1 /* 2 * Copyright (c) 2021 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef OHOS_SECURITY_H 17 #define OHOS_SECURITY_H 18 #include <concurrent_map.h> 19 #include <string> 20 21 #include "app_device_change_listener.h" 22 #include "executor_pool.h" 23 #include "iprocess_system_api_adapter.h" 24 #include "kv_store_delegate_manager.h" 25 #include "sensitive.h" 26 #include "visibility.h" 27 28 namespace OHOS::DistributedKv { 29 class Security 30 : public DistributedDB::IProcessSystemApiAdapter, 31 public AppDistributedKv::AppDeviceChangeListener { 32 public: 33 using DBStatus = DistributedDB::DBStatus; 34 using OnAccessControlledEvent = DistributedDB::OnAccessControlledEvent; 35 using SecurityOption = DistributedDB::SecurityOption; 36 Security(); Security(std::shared_ptr<ExecutorPool> executors)37 explicit Security(std::shared_ptr<ExecutorPool> executors) : executors_(executors) {}; 38 ~Security() override; 39 static bool IsSupportSecurity(); 40 41 DBStatus RegOnAccessControlledEvent(const OnAccessControlledEvent &callback) override; 42 43 // Check is the access of this device in locked state 44 bool IsAccessControlled() const override; 45 46 // Set the SecurityOption to the targe filepath. 47 // If the filePath is a directory, the function would not effective. 48 DBStatus SetSecurityOption(const std::string &filePath, const SecurityOption &option) override; 49 50 // Get the SecurityOption of the targe filepath. 51 DBStatus GetSecurityOption(const std::string &filePath, SecurityOption &option) const override; 52 53 // Check if the target device can save the data at the give sensitive class. 54 bool CheckDeviceSecurityAbility(const std::string &deviceId, const SecurityOption &option) const override; 55 56 void OnDeviceChanged(const AppDistributedKv::DeviceInfo &info, 57 const AppDistributedKv::DeviceChangeType &type) const override; 58 59 AppDistributedKv::ChangeLevelType GetChangeLevelType() const override; 60 61 private: 62 enum { 63 NO_PWD = -1, 64 UNLOCK, 65 LOCKED, 66 UNINITIALIZED, 67 }; 68 static const std::string LABEL_VALUES[DistributedDB::S4 + 1]; 69 static const std::string Convert2Name(const SecurityOption &option); 70 static int Convert2Security(const std::string &name); 71 bool IsExits(const std::string &file) const; 72 Sensitive GetSensitiveByUuid(const std::string &uuid) const; 73 bool EraseSensitiveByUuid(const std::string &uuid) const; 74 bool IsXattrValueValid(const std::string& value) const; 75 int32_t GetCurrentUserStatus() const; 76 DBStatus SetFileSecurityOption(const std::string &filePath, const SecurityOption &option); 77 DBStatus SetDirSecurityOption(const std::string &filePath, const SecurityOption &option); 78 DBStatus GetFileSecurityOption(const std::string &filePath, SecurityOption &option) const; 79 DBStatus GetDirSecurityOption(const std::string &filePath, SecurityOption &option) const; 80 81 mutable ConcurrentMap<std::string, Sensitive> devicesUdid_; 82 std::shared_ptr<ExecutorPool> executors_; 83 }; 84 } // namespace OHOS::DistributedKv 85 86 #endif // OHOS_SECURITY_H 87