1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "permission_record_manager.h"
17
18 #include <algorithm>
19 #include <cinttypes>
20 #include <numeric>
21
22 #ifndef APP_SECURITY_PRIVACY_SERVICE
23 #include "ability_manager_access_loader.h"
24 #endif
25 #include "access_token.h"
26 #include "accesstoken_kit.h"
27 #include "accesstoken_common_log.h"
28 #include "active_status_callback_manager.h"
29 #include "app_manager_access_client.h"
30 #include "audio_manager_adapter.h"
31 #include "camera_manager_adapter.h"
32 #include "constant.h"
33 #include "constant_common.h"
34 #include "data_translator.h"
35 #include "i_state_change_callback.h"
36 #include "ipc_skeleton.h"
37 #include "iservice_registry.h"
38 #include "json_parse_loader.h"
39 #include "libraryloader.h"
40 #include "parameter.h"
41 #include "parcel_utils.h"
42 #include "permission_record_set.h"
43 #include "permission_used_record_db.h"
44 #include "privacy_error.h"
45 #include "privacy_field_const.h"
46 #include "refbase.h"
47 #include "screenlock_manager_loader.h"
48 #include "state_change_callback_proxy.h"
49 #include "system_ability_definition.h"
50 #include "time_util.h"
51 #ifdef CAMERA_FLOAT_WINDOW_ENABLE
52 #include "privacy_window_manager_client.h"
53 #include "scene_board_judgement.h"
54 #endif
55
56 namespace OHOS {
57 namespace Security {
58 namespace AccessToken {
59 namespace {
60 static const int32_t VALUE_MAX_LEN = 32;
61 constexpr const char* CAMERA_PERMISSION_NAME = "ohos.permission.CAMERA";
62 constexpr const char* MICROPHONE_PERMISSION_NAME = "ohos.permission.MICROPHONE";
63 constexpr const char* EDM_MIC_MUTE_KEY = "persist.edm.mic_disable";
64 constexpr const char* EDM_CAMERA_MUTE_KEY = "persist.edm.camera_disable";
65 #ifndef APP_SECURITY_PRIVACY_SERVICE
66 constexpr const char* DEFAULT_PERMISSION_MANAGER_BUNDLE_NAME = "com.ohos.permissionmanager";
67 constexpr const char* DEFAULT_PERMISSION_MANAGER_DIALOG_ABILITY = "com.ohos.permissionmanager.GlobalExtAbility";
68 #endif
69 static const int32_t DEFAULT_PERMISSION_USED_RECORD_SIZE_MAXIMUM = 500000;
70 static const int32_t DEFAULT_PERMISSION_USED_RECORD_AGING_TIME = 7;
71 static const uint32_t NORMAL_TYPE_ADD_VALUE = 1;
72 static const uint32_t PICKER_TYPE_ADD_VALUE = 2;
73 static const uint32_t SEC_COMPONENT_TYPE_ADD_VALUE = 4;
74 static constexpr int64_t ONE_MINUTE_MILLISECONDS = 60 * 1000; // 1 min = 60 * 1000 ms
75 constexpr const char* EDM_PROCESS_NAME = "edm";
76 static constexpr int32_t MAX_USER_ID = 10736;
77 static constexpr int32_t BASE_USER_RANGE = 200000;
78 std::recursive_mutex g_instanceMutex;
79 }
GetInstance()80 PermissionRecordManager& PermissionRecordManager::GetInstance()
81 {
82 static PermissionRecordManager* instance = nullptr;
83 if (instance == nullptr) {
84 std::lock_guard<std::recursive_mutex> lock(g_instanceMutex);
85 if (instance == nullptr) {
86 PermissionRecordManager* tmp = new PermissionRecordManager();
87 instance = std::move(tmp);
88 }
89 }
90 return *instance;
91 }
92
PermissionRecordManager()93 PermissionRecordManager::PermissionRecordManager()
94 {
95 bool isEdmMute = false;
96 if (GetMuteParameter(EDM_MIC_MUTE_KEY, isEdmMute)) {
97 ModifyMuteStatus(MICROPHONE_PERMISSION_NAME, EDM, isEdmMute);
98 }
99 }
100
~PermissionRecordManager()101 PermissionRecordManager::~PermissionRecordManager()
102 {
103 if (!hasInited_) {
104 return;
105 }
106 hasInited_ = false;
107 Unregister();
108 }
109
OnAppStateChanged(const AppStateData & appStateData)110 void PrivacyAppStateObserver::OnAppStateChanged(const AppStateData &appStateData)
111 {
112 LOGD(PRI_DOMAIN, PRI_TAG, "OnChange(id=%{public}d, pid=%{public}d, state=%{public}d).",
113 appStateData.accessTokenId, appStateData.pid, appStateData.state);
114
115 ActiveChangeType status = PERM_INACTIVE;
116 if (appStateData.state == static_cast<int32_t>(ApplicationState::APP_STATE_FOREGROUND)) {
117 status = PERM_ACTIVE_IN_FOREGROUND;
118 } else if (appStateData.state == static_cast<int32_t>(ApplicationState::APP_STATE_BACKGROUND)) {
119 status = PERM_ACTIVE_IN_BACKGROUND;
120 }
121 PermissionRecordManager::GetInstance().NotifyAppStateChange(appStateData.accessTokenId, appStateData.pid, status);
122 }
123
OnAppStopped(const AppStateData & appStateData)124 void PrivacyAppStateObserver::OnAppStopped(const AppStateData &appStateData)
125 {
126 LOGI(PRI_DOMAIN, PRI_TAG, "OnChange(id=%{public}d, state=%{public}d).",
127 appStateData.accessTokenId, appStateData.state);
128
129 if (appStateData.state == static_cast<int32_t>(ApplicationState::APP_STATE_TERMINATED)) {
130 PermissionRecordManager::GetInstance().RemoveRecordFromStartListByToken(appStateData.accessTokenId);
131 }
132 }
133
OnProcessDied(const ProcessData & processData)134 void PrivacyAppStateObserver::OnProcessDied(const ProcessData &processData)
135 {
136 LOGD(PRI_DOMAIN, PRI_TAG, "OnChange(id=%{public}u, pid=%{public}d, state=%{public}d).",
137 processData.accessTokenId, processData.pid, processData.state);
138
139 PermissionRecordManager::GetInstance().RemoveRecordFromStartListByPid(processData.accessTokenId, processData.pid);
140 }
141
NotifyAppManagerDeath()142 void PrivacyAppManagerDeathCallback::NotifyAppManagerDeath()
143 {
144 PermissionRecordManager::GetInstance().OnAppMgrRemoteDiedHandle();
145 }
146
AddRecToCacheAndValueVec(const PermissionRecord & record,std::vector<GenericValues> & values)147 void PermissionRecordManager::AddRecToCacheAndValueVec(const PermissionRecord& record,
148 std::vector<GenericValues>& values)
149 {
150 PermissionRecordCache cache;
151 cache.record = record;
152 permUsedRecList_.emplace_back(cache);
153
154 GenericValues value;
155 PermissionRecord::TranslationIntoGenericValues(record, value);
156 values.emplace_back(value);
157 }
158
RecordMergeCheck(const PermissionRecord & record1,const PermissionRecord & record2)159 static bool RecordMergeCheck(const PermissionRecord& record1, const PermissionRecord& record2)
160 {
161 // timestamp in the same minute
162 if (!AccessToken::TimeUtil::IsTimeStampsSameMinute(record1.timestamp, record2.timestamp)) {
163 return false;
164 }
165
166 // the same tokenID + opCode + status + lockScreenStatus + usedType
167 if ((record1.tokenId != record2.tokenId) ||
168 (record1.opCode != record2.opCode) ||
169 (record1.status != record2.status) ||
170 (record1.lockScreenStatus != record2.lockScreenStatus) ||
171 (record1.type != record2.type)) {
172 return false;
173 }
174
175 // both success
176 if (((record1.accessCount > 0) && (record2.accessCount == 0)) ||
177 ((record1.accessCount == 0) && (record2.accessCount > 0))) {
178 return false;
179 }
180
181 // both failure
182 if (((record1.rejectCount > 0) && (record2.rejectCount == 0)) ||
183 ((record1.rejectCount == 0) && (record2.rejectCount > 0))) {
184 return false;
185 }
186
187 return true;
188 }
189
MergeOrInsertRecord(const PermissionRecord & record)190 int32_t PermissionRecordManager::MergeOrInsertRecord(const PermissionRecord& record)
191 {
192 std::vector<GenericValues> insertRecords;
193 {
194 std::lock_guard<std::mutex> lock(permUsedRecMutex_);
195 if (permUsedRecList_.empty()) {
196 LOGI(PRI_DOMAIN, PRI_TAG, "First record in cache!");
197
198 AddRecToCacheAndValueVec(record, insertRecords);
199 } else {
200 bool mergeFlag = false;
201 for (auto it = permUsedRecList_.begin(); it != permUsedRecList_.end(); ++it) {
202 if (RecordMergeCheck(it->record, record)) {
203 LOGI(PRI_DOMAIN, PRI_TAG, "Merge record, ori timestamp is %{public}" PRId64 ".",
204 it->record.timestamp);
205
206 // merge new record to older one if match the merge condition
207 it->record.accessCount += record.accessCount;
208 it->record.rejectCount += record.rejectCount;
209
210 // set update flag to true
211 it->needUpdateToDb = true;
212 mergeFlag = true;
213 break;
214 }
215 }
216
217 if (!mergeFlag) {
218 // record can't merge store to database immediately and add to cache
219 AddRecToCacheAndValueVec(record, insertRecords);
220 }
221 }
222 }
223
224 if (insertRecords.empty()) {
225 return Constant::SUCCESS;
226 }
227
228 Utils::UniqueWriteGuard<Utils::RWLock> lk(this->rwLock_);
229 int32_t res = PermissionUsedRecordDb::GetInstance().Add(PermissionUsedRecordDb::DataType::PERMISSION_RECORD,
230 insertRecords);
231 if (res != PermissionUsedRecordDb::ExecuteResult::SUCCESS) {
232 LOGI(PRI_DOMAIN, PRI_TAG, "Add permission_record_table failed!");
233 return res;
234 }
235
236 LOGI(PRI_DOMAIN, PRI_TAG, "Add record, id %{public}d, op %{public}d, status: %{public}d, sucCnt: %{public}d, "
237 "failCnt: %{public}d, lockScreenStatus %{public}d, timestamp %{public}" PRId64 ", type %{public}d.",
238 record.tokenId, record.opCode, record.status, record.accessCount, record.rejectCount, record.lockScreenStatus,
239 record.timestamp, record.type);
240
241 return Constant::SUCCESS;
242 }
243
UpdatePermissionUsedRecordToDb(const PermissionRecord & record)244 bool PermissionRecordManager::UpdatePermissionUsedRecordToDb(const PermissionRecord& record)
245 {
246 GenericValues modifyValue;
247 modifyValue.Put(PrivacyFiledConst::FIELD_ACCESS_COUNT, record.accessCount);
248 modifyValue.Put(PrivacyFiledConst::FIELD_REJECT_COUNT, record.rejectCount);
249
250 GenericValues conditionValue;
251 conditionValue.Put(PrivacyFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(record.tokenId));
252 conditionValue.Put(PrivacyFiledConst::FIELD_OP_CODE, record.opCode);
253 conditionValue.Put(PrivacyFiledConst::FIELD_STATUS, record.status);
254 conditionValue.Put(PrivacyFiledConst::FIELD_TIMESTAMP, record.timestamp);
255 conditionValue.Put(PrivacyFiledConst::FIELD_USED_TYPE, record.type);
256
257 {
258 Utils::UniqueWriteGuard<Utils::RWLock> lk(this->rwLock_);
259 return (PermissionUsedRecordDb::GetInstance().Update(PermissionUsedRecordDb::DataType::PERMISSION_RECORD,
260 modifyValue, conditionValue) == PermissionUsedRecordDb::ExecuteResult::SUCCESS);
261 }
262 }
263
AddRecord(const PermissionRecord & record)264 int32_t PermissionRecordManager::AddRecord(const PermissionRecord& record)
265 {
266 int32_t res = MergeOrInsertRecord(record);
267 if (res != Constant::SUCCESS) {
268 return res;
269 }
270
271 int64_t updateStamp = record.timestamp - ONE_MINUTE_MILLISECONDS; // timestamp less than 1 min from now
272 std::lock_guard<std::mutex> lock(permUsedRecMutex_);
