1 /* 2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef DLP_PERMISSION_SERVICE_H 17 #define DLP_PERMISSION_SERVICE_H 18 19 #include <atomic> 20 #include <string> 21 #include <vector> 22 #include "app_state_observer.h" 23 #include "app_uninstall_observer.h" 24 #include "dlp_permission_stub.h" 25 #include "iremote_object.h" 26 #include "nocopyable.h" 27 #include "retention_file_manager.h" 28 #include "sandbox_config_kv_data_storage.h" 29 #include "singleton.h" 30 #include "system_ability.h" 31 32 namespace OHOS { 33 namespace Security { 34 namespace DlpPermission { 35 enum class ServiceRunningState { STATE_NOT_START, STATE_RUNNING }; 36 37 #ifdef DLP_GATHERING_SANDBOX 38 #define GATHERING_POLICY true 39 #else 40 #define GATHERING_POLICY false 41 #endif 42 43 class DlpPermissionService final : public SystemAbility, public DlpPermissionStub { 44 DECLARE_DELAYED_SINGLETON(DlpPermissionService); 45 DECLEAR_SYSTEM_ABILITY(DlpPermissionService); 46 47 public: 48 DlpPermissionService(int saId, bool runOnCreate); 49 void OnStart() override; 50 void OnStop() override; 51 52 bool RegisterAppStateObserver(); 53 void UnregisterAppStateObserver(); 54 55 int32_t GenerateDlpCertificate( 56 const sptr<DlpPolicyParcel>& policyParcel, const sptr<IDlpPermissionCallback>& callback) override; 57 int32_t ParseDlpCertificate(sptr<CertParcel>& certParcel, const sptr<IDlpPermissionCallback>& callback, 58 const std::string& appId, const bool& offlineAccess) override; 59 int32_t InstallDlpSandbox(const std::string& bundleName, DLPFileAccess dlpFileAccess, int32_t userId, 60 SandboxInfo& sandboxInfo, const std::string& uri) override; 61 int32_t UninstallDlpSandbox(const std::string& bundleName, int32_t appIndex, int32_t userId) override; 62 int32_t GetSandboxExternalAuthorization( 63 int sandboxUid, const AAFwk::Want& want, SandBoxExternalAuthorType& authType) override; 64 65 int32_t QueryDlpFileCopyableByTokenId(bool& copyable, uint32_t tokenId) override; 66 int32_t QueryDlpFileAccess(DLPPermissionInfoParcel& permInfoParcel) override; 67 int32_t IsInDlpSandbox(bool& inSandbox) override; 68 int32_t GetDlpSupportFileType(std::vector<std::string>& supportFileType) override; 69 int32_t RegisterDlpSandboxChangeCallback(const sptr<IRemoteObject>& callback) override; 70 int32_t UnRegisterDlpSandboxChangeCallback(bool& result) override; 71 int32_t RegisterOpenDlpFileCallback(const sptr<IRemoteObject>& callback) override; 72 int32_t UnRegisterOpenDlpFileCallback(const sptr<IRemoteObject>& callback) override; 73 74 int32_t GetDlpGatheringPolicy(bool& isGathering) override; 75 int32_t SetRetentionState(const std::vector<std::string>& docUriVec) override; 76 int32_t CancelRetentionState(const std::vector<std::string>& docUriVec) override; 77 int32_t GetRetentionSandboxList(const std::string& bundleName, 78 std::vector<RetentionSandBoxInfo>& retentionSandBoxInfoVec) override; 79 int32_t ClearUnreservedSandbox() override; 80 int32_t GetDLPFileVisitRecord(std::vector<VisitedDLPFileInfo>& infoVec) override; 81 int32_t SetSandboxAppConfig(const std::string& configInfo) override; 82 int32_t CleanSandboxAppConfig() override; 83 int32_t GetSandboxAppConfig(std::string& configInfo) override; 84 int32_t IsDLPFeatureProvided(bool& isProvideDLPFeature) override; 85 int32_t SetReadFlag(uint32_t uid) override; 86 int32_t SetMDMPolicy(const std::vector<std::string>& appIdList) override; 87 int32_t GetMDMPolicy(std::vector<std::string>& appIdList) override; 88 int32_t RemoveMDMPolicy() override; 89 void StartTimer() override; 90 int Dump(int fd, const std::vector<std::u16string>& args) override; 91 92 private: 93 bool InsertDlpSandboxInfo(DlpSandboxInfo& sandboxInfo, bool hasRetention); 94 uint32_t DeleteDlpSandboxInfo(const std::string& bundleName, int32_t appIndex, int32_t userId); 95 bool GetCallerBundleName(const uint32_t tokenId, std::string& bundleName); 96 bool RemoveRetentionInfo(std::vector<RetentionSandBoxInfo>& retentionSandBoxInfoVec, RetentionInfo& info); 97 int32_t UninstallDlpSandboxApp(const std::string& bundleName, int32_t appIndex, int32_t userId); 98 int32_t SandConfigOperateCheck(SandboxConfigOperationEnum operationEnum, std::string& bundleName, 99 int32_t& userId, AccessToken::AccessTokenID& originalTokenId); 100 int32_t SandboxConfigOperate(std::string& configInfo, SandboxConfigOperationEnum operationEnum); 101 void TerminalService(); 102 void GetCfgFilesList(std::vector<std::string>& cfgFilesList); 103 void GetConfigFileValue(const std::string& cfgFile, std::vector<std::string>& typeList); 104 std::vector<std::string> InitConfig(); 105 106 std::atomic<int32_t> repeatTime_; 107 std::shared_ptr<std::thread> thread_ = nullptr; 108 std::mutex mutex_; 109 std::mutex terminalMutex_; 110 bool isGathering_ = GATHERING_POLICY; 111 ServiceRunningState state_; 112 sptr<AppExecFwk::IAppMgr> iAppMgr_; 113 sptr<AppStateObserver> appStateObserver_; 114 std::shared_ptr<DlpEventSubSubscriber> dlpEventSubSubscriber_ = nullptr; 115 }; 116 } // namespace DlpPermission 117 } // namespace Security 118 } // namespace OHOS 119 #endif // DLP_PERMISSION_SERVICE_H 120