1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "account_iam_mgr_stub.h"
17
18 #include "access_token.h"
19 #include "account_log_wrapper.h"
20 #include "account_permission_manager.h"
21 #include "iaccount_iam_callback.h"
22 #include "ipc_skeleton.h"
23 #include "memory_guard.h"
24 #include "token_setproc.h"
25
26 namespace OHOS {
27 namespace AccountSA {
28 namespace {
29 const std::string ACCESS_USER_AUTH_INTERNAL = "ohos.permission.ACCESS_USER_AUTH_INTERNAL";
30 const std::string MANAGE_USER_IDM = "ohos.permission.MANAGE_USER_IDM";
31 const std::string USE_USER_IDM = "ohos.permission.USE_USER_IDM";
32 }
33
34 const std::map<uint32_t, AccountIAMMgrStub::AccountIAMMessageProc> messageProcMap = {
35 {
36 static_cast<uint32_t>(AccountIAMInterfaceCode::OPEN_SESSION),
37 {
__anon7ea729d80202() 38 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
39 return ptr->ProcOpenSession(data, reply); },
40 .isSyetemApi = true,
41 }
42 },
43 {
44 static_cast<uint32_t>(AccountIAMInterfaceCode::CLOSE_SESSION),
45 {
__anon7ea729d80302() 46 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
47 return ptr->ProcCloseSession(data, reply); },
48 .isSyetemApi = true,
49 }
50 },
51 {
52 static_cast<uint32_t>(AccountIAMInterfaceCode::ADD_CREDENTIAL),
53 {
__anon7ea729d80402() 54 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
55 return ptr->ProcAddCredential(data, reply); },
56 .isSyetemApi = true,
57 }
58 },
59 {
60 static_cast<uint32_t>(AccountIAMInterfaceCode::UPDATE_CREDENTIAL),
61 {
__anon7ea729d80502() 62 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
63 return ptr->ProcUpdateCredential(data, reply); },
64 .isSyetemApi = true,
65 }
66 },
67 {
68 static_cast<uint32_t>(AccountIAMInterfaceCode::DEL_CRED),
69 {
__anon7ea729d80602() 70 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
71 return ptr->ProcDelCred(data, reply); },
72 .isSyetemApi = true,
73 }
74 },
75 {
76 static_cast<uint32_t>(AccountIAMInterfaceCode::DEL_USER),
77 {
__anon7ea729d80702() 78 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
79 return ptr->ProcDelUser(data, reply); },
80 .isSyetemApi = true,
81 }
82 },
83 {
84 static_cast<uint32_t>(AccountIAMInterfaceCode::CANCEL),
85 {
__anon7ea729d80802() 86 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
87 return ptr->ProcCancel(data, reply); },
88 .isSyetemApi = true,
89 }
90 },
91 {
92 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_CREDENTIAL_INFO),
93 {
__anon7ea729d80902() 94 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
95 return ptr->ProcGetCredentialInfo(data, reply); },
96 .isSyetemApi = true,
97 }
98 },
99 {
100 static_cast<uint32_t>(AccountIAMInterfaceCode::PREPARE_REMOTE_AUTH),
101 {
__anon7ea729d80a02() 102 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
103 return ptr->ProcPrepareRemoteAuth(data, reply); },
104 .isSyetemApi = true,
105 }
106 },
107 {
108 static_cast<uint32_t>(AccountIAMInterfaceCode::AUTH_USER),
109 {
__anon7ea729d80b02() 110 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
111 return ptr->ProcAuthUser(data, reply); },
112 .isSyetemApi = true,
113 }
114 },
115 {
116 static_cast<uint32_t>(AccountIAMInterfaceCode::CANCEL_AUTH),
117 {
__anon7ea729d80c02() 118 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
119 return ptr->ProcCancelAuth(data, reply); },
120 .isSyetemApi = true,
121 }
122 },
123 {
124 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_AVAILABLE_STATUS),
125 {
__anon7ea729d80d02() 126 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
127 return ptr->ProcGetAvailableStatus(data, reply); },
128 .isSyetemApi = true,
129 }
130 },
131 {
132 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_PROPERTY),
133 {
