1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "temp_permission_observer.h"
17
18 #include "access_token.h"
19 #include "access_token_error.h"
20 #include "config_policy_loader.h"
21 #include "accesstoken_info_manager.h"
22 #include "accesstoken_log.h"
23 #include "libraryloader.h"
24 #include "app_manager_access_client.h"
25 #ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE
26 #include "background_task_manager_access_client.h"
27 #endif
28 #include "form_manager_access_client.h"
29 #include "hisysevent.h"
30 #include "ipc_skeleton.h"
31
32 namespace OHOS {
33 namespace Security {
34 namespace AccessToken {
35 namespace {
36 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "TempPermissionObserver"};
37 static const std::string TASK_NAME_TEMP_PERMISSION = "atm_permission_manager_temp_permission";
38 static const std::string FORM_INVISIBLE_NAME = "#0";
39 static const std::string FORM_VISIBLE_NAME = "#1";
40 static constexpr int32_t ROOT_UID = 0;
41 static constexpr int32_t FOREGROUND_FLAG = 0;
42 static constexpr int32_t FORMS_FLAG = 1;
43 static constexpr int32_t CONTINUOUS_TASK_FLAG = 2;
44 #ifdef EVENTHANDLER_ENABLE
45 static constexpr int32_t DEFAULT_CANCLE_MILLISECONDS = 10 * 1000; // 10s
46 #endif
47 std::recursive_mutex g_instanceMutex;
48 static const std::vector<std::string> g_tempPermission = {
49 "ohos.permission.READ_PASTEBOARD",
50 "ohos.permission.APPROXIMATELY_LOCATION",
51 "ohos.permission.LOCATION",
52 "ohos.permission.LOCATION_IN_BACKGROUND"
53 };
54 }
55
GetInstance()56 TempPermissionObserver& TempPermissionObserver::GetInstance()
57 {
58 static TempPermissionObserver* instance = nullptr;
59 if (instance == nullptr) {
60 std::lock_guard<std::recursive_mutex> lock(g_instanceMutex);
61 if (instance == nullptr) {
62 instance = new TempPermissionObserver();
63 }
64 }
65 return *instance;
66 }
67
OnAppStateChanged(const AppStateData & appStateData)68 void PermissionAppStateObserver::OnAppStateChanged(const AppStateData &appStateData)
69 {
70 uint32_t tokenID = appStateData.accessTokenId;
71 std::vector<bool> list;
72 if (!TempPermissionObserver::GetInstance().GetAppStateListByTokenID(tokenID, list)) {
73 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID:%{public}d not use temp permission", tokenID);
74 return;
75 }
76 ACCESSTOKEN_LOG_INFO(LABEL, "OnChange(accessTokenId=%{public}d, state=%{public}d)", tokenID, appStateData.state);
77 if (appStateData.state == static_cast<int32_t>(ApplicationState::APP_STATE_FOREGROUND)) {
78 TempPermissionObserver::GetInstance().ModifyAppState(tokenID, FOREGROUND_FLAG, true);
79 std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID);
80 TempPermissionObserver::GetInstance().CancleTaskOfPermissionRevoking(taskName);
81 } else if (appStateData.state == static_cast<int32_t>(ApplicationState::APP_STATE_BACKGROUND)) {
82 TempPermissionObserver::GetInstance().ModifyAppState(tokenID, FOREGROUND_FLAG, false);
83 if (list[FORMS_FLAG] || list[CONTINUOUS_TASK_FLAG]) {
84 ACCESSTOKEN_LOG_WARN(LABEL, "Has continuoustask or form don't delayRevokePermission!");
85 return;
86 }
87 std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID);
88 TempPermissionObserver::GetInstance().DelayRevokePermission(tokenID, taskName);
89 }
90 }
91
OnAppStopped(const AppStateData & appStateData)92 void PermissionAppStateObserver::OnAppStopped(const AppStateData &appStateData)
93 {
94 if (appStateData.state == static_cast<int32_t>(ApplicationState::APP_STATE_TERMINATED)) {
95 uint32_t tokenID = appStateData.accessTokenId;
96 ACCESSTOKEN_LOG_INFO(LABEL, "TokenID:%{public}d died.", tokenID);
97 // cancle task when process die
98 std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID);
99 TempPermissionObserver::GetInstance().CancleTaskOfPermissionRevoking(taskName);
