diff --git a/services/bluetooth_standard/service/BUILD.gn b/services/bluetooth_standard/service/BUILD.gn old mode 100644 new mode 100755 index 6f0b87fcfac4551389fc8845bce1f0603359bc9e..ff7b6aaf6a67a3477444be7f0fe6a21cfc2b0112 --- a/services/bluetooth_standard/service/BUILD.gn +++ b/services/bluetooth_standard/service/BUILD.gn @@ -269,6 +269,12 @@ ServiceHidHostSrc = [ "src/hid_host/hid_host_uhid.cpp", ] +ServicePermissionSrc = [ + "src/permission/auth_center.cpp", + "src/permission/permission_helper.cpp", + "src/permission/permission_utils.cpp", +] + config("btservice_public_config") { include_dirs = [ "include", @@ -283,6 +289,7 @@ config("btservice_config") { "$BT_SERVICE_DIR/src", "$BT_SERVICE_DIR/src/base", "$BT_SERVICE_DIR/src/common", + "$BT_SERVICE_DIR/src/permission", "$BT_SERVICE_DIR/src/util", "$BT_SERVICE_DIR/src/gavdp/a2dp_codec/aaccodecctrl_l2/include", "$BT_SERVICE_DIR/src/gavdp/a2dp_codec/sbccodecctrl/include", @@ -339,6 +346,7 @@ ohos_shared_library("btservice") { sources += ServiceTransportSrc sources += ServiceDISrc sources += ServiceHidHostSrc + sources += ServicePermissionSrc deps = [ "$PART_DIR/external:btdummy", @@ -348,7 +356,13 @@ ohos_shared_library("btservice") { "//utils/native/base:utilsecurec_shared", ] - external_deps = [ "hiviewdfx_hilog_native:libhilog" ] + defines = [ "PERMISSION_ALWAYS_GRANT" ] + + external_deps = [ + "access_token:libaccesstoken_sdk", + "hiviewdfx_hilog_native:libhilog", + "ipc:ipc_core", + ] subsystem_name = "communication" part_name = "bluetooth_standard" diff --git a/services/bluetooth_standard/service/src/common/adapter_manager.cpp b/services/bluetooth_standard/service/src/common/adapter_manager.cpp old mode 100644 new mode 100755 index 70bcb649e008d0f3d7ed4046716a39a266b5a065..40bbb87ba06a941aaec222cfc5683d12501d355a --- a/services/bluetooth_standard/service/src/common/adapter_manager.cpp +++ b/services/bluetooth_standard/service/src/common/adapter_manager.cpp @@ -29,6 +29,7 @@ #include "base_def.h" #include "base_observer_list.h" #include "class_creator.h" +#include "permission_utils.h" #include "power_manager.h" #include "profile_config.h" #include "profile_service_manager.h" @@ -325,6 +326,11 @@ bool AdapterManager::Enable(const BTTransport transport) const LOG_DEBUG("%{public}s start transport is %{public}d", __PRETTY_FUNCTION__, transport); std::lock_guard lock(pimpl->syncMutex_); + if (PermissionUtils::VerifyDiscoverBluetoothPermission() == PERMISSION_DENIED) { + LOG_ERROR("Enable() false, check permission failed"); + return false; + } + if (GetSysState() != SYS_STATE_STARTED) { LOG_ERROR("AdapterManager system is stoped"); return false; @@ -353,6 +359,11 @@ bool AdapterManager::Disable(const BTTransport transport) const LOG_DEBUG("%{public}s start transport is %{public}d", __PRETTY_FUNCTION__, transport); std::lock_guard lock(pimpl->syncMutex_); + if (PermissionUtils::VerifyDiscoverBluetoothPermission() == PERMISSION_DENIED) { + LOG_ERROR("Disable() false, check permission failed"); + return false; + } + if (pimpl->adapters_[transport] == nullptr) { LOG_INFO("%{public}s BTTransport not register", __PRETTY_FUNCTION__); return false; diff --git a/services/bluetooth_standard/service/src/permission/auth_center.cpp b/services/bluetooth_standard/service/src/permission/auth_center.cpp new file mode 100755 index 0000000000000000000000000000000000000000..8f3017e953b92e92e8483b63e93d5c612c29ed42 --- /dev/null +++ b/services/bluetooth_standard/service/src/permission/auth_center.cpp @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "auth_center.h" +#include "stdbool.h" +#include "accesstoken_kit.h" +#include "permission_helper.h" + + +namespace bluetooth { +#ifdef PERMISSION_ALWAYS_GRANT +bool g_permissionAlwaysGrant = true; +#else +bool g_permissionAlwaysGrant = false; +#endif + +using namespace OHOS::Security::AccessToken; + +AuthCenter &AuthCenter::GetInstance() +{ + static AuthCenter authCenter; + return authCenter; +} + +int AuthCenter::VerifyUseBluetoothPermission(const int &pid, const int &uid) +{ + if (g_permissionAlwaysGrant) { + return