1e0dac50fSopenharmony_ci/* 2e0dac50fSopenharmony_ci * Copyright (c) 2023 Huawei Device Co., Ltd. 3e0dac50fSopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 4e0dac50fSopenharmony_ci * you may not use this file except in compliance with the License. 5e0dac50fSopenharmony_ci * You may obtain a copy of the License at 6e0dac50fSopenharmony_ci * 7e0dac50fSopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 8e0dac50fSopenharmony_ci * 9e0dac50fSopenharmony_ci * Unless required by applicable law or agreed to in writing, software 10e0dac50fSopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 11e0dac50fSopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12e0dac50fSopenharmony_ci * See the License for the specific language governing permissions and 13e0dac50fSopenharmony_ci * limitations under the License. 14e0dac50fSopenharmony_ci */ 15e0dac50fSopenharmony_ci 16e0dac50fSopenharmony_ci#include <accesstoken_kit.h> 17e0dac50fSopenharmony_ci#include <app_mgr_client.h> 18e0dac50fSopenharmony_ci#include <app_mgr_interface.h> 19e0dac50fSopenharmony_ci#include <bundle_constants.h> 20e0dac50fSopenharmony_ci#include <ipc_skeleton.h> 21e0dac50fSopenharmony_ci#include <bundle_mgr_proxy.h> 22e0dac50fSopenharmony_ci#include <bundle_mgr_interface.h> 23e0dac50fSopenharmony_ci#include <system_ability_definition.h> 24e0dac50fSopenharmony_ci#include <iservice_registry.h> 25e0dac50fSopenharmony_ci#include <tokenid_kit.h> 26e0dac50fSopenharmony_ci#include <input_method_controller.h> 27e0dac50fSopenharmony_ci#include <singleton.h> 28e0dac50fSopenharmony_ci#include <singleton_container.h> 29e0dac50fSopenharmony_ci#include <pwd.h> 30e0dac50fSopenharmony_ci#include "common/include/session_permission.h" 31e0dac50fSopenharmony_ci#include "parameters.h" 32e0dac50fSopenharmony_ci#include "window_manager_hilog.h" 33e0dac50fSopenharmony_ci 34e0dac50fSopenharmony_cinamespace OHOS { 35e0dac50fSopenharmony_cinamespace Rosen { 36e0dac50fSopenharmony_cinamespace { 37e0dac50fSopenharmony_ciconstexpr HiviewDFX::HiLogLabel LABEL = {LOG_CORE, HILOG_DOMAIN_WINDOW, "SessionPermission"}; 38e0dac50fSopenharmony_ciconstexpr int32_t FOUNDATION_UID = 5523; 39e0dac50fSopenharmony_ci 40e0dac50fSopenharmony_cisptr<AppExecFwk::IBundleMgr> GetBundleManagerProxy() 41e0dac50fSopenharmony_ci{ 42e0dac50fSopenharmony_ci sptr<ISystemAbilityManager> systemAbilityManager = 43e0dac50fSopenharmony_ci SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); 44e0dac50fSopenharmony_ci if (!systemAbilityManager) { 45e0dac50fSopenharmony_ci WLOGFE("Failed to get system ability mgr."); 46e0dac50fSopenharmony_ci return nullptr; 47e0dac50fSopenharmony_ci } 48e0dac50fSopenharmony_ci sptr<IRemoteObject> remoteObject 49e0dac50fSopenharmony_ci = systemAbilityManager->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID); 50e0dac50fSopenharmony_ci if (!remoteObject) { 51e0dac50fSopenharmony_ci WLOGFE("Failed to get bundle manager service."); 52e0dac50fSopenharmony_ci return nullptr; 53e0dac50fSopenharmony_ci } 54e0dac50fSopenharmony_ci