1 /*
2 * Copyright (C) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include <mutex>
16 #include "dhcp_permission_utils.h"
17 #include "dhcp_logger.h"
18 #ifndef OHOS_ARCH_LITE
19 #include <cinttypes>
20 #include "ipc_skeleton.h"
21 #include "tokenid_kit.h"
22 #include "accesstoken_kit.h"
23 #endif
24
25 DEFINE_DHCPLOG_DHCP_LABEL("DhcpPermissionUtils");
26 namespace OHOS {
27 namespace DHCP {
GetInstance()28 DhcpPermissionUtils &DhcpPermissionUtils::GetInstance()
29 {
30 static DhcpPermissionUtils gDhcpPermissionUtils;
31 return gDhcpPermissionUtils;
32 }
33
VerifyIsNativeProcess()34 bool DhcpPermissionUtils::VerifyIsNativeProcess()
35 {
36 #ifdef DTFUZZ_TEST
37 DHCP_LOGI("VerifyIsNativeProcess DTFUZZ_TEST permission granted!");
38 return true;
39 #endif
40 #ifndef OHOS_ARCH_LITE
41 uint32_t tokenId = IPCSkeleton::GetCallingTokenID();
42 Security::AccessToken::ATokenTypeEnum callingType =
43 Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId);
44 if (callingType == Security::AccessToken::TOKEN_NATIVE) {
45 return true;
46 }
47 DHCP_LOGE("VerifyIsNativeProcess false, callingType:%{public}d is not a native process.", callingType);
48 return false;
49 #else
50 DHCP_LOGI("VerifyIsNativeProcess OHOS_ARCH_LITE permission granted!");
51 return true;
52 #endif
53 }
54
VerifyDhcpNetworkPermission(const std::string &permissionName)55 bool DhcpPermissionUtils::VerifyDhcpNetworkPermission(const std::string &permissionName)
56 {
57 #ifdef DTFUZZ_TEST
58 DHCP_LOGI("VerifyDhcpNetworkPermission DTFUZZ_TEST permission granted!");
59 return true;
60 #endif
61 #ifndef OHOS_ARCH_LITE
62 if (!(DhcpPermissionUtils::GetInstance().VerifyPermission(permissionName, IPCSkeleton::GetCallingRealPid(),
63 IPCSkeleton::GetCallingUid(), 0))) {
64 DHCP_LOGE("VerifyDhcpNetworkPermission VerifyPermission denied!");
65 return false;
66 }
67 return true;
68 #else
69 DHCP_LOGI("VerifyDhcpNetworkPermission OHOS_ARCH_LITE permission granted!");
70 return true;
71 #endif
72 }
73
VerifyPermission(const std::string &permissionName, const int &pid, const int &uid, const int &tokenId)74 bool DhcpPermissionUtils::VerifyPermission(const std::string &permissionName, const int &pid,
75 const int &uid, const int &tokenId)
76 {
77 #ifdef OHOS_ARCH_LITE
78 DHCP_LOGI("VerifyPermission OHOS_ARCH_LITE permission granted!");
79 return true;
80 #else
81 if (uid == static_cast<int>(getuid()) && pid == static_cast<int>(getpid())) {
82 DHCP_LOGI("VerifyPermission uid pid has permission!");
83 return true;
84 }
85 Security::AccessToken::AccessTokenID callerToken = 0;
86 if (tokenId == 0) {
87 callerToken = IPCSkeleton::GetCallingTokenID();
88 } else {
89 callerToken = (Security::AccessToken::AccessTokenID)tokenId;
90 }
91 DHCP_LOGI("VerifyPermission callerToken:%{public}d", callerToken);
92 int result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName);
93 if (result == Security::AccessToken::PermissionState::PERMISSION_GRANTED) {
94 return true;
95 }
96 DHCP_LOGE("VerifyPermission has no permission_name=%{public}s, pid=%{public}d, uid=%{public}d, result=%{public}d",
97 permissionName.c_str(), pid, uid, result);
98 return false;
99 #endif
100 }
101 } // namespace DHCP
102 } // namespace OHOS