1 /* 2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 /** 17 * @addtogroup AccessToken 18 * @{ 19 * 20 * @brief Provides permission management interfaces. 21 * 22 * Provides tokenID-based application permission verification mechanism. 23 * When an application accesses sensitive data or APIs, this module can check 24 * whether the application has the corresponding permission. Allows applications 25 * to query their access token information or APL levcels based on token IDs. 26 * 27 * @since 7.0 28 * @version 7.0 29 */ 30 31 /** 32 * @file access_token.h 33 * 34 * @brief Declares typedefs, enums and const values. 35 * 36 * @since 7.0 37 * @version 7.0 38 */ 39 40 #ifndef ACCESS_TOKEN_H 41 #define ACCESS_TOKEN_H 42 43 #include <string> 44 45 namespace OHOS { 46 namespace Security { 47 namespace AccessToken { 48 typedef unsigned int AccessTokenID; 49 typedef uint64_t FullTokenID; 50 typedef unsigned int AccessTokenAttr; 51 static const int DEFAULT_TOKEN_VERSION = 1; 52 static const AccessTokenID INVALID_TOKENID = 0; 53 54 /** 55 * @brief Access token kit return code 56 */ 57 enum AccessTokenKitRet { 58 RET_FAILED = -1, 59 RET_SUCCESS = 0, 60 }; 61 62 /** 63 * @brief AccessTokenID 32 bits map 64 */ 65 typedef struct { 66 unsigned int tokenUniqueID : 20; 67 /** reserved, default 00000 */ 68 unsigned int res : 5; 69 /** renderflag, default 0 */ 70 unsigned int renderFlag : 1; 71 unsigned int dlpFlag : 1; 72 /** 73 * token type, for details about the valid values, 74 * see the definition of ATokenTypeEnum in the access_token.h file. 75 */ 76 unsigned int type : 2; 77 /** version, default 001 */ 78 unsigned int version : 3; 79 } AccessTokenIDInner; 80 81 /** 82 * @brief Token id type 83 */ 84 typedef enum TypeATokenTypeEnum { 85 TOKEN_INVALID = -1, 86 TOKEN_HAP = 0, 87 TOKEN_NATIVE, 88 TOKEN_SHELL, 89 TOKEN_TYPE_BUTT, 90 } ATokenTypeEnum; 91 92 /** 93 * @brief Apl level 94 */ 95 typedef enum TypeATokenAplEnum { 96 APL_INVALID = 0, 97 APL_NORMAL = 1, 98 APL_SYSTEM_BASIC = 2, 99 APL_SYSTEM_CORE = 3, 100 } ATokenAplEnum; 101 102 /** 103 * @brief Token id full definition 104 */ 105 typedef union { 106 unsigned long long tokenIDEx; 107 struct { 108 AccessTokenID tokenID; 109 /** tokenID attribute */ 110 AccessTokenAttr tokenAttr; 111 } tokenIdExStruct; 112 } AccessTokenIDEx; 113 114 /** 115 * @brief Permission states 116 */ 117 typedef enum TypePermissionState { 118 PERMISSION_DENIED = -1, 119 PERMISSION_GRANTED = 0, 120 } PermissionState; 121 122 /** 123 * @brief Permission grant mode 124 */ 125 typedef enum TypeGrantMode { 126 /** user grant the permisson by dynamic pop-up window */ 127 USER_GRANT = 0, 128 /** 129 * system grant the permission automated when 130 * the permission is decleared and app is installed 131 */ 132 SYSTEM_GRANT = 1, 133 } GrantMode; 134 135 /** 136 * @brief Permission flag 137 */ 138 typedef enum TypePermissionFlag { 139 /** 140 * permission has not been set by user. 141 */ 142 PERMISSION_DEFAULT_FLAG = 0, 143 /** 144 * permission has been set by user, If the permission is not granted, 145 * a permission window is allowed to apply for permission. 146 */ 147 PERMISSION_USER_SET = 1 << 0, 148 /** 149 * permission has been set by user, If the permission is not granted, 150 * a permission window is not allowed to apply for permission. 151 */ 152 PERMISSION_USER_FIXED = 1 << 1, 153 /** 154 * permission has been set by system, 155 * the permission can be a user_grant one which is granted for pre-authorization and is non-cancellable. 156 */ 157 PERMISSION_SYSTEM_FIXED = 1 << 2, 158 /** 159 * a user_grant permission has been set by system for pre-authorization, 160 * and it is cancellable. it always works with other flags. 161 */ 162 PERMISSION_GRANTED_BY_POLICY = 1 << 3, 163 /** 164 * permission has been set by security component. 165 */ 166 PERMISSION_COMPONENT_SET = 1 << 4, 167 /* 168 * permission is fixed by policy and the permission cannot be granted or revoked by user 169 */ 170 PERMISSION_POLICY_FIXED = 1 << 5, 171 } PermissionFlag; 172 173 /** 174 * @brief Permission operate result 175 */ 176 typedef enum TypePermissionOper { 177 /** permission has been set, only can change it in settings */ 178 SETTING_OPER = -1, 179 /** operate is passed, no need to do anything */ 180 PASS_OPER = 0, 181 /** permission need dynamic pop-up windows to grant it */ 182 DYNAMIC_OPER = 1, 183 /** invalid operation, something is wrong, see in md files */ 184 INVALID_OPER = 2, 185 } PermissionOper; 186 187 /** 188 * @brief Dlp types 189 */ 190 typedef enum DlpType { 191 DLP_COMMON = 0, 192 DLP_READ = 1, 193 DLP_FULL_CONTROL = 2, 194 } HapDlpType; 195 196 /** 197 * @brief Dlp permission type 198 */ 199 typedef enum TypeDlpPerm { 200 DLP_PERM_ALL = 0, 201 DLP_PERM_FULL_CONTROL = 1, 202 DLP_PERM_NONE = 2, 203 } DlpPermMode; 204 } // namespace AccessToken 205 } // namespace Security 206 } // namespace OHOS 207 #endif // ACCESS_TOKEN_H 208