1 /* 2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef PERMISSION_MANAGER_H 17 #define PERMISSION_MANAGER_H 18 19 #include <mutex> 20 #include <vector> 21 #include <string> 22 23 #include "access_token.h" 24 #include "hap_token_info_inner.h" 25 #include "iremote_broker.h" 26 #include "permission_def.h" 27 #include "permission_grant_event.h" 28 #include "permission_list_state.h" 29 #include "permission_list_state_parcel.h" 30 #include "permission_state_change_info.h" 31 #include "permission_state_full.h" 32 #include "temp_permission_observer.h" 33 34 #include "rwlock.h" 35 #include "nocopyable.h" 36 37 namespace OHOS { 38 namespace Security { 39 namespace AccessToken { 40 constexpr const char* VAGUE_LOCATION_PERMISSION_NAME = "ohos.permission.APPROXIMATELY_LOCATION"; 41 constexpr const char* ACCURATE_LOCATION_PERMISSION_NAME = "ohos.permission.LOCATION"; 42 constexpr const char* BACKGROUND_LOCATION_PERMISSION_NAME = "ohos.permission.LOCATION_IN_BACKGROUND"; 43 const int32_t ACCURATE_LOCATION_API_VERSION = 9; 44 const int32_t BACKGROUND_LOCATION_API_VERSION = 11; 45 const uint32_t PERMISSION_NOT_REQUSET = -1; 46 struct LocationIndex { 47 uint32_t vagueIndex = PERMISSION_NOT_REQUSET; 48 uint32_t accurateIndex = PERMISSION_NOT_REQUSET; 49 uint32_t backIndex = PERMISSION_NOT_REQUSET; 50 }; 51 52 class PermissionManager { 53 public: 54 static PermissionManager& GetInstance(); 55 PermissionManager(); 56 virtual ~PermissionManager(); 57 58 void RegisterApplicationCallback(); 59 void RegisterAppManagerDeathCallback(); 60 void AddDefPermissions(const std::vector<PermissionDef>& permList, AccessTokenID tokenId, 61 bool updateFlag); 62 void RemoveDefPermissions(AccessTokenID tokenID); 63 int VerifyNativeAccessToken(AccessTokenID tokenID, const std::string& permissionName); 64 int VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName); 65 PermUsedTypeEnum GetUserGrantedPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); 66 virtual int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); 67 int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); 68 int GetDefPermissions(AccessTokenID tokenID, std::vector<PermissionDef>& permList); 69 int GetReqPermissions( 70 AccessTokenID tokenID, std::vector<PermissionStateFull>& reqPermList, bool isSystemGrant); 71 int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag); 72 int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, int32_t userID); 73 int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, int32_t userID); 74 int32_t CheckAndUpdatePermission(AccessTokenID tokenID, const std::string& permissionName, 75 bool isGranted, uint32_t flag); 76 int32_t UpdatePermission(AccessTokenID tokenID, const std::string& permissionName, 77 bool isGranted, uint32_t flag, bool needKill); 78 int32_t GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag); 79 int32_t RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag); 80 void ClearUserGrantedPermissionState(AccessTokenID tokenID); 81 int32_t GrantPermissionForSpecifiedTime( 82 AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime); 83 void GetSelfPermissionState(const std::vector<PermissionStateFull>& permsList, 84 PermissionListState& permState, int32_t apiVersion); 85 int32_t AddPermStateChangeCallback( 86 const PermStateChangeScope& scope, const sptr<IRemoteObject>& callback); 87 int32_t RemovePermStateChangeCallback(const sptr<IRemoteObject>& callback); 88 bool GetApiVersionByTokenId(AccessTokenID tokenID, int32_t& apiVersion); 89 bool LocationPermissionSpecialHandle(AccessTokenID tokenID, std::vector<PermissionListStateParcel>& reqPermList, 90 std::vector<PermissionStateFull>& permsList, int32_t apiVersion); 91 void NotifyPermGrantStoreResult(bool result, uint64_t timestamp); 92 void ClearAllSecCompGrantedPerm(const std::vector<AccessTokenID>& tokenIdList); 93 void ParamUpdate(const std::string& permissionName, uint32_t flag, bool filtered); 94 void NotifyWhenPermissionStateUpdated(AccessTokenID tokenID, const std::string& permissionName, 95 bool isGranted, uint32_t flag, const std::shared_ptr<HapTokenInfoInner>& infoPtr); 96 int32_t ClearUserGrantedPermission(AccessTokenID tokenID); 97 void AddPermToKernel(AccessTokenID tokenID, const std::shared_ptr<PermissionPolicySet>& policy); 98 void RemovePermFromKernel(AccessTokenID tokenID); 99 void SetPermToKernel(AccessTokenID tokenID, const std::string& permissionName, bool isGranted); 100 bool InitPermissionList(const std::string& appDistributionType, 101 const HapPolicyParams& policy, std::vector<PermissionStateFull>& initializedList); 102 bool InitDlpPermissionList(const std::string& bundleName, int32_t userId, 103 std::vector<PermissionStateFull>& initializedList); 104 protected: 105 static void RegisterImpl(PermissionManager* implInstance); 106 private: 107 void ScopeToString( 108 const std::vector<AccessTokenID>& tokenIDs, const std::vector<std::string>& permList); 109 int32_t ScopeFilter(const PermStateChangeScope& scopeSrc, PermStateChangeScope& scopeRes); 110 int32_t UpdateTokenPermissionState( 111 AccessTokenID id, const std::string& permission, bool isGranted, uint32_t flag, bool needKill); 112 std::string TransferPermissionDefToString(const PermissionDef& inPermissionDef); 113 bool IsPermissionVaild(const std::string& permissionName); 114 bool GetLocationPermissionIndex(std::vector<PermissionListStateParcel>& reqPermList, LocationIndex& locationIndex); 115 bool GetLocationPermissionState(AccessTokenID tokenID, std::vector<PermissionListStateParcel>& reqPermList, 116 std::vector<PermissionStateFull>& permsList, int32_t apiVersion, const LocationIndex& locationIndex); 117 void NotifyUpdatedPermList(const std::vector<std::string>& grantedPermListBefore, 118 const std::vector<std::string>& grantedPermListAfter, AccessTokenID tokenID); 119 int32_t FindPermRequestToggleStatusFromDb(int32_t userID, const std::string& permissionName); 120 void AddPermRequestToggleStatusToDb(int32_t userID, const std::string& permissionName, int32_t status); 121 void PermDefToString(const PermissionDef& def, std::string& info) const; 122 bool IsPermissionStateOrFlagMatched(const PermissionStateFull& stata1, const PermissionStateFull& stata2); 123 void GetStateOrFlagChangedList(std::vector<PermissionStateFull>& stateListBefore, 124 std::vector<PermissionStateFull>& stateListAfter, std::vector<PermissionStateFull>& stateChangeList); 125 126 PermissionGrantEvent grantEvent_; 127 static std::recursive_mutex mutex_; 128 static PermissionManager* implInstance_; 129 130 OHOS::Utils::RWLock permParamSetLock_; 131 uint64_t paramValue_ = 0; 132 133 OHOS::Utils::RWLock permToggleStateLock_; 134 DISALLOW_COPY_AND_MOVE(PermissionManager); 135 }; 136 } // namespace AccessToken 137 } // namespace Security 138 } // namespace OHOS 139 #endif // PERMISSION_MANAGER_H 140