__anon7ea729d80e02() 134 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
135 return ptr->ProcGetProperty(data, reply); },
136 .isSyetemApi = true,
137 }
138 },
139 {
140 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_PROPERTY_BY_CREDENTIAL_ID),
141 {
__anon7ea729d80f02() 142 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
143 return ptr->ProcGetPropertyById(data, reply); },
144 .isSyetemApi = true,
145 }
146 },
147 {
148 static_cast<uint32_t>(AccountIAMInterfaceCode::SET_PROPERTY),
149 {
__anon7ea729d81002() 150 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
151 return ptr->ProcSetProperty(data, reply); },
152 .isSyetemApi = true,
153 }
154 },
155 {
156 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_ENROLLED_ID),
157 {
__anon7ea729d81102() 158 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
159 return ptr->ProcGetEnrolledId(data, reply); },
160 .isSyetemApi = true,
161 }
162 },
163 {
164 static_cast<uint32_t>(AccountIAMInterfaceCode::GET_ACCOUNT_STATE),
165 {
__anon7ea729d81202() 166 .messageProcFunction = [] (AccountIAMMgrStub *ptr, MessageParcel &data, MessageParcel &reply) {
167 return ptr->ProcGetAccountState(data, reply); },
168 }
169 }
170 };
171
AccountIAMMgrStub()172 AccountIAMMgrStub::AccountIAMMgrStub()
173 {
174 messageProcMap_ = messageProcMap;
175 }
176
~AccountIAMMgrStub()177 AccountIAMMgrStub::~AccountIAMMgrStub()
178 {}
179
OnRemoteRequest(std::uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)180 std::int32_t AccountIAMMgrStub::OnRemoteRequest(
181 std::uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option)
182 {
183 ACCOUNT_LOGI("Received stub message: %{public}d, callingPid: %{public}d", code, IPCSkeleton::GetCallingRealPid());
184 MemoryGuard cacheGuard;
185 Security::AccessToken::AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
186 int result = SetFirstCallerTokenID(tokenCaller);
187 ACCOUNT_LOGD("SetFirstCallerTokenID result: %{public}d", result);
188 if (data.ReadInterfaceToken() != GetDescriptor()) {
189 ACCOUNT_LOGE("check descriptor failed! code %{public}u.", code);
190 return ERR_ACCOUNT_COMMON_CHECK_DESCRIPTOR_ERROR;
191 }
192 const auto &itFunc = messageProcMap_.find(code);
193 if (itFunc != messageProcMap_.end()) {
194 if (itFunc->second.isSyetemApi) {
195 result = AccountPermissionManager::CheckSystemApp();
196 if (result != ERR_OK) {
197 ACCOUNT_LOGE("is not system application, result = %{public}u.", result);
198 return result;
199 }
200 }
201 return (itFunc->second.messageProcFunction)(this, data, reply);
202 }
203 ACCOUNT_LOGW("remote request unhandled: %{public}d", code);
204 return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
205 }
206
ProcOpenSession(MessageParcel & data,MessageParcel & reply)207 ErrCode AccountIAMMgrStub::ProcOpenSession(MessageParcel &data, MessageParcel &reply)
208 {
209 if (!CheckPermission(MANAGE_USER_IDM)) {
210 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
211 }
212 int32_t userId;
213 if (!data.ReadInt32(userId)) {
214 ACCOUNT_LOGE("failed to read userId");
215 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
216 }
217 std::vector<uint8_t> challenge;
218 int32_t result = OpenSession(userId, challenge);
219 if (!reply.WriteInt32(result)) {
220 ACCOUNT_LOGE("failed to write result");
221 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
222 }
223 if (result == ERR_OK) {
224 if (!reply.WriteUInt8Vector(challenge)) {
225 ACCOUNT_LOGE("failed to write challenge");
226 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
227 }
228 }
229 return ERR_NONE;
230 }
231
ProcCloseSession(MessageParcel & data,MessageParcel & reply)232 ErrCode AccountIAMMgrStub::ProcCloseSession(MessageParcel &data, MessageParcel &reply)
233 {
234 if (!CheckPermission(MANAGE_USER_IDM)) {
