• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2021-2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 /**
17  * @addtogroup AccessToken
18  * @{
19  *
20  * @brief Provides permission management.
21  *
22  * Provides tokenID-based application permission verification mechanism.
23  * When an application accesses sensitive data or APIs, this module can check
24  * whether the application has the corresponding permission. Allows applications
25  * to query their access token information or APL levcels based on token IDs.
26  *
27  * @since 7.0
28  * @version 7.0
29  */
30 
31 /**
32  * @file accesstoken_kit.h
33  *
34  * @brief Declares access token interfaces.
35  *
36  * @since 7.0
37  * @version 7.0
38  */
39 
40 #ifndef INTERFACES_INNER_KITS_ACCESSTOKEN_KIT_H
41 #define INTERFACES_INNER_KITS_ACCESSTOKEN_KIT_H
42 
43 #include <string>
44 #include <vector>
45 
46 #include "access_token.h"
47 #include "hap_token_info.h"
48 #include "native_token_info.h"
49 #include "permission_def.h"
50 #include "permission_list_state.h"
51 #include "permission_state_change_info.h"
52 #include "permission_state_full.h"
53 #include "perm_state_change_callback_customize.h"
54 
55 namespace OHOS {
56 namespace Security {
57 namespace AccessToken {
58 /**
59  * @brief Declares AccessTokenKit class
60  */
61 class AccessTokenKit {
62 public:
63     /**
64      * @brief Create a unique hap token by input values.
65      * @param info struct HapInfoParams quote, see hap_token_info.h
66      * @param policy struct HapPolicyParams quote, see hap_token_info.h
67      * @return union AccessTokenIDEx, see access_token.h
68      */
69     static AccessTokenIDEx AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy);
70     /**
71      * @brief Create a unique mapping token binding remote tokenID and DeviceID.
72      * @param remoteDeviceID remote device deviceID
73      * @param remoteTokenID remote device tokenID
74      * @return local tokenID which mapped by local token
75      */
76     static AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID);
77     /**
78      * @brief Update hap token info.
79      * @param tokenIdEx union AccessTokenIDEx quote, see access_token.h
80      * @param isSystemApp is system app or not
81      * @param appIDDesc app id description quote
82      * @param apiVersion app api version
83      * @param policy struct HapPolicyParams quote, see hap_token_info.h
84      * @return error code, see access_token_error.h
85      */
86     static int UpdateHapToken(AccessTokenIDEx& tokenIdEx,
87         bool isSystemApp, const std::string& appIDDesc, int32_t apiVersion, const HapPolicyParams& policy);
88     /**
89      * @brief Delete token info.
90      * @param tokenID token id
91      * @return error code, see access_token_error.h
92      */
93     static int DeleteToken(AccessTokenID tokenID);
94     /**
95      * @brief Get token type by ATM service.
96      * @param tokenID token id
97      * @return token type enum, see access_token.h
98      */
99     static ATokenTypeEnum GetTokenType(AccessTokenID tokenID);
100     /**
101      * @brief Get token type from flag in tokenId, which doesn't depend on ATM service.
102      * @param tokenID token id
103      * @return token type enum, see access_token.h
104      */
105     static ATokenTypeEnum GetTokenTypeFlag(AccessTokenID tokenID);
106     /**
107      * @brief Get token type by ATM service with uint_64 parameters.
108      * @param tokenID token id
109      * @return token type enum, see access_token.h
110      */
111     static ATokenTypeEnum GetTokenType(FullTokenID tokenID);
112     /**
113      * @brief Get token type from flag in tokenId, which doesn't depend
114      *        on ATM service, with uint_64 parameters.
115      * @param tokenID token id
116      * @return token type enum, see access_token.h
117      */
118     static ATokenTypeEnum GetTokenTypeFlag(FullTokenID tokenID);
119     /**
120      * @brief Check native token dcap by token id.
