1518678f8Sopenharmony_ci/* 2518678f8Sopenharmony_ci * Copyright (C) 2021-2022 Huawei Device Co., Ltd. 3518678f8Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 4518678f8Sopenharmony_ci * you may not use this file except in compliance with the License. 5518678f8Sopenharmony_ci * You may obtain a copy of the License at 6518678f8Sopenharmony_ci * 7518678f8Sopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 8518678f8Sopenharmony_ci * 9518678f8Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software 10518678f8Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 11518678f8Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12518678f8Sopenharmony_ci * See the License for the specific language governing permissions and 13518678f8Sopenharmony_ci * limitations under the License. 14518678f8Sopenharmony_ci */ 15518678f8Sopenharmony_ci#include <mutex> 16518678f8Sopenharmony_ci#include "dhcp_permission_utils.h" 17518678f8Sopenharmony_ci#include "dhcp_logger.h" 18518678f8Sopenharmony_ci#ifndef OHOS_ARCH_LITE 19518678f8Sopenharmony_ci#include <cinttypes> 20518678f8Sopenharmony_ci#include "ipc_skeleton.h" 21518678f8Sopenharmony_ci#include "tokenid_kit.h" 22518678f8Sopenharmony_ci#include "accesstoken_kit.h" 23518678f8Sopenharmony_ci#endif 24518678f8Sopenharmony_ci 25518678f8Sopenharmony_ciDEFINE_DHCPLOG_DHCP_LABEL("DhcpPermissionUtils"); 26518678f8Sopenharmony_cinamespace OHOS { 27518678f8Sopenharmony_cinamespace DHCP { 28518678f8Sopenharmony_ciDhcpPermissionUtils &DhcpPermissionUtils::GetInstance() 29518678f8Sopenharmony_ci{ 30518678f8Sopenharmony_ci static DhcpPermissionUtils gDhcpPermissionUtils; 31518678f8Sopenharmony_ci return gDhcpPermissionUtils; 32518678f8Sopenharmony_ci} 33518678f8Sopenharmony_ci 34518678f8Sopenharmony_cibool DhcpPermissionUtils::VerifyIsNativeProcess() 35518678f8Sopenharmony_ci{ 36518678f8Sopenharmony_ci#ifdef DTFUZZ_TEST 37518678f8Sopenharmony_ci DHCP_LOGI("VerifyIsNativeProcess DTFUZZ_TEST permission granted!"); 38518678f8Sopenharmony_ci return true; 39518678f8Sopenharmony_ci#endif 40518678f8Sopenharmony_ci#ifndef OHOS_ARCH_LITE 41518678f8Sopenharmony_ci uint32_t tokenId = IPCSkeleton::GetCallingTokenID(); 42518678f8Sopenharmony_ci Security::AccessToken::ATokenTypeEnum callingType = 43518678f8Sopenharmony_ci Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId); 44518678f8Sopenharmony_ci if (callingType == Security::AccessToken::TOKEN_NATIVE) { 45518678f8Sopenharmony_ci return true; 46518678f8Sopenharmony_ci } 47518678f8Sopenharmony_ci DHCP_LOGE("VerifyIsNativeProcess false, callingType:%{public}d is not a native process.", callingType); 48518678f8Sopenharmony_ci return false; 49518678f8Sopenharmony_ci#else 50518678f8Sopenharmony_ci DHCP_LOGI("VerifyIsNativeProcess OHOS_ARCH_LITE permission granted!"); 51518678f8Sopenharmony_ci return true; 52518678f8Sopenharmony_ci#endif 53518678f8Sopenharmony_ci} 54518678f8Sopenharmony_ci 55518678f8Sopenharmony_cibool DhcpPermissionUtils::VerifyDhcpNetworkPermission(const std::string &permissionName) 56518678f8Sopenharmony_ci{ 57518678f8Sopenharmony_ci#ifdef DTFUZZ_TEST 58518678f8Sopenharmony_ci DHCP_LOGI("VerifyDhcpNetworkPermission DTFUZZ_TEST permission granted!"); 59518678f8Sopenharmony_ci return true; 60518678f8Sopenharmony_ci#endif 61518678f8Sopenharmony_ci#ifndef OHOS_ARCH_LITE 62518678f8Sopenharmony_ci if (!(DhcpPermissionUtils::GetInstance().VerifyPermission(permissionName, IPCSkeleton::GetCallingRealPid(), 63518678f8Sopenharmony_ci IPCSkeleton::GetCallingUid(), 0))) { 64518678f8Sopenharmony_ci DHCP_LOGE("VerifyDhcpNetworkPermission VerifyPermission denied!"); 65518678f8Sopenharmony_ci return false; 66518678f8Sopenharmony_ci } 67518678f8Sopenharmony_ci return true; 68518678f8Sopenharmony_ci#else 69518678f8Sopenharmony_ci DHCP_LOGI("VerifyDhcpNetworkPermission OHOS_ARCH_LITE permission granted!"); 70518678f8Sopenharmony_ci return true; 71518678f8Sopenharmony_ci#endif 72518678f8Sopenharmony_ci} 73518678f8Sopenharmony_ci 74518678f8Sopenharmony_cibool DhcpPermissionUtils::VerifyPermission(const std::string &permissionName, const int &pid, 75518678f8Sopenharmony_ci const int &uid, const int &tokenId) 76518678f8Sopenharmony_ci{ 77518678f8Sopenharmony_ci#ifdef OHOS_ARCH_LITE 78518678f8Sopenharmony_ci DHCP_LOGI("VerifyPermission OHOS_ARCH_LITE permission granted!"); 79518678f8Sopenharmony_ci return true; 80518678f8Sopenharmony_ci#else 81518678f8Sopenharmony_ci if (uid == static_cast<int>(getuid()) && pid == static_cast<int>(getpid())) { 82518678f8Sopenharmony_ci DHCP_LOGI("VerifyPermission uid pid has permission!"); 83518678f8Sopenharmony_ci return true; 84518678f8Sopenharmony_ci } 85518678f8Sopenharmony_ci Security::AccessToken::AccessTokenID callerToken = 0; 86518678f8Sopenharmony_ci if (tokenId == 0) { 87518678f8Sopenharmony_ci callerToken = IPCSkeleton::GetCallingTokenID(); 88518678f8Sopenharmony_ci } else { 89518678f8Sopenharmony_ci callerToken = (Security::AccessToken::AccessTokenID)tokenId; 90518678f8Sopenharmony_ci } 91518678f8Sopenharmony_ci DHCP_LOGI("VerifyPermission callerToken:%{public}d", callerToken); 92518678f8Sopenharmony_ci int result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName); 93518678f8Sopenharmony_ci if (result == Security::AccessToken::PermissionState::PERMISSION_GRANTED) { 94518678f8Sopenharmony_ci return true; 95518678f8Sopenharmony_ci } 96518678f8Sopenharmony_ci DHCP_LOGE("VerifyPermission has no permission_name=%{public}s, pid=%{public}d, uid=%{public}d, result=%{public}d", 97518678f8Sopenharmony_ci permissionName.c_str(), pid, uid, result); 98518678f8Sopenharmony_ci return false; 99518678f8Sopenharmony_ci#endif 100518678f8Sopenharmony_ci} 101518678f8Sopenharmony_ci} // namespace DHCP 102518678f8Sopenharmony_ci} // namespace OHOS