1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef ROSEN_RENDER_SERVICE_BASE_RS_IPC_INTERFACE_CODE_ACCESS_VERIFIER_BASE_H
17 #define ROSEN_RENDER_SERVICE_BASE_RS_IPC_INTERFACE_CODE_ACCESS_VERIFIER_BASE_H
18 
19 #include <memory>
20 #include <unordered_map>
21 #include <unordered_set>
22 #include <vector>
23 #include <algorithm>
24 
25 #ifdef ENABLE_IPC_SECURITY
26 #include "accesstoken_kit.h"
27 #include "access_token.h"
28 #include "ipc_skeleton.h"
29 #include "tokenid_kit.h"
30 #endif
31 
32 #include "common/rs_macros.h"
33 #include "ipc_security/rs_ipc_interface_code_underlying_type.h"
34 #include "ipc_security/rs_ipc_interface_permission_type.h"
35 
36 #include "nocopyable.h"
37 
38 namespace OHOS {
39 namespace Rosen {
40 class RSB_EXPORT RSInterfaceCodeAccessVerifierBase {
41 public:
42     virtual ~RSInterfaceCodeAccessVerifierBase() noexcept = default;
43 
44     bool IsInterfaceCodeAccessible(CodeUnderlyingType code);
45     virtual bool IsAccessTimesVerificationPassed(CodeUnderlyingType code, uint32_t times) const;
46     static void GetAccessType(bool& isTokenTypeValid, bool& isNonSystemAppCalling);
47 
48     static bool IsSystemCalling(const std::string& callingCode);
49 protected:
50     /* this class cannot be instantiated */
51     RSInterfaceCodeAccessVerifierBase() = default;
52 
53     /* specify the exclusive verification rules in the derived class */
54     virtual bool IsExclusiveVerificationPassed(CodeUnderlyingType code) = 0;
55 
56     /* specify tools for verifying the access right */
57 #ifdef ENABLE_IPC_SECURITY
58     static Security::AccessToken::ATokenTypeEnum GetTokenType();
59     Security::AccessToken::AccessTokenID GetTokenID() const;
60     bool CheckNativePermission(const Security::AccessToken::AccessTokenID tokenID, const std::string& permission) const;
61     bool CheckHapPermission(const Security::AccessToken::AccessTokenID tokenID, const std::string& permission) const;
62     std::string PermissionEnumToString(PermissionType permission) const;
63     bool AddPermission(CodeUnderlyingType interfaceName, const std::string& newPermission);
64     std::vector<std::string> GetPermissions(CodeUnderlyingType interfaceName) const;
65     int GetInterfacePermissionSize() const;
66 
67     static bool IsSystemApp();
68 #endif
69     bool IsAncoCalling(const std::string& callingCode) const;
70     bool IsFoundationCalling(const std::string& callingCode) const;
71     bool CheckPermission(CodeUnderlyingType code) const;
72     bool IsStylusServiceCalling(const std::string& callingCode) const;
73 
74 private:
75     DISALLOW_COPY_AND_MOVE(RSInterfaceCodeAccessVerifierBase);
76 
77     /* specify the communal verification rules in the base class */
78     bool IsCommonVerificationPassed(CodeUnderlyingType code);
79     std::unordered_map<CodeUnderlyingType, std::vector<std::string>> interfacePermissions_;
80 
81 };
82 } // namespace Rosen
83 } // namespace OHOS
84 #endif // ROSEN_RENDER_SERVICE_BASE_RS_IPC_INTERFACE_CODE_ACCESS_VERIFIER_BASE_H
85