1 /* 2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef FOUNDATION_APPEXECFWK_SERVICES_BUNDLEMGR_INCLUDE_BUNDLE_PERMISSION_MGR_H 17 #define FOUNDATION_APPEXECFWK_SERVICES_BUNDLEMGR_INCLUDE_BUNDLE_PERMISSION_MGR_H 18 19 #include "accesstoken_kit.h" 20 #include "bundle_constants.h" 21 #include "default_permission.h" 22 #include "inner_bundle_info.h" 23 #include "permission_define.h" 24 25 namespace OHOS { 26 namespace AppExecFwk { 27 class BundlePermissionMgr { 28 public: 29 /** 30 * @brief Initialize BundlePermissionMgr, which is only called when the system starts. 31 * @return Returns true if successfully initialized BundlePermissionMgr; returns false otherwise. 32 */ 33 static bool Init(); 34 35 static void UnInit(); 36 37 /** 38 * @brief Verify whether a specified bundle has been granted a specific permission. 39 * @param bundleName Indicates the name of the bundle to check. 40 * @param permission Indicates the permission to check. 41 * @param userId Indicates the userId of the bundle. 42 * @return Returns 0 if the bundle has the permission; returns -1 otherwise. 43 */ 44 static int32_t VerifyPermission(const std::string &bundleName, const std::string &permissionName, 45 const int32_t userId); 46 /** 47 * @brief Obtains detailed information about a specified permission. 48 * @param permissionName Indicates the name of the permission. 49 * @param permissionDef Indicates the object containing detailed information about the given permission. 50 * @return Returns true if the PermissionDef object is successfully obtained; returns false otherwise. 51 */ 52 static ErrCode GetPermissionDef(const std::string &permissionName, PermissionDef &permissionDef); 53 /** 54 * @brief Requests a certain permission from user. 55 * @param bundleName Indicates the name of the bundle. 56 * @param permission Indicates the permission to request. 57 * @param userId Indicates the userId of the bundle. 58 * @return Returns true if the permission request successfully; returns false otherwise. 59 */ 60 static bool RequestPermissionFromUser( 61 const std::string &bundleName, const std::string &permissionName, const int32_t userId); 62 63 static Security::AccessToken::AccessTokenID CreateAccessTokenId( 64 const InnerBundleInfo &innerBundleInfo, const std::string bundleName, const int32_t userId); 65 66 static Security::AccessToken::AccessTokenID CreateAccessTokenId( 67 const InnerBundleInfo &innerBundleInfo, const std::string bundleName, const int32_t userId, 68 const int32_t dlpType, const Security::AccessToken::HapPolicyParams &hapPolicy); 69 70 static bool UpdateDefineAndRequestPermissions(const Security::AccessToken::AccessTokenID tokenId, 71 const InnerBundleInfo &oldInfo, const InnerBundleInfo &newInfo, std::vector<std::string> &newRequestPermName); 72 73 static bool AddDefineAndRequestPermissions(const Security::AccessToken::AccessTokenID tokenId, 74 const InnerBundleInfo &innerBundleInfo, std::vector<std::string> &newRequestPermName); 75 76 static int32_t DeleteAccessTokenId(const Security::AccessToken::AccessTokenID tokenId); 77 78 static bool GrantRequestPermissions(const InnerBundleInfo &innerBundleInfo, 79 const Security::AccessToken::AccessTokenID tokenId); 80 81 static bool GrantRequestPermissions(const InnerBundleInfo &innerBundleInfo, 82 const std::vector<std::string> &requestPermName, 83 const Security::AccessToken::AccessTokenID tokenId); 84 85 static bool GetRequestPermissionStates(BundleInfo &bundleInfo, uint32_t tokenId, const std::string deviceId); 86 87 static int32_t ClearUserGrantedPermissionState(const Security::AccessToken::AccessTokenID