• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 /**
17  * @addtogroup AccessToken
18  * @{
19  *
20  * @brief Provides permission management interfaces.
21  *
22  * Provides tokenID-based application permission verification mechanism.
23  * When an application accesses sensitive data or APIs, this module can check
24  * whether the application has the corresponding permission. Allows applications
25  * to query their access token information or APL levcels based on token IDs.
26  *
27  * @since 7.0
28  * @version 7.0
29  */
30 
31 /**
32  * @file access_token.h
33  *
34  * @brief Declares typedefs, enums and const values.
35  *
36  * @since 7.0
37  * @version 7.0
38  */
39 
40 #ifndef ACCESS_TOKEN_H
41 #define ACCESS_TOKEN_H
42 
43 #include <string>
44 
45 namespace OHOS {
46 namespace Security {
47 namespace AccessToken {
48 typedef unsigned int AccessTokenID;
49 typedef uint64_t FullTokenID;
50 typedef unsigned int AccessTokenAttr;
51 static const int DEFAULT_TOKEN_VERSION = 1;
52 static const AccessTokenID INVALID_TOKENID = 0;
53 
54 /**
55  * @brief visit type
56  */
57 enum class PermUsedTypeEnum {
58     /** invalid type */
59     INVALID_USED_TYPE = -1,
60     /** normal type for permision request */
61     NORMAL_TYPE,
62     /** picker type for permision request */
63     PICKER_TYPE,
64     /** security component type for permision request */
65     SEC_COMPONENT_TYPE,
66     /** bottom of type for no use */
67     PERM_USED_TYPE_BUTT,
68 };
69 
70 /**
71  * @brief Access token kit return code
72  */
73 enum AccessTokenKitRet {
74     RET_FAILED = -1,
75     RET_SUCCESS = 0,
76 };
77 
78 /**
79  * @brief AccessTokenID 32 bits map
80  */
81 typedef struct {
82     unsigned int tokenUniqueID : 20;
83     /** reserved, default 00000 */
84     unsigned int res : 5;
85     /** renderflag, default 0 */
86     unsigned int renderFlag : 1;
87     unsigned int dlpFlag : 1;
88     /**
89      * token type, for details about the valid values,
90      * see the definition of ATokenTypeEnum in the access_token.h file.
91      */
92     unsigned int type : 2;
93     /** version, default 001 */
94     unsigned int version : 3;
95 } AccessTokenIDInner;
96 
97 /**
98  * @brief Token id type
99  */
100 typedef enum TypeATokenTypeEnum {
101     TOKEN_INVALID = -1,
102     TOKEN_HAP = 0,
103     TOKEN_NATIVE,
104     TOKEN_SHELL,
105     TOKEN_TYPE_BUTT,
106 } ATokenTypeEnum;
107 
108 /**
109  * @brief Apl level
110  */
111 typedef enum TypeATokenAplEnum {
112     APL_INVALID = 0,
113     APL_NORMAL = 1,
114     APL_SYSTEM_BASIC = 2,
115     APL_SYSTEM_CORE = 3,
116 } ATokenAplEnum;
117 
118 /**
119  * @brief AvailableType
120  */
121 typedef enum TypeATokenAvailableTypeEnum {
122     INVALID = -1,
123     NORMAL = 0,
124     SYSTEM,
125     MDM,
126     SYSTEM_AND_MDM,
127     SERVICE,
128     AVAILABLE_TYPE_BUTT,
129 } ATokenAvailableTypeEnum;
130 
131 /**
132  * @brief Token id full definition
133  */
134 typedef union {
135     unsigned long long tokenIDEx;
136     struct {
137         AccessTokenID tokenID;
138         /** tokenID attribute */
139         AccessTokenAttr tokenAttr;
140     } tokenIdExStruct;
141 } AccessTokenIDEx;
142 
143 /**
144  * @brief Permission request toggle status
145  */
146 typedef enum TypePermissionRequestToggleStatus {
147     CLOSED = 0,
148     OPEN = 1,
149 } PermissionRequestToggleStatus;
150 
151 /**
152  * @brief Permission states
153  */
154 typedef enum TypePermissionState {
155     PERMISSION_DENIED = -1,
156     PERMISSION_GRANTED = 0,
157 } PermissionState;
158 
159 /**
160  * @brief Permission grant mode
161  */
162 typedef enum TypeGrantMode {
163     /** user grant the permisson by dynamic pop-up window */
164     USER_GRANT = 0,
165     /**
166      * system grant the permission automated when
167      * the permission is decleared and app is installed
168      */
169     SYSTEM_GRANT = 1,
170 } GrantMode;
171 
172 /**
173  * @brief Permission flag
174  */
175 typedef enum TypePermissionFlag {
176     /**
177      * permission has not been set by user.