auto bundleManagerServiceProxy = iface_cast<AppExecFwk::IBundleMgr>(remoteObject); 55e0dac50fSopenharmony_ci if (!bundleManagerServiceProxy || !bundleManagerServiceProxy->AsObject()) { 56e0dac50fSopenharmony_ci WLOGFE("Failed to get bundle manager proxy."); 57e0dac50fSopenharmony_ci return nullptr; 58e0dac50fSopenharmony_ci } 59e0dac50fSopenharmony_ci return bundleManagerServiceProxy; 60e0dac50fSopenharmony_ci} 61e0dac50fSopenharmony_ci} 62e0dac50fSopenharmony_ci 63e0dac50fSopenharmony_cibool SessionPermission::IsSystemServiceCalling(bool needPrintLog) 64e0dac50fSopenharmony_ci{ 65e0dac50fSopenharmony_ci const auto tokenId = IPCSkeleton::GetCallingTokenID(); 66e0dac50fSopenharmony_ci const auto flag = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId); 67e0dac50fSopenharmony_ci if (flag == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE || 68e0dac50fSopenharmony_ci flag == Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL) { 69e0dac50fSopenharmony_ci TLOGD(WmsLogTag::DEFAULT, "system service calling, tokenId:%{private}u, flag:%{public}u", tokenId, flag); 70e0dac50fSopenharmony_ci return true; 71e0dac50fSopenharmony_ci } 72e0dac50fSopenharmony_ci if (needPrintLog) { 73e0dac50fSopenharmony_ci TLOGE(WmsLogTag::DEFAULT, "Not system service calling, tokenId:%{private}u, flag:%{public}u", tokenId, flag); 74e0dac50fSopenharmony_ci } 75e0dac50fSopenharmony_ci return false; 76e0dac50fSopenharmony_ci} 77e0dac50fSopenharmony_ci 78e0dac50fSopenharmony_cibool SessionPermission::IsSystemCalling() 79e0dac50fSopenharmony_ci{ 80e0dac50fSopenharmony_ci const auto tokenId = IPCSkeleton::GetCallingTokenID(); 81e0dac50fSopenharmony_ci const auto flag = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId); 82e0dac50fSopenharmony_ci TLOGD(WmsLogTag::DEFAULT, "tokenId:%{private}u, flag:%{public}u", tokenId, flag); 83e0dac50fSopenharmony_ci if (flag == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE || 84e0dac50fSopenharmony_ci flag == Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL) { 85e0dac50fSopenharmony_ci return true; 86e0dac50fSopenharmony_ci } 87e0dac50fSopenharmony_ci return IsSystemAppCall(); 88e0dac50fSopenharmony_ci} 89e0dac50fSopenharmony_ci 90e0dac50fSopenharmony_cibool SessionPermission::IsSystemAppCall() 91e0dac50fSopenharmony_ci{ 92e0dac50fSopenharmony_ci uint64_t callingTokenId = IPCSkeleton::GetCallingFullTokenID(); 93e0dac50fSopenharmony_ci return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(callingTokenId); 94e0dac50fSopenharmony_ci} 95e0dac50fSopenharmony_ci 96e0dac50fSopenharmony_cibool SessionPermission::IsSACalling() 97e0dac50fSopenharmony_ci{ 98e0dac50fSopenharmony_ci const auto tokenId = IPCSkeleton::GetCallingTokenID(); 99e0dac50fSopenharmony_ci const auto flag = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId); 100e0dac50fSopenharmony_ci if (flag == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) { 101e0dac50fSopenharmony_ci TLOGD(WmsLogTag::DEFAULT, "SA called, tokenId:%{private}u, flag:%{public}u", tokenId, flag); 