100 TempPermissionObserver::GetInstance().RevokeAllTempPermission(tokenID);
101 }
102 }
103
NotifyWhetherFormsVisible(const FormVisibilityType visibleType,const std::string & bundleName,std::vector<FormInstance> & formInstances)104 int32_t PermissionFormStateObserver::NotifyWhetherFormsVisible(const FormVisibilityType visibleType,
105 const std::string &bundleName, std::vector<FormInstance> &formInstances)
106 {
107 for (size_t i = 0; i < formInstances.size(); i++) {
108 AccessTokenID tokenID;
109 if (!TempPermissionObserver::GetInstance().GetTokenIDByBundle(formInstances[i].bundleName_, tokenID)) {
110 continue;
111 }
112 ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s, tokenID: %{public}d, formVisiblity:%{public}d",
113 formInstances[i].bundleName_.c_str(), tokenID, formInstances[i].formVisiblity_);
114 std::vector<bool> list;
115 if (!TempPermissionObserver::GetInstance().GetAppStateListByTokenID(tokenID, list)) {
116 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID:%{public}d not use temp permission", tokenID);
117 continue;
118 }
119 if (formInstances[i].formVisiblity_ == FormVisibilityType::VISIBLE) {
120 TempPermissionObserver::GetInstance().ModifyAppState(tokenID, FORMS_FLAG, true);
121 std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID);
122 TempPermissionObserver::GetInstance().CancleTaskOfPermissionRevoking(taskName);
123 } else if (formInstances[i].formVisiblity_ == FormVisibilityType::INVISIBLE) {
124 TempPermissionObserver::GetInstance().ModifyAppState(tokenID, FORMS_FLAG, false);
125 if (list[FOREGROUND_FLAG] || list[CONTINUOUS_TASK_FLAG]) {
126 ACCESSTOKEN_LOG_WARN(LABEL, "Has continuoustask or inForeground don't delayRevokePermission!");
127 continue;
128 }
129 std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID);
130 TempPermissionObserver::GetInstance().DelayRevokePermission(tokenID, taskName);
131 }
132 }
133 return RET_SUCCESS;
134 }
135 #ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE
OnContinuousTaskStart(const std::shared_ptr<ContinuousTaskCallbackInfo> & continuousTaskCallbackInfo)136 void PermissionBackgroundTaskObserver::OnContinuousTaskStart(
137 const std::shared_ptr<ContinuousTaskCallbackInfo> &continuousTaskCallbackInfo)
138 {
139 AccessTokenID tokenID = static_cast<AccessTokenID>(continuousTaskCallbackInfo->GetFullTokenId());
140 std::vector<bool> list;
141 if (!TempPermissionObserver::GetInstance().GetAppStateListByTokenID(tokenID, list)) {
142 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID:%{public}d not use temp permission", tokenID);
143 return;
144 }
145 ACCESSTOKEN_LOG_INFO(LABEL, "%{public}d", tokenID);
146 TempPermissionObserver::GetInstance().ModifyAppState(tokenID, CONTINUOUS_TASK_FLAG, true);
147 std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID);
148 TempPermissionObserver::GetInstance().CancleTaskOfPermissionRevoking(taskName);
149 }
150
OnContinuousTaskStop(const std::shared_ptr<ContinuousTaskCallbackInfo> & continuousTaskCallbackInfo)151 void PermissionBackgroundTaskObserver::OnContinuousTaskStop(
152 const std::shared_ptr<ContinuousTaskCallbackInfo> &continuousTaskCallbackInfo)
153 {
154 AccessTokenID tokenID = static_cast<AccessTokenID>(continuousTaskCallbackInfo->GetFullTokenId());
155 std::vector<bool> list;
156 if (!TempPermissionObserver::GetInstance().GetAppStateListByTokenID(tokenID, list)) {
157 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID:%{public}d not use temp permission", tokenID);
158 return;
159 }
160 ACCESSTOKEN_LOG_INFO(LABEL, "%{public}d", tokenID);
161 TempPermissionObserver::GetInstance().ModifyAppState(tokenID, CONTINUOUS_TASK_FLAG, false);
162 if (list[FOREGROUND_FLAG] || list[FORMS_FLAG]) {
163 ACCESSTOKEN_LOG_WARN(LABEL, "Has form or inForeground don't delayRevokePermission!");
164 return;
165 }
