1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef OHOS_ABILITY_RUNTIME_PERMISSION_VERIFICATION_H
17 #define OHOS_ABILITY_RUNTIME_PERMISSION_VERIFICATION_H
18 
19 #include "ipc_skeleton.h"
20 #include "singleton.h"
21 #include "want.h"
22 
23 namespace OHOS {
24 namespace AAFwk {
25 class PermissionVerification : public DelayedSingleton<PermissionVerification> {
26 public:
27 struct VerificationInfo {
28     bool visible = false;
29     bool isBackgroundCall = true;
30     bool associatedWakeUp = false;
31     uint32_t accessTokenId = 0;
32     int32_t apiTargetVersion = 0;
33     bool withContinuousTask = false;
34     uint32_t specifyTokenId = 0;
35 };
36 
37     PermissionVerification() = default;
38     ~PermissionVerification() = default;
39 
40     bool VerifyPermissionByTokenId(const int &tokenId, const std::string &permissionName) const;
41 
42     bool VerifyCallingPermission(const std::string &permissionName, const uint32_t specifyTokenId = 0) const;
43 
44     bool IsSACall() const;
45 
46     bool IsSACallByTokenId(uint32_t callerTokenId) const;
47 
48     bool IsShellCall() const;
49 
50     bool IsShellCallByTokenId(uint32_t callerTokenId) const;
51 
52     bool CheckSpecificSystemAbilityAccessPermission(const std::string &processName) const;
53 
54     bool CheckObserverCallerPermission() const;
55 
56     bool VerifyRunningInfoPerm() const;
57 
58     bool VerifyControllerPerm() const;
59 
60     bool VerifyDlpPermission(Want &want) const;
61 
62     int VerifyAccountPermission() const;
63 
64     bool VerifyMissionPermission() const;
65 
66     int VerifyAppStateObserverPermission() const;
67 
68     int32_t VerifyUpdateConfigurationPerm() const;
69 
70     int32_t VerifyUpdateAPPConfigurationPerm() const;
71 
72     bool VerifyInstallBundlePermission() const;
73 
74     bool VerifyGetBundleInfoPrivilegedPermission() const;
75 
76     bool VerifyStartRecentAbilityPermission() const;
77 
78     int CheckCallDataAbilityPermission(const VerificationInfo &verificationInfo, bool isShell) const;
79 
80     int CheckCallServiceAbilityPermission(const VerificationInfo &verificationInfo) const;
81 
82     int CheckCallAbilityPermission(const VerificationInfo &verificationInfo, bool isCallByShortcut = false) const;
83 
84     /**
85      * Check if Caller is allowed to start ServiceExtension(Stage) or DataShareExtension(Stage)
86      *
87      * @param verificationInfo, verificationInfo.
88      * @return Returns ERR_OK on check success, others on check failure.
89      */
90     int CheckCallServiceExtensionPermission(const VerificationInfo &verificationInfo) const;
91 
92     int CheckStartByCallPermission(const VerificationInfo &verificationInfo) const;
93 
94     bool JudgeCallerIsAllowedToUseSystemAPI() const;
95 
96     bool IsSystemAppCall() const;
97 
98     bool IsSystemAppCallByTokenId(uint32_t callerTokenId) const;
99 
100     bool VerifyPrepareTerminatePermission() const;
101 
102     bool VerifyPrepareTerminatePermission(const int &tokenId) const;
103 
104     bool VerifyShellStartExtensionType(int32_t type) const;
105 
106     bool VerifyPreloadApplicationPermission() const;
107 
108     bool VerifyPreStartAtomicServicePermission() const;
109 
110     bool VerifyKillProcessDependedOnWebPermission() const;
111 
112     bool VerifyBackgroundCallPermission(const bool isBackgroundCall) const;
113 
114 private:
115     DISALLOW_COPY_AND_MOVE(PermissionVerification);
116 
117     constexpr static int32_t API8 = 8;
118 
119     unsigned int GetCallingTokenID() const;
120 
121     bool JudgeStartInvisibleAbility(const uint32_t accessTokenId, const bool visible,
122         const uint32_t specifyTokenId = 0) const;
123 
124     bool JudgeStartAbilityFromBackground(const bool isBackgroundCall, bool withContinuousTask = false) const;
125 
126     bool JudgeAssociatedWakeUp(const uint32_t accessTokenId, const bool associatedWakeUp) const;
127 
128     int JudgeInvisibleAndBackground(const VerificationInfo &verificationInfo, bool isCallByShortcut = false) const;
129 
IsCallFromSameAccessToken(const uint32_t accessTokenId)130     inline bool IsCallFromSameAccessToken(const uint32_t accessTokenId) const
131     {
132         return IPCSkeleton::GetCallingTokenID() == accessTokenId;
133     }
134 };
135 }  // namespace AAFwk
136 }  // namespace OHOS
137 #endif // OHOS_ABILITY_RUNTIME_PERMISSION_VERIFICATION_H
138