273 auto it = permUsedRecList_.begin();
274 while (it != permUsedRecList_.end()) {
275 if ((it->record.timestamp > updateStamp) || (it->record.opCode != record.opCode)) {
276 // record from cache less than updateStamp may merge, ignore them
277 ++it;
278 continue;
279 }
280
281 /*
282 needUpdateToDb:
283 - flase means record not merge, when the timestamp of those records less than 1 min from now
284 they can not merge any more, remove them from cache
285 - true means record has merged, need to update database before remove from cache
286 whether update database succeed or not, recod remove from cache
287 */
288 if ((it->needUpdateToDb) && (!UpdatePermissionUsedRecordToDb(it->record))) {
289 LOGE(PRI_DOMAIN, PRI_TAG, "Record with timestamp %{public}" PRId64 "update database failed!",
290 it->record.timestamp);
291 }
292
293 it = permUsedRecList_.erase(it);
294 }
295
296 return Constant::SUCCESS;
297 }
298
UpdatePermRecImmediately()299 void PermissionRecordManager::UpdatePermRecImmediately()
300 {
301 std::lock_guard<std::mutex> lock(permUsedRecMutex_);
302 for (auto it = permUsedRecList_.begin(); it != permUsedRecList_.end(); ++it) {
303 if (it->needUpdateToDb) {
304 UpdatePermissionUsedRecordToDb(it->record);
305 }
306 }
307 }
308
GetPermissionRecord(const AddPermParamInfo & info,PermissionRecord & record)309 int32_t PermissionRecordManager::GetPermissionRecord(const AddPermParamInfo& info, PermissionRecord& record)
310 {
311 if (AccessTokenKit::GetTokenTypeFlag(info.tokenId) != TOKEN_HAP) {
312 LOGD(PRI_DOMAIN, PRI_TAG, "Not hap(%{public}d).", info.tokenId);
313 return PrivacyError::ERR_PARAM_INVALID;
314 }
315 int32_t opCode;
316 if (!Constant::TransferPermissionToOpcode(info.permissionName, opCode)) {
317 LOGE(PRI_DOMAIN, PRI_TAG, "Invalid perm(%{public}s)", info.permissionName.c_str());
318 return PrivacyError::ERR_PERMISSION_NOT_EXIST;
319 }
320 if (GetMuteStatus(info.permissionName, EDM)) {
321 record.status = PERM_INACTIVE;
322 } else {
323 record.status = GetAppStatus(info.tokenId);
324 }
325 record.lockScreenStatus = GetLockScreenStatus();
326 record.tokenId = info.tokenId;
327 record.accessCount = info.successCount;
328 record.rejectCount = info.failCount;
329 record.opCode = opCode;
330 record.timestamp = AccessToken::TimeUtil::GetCurrentTimestamp();
331 record.accessDuration = 0;
332 record.type = info.type;
333 LOGD(PRI_DOMAIN, PRI_TAG, "Record status: %{public}d", record.status);
334 return Constant::SUCCESS;
335 }
336
TransformEnumToBitValue(const PermissionUsedType type,uint32_t & value)337 void PermissionRecordManager::TransformEnumToBitValue(const PermissionUsedType type, uint32_t& value)
338 {
339 if (type == PermissionUsedType::NORMAL_TYPE) {
340 value = NORMAL_TYPE_ADD_VALUE;
341 } else if (type == PermissionUsedType::PICKER_TYPE) {
342 value = PICKER_TYPE_ADD_VALUE;
343 } else if (type == PermissionUsedType::SECURITY_COMPONENT_TYPE) {
344 value = SEC_COMPONENT_TYPE_ADD_VALUE;
345 }
346 }
347
AddOrUpdateUsedTypeIfNeeded(const AccessTokenID tokenId,const int32_t opCode,const PermissionUsedType type)348 bool PermissionRecordManager::AddOrUpdateUsedTypeIfNeeded(const AccessTokenID tokenId, const int32_t opCode,
349 const PermissionUsedType type)
350 {
351 uint32_t inputType = 0;
352 TransformEnumToBitValue(type, inputType);
353
354 GenericValues conditionValue;
355 conditionValue.Put(PrivacyFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
356 conditionValue.Put(PrivacyFiledConst::FIELD_PERMISSION_CODE, opCode);
357
358 std::vector<GenericValues> results;
359 int32_t res = PermissionUsedRecordDb::GetInstance().Query(PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE,
360 conditionValue, results);
361 if (res != PermissionUsedRecordDb::SUCCESS) {
362 return false;
363 }
364
365 if (results.empty()) {
366 // empty means there is no permission used type record, add it
367 LOGD(PRI_DOMAIN, PRI_TAG, "No exsit record, add it.");
368
369 GenericValues recordValue;
370 recordValue.Put(PrivacyFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
371 recordValue.Put(PrivacyFiledConst::FIELD_PERMISSION_CODE, opCode);
372 recordValue.Put(PrivacyFiledConst::FIELD_USED_TYPE, static_cast<int32_t>(inputType));
373
374 std::vector<GenericValues> recordValues;
375 recordValues.emplace_back(recordValue);
376 res = PermissionUsedRecordDb::GetInstance().Add(PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE,
377 recordValues);
378 if (res != PermissionUsedRecordDb::ExecuteResult::SUCCESS) {
379 return false;
380 }
381 } else {
382 // not empty means there is permission used type record exsit, update it if needed
383 uint32_t dbType = static_cast<uint32_t>(results[0].GetInt(PrivacyFiledConst::FIELD_USED_TYPE));
384 LOGD(PRI_DOMAIN, PRI_TAG, "Record exsit, type is %{public}u.", dbType);
385
386 if ((dbType & inputType) == inputType) {
387 // true means visitTypeEnum has exsits, no need to add
388 LOGD(PRI_DOMAIN, PRI_TAG, "Used type has add.");
389 return true;
390 } else {
391 results[0].Remove(PrivacyFiledConst::FIELD_USED_TYPE);
392 dbType |= inputType;
393
394 // false means visitTypeEnum not exsits, update record
395 LOGD(PRI_DOMAIN, PRI_TAG, "Used type not add, generate new %{public}u.", dbType);
396
397 GenericValues newValue;
398 newValue.Put(PrivacyFiledConst::FIELD_USED_TYPE, static_cast<int32_t>(dbType));
399 return (PermissionUsedRecordDb::GetInstance().Update(PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE,
400 newValue, results[0]) == PermissionUsedRecordDb::ExecuteResult::SUCCESS);
401 }
402 }
403
404 return true;
405 }
406
CheckPermissionUsedRecordToggleStatus(int32_t userID)407 bool PermissionRecordManager::CheckPermissionUsedRecordToggleStatus(int32_t userID)
408 {
409 auto it = permUsedRecToggleStatusMap_.find(userID);
410 if (it != permUsedRecToggleStatusMap_.end()) {
411 LOGD(PRI_DOMAIN, PRI_TAG, "userID: %{public}d, status: %{public}d.", it->first, it->second ? 1 : 0);
412 return it->second;
413 }
414 LOGD(PRI_DOMAIN, PRI_TAG, "userID: %{public}d not exist record, return true.", userID);
415 return true;
416 }
417
AddPermissionUsedRecord(const AddPermParamInfo & info)418 int32_t PermissionRecordManager::AddPermissionUsedRecord(const AddPermParamInfo& info)
419 {
420 HapTokenInfo tokenInfo;
421 if (AccessTokenKit::GetHapTokenInfo(info.tokenId, tokenInfo) != Constant::SUCCESS) {
422 LOGE(PRI_DOMAIN, PRI_TAG, "Invalid tokenId(%{public}d).", info.tokenId);
423 return PrivacyError::ERR_TOKENID_NOT_EXIST;
424 }
425
426 if (!CheckPermissionUsedRecordToggleStatus(tokenInfo.userID)) {
427 LOGI(PRI_DOMAIN, PRI_TAG, "The permission used record toggle status is false.");
428 return PrivacyError::PRIVACY_TOGGELE_RESTRICTED;
429 }
430
431 if ((info.successCount == 0) && (info.failCount == 0)) {
432 return PrivacyError::ERR_PARAM_INVALID;
433 }
434
435 PermissionRecord record;
436 int32_t result = GetPermissionRecord(info, record);
437 if ((result != Constant::SUCCESS) || (!GetGlobalSwitchStatus(info.permissionName))) {
438 return result;
439 }
440
441 result = AddRecord(record);
442 if (result != Constant::SUCCESS) {
443 return result;
444 }
445
446 return AddOrUpdateUsedTypeIfNeeded(
447 info.tokenId, record.opCode, info.type) ? Constant::SUCCESS : Constant::FAILURE;
448 }
449
SetPermissionUsedRecordToggleStatus(int32_t userID,bool status)450 int32_t PermissionRecordManager::SetPermissionUsedRecordToggleStatus(int32_t userID, bool status)
451 {
452 if (userID == 0) {
453 userID = IPCSkeleton::GetCallingUid() / BASE_USER_RANGE;
454 }
455
456 if (!PermissionRecordManager::IsUserIdValid(userID)) {
457 LOGE(PRI_DOMAIN, PRI_TAG, "UserID is invalid.");
458 return PrivacyError::ERR_PARAM_INVALID;
459 }
460
461 if (!status) {
462 std::unordered_set<AccessTokenID> tokenIDList;
463 int32_t ret = AccessTokenKit::GetTokenIDByUserID(userID, tokenIDList);
464 if (ret != RET_SUCCESS) {
465 return Constant::FAILURE;
466 }
467 if (!tokenIDList.empty()) {
468 RemoveHistoryPermissionUsedRecords(tokenIDList);
469 }
470 }
471
472 if (!UpdatePermUsedRecToggleStatusMap(userID, status)) {
473 LOGD(PRI_DOMAIN, PRI_TAG, "The status is the same as that set last time, not need to update database.");
474 return Constant::SUCCESS;
475 }
476
477 if (!AddOrUpdateUsedStatusIfNeeded(userID, status)) {
478 LOGE(PRI_DOMAIN, PRI_TAG, "Failed to AddOrUpdateUsedStatusIfNeeded.");
479 return Constant::FAILURE;
480 }
481
482 return Constant::SUCCESS;
483 }
484
UpdatePermUsedRecToggleStatusMap(int32_t userID,bool status)485 bool PermissionRecordManager::UpdatePermUsedRecToggleStatusMap(int32_t userID, bool status)
486 {
487 std::lock_guard<std::mutex> lock(permUsedRecToggleStatusMutex_);
488 auto it = permUsedRecToggleStatusMap_.find(userID);
489 if (it == permUsedRecToggleStatusMap_.end()) {
490 permUsedRecToggleStatusMap_.insert(std::make_pair(userID, status));
491 return true;
492 } else {
493 if (it->second != status) {
494 it->second = status;
495 return true;
496 }
497 }
498
499 return false;
500 }
501
AddOrUpdateUsedStatusIfNeeded(int32_t userID,bool status)502 bool PermissionRecordManager::AddOrUpdateUsedStatusIfNeeded(int32_t userID, bool status)
503 {
504 GenericValues conditionValue;
505 conditionValue.Put(PrivacyFiledConst::FIELD_USER_ID, userID);
506
507 std::vector<GenericValues> results;
508 int32_t res = PermissionUsedRecordDb::GetInstance().Query(
509 PermissionUsedRecordDb::DataType::PERMISSION_USED_RECORD_TOGGLE_STATUS, conditionValue, results);
510 if (res != PermissionUsedRecordDb::SUCCESS) {
511 return false;
512 }
513
514 if (results.empty()) {
515 // empty means there is no user record, add it
516 LOGD(PRI_DOMAIN, PRI_TAG, "No exsit record, add it.");
517
518 GenericValues recordValue;
519 recordValue.Put(PrivacyFiledConst::FIELD_USER_ID, userID);
520 recordValue.Put(PrivacyFiledConst::FIELD_STATUS, status);
521
522 std::vector<GenericValues> recordValues;
523 recordValues.emplace_back(recordValue);
524 int32_t res = PermissionUsedRecordDb::GetInstance().Add(
525 PermissionUsedRecordDb::DataType::PERMISSION_USED_RECORD_TOGGLE_STATUS, recordValues);
526 if (res != PermissionUsedRecordDb::ExecuteResult::SUCCESS) {
527 return false;
528 }
529 } else {
530 LOGD(PRI_DOMAIN, PRI_TAG, "Exsit record, update it.");
531 GenericValues newValue;
532 newValue.Put(PrivacyFiledConst::FIELD_STATUS, static_cast<int32_t>(status));