121      * @param tokenID token id
122      * @param dcap dcap to be checked
123      * @return error code, see access_token_error.h
124      */
125     static int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap);
126     /**
127      * @brief Query hap tokenID by input prarms.
128      * @param userID user id
129      * @param bundleName bundle name
130      * @param instIndex inst index
131      * @return token id if exsit or 0 if not exsit
132      */
133     static AccessTokenID GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex);
134     /**
135      * @brief Query hap token attribute by input prarms.
136      * @param userID user id
137      * @param bundleName bundle name
138      * @param instIndex inst index
139      * @return union AccessTokenIDEx, see access_token.h
140      */
141     static AccessTokenIDEx GetHapTokenIDEx(int32_t userID, const std::string& bundleName, int32_t instIndex);
142     /**
143      * @brief Get hap token info by token id.
144      * @param tokenID token id
145      * @param hapTokenInfoRes HapTokenInfo quote, as query result
146      * @return error code, see access_token_error.h
147      */
148     static int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes);
149     /**
150      * @brief Get native token info by token id.
151      * @param tokenID token id
152      * @param nativeTokenInfoRes NativeTokenInfo quote, as query result
153      * @return error code, see access_token_error.h
154      */
155     static int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes);
156     /**
157      * @brief Check if the input tokenID has been granted the input permission.
158      * @param tokenID token id
159      * @param permissionName permission to be checked
160      * @return enum PermissionState, see access_token.h
161      */
162     static int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName);
163     /**
164      * @brief Check if the input tokenID has been granted the input permission.
165      * @param callerTokenID the tokenID of caller native process or hap process
166      * @param firstTokenID the tokenID of first caller native process or hap process
167      * @param permissionName permission to be checked
168      * @return enum PermissionState, see access_token.h
169      */
170     static int VerifyAccessToken(
171         AccessTokenID callerTokenID, AccessTokenID firstTokenID, const std::string& permissionName);
172     /**
173      * @brief Get permission definition by permission name.
174      * @param permissionName permission name quote
175      * @param permissionDefResult PermissionDef quote, as query result
176      * @return error code, see access_token_error.h
177      */
178     static int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult);
179     /**
180      * @brief Get all permission definitions by token id.
181      * @param tokenID token id
182      * @param permList PermissionDef list quote, as query result
183      * @return error code, see access_token_error.h
184      */
185     static int GetDefPermissions(AccessTokenID tokenID, std::vector<PermissionDef>& permList);
186     /**
187      * @brief Get all requested permission full state by token id and grant mode.
188      * @param tokenID token id
189      * @param reqPermList PermissionStateFull list quote, as query result
190      * @param isSystemGrant grant mode
191      * @return error code, see access_token_error.h
192      */
193     static int GetReqPermissions(
194         AccessTokenID tokenID, std::vector<PermissionStateFull>& reqPermList, bool isSystemGrant);
195     /**
196      * @brief Get permission grant flag
197      * @param tokenID token id
198      * @param permissionName permission name quote
199      * @param flag the permission grant flag, as query result
200      * @return error code, see access_token_error.h
201      */
202     static int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, int& flag);
203     /**
204      * @brief Get requsted permission grant result.
205      * @param permList PermissionListState list quote, as input and query result
206      * @return enum PermissionOper, see access_token.h
207      */
208     static PermissionOper GetSelfPermissionsState(std::vector<PermissionListState>& permList);
209     /**
210      * @brief Grant input permission to input tokenID with input flag.
211      * @param tokenID token id
212      * @param permissionName permission name quote
213      * @param flag the permission grant flag
214      * @return error code, see access_token_error.h
215      */
216     static int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag);
217     /**
218      * @brief Revoke input permission to input tokenID with input flag.
219      * @param tokenID token id
220      * @param permissionName permission name quote
221      * @param flag the permission grant flag
222      * @return error code, see access_token_error.h
223      */
224     static int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag);
225     /**
226      * @brief Clear all user granted permissions state in input tokenID.
