15bbf6e98Sopenharmony_ci/*
25bbf6e98Sopenharmony_ci * Copyright (c) 2023 Huawei Device Co., Ltd.
35bbf6e98Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License");
45bbf6e98Sopenharmony_ci * you may not use this file except in compliance with the License.
55bbf6e98Sopenharmony_ci * You may obtain a copy of the License at
65bbf6e98Sopenharmony_ci *
75bbf6e98Sopenharmony_ci *     http://www.apache.org/licenses/LICENSE-2.0
85bbf6e98Sopenharmony_ci *
95bbf6e98Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software
105bbf6e98Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS,
115bbf6e98Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
125bbf6e98Sopenharmony_ci * See the License for the specific language governing permissions and
135bbf6e98Sopenharmony_ci * limitations under the License.
145bbf6e98Sopenharmony_ci */
155bbf6e98Sopenharmony_ci
165bbf6e98Sopenharmony_ci#include "permission.h"
175bbf6e98Sopenharmony_ci
185bbf6e98Sopenharmony_ci#include "accesstoken_kit.h"
195bbf6e98Sopenharmony_ci#include "ipc_skeleton.h"
205bbf6e98Sopenharmony_ci#include "tokenid_kit.h"
215bbf6e98Sopenharmony_ci#include "devattest_log.h"
225bbf6e98Sopenharmony_ci
235bbf6e98Sopenharmony_ciusing namespace OHOS;
245bbf6e98Sopenharmony_ciusing namespace OHOS::Security::AccessToken;
255bbf6e98Sopenharmony_ci
265bbf6e98Sopenharmony_cinamespace OHOS {
275bbf6e98Sopenharmony_cinamespace DevAttest {
285bbf6e98Sopenharmony_ciPermission::Permission()
295bbf6e98Sopenharmony_ci{
305bbf6e98Sopenharmony_ci}
315bbf6e98Sopenharmony_ci
325bbf6e98Sopenharmony_ciPermission::~Permission()
335bbf6e98Sopenharmony_ci{
345bbf6e98Sopenharmony_ci}
355bbf6e98Sopenharmony_ci
365bbf6e98Sopenharmony_cibool Permission::IsSystem()
375bbf6e98Sopenharmony_ci{
385bbf6e98Sopenharmony_ci    AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID();
395bbf6e98Sopenharmony_ci    pid_t pid = IPCSkeleton::GetCallingPid();
405bbf6e98Sopenharmony_ci    pid_t uid = IPCSkeleton::GetCallingUid();
415bbf6e98Sopenharmony_ci    ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(tokenId);
425bbf6e98Sopenharmony_ci    HILOGD("[IsSystem] check permission, type=%{public}d, pid=%{public}d,uid=%{public}d",
435bbf6e98Sopenharmony_ci        static_cast<int32_t>(type), pid, uid);
445bbf6e98Sopenharmony_ci    bool result = false;
455bbf6e98Sopenharmony_ci    switch (type) {
465bbf6e98Sopenharmony_ci        case ATokenTypeEnum::TOKEN_HAP:
475bbf6e98Sopenharmony_ci            result = TokenIdKit::IsSystemAppByFullTokenID(IPCSkeleton::GetCallingFullTokenID());
485bbf6e98Sopenharmony_ci            break;
495bbf6e98Sopenharmony_ci        case ATokenTypeEnum::TOKEN_NATIVE:
505bbf6e98Sopenharmony_ci        case ATokenTypeEnum::TOKEN_SHELL:
515bbf6e98Sopenharmony_ci            result = true;
525bbf6e98Sopenharmony_ci            break;
535bbf6e98Sopenharmony_ci        case ATokenTypeEnum::TOKEN_INVALID:
545bbf6e98Sopenharmony_ci        case ATokenTypeEnum::TOKEN_TYPE_BUTT:
555bbf6e98Sopenharmony_ci            break;
565bbf6e98Sopenharmony_ci    }
575bbf6e98Sopenharmony_ci    if (!result) {
585bbf6e98Sopenharmony_ci        HILOGE("[IsSystem] system denied, type=%{public}d, pid=%{public}d, uid=%{public}d",
595bbf6e98Sopenharmony_ci            static_cast<int32_t>(type), pid, uid);
605bbf6e98Sopenharmony_ci        return false;
615bbf6e98Sopenharmony_ci    }
625bbf6e98Sopenharmony_ci    return true;
635bbf6e98Sopenharmony_ci}
645bbf6e98Sopenharmony_ci
655bbf6e98Sopenharmony_cibool Permission::IsPermissionGranted(const std::string& perm)
665bbf6e98Sopenharmony_ci{
675bbf6e98Sopenharmony_ci    AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID();
685bbf6e98Sopenharmony_ci    pid_t pid = IPCSkeleton::GetCallingPid();
695bbf6e98Sopenharmony_ci    pid_t uid = IPCSkeleton::GetCallingUid();
705bbf6e98Sopenharmony_ci    ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(tokenId);
715bbf6e98Sopenharmony_ci    HILOGD("[IsPermissionGranted] check permission, perm=%{public}s type=%{public}d, pid=%{public}d,uid=%{public}d",
725bbf6e98Sopenharmony_ci        perm.c_str(), static_cast<int32_t>(type), pid, uid);
735bbf6e98Sopenharmony_ci    int32_t result = PermissionState::PERMISSION_DENIED;
745bbf6e98Sopenharmony_ci    switch (type) {
755bbf6e98Sopenharmony_ci        case ATokenTypeEnum::TOKEN_HAP:
765bbf6e98Sopenharmony_ci            result = AccessTokenKit::VerifyAccessToken(tokenId, perm);
775bbf6e98Sopenharmony_ci            break;
785bbf6e98Sopenharmony_ci        case ATokenTypeEnum::TOKEN_NATIVE:
795bbf6e98Sopenharmony_ci        case ATokenTypeEnum::TOKEN_SHELL:
805bbf6e98Sopenharmony_ci            result = PermissionState::PERMISSION_GRANTED;
815bbf6e98Sopenharmony_ci            break;
825bbf6e98Sopenharmony_ci        case ATokenTypeEnum::TOKEN_INVALID:
835bbf6e98Sopenharmony_ci        case ATokenTypeEnum::TOKEN_TYPE_BUTT:
845bbf6e98Sopenharmony_ci            break;
855bbf6e98Sopenharmony_ci    }
865bbf6e98Sopenharmony_ci    if (result == PermissionState::PERMISSION_DENIED) {
875bbf6e98Sopenharmony_ci        HILOGE("[IsPermissionGranted] permis denied, perm=%{public}s type=%{public}d, pid=%{public}d, uid=%{public}d",
885bbf6e98Sopenharmony_ci            perm.c_str(), static_cast<int32_t>(type), pid, uid);
895bbf6e98Sopenharmony_ci        return false;
905bbf6e98Sopenharmony_ci    }
915bbf6e98Sopenharmony_ci    return true;
925bbf6e98Sopenharmony_ci}
935bbf6e98Sopenharmony_ci} // namespace DevAttest
945bbf6e98Sopenharmony_ci} // namespace OHOS
95