533 return (PermissionUsedRecordDb::GetInstance().Update(
534 PermissionUsedRecordDb::DataType::PERMISSION_USED_RECORD_TOGGLE_STATUS,
535 newValue, conditionValue) == PermissionUsedRecordDb::ExecuteResult::SUCCESS);
536 }
537
538 return true;
539 }
540
GetPermissionUsedRecordToggleStatus(int32_t userID,bool & status)541 int32_t PermissionRecordManager::GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status)
542 {
543 if (userID == 0) {
544 userID = IPCSkeleton::GetCallingUid() / BASE_USER_RANGE;
545 }
546
547 if (!PermissionRecordManager::IsUserIdValid(userID)) {
548 LOGE(PRI_DOMAIN, PRI_TAG, "UserID is invalid.");
549 return PrivacyError::ERR_PARAM_INVALID;
550 }
551
552 auto it = permUsedRecToggleStatusMap_.find(userID);
553 if (it == permUsedRecToggleStatusMap_.end()) {
554 status = true;
555 } else {
556 status = it->second;
557 }
558
559 return Constant::SUCCESS;
560 }
561
UpdatePermUsedRecToggleStatusMapFromDb()562 void PermissionRecordManager::UpdatePermUsedRecToggleStatusMapFromDb()
563 {
564 std::vector<GenericValues> permUsedRecordToggleStatusRes;
565 GenericValues conditionValue;
566
567 int32_t res = PermissionUsedRecordDb::GetInstance().Query(
568 PermissionUsedRecordDb::DataType::PERMISSION_USED_RECORD_TOGGLE_STATUS,
569 conditionValue, permUsedRecordToggleStatusRes);
570 if (res != PermissionUsedRecordDb::SUCCESS || permUsedRecordToggleStatusRes.empty()) {
571 LOGE(PRI_DOMAIN, PRI_TAG, "Not exsit record, res:%{public}d.", res);
572 return;
573 }
574
575 int32_t userID = 0;
576 bool status = true;
577 auto it = permUsedRecordToggleStatusRes.begin();
578 while (it != permUsedRecordToggleStatusRes.end()) {
579 userID = it->GetInt(PrivacyFiledConst::FIELD_USER_ID);
580 status = static_cast<bool>(it->GetInt(PrivacyFiledConst::FIELD_STATUS));
581 UpdatePermUsedRecToggleStatusMap(userID, status);
582 ++it;
583 }
584
585 return;
586 }
587
RemoveHistoryPermissionUsedRecords(std::unordered_set<AccessTokenID> tokenIDList)588 void PermissionRecordManager::RemoveHistoryPermissionUsedRecords(std::unordered_set<AccessTokenID> tokenIDList)
589 {
590 // remove from database
591 std::vector<PermissionUsedRecordDb::DataType> dataTypes;
592 dataTypes.emplace_back(PermissionUsedRecordDb::DataType::PERMISSION_RECORD);
593 dataTypes.emplace_back(PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE);
594 PermissionUsedRecordDb::GetInstance().DeleteHistoryRecordsInTables(dataTypes, tokenIDList);
595
596 {
597 // remove from record cache
598 std::lock_guard<std::mutex> lock(permUsedRecMutex_);
599 auto it = permUsedRecList_.begin();
600 while (it != permUsedRecList_.end()) {
601 if (tokenIDList.find(it->record.tokenId) != tokenIDList.end()) {
602 it = permUsedRecList_.erase(it);
603 } else {
604 ++it;
605 }
606 }
607 }
608 }
609
RemovePermissionUsedRecords(AccessTokenID tokenId)610 void PermissionRecordManager::RemovePermissionUsedRecords(AccessTokenID tokenId)
611 {
612 {
613 // remove from record cache
614 std::lock_guard<std::mutex> lock(permUsedRecMutex_);
615 auto it = permUsedRecList_.begin();
616 while (it != permUsedRecList_.end()) {
617 if (tokenId == it->record.tokenId) {
618 it = permUsedRecList_.erase(it);
619 } else {
620 ++it;
621 }
622 }
623 }
624
625 GenericValues conditions;
626 conditions.Put(PrivacyFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
627 {
628 // remove from database
629 Utils::UniqueWriteGuard<Utils::RWLock> lk(this->rwLock_);
630 PermissionUsedRecordDb::GetInstance().Remove(PermissionUsedRecordDb::DataType::PERMISSION_RECORD, conditions);
631 PermissionUsedRecordDb::GetInstance().Remove(PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE,
632 conditions);
633 }
634
635 // remove from start list
636 RemoveRecordFromStartListByToken(tokenId);
637 }
638
GetPermissionUsedRecords(const PermissionUsedRequest & request,PermissionUsedResult & result)639 int32_t PermissionRecordManager::GetPermissionUsedRecords(
640 const PermissionUsedRequest& request, PermissionUsedResult& result)
641 {
642 if (!request.isRemote && !GetRecordsFromLocalDB(request, result)) {
643 LOGE(PRI_DOMAIN, PRI_TAG, "Failed to GetRecordsFromLocalDB");
644 return PrivacyError::ERR_PARAM_INVALID;
645 }
646 return Constant::SUCCESS;
647 }
648
GetPermissionUsedRecordsAsync(const PermissionUsedRequest & request,const sptr<OnPermissionUsedRecordCallback> & callback)649 int32_t PermissionRecordManager::GetPermissionUsedRecordsAsync(
650 const PermissionUsedRequest& request, const sptr<OnPermissionUsedRecordCallback>& callback)
651 {
652 auto task = [request, callback]() {
653 LOGI(PRI_DOMAIN, PRI_TAG, "GetPermissionUsedRecordsAsync task called");
654 PermissionUsedResult result;
655 int32_t retCode = PermissionRecordManager::GetInstance().GetPermissionUsedRecords(request, result);
656 callback->OnQueried(retCode, result);
657 };
658 std::thread recordThread(task);
659 recordThread.detach();
660 return Constant::SUCCESS;
661 }
662
TransferToOpcode(const std::vector<std::string> & permissionList,std::set<int32_t> & opCodeList)663 static void TransferToOpcode(const std::vector<std::string>& permissionList, std::set<int32_t>& opCodeList)
664 {
665 for (const auto& permission : permissionList) {
666 int32_t opCode = Constant::OP_INVALID;
667 if (Constant::TransferPermissionToOpcode(permission, opCode)) {
668 opCodeList.insert(opCode);
669 }
670 }
671 }
672
GetMergedRecordsFromCache(std::vector<PermissionRecord> & mergedRecords)673 void PermissionRecordManager::GetMergedRecordsFromCache(std::vector<PermissionRecord>& mergedRecords)
674 {
675 std::lock_guard<std::mutex> lock(permUsedRecMutex_);
676 for (const auto& cache : permUsedRecList_) {
677 if (cache.needUpdateToDb) {
678 mergedRecords.emplace_back(cache.record);
679 }
680 }
681 }
682
InsteadMergedRecIfNecessary(GenericValues & queryValue,std::vector<PermissionRecord> & mergedRecords)683 void PermissionRecordManager::InsteadMergedRecIfNecessary(GenericValues& queryValue,
684 std::vector<PermissionRecord>& mergedRecords)
685 {
686 uint32_t tokenId = static_cast<uint32_t>(queryValue.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID));
687 int32_t opCode = queryValue.GetInt(PrivacyFiledConst::FIELD_OP_CODE);
688 int32_t status = queryValue.GetInt(PrivacyFiledConst::FIELD_STATUS);
689 int64_t timestamp = queryValue.GetInt64(PrivacyFiledConst::FIELD_TIMESTAMP);
690 PermissionUsedType type = static_cast<PermissionUsedType>(queryValue.GetInt(PrivacyFiledConst::FIELD_USED_TYPE));
691
692 for (const auto& record : mergedRecords) {
693 if ((tokenId == record.tokenId) &&
694 (opCode == record.opCode) &&
695 (status == record.status) &&
696 (timestamp == record.timestamp) &&
697 (type == record.type)) {
698 // find merged record, instead accessCount and rejectCount
699 queryValue.Remove(PrivacyFiledConst::FIELD_ACCESS_COUNT);
700 queryValue.Put(PrivacyFiledConst::FIELD_ACCESS_COUNT, record.accessCount);
701 queryValue.Remove(PrivacyFiledConst::FIELD_REJECT_COUNT);
702 queryValue.Put(PrivacyFiledConst::FIELD_REJECT_COUNT, record.rejectCount);
703 return;
704 }
705 }
706 }
707
MergeSamePermission(const PermissionUsageFlag & flag,const PermissionUsedRecord & inRecord,PermissionUsedRecord & outRecord)708 void PermissionRecordManager::MergeSamePermission(const PermissionUsageFlag& flag, const PermissionUsedRecord& inRecord,
709 PermissionUsedRecord& outRecord)
710 {
711 outRecord.accessCount += inRecord.accessCount;
712 outRecord.secAccessCount += inRecord.secAccessCount;
713 outRecord.rejectCount += inRecord.rejectCount;
714
715 // update lastAccessTime、lastRejectTime and lastAccessDuration to the nearer one
716 outRecord.lastAccessTime = (inRecord.lastAccessTime > outRecord.lastAccessTime) ?
717 inRecord.lastAccessTime : outRecord.lastAccessTime;
718 outRecord.lastAccessDuration = (inRecord.lastAccessTime > outRecord.lastAccessTime) ?
719 inRecord.lastAccessDuration : outRecord.lastAccessDuration;
720 outRecord.lastRejectTime = (inRecord.lastRejectTime > outRecord.lastRejectTime) ?
721 inRecord.lastRejectTime : outRecord.lastRejectTime;
722
723 // summary do not handle detail
724 if (flag == FLAG_PERMISSION_USAGE_SUMMARY) {
725 return;
726 }
727
728 if (inRecord.lastAccessTime > 0) {
729 outRecord.accessRecords.emplace_back(inRecord.accessRecords[0]);
730 }
731 if (inRecord.lastRejectTime > 0) {
732 outRecord.rejectRecords.emplace_back(inRecord.rejectRecords[0]);
733 }
734 }
735
FillPermissionUsedRecords(const PermissionUsedRecord & record,const PermissionUsageFlag & flag,std::vector<PermissionUsedRecord> & permissionRecords)736 void PermissionRecordManager::FillPermissionUsedRecords(const PermissionUsedRecord& record,
737 const PermissionUsageFlag& flag, std::vector<PermissionUsedRecord>& permissionRecords)
738 {
739 // check whether the permission has exsit
740 auto iter = std::find_if(permissionRecords.begin(), permissionRecords.end(),
741 [record](const PermissionUsedRecord& rec) {
742 return record.permissionName == rec.permissionName;
743 });
744 if (iter != permissionRecords.end()) {
745 // permission exsit, merge it
746 MergeSamePermission(flag, record, *iter);
747 } else {
748 // permission not exsit, add it
749 permissionRecords.emplace_back(record);
750 }
751 }
752
FillBundleUsedRecord(const GenericValues & value,const PermissionUsageFlag & flag,std::map<int32_t,BundleUsedRecord> & tokenIdToBundleMap,std::map<int32_t,int32_t> & tokenIdToCountMap,PermissionUsedResult & result)753 bool PermissionRecordManager::FillBundleUsedRecord(const GenericValues& value, const PermissionUsageFlag& flag,
754 std::map<int32_t, BundleUsedRecord>& tokenIdToBundleMap, std::map<int32_t, int32_t>& tokenIdToCountMap,
755 PermissionUsedResult& result)
756 {
757 // translate database value into PermissionUsedRecord value
758 PermissionUsedRecord record;
759 if (DataTranslator::TranslationGenericValuesIntoPermissionUsedRecord(flag, value, record) != Constant::SUCCESS) {
760 LOGE(PRI_DOMAIN, PRI_TAG, "Failed to transform op(%{public}d)",
761 value.GetInt(PrivacyFiledConst::FIELD_OP_CODE));
762 return false;
763 }
764
765 // update beginTimeMillis and endTimeMillis if necessary
766 int64_t timestamp = value.GetInt64(PrivacyFiledConst::FIELD_TIMESTAMP);
767 result.beginTimeMillis = ((result.beginTimeMillis == 0) || (timestamp < result.beginTimeMillis)) ?