235 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
236 }
237 int32_t userId;
238 if (!data.ReadInt32(userId)) {
239 ACCOUNT_LOGE("failed to read userId");
240 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
241 }
242 int32_t result = CloseSession(userId);
243 if (!reply.WriteInt32(result)) {
244 ACCOUNT_LOGE("failed to write result");
245 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
246 }
247 return ERR_NONE;
248 }
249
ReadUserIdAndAuthType(MessageParcel & data,int32_t & userId,int32_t & authType)250 ErrCode AccountIAMMgrStub::ReadUserIdAndAuthType(MessageParcel &data, int32_t &userId, int32_t &authType)
251 {
252 if (!data.ReadInt32(userId)) {
253 ACCOUNT_LOGE("failed to read userId");
254 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
255 }
256 if (!data.ReadInt32(authType)) {
257 ACCOUNT_LOGE("failed to read authType");
258 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
259 }
260 return ERR_OK;
261 }
262
AddOrUpdateCredential(MessageParcel & data,MessageParcel & reply,bool isAdd)263 ErrCode AccountIAMMgrStub::AddOrUpdateCredential(MessageParcel &data, MessageParcel &reply, bool isAdd)
264 {
265 if (!CheckPermission(MANAGE_USER_IDM)) {
266 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
267 }
268 int32_t userId;
269 int32_t authType;
270 ErrCode ret = ReadUserIdAndAuthType(data, userId, authType);
271 if (ret != ERR_OK) {
272 return ret;
273 }
274 int32_t authSubType;
275 if (!data.ReadInt32(authSubType)) {
276 ACCOUNT_LOGE("failed to read authSubType");
277 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
278 }
279 CredentialParameters credParams;
280 if (!data.ReadUInt8Vector(&credParams.token)) {
281 ACCOUNT_LOGE("failed to read token");
282 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
283 }
284 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
285 if (callback == nullptr) {
286 ACCOUNT_LOGE("callback is nullptr");
287 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
288 }
289 credParams.authType = static_cast<AuthType>(authType);
290 credParams.pinType = static_cast<PinSubType>(authSubType);
291 if (isAdd) {
292 AddCredential(userId, credParams, callback);
293 } else {
294 UpdateCredential(userId, credParams, callback);
295 }
296 return ERR_NONE;
297 }
298
ProcAddCredential(MessageParcel & data,MessageParcel & reply)299 ErrCode AccountIAMMgrStub::ProcAddCredential(MessageParcel &data, MessageParcel &reply)
300 {
301 return AddOrUpdateCredential(data, reply);
302 }
303
ProcUpdateCredential(MessageParcel & data,MessageParcel & reply)304 ErrCode AccountIAMMgrStub::ProcUpdateCredential(MessageParcel &data, MessageParcel &reply)
305 {
306 return AddOrUpdateCredential(data, reply, false);
307 }
308
ProcDelCred(MessageParcel & data,MessageParcel & reply)309 ErrCode AccountIAMMgrStub::ProcDelCred(MessageParcel &data, MessageParcel &reply)
310 {
311 if (!CheckPermission(MANAGE_USER_IDM)) {
312 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
313 }
314 int32_t userId;
315 if (!data.ReadInt32(userId)) {
316 ACCOUNT_LOGE("failed to read userId");
317 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
318 }
319 uint64_t credentialId;
320 if (!data.ReadUint64(credentialId)) {
321 ACCOUNT_LOGE("failed to read credentialId");
322 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
323 }
324 std::vector<uint8_t> authToken;
325 if (!data.ReadUInt8Vector(&authToken)) {
326 ACCOUNT_LOGE("failed to read authToken for delCred");
327 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
328 }
329 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
330 if (callback == nullptr) {
331 ACCOUNT_LOGE("callback is nullptr");
332 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