227      * @param tokenID token id
228      * @return error code, see access_token_error.h
229      */
230     static int ClearUserGrantedPermissionState(AccessTokenID tokenID);
231     /**
232      * @brief Register permission state change callback.
233      * @param callback smart point of class PermStateChangeCallbackCustomize quote
234      * @return error code, see access_token_error.h
235      */
236     static int32_t RegisterPermStateChangeCallback(
237         const std::shared_ptr<PermStateChangeCallbackCustomize>& callback);
238     /**
239      * @brief Unregister permission state change callback.
240      * @param callback smart point of class PermStateChangeCallbackCustomize quote
241      * @return error code, see access_token_error.h
242      */
243     static int32_t UnRegisterPermStateChangeCallback(const std::shared_ptr<PermStateChangeCallbackCustomize>& callback);
244     /**
245      * @brief Get current version.
246      * @return error code, see access_token_error.h
247      */
248     static int32_t GetVersion(void);
249     /**
250      * @brief Get hap dlp flag by input tokenID.
251      * @param tokenID token id
252      * @return dlp flag in tokenID bitmap, or default -1
253      */
254     static int32_t GetHapDlpFlag(AccessTokenID tokenID);
255     /**
256      * @brief Reload native token info.
257      * @return error code, see access_token_error.h
258      */
259     static int32_t ReloadNativeTokenInfo();
260     /**
261      * @brief Get tokenID by native process name.
262      * @param processName native process name
263      * @return token id of native process
264      */
265     static AccessTokenID GetNativeTokenId(const std::string& processName);
266 
267 #ifdef TOKEN_SYNC_ENABLE
268     /**
269      * @brief Get remote hap token info by remote token id.
270      * @param tokenID remote token id
271      * @param hapSync HapTokenInfoForSync quote, as query result
272      * @return error code, see access_token_error.h
273      */
274     static int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync);
275     /**
276      * @brief Get all native token infos.
277      * @param nativeTokenInfosRes NativeTokenInfoForSync list quote
278      *        as input and query result
279      * @return error code, see access_token_error.h
280      */
281     static int GetAllNativeTokenInfo(std::vector<NativeTokenInfoForSync>& nativeTokenInfosRes);
282     /**
283      * @brief Set remote hap token info with remote deviceID.
284      * @param deviceID remote deviceID
285      * @param hapSync hap token info to set
286      * @return error code, see access_token_error.h
287      */
288     static int SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync);
289     /**
290      * @brief Set remote native token info list with remote deviceID.
291      * @param deviceID remote deviceID
292      * @param nativeTokenInfoList native token info list to set
293      * @return error code, see access_token_error.h
294      */
295     static int SetRemoteNativeTokenInfo(const std::string& deviceID,
296         const std::vector<NativeTokenInfoForSync>& nativeTokenInfoList);
297     /**
298      * @brief Delete remote token by remote deviceID and remote tokenID.
299      * @param deviceID remote deviceID
300      * @param tokenID remote tokenID
301      * @return error code, see access_token_error.h
302      */
303     static int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID);
304     /**
305      * @brief Get local mapping native tokenID by remote deviceID
306      *        and remote tokenID.
307      * @param deviceID remote deviceID
308      * @param tokenID remote tokenID
309      * @return token id of mapping native tokenID
310      */
311     static AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID);
312     /**
313      * @brief Delete remote tokens by remote deviceID.
314      * @param deviceID remote deviceID
315      * @return error code, see access_token_error.h
316      */
317     static int DeleteRemoteDeviceTokens(const std::string& deviceID);
318 #endif
319     /**
320      * @brief Dump all token infos in the cache.
321      * @param tokenID token id, if tokenID is valid, only dump this token info
322      * @param dumpInfo all token info
323      */
324     static void DumpTokenInfo(AccessTokenID tokenID, std::string& dumpInfo);
325 };
326 } // namespace AccessToken
327 } // namespace Security
328 } // namespace OHOS
329 #endif
330