1 /*
2  * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef PERMISSION_MANAGER_H
17 #define PERMISSION_MANAGER_H
18 
19 #include <mutex>
20 #include <vector>
21 #include <string>
22 
23 #include "access_token.h"
24 #include "hap_token_info_inner.h"
25 #include "iremote_broker.h"
26 #include "permission_def.h"
27 #include "permission_grant_event.h"
28 #include "permission_list_state.h"
29 #include "permission_list_state_parcel.h"
30 #include "permission_state_change_info.h"
31 #include "permission_state_full.h"
32 #include "temp_permission_observer.h"
33 
34 #include "rwlock.h"
35 #include "nocopyable.h"
36 
37 namespace OHOS {
38 namespace Security {
39 namespace AccessToken {
40 constexpr const char* VAGUE_LOCATION_PERMISSION_NAME = "ohos.permission.APPROXIMATELY_LOCATION";
41 constexpr const char* ACCURATE_LOCATION_PERMISSION_NAME = "ohos.permission.LOCATION";
42 constexpr const char* BACKGROUND_LOCATION_PERMISSION_NAME = "ohos.permission.LOCATION_IN_BACKGROUND";
43 const int32_t ACCURATE_LOCATION_API_VERSION = 9;
44 const int32_t BACKGROUND_LOCATION_API_VERSION = 11;
45 const uint32_t PERMISSION_NOT_REQUSET = -1;
46 struct LocationIndex {
47     uint32_t vagueIndex = PERMISSION_NOT_REQUSET;
48     uint32_t accurateIndex = PERMISSION_NOT_REQUSET;
49     uint32_t backIndex = PERMISSION_NOT_REQUSET;
50 };
51 
52 class PermissionManager {
53 public:
54     static PermissionManager& GetInstance();
55     PermissionManager();
56     virtual ~PermissionManager();
57 
58     void RegisterApplicationCallback();
59     void RegisterAppManagerDeathCallback();
60     void AddDefPermissions(const std::vector<PermissionDef>& permList, AccessTokenID tokenId,
61         bool updateFlag);
62     void RemoveDefPermissions(AccessTokenID tokenID);
63     int VerifyNativeAccessToken(AccessTokenID tokenID, const std::string& permissionName);
64     int VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName);
65     PermUsedTypeEnum GetUserGrantedPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName);
66     virtual int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName);
67     int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult);
68     int GetDefPermissions(AccessTokenID tokenID, std::vector<PermissionDef>& permList);
69     int GetReqPermissions(
70         AccessTokenID tokenID, std::vector<PermissionStateFull>& reqPermList, bool isSystemGrant);
71     int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag);
72     int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, int32_t userID);
73     int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, int32_t userID);
74     int32_t CheckAndUpdatePermission(AccessTokenID tokenID, const std::string& permissionName,
75         bool isGranted, uint32_t flag);
76     int32_t UpdatePermission(AccessTokenID tokenID, const std::string& permissionName,
77         bool isGranted, uint32_t flag, bool needKill);
78     int32_t GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag);
79     int32_t RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag);
80     void ClearUserGrantedPermissionState(AccessTokenID tokenID);
81     int32_t GrantPermissionForSpecifiedTime(
82         AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime);
83     void GetSelfPermissionState(const std::vector<PermissionStateFull>& permsList,
84         PermissionListState& permState, int32_t apiVersion);
85     int32_t AddPermStateChangeCallback(
86         const PermStateChangeScope& scope, const sptr<IRemoteObject>& callback);
87     int32_t RemovePermStateChangeCallback(const sptr<IRemoteObject>& callback);
88     bool GetApiVersionByTokenId(AccessTokenID tokenID, int32_t& apiVersion);
89     bool LocationPermissionSpecialHandle(AccessTokenID tokenID, std::vector<PermissionListStateParcel>& reqPermList,
90         std::vector<PermissionStateFull>& permsList, int32_t apiVersion);
91     void NotifyPermGrantStoreResult(bool result, uint64_t timestamp);
92     void ClearAllSecCompGrantedPerm(const std::vector<AccessTokenID>& tokenIdList);
93     void ParamUpdate(const std::string& permissionName, uint32_t flag, bool filtered);
94     void NotifyWhenPermissionStateUpdated(AccessTokenID tokenID, const std::string& permissionName,
95         bool isGranted, uint32_t flag, const std::shared_ptr<HapTokenInfoInner>& infoPtr);
96     int32_t ClearUserGrantedPermission(AccessTokenID tokenID);
97     void AddPermToKernel(AccessTokenID tokenID, const std::shared_ptr<PermissionPolicySet>& policy);
98     void RemovePermFromKernel(AccessTokenID tokenID);
99     void SetPermToKernel(AccessTokenID tokenID, const std::string& permissionName, bool isGranted);
100     bool InitPermissionList(const std::string& appDistributionType,
101         const HapPolicyParams& policy, std::vector<PermissionStateFull>& initializedList);
102     bool InitDlpPermissionList(const std::string& bundleName, int32_t userId,
103         std::vector<PermissionStateFull>& initializedList);
104 protected:
105     static void RegisterImpl(PermissionManager* implInstance);
106 private:
107     void ScopeToString(
108         const std::vector<AccessTokenID>& tokenIDs, const std::vector<std::string>& permList);
109     int32_t ScopeFilter(const PermStateChangeScope& scopeSrc, PermStateChangeScope& scopeRes);
110     int32_t UpdateTokenPermissionState(
111         AccessTokenID id, const std::string& permission, bool isGranted, uint32_t flag, bool needKill);
112     std::string TransferPermissionDefToString(const PermissionDef& inPermissionDef);
113     bool IsPermissionVaild(const std::string& permissionName);
114     bool GetLocationPermissionIndex(std::vector<PermissionListStateParcel>& reqPermList, LocationIndex& locationIndex);
115     bool GetLocationPermissionState(AccessTokenID tokenID, std::vector<PermissionListStateParcel>& reqPermList,
116         std::vector<PermissionStateFull>& permsList, int32_t apiVersion, const LocationIndex& locationIndex);
117     void NotifyUpdatedPermList(const std::vector<std::string>& grantedPermListBefore,
118         const std::vector<std::string>& grantedPermListAfter, AccessTokenID tokenID);
119     int32_t FindPermRequestToggleStatusFromDb(int32_t userID, const std::string& permissionName);
120     void AddPermRequestToggleStatusToDb(int32_t userID, const std::string& permissionName, int32_t status);
121     void PermDefToString(const PermissionDef& def, std::string& info) const;
122     bool IsPermissionStateOrFlagMatched(const PermissionStateFull& stata1, const PermissionStateFull& stata2);
123     void GetStateOrFlagChangedList(std::vector<PermissionStateFull>& stateListBefore,
124         std::vector<PermissionStateFull>& stateListAfter, std::vector<PermissionStateFull>& stateChangeList);
125 
126     PermissionGrantEvent grantEvent_;
127     static std::recursive_mutex mutex_;
128     static PermissionManager* implInstance_;
129 
130     OHOS::Utils::RWLock permParamSetLock_;
131     uint64_t paramValue_ = 0;
132 
133     OHOS::Utils::RWLock permToggleStateLock_;
134     DISALLOW_COPY_AND_MOVE(PermissionManager);
135 };
136 } // namespace AccessToken
137 } // namespace Security
138 } // namespace OHOS
139 #endif // PERMISSION_MANAGER_H
140