768 timestamp : result.beginTimeMillis;
769 result.endTimeMillis = (timestamp > result.endTimeMillis) ? timestamp : result.endTimeMillis;
770
771 int32_t tokenId = value.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID);
772 FillPermissionUsedRecords(record, flag, tokenIdToBundleMap[tokenId].permissionRecords);
773 tokenIdToCountMap[tokenId] += 1;
774
775 return true;
776 }
777
AddDebugLog(const AccessTokenID tokenId,const BundleUsedRecord & bundleRecord,const int32_t queryCount,int32_t & totalSuccCount,int32_t & totalFailCount)778 static void AddDebugLog(const AccessTokenID tokenId, const BundleUsedRecord& bundleRecord, const int32_t queryCount,
779 int32_t& totalSuccCount, int32_t& totalFailCount)
780 {
781 int32_t tokenTotalSuccCount = 0;
782 int32_t tokenTotalFailCount = 0;
783 for (const auto& permissionRecord : bundleRecord.permissionRecords) {
784 tokenTotalSuccCount += permissionRecord.accessCount;
785 tokenTotalFailCount += permissionRecord.rejectCount;
786 }
787 LOGI(PRI_DOMAIN, PRI_TAG, "TokenId %{public}d[%{public}s] get %{public}d records, success %{public}d,"
788 " failure %{public}d", tokenId, bundleRecord.bundleName.c_str(), queryCount, tokenTotalSuccCount,
789 tokenTotalFailCount);
790 totalSuccCount += tokenTotalSuccCount;
791 totalFailCount += tokenTotalFailCount;
792 }
793
GetRecordsFromLocalDB(const PermissionUsedRequest & request,PermissionUsedResult & result)794 bool PermissionRecordManager::GetRecordsFromLocalDB(const PermissionUsedRequest& request, PermissionUsedResult& result)
795 {
796 GenericValues andConditionValues;
797 if (DataTranslator::TranslationIntoGenericValues(request, andConditionValues) != Constant::SUCCESS) {
798 LOGE(PRI_DOMAIN, PRI_TAG, "Query time or flag is invalid");
799 return false;
800 }
801
802 int32_t dataLimitNum = request.flag == FLAG_PERMISSION_USAGE_DETAIL ? MAX_ACCESS_RECORD_SIZE : recordSizeMaximum_;
803 int32_t totalSuccCount = 0;
804 int32_t totalFailCount = 0;
805 std::vector<GenericValues> findRecordsValues; // summary don't limit querry data num, detail do
806
807 std::set<int32_t> opCodeList;
808 TransferToOpcode(request.permissionList, opCodeList);
809 PermissionUsedRecordDb::GetInstance().FindByConditions(PermissionUsedRecordDb::DataType::PERMISSION_RECORD,
810 opCodeList, andConditionValues, findRecordsValues, dataLimitNum);
811
812 uint32_t currentCount = findRecordsValues.size(); // handle query result
813 if (currentCount == 0) {
814 LOGI(PRI_DOMAIN, PRI_TAG, "No record match the condition.");
815 return true;
816 }
817
818 std::vector<PermissionRecord> mergedRecords;
819 GetMergedRecordsFromCache(mergedRecords);
820
821 std::set<int32_t> tokenIdList;
822 std::map<int32_t, BundleUsedRecord> tokenIdToBundleMap;
823 std::map<int32_t, int32_t> tokenIdToCountMap;
824
825 for (auto& recordValue : findRecordsValues) {
826 InsteadMergedRecIfNecessary(recordValue, mergedRecords);
827
828 int32_t tokenId = recordValue.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID);
829 if (tokenIdList.count(tokenId) == 0) {
830 tokenIdList.insert(tokenId); // new tokenId, inset into set
831
832 BundleUsedRecord bundleRecord; // get bundle info
833 if (!CreateBundleUsedRecord(tokenId, bundleRecord)) {
834 continue;
835 }
836
837 tokenIdToBundleMap[tokenId] = bundleRecord; // add into map
838 tokenIdToCountMap[tokenId] = 0;
839 }
840
841 if (!FillBundleUsedRecord(recordValue, request.flag, tokenIdToBundleMap, tokenIdToCountMap, result)) {
842 continue;
843 }
844 }
845
846 for (auto iter = tokenIdToBundleMap.begin(); iter != tokenIdToBundleMap.end(); ++iter) {
847 result.bundleRecords.emplace_back(iter->second);
848
849 AddDebugLog(iter->first, iter->second, tokenIdToCountMap[iter->first], totalSuccCount, totalFailCount);
850 }
851
852 if (request.flag == FLAG_PERMISSION_USAGE_SUMMARY) {
853 LOGI(PRI_DOMAIN, PRI_TAG, "Total success count is %{public}d, total failure count is %{public}d",
854 totalSuccCount, totalFailCount);
855 }
856
857 return true;
858 }
859
CreateBundleUsedRecord(const AccessTokenID tokenId,BundleUsedRecord & bundleRecord)860 bool PermissionRecordManager::CreateBundleUsedRecord(const AccessTokenID tokenId, BundleUsedRecord& bundleRecord)
861 {
862 HapTokenInfo tokenInfo;
863 if (AccessTokenKit::GetHapTokenInfo(tokenId, tokenInfo) != Constant::SUCCESS) {
864 LOGE(PRI_DOMAIN, PRI_TAG, "GetHapTokenInfo failed, tokenId is %{public}u.", tokenId);
865 return false;
866 }
867 bundleRecord.tokenId = tokenId;
868 bundleRecord.isRemote = false;
869 bundleRecord.deviceId = "";
870 bundleRecord.bundleName = tokenInfo.bundleName;
871 return true;
872 }
873
874 // call this when receive screen off common event
ExecuteDeletePermissionRecordTask()875 void PermissionRecordManager::ExecuteDeletePermissionRecordTask()
876 {
877 if (GetCurDeleteTaskNum() > 1) {
878 LOGI(PRI_DOMAIN, PRI_TAG, "Has delete task!");
879 return;
880 }
881 AddDeleteTaskNum();
882
883 std::function<void()> delayed = ([this]() {
884 DeletePermissionRecord(recordAgingTime_);
885 LOGI(PRI_DOMAIN, PRI_TAG, "Delete record end.");
886 // Sleep for one minute to avoid frequent refresh of the file.
887 std::this_thread::sleep_for(std::chrono::minutes(1));
888 ReduceDeleteTaskNum();
889 });
890
891 std::thread deleteThread(delayed);
892 deleteThread.detach();
893 }
894
GetCurDeleteTaskNum()895 int32_t PermissionRecordManager::GetCurDeleteTaskNum()
896 {
897 return deleteTaskNum_.load();
898 }
899
AddDeleteTaskNum()900 void PermissionRecordManager::AddDeleteTaskNum()
901 {
902 deleteTaskNum_++;
903 }
904
ReduceDeleteTaskNum()905 void PermissionRecordManager::ReduceDeleteTaskNum()
906 {
907 deleteTaskNum_--;
908 }
909
DeletePermissionRecord(int32_t days)910 int32_t PermissionRecordManager::DeletePermissionRecord(int32_t days)
911 {
912 int64_t interval = days * Constant::ONE_DAY_MILLISECONDS;
913 int32_t total = PermissionUsedRecordDb::GetInstance().Count(PermissionUsedRecordDb::DataType::PERMISSION_RECORD);
914 if (total > recordSizeMaximum_) {
915 uint32_t excessiveSize = static_cast<uint32_t>(total) - static_cast<uint32_t>(recordSizeMaximum_);
916 int32_t res = PermissionUsedRecordDb::GetInstance().DeleteExcessiveRecords(
917 PermissionUsedRecordDb::DataType::PERMISSION_RECORD, excessiveSize);
918 if (res != PermissionUsedRecordDb::ExecuteResult::SUCCESS) {
919 return Constant::FAILURE;
920 }
921 }
922 GenericValues andConditionValues;
923 int64_t deleteTimestamp = AccessToken::TimeUtil::GetCurrentTimestamp() - interval;
924 andConditionValues.Put(PrivacyFiledConst::FIELD_TIMESTAMP_END, deleteTimestamp);
925 int32_t res = PermissionUsedRecordDb::GetInstance().DeleteExpireRecords(
926 PermissionUsedRecordDb::DataType::PERMISSION_RECORD, andConditionValues);
927 if (res != PermissionUsedRecordDb::ExecuteResult::SUCCESS) {
928 return Constant::FAILURE;
929 }
930 return Constant::SUCCESS;
931 }
932
AddRecordToStartList(const PermissionUsedTypeInfo & info,int32_t status,int32_t callerPid)933 int32_t PermissionRecordManager::AddRecordToStartList(
934 const PermissionUsedTypeInfo &info, int32_t status, int32_t callerPid)
935 {
936 int32_t opCode;
937 int ret = Constant::SUCCESS;
938 const std::string& permissionName = info.permissionName;
939 if (!Constant::TransferPermissionToOpcode(permissionName, opCode)) {
940 LOGE(PRI_DOMAIN, PRI_TAG, "Invalid perm(%{public}s)", permissionName.c_str());
941 return PrivacyError::ERR_PERMISSION_NOT_EXIST;
942 }
943
944 ContinusPermissionRecord newRecord = {
945 .tokenId = info.tokenId,
946 .opCode = opCode,
947 .status = status,
948 .pid = info.pid,
949 .callerPid = callerPid,
950 };
951
952 std::lock_guard<std::mutex> lock(startRecordListMutex_);
953 for (auto it = startRecordList_.begin(); it != startRecordList_.end(); ++it) {
954 if (it->IsEqualRecord(newRecord)) {
955 ret = PrivacyError::ERR_PERMISSION_ALREADY_START_USING;
956 break;
957 }
958 }
959 if (ret != PrivacyError::ERR_PERMISSION_ALREADY_START_USING) {
960 startRecordList_.emplace(newRecord);
961 }
962
963 CallbackExecute(newRecord, permissionName, info.type);
964
965 return ret;
966 }
967
ExecuteAndUpdateRecord(uint32_t tokenId,int32_t pid,ActiveChangeType status)968 void PermissionRecordManager::ExecuteAndUpdateRecord(uint32_t tokenId, int32_t pid, ActiveChangeType status)
969 {
970 std::vector<std::string> camPermList;
971 std::lock_guard<std::mutex> lock(startRecordListMutex_);
972 std::set<ContinusPermissionRecord> updateList;
973 for (auto it = startRecordList_.begin(); it != startRecordList_.end();) {
974 if ((it->tokenId == tokenId) && ((it->status) != PERM_INACTIVE) && ((it->status) != status)) {
975 std::string perm;
976 Constant::TransferOpcodeToPermission(it->opCode, perm);
977 if ((GetMuteStatus(perm, EDM)) || (!GetGlobalSwitchStatus(perm))) {
978 ++it;
979 continue;
980 }
981
982 // app use camera background without float window
983 bool isShow = IsCameraWindowShow(tokenId);
984 bool isAllowedBackGround = false;
985 if (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.CAMERA_BACKGROUND") == PERMISSION_GRANTED) {
986 isAllowedBackGround = true;
987 }
988 if ((perm == CAMERA_PERMISSION_NAME) && (status == PERM_ACTIVE_IN_BACKGROUND) &&
989 (!isShow) && (!isAllowedBackGround)) {
990 LOGI(PRI_DOMAIN, PRI_TAG, "Camera float window is close!");
991 camPermList.emplace_back(perm);
992 ++it;
993 continue;
994 }
995
996 // update status to input and timestamp to now in cache
997 auto record = *it;
998 record.status = status;
999 updateList.emplace(record);
1000 it = startRecordList_.erase(it);
1001 LOGD(PRI_DOMAIN, PRI_TAG, "TokenId %{public}d get permission %{public}s.", tokenId, perm.c_str());
1002 continue;
1003 }
1004 ++it;
1005 }
1006
1007 startRecordList_.insert(updateList.begin(), updateList.end());
1008
1009 if (!camPermList.empty()) {
1010 ExecuteCameraCallbackAsync(tokenId, pid);
1011 }
1012 }
1013
1014 /*
1015 * when foreground change background or background change foreground,change accessDuration and store in database,
1016 * change status and accessDuration and timestamp in cache
1017 */
NotifyAppStateChange(AccessTokenID tokenId,int32_t pid,ActiveChangeType status)1018 void PermissionRecordManager::NotifyAppStateChange(AccessTokenID tokenId, int32_t pid, ActiveChangeType status)
1019 {
1020 LOGI(PRI_DOMAIN, PRI_TAG, "Id %{public}u, pid %{public}d, status %{public}d", tokenId, pid, status);
1021 // find permissions from startRecordList_ by tokenId which status diff from currStatus