333 }
334 DelCred(userId, credentialId, authToken, callback);
335 return ERR_NONE;
336 }
337
ProcDelUser(MessageParcel & data,MessageParcel & reply)338 ErrCode AccountIAMMgrStub::ProcDelUser(MessageParcel &data, MessageParcel &reply)
339 {
340 if (!CheckPermission(MANAGE_USER_IDM)) {
341 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
342 }
343 int32_t userId;
344 if (!data.ReadInt32(userId)) {
345 ACCOUNT_LOGE("failed to read userId");
346 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
347 }
348 std::vector<uint8_t> authToken;
349 if (!data.ReadUInt8Vector(&authToken)) {
350 ACCOUNT_LOGE("failed to read authToken for delUser");
351 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
352 }
353 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
354 if (callback == nullptr) {
355 ACCOUNT_LOGE("callback is nullptr");
356 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
357 }
358 DelUser(userId, authToken, callback);
359 return ERR_NONE;
360 }
361
ProcCancel(MessageParcel & data,MessageParcel & reply)362 ErrCode AccountIAMMgrStub::ProcCancel(MessageParcel &data, MessageParcel &reply)
363 {
364 if (!CheckPermission(MANAGE_USER_IDM)) {
365 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
366 }
367 int32_t userId;
368 if (!data.ReadInt32(userId)) {
369 ACCOUNT_LOGE("failed to read userId");
370 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
371 }
372 int32_t result = Cancel(userId);
373 if (!reply.WriteInt32(result)) {
374 ACCOUNT_LOGE("failed to write result");
375 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
376 }
377 return ERR_NONE;
378 }
379
ProcGetCredentialInfo(MessageParcel & data,MessageParcel & reply)380 ErrCode AccountIAMMgrStub::ProcGetCredentialInfo(MessageParcel &data, MessageParcel &reply)
381 {
382 if (!CheckPermission(USE_USER_IDM)) {
383 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
384 }
385 int32_t userId;
386 int32_t authType;
387 ErrCode ret = ReadUserIdAndAuthType(data, userId, authType);
388 if (ret != ERR_OK) {
389 return ret;
390 }
391 sptr<IGetCredInfoCallback> callback = iface_cast<IGetCredInfoCallback>(data.ReadRemoteObject());
392 if (callback == nullptr) {
393 ACCOUNT_LOGE("callback is nullptr");
394 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
395 }
396 int result = GetCredentialInfo(userId, static_cast<AuthType>(authType), callback);
397 if (!reply.WriteInt32(result)) {
398 ACCOUNT_LOGE("failed to write result");
399 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
400 }
401 return ERR_NONE;
402 }
403
ProcPrepareRemoteAuth(MessageParcel & data,MessageParcel & reply)404 ErrCode AccountIAMMgrStub::ProcPrepareRemoteAuth(MessageParcel &data, MessageParcel &reply)
405 {
406 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
407 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
408 }
409 std::string remoteNetworkId;
410 if (!data.ReadString(remoteNetworkId)) {
411 ACCOUNT_LOGE("Read remoteNetworkId failed.");
412 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
413 }
414
415 sptr<IPreRemoteAuthCallback> callback = iface_cast<IPreRemoteAuthCallback>(data.ReadRemoteObject());
416 if (callback == nullptr) {
417 ACCOUNT_LOGE("PreRemoteAuthCallback is nullptr.");
418 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
419 }
420 int result = PrepareRemoteAuth(remoteNetworkId, callback);
421 if (!reply.WriteInt32(result)) {
422 ACCOUNT_LOGE("Write result failed.");
423 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
424 }
425
426 return ERR_NONE;
427 }
428
ReadAuthParam(MessageParcel & data,AuthParam & authParam)429 ErrCode AccountIAMMgrStub::ReadAuthParam(MessageParcel &data, AuthParam &authParam)
430 {
431 if (!data.ReadInt32(authParam.userId)) {