166 std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID);
167 TempPermissionObserver::GetInstance().DelayRevokePermission(tokenID, taskName);
168 }
169 #endif
NotifyAppManagerDeath()170 void PermissionAppManagerDeathCallback::NotifyAppManagerDeath()
171 {
172 ACCESSTOKEN_LOG_INFO(LABEL, "TempPermissionObserver AppManagerDeath called");
173
174 TempPermissionObserver::GetInstance().OnAppMgrRemoteDiedHandle();
175 }
176
TempPermissionObserver()177 TempPermissionObserver::TempPermissionObserver() : cancleTimes_(DEFAULT_CANCLE_MILLISECONDS)
178 {}
179
~TempPermissionObserver()180 TempPermissionObserver::~TempPermissionObserver()
181 {
182 UnRegisterCallback();
183 }
184
RegisterCallback()185 void TempPermissionObserver::RegisterCallback()
186 {
187 #ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE
188 {
189 std::lock_guard<std::mutex> lock(backgroundTaskCallbackMutex_);
190 if (backgroundTaskCallback_ == nullptr) {
191 backgroundTaskCallback_ = new (std::nothrow) PermissionBackgroundTaskObserver();
192 if (backgroundTaskCallback_ == nullptr) {
193 ACCESSTOKEN_LOG_ERROR(LABEL, "Register backgroundTaskCallback failed.");
194 return;
195 }
196 int ret = BackgourndTaskManagerAccessClient::GetInstance().SubscribeBackgroundTask(backgroundTaskCallback_);
197 ACCESSTOKEN_LOG_INFO(LABEL, "Register backgroundTaskCallback %{public}d.", ret);
198 }
199 }
200 #endif
201 {
202 std::lock_guard<std::mutex> lock(formStateCallbackMutex_);
203 if (formVisibleCallback_ == nullptr) {
204 formVisibleCallback_ = new (std::nothrow) PermissionFormStateObserver();
205 if (formVisibleCallback_ == nullptr) {
206 ACCESSTOKEN_LOG_ERROR(LABEL, "Register formStateCallback failed.");
207 return;
208 }
209 int ret = FormManagerAccessClient::GetInstance().RegisterAddObserver(
210 FORM_VISIBLE_NAME, formVisibleCallback_->AsObject());
211 ACCESSTOKEN_LOG_INFO(LABEL, "Register formStateCallback %{public}d.", ret);
212 }
213 if (formInvisibleCallback_ == nullptr) {
214 formInvisibleCallback_ = new (std::nothrow) PermissionFormStateObserver();
215 if (formInvisibleCallback_ == nullptr) {
216 ACCESSTOKEN_LOG_ERROR(LABEL, "Register formStateCallback failed.");
217 formVisibleCallback_ = nullptr;
218 return;
219 }
220 int ret = FormManagerAccessClient::GetInstance().RegisterAddObserver(
221 FORM_INVISIBLE_NAME, formInvisibleCallback_->AsObject());
222 ACCESSTOKEN_LOG_INFO(LABEL, "Register formStateCallback %{public}d.", ret);
223 }
224 }
225 RegisterAppStatusListener();
226 }
227
RegisterAppStatusListener()228 void TempPermissionObserver::RegisterAppStatusListener()
229 {
230 {
231 std::lock_guard<std::mutex> lock(appStateCallbackMutex_);
232 if (appStateCallback_ == nullptr) {
233 appStateCallback_ = new (std::nothrow) PermissionAppStateObserver();
234 if (appStateCallback_ == nullptr) {
235 ACCESSTOKEN_LOG_ERROR(LABEL, "Register appStateCallback failed.");
236 return;
237 }
238 int ret = AppManagerAccessClient::GetInstance().RegisterApplicationStateObserver(appStateCallback_);
239 ACCESSTOKEN_LOG_INFO(LABEL, "Register appStateCallback %{public}d.", ret);
240 }
241 }
242 // app manager death callback register
243 {
244 std::lock_guard<std::mutex> lock(appManagerDeathMutex_);
245 if (appManagerDeathCallback_ == nullptr) {
246 appManagerDeathCallback_ = std::make_shared<PermissionAppManagerDeathCallback>();
247 if (appManagerDeathCallback_ == nullptr) {
248 ACCESSTOKEN_LOG_ERROR(LABEL, "Register appManagerDeathCallback failed.");
249 return;
250 }
251 AppManagerAccessClient::GetInstance().RegisterDeathCallback(appManagerDeathCallback_);
252 }
253 }
254 }
255
UnRegisterCallback()256 void TempPermissionObserver::UnRegisterCallback()
257 {
258 {
259 std::lock_guard<std::mutex> lock(appStateCallbackMutex_);
260 if (appStateCallback_ != nullptr) {
261 AppManagerAccessClient::GetInstance().UnregisterApplicationStateObserver(appStateCallback_);
