1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #include "dlp_permission_set_manager.h"
16 
17 #include <memory>
18 #include <mutex>
19 
20 #include "access_token.h"
21 #include "accesstoken_log.h"
22 #include "access_token_error.h"
23 #include "data_validator.h"
24 #include "securec.h"
25 
26 namespace OHOS {
27 namespace Security {
28 namespace AccessToken {
29 namespace {
30 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "DlpPermissionSetManager"};
31 std::recursive_mutex g_instanceMutex;
32 }
33 
GetInstance()34 DlpPermissionSetManager& DlpPermissionSetManager::GetInstance()
35 {
36     static DlpPermissionSetManager* instance = nullptr;
37     if (instance == nullptr) {
38         std::lock_guard<std::recursive_mutex> lock(g_instanceMutex);
39         if (instance == nullptr) {
40             instance = new DlpPermissionSetManager();
41         }
42     }
43     return *instance;
44 }
45 
DlpPermissionSetManager()46 DlpPermissionSetManager::DlpPermissionSetManager()
47 {}
48 
~DlpPermissionSetManager()49 DlpPermissionSetManager::~DlpPermissionSetManager()
50 {}
51 
ProcessDlpPermInfos(const std::vector<PermissionDlpMode> & dlpPermInfos)52 void DlpPermissionSetManager::ProcessDlpPermInfos(const std::vector<PermissionDlpMode>& dlpPermInfos)
53 {
54     for (auto iter = dlpPermInfos.begin(); iter != dlpPermInfos.end(); iter++) {
55         auto it = dlpPermissionModeMap_.find(iter->permissionName);
56         if (it != dlpPermissionModeMap_.end()) {
57             ACCESSTOKEN_LOG_WARN(LABEL,
58                 "info for permission: %{public}s dlpMode %{public}d has been insert, please check!",
59                 iter->permissionName.c_str(), iter->dlpMode);
60             continue;
61         }
62         dlpPermissionModeMap_[iter->permissionName] = iter->dlpMode;
63     }
64 }
65 
GetPermDlpMode(const std::string & permissionName)66 int32_t DlpPermissionSetManager::GetPermDlpMode(const std::string& permissionName)
67 {
68     auto it = dlpPermissionModeMap_.find(permissionName);
69     if (it == dlpPermissionModeMap_.end()) {
70         ACCESSTOKEN_LOG_DEBUG(LABEL, "Can not find permission: %{public}s in dlp permission cfg",
71             permissionName.c_str());
72         return DLP_PERM_ALL;
73     }
74     return dlpPermissionModeMap_[permissionName];
75 }
76 
UpdatePermStateWithDlpInfo(int32_t hapDlpType,std::vector<PermissionStateFull> & permStateList)77 void DlpPermissionSetManager::UpdatePermStateWithDlpInfo(int32_t hapDlpType,
78     std::vector<PermissionStateFull>& permStateList)
79 {
80     ACCESSTOKEN_LOG_DEBUG(LABEL, "DlpType: %{public}d", hapDlpType);
81     for (auto iter = permStateList.begin(); iter != permStateList.end(); ++iter) {
82         if (iter->grantStatus[0] == PERMISSION_DENIED) {
83             continue;
84         }
85         int32_t permissionDlpMode = GetPermDlpMode(iter->permissionName);
86         bool res = IsPermDlpModeAvailableToDlpHap(hapDlpType, permissionDlpMode);
87         if (!res) {
88             iter->grantStatus[0] = PERMISSION_DENIED;
89         }
90     }
91 }
92 
IsPermissionAvailableToDlpHap(int32_t hapDlpType,const std::string & permissionName)93 bool DlpPermissionSetManager::IsPermissionAvailableToDlpHap(int32_t hapDlpType,
94     const std::string& permissionName)
95 {
96     int32_t permissionDlpMode = GetPermDlpMode(permissionName);
97     return IsPermDlpModeAvailableToDlpHap(hapDlpType, permissionDlpMode);
98 }
99 
IsPermDlpModeAvailableToDlpHap(int32_t hapDlpType,int32_t permDlpMode)100 bool DlpPermissionSetManager::IsPermDlpModeAvailableToDlpHap(int32_t hapDlpType, int32_t permDlpMode)
101 {
102     ACCESSTOKEN_LOG_DEBUG(LABEL, "DlpType: %{public}d dlpMode %{public}d", hapDlpType, permDlpMode);
103 
104     /* permission is available to all dlp hap */
105     if ((hapDlpType == DLP_COMMON) || (permDlpMode == DLP_PERM_ALL)) {
106         return true;
107     }
108 
109     /* permission is available to full control */
110     if (permDlpMode == DLP_PERM_FULL_CONTROL && hapDlpType == DLP_FULL_CONTROL) {
111         return true;
112     }
113     /* permission is available to none */
114     return false;
115 }
116 } // namespace AccessToken
117 } // namespace Security
118 } // namespace OHOS
119