update codecheck

Signed-off-by: baiwei <hanzhen10@huawei.com>
Change-Id: If6e3e2f181afce1f6ad941bb175520e64e1691e1

services/ipc/inc/ipc_common.h

@@ -66,8 +66,6 @@ public:
 private:
     static bool CheckNativeCallingProcessWhiteList(IPCObjectStub &stub, const std::string &whiteList);
     static bool CheckHapCallingBundleNameWhiteList(IPCObjectStub &stub, const std::string &whiteList);
-    static bool CheckManagerUserIdmPermission(IPCObjectStub &stub, const std::string &permission);
-    static bool CheckEnforceUserIdmPermission(IPCObjectStub &stub, const std::string &permission);
     static bool CheckDirectCallerAndFirstCallerIfSet(IPCObjectStub &stub, const std::string &permission);
     static bool CheckDirectCaller(IPCObjectStub &stub, const std::string &permission);
 };

services/ipc/src/ipc_common.cpp

@@ -99,7 +99,8 @@ bool IpcCommon::CheckPermission(IPCObjectStub &stub, Permission permission)
 {
     switch (permission) {
         case MANAGE_USER_IDM_PERMISSION:
-            return CheckManagerUserIdmPermission(stub, PermissionString::MANAGE_USER_IDM_PERMISSION);
+            return CheckDirectCallerAndFirstCallerIfSet(stub, PermissionString::MANAGE_USER_IDM_PERMISSION) && 
+                CheckHapCallingBundleNameWhiteList(stub, SETTINGS_BUNDLE_NAME);
         case USE_USER_IDM_PERMISSION:
             return CheckDirectCallerAndFirstCallerIfSet(stub, PermissionString::USE_USER_IDM_PERMISSION);
         case ACCESS_USER_AUTH_INTERNAL_PERMISSION:
@@ -109,7 +110,8 @@ bool IpcCommon::CheckPermission(IPCObjectStub &stub, Permission permission)
         case ACCESS_AUTH_RESPOOL:
             return CheckDirectCaller(stub, PermissionString::ACCESS_AUTH_RESPOOL);
         case ENFORCE_USER_IDM:
-            return CheckEnforceUserIdmPermission(stub, PermissionString::ENFORCE_USER_IDM);
+            return CheckDirectCaller(stub, PermissionString::ENFORCE_USER_IDM) &&
+                CheckNativeCallingProcessWhiteList(stub, ACCOUNT_PROCESS_NAME);
         default:
             IAM_LOGE("failed to check permission");
             return false;
@@ -161,27 +163,6 @@ bool IpcCommon::CheckHapCallingBundleNameWhiteList(IPCObjectStub &stub, const st
     return hapTokenInfo.bundleName == whiteList;
 }
 
-bool IpcCommon::CheckManagerUserIdmPermission(IPCObjectStub &stub, const std::string &permission)
-{
-    uint32_t firstTokenId = stub.GetFirstTokenID();
-    uint32_t callingTokenId = stub.GetCallingTokenID();
-    using namespace Security::AccessToken;
-    if ((firstTokenId != 0 && AccessTokenKit::VerifyAccessToken(firstTokenId, permission) != RET_SUCCESS) ||
-        AccessTokenKit::VerifyAccessToken(callingTokenId, permission) != RET_SUCCESS) {
-        IAM_LOGE("failed to check permission");
-        return false;
-    }
-    return CheckHapCallingBundleNameWhiteList(stub, SETTINGS_BUNDLE_NAME);
-}
-
-bool IpcCommon::CheckEnforceUserIdmPermission(IPCObjectStub &stub, const std::string &permission)
-{
-    uint32_t callingTokenId = stub.GetCallingTokenID();
-    using namespace Security::AccessToken;
-    return AccessTokenKit::VerifyAccessToken(callingTokenId, permission) != RET_SUCCESS && 
-        CheckNativeCallingProcessWhiteList(stub, ACCOUNT_PROCESS_NAME);
-}
-
 bool IpcCommon::CheckDirectCallerAndFirstCallerIfSet(IPCObjectStub &stub, const std::string &permission)
 {
     uint32_t firstTokenId = stub.GetFirstTokenID();

services/ipc/src/user_auth_service.cpp

@@ -191,11 +191,6 @@ uint64_t UserAuthService::AuthUser(std::optional<int32_t> userId, const std::vec
         IAM_LOGE("callback is nullptr");
         return BAD_CONTEXT_ID;
     }
-    if (!IpcCommon::CheckPermission(*this, ACCESS_USER_AUTH_INTERNAL_PERMISSION)) {
-        IAM_LOGE("permission check failed");
-        callback->OnResult(CHECK_PERMISSION_FAILED, extraInfo);
-        return BAD_CONTEXT_ID;
-    }
     auto contextCallback = ContextCallback::NewInstance(callback, TRACE_AUTH_USER);
     if (contextCallback == nullptr) {
         IAM_LOGE("failed to construct context callback");