1 /* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef SECURITY_COMPONENT_PERMISSION_MANAGER_H 16 #define SECURITY_COMPONENT_PERMISSION_MANAGER_H 17 18 #include <deque> 19 #include <map> 20 #include <set> 21 #include "accesstoken_kit.h" 22 #include "rwlock.h" 23 #include "sec_comp_base.h" 24 #include "sec_event_handler.h" 25 26 namespace OHOS { 27 namespace Security { 28 namespace SecurityComponent { 29 class SecCompPermManager { 30 public: 31 SecCompPermManager() = default; 32 virtual ~SecCompPermManager() = default; 33 static SecCompPermManager& GetInstance(); 34 35 int32_t GrantTempSavePermission(AccessToken::AccessTokenID tokenId); 36 void RevokeTempSavePermission(AccessToken::AccessTokenID tokenId); 37 bool VerifySavePermission(AccessToken::AccessTokenID tokenId); 38 bool VerifyPermission(AccessToken::AccessTokenID tokenId, SecCompType type); 39 40 int32_t GrantAppPermission(AccessToken::AccessTokenID tokenId, const std::string& permissionName); 41 int32_t RevokeAppPermission(AccessToken::AccessTokenID tokenId, const std::string& permissionName); 42 void RevokeAppPermissions(AccessToken::AccessTokenID tokenId); 43 44 void InitEventHandler(const std::shared_ptr<SecEventHandler>& secHandler); 45 std::shared_ptr<SecEventHandler> GetSecEventHandler() const; 46 47 void RevokeAppPermisionsDelayed(AccessToken::AccessTokenID tokenId); 48 void CancelAppRevokingPermisions(AccessToken::AccessTokenID tokenId); 49 50 private: 51 bool DelaySaveRevokePermission(AccessToken::AccessTokenID tokenId, const std::string& taskName); 52 bool RevokeSavePermissionTask(const std::string& taskName); 53 void RevokeTempSavePermissionCount(AccessToken::AccessTokenID tokenId); 54 void RevokeAppPermisionsImmediately(AccessToken::AccessTokenID tokenId); 55 56 void AddAppGrantPermissionRecord(AccessToken::AccessTokenID tokenId, 57 const std::string& permissionName); 58 void RemoveAppGrantPermissionRecord(AccessToken::AccessTokenID tokenId, 59 const std::string& permissionName); 60 61 std::unordered_map<AccessToken::AccessTokenID, int32_t> applySaveCountMap_; 62 std::unordered_map<AccessToken::AccessTokenID, std::deque<std::string>> saveTaskDequeMap_; 63 std::mutex mutex_; 64 std::shared_ptr<SecEventHandler> secHandler_; 65 66 std::mutex grantMtx_; 67 std::unordered_map<int32_t, std::set<std::string>> grantMap_; 68 }; 69 } // namespace SecurityComponent 70 } // namespace Security 71 } // namespace OHOS 72 #endif // SECURITY_COMPONENT_PERMISSION_MANAGER_H 73