PERMISSION_GRANTED; + } + + return PermissionHelper::VerifyUseBluetoothPermission(pid, uid); +} + +int AuthCenter::VerifyDiscoverBluetoothPermission(const int &pid, const int &uid) +{ + if (g_permissionAlwaysGrant) { + return PERMISSION_GRANTED; + } + return PermissionHelper::VerifyDiscoverBluetoothPermission(pid, uid); +} + +int AuthCenter::VerifyManageBluetoothPermission(const int &pid, const int &uid) +{ + if (g_permissionAlwaysGrant) { + return PERMISSION_GRANTED; + } + return PermissionHelper::VerifyManageBluetoothPermission(pid, uid); +} +} \ No newline at end of file diff --git a/services/bluetooth_standard/service/src/permission/auth_center.h b/services/bluetooth_standard/service/src/permission/auth_center.h new file mode 100755 index 0000000000000000000000000000000000000000..cb14ded940301ff2a65ae0ab0fd532e6108a6830 --- /dev/null +++ b/services/bluetooth_standard/service/src/permission/auth_center.h @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef AUTH_CENTER_H +#define AUTH_CENTER_H +namespace bluetooth { +class AuthCenter { +public: + static AuthCenter &GetInstance(); + + /** + * @Description Verify where the app has the permission to use bluetooth + * + * @param pid the app's process id. + * @param uid the app id. + * @return int PERMISSION_DENIED or PERMISSION_GRANTED + */ + static int VerifyUseBluetoothPermission(const int &pid, const int &uid); + + /** + * @Description Verify where the app has the permission to discover bluetooth + * + * @param pid the app's process id. + * @param uid the app id. + * @return int PERMISSION_DENIED or PERMISSION_GRANTED + */ + static int VerifyDiscoverBluetoothPermission(const int &pid, const int &uid); + + /** + * @Description Verify where the app has the permission to manager bluetooth + * + * @param pid the app's process id. + * @param uid the app id. + * @return int PERMISSION_DENIED or PERMISSION_GRANTED + */ + static int VerifyManageBluetoothPermission(const int &pid, const int &uid); +}; +} +#endif \ No newline at end of file diff --git a/services/bluetooth_standard/service/src/permission/permission_helper.cpp b/services/bluetooth_standard/service/src/permission/permission_helper.cpp new file mode 100755 index 0000000000000000000000000000000000000000..46374ef6a6658a52ce728c57241b8c5f179a8b73 --- /dev/null +++ b/services/bluetooth_standard/service/src/permission/permission_helper.cpp @@ -0,0 +1,72 @@ +/* + * Copyright (C) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "permission_helper.h" +#include "accesstoken_kit.h" +#include "ipc_skeleton.h" +#include "log.h" + +namespace bluetooth { +using namespace OHOS; +using namespace Security::AccessToken; + +int PermissionHelper::VerifyPermission(const std::string &permissionName, const int &pid, const int &uid) +{ + auto callerToken = IPCSkeleton::GetCallingTokenID(); + int result; + + if (Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken) == TOKEN_NATIVE) { + result = Security::AccessToken::AccessTokenKit::VerifyNativeToken(callerToken, permissionName); + } else if (Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken) == TOKEN_HAP) { + result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName); + } else { + LOG_INFO("callerToken=0x%{public}x is invalid token", pid); + return PERMISSION_DENIED; + } + if (result == Security::AccessToken::PermissionState::PERMISSION_GRANTED) { + return PERMISSION_GRANTED; + } else { + LOG_INFO("callerToken=0x%{public}x has no permission_name=%{public}s", pid, permissionName.c_str()); + return PERMISSION_DENIED; + } +} + +int PermissionHelper::VerifyUseBluetoothPermission(const int &pid, const int &uid) +{ + if (VerifyPermission("ohos.permission.USE_BLUETOOTH", pid, uid) == PERMISSION_DENIED) { + return PERMISSION_DENIED; + } + + return PERMISSION_GRANTED; +} + +int PermissionHelper::VerifyDiscoverBluetoothPermission(const int &pid, const int &uid) +{ + if (VerifyPermission("ohos.permission.DISCOVER_BLUETOOTH", pid, uid) == PERMISSION_DENIED) { + return PERMISSION_DENIED; + } + + return PERMISSION_GRANTED; +} + +int