432 ACCOUNT_LOGE("failed to read userId");
433 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
434 }
435 if (!data.ReadUInt8Vector(&authParam.challenge)) {
436 ACCOUNT_LOGE("failed to read challenge");
437 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
438 }
439 int32_t authType;
440 if (!data.ReadInt32(authType)) {
441 ACCOUNT_LOGE("failed to read authType for AuthUser");
442 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
443 }
444 authParam.authType = static_cast<AuthType>(authType);
445 uint32_t authTrustLevel;
446 if (!data.ReadUint32(authTrustLevel)) {
447 ACCOUNT_LOGE("failed to read authTrustLevel for AuthUser");
448 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
449 }
450 authParam.authTrustLevel = static_cast<AuthTrustLevel>(authTrustLevel);
451 int32_t authIntent = 0;
452 if (!data.ReadInt32(authIntent)) {
453 ACCOUNT_LOGE("failed to read authIntent for AuthUser");
454 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
455 }
456 authParam.authIntent = static_cast<AuthIntent>(authIntent);
457 return ERR_OK;
458 }
459
ReadRemoteAuthParam(MessageParcel & data,std::optional<RemoteAuthParam> & remoteAuthParam)460 ErrCode AccountIAMMgrStub::ReadRemoteAuthParam(MessageParcel &data,
461 std::optional<RemoteAuthParam> &remoteAuthParam)
462 {
463 bool res = false;
464 if (!data.ReadBool(res)) {
465 ACCOUNT_LOGE("Read RemoteAuthParam exist failed.");
466 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
467 }
468 if (!res) {
469 return ERR_OK;
470 }
471 remoteAuthParam = RemoteAuthParam();
472 if (!data.ReadBool(res)) {
473 ACCOUNT_LOGE("Read verifierNetworkId exist failed.");
474 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
475 }
476 if (res) {
477 std::string networkId;
478 if (!data.ReadString(networkId)) {
479 ACCOUNT_LOGE("Read verifierNetworkId failed.");
480 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
481 }
482 remoteAuthParam.value().verifierNetworkId = networkId;
483 }
484 if (!data.ReadBool(res)) {
485 ACCOUNT_LOGE("Read collectorNetworkId exist failed.");
486 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
487 }
488 if (res) {
489 std::string networkId;
490 if (!data.ReadString(networkId)) {
491 ACCOUNT_LOGE("Read collectorNetworkId failed.");
492 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
493 }
494 remoteAuthParam.value().collectorNetworkId = networkId;
495 }
496 if (!data.ReadBool(res)) {
497 ACCOUNT_LOGE("Read collectorTokenId exist failed.");
498 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
499 }
500 if (res) {
501 uint32_t tokenId;
502 if (!data.ReadUint32(tokenId)) {
503 ACCOUNT_LOGE("Read collectorTokenId failed.");
504 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
505 }
506 remoteAuthParam.value().collectorTokenId = tokenId;
507 }
508 return ERR_OK;
509 }
510
ProcAuthUser(MessageParcel & data,MessageParcel & reply)511 ErrCode AccountIAMMgrStub::ProcAuthUser(MessageParcel &data, MessageParcel &reply)
512 {
513 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
514 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
515 }
516 AuthParam authParam;
517 if (ReadAuthParam(data, authParam) != ERR_OK) {
518 ACCOUNT_LOGE("failed to read authParam");
519 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
520 }
521 sptr<IIDMCallback> callback = iface_cast<IIDMCallback>(data.ReadRemoteObject());
522 if (callback == nullptr) {
523 ACCOUNT_LOGE("UserAuthCallbackInterface is nullptr");
524 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
525 }
526 if (ReadRemoteAuthParam(data, authParam.remoteAuthParam) != ERR_OK) {
527 ACCOUNT_LOGE("failed to read RemoteAuthParam");
528 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
529 }
530 uint64_t contextId = 0;