1022 ExecuteAndUpdateRecord(tokenId, pid, status);
1023 }
1024
SetLockScreenStatus(int32_t lockScreenStatus)1025 void PermissionRecordManager::SetLockScreenStatus(int32_t lockScreenStatus)
1026 {
1027 LOGI(PRI_DOMAIN, PRI_TAG, "LockScreenStatus %{public}d", lockScreenStatus);
1028 std::lock_guard<std::mutex> lock(lockScreenStateMutex_);
1029 lockScreenStatus_ = lockScreenStatus;
1030 }
1031
GetLockScreenStatus(bool isIpc)1032 int32_t PermissionRecordManager::GetLockScreenStatus(bool isIpc)
1033 {
1034 int32_t lockScreenStatus = LockScreenStatusChangeType::PERM_ACTIVE_IN_UNLOCKED;
1035
1036 if (isIpc) {
1037 LibraryLoader loader(SCREENLOCK_MANAGER_LIBPATH);
1038 ScreenLockManagerAccessLoaderInterface* screenlockManagerLoader =
1039 loader.GetObject<ScreenLockManagerAccessLoaderInterface>();
1040 if (screenlockManagerLoader != nullptr) {
1041 if (screenlockManagerLoader->IsScreenLocked()) {
1042 lockScreenStatus = LockScreenStatusChangeType::PERM_ACTIVE_IN_LOCKED;
1043 }
1044 }
1045 } else {
1046 std::lock_guard<std::mutex> lock(lockScreenStateMutex_);
1047 lockScreenStatus = lockScreenStatus_;
1048 }
1049
1050 return lockScreenStatus;
1051 }
1052
RemoveRecordFromStartList(AccessTokenID tokenId,int32_t pid,const std::string & permissionName,int32_t callerPid)1053 int32_t PermissionRecordManager::RemoveRecordFromStartList(
1054 AccessTokenID tokenId, int32_t pid, const std::string& permissionName, int32_t callerPid)
1055 {
1056 int32_t opCode;
1057 if (!Constant::TransferPermissionToOpcode(permissionName, opCode)) {
1058 LOGE(PRI_DOMAIN, PRI_TAG, "Invalid permission(%{public}s)", permissionName.c_str());
1059 return PrivacyError::ERR_PERMISSION_NOT_EXIST;
1060 }
1061
1062 LOGD(PRI_DOMAIN, PRI_TAG, "Id %{public}u, pid %{public}d, perm %{public}s, callerPid %{public}d",
1063 tokenId, pid, permissionName.c_str(), callerPid);
1064 ContinusPermissionRecord record = {
1065 .tokenId = tokenId,
1066 .opCode = opCode,
1067 .pid = pid,
1068 .callerPid = callerPid,
1069 };
1070 if (!ToRemoveRecord(record, &ContinusPermissionRecord::IsEqualRecord, false)) {
1071 LOGE(PRI_DOMAIN, PRI_TAG, "No records started, tokenId=%{public}u, pid=%{public}d, " \
1072 "opCode=%{public}d, callerPid=%{public}d", tokenId, pid, opCode, callerPid);
1073 return PrivacyError::ERR_PERMISSION_NOT_START_USING;
1074 }
1075 return Constant::SUCCESS;
1076 }
1077
1078 /*
1079 * remove all record of pid,
1080 * when pidList is empty, execute active callback
1081 */
RemoveRecordFromStartListByPid(const AccessTokenID tokenId,int32_t pid)1082 void PermissionRecordManager::RemoveRecordFromStartListByPid(const AccessTokenID tokenId, int32_t pid)
1083 {
1084 LOGI(PRI_DOMAIN, PRI_TAG, "TokenId %{public}u, pid %{public}d", tokenId, pid);
1085 ContinusPermissionRecord record = {0};
1086 record.tokenId = tokenId;
1087 record.pid = pid;
1088 (void) ToRemoveRecord(record, &ContinusPermissionRecord::IsEqualPid);
1089 }
1090
1091 /*
1092 * remove all record of token, and execute active callback
1093 */
RemoveRecordFromStartListByToken(const AccessTokenID tokenId)1094 void PermissionRecordManager::RemoveRecordFromStartListByToken(const AccessTokenID tokenId)
1095 {
1096 LOGI(PRI_DOMAIN, PRI_TAG, "TokenId %{public}u", tokenId);
1097 ContinusPermissionRecord record = {0};
1098 record.tokenId = tokenId;
1099 (void) ToRemoveRecord(record, &ContinusPermissionRecord::IsEqualTokenId);
1100 }
1101
RemoveRecordFromStartListByOp(int32_t opCode)1102 void PermissionRecordManager::RemoveRecordFromStartListByOp(int32_t opCode)
1103 {
1104 LOGI(PRI_DOMAIN, PRI_TAG, "OpCode %{public}d", opCode);
1105 ContinusPermissionRecord record = {0};
1106 record.opCode = opCode;
1107 (void) ToRemoveRecord(record, &ContinusPermissionRecord::IsEqualPermCode);
1108 }
1109
RemoveRecordFromStartListByCallerPid(int32_t callerPid)1110 void PermissionRecordManager::RemoveRecordFromStartListByCallerPid(int32_t callerPid)
1111 {
1112 LOGI(PRI_DOMAIN, PRI_TAG, "CallerPid %{public}d", callerPid);
1113 ContinusPermissionRecord record = {0};
1114 record.callerPid = callerPid;
1115 (void) ToRemoveRecord(record, &ContinusPermissionRecord::IsEqualCallerPid);
1116 }
1117
ToRemoveRecord(const ContinusPermissionRecord & targetRecord,const IsEqualFunc & isEqualFunc,bool needClearCamera)1118 bool PermissionRecordManager::ToRemoveRecord(const ContinusPermissionRecord& targetRecord,
1119 const IsEqualFunc& isEqualFunc, bool needClearCamera)
1120 {
1121 std::vector<ContinusPermissionRecord> unusedCameraRecord;
1122 {
1123 std::string perm;
1124 std::vector<ContinusPermissionRecord> removeList, inactiveList;
1125 std::lock_guard<std::mutex> lock(startRecordListMutex_);
1126 PermissionRecordSet::RemoveByKey(startRecordList_, targetRecord, isEqualFunc, removeList);
1127 if (removeList.empty()) {
1128 return false;
1129 }
1130 PermissionRecordSet::GetInActiveUniqueRecord(startRecordList_, removeList, inactiveList);
1131 for (const auto& record: inactiveList) {
1132 Constant::TransferOpcodeToPermission(record.opCode, perm);
1133 ContinusPermissionRecord newRecord;
1134 newRecord.tokenId = record.tokenId;
1135 newRecord.status = PERM_INACTIVE;
1136 newRecord.pid = record.pid;
1137 newRecord.callerPid = record.callerPid;
1138 CallbackExecute(newRecord, perm);
1139 }
1140 if (!needClearCamera) {
1141 return true;
1142 }
1143 PermissionRecordSet::GetUnusedCameraRecords(startRecordList_, removeList, unusedCameraRecord);
1144 }
1145
1146 for (const auto& record: unusedCameraRecord) {
1147 cameraCallbackMap_.Erase(GetUniqueId(record.tokenId, record.pid));
1148 }
1149 LOGI(PRI_DOMAIN, PRI_TAG, "cameraCallbackMap size = %{public}d after clearing",
1150 cameraCallbackMap_.Size());
1151 return true;
1152 }
1153
CallbackExecute(const ContinusPermissionRecord & record,const std::string & permissionName,PermissionUsedType type)1154 void PermissionRecordManager::CallbackExecute(const ContinusPermissionRecord& record, const std::string& permissionName,
1155 PermissionUsedType type)
1156 {
1157 LOGI(PRI_DOMAIN, PRI_TAG, "ExecuteCallbackAsync, tokenId %{public}d using permission %{public}s, "
1158 "status %{public}d, type %{public}d, pid %{public}d, callerPid %{public}d.", record.tokenId,
1159 permissionName.c_str(), record.status, type, record.pid, record.callerPid);
1160
1161 ActiveChangeResponse info;
1162 info.callingTokenID = IPCSkeleton::GetCallingTokenID();
1163 info.tokenID = record.tokenId;
1164 info.permissionName = permissionName;
1165 info.deviceId = "";
1166 info.type = static_cast<ActiveChangeType>(record.status);
1167 info.usedType = type;
1168 info.pid = record.pid;
1169
1170 ActiveStatusCallbackManager::GetInstance().ExecuteCallbackAsync(info);
1171 }
1172
GetGlobalSwitchStatus(const std::string & permissionName)1173 bool PermissionRecordManager::GetGlobalSwitchStatus(const std::string& permissionName)
1174 {
1175 bool isOpen = true;
1176 // only manage camera and microphone global switch now, other default true
1177 if (permissionName == MICROPHONE_PERMISSION_NAME) {
1178 isOpen = !isMicMixMute_;
1179 LOGI(PRI_DOMAIN, PRI_TAG, "Permission is %{public}s, status is %{public}d", permissionName.c_str(), isOpen);
1180 } else if (permissionName == CAMERA_PERMISSION_NAME) {
1181 isOpen = !isCamMixMute_;
1182 LOGI(PRI_DOMAIN, PRI_TAG, "Permission is %{public}s, status is %{public}d", permissionName.c_str(), isOpen);
1183 }
1184 return isOpen;
1185 }
1186 #ifndef APP_SECURITY_PRIVACY_SERVICE
1187 /*
1188 * StartUsing when close and choose open, update status to foreground or background from inactive
1189 * StartUsing when open and choose close, update status to inactive and store in database
1190 */
ExecuteAndUpdateRecordByPerm(const std::string & permissionName,bool switchStatus)1191 void PermissionRecordManager::ExecuteAndUpdateRecordByPerm(const std::string& permissionName, bool switchStatus)
1192 {
1193 int32_t opCode;
1194 Constant::TransferPermissionToOpcode(permissionName, opCode);
1195 std::set<ContinusPermissionRecord> updatedRecordList;
1196 std::lock_guard<std::mutex> lock(startRecordListMutex_);
1197 for (auto it = startRecordList_.begin(); it != startRecordList_.end();) {
1198 ContinusPermissionRecord record = *it;
1199 if ((record.opCode) != static_cast<int32_t>(opCode)) {
1200 ++it;
1201 continue;
1202 }
1203 if (switchStatus) {
1204 LOGI(PRI_DOMAIN, PRI_TAG, "Global switch is open, update record from inactive");
1205 // no need to store in database when status from inactive to foreground or background
1206 record.status = GetAppStatus(record.tokenId);
1207 } else {
1208 LOGI(PRI_DOMAIN, PRI_TAG, "Global switch is close, update record to inactive");
1209 record.status = PERM_INACTIVE;
1210 }
1211 updatedRecordList.emplace(record);
1212 it = startRecordList_.erase(it);
1213 }
1214 startRecordList_.insert(updatedRecordList.begin(), updatedRecordList.end());
1215 // each permission sends a status change notice
1216 for (const auto& record : updatedRecordList) {
1217 CallbackExecute(record, permissionName);
1218 }
1219 }
1220
ShowGlobalDialog(const std::string & permissionName)1221 bool PermissionRecordManager::ShowGlobalDialog(const std::string& permissionName)
1222 {
1223 std::string resource;
1224 if (permissionName == CAMERA_PERMISSION_NAME) {
1225 resource = "camera";
1226 } else if (permissionName == MICROPHONE_PERMISSION_NAME) {
1227 resource = "microphone";
1228 } else {
1229 LOGI(PRI_DOMAIN, PRI_TAG, "Invalid permissionName(%{public}s).", permissionName.c_str());
1230 return true;
1231 }
1232
1233 InnerWant innerWant = {
1234 .bundleName = globalDialogBundleName_,
1235 .abilityName = globalDialogAbilityName_,
1236 .resource = resource
1237 };
1238
1239 std::lock_guard<std::mutex> lock(abilityManagerMutex_);
1240 if (abilityManagerLoader_ == nullptr) {
1241 abilityManagerLoader_ = std::make_shared<LibraryLoader>(ABILITY_MANAGER_LIBPATH);
1242 }
1243
1244 AbilityManagerAccessLoaderInterface* abilityManager =
1245 abilityManagerLoader_->GetObject<AbilityManagerAccessLoaderInterface>();
1246 if (abilityManager == nullptr) {
1247 LOGE(PRI_DOMAIN, PRI_TAG, "AbilityManager is nullptr!");
1248 return false;
1249 }
1250 ErrCode err = abilityManager->StartAbility(innerWant, nullptr);
1251 if (err != ERR_OK) {
1252 LOGE(PRI_DOMAIN, PRI_TAG, "Fail to StartAbility, err:%{public}d", err);
1253 return false;
1254 }
1255 return true;
1256 }
1257 #endif
1258
ExecuteAllCameraExecuteCallback()1259 void PermissionRecordManager::ExecuteAllCameraExecuteCallback()
