1 /*
2  * Copyright (c) 2021 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef OHOS_SECURITY_H
17 #define OHOS_SECURITY_H
18 #include <concurrent_map.h>
19 #include <string>
20 
21 #include "app_device_change_listener.h"
22 #include "executor_pool.h"
23 #include "iprocess_system_api_adapter.h"
24 #include "kv_store_delegate_manager.h"
25 #include "sensitive.h"
26 #include "visibility.h"
27 
28 namespace OHOS::DistributedKv {
29 class Security
30     : public DistributedDB::IProcessSystemApiAdapter,
31       public AppDistributedKv::AppDeviceChangeListener {
32 public:
33     using DBStatus = DistributedDB::DBStatus;
34     using OnAccessControlledEvent = DistributedDB::OnAccessControlledEvent;
35     using SecurityOption = DistributedDB::SecurityOption;
36     Security();
Security(std::shared_ptr<ExecutorPool> executors)37     explicit Security(std::shared_ptr<ExecutorPool> executors) : executors_(executors) {};
38     ~Security() override;
39     static bool IsSupportSecurity();
40 
41     DBStatus RegOnAccessControlledEvent(const OnAccessControlledEvent &callback) override;
42 
43     // Check is the access of this device in locked state
44     bool IsAccessControlled() const override;
45 
46     // Set the SecurityOption to the targe filepath.
47     // If the filePath is a directory, the function would not effective.
48     DBStatus SetSecurityOption(const std::string &filePath, const SecurityOption &option) override;
49 
50     // Get the SecurityOption of the targe filepath.
51     DBStatus GetSecurityOption(const std::string &filePath, SecurityOption &option) const override;
52 
53     // Check if the target device can save the data at the give sensitive class.
54     bool CheckDeviceSecurityAbility(const std::string &deviceId, const SecurityOption &option) const override;
55 
56     void OnDeviceChanged(const AppDistributedKv::DeviceInfo &info,
57                          const AppDistributedKv::DeviceChangeType &type) const override;
58 
59     AppDistributedKv::ChangeLevelType GetChangeLevelType() const override;
60 
61     void InitLocalSecurity();
62 
63 private:
64     enum {
65         NO_PWD = -1,
66         UNLOCK,
67         LOCKED,
68         UNINITIALIZED,
69     };
70     static const std::string LABEL_VALUES[DistributedDB::S4 + 1];
71     static const std::string Convert2Name(const SecurityOption &option);
72     static int Convert2Security(const std::string &name);
73     bool IsExits(const std::string &file) const;
74     Sensitive GetSensitiveByUuid(const std::string &uuid) const;
75     bool EraseSensitiveByUuid(const std::string &uuid) const;
76     bool IsXattrValueValid(const std::string& value) const;
77     int32_t GetCurrentUserStatus() const;
78     DBStatus SetFileSecurityOption(const std::string &filePath, const SecurityOption &option);
79     DBStatus SetDirSecurityOption(const std::string &filePath, const SecurityOption &option);
80     DBStatus GetFileSecurityOption(const std::string &filePath, SecurityOption &option) const;
81     DBStatus GetDirSecurityOption(const std::string &filePath, SecurityOption &option) const;
82 
83     mutable ConcurrentMap<std::string, Sensitive> devicesUdid_;
84     std::shared_ptr<ExecutorPool> executors_;
85 };
86 } // namespace OHOS::DistributedKv
87 
88 #endif // OHOS_SECURITY_H
89