531 ErrCode result = AuthUser(authParam, callback, contextId);
532 if (!reply.WriteInt32(result)) {
533 ACCOUNT_LOGE("failed to write result");
534 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
535 }
536 if (!reply.WriteUint64(contextId)) {
537 ACCOUNT_LOGE("failed to write contextId");
538 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
539 }
540 return ERR_NONE;
541 }
542
ProcCancelAuth(MessageParcel & data,MessageParcel & reply)543 ErrCode AccountIAMMgrStub::ProcCancelAuth(MessageParcel &data, MessageParcel &reply)
544 {
545 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
546 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
547 }
548 uint64_t contextId;
549 if (!data.ReadUint64(contextId)) {
550 ACCOUNT_LOGE("failed to read contextId");
551 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
552 }
553 int32_t result = CancelAuth(contextId);
554 if (!reply.WriteInt32(result)) {
555 ACCOUNT_LOGE("failed to write result");
556 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
557 }
558 return ERR_NONE;
559 }
560
ProcGetAvailableStatus(MessageParcel & data,MessageParcel & reply)561 ErrCode AccountIAMMgrStub::ProcGetAvailableStatus(MessageParcel &data, MessageParcel &reply)
562 {
563 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
564 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
565 }
566 int32_t authType;
567 if (!data.ReadInt32(authType)) {
568 ACCOUNT_LOGE("failed to read authType for GetAvailableStatus");
569 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
570 }
571 uint32_t authTrustLevel;
572 if (!data.ReadUint32(authTrustLevel)) {
573 ACCOUNT_LOGE("failed to read authTrustLevel for GetAvailableStatus");
574 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
575 }
576 int32_t status;
577 int32_t result =
578 GetAvailableStatus(static_cast<AuthType>(authType), static_cast<AuthTrustLevel>(authTrustLevel), status);
579 if (!reply.WriteInt32(result)) {
580 ACCOUNT_LOGE("failed to write result");
581 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
582 }
583 if (result == ERR_OK) {
584 if (!reply.WriteInt32(status)) {
585 ACCOUNT_LOGE("failed to write status");
586 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
587 }
588 }
589 return ERR_NONE;
590 }
591
ProcGetProperty(MessageParcel & data,MessageParcel & reply)592 ErrCode AccountIAMMgrStub::ProcGetProperty(MessageParcel &data,
593 MessageParcel &reply) __attribute__((no_sanitize("cfi")))
594 {
595 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
596 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
597 }
598 int32_t userId;
599 int32_t authType;
600 if (ReadUserIdAndAuthType(data, userId, authType) != ERR_OK) {
601 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
602 }
603 std::vector<uint32_t> keys;
604 if (!data.ReadUInt32Vector(&keys)) {
605 ACCOUNT_LOGE("failed to read attribute keys");
606 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
607 }
608 sptr<IGetSetPropCallback> callback = iface_cast<IGetSetPropCallback>(data.ReadRemoteObject());
609 if (callback == nullptr) {
610 ACCOUNT_LOGE("IGetSetPropCallback is nullptr");
611 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
612 }
613 GetPropertyRequest request;
614 request.authType = static_cast<AuthType>(authType);
615 for (auto &key : keys) {
616 request.keys.push_back(static_cast<Attributes::AttributeKey>(key));
617 }
618 GetProperty(userId, request, callback);
619 return ERR_NONE;
620 }
621
ProcGetPropertyById(MessageParcel & data,MessageParcel & reply)622 ErrCode AccountIAMMgrStub::ProcGetPropertyById(MessageParcel &data,
623 MessageParcel &reply) __attribute__((no_sanitize("cfi")))
624 {
625 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