102e0dac50fSopenharmony_ci return true; 103e0dac50fSopenharmony_ci } 104e0dac50fSopenharmony_ci TLOGI(WmsLogTag::DEFAULT, "Not SA called, tokenId:%{private}u, flag:%{public}u", tokenId, flag); 105e0dac50fSopenharmony_ci return false; 106e0dac50fSopenharmony_ci} 107e0dac50fSopenharmony_ci 108e0dac50fSopenharmony_cibool SessionPermission::VerifyCallingPermission(const std::string& permissionName) 109e0dac50fSopenharmony_ci{ 110e0dac50fSopenharmony_ci auto callerToken = IPCSkeleton::GetCallingTokenID(); 111e0dac50fSopenharmony_ci TLOGD(WmsLogTag::DEFAULT, "permission %{public}s, callingTokenID:%{private}u", 112e0dac50fSopenharmony_ci permissionName.c_str(), callerToken); 113e0dac50fSopenharmony_ci int32_t ret = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName); 114e0dac50fSopenharmony_ci if (ret != Security::AccessToken::PermissionState::PERMISSION_GRANTED) { 115e0dac50fSopenharmony_ci TLOGE(WmsLogTag::DEFAULT, 116e0dac50fSopenharmony_ci "permission %{public}s: PERMISSION_DENIED, callingTokenID:%{private}u, ret:%{public}d", 117e0dac50fSopenharmony_ci permissionName.c_str(), callerToken, ret); 118e0dac50fSopenharmony_ci return false; 119e0dac50fSopenharmony_ci } 120e0dac50fSopenharmony_ci TLOGI(WmsLogTag::DEFAULT, "Verify AccessToken success. permission %{public}s, callingTokenID:%{private}u", 121e0dac50fSopenharmony_ci permissionName.c_str(), callerToken); 122e0dac50fSopenharmony_ci return true; 123e0dac50fSopenharmony_ci} 124e0dac50fSopenharmony_ci 125e0dac50fSopenharmony_cibool SessionPermission::VerifyPermissionByCallerToken(const uint32_t callerToken, const std::string& permissionName) 126e0dac50fSopenharmony_ci{ 127e0dac50fSopenharmony_ci TLOGD(WmsLogTag::DEFAULT, "permission %{public}s, callingTokenID:%{private}u", 128e0dac50fSopenharmony_ci permissionName.c_str(), callerToken); 129e0dac50fSopenharmony_ci int32_t ret = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName); 130e0dac50fSopenharmony_ci if (ret != Security::AccessToken::PermissionState::PERMISSION_GRANTED) { 131e0dac50fSopenharmony_ci TLOGE(WmsLogTag::DEFAULT, 132e0dac50fSopenharmony_ci "permission %{public}s: PERMISSION_DENIED, callingTokenID:%{private}u, ret:%{public}d", 133e0dac50fSopenharmony_ci permissionName.c_str(), callerToken, ret); 134e0dac50fSopenharmony_ci return false; 135e0dac50fSopenharmony_ci } 136e0dac50fSopenharmony_ci TLOGI(WmsLogTag::DEFAULT, "Verify AccessToken success. permission %{public}s, callingTokenID:%{private}u", 137e0dac50fSopenharmony_ci permissionName.c_str(), callerToken); 138e0dac50fSopenharmony_ci return true; 139e0dac50fSopenharmony_ci} 140e0dac50fSopenharmony_ci 141e0dac50fSopenharmony_cibool SessionPermission::VerifySessionPermission() 142e0dac50fSopenharmony_ci{ 143e0dac50fSopenharmony_ci if (IsSACalling()) { 144e0dac50fSopenharmony_ci WLOGFI("Is SA Call, Permission verified success."); 145e0dac50fSopenharmony_ci return true; 146e0dac50fSopenharmony_ci } 147e0dac50fSopenharmony_ci if (VerifyCallingPermission(PermissionConstants::PERMISSION_MANAGE_MISSION)) { 