1/*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#include "permission.h"
17
18#include "accesstoken_kit.h"
19#include "ipc_skeleton.h"
20#include "tokenid_kit.h"
21#include "devattest_log.h"
22
23using namespace OHOS;
24using namespace OHOS::Security::AccessToken;
25
26namespace OHOS {
27namespace DevAttest {
28Permission::Permission()
29{
30}
31
32Permission::~Permission()
33{
34}
35
36bool Permission::IsSystem()
37{
38    AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID();
39    pid_t pid = IPCSkeleton::GetCallingPid();
40    pid_t uid = IPCSkeleton::GetCallingUid();
41    ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(tokenId);
42    HILOGD("[IsSystem] check permission, type=%{public}d, pid=%{public}d,uid=%{public}d",
43        static_cast<int32_t>(type), pid, uid);
44    bool result = false;
45    switch (type) {
46        case ATokenTypeEnum::TOKEN_HAP:
47            result = TokenIdKit::IsSystemAppByFullTokenID(IPCSkeleton::GetCallingFullTokenID());
48            break;
49        case ATokenTypeEnum::TOKEN_NATIVE:
50        case ATokenTypeEnum::TOKEN_SHELL:
51            result = true;
52            break;
53        case ATokenTypeEnum::TOKEN_INVALID:
54        case ATokenTypeEnum::TOKEN_TYPE_BUTT:
55            break;
56    }
57    if (!result) {
58        HILOGE("[IsSystem] system denied, type=%{public}d, pid=%{public}d, uid=%{public}d",
59            static_cast<int32_t>(type), pid, uid);
60        return false;
61    }
62    return true;
63}
64
65bool Permission::IsPermissionGranted(const std::string& perm)
66{
67    AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID();
68    pid_t pid = IPCSkeleton::GetCallingPid();
69    pid_t uid = IPCSkeleton::GetCallingUid();
70    ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(tokenId);
71    HILOGD("[IsPermissionGranted] check permission, perm=%{public}s type=%{public}d, pid=%{public}d,uid=%{public}d",
72        perm.c_str(), static_cast<int32_t>(type), pid, uid);
73    int32_t result = PermissionState::PERMISSION_DENIED;
74    switch (type) {
75        case ATokenTypeEnum::TOKEN_HAP:
76            result = AccessTokenKit::VerifyAccessToken(tokenId, perm);
77            break;
78        case ATokenTypeEnum::TOKEN_NATIVE:
79        case ATokenTypeEnum::TOKEN_SHELL:
80            result = PermissionState::PERMISSION_GRANTED;
81            break;
82        case ATokenTypeEnum::TOKEN_INVALID:
83        case ATokenTypeEnum::TOKEN_TYPE_BUTT:
84            break;
85    }
86    if (result == PermissionState::PERMISSION_DENIED) {
87        HILOGE("[IsPermissionGranted] permis denied, perm=%{public}s type=%{public}d, pid=%{public}d, uid=%{public}d",
88            perm.c_str(), static_cast<int32_t>(type), pid, uid);
89        return false;
90    }
91    return true;
92}
93} // namespace DevAttest
94} // namespace OHOS
95