1 /* 2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef FOUNDATION_APPEXECFWK_SERVICES_BUNDLEMGR_INCLUDE_BUNDLE_PERMISSION_MGR_H 17 #define FOUNDATION_APPEXECFWK_SERVICES_BUNDLEMGR_INCLUDE_BUNDLE_PERMISSION_MGR_H 18 19 #include "accesstoken_kit.h" 20 #include "bundle_constants.h" 21 #include "default_permission.h" 22 #include "inner_bundle_info.h" 23 #include "permission_define.h" 24 25 namespace OHOS { 26 namespace AppExecFwk { 27 class BundlePermissionMgr { 28 public: 29 /** 30 * @brief Initialize BundlePermissionMgr, which is only called when the system starts. 31 * @return Returns true if successfully initialized BundlePermissionMgr; returns false otherwise. 32 */ 33 static bool Init(); 34 35 static void UnInit(); 36 37 /** 38 * @brief Verify whether a specified bundle has been granted a specific permission. 39 * @param bundleName Indicates the name of the bundle to check. 40 * @param permission Indicates the permission to check. 41 * @param userId Indicates the userId of the bundle. 42 * @return Returns 0 if the bundle has the permission; returns -1 otherwise. 43 */ 44 static int32_t VerifyPermission(const std::string &bundleName, const std::string &permissionName, 45 const int32_t userId); 46 /** 47 * @brief Obtains detailed information about a specified permission. 48 * @param permissionName Indicates the name of the permission. 49 * @param permissionDef Indicates the object containing detailed information about the given permission. 50 * @return Returns true if the PermissionDef object is successfully obtained; returns false otherwise. 51 */ 52 static ErrCode GetPermissionDef(const std::string &permissionName, PermissionDef &permissionDef); 53 /** 54 * @brief Requests a certain permission from user. 55 * @param bundleName Indicates the name of the bundle. 56 * @param permission Indicates the permission to request. 57 * @param userId Indicates the userId of the bundle. 58 * @return Returns true if the permission request successfully; returns false otherwise. 59 */ 60 static bool RequestPermissionFromUser( 61 const std::string &bundleName, const std::string &permissionName, const int32_t userId); 62 63 static int32_t InitHapToken(const InnerBundleInfo &innerBundleInfo, const int32_t userId, 64 const int32_t dlpType, Security::AccessToken::AccessTokenIDEx& tokenIdeEx); 65 66 static int32_t UpdateHapToken( 67 Security::AccessToken::AccessTokenIDEx& tokenIdeEx, const InnerBundleInfo &innerBundleInfo); 68 69 static int32_t DeleteAccessTokenId(const Security::AccessToken::AccessTokenID tokenId); 70 71 static bool GetRequestPermissionStates(BundleInfo &bundleInfo, uint32_t tokenId, const std::string deviceId); 72 73 static int32_t ClearUserGrantedPermissionState(const Security::AccessToken::AccessTokenID tokenId); 74 75 static bool GetAllReqPermissionStateFull(Security::AccessToken::AccessTokenID tokenId, 76 std::vector<Security::AccessToken::PermissionStateFull> &newPermissionState); 77 78 static bool VerifySystemApp(int32_t beginApiVersion = Constants::INVALID_API_VERSION); 79 80 static bool IsSystemApp(); 81 82 static int32_t GetHapApiVersion(); 83 84 static bool IsNativeTokenType(); 85 86 static bool IsShellTokenType(); 87 88 static bool VerifyCallingUid(); 89 90 static bool VerifyPreload(const AAFwk::Want &want); 91 92 static bool VerifyCallingPermissionForAll(const std::string &permissionName); 93 94 static bool VerifyCallingPermissionsForAll(const std::vector<std::string> &permissionNames); 95 96 static bool IsSelfCalling(); 97 98 static bool VerifyUninstallPermission(); 99 100 static bool VerifyRecoverPermission(); 101 102 static void AddPermissionUsedRecord(const std::string &permission, int32_t successCount, int32_t failCount); 103 104 static bool IsBundleSelfCalling(const std::string &bundleName); 105 106 // for old api 107 static bool VerifyCallingBundleSdkVersion(int32_t beginApiVersion = Constants::INVALID_API_VERSION); 108 109 static bool IsCallingUidValid(int32_t uid); 110 111 private: 112 static std::vector<Security::AccessToken::PermissionDef> GetPermissionDefList( 113 const InnerBundleInfo &innerBundleInfo); 114 115 static std::vector<Security::AccessToken::PermissionStateFull> GetPermissionStateFullList( 116 const InnerBundleInfo &innerBundleInfo); 117 118 static Security::AccessToken::ATokenAplEnum GetTokenApl(const std::string &apl); 119 120 static Security::AccessToken::HapPolicyParams CreateHapPolicyParam(const InnerBundleInfo &innerBundleInfo); 121 122 static Security::AccessToken::HapInfoParams CreateHapInfoParams(const InnerBundleInfo &innerBundleInfo, 123 const int32_t userId, const int32_t dlpType); 124 125 static void ConvertPermissionDef(const Security::AccessToken::PermissionDef &permDef, 126 PermissionDef &permissionDef); 127 static void ConvertPermissionDef( 128 Security::AccessToken::PermissionDef &permDef, const DefinePermission &defPermission, 129 const std::string &bundleName); 130 131 static Security::AccessToken::ATokenAvailableTypeEnum GetAvailableType(const std::string &availableType); 132 133 static bool GetDefaultPermission(const std::string &bundleName, DefaultPermission &permission); 134 135 static bool MatchSignature(const DefaultPermission &permission, const std::vector<std::string> &signatures); 136 137 static bool MatchSignature(const DefaultPermission &permission, const std::string &signature); 138 139 static bool CheckPermissionInDefaultPermissions(const DefaultPermission &defaultPermission, 140 const std::string &permissionName, bool &userCancellable); 141 142 static std::map<std::string, DefaultPermission> defaultPermissions_; 143 }; 144 } // namespace AppExecFwk 145 } // namespace OHOS 146 #endif // FOUNDATION_APPEXECFWK_SERVICES_BUNDLEMGR_INCLUDE_BUNDLE_PERMISSION_MGR_H