1260 {
1261 LOGI(PRI_DOMAIN, PRI_TAG, "ExecuteAllCameraExecuteCallback called");
1262 auto it = [&](uint64_t id, sptr<IRemoteObject> cameraCallback) {
1263 auto callback = iface_cast<IStateChangeCallback>(cameraCallback);
1264 AccessTokenID tokenId = static_cast<AccessTokenID>(id);
1265 if (callback != nullptr) {
1266 LOGI(PRI_DOMAIN, PRI_TAG,
1267 "CameraCallback tokenId %{public}d changeType %{public}d.", tokenId, PERM_INACTIVE);
1268 callback->StateChangeNotify(tokenId, false);
1269 }
1270 };
1271 this->cameraCallbackMap_.Iterate(it);
1272 }
1273
ExecuteCameraCallbackAsync(AccessTokenID tokenId,int32_t pid)1274 void PermissionRecordManager::ExecuteCameraCallbackAsync(AccessTokenID tokenId, int32_t pid)
1275 {
1276 LOGD(PRI_DOMAIN, PRI_TAG, "Entry.");
1277 auto task = [tokenId, pid, this]() {
1278 uint64_t uniqueId = GetUniqueId(tokenId, pid);
1279 LOGI(PRI_DOMAIN, PRI_TAG, "ExecuteCameraCallbackAsync task called.");
1280 auto it = [&](uint64_t id, sptr<IRemoteObject> cameraCallback) {
1281 auto callback = iface_cast<IStateChangeCallback>(cameraCallback);
1282 if ((uniqueId == id) && (callback != nullptr)) {
1283 LOGI(PRI_DOMAIN, PRI_TAG, "CameraCallback tokenId(%{public}u) pid( %{public}d) changeType %{public}d",
1284 tokenId, pid, PERM_INACTIVE);
1285 callback->StateChangeNotify(tokenId, false);
1286 }
1287 };
1288 this->cameraCallbackMap_.Iterate(it);
1289 };
1290 std::thread executeThread(task);
1291 executeThread.detach();
1292 LOGD(PRI_DOMAIN, PRI_TAG, "The cameraCallback execution is complete.");
1293 }
1294
StartUsingPermission(const PermissionUsedTypeInfo & info,int32_t callerPid)1295 int32_t PermissionRecordManager::StartUsingPermission(const PermissionUsedTypeInfo &info, int32_t callerPid)
1296 {
1297 AccessTokenID tokenId = info.tokenId;
1298 const std::string &permissionName = info.permissionName;
1299 LOGI(PRI_DOMAIN, PRI_TAG, "Id: %{public}u, pid: %{public}d, perm: %{public}s, type: %{public}d.",
1300 tokenId, info.pid, permissionName.c_str(), info.type);
1301 if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) {
1302 LOGD(PRI_DOMAIN, PRI_TAG, "Not hap(%{public}d).", tokenId);
1303 return PrivacyError::ERR_PARAM_INVALID;
1304 }
1305
1306 InitializeMuteState(permissionName);
1307 if (GetMuteStatus(permissionName, EDM)) {
1308 LOGE(PRI_DOMAIN, PRI_TAG, "EDM not allow.");
1309 return PrivacyError::ERR_EDM_POLICY_CHECK_FAILED;
1310 }
1311 if (!Register()) {
1312 return PrivacyError::ERR_MALLOC_FAILED;
1313 }
1314
1315 int32_t status = GetAppStatus(tokenId);
1316 #ifndef APP_SECURITY_PRIVACY_SERVICE
1317 if (!GetGlobalSwitchStatus(permissionName)) {
1318 if (!ShowGlobalDialog(permissionName)) {
1319 return ERR_SERVICE_ABNORMAL;
1320 }
1321 status = PERM_INACTIVE;
1322 }
1323 #endif
1324 return AddRecordToStartList(info, status, callerPid);
1325 }
1326
StartUsingPermission(const PermissionUsedTypeInfo & info,const sptr<IRemoteObject> & callback,int32_t callerPid)1327 int32_t PermissionRecordManager::StartUsingPermission(const PermissionUsedTypeInfo &info,
1328 const sptr<IRemoteObject>& callback, int32_t callerPid)
1329 {
1330 AccessTokenID tokenId = info.tokenId;
1331 const std::string &permissionName = info.permissionName;
1332 LOGI(PRI_DOMAIN, PRI_TAG,
1333 "Id: %{public}u, pid: %{public}d, perm: %{public}s, type: %{public}d, callerPid: %{public}d.",
1334 tokenId, info.pid, permissionName.c_str(), info.type, callerPid);
1335 if ((permissionName != CAMERA_PERMISSION_NAME) || (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP)) {
1336 LOGD(PRI_DOMAIN, PRI_TAG, "Token(%{public}u), perm(%{public}s).", tokenId, permissionName.c_str());
1337 return PrivacyError::ERR_PARAM_INVALID;
1338 }
1339
1340 InitializeMuteState(permissionName);
1341 if (GetMuteStatus(permissionName, EDM)) {
1342 LOGE(PRI_DOMAIN, PRI_TAG, "EDM not allow.");
1343 return PrivacyError::ERR_EDM_POLICY_CHECK_FAILED;
1344 }
1345
1346 if (!Register()) {
1347 return PrivacyError::ERR_MALLOC_FAILED;
1348 }
1349 int32_t status = GetAppStatus(tokenId);
1350 #ifndef APP_SECURITY_PRIVACY_SERVICE
1351 if (!GetGlobalSwitchStatus(permissionName)) {
1352 if (!ShowGlobalDialog(permissionName)) {
1353 return ERR_SERVICE_ABNORMAL;
1354 }
1355 status = PERM_INACTIVE;
1356 }
1357 #endif
1358 uint64_t id = GetUniqueId(tokenId, info.pid);
1359 cameraCallbackMap_.EnsureInsert(id, callback);
1360 if (!RegisterWindowCallback()) {
1361 cameraCallbackMap_.Erase(id);
1362 return PrivacyError::ERR_WINDOW_CALLBACK_FAILED;
1363 }
1364 int32_t ret = AddRecordToStartList(info, status, callerPid);
1365 if (ret != RET_SUCCESS) {
1366 cameraCallbackMap_.Erase(id);
1367 }
1368 return ret;
1369 }
1370
StopUsingPermission(AccessTokenID tokenId,int32_t pid,const std::string & permissionName,int32_t callerPid)1371 int32_t PermissionRecordManager::StopUsingPermission(
1372 AccessTokenID tokenId, int32_t pid, const std::string& permissionName, int32_t callerPid)
1373 {
1374 if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) {
1375 LOGD(PRI_DOMAIN, PRI_TAG, "Not hap(%{public}d).", tokenId);
1376 return PrivacyError::ERR_PARAM_INVALID;
1377 }
1378
1379 return RemoveRecordFromStartList(tokenId, pid, permissionName, callerPid);
1380 }
1381
HasCallerInStartList(int32_t callerPid)1382 bool PermissionRecordManager::HasCallerInStartList(int32_t callerPid)
1383 {
1384 std::lock_guard<std::mutex> lock(startRecordListMutex_);
1385 for (auto it = startRecordList_.begin(); it != startRecordList_.end(); ++it) {
1386 if (it->callerPid == callerPid) {
1387 return true;
1388 }
1389 }
1390 return false;
1391 }
1392
PermListToString(const std::vector<std::string> & permList)1393 void PermissionRecordManager::PermListToString(const std::vector<std::string>& permList)
1394 {
1395 std::string permStr;
1396 permStr = accumulate(permList.begin(), permList.end(), std::string(" "));
1397
1398 LOGI(PRI_DOMAIN, PRI_TAG, "PermStr =%{public}s.", permStr.c_str());
1399 }
1400
PermissionListFilter(const std::vector<std::string> & listSrc,std::vector<std::string> & listRes)1401 int32_t PermissionRecordManager::PermissionListFilter(
1402 const std::vector<std::string>& listSrc, std::vector<std::string>& listRes)
1403 {
1404 // filter legal permissions
1405 PermissionDef permissionDef;
1406 std::set<std::string> permSet;
1407 for (const auto& perm : listSrc) {
1408 if (AccessTokenKit::GetDefPermission(perm, permissionDef) == Constant::SUCCESS &&
1409 permSet.count(perm) == 0) {
1410 listRes.emplace_back(perm);
1411 permSet.insert(perm);
1412 continue;
1413 }
1414 LOGE(PRI_DOMAIN, PRI_TAG, "Permission %{public}s invalid!", perm.c_str());
1415 }
1416 if ((listRes.empty()) && (!listSrc.empty())) {
1417 LOGE(PRI_DOMAIN, PRI_TAG, "Valid permission size is 0!");
1418 return PrivacyError::ERR_PARAM_INVALID;
1419 }
1420 PermListToString(listRes);
1421 return Constant::SUCCESS;
1422 }
1423
IsAllowedUsingCamera(AccessTokenID tokenId,int32_t pid)1424 bool PermissionRecordManager::IsAllowedUsingCamera(AccessTokenID tokenId, int32_t pid)
1425 {
1426 int32_t status = GetAppStatus(tokenId, pid);
1427
1428 LOGI(PRI_DOMAIN, PRI_TAG, "Id %{public}d, appStatus %{public}d(1-foreground 2-background).", tokenId, status);
1429 if (status == ActiveChangeType::PERM_ACTIVE_IN_FOREGROUND) {
1430 return true;
1431 }
1432
1433 return (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.CAMERA_BACKGROUND") == PERMISSION_GRANTED);
1434 }
1435
IsAllowedUsingMicrophone(AccessTokenID tokenId,int32_t pid)1436 bool PermissionRecordManager::IsAllowedUsingMicrophone(AccessTokenID tokenId, int32_t pid)
1437 {
1438 int32_t status = GetAppStatus(tokenId, pid);
1439 LOGI(PRI_DOMAIN, PRI_TAG, "Id %{public}d, status is %{public}d(1-foreground 2-background).", tokenId, status);
1440 if (status == ActiveChangeType::PERM_ACTIVE_IN_FOREGROUND) {
1441 return true;
1442 }
1443
1444 std::lock_guard<std::mutex> lock(foreReminderMutex_);
1445 auto iter = std::find(foreTokenIdList_.begin(), foreTokenIdList_.end(), tokenId);
1446 if (iter != foreTokenIdList_.end()) {
1447 return true;
1448 }
1449
1450 return (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.MICROPHONE_BACKGROUND") == PERMISSION_GRANTED);
1451 }
1452
IsAllowedUsingPermission(AccessTokenID tokenId,const std::string & permissionName,int32_t pid)1453 bool PermissionRecordManager::IsAllowedUsingPermission(AccessTokenID tokenId, const std::string& permissionName,
1454 int32_t pid)
1455 {
1456 if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) {
1457 LOGD(PRI_DOMAIN, PRI_TAG, "Id(%{public}d) is not hap.", tokenId);
1458 return false;
1459 }
1460
1461 if (permissionName == CAMERA_PERMISSION_NAME) {
1462 return IsAllowedUsingCamera(tokenId, pid);
1463 } else if (permissionName == MICROPHONE_PERMISSION_NAME) {
1464 return IsAllowedUsingMicrophone(tokenId, pid);
1465 }
1466 LOGE(PRI_DOMAIN, PRI_TAG, "Invalid permission(%{public}s).", permissionName.c_str());
1467 return false;
1468 }
1469
SetMutePolicy(const PolicyType & policyType,const CallerType & callerType,bool isMute,AccessTokenID tokenID)1470 int32_t PermissionRecordManager::SetMutePolicy(const PolicyType& policyType, const CallerType& callerType, bool isMute,
1471 AccessTokenID tokenID)
1472 {
1473 std::string permissionName;
1474 if (callerType == MICROPHONE) {
1475 permissionName = MICROPHONE_PERMISSION_NAME;
1476 } else if (callerType == CAMERA) {
1477 permissionName = CAMERA_PERMISSION_NAME;
1478 } else {
1479 return PrivacyError::ERR_PARAM_INVALID;
1480 }
1481
1482 if (policyType == EDM) {
1483 static uint32_t edmTokenID = AccessTokenKit::GetNativeTokenId(EDM_PROCESS_NAME);
1484 if (edmTokenID != tokenID) {
1485 return PrivacyError::ERR_FIRST_CALLER_NOT_EDM;
1486 }
1487
1488 return SetEdmMutePolicy(permissionName, isMute);
1489 }
1490
1491 if (policyType == PRIVACY) {
1492 return SetPrivacyMutePolicy(permissionName, isMute);
1493 }
1494
1495 if (policyType == TEMPORARY) {
1496 return SetTempMutePolicy(permissionName, isMute);
1497 }
1498 return ERR_PARAM_INVALID;
1499 }
1500
SetHapWithFGReminder(uint32_t tokenId,bool isAllowed)1501 int32_t PermissionRecordManager::SetHapWithFGReminder(uint32_t tokenId, bool isAllowed)
1502 {
1503 if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) {
1504 LOGE(PRI_DOMAIN, PRI_TAG, "Not hap(%{public}d).", tokenId);
1505 return PrivacyError::ERR_PARAM_INVALID;
1506 }
1507 std::lock_guard<std::mutex> lock(foreReminderMutex_);