148e0dac50fSopenharmony_ci WLOGFI("MANAGE permission verified success."); 149e0dac50fSopenharmony_ci return true; 150e0dac50fSopenharmony_ci } 151e0dac50fSopenharmony_ci WLOGFW("Permission verified failed."); 152e0dac50fSopenharmony_ci return false; 153e0dac50fSopenharmony_ci} 154e0dac50fSopenharmony_ci 155e0dac50fSopenharmony_cibool SessionPermission::JudgeCallerIsAllowedToUseSystemAPI() 156e0dac50fSopenharmony_ci{ 157e0dac50fSopenharmony_ci if (IsSACalling() || IsShellCall()) { 158e0dac50fSopenharmony_ci return true; 159e0dac50fSopenharmony_ci } 160e0dac50fSopenharmony_ci return IsSystemAppCall(); 161e0dac50fSopenharmony_ci} 162e0dac50fSopenharmony_ci 163e0dac50fSopenharmony_cibool SessionPermission::IsShellCall() 164e0dac50fSopenharmony_ci{ 165e0dac50fSopenharmony_ci auto callerToken = IPCSkeleton::GetCallingTokenID(); 166e0dac50fSopenharmony_ci auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken); 167e0dac50fSopenharmony_ci if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL) { 168e0dac50fSopenharmony_ci WLOGFI("TokenType is Shell, verify success"); 169e0dac50fSopenharmony_ci return true; 170e0dac50fSopenharmony_ci } 171e0dac50fSopenharmony_ci TLOGI(WmsLogTag::DEFAULT, "Not Shell called. tokenId:%{private}u, type:%{public}u", callerToken, tokenType); 172e0dac50fSopenharmony_ci return false; 173e0dac50fSopenharmony_ci} 174e0dac50fSopenharmony_ci 175e0dac50fSopenharmony_cibool SessionPermission::IsStartByHdcd() 176e0dac50fSopenharmony_ci{ 177e0dac50fSopenharmony_ci OHOS::Security::AccessToken::NativeTokenInfo info; 178e0dac50fSopenharmony_ci if (Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(IPCSkeleton::GetCallingTokenID(), info) != 0) { 179e0dac50fSopenharmony_ci return false; 180e0dac50fSopenharmony_ci } 181e0dac50fSopenharmony_ci if (info.processName.compare("hdcd") == 0) { 182e0dac50fSopenharmony_ci return true; 183e0dac50fSopenharmony_ci } 184e0dac50fSopenharmony_ci return false; 185e0dac50fSopenharmony_ci} 186e0dac50fSopenharmony_ci 187e0dac50fSopenharmony_cibool SessionPermission::IsStartedByInputMethod() 188e0dac50fSopenharmony_ci{ 189e0dac50fSopenharmony_ci auto imc = MiscServices::InputMethodController::GetInstance(); 190e0dac50fSopenharmony_ci if (!imc) { 191e0dac50fSopenharmony_ci TLOGE(WmsLogTag::DEFAULT, "InputMethodController is nullptr"); 192e0dac50fSopenharmony_ci return false; 193e0dac50fSopenharmony_ci } 194e0dac50fSopenharmony_ci int pid = IPCSkeleton::GetCallingPid(); 195e0dac50fSopenharmony_ci return imc->IsCurrentImeByPid(pid); 196e0dac50fSopenharmony_ci} 197e0dac50fSopenharmony_ci 198e0dac50fSopenharmony_cibool SessionPermission::IsSameBundleNameAsCalling(const std::string& bundleName) 199e0dac50fSopenharmony_ci{ 200e0dac50fSopenharmony_ci if (bundleName == "") { 201e0dac50fSopenharmony_ci return false; 202e0dac50fSopenharmony_ci } 203e0dac50fSopenharmony_ci auto bundleManagerServiceProxy_ = GetBundleManagerProxy(); 204e0dac50fSopenharmony_ci if (!bundleManagerServiceProxy_) { 205e0dac50fSopenharmony_ci