1 /* 2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef FOUNDATION_APPEXECFWK_SERVICES_BUNDLEMGR_INCLUDE_BUNDLE_PERMISSION_MGR_H 17 #define FOUNDATION_APPEXECFWK_SERVICES_BUNDLEMGR_INCLUDE_BUNDLE_PERMISSION_MGR_H 18 19 #include "accesstoken_kit.h" 20 #include "bundle_constants.h" 21 #include "foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_base/include/permission_def.h" 22 #include "inner_bundle_info.h" 23 24 namespace OHOS { 25 namespace AppExecFwk { 26 class BundlePermissionMgr { 27 public: 28 /** 29 * @brief Verify whether a specified bundle has been granted a specific permission. 30 * @param bundleName Indicates the name of the bundle to check. 31 * @param permission Indicates the permission to check. 32 * @param userId Indicates the userId of the bundle. 33 * @return Returns 0 if the bundle has the permission; returns -1 otherwise. 34 */ 35 static int32_t VerifyPermission(const std::string &bundleName, const std::string &permissionName, 36 const int32_t userId); 37 /** 38 * @brief Obtains detailed information about a specified permission. 39 * @param permissionName Indicates the name of the permission. 40 * @param permissionDef Indicates the object containing detailed information about the given permission. 41 * @return Returns true if the PermissionDef object is successfully obtained; returns false otherwise. 42 */ 43 static bool GetPermissionDef(const std::string &permissionName, PermissionDef &permissionDef); 44 /** 45 * @brief Requests a certain permission from user. 46 * @param bundleName Indicates the name of the bundle. 47 * @param permission Indicates the permission to request. 48 * @param userId Indicates the userId of the bundle. 49 * @return Returns true if the permission request successfully; returns false otherwise. 50 */ 51 static bool RequestPermissionFromUser( 52 const std::string &bundleName, const std::string &permissionName, const int32_t userId); 53 54 static Security::AccessToken::AccessTokenID CreateAccessTokenId( 55 const InnerBundleInfo &innerBundleInfo, const std::string bundleName, const int32_t userId); 56 57 static bool UpdateDefineAndRequestPermissions(const Security::AccessToken::AccessTokenID tokenId, 58 const InnerBundleInfo &oldInfo, const InnerBundleInfo &newInfo, std::vector<std::string> &newRequestPermName); 59 60 static bool AddDefineAndRequestPermissions(const Security::AccessToken::AccessTokenID tokenId, 61 const InnerBundleInfo &innerBundleInfo, std::vector<std::string> &newRequestPermName); 62 63 static int32_t DeleteAccessTokenId(const Security::AccessToken::AccessTokenID tokenId); 64 65 static bool GrantRequestPermissions(const InnerBundleInfo &innerBundleInfo, 66 const Security::AccessToken::AccessTokenID tokenId); 67 68 static bool GrantRequestPermissions(const InnerBundleInfo &innerBundleInfo, 69 const std::vector<std::string> &requestPermName, 70 const Security::AccessToken::AccessTokenID tokenId); 71 72 static bool GetRequestPermissionStates(BundleInfo &bundleInfo); 73 74 static int32_t ClearUserGrantedPermissionState(const Security::AccessToken::AccessTokenID tokenId); 75 76 static bool VerifyCallingPermission(const std::string &permissionName); 77 78 private: 79 static std::vector<Security::AccessToken::PermissionDef> GetPermissionDefList( 80 const InnerBundleInfo &innerBundleInfo); 81 82 static std::vector<Security::AccessToken::PermissionStateFull> GetPermissionStateFullList( 83 const InnerBundleInfo &innerBundleInfo); 84 85 static bool CheckGrantPermission(const Security::AccessToken::PermissionDef &permDef, 86 const std::string &apl, 87 const std::vector<std::string> &acls); 88 89 static bool GetNewPermissionDefList(Security::AccessToken::AccessTokenID tokenId, 90 const std::vector<Security::AccessToken::PermissionDef> &permissionDef, 91 std::vector<Security::AccessToken::PermissionDef> &newPermission); 92 93 static bool GetNewPermissionStateFull(Security::AccessToken::AccessTokenID tokenId, 94 const std::vector<Security::AccessToken::PermissionStateFull> &permissionState, 95 std::vector<Security::AccessToken::PermissionStateFull> &newPermissionState, 96 std::vector<std::string> &newRequestPermName); 97 98 static bool GetAllReqPermissionStateFull(Security::AccessToken::AccessTokenID tokenId, 99 std::vector<Security::AccessToken::PermissionStateFull> &newPermissionState); 100 101 static bool InnerGrantRequestPermissions(const std::vector<RequestPermission> &reqPermissions, 102 const std::string &apl, const std::vector<std::string> &acls, 103 const Security::AccessToken::AccessTokenID tokenId, bool isPreInstallApp = false); 104 105 static Security::AccessToken::ATokenAplEnum GetTokenApl(const std::string &apl); 106 107 static Security::AccessToken::HapPolicyParams CreateHapPolicyParam(const InnerBundleInfo &innerBundleInfo); 108 109 static void ConvertPermissionDef(const Security::AccessToken::PermissionDef &permDef, 110 PermissionDef &permissionDef); 111 static void ConvertPermissionDef( 112 Security::AccessToken::PermissionDef &permDef, const DefinePermission &defPermission, 113 const std::string &bundleName); 114 115 static std::vector<std::string> GetNeedDeleteDefinePermissionName(const InnerBundleInfo &oldInfo, 116 const InnerBundleInfo &newInfo); 117 118 static std::vector<std::string> GetNeedDeleteRequestPermissionName(const InnerBundleInfo &oldInfo, 119 const InnerBundleInfo &newInfo); 120 }; 121 } // namespace AppExecFwk 122 } // namespace OHOS 123 #endif // FOUNDATION_APPEXECFWK_SERVICES_BUNDLEMGR_INCLUDE_BUNDLE_PERMISSION_MGR_H