1 /*
2  * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef FRAMEWORKS_COMMON_INCLUDE_DLP_POLICY__H
17 #define FRAMEWORKS_COMMON_INCLUDE_DLP_POLICY__H
18 
19 #include <string>
20 #include <vector>
21 
22 namespace OHOS {
23 namespace Security {
24 namespace DlpPermission {
25 static const uint32_t DLP_MAX_CERT_SIZE = 1024 * 1024; // 1M
26 static const uint32_t DLP_MAX_EXTRA_INFO_LEN = 100 * 1024; // 100K
27 
28 #define DLP_CERT_UPDATED 0xff56
29 
30 enum DlpAccountType : uint32_t {
31     INVALID_ACCOUNT = 0,
32     CLOUD_ACCOUNT = 1,
33     DOMAIN_ACCOUNT = 2,
34     APPLICATION_ACCOUNT = 3,
35 };
36 
37 enum DLPFileAccess : uint32_t {
38     NO_PERMISSION = 0,
39     READ_ONLY = 1,
40     CONTENT_EDIT = 2,
41     FULL_CONTROL = 3,
42 };
43 
44 enum GatheringPolicyType : uint32_t {
45     GATHERING = 1,
46     NON_GATHERING = 2
47 };
48 
49 enum class DlpAuthType : uint32_t {
50     ONLINE_AUTH_ONLY = 0,
51     ONLINE_AUTH_FOR_OFFLINE_CERT = 1,
52     OFFLINE_AUTH_ONLY = 2,
53 };
54 
55 enum ActionFlags : uint32_t {
56     ACTION_INVALID = 0,
57     ACTION_VIEW = 1,
58     ACTION_SAVE = 1 << 1,
59     ACTION_SAVE_AS = 1 << 2,
60     ACTION_EDIT = 1 << 3,
61     ACTION_SCREEN_CAPTURE = 1 << 4,
62     ACTION_SCREEN_SHARE = 1 << 5,
63     ACTION_SCREEN_RECORD = 1 << 6,
64     ACTION_COPY = 1 << 7,
65     ACTION_PRINT = 1 << 8,
66     ACTION_EXPORT = 1 << 9,
67     ACTION_PERMISSION_CHANGE = 1 << 10
68 };
69 
70 typedef struct DLPPermissionInfo {
71     DLPFileAccess dlpFileAccess = NO_PERMISSION;
72     ActionFlags flags = ACTION_INVALID;
73 } DLPPermissionInfo;
74 
75 typedef struct AuthUserInfo {
76     std::string authAccount;
77     DLPFileAccess authPerm = NO_PERMISSION;
78     uint64_t permExpiryTime = 0;
79     DlpAccountType authAccountType = INVALID_ACCOUNT;
80 } AuthUserInfo;
81 
82 typedef struct SandboxInfo {
83     int32_t appIndex = -1;
84     uint32_t tokenId = 0;
85 } SandboxInfo;
86 
87 struct DlpProperty {
88     std::string ownerAccount;
89     std::string ownerAccountId;
90     std::vector<AuthUserInfo> authUsers;
91     std::string contactAccount;
92     DlpAccountType ownerAccountType = INVALID_ACCOUNT;
93     bool offlineAccess = false;
94     bool supportEveryone = false;
95     DLPFileAccess everyonePerm = NO_PERMISSION;
96     uint64_t expireTime = 0;
97 };
98 
99 typedef enum SandBoxExternalAuthorType {
100     DENY_START_ABILITY,
101     ALLOW_START_ABILITY,
102 } SandBoxExternalAuthorType;
103 
104 class PermissionPolicy final {
105 public:
106     PermissionPolicy();
107     PermissionPolicy(const DlpProperty& property);
108     ~PermissionPolicy();
109     void CopyPermissionPolicy(const PermissionPolicy& srcPolicy);
110     void FreePermissionPolicyMem();
111     void CopyPolicyHmac(const PermissionPolicy& srcPolicy);
112 
113     bool IsValid() const;
114     void SetDebug(bool debug);
115     void SetAeskey(const uint8_t* key, uint32_t keyLen);
116     uint8_t* GetAeskey() const;
117     uint32_t GetAeskeyLen() const;
118     void SetIv(const uint8_t* iv, uint32_t ivLen);
119     uint8_t* GetIv() const;
120     uint32_t GetIvLen() const;
121     void SetHmacKey(const uint8_t* key, uint32_t keyLen);
122     uint8_t* GetHmacKey() const;
123     uint32_t GetHmacKeyLen() const;
124 
125     std::string ownerAccount_;
126     std::string ownerAccountId_;
127     DlpAccountType ownerAccountType_;
128     std::string accountName_ = "";
129     std::string acountId_ = "";
130     DlpAccountType acountType_ = INVALID_ACCOUNT;
131     DLPFileAccess perm_ = NO_PERMISSION;
132     std::vector<AuthUserInfo> authUsers_;
133     bool supportEveryone_ = false;
134     DLPFileAccess everyonePerm_ = NO_PERMISSION;
135     uint64_t expireTime_ = 0;
136     uint32_t needOnline_ = 0;
137     uint32_t dlpVersion_ = 0;
138     bool debug_ = false;
139 
140 private:
141     uint8_t* aeskey_;
142     uint32_t aeskeyLen_;
143     uint8_t* iv_;
144     uint32_t ivLen_;
145     uint8_t* hmacKey_;
146     uint32_t hmacKeyLen_;
147 };
148 
149 void FreeCharBuffer(char* buff, uint32_t buffLen);
150 bool CheckAccountType(DlpAccountType accountType);
151 bool CheckAesParamLen(uint32_t len);
152 }  // namespace DlpPermission
153 }  // namespace Security
154 }  // namespace OHOS
155 #endif  // FRAMEWORKS_COMMON_INCLUDE_DLP_POLICY__H
156