WLOGFE("failed to get BundleManagerServiceProxy"); 206e0dac50fSopenharmony_ci return false; 207e0dac50fSopenharmony_ci } 208e0dac50fSopenharmony_ci int uid = IPCSkeleton::GetCallingUid(); 209e0dac50fSopenharmony_ci // reset ipc identity 210e0dac50fSopenharmony_ci std::string identity = IPCSkeleton::ResetCallingIdentity(); 211e0dac50fSopenharmony_ci std::string callingBundleName; 212e0dac50fSopenharmony_ci bundleManagerServiceProxy_->GetNameForUid(uid, callingBundleName); 213e0dac50fSopenharmony_ci IPCSkeleton::SetCallingIdentity(identity); 214e0dac50fSopenharmony_ci if (callingBundleName == bundleName) { 215e0dac50fSopenharmony_ci WLOGFD("verify bundle name success"); 216e0dac50fSopenharmony_ci return true; 217e0dac50fSopenharmony_ci } else { 218e0dac50fSopenharmony_ci WLOGFE("verify bundle name failed, calling bundle name %{public}s, but window bundle name %{public}s.", 219e0dac50fSopenharmony_ci callingBundleName.c_str(), bundleName.c_str()); 220e0dac50fSopenharmony_ci return false; 221e0dac50fSopenharmony_ci } 222e0dac50fSopenharmony_ci} 223e0dac50fSopenharmony_ci 224e0dac50fSopenharmony_cibool SessionPermission::IsSameAppAsCalling(const std::string& bundleName, const std::string& appIdentifier) 225e0dac50fSopenharmony_ci{ 226e0dac50fSopenharmony_ci if (bundleName == "" || appIdentifier == "") { 227e0dac50fSopenharmony_ci return false; 228e0dac50fSopenharmony_ci } 229e0dac50fSopenharmony_ci auto bundleManagerServiceProxy = GetBundleManagerProxy(); 230e0dac50fSopenharmony_ci if (!bundleManagerServiceProxy) { 231e0dac50fSopenharmony_ci TLOGE(WmsLogTag::DEFAULT, "failed to get BundleManagerServiceProxy"); 232e0dac50fSopenharmony_ci return false; 233e0dac50fSopenharmony_ci } 234e0dac50fSopenharmony_ci int uid = IPCSkeleton::GetCallingUid(); 235e0dac50fSopenharmony_ci // reset ipc identity 236e0dac50fSopenharmony_ci std::string identity = IPCSkeleton::ResetCallingIdentity(); 237e0dac50fSopenharmony_ci std::string callingBundleName; 238e0dac50fSopenharmony_ci bundleManagerServiceProxy->GetNameForUid(uid, callingBundleName); 239e0dac50fSopenharmony_ci if (callingBundleName != bundleName) { 240e0dac50fSopenharmony_ci TLOGE(WmsLogTag::DEFAULT, "verify app failed, callingBundleName %{public}s, bundleName %{public}s.", 241e0dac50fSopenharmony_ci callingBundleName.c_str(), bundleName.c_str()); 242e0dac50fSopenharmony_ci IPCSkeleton::SetCallingIdentity(identity); 243e0dac50fSopenharmony_ci return false; 244e0dac50fSopenharmony_ci } 245e0dac50fSopenharmony_ci AppExecFwk::BundleInfo bundleInfo; 246e0dac50fSopenharmony_ci int userId = uid / 200000; // 200000 use uid to caculate userId 247e0dac50fSopenharmony_ci bool ret = bundleManagerServiceProxy->GetBundleInfoV9( 248e0dac50fSopenharmony_ci callingBundleName, static_cast<int32_t>(AppExecFwk::GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_SIGNATURE_INFO), 249e0dac50fSopenharmony_ci bundleInfo, userId); 250e0dac50fSopenharmony_ci IPCSkeleton::SetCallingIdentity(identity); 251e0dac50fSopenharmony_ci 252e0dac50fSopenharmony_ci if (ret != ERR_OK) { 253e0dac50fSopenharmony_ci TLOGE(WmsLogTag::DEFAULT, "failed to query app info, callingBundleName:%{public}s, userId:%{public}d", 254e0dac50fSopenharmony_ci callingBundleName.c_str(), userId); 255e0dac50fSopenharmony_ci return false; 256e0dac50fSopenharmony_ci } 257e0dac50fSopenharmony_ci 258e0dac50fSopenharmony_ci if (bundleInfo.signatureInfo.appIdentifier == appIdentifier) { 259e0dac50fSopenharmony_ci TLOGI(WmsLogTag::DEFAULT, "verify app success"); 260e0dac50fSopenharmony_ci return true; 261e0dac50fSopenharmony_ci } 262e0dac50fSopenharmony_ci 263e0dac50fSopenharmony_ci TLOGE(WmsLogTag::DEFAULT, "verify app failed, callingBundleName %{public}s, bundleName %{public}s.", 264e0dac50fSopenharmony_ci callingBundleName.c_str(), bundleName.c_str()); 265e0dac50fSopenharmony_ci return false; 266e0dac50fSopenharmony_ci} 267e0dac50fSopenharmony_ci 268e0dac50fSopenharmony_cibool SessionPermission::IsStartedByUIExtension() 269e0dac50fSopenharmony_ci{ 270e0dac50fSopenharmony_ci auto bundleManagerServiceProxy = GetBundleManagerProxy(); 271e0dac50fSopenharmony_ci if (!bundleManagerServiceProxy) { 272e0dac50fSopenharmony_ci WLOGFE("failed to get BundleManagerServiceProxy"); 273e0dac50fSopenharmony_ci return false; 274e0dac50fSopenharmony_ci } 275e0dac50fSopenharmony_ci 276e0dac50fSopenharmony_ci int uid = IPCSkeleton::GetCallingUid(); 277e0dac50fSopenharmony_ci // reset ipc identity 278e0dac50fSopenharmony_ci std::string identity = IPCSkeleton::ResetCallingIdentity(); 279e0dac50fSopenharmony_ci std::string bundleName; 280e0dac50fSopenharmony_ci bundleManagerServiceProxy->GetNameForUid(uid, bundleName); 281e0dac50fSopenharmony_ci AppExecFwk::BundleInfo bundleInfo; 282e0dac50fSopenharmony_ci int userId = uid / 200000; // 200000 use uid to caculate userId 283e0dac50fSopenharmony_ci bool result = bundleManagerServiceProxy->GetBundleInfo(bundleName, 284e0dac50fSopenharmony_ci AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO, bundleInfo, userId); 285e0dac50fSopenharmony_ci // set ipc identity to raw 286e0dac50fSopenharmony_ci IPCSkeleton::SetCallingIdentity(identity); 287e0dac50fSopenharmony_ci if (!result) { 288e0dac50fSopenharmony_ci WLOGFE("failed to query extension ability info, bundleName:%{public}s, userId:%{public}d", 289e0dac50fSopenharmony_ci bundleName.c_str(), userId); 290e0dac50fSopenharmony_ci return false; 291e0dac50fSopenharmony_ci } 292e0dac50fSopenharmony_ci 293e0dac50fSopenharmony_ci auto extensionInfo = std::find_if(bundleInfo.extensionInfos.begin(), bundleInfo.extensionInfos.end(), 294e0dac50fSopenharmony_ci [](AppExecFwk::ExtensionAbilityInfo extensionInfo) { 295e0dac50fSopenharmony_ci return (extensionInfo.type == AppExecFwk::ExtensionAbilityType::SYS_COMMON_UI); 296e0dac50fSopenharmony_ci }); 297e0dac50fSopenharmony_ci return extensionInfo != bundleInfo.extensionInfos.end(); 298e0dac50fSopenharmony_ci} 299e0dac50fSopenharmony_ci 300e0dac50fSopenharmony_cibool SessionPermission::CheckCallingIsUserTestMode(pid_t pid) 301e0dac50fSopenharmony_ci{ 