1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "privacy_kit.h"
17
18 #include <string>
19 #include <vector>
20
21 #include "constant_common.h"
22 #include "data_validator.h"
23 #include "privacy_error.h"
24 #include "privacy_manager_client.h"
25 #include "time_util.h"
26
27 namespace OHOS {
28 namespace Security {
29 namespace AccessToken {
30 namespace {
31 constexpr const int64_t MERGE_TIMESTAMP = 200; // 200ms
32 std::mutex g_lockCache;
33 struct RecordCache {
34 int32_t successCount = 0;
35 int64_t timespamp = 0;
36 };
37 std::map<std::string, RecordCache> g_recordMap;
38 }
GetRecordUniqueStr(const AddPermParamInfo & record)39 static std::string GetRecordUniqueStr(const AddPermParamInfo& record)
40 {
41 return std::to_string(record.tokenId) + "_" + record.permissionName + "_" + std::to_string(record.type);
42 }
43
FindAndInsertRecord(const AddPermParamInfo & record)44 bool FindAndInsertRecord(const AddPermParamInfo& record)
45 {
46 std::lock_guard<std::mutex> lock(g_lockCache);
47 std::string newRecordStr = GetRecordUniqueStr(record);
48 int64_t curTimestamp = TimeUtil::GetCurrentTimestamp();
49 auto iter = g_recordMap.find(newRecordStr);
50 if (iter == g_recordMap.end()) {
51 g_recordMap[newRecordStr].successCount = record.successCount;
52 g_recordMap[newRecordStr].timespamp = curTimestamp;
53 return false;
54 }
55 if (curTimestamp - iter->second.timespamp >= MERGE_TIMESTAMP) {
56 g_recordMap[newRecordStr].successCount = record.successCount;
57 g_recordMap[newRecordStr].timespamp = curTimestamp;
58 return false;
59 }
60 if (iter->second.successCount == 0 && record.successCount != 0) {
61 g_recordMap[newRecordStr].successCount += record.successCount;
62 g_recordMap[newRecordStr].timespamp = curTimestamp;
63 return false;
64 }
65 g_recordMap[newRecordStr].successCount += record.successCount;
66 g_recordMap[newRecordStr].timespamp = curTimestamp;
67 return true;
68 }
69
AddPermissionUsedRecord(AccessTokenID tokenID,const std::string & permissionName,int32_t successCount,int32_t failCount,bool asyncMode)70 int32_t PrivacyKit::AddPermissionUsedRecord(AccessTokenID tokenID, const std::string& permissionName,
71 int32_t successCount, int32_t failCount, bool asyncMode)
72 {
73 AddPermParamInfo info;
74 info.tokenId = tokenID;
75 info.permissionName = permissionName;
76 info.successCount = successCount;
77 info.failCount = failCount;
78 return AddPermissionUsedRecord(info, asyncMode);
79 }
80
AddPermissionUsedRecord(const AddPermParamInfo & info,bool asyncMode)81 int32_t PrivacyKit::AddPermissionUsedRecord(const AddPermParamInfo& info, bool asyncMode)
82 {
83 if ((!DataValidator::IsTokenIDValid(info.tokenId)) ||
84 (!DataValidator::IsPermissionNameValid(info.permissionName)) ||
85 (info.successCount < 0 || info.failCount < 0) ||
86 (!DataValidator::IsPermissionUsedTypeValid(info.type))) {
87 return PrivacyError::ERR_PARAM_INVALID;
88 }
89 if (!DataValidator::IsHapCaller(info.tokenId)) {
90 return PrivacyError::ERR_PARAM_INVALID;
91 }
92
93 if (!FindAndInsertRecord(info)) {
94 return PrivacyManagerClient::GetInstance().AddPermissionUsedRecord(info, asyncMode);
95 }
96 return RET_SUCCESS;
97 }
98
StartUsingPermission(AccessTokenID tokenID,const std::string & permissionName,int32_t pid)99 int32_t PrivacyKit::StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid)
100 {
101 if (!DataValidator::IsTokenIDValid(tokenID) || !DataValidator::IsPermissionNameValid(permissionName)) {
102 return PrivacyError::ERR_PARAM_INVALID;
