1 /* 2 * Copyright (c) 2021 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef OHOS_SECURITY_H 17 #define OHOS_SECURITY_H 18 #include <concurrent_map.h> 19 #include <string> 20 #include <task_scheduler.h> 21 #include "app_device_change_listener.h" 22 #include "iprocess_system_api_adapter.h" 23 #include "kv_store_delegate_manager.h" 24 #include "sensitive.h" 25 #include "visibility.h" 26 27 namespace OHOS::DistributedKv { 28 class Security 29 : public DistributedDB::IProcessSystemApiAdapter, 30 public AppDistributedKv::AppDeviceChangeListener { 31 public: 32 using DBStatus = DistributedDB::DBStatus; 33 using OnAccessControlledEvent = DistributedDB::OnAccessControlledEvent; 34 using SecurityOption = DistributedDB::SecurityOption; 35 Security(); 36 ~Security() override; 37 static bool IsSupportSecurity(); 38 39 DBStatus RegOnAccessControlledEvent(const OnAccessControlledEvent &callback) override; 40 41 // Check is the access of this device in locked state 42 bool IsAccessControlled() const override; 43 44 // Set the SecurityOption to the targe filepath. 45 // If the filePath is a directory, the function would not effective. 46 DBStatus SetSecurityOption(const std::string &filePath, const SecurityOption &option) override; 47 48 // Get the SecurityOption of the targe filepath. 49 DBStatus GetSecurityOption(const std::string &filePath, SecurityOption &option) const override; 50 51 // Check if the target device can save the data at the give sensitive class. 52 bool CheckDeviceSecurityAbility(const std::string &deviceId, const SecurityOption &option) const override; 53 54 void OnDeviceChanged(const AppDistributedKv::DeviceInfo &info, 55 const AppDistributedKv::DeviceChangeType &type) const override; 56 57 AppDistributedKv::ChangeLevelType GetChangeLevelType() const override; 58 59 private: 60 enum { 61 NO_PWD = -1, 62 UNLOCK, 63 LOCKED, 64 UNINITIALIZED, 65 }; 66 static const std::string LABEL_VALUES[DistributedDB::S4 + 1]; 67 static const std::string Convert2Name(const SecurityOption &option); 68 static int Convert2Security(const std::string &name); 69 bool IsExits(const std::string &file) const; 70 Sensitive GetSensitiveByUuid(const std::string &uuid) const; 71 bool EraseSensitiveByUuid(const std::string &uuid) const; 72 bool IsXattrValueValid(const std::string& value) const; 73 int32_t GetCurrentUserStatus() const; 74 DBStatus SetFileSecurityOption(const std::string &filePath, const SecurityOption &option); 75 DBStatus SetDirSecurityOption(const std::string &filePath, const SecurityOption &option); 76 DBStatus GetFileSecurityOption(const std::string &filePath, SecurityOption &option) const; 77 DBStatus GetDirSecurityOption(const std::string &filePath, SecurityOption &option) const; 78 79 mutable TaskScheduler taskScheduler_; 80 mutable ConcurrentMap<std::string, Sensitive> devicesUdid_; 81 }; 82 } // namespace OHOS::DistributedKv 83 84 #endif // OHOS_SECURITY_H 85