302e0dac50fSopenharmony_ci TLOGI(WmsLogTag::DEFAULT, "Calling proxy func"); 303e0dac50fSopenharmony_ci bool isUserTestMode = false; 304e0dac50fSopenharmony_ci auto appMgrClient = DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance(); 305e0dac50fSopenharmony_ci if (appMgrClient == nullptr) { 306e0dac50fSopenharmony_ci TLOGE(WmsLogTag::DEFAULT, "AppMgeClient is null!"); 307e0dac50fSopenharmony_ci return false; 308e0dac50fSopenharmony_ci } 309e0dac50fSopenharmony_ci // reset ipc identity 310e0dac50fSopenharmony_ci std::string identity = IPCSkeleton::ResetCallingIdentity(); 311e0dac50fSopenharmony_ci int32_t ret = appMgrClient->CheckCallingIsUserTestMode(pid, isUserTestMode); 312e0dac50fSopenharmony_ci // set ipc identity to raw 313e0dac50fSopenharmony_ci IPCSkeleton::SetCallingIdentity(identity); 314e0dac50fSopenharmony_ci if (ret != ERR_OK) { 315e0dac50fSopenharmony_ci TLOGE(WmsLogTag::DEFAULT, "Permission denied! ret=%{public}d", ret); 316e0dac50fSopenharmony_ci return false; 317e0dac50fSopenharmony_ci } 318e0dac50fSopenharmony_ci return isUserTestMode; 319e0dac50fSopenharmony_ci} 320e0dac50fSopenharmony_ci 321e0dac50fSopenharmony_cibool SessionPermission::IsBetaVersion() 322e0dac50fSopenharmony_ci{ 323e0dac50fSopenharmony_ci std::string betaName = OHOS::system::GetParameter("const.logsystem.versiontype", ""); 324e0dac50fSopenharmony_ci return betaName.find("beta") != std::string::npos; 325e0dac50fSopenharmony_ci} 326e0dac50fSopenharmony_ci 327e0dac50fSopenharmony_cibool SessionPermission::IsFoundationCall() 328e0dac50fSopenharmony_ci{ 329e0dac50fSopenharmony_ci return IPCSkeleton::GetCallingUid() == FOUNDATION_UID; 330e0dac50fSopenharmony_ci} 331e0dac50fSopenharmony_ci 332e0dac50fSopenharmony_cistd::string SessionPermission::GetCallingBundleName() 333e0dac50fSopenharmony_ci{ 334e0dac50fSopenharmony_ci auto bundleManagerServiceProxy = GetBundleManagerProxy(); 335e0dac50fSopenharmony_ci if (!bundleManagerServiceProxy) { 336e0dac50fSopenharmony_ci WLOGFE("failed to get BundleManagerServiceProxy"); 337e0dac50fSopenharmony_ci return ""; 338e0dac50fSopenharmony_ci } 339e0dac50fSopenharmony_ci int uid = IPCSkeleton::GetCallingUid(); 340e0dac50fSopenharmony_ci // reset ipc identity 341e0dac50fSopenharmony_ci std::string identity = IPCSkeleton::ResetCallingIdentity(); 342e0dac50fSopenharmony_ci std::string callingBundleName; 343e0dac50fSopenharmony_ci bundleManagerServiceProxy->GetNameForUid(uid, callingBundleName); 344e0dac50fSopenharmony_ci // if bundlename is empty, fill in pw_name 345e0dac50fSopenharmony_ci if (callingBundleName.empty()) { 346e0dac50fSopenharmony_ci if (struct passwd* user = getpwuid(uid)) { 347e0dac50fSopenharmony_ci callingBundleName = user->pw_name; 348e0dac50fSopenharmony_ci } 349e0dac50fSopenharmony_ci } 350e0dac50fSopenharmony_ci IPCSkeleton::SetCallingIdentity(identity); 351e0dac50fSopenharmony_ci return callingBundleName; 352e0dac50fSopenharmony_ci} 353e0dac50fSopenharmony_ci} // namespace Rosen 354e0dac50fSopenharmony_ci} // namespace OHOS