103 }
104 if (!DataValidator::IsHapCaller(tokenID)) {
105 return PrivacyError::ERR_PARAM_INVALID;
106 }
107 return PrivacyManagerClient::GetInstance().StartUsingPermission(tokenID, pid, permissionName);
108 }
109
StartUsingPermission(AccessTokenID tokenID,const std::string & permissionName,const std::shared_ptr<StateCustomizedCbk> & callback,int32_t pid)110 int32_t PrivacyKit::StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName,
111 const std::shared_ptr<StateCustomizedCbk>& callback, int32_t pid)
112 {
113 if (!DataValidator::IsTokenIDValid(tokenID) || !DataValidator::IsPermissionNameValid(permissionName)) {
114 return PrivacyError::ERR_PARAM_INVALID;
115 }
116 if (!DataValidator::IsHapCaller(tokenID)) {
117 return PrivacyError::ERR_PARAM_INVALID;
118 }
119 return PrivacyManagerClient::GetInstance().StartUsingPermission(tokenID, pid, permissionName, callback);
120 }
121
StopUsingPermission(AccessTokenID tokenID,const std::string & permissionName,int32_t pid)122 int32_t PrivacyKit::StopUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid)
123 {
124 if (!DataValidator::IsTokenIDValid(tokenID) || !DataValidator::IsPermissionNameValid(permissionName)) {
125 return PrivacyError::ERR_PARAM_INVALID;
126 }
127 if (!DataValidator::IsHapCaller(tokenID)) {
128 return PrivacyError::ERR_PARAM_INVALID;
129 }
130 return PrivacyManagerClient::GetInstance().StopUsingPermission(tokenID, pid, permissionName);
131 }
132
RemovePermissionUsedRecords(AccessTokenID tokenID,const std::string & deviceID)133 int32_t PrivacyKit::RemovePermissionUsedRecords(AccessTokenID tokenID, const std::string& deviceID)
134 {
135 if (!DataValidator::IsTokenIDValid(tokenID) && !DataValidator::IsDeviceIdValid(deviceID)) {
136 return PrivacyError::ERR_PARAM_INVALID;
137 }
138 if (!DataValidator::IsHapCaller(tokenID)) {
139 return PrivacyError::ERR_PARAM_INVALID;
140 }
141 return PrivacyManagerClient::GetInstance().RemovePermissionUsedRecords(tokenID, deviceID);
142 }
143
IsPermissionFlagValid(const PermissionUsedRequest & request)144 static bool IsPermissionFlagValid(const PermissionUsedRequest& request)
145 {
146 int64_t begin = request.beginTimeMillis;
147 int64_t end = request.endTimeMillis;
148 if ((begin < 0) || (end < 0) || (begin > end)) {
149 return false;
150 }
151 return DataValidator::IsPermissionUsedFlagValid(request.flag);
152 }
153
GetPermissionUsedRecords(const PermissionUsedRequest & request,PermissionUsedResult & result)154 int32_t PrivacyKit::GetPermissionUsedRecords(const PermissionUsedRequest& request, PermissionUsedResult& result)
155 {
156 if (!IsPermissionFlagValid(request)) {
157 return PrivacyError::ERR_PARAM_INVALID;
158 }
159 return PrivacyManagerClient::GetInstance().GetPermissionUsedRecords(request, result);
160 }
161
GetPermissionUsedRecords(const PermissionUsedRequest & request,const sptr<OnPermissionUsedRecordCallback> & callback)162 int32_t PrivacyKit::GetPermissionUsedRecords(
163 const PermissionUsedRequest& request, const sptr<OnPermissionUsedRecordCallback>& callback)
164 {
165 if (!IsPermissionFlagValid(request)) {
166 return PrivacyError::ERR_PARAM_INVALID;
167 }
168 return PrivacyManagerClient::GetInstance().GetPermissionUsedRecords(request, callback);
169 }
170
RegisterPermActiveStatusCallback(const std::shared_ptr<PermActiveStatusCustomizedCbk> & callback)171 int32_t PrivacyKit::RegisterPermActiveStatusCallback(const std::shared_ptr<PermActiveStatusCustomizedCbk>& callback)
