1 /*
2  * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 /**
17  * @addtogroup AccessToken
18  * @{
19  *
20  * @brief Provides permission management interfaces.
21  *
22  * Provides tokenID-based application permission verification mechanism.
23  * When an application accesses sensitive data or APIs, this module can check
24  * whether the application has the corresponding permission. Allows applications
25  * to query their access token information or APL levcels based on token IDs.
26  *
27  * @since 7.0
28  * @version 7.0
29  */
30 
31 /**
32  * @file access_token.h
33  *
34  * @brief Declares typedefs, enums and const values.
35  *
36  * @since 7.0
37  * @version 7.0
38  */
39 
40 #ifndef ACCESS_TOKEN_H
41 #define ACCESS_TOKEN_H
42 
43 #include <string>
44 
45 namespace OHOS {
46 namespace Security {
47 namespace AccessToken {
48 typedef unsigned int AccessTokenID;
49 typedef uint64_t FullTokenID;
50 typedef unsigned int AccessTokenAttr;
51 static const int DEFAULT_TOKEN_VERSION = 1;
52 static const AccessTokenID INVALID_TOKENID = 0;
53 
54 /**
55  * @brief visit type
56  */
57 enum class PermUsedTypeEnum {
58     /** invalid type */
59     INVALID_USED_TYPE = -1,
60     /** normal type for permision request */
61     NORMAL_TYPE,
62     /** picker type for permision request */
63     PICKER_TYPE,
64     /** security component type for permision request */
65     SEC_COMPONENT_TYPE,
66     /** bottom of type for no use */
67     PERM_USED_TYPE_BUTT,
68 };
69 
70 /**
71  * @brief Access token kit return code
72  */
73 enum AccessTokenKitRet {
74     RET_FAILED = -1,
75     RET_SUCCESS = 0,
76 };
77 
78 /**
79  * @brief AccessTokenID 32 bits map
80  */
81 typedef struct {
82     unsigned int tokenUniqueID : 20;
83     /** reserved, default 00000 */
84     unsigned int res : 4;
85     unsigned int cloneFlag : 1;
86     /** renderflag, default 0 */
87     unsigned int renderFlag : 1;
88     unsigned int dlpFlag : 1;
89     /**
90      * token type, for details about the valid values,
91      * see the definition of ATokenTypeEnum in the access_token.h file.
92      */
93     unsigned int type : 2;
94     /** version, default 001 */
95     unsigned int version : 3;
96 } AccessTokenIDInner;
97 
98 /**
99  * @brief Token id type
100  */
101 typedef enum TypeATokenTypeEnum {
102     TOKEN_INVALID = -1,
103     TOKEN_HAP = 0,
104     TOKEN_NATIVE,
105     TOKEN_SHELL,
106     TOKEN_TYPE_BUTT,
107 } ATokenTypeEnum;
108 
109 /**
110  * @brief Apl level
111  */
112 typedef enum TypeATokenAplEnum {
113     APL_INVALID = 0,
114     APL_NORMAL = 1,
115     APL_SYSTEM_BASIC = 2,
116     APL_SYSTEM_CORE = 3,
117 } ATokenAplEnum;
118 
119 /**
120  * @brief AvailableType
121  */
122 typedef enum TypeATokenAvailableTypeEnum {
123     INVALID = -1,
124     NORMAL = 0,
125     SYSTEM,
126     MDM,
127     SYSTEM_AND_MDM,
128     SERVICE,
129     AVAILABLE_TYPE_BUTT,
130 } ATokenAvailableTypeEnum;
131 
132 /**
133  * @brief Token id full definition
134  */
135 typedef union {
136     unsigned long long tokenIDEx;
137     struct {
138         AccessTokenID tokenID;
139         /** tokenID attribute */
140         AccessTokenAttr tokenAttr;
141     } tokenIdExStruct;
142 } AccessTokenIDEx;
143 
144 /**
145  * @brief Permission request toggle status
146  */
147 typedef enum TypePermissionRequestToggleStatus {
148     CLOSED = 0,
149     OPEN = 1,
150 } PermissionRequestToggleStatus;
151 
152 /**
153  * @brief Permission states
154  */
155 typedef enum TypePermissionState {
156     PERMISSION_DENIED = -1,
157     PERMISSION_GRANTED = 0,
158 } PermissionState;
159 
160 /**
161  * @brief Permission grant mode
162  */
163 typedef enum TypeGrantMode {
164     /** user grant the permisson by dynamic pop-up window */
165     USER_GRANT = 0,
166     /**
167      * system grant the permission automated when
168      * the permission is decleared and app is installed
169      */
170     SYSTEM_GRANT = 1,
171 } GrantMode;
172 
173 /**
174  * @brief Permission flag
175  */
176 typedef enum TypePermissionFlag {
177     /**
178      * permission has not been set by user.
