHapTokenInfo(tokenId, hapInfo); 219eace7efcSopenharmony_ci if (ret != Security::AccessToken::AccessTokenKitRet::RET_SUCCESS) { 220eace7efcSopenharmony_ci TAG_LOGE(AAFwkTag::URIPERMMGR, "GetHapTokenInfo failed, ret:%{public}d", ret); 221eace7efcSopenharmony_ci return false; 222eace7efcSopenharmony_ci } 223eace7efcSopenharmony_ci bundleName = hapInfo.bundleName; 224eace7efcSopenharmony_ci return true; 225eace7efcSopenharmony_ci } 226eace7efcSopenharmony_ci return false; 227eace7efcSopenharmony_ci} 228eace7efcSopenharmony_ci 229eace7efcSopenharmony_ciint32_t UPMSUtils::GetAppIdByBundleName(const std::string &bundleName, std::string &appId) 230eace7efcSopenharmony_ci{ 231eace7efcSopenharmony_ci TAG_LOGD(AAFwkTag::URIPERMMGR, "BundleName is %{public}s.", bundleName.c_str()); 232eace7efcSopenharmony_ci auto bms = ConnectManagerHelper(); 233eace7efcSopenharmony_ci if (bms == nullptr) { 234eace7efcSopenharmony_ci TAG_LOGW(AAFwkTag::URIPERMMGR, "The bundleMgrHelper is nullptr."); 235eace7efcSopenharmony_ci return GET_BUNDLE_MANAGER_SERVICE_FAILED; 236eace7efcSopenharmony_ci } 237eace7efcSopenharmony_ci auto userId = GetCurrentAccountId(); 238eace7efcSopenharmony_ci appId = IN_PROCESS_CALL(bms->GetAppIdByBundleName(bundleName, userId)); 239eace7efcSopenharmony_ci if (appId.empty()) { 240eace7efcSopenharmony_ci TAG_LOGW(AAFwkTag::URIPERMMGR, "Get appId by bundle name failed, userId is %{private}d", userId); 241eace7efcSopenharmony_ci return INNER_ERR; 242eace7efcSopenharmony_ci } 243eace7efcSopenharmony_ci return ERR_OK; 244eace7efcSopenharmony_ci} 245eace7efcSopenharmony_ci 246eace7efcSopenharmony_ciint32_t UPMSUtils::GetTokenIdByBundleName(const std::string &bundleName, int32_t appIndex, uint32_t &tokenId) 247eace7efcSopenharmony_ci{ 248eace7efcSopenharmony_ci TAG_LOGD(AAFwkTag::URIPERMMGR, "BundleName:%{public}s, appIndex:%{public}d", bundleName.c_str(), appIndex); 249eace7efcSopenharmony_ci auto bms = ConnectManagerHelper(); 250eace7efcSopenharmony_ci if (bms == nullptr) { 251eace7efcSopenharmony_ci TAG_LOGW(AAFwkTag::URIPERMMGR, "null bms"); 252eace7efcSopenharmony_ci return GET_BUNDLE_MANAGER_SERVICE_FAILED; 253eace7efcSopenharmony_ci } 254eace7efcSopenharmony_ci AppExecFwk::BundleInfo bundleInfo; 255eace7efcSopenharmony_ci auto userId = GetCurrentAccountId(); 256eace7efcSopenharmony_ci if (appIndex == 0) { 257eace7efcSopenharmony_ci auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; 258eace7efcSopenharmony_ci if (!IN_PROCESS_CALL(bms->GetBundleInfo(bundleName, bundleFlag, bundleInfo, userId))) { 259eace7efcSopenharmony_ci TAG_LOGW(AAFwkTag::URIPERMMGR, "Failed GetBundleInfo"); 260eace7efcSopenharmony_ci return GET_BUNDLE_INFO_FAILED; 261eace7efcSopenharmony_ci } 262eace7efcSopenharmony_ci tokenId = bundleInfo.applicationInfo.accessTokenId; 263eace7efcSopenharmony_ci return ERR_OK; 264eace7efcSopenharmony_ci } 265eace7efcSopenharmony_ci if (appIndex <= AbilityRuntime::GlobalConstant::MAX_APP_CLONE_INDEX) { 266eace7efcSopenharmony_ci auto bundleFlag = static_cast<int32_t>(AppExecFwk::GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_APPLICATION); 267eace7efcSopenharmony_ci if (IN_PROCESS_CALL(bms->GetCloneBundleInfo(bundleName, bundleFlag, appIndex, bundleInfo, userId)) != ERR_OK) { 268eace7efcSopenharmony_ci TAG_LOGW(AAFwkTag::URIPERMMGR, "Failed GetCloneBundleInfo"); 269eace7efcSopenharmony_ci return GET_BUNDLE_INFO_FAILED; 270eace7efcSopenharmony_ci } 271eace7efcSopenharmony_ci tokenId = bundleInfo.applicationInfo.accessTokenId; 272eace7efcSopenharmony_ci return ERR_OK; 273eace7efcSopenharmony_ci } 274eace7efcSopenharmony_ci if (IN_PROCESS_CALL(bms->GetSandboxBundleInfo(bundleName, appIndex, userId, bundleInfo) != ERR_OK)) { 275eace7efcSopenharmony_ci TAG_LOGW(AAFwkTag::URIPERMMGR, "Failed GetSandboxBundleInfo"); 276eace7efcSopenharmony_ci return GET_BUNDLE_INFO_FAILED; 277eace7efcSopenharmony_ci } 278eace7efcSopenharmony_ci tokenId = bundleInfo.applicationInfo.accessTokenId; 279eace7efcSopenharmony_ci return ERR_OK; 280eace7efcSopenharmony_ci} 281eace7efcSopenharmony_ci 282eace7efcSopenharmony_cibool UPMSUtils::IsDocsCloudUri(Uri &uri) 283eace7efcSopenharmony_ci{ 284eace7efcSopenharmony_ci return (uri.GetAuthority() == "docs" && uri.ToString().find(NET_WORK_ID_MARK) != std::string::npos); 285eace7efcSopenharmony_ci} 286eace7efcSopenharmony_ci 287eace7efcSopenharmony_cistd::shared_ptr<AppExecFwk::BundleMgrHelper> UPMSUtils::bundleMgrHelper_ = nullptr; 288eace7efcSopenharmony_ci} // namespace AAFwk 289eace7efcSopenharmony_ci} // namespace OHOS 290