• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef OHOS_ABILITY_RUNTIME_PERMISSION_VERIFICATION_H
17 #define OHOS_ABILITY_RUNTIME_PERMISSION_VERIFICATION_H
18 
19 #include "ipc_skeleton.h"
20 #include "singleton.h"
21 #include "want.h"
22 
23 namespace OHOS {
24 namespace AAFwk {
25 class PermissionVerification : public DelayedSingleton<PermissionVerification> {
26 public:
27 struct VerificationInfo {
28     bool visible = false;
29     bool isBackgroundCall = true;
30     bool associatedWakeUp = false;
31     uint32_t accessTokenId = 0;
32     int32_t apiTargetVersion = 0;
33 };
34 
35     PermissionVerification() = default;
36     ~PermissionVerification() = default;
37 
38     bool VerifyCallingPermission(const std::string &permissionName) const;
39 
40     bool IsSACall() const;
41 
42     bool IsShellCall() const;
43 
44     bool IsGatewayCall() const;
45 
46     bool CheckSpecificSystemAbilityAccessPermission() const;
47 
48     bool VerifyRunningInfoPerm() const;
49 
50     bool VerifyControllerPerm() const;
51 
52     bool VerifyDlpPermission(Want &want) const;
53 
54     int VerifyAccountPermission() const;
55 
56     bool VerifyMissionPermission() const;
57 
58     int VerifyAppStateObserverPermission() const;
59 
60     int32_t VerifyUpdateConfigurationPerm() const;
61 
62     bool VerifyInstallBundlePermission() const;
63 
64     bool VerifyGetBundleInfoPrivilegedPermission() const;
65 
66     int CheckCallDataAbilityPermission(const VerificationInfo &verificationInfo) const;
67 
68     int CheckCallServiceAbilityPermission(const VerificationInfo &verificationInfo) const;
69 
70     int CheckCallAbilityPermission(const VerificationInfo &verificationInfo) const;
71 
72     /**
73      * Check if Caller is allowed to start ServiceExtension(Stage) or DataShareExtension(Stage)
74      *
75      * @param verificationInfo, verificationInfo.
76      * @return Returns ERR_OK on check success, others on check failure.
77      */
78     int CheckCallServiceExtensionPermission(const VerificationInfo &verificationInfo) const;
79 
80     int CheckStartByCallPermission(const VerificationInfo &verificationInfo) const;
81 
82 private:
83     DISALLOW_COPY_AND_MOVE(PermissionVerification);
84 
85     constexpr static int32_t API8 = 8;
86 
87     unsigned int GetCallingTokenID() const;
88 
89     bool JudgeStartInvisibleAbility(const uint32_t accessTokenId, const bool visible) const;
90 
91     bool JudgeStartAbilityFromBackground(const bool isBackgroundCall) const;
92 
93     bool JudgeAssociatedWakeUp(const uint32_t accessTokenId, const bool associatedWakeUp) const;
94 
95     int JudgeInvisibleAndBackground(const VerificationInfo &verificationInfo) const;
96 
IsCallFromSameAccessToken(const uint32_t accessTokenId)97     inline bool IsCallFromSameAccessToken(const uint32_t accessTokenId) const
98     {
99         return IPCSkeleton::GetCallingTokenID() == accessTokenId;
100     }
101 };
102 }  // namespace AAFwk
103 }  // namespace OHOS
104 #endif // OHOS_ABILITY_RUNTIME_PERMISSION_VERIFICATION_H
105