1 /* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef FRAMEWORKS_COMMON_INCLUDE_DLP_POLICY__H 17 #define FRAMEWORKS_COMMON_INCLUDE_DLP_POLICY__H 18 19 #include <string> 20 #include <vector> 21 22 namespace OHOS { 23 namespace Security { 24 namespace DlpPermission { 25 static const uint32_t DLP_MAX_CERT_SIZE = 1024 * 1024; // 1M 26 static const uint32_t DLP_MAX_EXTRA_INFO_LEN = 100 * 1024; // 100K 27 28 #define DLP_CERT_UPDATED 0xff56 29 30 enum DlpAccountType : uint32_t { 31 INVALID_ACCOUNT = 0, 32 CLOUD_ACCOUNT = 1, 33 DOMAIN_ACCOUNT = 2, 34 APPLICATION_ACCOUNT = 3, 35 }; 36 37 enum DLPFileAccess : uint32_t { 38 NO_PERMISSION = 0, 39 READ_ONLY = 1, 40 CONTENT_EDIT = 2, 41 FULL_CONTROL = 3, 42 }; 43 44 enum GatheringPolicyType : uint32_t { 45 GATHERING = 1, 46 NON_GATHERING = 2 47 }; 48 49 enum class DlpAuthType : uint32_t { 50 ONLINE_AUTH_ONLY = 0, 51 ONLINE_AUTH_FOR_OFFLINE_CERT = 1, 52 OFFLINE_AUTH_ONLY = 2, 53 }; 54 55 enum ActionFlags : uint32_t { 56 ACTION_INVALID = 0, 57 ACTION_VIEW = 1, 58 ACTION_SAVE = 1 << 1, 59 ACTION_SAVE_AS = 1 << 2, 60 ACTION_EDIT = 1 << 3, 61 ACTION_SCREEN_CAPTURE = 1 << 4, 62 ACTION_SCREEN_SHARE = 1 << 5, 63 ACTION_SCREEN_RECORD = 1 << 6, 64 ACTION_COPY = 1 << 7, 65 ACTION_PRINT = 1 << 8, 66 ACTION_EXPORT = 1 << 9, 67 ACTION_PERMISSION_CHANGE = 1 << 10 68 }; 69 70 typedef struct DLPPermissionInfo { 71 DLPFileAccess dlpFileAccess = NO_PERMISSION; 72 ActionFlags flags = ACTION_INVALID; 73 } DLPPermissionInfo; 74 75 typedef struct AuthUserInfo { 76 std::string authAccount; 77 DLPFileAccess authPerm = NO_PERMISSION; 78 uint64_t permExpiryTime = 0; 79 DlpAccountType authAccountType = INVALID_ACCOUNT; 80 } AuthUserInfo; 81 82 typedef struct SandboxInfo { 83 int32_t appIndex = -1; 84 uint32_t tokenId = 0; 85 } SandboxInfo; 86 87 struct DlpProperty { 88 std::string ownerAccount; 89 std::string ownerAccountId; 90 std::vector<AuthUserInfo> authUsers; 91 std::string contactAccount; 92 DlpAccountType ownerAccountType = INVALID_ACCOUNT; 93 bool offlineAccess = false; 94 bool supportEveryone = false; 95 DLPFileAccess everyonePerm = NO_PERMISSION; 96 }; 97 98 typedef enum SandBoxExternalAuthorType { 99 DENY_START_ABILITY, 100 ALLOW_START_ABILITY, 101 } SandBoxExternalAuthorType; 102 103 class PermissionPolicy final { 104 public: 105 PermissionPolicy(); 106 PermissionPolicy(const DlpProperty& property); 107 ~PermissionPolicy(); 108 void CopyPermissionPolicy(const PermissionPolicy& srcPolicy); 109 void FreePermissionPolicyMem(); 110 111 bool IsValid() const; 112 void SetAeskey(const uint8_t* key, uint32_t keyLen); 113 uint8_t* GetAeskey() const; 114 uint32_t GetAeskeyLen() const; 115 void SetIv(const uint8_t* iv, uint32_t ivLen); 116 uint8_t* GetIv() const; 117 uint32_t GetIvLen() const; 118 119 std::string ownerAccount_; 120 std::string ownerAccountId_; 121 DlpAccountType ownerAccountType_; 122 std::vector<AuthUserInfo> authUsers_; 123 bool supportEveryone_ = false; 124 DLPFileAccess everyonePerm_ = NO_PERMISSION; 125 126 private: 127 uint8_t* aeskey_; 128 uint32_t aeskeyLen_; 129 uint8_t* iv_; 130 uint32_t ivLen_; 131 }; 132 133 void FreeCharBuffer(char* buff, uint32_t buffLen); 134 bool CheckAccountType(DlpAccountType accountType); 135 bool CheckAesParamLen(uint32_t len); 136 } // namespace DlpPermission 137 } // namespace Security 138 } // namespace OHOS 139 #endif // FRAMEWORKS_COMMON_INCLUDE_DLP_POLICY__H 140