• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #include "dlp_permission_set_parser.h"
16 
17 #include <fcntl.h>
18 #include <memory>
19 #include <sys/stat.h>
20 #include <sys/types.h>
21 #include <unistd.h>
22 
23 #include "accesstoken_log.h"
24 #include "data_validator.h"
25 #include "dlp_permission_set_manager.h"
26 #include "securec.h"
27 
28 namespace OHOS {
29 namespace Security {
30 namespace AccessToken {
31 namespace {
32 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "DlpPermissionSetParser"};
33 }
34 
35 // nlohmann json need the function named from_json to parse
from_json(const nlohmann::json & j,PermissionDlpMode & p)36 void from_json(const nlohmann::json& j, PermissionDlpMode& p)
37 {
38     if (j.find("name") == j.end() || (!j.at("name").is_string())) {
39         return;
40     }
41     p.permissionName = j.at("name").get<std::string>();
42     if (!DataValidator::IsProcessNameValid(p.permissionName)) {
43         return;
44     }
45 
46     if (j.find("dlpGrantRange") == j.end() || (!j.at("dlpGrantRange").is_string())) {
47         return;
48     }
49     std::string dlpModeStr = j.at("dlpGrantRange").get<std::string>();
50     if (dlpModeStr == "all") {
51         p.dlpMode = DLP_PERM_ALL;
52         return;
53     }
54     if (dlpModeStr == "full_control") {
55         p.dlpMode = DLP_PERM_FULL_CONTROL;
56         return;
57     }
58     p.dlpMode = DLP_PERM_NONE;
59     return;
60 }
61 
ParserDlpPermsRawData(const std::string & dlpPermsRawData,std::vector<PermissionDlpMode> & dlpPerms)62 int32_t DlpPermissionSetParser::ParserDlpPermsRawData(const std::string& dlpPermsRawData,
63     std::vector<PermissionDlpMode>& dlpPerms)
64 {
65     nlohmann::json jsonRes = nlohmann::json::parse(dlpPermsRawData, nullptr, false);
66     if (jsonRes.is_discarded()) {
67         ACCESSTOKEN_LOG_ERROR(LABEL, "jsonRes is invalid.");
68         return RET_FAILED;
69     }
70 
71     if ((jsonRes.find("dlpPermissions") != jsonRes.end()) && (jsonRes.at("dlpPermissions").is_array())) {
72         nlohmann::json dlpPermTokenJson = jsonRes.at("dlpPermissions").get<nlohmann::json>();
73         dlpPerms = dlpPermTokenJson.get<std::vector<PermissionDlpMode>>();
74     }
75 
76     return RET_SUCCESS;
77 }
78 
ReadCfgFile(std::string & dlpPermsRawData)79 int32_t DlpPermissionSetParser::ReadCfgFile(std::string& dlpPermsRawData)
80 {
81     int32_t fd = open(CLONE_PERMISSION_CONFIG_FILE.c_str(), O_RDONLY);
82     if (fd < 0) {
83         ACCESSTOKEN_LOG_ERROR(LABEL, "open failed errno %{public}d.", errno);
84         return RET_FAILED;
85     }
86     struct stat statBuffer;
87 
88     if (fstat(fd, &statBuffer) != 0) {
89         ACCESSTOKEN_LOG_ERROR(LABEL, "fstat failed errno %{public}d.", errno);
90         close(fd);
91         return RET_FAILED;
92     }
93 
94     if (statBuffer.st_size == 0) {
95         ACCESSTOKEN_LOG_ERROR(LABEL, "config file size is 0.");
96         close(fd);
97         return RET_FAILED;
98     }
99     if (statBuffer.st_size > MAX_CLONE_PERMISSION_CONFIG_FILE_SIZE) {
100         ACCESSTOKEN_LOG_ERROR(LABEL, "config file size is too large.");
101         close(fd);
102         return RET_FAILED;
103     }
104     dlpPermsRawData.reserve(statBuffer.st_size);
105 
106     char buff[MAX_BUFFER_SIZE] = { 0 };
107     ssize_t readLen = 0;
108     while ((readLen = read(fd, buff, MAX_BUFFER_SIZE)) > 0) {
109         dlpPermsRawData.append(buff, readLen);
110     }
111     close(fd);
112 
113     if (readLen == 0) {
114         return RET_SUCCESS;
115     }
116     return RET_FAILED;
117 }
118 
Init()119 int32_t DlpPermissionSetParser::Init()
120 {
121     if (ready_) {
122         ACCESSTOKEN_LOG_ERROR(LABEL, "dlp permission has been set.");
123         return RET_SUCCESS;
124     }
125 
126     std::string dlpPermsRawData;
127     int32_t ret = ReadCfgFile(dlpPermsRawData);
128     if (ret != RET_SUCCESS) {
129         ACCESSTOKEN_LOG_ERROR(LABEL, "readCfgFile failed.");
130         return RET_FAILED;
131     }
132     std::vector<PermissionDlpMode> dlpPerms;
133     ret = ParserDlpPermsRawData(dlpPermsRawData, dlpPerms);
134     if (ret != RET_SUCCESS) {
135         ACCESSTOKEN_LOG_ERROR(LABEL, "ParserDlpPermsRawData failed.");
136         return RET_FAILED;
137     }
138     DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPerms);
139 
140     ready_ = true;
141     ACCESSTOKEN_LOG_INFO(LABEL, "init ok.");
142     return RET_SUCCESS;
143 }
144 
GetInstance()145 DlpPermissionSetParser& DlpPermissionSetParser::GetInstance()
146 {
147     static DlpPermissionSetParser instance;
148     return instance;
149 }
150 } // namespace AccessToken
151 } // namespace Security
152 } // namespace OHOS
153