1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "permission_validator.h"
16
17 #include <set>
18
19 #include "access_token.h"
20 #include "data_validator.h"
21 #include "permission_definition_cache.h"
22
23 namespace OHOS {
24 namespace Security {
25 namespace AccessToken {
IsGrantModeValid(int grantMode)26 bool PermissionValidator::IsGrantModeValid(int grantMode)
27 {
28 return grantMode == GrantMode::SYSTEM_GRANT || grantMode == GrantMode::USER_GRANT;
29 }
30
IsGrantStatusValid(int grantStaus)31 bool PermissionValidator::IsGrantStatusValid(int grantStaus)
32 {
33 return grantStaus == PermissionState::PERMISSION_GRANTED || grantStaus == PermissionState::PERMISSION_DENIED;
34 }
35
IsPermissionFlagValid(int flag)36 bool PermissionValidator::IsPermissionFlagValid(int flag)
37 {
38 return DataValidator::IsPermissionFlagValid(flag);
39 }
40
IsPermissionNameValid(const std::string & permissionName)41 bool PermissionValidator::IsPermissionNameValid(const std::string& permissionName)
42 {
43 return DataValidator::IsPermissionNameValid(permissionName);
44 }
45
IsPermissionDefValid(const PermissionDef & permDef)46 bool PermissionValidator::IsPermissionDefValid(const PermissionDef& permDef)
47 {
48 if (!DataValidator::IsLabelValid(permDef.label)) {
49 return false;
50 }
51 if (!DataValidator::IsDescValid(permDef.description)) {
52 return false;
53 }
54 if (!DataValidator::IsBundleNameValid(permDef.bundleName)) {
55 return false;
56 }
57 if (!DataValidator::IsPermissionNameValid(permDef.permissionName)) {
58 return false;
59 }
60 if (!IsGrantModeValid(permDef.grantMode)) {
61 return false;
62 }
63 return DataValidator::IsAplNumValid(permDef.availableLevel);
64 }
65
IsPermissionStateValid(const PermissionStateFull & permState)66 bool PermissionValidator::IsPermissionStateValid(const PermissionStateFull& permState)
67 {
68 if (!DataValidator::IsPermissionNameValid(permState.permissionName)) {
69 return false;
70 }
71
72 size_t resDevIdSize = permState.resDeviceID.size();
73 size_t grantStatSize = permState.grantStatus.size();
74 size_t grantFlagSize = permState.grantFlags.size();
75 if ((grantStatSize != resDevIdSize) || (grantFlagSize != resDevIdSize)) {
76 return false;
77 }
78
79 for (uint32_t i = 0; i < resDevIdSize; i++) {
80 if (!IsGrantStatusValid(permState.grantStatus[i]) ||
81 !IsPermissionFlagValid(permState.grantFlags[i])) {
82 return false;
83 }
84 }
85 return true;
86 }
87
88
FilterInvalidPermissionDef(const std::vector<PermissionDef> & permList,std::vector<PermissionDef> & result)89 void PermissionValidator::FilterInvalidPermissionDef(
90 const std::vector<PermissionDef>& permList, std::vector<PermissionDef>& result)
91 {
92 std::set<std::string> permDefSet;
93 for (auto it = permList.begin(); it != permList.end(); ++it) {
94 std::string permName = it->permissionName;
95 if (!IsPermissionDefValid(*it) || permDefSet.count(permName) != 0) {
96 continue;
97 }
98 permDefSet.insert(permName);
99 result.emplace_back(*it);
100 }
101 }
102
DeduplicateResDevID(const PermissionStateFull & permState,PermissionStateFull & result)103 void PermissionValidator::DeduplicateResDevID(const PermissionStateFull& permState, PermissionStateFull& result)
104 {
105 std::set<std::string> resDevId;
106 auto stateIter = permState.grantStatus.begin();
107 auto flagIter = permState.grantFlags.begin();
108 for (auto it = permState.resDeviceID.begin(); it != permState.resDeviceID.end(); ++it, ++stateIter, ++flagIter) {
109 if (resDevId.count(*it) != 0) {
110 continue;
111 }
112 resDevId.insert(*it);
113 result.resDeviceID.emplace_back(*it);
114 result.grantStatus.emplace_back(*stateIter);
115 result.grantFlags.emplace_back(*flagIter);
116 }
117 result.permissionName = permState.permissionName;
118 result.isGeneral = permState.isGeneral;
119 }
120
FilterInvalidPermissionState(const std::vector<PermissionStateFull> & permList,std::vector<PermissionStateFull> & result)121 void PermissionValidator::FilterInvalidPermissionState(
122 const std::vector<PermissionStateFull>& permList, std::vector<PermissionStateFull>& result)
123 {
124 std::set<std::string> permStateSet;
125 for (auto it = permList.begin(); it != permList.end(); ++it) {
126 std::string permName = it->permissionName;
127 PermissionStateFull res;
128 if (!IsPermissionStateValid(*it) || permStateSet.count(permName) != 0) {
129 continue;
130 }
131 DeduplicateResDevID(*it, res);
132 permStateSet.insert(permName);
133 result.emplace_back(res);
134 }
135 }
136 } // namespace AccessToken
137 } // namespace Security
138 } // namespace OHOS
139