172 {
173 return PrivacyManagerClient::GetInstance().RegisterPermActiveStatusCallback(callback);
174 }
175
UnRegisterPermActiveStatusCallback(const std::shared_ptr<PermActiveStatusCustomizedCbk> & callback)176 int32_t PrivacyKit::UnRegisterPermActiveStatusCallback(const std::shared_ptr<PermActiveStatusCustomizedCbk>& callback)
177 {
178 return PrivacyManagerClient::GetInstance().UnRegisterPermActiveStatusCallback(callback);
179 }
180
IsAllowedUsingPermission(AccessTokenID tokenID,const std::string & permissionName)181 bool PrivacyKit::IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName)
182 {
183 if (!DataValidator::IsTokenIDValid(tokenID) && !DataValidator::IsPermissionNameValid(permissionName)) {
184 return false;
185 }
186 return PrivacyManagerClient::GetInstance().IsAllowedUsingPermission(tokenID, permissionName);
187 }
188
189 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
RegisterSecCompEnhance(const SecCompEnhanceData & enhance)190 int32_t PrivacyKit::RegisterSecCompEnhance(const SecCompEnhanceData& enhance)
191 {
192 return PrivacyManagerClient::GetInstance().RegisterSecCompEnhance(enhance);
193 }
194
UpdateSecCompEnhance(int32_t pid,uint32_t seqNum)195 int32_t PrivacyKit::UpdateSecCompEnhance(int32_t pid, uint32_t seqNum)
196 {
197 return PrivacyManagerClient::GetInstance().UpdateSecCompEnhance(pid, seqNum);
198 }
199
GetSecCompEnhance(int32_t pid,SecCompEnhanceData & enhance)200 int32_t PrivacyKit::GetSecCompEnhance(int32_t pid, SecCompEnhanceData& enhance)
201 {
202 return PrivacyManagerClient::GetInstance().GetSecCompEnhance(pid, enhance);
203 }
204
GetSpecialSecCompEnhance(const std::string & bundleName,std::vector<SecCompEnhanceData> & enhanceList)205 int32_t PrivacyKit::GetSpecialSecCompEnhance(const std::string& bundleName,
206 std::vector<SecCompEnhanceData>& enhanceList)
207 {
208 return PrivacyManagerClient::GetInstance().
209 GetSpecialSecCompEnhance(bundleName, enhanceList);
210 }
211 #endif
212
GetPermissionUsedTypeInfos(const AccessTokenID tokenId,const std::string & permissionName,std::vector<PermissionUsedTypeInfo> & results)213 int32_t PrivacyKit::GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName,
214 std::vector<PermissionUsedTypeInfo>& results)
215 {
216 if (permissionName.empty()) {
217 return PrivacyManagerClient::GetInstance().GetPermissionUsedTypeInfos(tokenId, permissionName, results);
218 }
219
220 if (!DataValidator::IsPermissionNameValid(permissionName)) {
221 return PrivacyError::ERR_PARAM_INVALID;
222 }
223 return PrivacyManagerClient::GetInstance().GetPermissionUsedTypeInfos(tokenId, permissionName, results);
224 }
225
SetMutePolicy(uint32_t policyType,uint32_t callerType,bool isMute)226 int32_t PrivacyKit::SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute)
227 {
228 if (!DataValidator::IsPolicyTypeValid(policyType) && !DataValidator::IsCallerTypeValid(callerType)) {
229 return PrivacyError::ERR_PARAM_INVALID;
230 }
231 return PrivacyManagerClient::GetInstance().SetMutePolicy(policyType, callerType, isMute);
232 }
233
SetHapWithFGReminder(uint32_t tokenId,bool isAllowed)234 int32_t PrivacyKit::SetHapWithFGReminder(uint32_t tokenId, bool isAllowed)
235 {
236 if (!DataValidator::IsTokenIDValid(tokenId)) {
237 return PrivacyError::ERR_PARAM_INVALID;
238 }
239 return PrivacyManagerClient::GetInstance().SetHapWithFGReminder(tokenId, isAllowed);
240 }
241 } // namespace AccessToken
242 } // namespace Security
243 } // namespace OHOS
244