tokenId); 88 89 static bool VerifyCallingPermission(const std::string &permissionName); 90 91 static Security::AccessToken::HapPolicyParams CreateHapPolicyParam(const InnerBundleInfo &innerBundleInfo, 92 const std::vector<Security::AccessToken::PermissionStateFull> &permissions); 93 94 static bool GetAllReqPermissionStateFull(Security::AccessToken::AccessTokenID tokenId, 95 std::vector<Security::AccessToken::PermissionStateFull> &newPermissionState); 96 97 static bool VerifySystemApp(int32_t beginApiVersion = Constants::INVALID_API_VERSION); 98 99 static bool VerifySystemAppForHap(int32_t beginSystemApiVersion = Constants::INVALID_API_VERSION); 100 101 static bool IsNativeTokenType(); 102 103 static bool VerifyCallingUid(); 104 105 static bool VerifyPreload(const AAFwk::Want &want); 106 107 private: 108 static std::vector<Security::AccessToken::PermissionDef> GetPermissionDefList( 109 const InnerBundleInfo &innerBundleInfo); 110 111 static std::vector<Security::AccessToken::PermissionStateFull> GetPermissionStateFullList( 112 const InnerBundleInfo &innerBundleInfo); 113 114 static bool CheckGrantPermission(const Security::AccessToken::PermissionDef &permDef, 115 const std::string &apl, 116 const std::vector<std::string> &acls); 117 118 static bool GetNewPermissionDefList(Security::AccessToken::AccessTokenID tokenId, 119 const std::vector<Security::AccessToken::PermissionDef> &permissionDef, 120 std::vector<Security::AccessToken::PermissionDef> &newPermission); 121 122 static bool GetNewPermissionStateFull(Security::AccessToken::AccessTokenID tokenId, 123 const std::vector<Security::AccessToken::PermissionStateFull> &permissionState, 124 std::vector<Security::AccessToken::PermissionStateFull> &newPermissionState, 125 std::vector<std::string> &newRequestPermName); 126 127 static bool InnerGrantRequestPermissions(Security::AccessToken::AccessTokenID tokenId, 128 const std::vector<RequestPermission> &reqPermissions, 129 const InnerBundleInfo &innerBundleInfo); 130 131 static Security::AccessToken::ATokenAplEnum GetTokenApl(const std::string &apl); 132 133 static Security::AccessToken::HapPolicyParams CreateHapPolicyParam(const InnerBundleInfo &innerBundleInfo); 134 135 static void ConvertPermissionDef(const Security::AccessToken::PermissionDef &permDef, 136 PermissionDef &permissionDef); 137 static void ConvertPermissionDef( 138 Security::AccessToken::PermissionDef &permDef, const DefinePermission &defPermission, 139 const std::string &bundleName); 140 141 static std::vector<std::string> GetNeedDeleteDefinePermissionName(const InnerBundleInfo &oldInfo, 142 const InnerBundleInfo &newInfo); 143 144 static std::vector<std::string> GetNeedDeleteRequestPermissionName(const InnerBundleInfo &oldInfo, 145 const InnerBundleInfo &newInfo); 146 147 static bool GetDefaultPermission(const std::string &bundleName, DefaultPermission &permission); 148 149 static bool MatchSignature(const DefaultPermission &permission, const std::string &signature); 150 151 static bool CheckPermissionInDefaultPermissions(const DefaultPermission &defaultPermission, 152 const std::string &permissionName, bool &userCancellable); 153 154 static bool GrantPermission(const Security::AccessToken::AccessTokenID tokenId, 155 const std::string &permissionName, const Security::AccessToken::PermissionFlag flag, 156 const std::string &bundleName); 157 158 static std::map<std::string, DefaultPermission> defaultPermissions_; 159 }; 160 } // namespace AppExecFwk 161 } // namespace OHOS 162 #endif // FOUNDATION_APPEXECFWK_SERVICES_BUNDLEMGR_INCLUDE_BUNDLE_PERMISSION_MGR_H