1508 auto iter = std::find(foreTokenIdList_.begin(), foreTokenIdList_.end(), tokenId);
1509 if (iter == foreTokenIdList_.end() && isAllowed) {
1510 foreTokenIdList_.emplace_back(tokenId);
1511 LOGI(PRI_DOMAIN, PRI_TAG, "Set hap(%{public}d) foreground.", tokenId);
1512 return RET_SUCCESS;
1513 }
1514 if (iter != foreTokenIdList_.end() && !isAllowed) {
1515 foreTokenIdList_.erase(iter);
1516 LOGI(PRI_DOMAIN, PRI_TAG, "cancel hap(%{public}d) foreground.", tokenId);
1517 return RET_SUCCESS;
1518 }
1519 LOGE(PRI_DOMAIN, PRI_TAG, "(%{public}d) is invalid to be operated.", tokenId);
1520 return PrivacyError::ERR_PARAM_INVALID;
1521 }
1522
SetEdmMutePolicy(const std::string permissionName,bool isMute)1523 int32_t PermissionRecordManager::SetEdmMutePolicy(const std::string permissionName, bool isMute)
1524 {
1525 if (isMute) {
1526 ModifyMuteStatus(permissionName, EDM, isMute);
1527 ModifyMuteStatus(permissionName, MIXED, isMute);
1528 #ifndef APP_SECURITY_PRIVACY_SERVICE
1529 ExecuteAndUpdateRecordByPerm(permissionName, false);
1530 #endif
1531 } else {
1532 ModifyMuteStatus(permissionName, EDM, isMute);
1533 if (GetMuteStatus(permissionName, MIXED)) {
1534 return ERR_PRIVACY_POLICY_CHECK_FAILED;
1535 }
1536 }
1537 return RET_SUCCESS;
1538 }
1539
SetPrivacyMutePolicy(const std::string permissionName,bool isMute)1540 int32_t PermissionRecordManager::SetPrivacyMutePolicy(const std::string permissionName, bool isMute)
1541 {
1542 if (isMute) {
1543 ModifyMuteStatus(permissionName, MIXED, isMute);
1544 } else {
1545 if (GetMuteStatus(permissionName, EDM)) {
1546 return PrivacyError::ERR_EDM_POLICY_CHECK_FAILED;
1547 }
1548 ModifyMuteStatus(permissionName, MIXED, isMute);
1549 }
1550 #ifndef APP_SECURITY_PRIVACY_SERVICE
1551 ExecuteAndUpdateRecordByPerm(permissionName, !isMute);
1552 #endif
1553 return RET_SUCCESS;
1554 }
1555
SetTempMutePolicy(const std::string permissionName,bool isMute)1556 int32_t PermissionRecordManager::SetTempMutePolicy(const std::string permissionName, bool isMute)
1557 {
1558 if (!isMute) {
1559 if (GetMuteStatus(permissionName, EDM)) {
1560 return PrivacyError::ERR_EDM_POLICY_CHECK_FAILED;
1561 }
1562 if (GetMuteStatus(permissionName, MIXED)) {
1563 AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID();
1564 ContinusPermissionRecord record;
1565 record.tokenId = callingTokenID;
1566 record.status = PERM_TEMPORARY_CALL;
1567 record.pid = -1; // pid -1 with no meaning
1568 record.callerPid = -1; // pid -1 with no meaning
1569 CallbackExecute(record, permissionName);
1570 return PrivacyError::ERR_PRIVACY_POLICY_CHECK_FAILED;
1571 }
1572 }
1573 return RET_SUCCESS;
1574 }
1575
ModifyMuteStatus(const std::string & permissionName,int32_t index,bool isMute)1576 void PermissionRecordManager::ModifyMuteStatus(const std::string& permissionName, int32_t index, bool isMute)
1577 {
1578 if (permissionName == MICROPHONE_PERMISSION_NAME) {
1579 std::lock_guard<std::mutex> lock(micMuteMutex_);
1580 if (index == EDM) {
1581 isMicEdmMute_ = isMute;
1582 } else {
1583 isMicMixMute_ = isMute;
1584 }
1585 } else if (permissionName == CAMERA_PERMISSION_NAME) {
1586 std::lock_guard<std::mutex> lock(camMuteMutex_);
1587 if (index == EDM) {
1588 isCamEdmMute_ = isMute;
1589 } else {
1590 isCamMixMute_ = isMute;
1591 }
1592 }
1593 LOGI(PRI_DOMAIN, PRI_TAG, "permissionName: %{public}s, isMute: %{public}d, index: %{public}d.",
1594 permissionName.c_str(), isMute, index);
1595 }
1596
GetMuteStatus(const std::string & permissionName,int32_t index)1597 bool PermissionRecordManager::GetMuteStatus(const std::string& permissionName, int32_t index)
1598 {
1599 bool isMute = false;
1600 if (permissionName == MICROPHONE_PERMISSION_NAME) {
1601 std::lock_guard<std::mutex> lock(micMuteMutex_);
1602 isMute = (index == EDM) ? isMicEdmMute_ : isMicMixMute_;
1603 } else if (permissionName == CAMERA_PERMISSION_NAME) {
1604 std::lock_guard<std::mutex> lock(camMuteMutex_);
1605 isMute = (index == EDM) ? isCamEdmMute_ : isCamMixMute_;
1606 } else {
1607 return false;
1608 }
1609 LOGI(PRI_DOMAIN, PRI_TAG, "perm: %{public}s, isMute: %{public}d, index: %{public}d.",
1610 permissionName.c_str(), isMute, index);
1611 return isMute;
1612 }
1613
RegisterPermActiveStatusCallback(AccessTokenID regiterTokenId,const std::vector<std::string> & permList,const sptr<IRemoteObject> & callback)1614 int32_t PermissionRecordManager::RegisterPermActiveStatusCallback(
1615 AccessTokenID regiterTokenId, const std::vector<std::string>& permList, const sptr<IRemoteObject>& callback)
1616 {
1617 std::vector<std::string> permListRes;
1618 int32_t res = PermissionListFilter(permList, permListRes);
1619 if (res != Constant::SUCCESS) {
1620 return res;
1621 }
1622 return ActiveStatusCallbackManager::GetInstance().AddCallback(regiterTokenId, permListRes, callback);
1623 }
1624
UnRegisterPermActiveStatusCallback(const sptr<IRemoteObject> & callback)1625 int32_t PermissionRecordManager::UnRegisterPermActiveStatusCallback(const sptr<IRemoteObject>& callback)
1626 {
1627 return ActiveStatusCallbackManager::GetInstance().RemoveCallback(callback);
1628 }
1629
AddDataValueToResults(const GenericValues value,std::vector<PermissionUsedTypeInfo> & results)1630 void PermissionRecordManager::AddDataValueToResults(const GenericValues value,
1631 std::vector<PermissionUsedTypeInfo>& results)
1632 {
1633 PermissionUsedTypeInfo info;
1634 info.tokenId = static_cast<AccessTokenID>(value.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID));
1635 Constant::TransferOpcodeToPermission(value.GetInt(PrivacyFiledConst::FIELD_PERMISSION_CODE), info.permissionName);
1636 uint32_t type = static_cast<uint32_t>(value.GetInt(PrivacyFiledConst::FIELD_USED_TYPE));
1637 if ((type & NORMAL_TYPE_ADD_VALUE) == NORMAL_TYPE_ADD_VALUE) { // normal first
1638 info.type = PermissionUsedType::NORMAL_TYPE;
1639 results.emplace_back(info);
1640 }
1641 if ((type & PICKER_TYPE_ADD_VALUE) == PICKER_TYPE_ADD_VALUE) { // picker second
1642 info.type = PermissionUsedType::PICKER_TYPE;
1643 results.emplace_back(info);
1644 }
1645 if ((type & SEC_COMPONENT_TYPE_ADD_VALUE) == SEC_COMPONENT_TYPE_ADD_VALUE) { // security component last
1646 info.type = PermissionUsedType::SECURITY_COMPONENT_TYPE;
1647 results.emplace_back(info);
1648 }
1649 }
1650
GetPermissionUsedTypeInfos(AccessTokenID tokenId,const std::string & permissionName,std::vector<PermissionUsedTypeInfo> & results)1651 int32_t PermissionRecordManager::GetPermissionUsedTypeInfos(AccessTokenID tokenId, const std::string& permissionName,
1652 std::vector<PermissionUsedTypeInfo>& results)
1653 {
1654 GenericValues value;
1655
1656 if (tokenId != INVALID_TOKENID) {
1657 HapTokenInfo tokenInfo;
1658 if (AccessTokenKit::GetHapTokenInfo(tokenId, tokenInfo) != Constant::SUCCESS) {
1659 LOGE(PRI_DOMAIN, PRI_TAG, "Invalid tokenId(%{public}d).", tokenId);
1660 return PrivacyError::ERR_TOKENID_NOT_EXIST;
1661 }
1662 value.Put(PrivacyFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
1663 }
1664
1665 if (!permissionName.empty()) {
1666 int32_t opCode;
1667 if (!Constant::TransferPermissionToOpcode(permissionName, opCode)) {
1668 LOGE(PRI_DOMAIN, PRI_TAG, "Invalid (%{public}s).", permissionName.c_str());
1669 return PrivacyError::ERR_PERMISSION_NOT_EXIST;
1670 }
1671 value.Put(PrivacyFiledConst::FIELD_PERMISSION_CODE, opCode);
1672 }
1673
1674 std::vector<GenericValues> valueResults;
1675 if (PermissionUsedRecordDb::GetInstance().Query(PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE,
1676 value, valueResults) != PermissionUsedRecordDb::ExecuteResult::SUCCESS) {
1677 return Constant::FAILURE;
1678 }
1679
1680 for (const auto& valueResult : valueResults) {
1681 AddDataValueToResults(valueResult, results);
1682 }
1683
1684 LOGI(PRI_DOMAIN, PRI_TAG, "Get %{public}zu permission used type records.", results.size());
1685
1686 return Constant::SUCCESS;
1687 }
1688
GetAppStatus(AccessTokenID tokenId,int32_t pid)1689 int32_t PermissionRecordManager::GetAppStatus(AccessTokenID tokenId, int32_t pid)
1690 {
1691 int32_t status = PERM_ACTIVE_IN_BACKGROUND;
1692 std::vector<AppStateData> foreGroundAppList;
1693 AppManagerAccessClient::GetInstance().GetForegroundApplications(foreGroundAppList);
1694 if (std::any_of(foreGroundAppList.begin(), foreGroundAppList.end(),
1695 [=](const auto& foreGroundApp) {
1696 if (pid == -1) {
1697 return foreGroundApp.accessTokenId == tokenId;
1698 }
1699
1700 return ((foreGroundApp.accessTokenId == tokenId) && (foreGroundApp.pid == pid));
1701 })) {
1702 status = PERM_ACTIVE_IN_FOREGROUND;
1703 }
1704 return status;
1705 }
1706
Register()1707 bool PermissionRecordManager::Register()
1708 {
1709 // app manager death callback register
1710 {
1711 std::lock_guard<std::mutex> lock(appManagerDeathMutex_);
1712 if (appManagerDeathCallback_ == nullptr) {
1713 appManagerDeathCallback_ = std::make_shared<PrivacyAppManagerDeathCallback>();
1714 if (appManagerDeathCallback_ == nullptr) {
1715 LOGE(PRI_DOMAIN, PRI_TAG, "Register appManagerDeathCallback failed.");
1716 return false;
1717 }
1718 AppManagerAccessClient::GetInstance().RegisterDeathCallback(appManagerDeathCallback_);
1719 }
1720 }
1721 // app state change callback register
1722 {
1723 std::lock_guard<std::mutex> lock(appStateMutex_);
1724 if (appStateCallback_ == nullptr) {
1725 appStateCallback_ = new (std::nothrow) PrivacyAppStateObserver();
1726 if (appStateCallback_ == nullptr) {
1727 LOGE(PRI_DOMAIN, PRI_TAG, "Register appStateCallback failed.");
1728 return false;
1729 }
1730 int32_t result = AppManagerAccessClient::GetInstance().RegisterApplicationStateObserver(appStateCallback_);
1731 if (result != ERR_OK) {
1732 LOGE(PRI_DOMAIN, PRI_TAG, "Register application state observer failed(%{public}d).", result);
1733 return false;
1734 }
1735 }
1736 }
1737 return true;
1738 }
1739
1740 #ifdef CAMERA_FLOAT_WINDOW_ENABLE
HasUsingCamera()1741 bool PermissionRecordManager::HasUsingCamera()
1742 {
1743 std::lock_guard<std::mutex> lock(startRecordListMutex_);
1744 bool hasCamera = std::any_of(startRecordList_.begin(), startRecordList_.end(),
1745 [](const auto& record) { return record.opCode == Constant::OP_CAMERA; });
1746 return hasCamera;
1747 }
1748
UpdateCameraFloatWindowStatus(AccessTokenID tokenId,bool isShowing)1749 void UpdateCameraFloatWindowStatus(AccessTokenID tokenId, bool isShowing)
1750 {
1751 PermissionRecordManager::GetInstance().NotifyCameraWindowChange(false, tokenId, isShowing);
1752 }
1753