179      */
180     PERMISSION_DEFAULT_FLAG = 0,
181     /**
182      * permission has been set by user, If the permission is not granted,
183      * a permission window is allowed to apply for permission.
184      */
185     PERMISSION_USER_SET = 1 << 0,
186     /**
187      * permission has been set by user, If the permission is not granted,
188      * a permission window is not allowed to apply for permission.
189      */
190     PERMISSION_USER_FIXED = 1 << 1,
191     /**
192      * permission has been set by system,
193      * the permission can be a user_grant one which is granted for pre-authorization and is non-cancellable.
194      */
195     PERMISSION_SYSTEM_FIXED = 1 << 2,
196     /**
197      * a user_grant permission has been set by system for pre-authorization,
198      * and it is cancellable. it always works with other flags.
199      */
200     PERMISSION_GRANTED_BY_POLICY = 1 << 3,
201     /**
202      * permission has been set by security component.
203      */
204     PERMISSION_COMPONENT_SET = 1 << 4,
205     /*
206      * permission is fixed by policy and the permission cannot be granted or revoked by user
207      */
208     PERMISSION_POLICY_FIXED = 1 << 5,
209     /*
210      * permission is only allowed during the current lifecycle foreground period
211      */
212     PERMISSION_ALLOW_THIS_TIME = 1 << 6,
213 } PermissionFlag;
214 
215 /**
216  * @brief Permission operate result
217  */
218 typedef enum TypePermissionOper {
219     /** permission has been set, only can change it in settings */
220     SETTING_OPER = -1,
221     /** operate is passed, no need to do anything */
222     PASS_OPER = 0,
223     /** permission need dynamic pop-up windows to grant it */
224     DYNAMIC_OPER = 1,
225     /** invalid operation, something is wrong, see in md files */
226     INVALID_OPER = 2,
227     /** operate is forbidden */
228     FORBIDDEN_OPER = 3,
229     /** buttom of permission oper */
230     BUTT_OPER,
231 } PermissionOper;
232 
233 /**
234  * @brief Dlp types
235  */
236 typedef enum DlpType {
237     DLP_COMMON = 0,
238     DLP_READ = 1,
239     DLP_FULL_CONTROL = 2,
240     BUTT_DLP_TYPE,
241 } HapDlpType;
242 
243 /**
244  * @brief Dlp permission type
245  */
246 typedef enum TypeDlpPerm {
247     DLP_PERM_ALL = 0,
248     DLP_PERM_FULL_CONTROL = 1,
249     DLP_PERM_NONE = 2,
250 } DlpPermMode;
251 
252 /**
253  * @brief Atm tools operate type
254  */
255 typedef enum TypeOptType {
256     /** default */
257     DEFAULT_OPER = 0,
258     /** dump hap or native token info */
259     DUMP_TOKEN,
260     /** dump permission used records */
261     DUMP_RECORD,
262     /** dump permission used types */
263     DUMP_TYPE,
264     /** dump permission definition info */
265     DUMP_PERM,
266     /** grant permission */
267     PERM_GRANT,
268     /** revoke permission */
269     PERM_REVOKE,
270     /** set toggle status */
271     TOGGLE_SET,
272     /** get toggle status */
273     TOGGLE_GET,
274 } OptType;
275 } // namespace AccessToken
276 } // namespace Security
277 } // namespace OHOS
278 #endif // ACCESS_TOKEN_H
279