262 appStateCallback_= nullptr;
263 }
264 }
265 #ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE
266 {
267 std::lock_guard<std::mutex> lock(backgroundTaskCallbackMutex_);
268 if (backgroundTaskCallback_ != nullptr) {
269 BackgourndTaskManagerAccessClient::GetInstance().UnsubscribeBackgroundTask(backgroundTaskCallback_);
270 backgroundTaskCallback_= nullptr;
271 }
272 }
273 #endif
274 {
275 std::lock_guard<std::mutex> lock(formStateCallbackMutex_);
276 if (formVisibleCallback_ != nullptr) {
277 FormManagerAccessClient::GetInstance().RegisterRemoveObserver(FORM_VISIBLE_NAME, formVisibleCallback_);
278 formVisibleCallback_ = nullptr;
279 }
280 if (formInvisibleCallback_ != nullptr) {
281 FormManagerAccessClient::GetInstance().RegisterRemoveObserver(FORM_INVISIBLE_NAME, formInvisibleCallback_);
282 formInvisibleCallback_ = nullptr;
283 }
284 }
285 }
286
GetAppStateListByTokenID(AccessTokenID tokenID,std::vector<bool> & list)287 bool TempPermissionObserver::GetAppStateListByTokenID(AccessTokenID tokenID, std::vector<bool>& list)
288 {
289 std::unique_lock<std::mutex> lck(tempPermissionMutex_);
290 auto iter = tempPermTokenMap_.find(tokenID);
291 if (iter == tempPermTokenMap_.end()) {
292 return false;
293 }
294 list = iter->second;
295 return true;
296 }
297
ModifyAppState(AccessTokenID tokenID,int32_t index,bool flag)298 void TempPermissionObserver::ModifyAppState(AccessTokenID tokenID, int32_t index, bool flag)
299 {
300 std::unique_lock<std::mutex> lck(tempPermissionMutex_);
301 auto iter = tempPermTokenMap_.find(tokenID);
302 if (iter == tempPermTokenMap_.end()) {
303 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID:%{public}d not exist in map", tokenID);
304 return;
305 }
306 iter->second[index] = flag;
307 }
308
GetTokenIDByBundle(const std::string & bundleName,AccessTokenID & tokenID)309 bool TempPermissionObserver::GetTokenIDByBundle(const std::string &bundleName, AccessTokenID& tokenID)
310 {
311 std::unique_lock<std::mutex> lck(formTokenMutex_);
312 auto iter = formTokenMap_.find(bundleName);
313 if (iter == formTokenMap_.end()) {
314 ACCESSTOKEN_LOG_DEBUG(LABEL, "BundleName:%{public}s not exist in map", bundleName.c_str());
315 return false;
316 }
317 tokenID = iter->second;
318 return true;
319 }
320
IsAllowGrantTempPermission(AccessTokenID tokenID,const std::string & permissionName)321 bool TempPermissionObserver::IsAllowGrantTempPermission(AccessTokenID tokenID, const std::string& permissionName)
322 {
323 HapTokenInfo tokenInfo;
324 if (AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, tokenInfo) != RET_SUCCESS) {
325 ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid tokenId(%{public}d)", tokenID);
326 return false;
327 }
328 auto iterator = std::find(g_tempPermission.begin(), g_tempPermission.end(), permissionName);
329 if (iterator == g_tempPermission.end()) {
330 ACCESSTOKEN_LOG_WARN(LABEL, "Permission is not available to temp grant: %{public}s!", permissionName.c_str());
331 return false;
332 }
333
334 bool isForeground = false;
335 std::vector<AppStateData> foreGroundAppList;
336 AppManagerAccessClient::GetInstance().GetForegroundApplications(foreGroundAppList);
337 if (std::any_of(foreGroundAppList.begin(), foreGroundAppList.end(),
338 [=](const auto& foreGroundApp) { return foreGroundApp.bundleName == tokenInfo.bundleName; })) {
339 isForeground = true;
340 }
341 bool isContinuousTaskExist = false;
342 #ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE
343 std::vector<std::shared_ptr<ContinuousTaskCallbackInfo>> continuousTaskList;
344 BackgourndTaskManagerAccessClient::GetInstance().GetContinuousTaskApps(continuousTaskList);
345 if (std::any_of(continuousTaskList.begin(), continuousTaskList.end(),