UpdatePipWindowStatus(AccessTokenID tokenId,bool isShowing)1754 void UpdatePipWindowStatus(AccessTokenID tokenId, bool isShowing)
1755 {
1756 PermissionRecordManager::GetInstance().NotifyCameraWindowChange(true, tokenId, isShowing);
1757 }
1758
1759 /* Handle window manager die */
HandleWindowDied()1760 void HandleWindowDied()
1761 {
1762 PermissionRecordManager::GetInstance().OnWindowMgrRemoteDied();
1763 }
1764 #endif
1765
RegisterWindowCallback()1766 bool PermissionRecordManager::RegisterWindowCallback()
1767 {
1768 #ifdef CAMERA_FLOAT_WINDOW_ENABLE
1769 LOGI(PRI_DOMAIN, PRI_TAG, "Begin to RegisterWindowCallback.");
1770
1771 std::lock_guard<std::mutex> lock(windowMutex_);
1772 WindowChangeCallback floatCallback = UpdateCameraFloatWindowStatus;
1773 if (floatWindowCallback_ == nullptr) {
1774 floatWindowCallback_ = new (std::nothrow) PrivacyWindowManagerAgent(floatCallback);
1775 if (floatWindowCallback_ == nullptr) {
1776 LOGE(PRI_DOMAIN, PRI_TAG, "Failed to new PrivacyWindowManagerAgent.");
1777 return false;
1778 }
1779 }
1780 ErrCode err = PrivacyWindowManagerClient::GetInstance().RegisterWindowManagerAgent(
1781 WindowManagerAgentType::WINDOW_MANAGER_AGENT_TYPE_CAMERA_FLOAT, floatWindowCallback_);
1782 if (err != ERR_OK) {
1783 LOGE(PRI_DOMAIN, PRI_TAG, "Failed to register float window listener, err:%{public}d", err);
1784 return false;
1785 }
1786
1787 if (Rosen::SceneBoardJudgement::IsSceneBoardEnabled()) {
1788 WindowChangeCallback pipCallback = UpdatePipWindowStatus;
1789
1790 if (pipWindowCallback_ == nullptr) {
1791 pipWindowCallback_ = new (std::nothrow) PrivacyWindowManagerAgent(pipCallback);
1792 if (floatWindowCallback_ == nullptr) {
1793 LOGE(PRI_DOMAIN, PRI_TAG, "Failed to new PrivacyWindowManagerAgent.");
1794 return false;
1795 }
1796 }
1797
1798 err = PrivacyWindowManagerClient::GetInstance().RegisterWindowManagerAgent(
1799 WindowManagerAgentType::WINDOW_MANAGER_AGENT_TYPE_CAMERA_WINDOW, pipWindowCallback_);
1800 if (err != ERR_OK) {
1801 LOGE(PRI_DOMAIN, PRI_TAG, "Failed to register pip window listener, err:%{public}d", err);
1802 PrivacyWindowManagerClient::GetInstance().UnregisterWindowManagerAgent(
1803 WindowManagerAgentType::WINDOW_MANAGER_AGENT_TYPE_CAMERA_FLOAT, floatWindowCallback_);
1804 return false;
1805 }
1806 }
1807
1808 PrivacyWindowManagerClient::GetInstance().AddDeathCallback(HandleWindowDied);
1809 #endif
1810 return true;
1811 }
1812
InitializeMuteState(const std::string & permissionName)1813 void PermissionRecordManager::InitializeMuteState(const std::string& permissionName)
1814 {
1815 if (permissionName == MICROPHONE_PERMISSION_NAME) {
1816 bool isMicMute = AudioManagerAdapter::GetInstance().GetPersistentMicMuteState();
1817 LOGI(PRI_DOMAIN, PRI_TAG, "Mic mute state: %{public}d.", isMicMute);
1818 ModifyMuteStatus(MICROPHONE_PERMISSION_NAME, MIXED, isMicMute);
1819 {
1820 std::lock_guard<std::mutex> lock(micLoadMutex_);
1821 if (!isMicLoad_) {
1822 LOGI(PRI_DOMAIN, PRI_TAG, "Mic mute state: %{public}d.", isMicLoad_);
1823 bool isEdmMute = false;
1824 if (!GetMuteParameter(EDM_MIC_MUTE_KEY, isEdmMute)) {
1825 LOGE(PRI_DOMAIN, PRI_TAG, "Get param failed");
1826 return;
1827 }
1828 ModifyMuteStatus(MICROPHONE_PERMISSION_NAME, EDM, isEdmMute);
1829 }
1830 }
1831 } else if (permissionName == CAMERA_PERMISSION_NAME) {
1832 bool isCameraMute = CameraManagerAdapter::GetInstance().IsCameraMuted();
1833 LOGI(PRI_DOMAIN, PRI_TAG, "Camera mute state: %{public}d.", isCameraMute);
1834 ModifyMuteStatus(CAMERA_PERMISSION_NAME, MIXED, isCameraMute);
1835 {
1836 std::lock_guard<std::mutex> lock(camLoadMutex_);
1837 if (!isCamLoad_) {
1838 bool isEdmMute = false;
1839 if (!GetMuteParameter(EDM_CAMERA_MUTE_KEY, isEdmMute)) {
1840 LOGE(PRI_DOMAIN, PRI_TAG, "Get camera param failed");
1841 return;
1842 }
1843 ModifyMuteStatus(CAMERA_PERMISSION_NAME, EDM, isEdmMute);
1844 }
1845 }
1846 }
1847 }
1848
Unregister()1849 void PermissionRecordManager::Unregister()
1850 {
1851 // app state change callback unregister
1852 std::lock_guard<std::mutex> lock(appStateMutex_);
1853 if (appStateCallback_ != nullptr) {
1854 AppManagerAccessClient::GetInstance().UnregisterApplicationStateObserver(appStateCallback_);
1855 appStateCallback_= nullptr;
1856 }
1857 }
1858
GetMuteParameter(const char * key,bool & isMute)1859 bool PermissionRecordManager::GetMuteParameter(const char* key, bool& isMute)
1860 {
1861 char value[VALUE_MAX_LEN] = {0};
1862 int32_t ret = GetParameter(key, "", value, VALUE_MAX_LEN - 1);
1863 if (ret < 0) {
1864 LOGE(PRI_DOMAIN, PRI_TAG, "Return default value, ret=%{public}d", ret);
1865 return false;
1866 }
1867 isMute = false;
1868 if (strncmp(value, "true", VALUE_MAX_LEN) == 0) {
1869 LOGI(PRI_DOMAIN, PRI_TAG, "EDM not allow.");
1870 isMute = true;
1871 }
1872 return true;
1873 }
1874
OnAppMgrRemoteDiedHandle()1875 void PermissionRecordManager::OnAppMgrRemoteDiedHandle()
1876 {
1877 LOGI(PRI_DOMAIN, PRI_TAG, "Handle app fwk died.");
1878 std::lock_guard<std::mutex> lock(appStateMutex_);
1879 appStateCallback_ = nullptr;
1880 }
1881
OnAudioMgrRemoteDiedHandle()1882 void PermissionRecordManager::OnAudioMgrRemoteDiedHandle()
1883 {
1884 LOGI(PRI_DOMAIN, PRI_TAG, "Handle audio fwk died.");
1885 {
1886 std::lock_guard<std::mutex> lock(micLoadMutex_);
1887 isMicLoad_ = false;
1888 }
1889 }
1890
OnCameraMgrRemoteDiedHandle()1891 void PermissionRecordManager::OnCameraMgrRemoteDiedHandle()
1892 {
1893 LOGI(PRI_DOMAIN, PRI_TAG, "Handle camera fwk died.");
1894 {
1895 std::lock_guard<std::mutex> lock(camLoadMutex_);
1896 isCamLoad_ = false;
1897 }
1898 #ifdef CAMERA_FLOAT_WINDOW_ENABLE
1899 ClearWindowShowing();
1900 #endif
1901 }
1902
IsCameraWindowShow(AccessTokenID tokenId)1903 bool PermissionRecordManager::IsCameraWindowShow(AccessTokenID tokenId)
1904 {
1905 bool isShow = true;
1906 #ifdef CAMERA_FLOAT_WINDOW_ENABLE
1907 std::lock_guard<std::mutex> lock(windowStatusMutex_);
1908 isShow = (((floatWindowTokenId_ == tokenId) && camFloatWindowShowing_) ||
1909 ((pipWindowTokenId_ == tokenId) && pipWindowShowing_));
1910 #endif
1911 return isShow;
1912 }
1913
1914 #ifdef CAMERA_FLOAT_WINDOW_ENABLE
1915 /*
1916 * when camera float window is not show, notice camera service to use StopUsingPermission
1917 */
NotifyCameraWindowChange(bool isPip,AccessTokenID tokenId,bool isShowing)1918 void PermissionRecordManager::NotifyCameraWindowChange(bool isPip, AccessTokenID tokenId, bool isShowing)
1919 {
1920 LOGI(PRI_DOMAIN, PRI_TAG, "Update window, isPip(%{public}d), id(%{public}u), status(%{public}d)",
1921 isPip, tokenId, isShowing);
1922 {
1923 std::lock_guard<std::mutex> lock(windowStatusMutex_);
1924 if (isPip) {
1925 pipWindowShowing_ = isShowing;
1926 pipWindowTokenId_ = tokenId;
1927 } else {
1928 camFloatWindowShowing_ = isShowing;
1929 floatWindowTokenId_ = tokenId;
1930 }
1931 }
1932 if (isShowing) {
1933 LOGI(PRI_DOMAIN, PRI_TAG, "Camera float window is showing!");
1934 } else {
1935 if ((GetAppStatus(tokenId) == ActiveChangeType::PERM_ACTIVE_IN_BACKGROUND) &&
1936 !IsCameraWindowShow(tokenId)) {
1937 LOGI(PRI_DOMAIN, PRI_TAG, "Token(%{public}d) is background, pip and float window is not show.", tokenId);
1938 ExecuteCameraCallbackAsync(tokenId, -1);
1939 }
1940 }
1941 }
1942
ClearWindowShowing()1943 void PermissionRecordManager::ClearWindowShowing()
1944 {
1945 LOGI(PRI_DOMAIN, PRI_TAG, "Clear window show status.");
1946 {
1947 std::lock_guard<std::mutex> lock(windowStatusMutex_);
1948 camFloatWindowShowing_ = false;
1949 floatWindowTokenId_ = 0;
1950
1951 pipWindowShowing_ = false;
1952 pipWindowTokenId_ = 0;
1953 }
1954 }
1955
1956 /* Handle window manager die */
OnWindowMgrRemoteDied()1957 void PermissionRecordManager::OnWindowMgrRemoteDied()
1958 {
1959 LOGI(PRI_DOMAIN, PRI_TAG, "Handle window manager died.");
1960 ClearWindowShowing();
1961 }
1962 #endif
1963
SetDefaultConfigValue()1964 void PermissionRecordManager::SetDefaultConfigValue()
1965 {
1966 recordSizeMaximum_ = DEFAULT_PERMISSION_USED_RECORD_SIZE_MAXIMUM;
1967 recordAgingTime_ = DEFAULT_PERMISSION_USED_RECORD_AGING_TIME;
1968 #ifndef APP_SECURITY_PRIVACY_SERVICE
1969 globalDialogBundleName_ = DEFAULT_PERMISSION_MANAGER_BUNDLE_NAME;
1970 globalDialogAbilityName_ = DEFAULT_PERMISSION_MANAGER_DIALOG_ABILITY;
1971 #endif
1972 }
1973
GetConfigValue()1974 void PermissionRecordManager::GetConfigValue()
1975 {
1976 LibraryLoader loader(CONFIG_PARSE_LIBPATH);
1977 ConfigPolicyLoaderInterface* policy = loader.GetObject<ConfigPolicyLoaderInterface>();
1978 if (policy == nullptr) {
1979 LOGE(PRI_DOMAIN, PRI_TAG, "Dlopen libaccesstoken_json_parse failed.");
1980 return;
1981 }
1982 AccessTokenConfigValue value;
1983 if (policy->GetConfigValue(ServiceType::PRIVACY_SERVICE, value)) {
1984 // set value from config
1985 recordSizeMaximum_ = value.pConfig.sizeMaxImum == 0
1986 ? DEFAULT_PERMISSION_USED_RECORD_SIZE_MAXIMUM : value.pConfig.sizeMaxImum;
1987 recordAgingTime_ = value.pConfig.agingTime == 0
1988 ? DEFAULT_PERMISSION_USED_RECORD_AGING_TIME : value.pConfig.agingTime;
1989 #ifndef APP_SECURITY_PRIVACY_SERVICE
1990 globalDialogBundleName_ = value.pConfig.globalDialogBundleName.empty()
1991 ? DEFAULT_PERMISSION_MANAGER_BUNDLE_NAME : value.pConfig.globalDialogBundleName;
1992 globalDialogAbilityName_ = value.pConfig.globalDialogAbilityName.empty()
1993 ? DEFAULT_PERMISSION_MANAGER_DIALOG_ABILITY : value.pConfig.globalDialogAbilityName;
1994 #endif
1995 } else {
1996 SetDefaultConfigValue();
1997 }
1998
1999 LOGI(PRI_DOMAIN, PRI_TAG, "RecordSizeMaximum_ is %{public}d, recordAgingTime_ is %{public}d",
2000 recordSizeMaximum_, recordAgingTime_);
2001 }
2002
GetUniqueId(uint32_t tokenId,int32_t pid) const2003 uint64_t PermissionRecordManager::GetUniqueId(uint32_t tokenId, int32_t pid) const
2004 {
2005 uint32_t tmpPid = (pid <= 0) ? 0 : (uint32_t)pid;
2006 return ((uint64_t)tmpPid << 32) | ((uint64_t)tokenId & 0xFFFFFFFF); // 32: bit
2007 }
2008
IsUserIdValid(int32_t userID) const2009 bool PermissionRecordManager::IsUserIdValid(int32_t userID) const
2010 {
2011 return userID >= 0 && userID <= MAX_USER_ID;
2012 }
2013
Init()2014 void PermissionRecordManager::Init()
2015 {
2016 if (hasInited_) {
2017 return;
2018 }
2019 LOGI(PRI_DOMAIN, PRI_TAG, "Init");
2020 hasInited_ = true;
2021
2022 UpdatePermUsedRecToggleStatusMapFromDb();
2023
2024 GetConfigValue();
2025 }
2026 } // namespace AccessToken
2027 } // namespace Security
2028 } // namespace OHOS