178      */
179     PERMISSION_DEFAULT_FLAG = 0,
180     /**
181      * permission has been set by user, If the permission is not granted,
182      * a permission window is allowed to apply for permission.
183      */
184     PERMISSION_USER_SET = 1 << 0,
185     /**
186      * permission has been set by user, If the permission is not granted,
187      * a permission window is not allowed to apply for permission.
188      */
189     PERMISSION_USER_FIXED = 1 << 1,
190     /**
191      * permission has been set by system,
192      * the permission can be a user_grant one which is granted for pre-authorization and is non-cancellable.
193      */
194     PERMISSION_SYSTEM_FIXED = 1 << 2,
195     /**
196      * a user_grant permission has been set by system for pre-authorization,
197      * and it is cancellable. it always works with other flags.
198      */
199     PERMISSION_GRANTED_BY_POLICY = 1 << 3,
200     /**
201      * permission has been set by security component.
202      */
203     PERMISSION_COMPONENT_SET = 1 << 4,
204     /*
205      * permission is fixed by policy and the permission cannot be granted or revoked by user
206      */
207     PERMISSION_POLICY_FIXED = 1 << 5,
208     /*
209      * permission is only allowed during the current lifecycle foreground period
210      */
211     PERMISSION_ALLOW_THIS_TIME = 1 << 6,
212 } PermissionFlag;
213 
214 /**
215  * @brief Permission operate result
216  */
217 typedef enum TypePermissionOper {
218     /** permission has been set, only can change it in settings */
219     SETTING_OPER = -1,
220     /** operate is passed, no need to do anything */
221     PASS_OPER = 0,
222     /** permission need dynamic pop-up windows to grant it */
223     DYNAMIC_OPER = 1,
224     /** invalid operation, something is wrong, see in md files */
225     INVALID_OPER = 2,
226     /** operate is forbidden */
227     FORBIDDEN_OPER = 3,
228     /** buttom of permission oper */
229     BUTT_OPER,
230 } PermissionOper;
231 
232 /**
233  * @brief Dlp types
234  */
235 typedef enum DlpType {
236     DLP_COMMON = 0,
237     DLP_READ = 1,
238     DLP_FULL_CONTROL = 2,
239     BUTT_DLP_TYPE,
240 } HapDlpType;
241 
242 /**
243  * @brief Dlp permission type
244  */
245 typedef enum TypeDlpPerm {
246     DLP_PERM_ALL = 0,
247     DLP_PERM_FULL_CONTROL = 1,
248     DLP_PERM_NONE = 2,
249 } DlpPermMode;
250 
251 /**
252  * @brief Atm tools operate type
253  */
254 typedef enum TypeOptType {
255     /** default */
256     DEFAULT_OPER = 0,
257     /** dump hap or native token info */
258     DUMP_TOKEN,
259     /** dump permission used records */
260     DUMP_RECORD,
261     /** dump permission used types */
262     DUMP_TYPE,
263     /** dump permission definition info */
264     DUMP_PERM,
265     /** grant permission */
266     PERM_GRANT,
267     /** revoke permission */
268     PERM_REVOKE,
269     /** set toggle status */
270     TOGGLE_SET,
271     /** get toggle status */
272     TOGGLE_GET,
273 } OptType;
274 } // namespace AccessToken
275 } // namespace Security
276 } // namespace OHOS
277 #endif // ACCESS_TOKEN_H
278