346 [=](const auto& callbackInfo) { return static_cast<AccessTokenID>(callbackInfo->tokenId_) == tokenID; })) {
347 isContinuousTaskExist = true;
348 }
349 #endif
350 bool isFormVisible = FormManagerAccessClient::GetInstance().HasFormVisible(tokenID);
351 ACCESSTOKEN_LOG_INFO(LABEL, "TokenID:%{public}d, isForeground:%{public}d, isFormVisible:%{public}d,"
352 "isContinuousTaskExist:%{public}d",
353 tokenID, isForeground, isFormVisible, isContinuousTaskExist);
354 bool userEnable = true;
355 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
356 int callingUid = IPCSkeleton::GetCallingUid();
357 if (callingUid == ROOT_UID) {
358 userEnable = false;
359 }
360 #endif
361 if (!userEnable || isForeground || isFormVisible || isContinuousTaskExist) {
362 std::vector<bool> list;
363 list.emplace_back(isForeground);
364 list.emplace_back(isFormVisible);
365 list.emplace_back(isContinuousTaskExist);
366 AddTempPermTokenToList(tokenID, tokenInfo.bundleName, permissionName, list);
367 return true;
368 }
369 return false;
370 }
371
AddTempPermTokenToList(AccessTokenID tokenID,const std::string & bundleName,const std::string & permissionName,const std::vector<bool> & list)372 void TempPermissionObserver::AddTempPermTokenToList(AccessTokenID tokenID,
373 const std::string& bundleName, const std::string& permissionName, const std::vector<bool>& list)
374 {
375 RegisterCallback();
376 {
377 std::unique_lock<std::mutex> lck(tempPermissionMutex_);
378 tempPermTokenMap_[tokenID] = list;
379 }
380 ACCESSTOKEN_LOG_INFO(LABEL, "TokenID:%{public}d, bundleName:%{public}s, permissionName:%{public}s",
381 tokenID, bundleName.c_str(), permissionName.c_str());
382 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "GRANT_TEMP_PERMISSION",
383 HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "TOKENID", tokenID,
384 "BUNDLENAME", bundleName, "PERMISSION_NAME", permissionName);
385 {
386 std::unique_lock<std::mutex> lck(formTokenMutex_);
387 formTokenMap_[bundleName] = tokenID;
388 }
389 }
390
GetPermissionStateFull(AccessTokenID tokenID,std::vector<PermissionStateFull> & permissionStateFullList)391 bool TempPermissionObserver::GetPermissionStateFull(AccessTokenID tokenID,
392 std::vector<PermissionStateFull>& permissionStateFullList)
393 {
394 std::shared_ptr<HapTokenInfoInner> infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID);
395 if (infoPtr == nullptr) {
396 ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u is invalid.", tokenID);
397 return false;
398 }
399 if (infoPtr->IsRemote()) {
400 ACCESSTOKEN_LOG_ERROR(LABEL, "It is a remote hap token %{public}u!", tokenID);
401 return false;
402 }
403 std::shared_ptr<PermissionPolicySet> permPolicySet = infoPtr->GetHapInfoPermissionPolicySet();
404 if (permPolicySet == nullptr) {
405 ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!");
406 return false;
407 }
408
409 permPolicySet->GetPermissionStateFulls(permissionStateFullList);
410 return true;
411 }
412
RevokeAllTempPermission(AccessTokenID tokenID)413 void TempPermissionObserver::RevokeAllTempPermission(AccessTokenID tokenID)
414 {
415 std::vector<bool> list;
416 if (!GetAppStateListByTokenID(tokenID, list)) {
417 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID:%{public}d not exist in permList", tokenID);
418 return;
419 }
420 std::unique_lock<std::mutex> lck(tempPermissionMutex_);
421 tempPermTokenMap_.erase(tokenID);
422 if (tempPermTokenMap_.empty()) {
423 UnRegisterCallback();
424 }
425
426 std::vector<PermissionStateFull> tmpList;
427 if (!GetPermissionStateFull(tokenID, tmpList)) {
428 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID:%{public}d get permission state full fail!", tokenID);
429 return;
430 }
431 for (const auto& permissionState : tmpList) {
432 if (permissionState.grantFlags[0] & PERMISSION_ALLOW_THIS_TIME) {
433 if (PermissionManager::GetInstance().RevokePermission(