PermissionHelper::VerifyManageBluetoothPermission(const int &pid, const int &uid) +{ + if (VerifyPermission("ohos.permission.MANAGE_BLUETOOTH", pid, uid) == PERMISSION_DENIED) { + return PERMISSION_DENIED; + } + + return PERMISSION_GRANTED; +} +} \ No newline at end of file diff --git a/services/bluetooth_standard/service/src/permission/permission_helper.h b/services/bluetooth_standard/service/src/permission/permission_helper.h new file mode 100755 index 0000000000000000000000000000000000000000..7f6f5372622b97a1865a3efbe77df6946787976f --- /dev/null +++ b/services/bluetooth_standard/service/src/permission/permission_helper.h @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PERMISSION_HELPER_H +#define PERMISSION_HELPER_H +#include + +namespace bluetooth { +class PermissionHelper { +public: + /** + * @Description Verify where the app has the permission. + * + * @param permissionName Permission name. + * @param pid The app's process id. + * @param uid The app id. + * @return int PERMISSION_DENIED or PERMISSION_GRANTED + */ + static int VerifyPermission(const std::string &permissionName, const int &pid, const int &uid); + + /** + * @Description Verify where the app has the permission to use bluetooth + * + * @param pid The app's process id. + * @param uid The app id. + * @return int PERMISSION_DENIED or PERMISSION_GRANTED + */ + static int VerifyUseBluetoothPermission(const int &pid, const int &uid); + + /** + * @Description Verify where the app has the permission to discover bluetooth + * + * @param pid The app's process id. + * @param uid The app id. + * @return int PERMISSION_DENIED or PERMISSION_GRANTED + */ + static int VerifyDiscoverBluetoothPermission(const int &pid, const int &uid); + + /** + * @Description Verify where the app has the permission to manager bluetooth + * + * @param pid The app's process id. + * @param uid The app id. + * @return int PERMISSION_DENIED or PERMISSION_GRANTED + */ + static int VerifyManageBluetoothPermission(const int &pid, const int &uid); +}; +} +#endif \ No newline at end of file diff --git a/services/bluetooth_standard/service/src/permission/permission_utils.cpp b/services/bluetooth_standard/service/src/permission/permission_utils.cpp new file mode 100755 index 0000000000000000000000000000000000000000..88242a0e413ff7409fe1082dd99d0ba3083e98a0 --- /dev/null +++ b/services/bluetooth_standard/service/src/permission/permission_utils.cpp @@ -0,0 +1,40 @@ +/* + * Copyright (C) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "permission_utils.h" +#include "ipc_skeleton.h" +#include "auth_center.h" + +namespace bluetooth { +using namespace OHOS; + +int PermissionUtils::VerifyUseBluetoothPermission() +{ + return AuthCenter::GetInstance().VerifyUseBluetoothPermission( + IPCSkeleton::GetCallingPid(), IPCSkeleton::GetCallingUid()); +} + +int PermissionUtils::VerifyDiscoverBluetoothPermission() +{ + return AuthCenter::GetInstance().VerifyDiscoverBluetoothPermission( + IPCSkeleton::GetCallingPid(), IPCSkeleton::GetCallingUid()); +} + +int PermissionUtils::VerifyManageBluetoothPermission() +{ + return AuthCenter::GetInstance().VerifyManageBluetoothPermission( + IPCSkeleton::GetCallingPid(), IPCSkeleton::GetCallingUid()); +} +} \ No newline at end of file diff --git a/services/bluetooth_standard/service/src/permission/permission_utils.h b/services/bluetooth_standard/service/src/permission/permission_utils.h new file mode 100755 index 0000000000000000000000000000000000000000..7d7cd17ad5c9a34c726df3609820b14edd25f3c5 --- /dev/null +++ b/services/bluetooth_standard/service/src/permission/permission_utils.h @@ -0,0 +1,31 @@ +/* + * Copyright (C) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PERMISSION_UTILS_H +#define PERMISSION_UTILS_H + +#include "accesstoken_kit.h" + +namespace bluetooth { +using namespace OHOS::Security::AccessToken; + +class PermissionUtils { +public: + static int VerifyUseBluetoothPermission(); + static int VerifyDiscoverBluetoothPermission(); + static int VerifyManageBluetoothPermission(); +}; +} +#endif \ No newline at end of file