626 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
627 }
628 uint64_t credentialId;
629 if (!data.ReadUint64(credentialId)) {
630 ACCOUNT_LOGE("Failed to read credentialId");
631 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
632 }
633 std::vector<uint32_t> tempKeys;
634 if (!data.ReadUInt32Vector(&tempKeys)) {
635 ACCOUNT_LOGE("Failed to read attribute keys");
636 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
637 }
638 sptr<IGetSetPropCallback> callback = iface_cast<IGetSetPropCallback>(data.ReadRemoteObject());
639 if (callback == nullptr) {
640 ACCOUNT_LOGE("IGetSetPropCallback is nullptr");
641 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
642 }
643 std::vector<Attributes::AttributeKey> keys;
644 for (auto &key : tempKeys) {
645 keys.push_back(static_cast<Attributes::AttributeKey>(key));
646 }
647 GetPropertyByCredentialId(credentialId, keys, callback);
648 return ERR_NONE;
649 }
650
ProcSetProperty(MessageParcel & data,MessageParcel & reply)651 ErrCode AccountIAMMgrStub::ProcSetProperty(MessageParcel &data, MessageParcel &reply)
652 {
653 if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) {
654 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
655 }
656 int32_t userId;
657 int32_t authType;
658 if (ReadUserIdAndAuthType(data, userId, authType) != ERR_OK) {
659 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
660 }
661 std::vector<uint8_t> attr;
662 if (!data.ReadUInt8Vector(&attr)) {
663 ACCOUNT_LOGE("failed to read attributes");
664 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
665 }
666 sptr<IGetSetPropCallback> callback = iface_cast<IGetSetPropCallback>(data.ReadRemoteObject());
667 if (callback == nullptr) {
668 ACCOUNT_LOGE("SetExecutorPropertyCallbackInterface is nullptr");
669 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
670 }
671 SetPropertyRequest request = {
672 .authType = static_cast<AuthType>(authType),
673 .attrs = Attributes(attr)
674 };
675 SetProperty(userId, request, callback);
676 return ERR_NONE;
677 }
678
ProcGetAccountState(MessageParcel & data,MessageParcel & reply)679 ErrCode AccountIAMMgrStub::ProcGetAccountState(MessageParcel &data, MessageParcel &reply)
680 {
681 int32_t userId;
682 if (!data.ReadInt32(userId)) {
683 ACCOUNT_LOGE("failed to read userId");
684 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
685 }
686 IAMState state = GetAccountState(userId);
687 if (!reply.WriteInt32(state)) {
688 ACCOUNT_LOGE("failed to write state");
689 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
690 }
691 return ERR_NONE;
692 }
693
ProcGetEnrolledId(MessageParcel & data,MessageParcel & reply)694 ErrCode AccountIAMMgrStub::ProcGetEnrolledId(MessageParcel &data, MessageParcel &reply)
695 {
696 if (!CheckPermission(USE_USER_IDM)) {
697 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
698 }
699 int32_t accountId;
700 int32_t authType;
701 ErrCode ret = ReadUserIdAndAuthType(data, accountId, authType);
702 if (ret != ERR_OK) {
703 return ret;
704 }
705 sptr<IGetEnrolledIdCallback> callback = iface_cast<IGetEnrolledIdCallback>(data.ReadRemoteObject());
706 if (callback == nullptr) {
707 ACCOUNT_LOGE("Callback is nullptr");
708 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
709 }
710 GetEnrolledId(accountId, static_cast<AuthType>(authType), callback);
711 return ERR_NONE;
712 }
713
CheckPermission(const std::string & permission)714 bool AccountIAMMgrStub::CheckPermission(const std::string &permission)
715 {
716 if (AccountPermissionManager::VerifyPermission(permission) != ERR_OK) {
717 ACCOUNT_LOGE("check permission failed, permission name: %{public}s", permission.c_str());
718 return false;
719 }
720 return true;
721 }
722 } // AccountSA
723 } // OHOS
724