434 tokenID, permissionState.permissionName, PERMISSION_ALLOW_THIS_TIME) != RET_SUCCESS) {
435 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID:%{public}d revoke permission:%{public}s failed!",
436 tokenID, permissionState.permissionName.c_str());
437 return;
438 }
439 }
440 }
441 }
442
OnAppMgrRemoteDiedHandle()443 void TempPermissionObserver::OnAppMgrRemoteDiedHandle()
444 {
445 std::unique_lock<std::mutex> lck(tempPermissionMutex_);
446 for (auto iter = tempPermTokenMap_.begin(); iter != tempPermTokenMap_.end(); ++iter) {
447 std::vector<PermissionStateFull> tmpList;
448 GetPermissionStateFull(iter->first, tmpList);
449 for (const auto& permissionState : tmpList) {
450 if (permissionState.grantFlags[0] & PERMISSION_ALLOW_THIS_TIME) {
451 PermissionManager::GetInstance().RevokePermission(
452 iter->first, permissionState.permissionName, PERMISSION_ALLOW_THIS_TIME);
453 }
454 }
455 std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(iter->first);
456 TempPermissionObserver::GetInstance().CancleTaskOfPermissionRevoking(taskName);
457 }
458 tempPermTokenMap_.clear();
459 ACCESSTOKEN_LOG_INFO(LABEL, "TempPermTokenMap_ clear!");
460 appStateCallback_= nullptr;
461 }
462
463 #ifdef EVENTHANDLER_ENABLE
InitEventHandler(const std::shared_ptr<AccessEventHandler> & eventHandler)464 void TempPermissionObserver::InitEventHandler(const std::shared_ptr<AccessEventHandler>& eventHandler)
465 {
466 eventHandler_ = eventHandler;
467 }
468 #endif
469
DelayRevokePermission(AccessToken::AccessTokenID tokenID,const std::string & taskName)470 bool TempPermissionObserver::DelayRevokePermission(AccessToken::AccessTokenID tokenID, const std::string& taskName)
471 {
472 #ifdef EVENTHANDLER_ENABLE
473 if (eventHandler_ == nullptr) {
474 ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to get EventHandler");
475 return false;
476 }
477
478 ACCESSTOKEN_LOG_INFO(LABEL, "Add permission task name:%{public}s", taskName.c_str());
479
480 std::function<void()> delayed = ([tokenID]() {
481 TempPermissionObserver::GetInstance().RevokeAllTempPermission(tokenID);
482 ACCESSTOKEN_LOG_INFO(LABEL, "Token: %{public}d, delay revoke permission end", tokenID);
483 });
484 eventHandler_->ProxyPostTask(delayed, taskName, cancleTimes_);
485 return true;
486 #else
487 ACCESSTOKEN_LOG_WARN(LABEL, "Eventhandler is not existed");
488 return false;
489 #endif
490 }
491
CancleTaskOfPermissionRevoking(const std::string & taskName)492 bool TempPermissionObserver::CancleTaskOfPermissionRevoking(const std::string& taskName)
493 {
494 #ifdef EVENTHANDLER_ENABLE
495 if (eventHandler_ == nullptr) {
496 ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to get EventHandler");
497 return false;
498 }
499
500 ACCESSTOKEN_LOG_INFO(LABEL, "Revoke permission task name:%{public}s", taskName.c_str());
501 eventHandler_->ProxyRemoveTask(taskName);
502 return true;
503 #else
504 ACCESSTOKEN_LOG_WARN(LABEL, "Eventhandler is not existed");
505 return false;
506 #endif
507 }
508
GetConfigValue()509 void TempPermissionObserver::GetConfigValue()
510 {
511 LibraryLoader loader(CONFIG_POLICY_LIBPATH);
512 ConfigPolicyLoaderInterface* policy = loader.GetObject<ConfigPolicyLoaderInterface>();
513 if (policy == nullptr) {
514 ACCESSTOKEN_LOG_ERROR(LABEL, "Dlopen libaccesstoken_config_policy failed.");
515 return;
516 }
517 AccessTokenConfigValue value;
518 if (policy->GetConfigValue(ServiceType::ACCESSTOKEN_SERVICE, value)) {
519 cancleTimes_ = value.atConfig.cancleTime == 0 ? DEFAULT_CANCLE_MILLISECONDS : value.atConfig.cancleTime;
520 } else {
521 cancleTimes_ = DEFAULT_CANCLE_MILLISECONDS;
522 }
523
524 ACCESSTOKEN_LOG_INFO(LABEL, "CancleTimes_ is %{public}d.", cancleTimes_);
525 }
526 } // namespace AccessToken
527 } // namespace Security
528 } // namespace OHOS
529