1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hap_token_info_inner.h"
17
18 #include "accesstoken_dfx_define.h"
19 #include "accesstoken_id_manager.h"
20 #include "accesstoken_common_log.h"
21 #include "access_token_db.h"
22 #include "access_token_error.h"
23 #include "data_translator.h"
24 #include "data_validator.h"
25 #include "short_grant_manager.h"
26 #include "token_field_const.h"
27 #include "permission_map.h"
28 #include "permission_data_brief.h"
29 #ifdef SUPPORT_SANDBOX_APP
30 #include "dlp_permission_set_manager.h"
31 #endif
32
33 namespace OHOS {
34 namespace Security {
35 namespace AccessToken {
36 namespace {
37 static const std::string DEFAULT_DEVICEID = "0";
38 static const unsigned int SYSTEM_APP_FLAG = 0x0001;
39 }
40
HapTokenInfoInner()41 HapTokenInfoInner::HapTokenInfoInner() : permUpdateTimestamp_(0), isRemote_(false)
42 {
43 tokenInfoBasic_.ver = DEFAULT_TOKEN_VERSION;
44 tokenInfoBasic_.tokenID = 0;
45 tokenInfoBasic_.tokenAttr = 0;
46 tokenInfoBasic_.userID = 0;
47 tokenInfoBasic_.apiVersion = 0;
48 tokenInfoBasic_.instIndex = 0;
49 tokenInfoBasic_.dlpType = 0;
50 }
51
HapTokenInfoInner(AccessTokenID id,const HapInfoParams & info,const HapPolicy & policy)52 HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id,
53 const HapInfoParams &info, const HapPolicy &policy) : permUpdateTimestamp_(0), isRemote_(false)
54 {
55 tokenInfoBasic_.tokenID = id;
56 tokenInfoBasic_.userID = info.userID;
57 tokenInfoBasic_.ver = DEFAULT_TOKEN_VERSION;
58 tokenInfoBasic_.tokenAttr = 0;
59 if (info.isSystemApp) {
60 tokenInfoBasic_.tokenAttr |= SYSTEM_APP_FLAG;
61 }
62 tokenInfoBasic_.bundleName = info.bundleName;
63 tokenInfoBasic_.apiVersion = GetApiVersion(info.apiVersion);
64 tokenInfoBasic_.instIndex = info.instIndex;
65 tokenInfoBasic_.dlpType = info.dlpType;
66 PermissionDataBrief::GetInstance().AddPermToBriefPermission(id, policy.permStateList, policy.aclExtendedMap, true);
67 }
68
HapTokenInfoInner(AccessTokenID id,const HapTokenInfo & info,const std::vector<PermissionStatus> & permStateList)69 HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id,
70 const HapTokenInfo &info, const std::vector<PermissionStatus>& permStateList) : isRemote_(false)
71 {
72 permUpdateTimestamp_ = 0;
73 tokenInfoBasic_ = info;
74 PermissionDataBrief::GetInstance().AddPermToBriefPermission(id, permStateList, true);
75 }
76
HapTokenInfoInner(AccessTokenID id,const HapTokenInfoForSync & info)77 HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id,
78 const HapTokenInfoForSync& info) : isRemote_(true)
79 {
80 permUpdateTimestamp_ = 0;
81 tokenInfoBasic_ = info.baseInfo;
82 PermissionDataBrief::GetInstance().AddPermToBriefPermission(id, info.permStateList, false);
83 }
84
~HapTokenInfoInner()85 HapTokenInfoInner::~HapTokenInfoInner()
86 {
87 LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d destruction", tokenInfoBasic_.tokenID);
88 PermissionDataBrief::GetInstance().DeleteBriefPermDataByTokenId(tokenInfoBasic_.tokenID);
89 }
90
Update(const UpdateHapInfoParams & info,const std::vector<PermissionStatus> & permStateList,const HapPolicy & hapPolicy)91 void HapTokenInfoInner::Update(const UpdateHapInfoParams& info, const std::vector<PermissionStatus>& permStateList,
92 const HapPolicy& hapPolicy)
93 {
94 tokenInfoBasic_.apiVersion = GetApiVersion(info.apiVersion);
95 if (info.isSystemApp) {
96 tokenInfoBasic_.tokenAttr |= SYSTEM_APP_FLAG;
97 } else {
98 tokenInfoBasic_.tokenAttr &= ~SYSTEM_APP_FLAG;
99 }
100 Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->policySetLock_);
101 PermissionDataBrief::GetInstance().Update(tokenInfoBasic_.tokenID, permStateList, hapPolicy.aclExtendedMap);
102 }
103
TranslateToHapTokenInfo(HapTokenInfo & infoParcel) const104 void HapTokenInfoInner::TranslateToHapTokenInfo(HapTokenInfo& infoParcel) const
105 {
106 infoParcel = tokenInfoBasic_;
107 }
108
TranslationIntoGenericValues(GenericValues & outGenericValues) const109 void HapTokenInfoInner::TranslationIntoGenericValues(GenericValues& outGenericValues) const
110 {
111 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenInfoBasic_.tokenID));
112 outGenericValues.Put(TokenFiledConst::FIELD_USER_ID, tokenInfoBasic_.userID);
113 outGenericValues.Put(TokenFiledConst::FIELD_BUNDLE_NAME, tokenInfoBasic_.bundleName);
114 outGenericValues.Put(TokenFiledConst::FIELD_API_VERSION, tokenInfoBasic_.apiVersion);
115 outGenericValues.Put(TokenFiledConst::FIELD_INST_INDEX, tokenInfoBasic_.instIndex);
116 outGenericValues.Put(TokenFiledConst::FIELD_DLP_TYPE, tokenInfoBasic_.dlpType);
117 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_VERSION, tokenInfoBasic_.ver);
118 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_ATTR, static_cast<int32_t>(tokenInfoBasic_.tokenAttr));
119 outGenericValues.Put(TokenFiledConst::FIELD_FORBID_PERM_DIALOG, isPermDialogForbidden_);
120 }
121
RestoreHapTokenBasicInfo(const GenericValues & inGenericValues)122 int HapTokenInfoInner::RestoreHapTokenBasicInfo(const GenericValues& inGenericValues)
123 {
124 tokenInfoBasic_.userID = inGenericValues.GetInt(TokenFiledConst::FIELD_USER_ID);
125 tokenInfoBasic_.bundleName = inGenericValues.GetString(TokenFiledConst::FIELD_BUNDLE_NAME);
126 if (!DataValidator::IsBundleNameValid(tokenInfoBasic_.bundleName)) {
127 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID: 0x%{public}x bundle name is error", tokenInfoBasic_.tokenID);
128 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
129 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "bundleName error");
130 return AccessTokenError::ERR_PARAM_INVALID;
131 }
132
133 tokenInfoBasic_.apiVersion = GetApiVersion(inGenericValues.GetInt(TokenFiledConst::FIELD_API_VERSION));
134 tokenInfoBasic_.instIndex = inGenericValues.GetInt(TokenFiledConst::FIELD_INST_INDEX);
135 tokenInfoBasic_.dlpType = inGenericValues.GetInt(TokenFiledConst::FIELD_DLP_TYPE);
136
137 tokenInfoBasic_.ver = (char)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_VERSION);
138 if (tokenInfoBasic_.ver != DEFAULT_TOKEN_VERSION) {
139 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID: 0x%{public}x version is error, version %{public}d",
140 tokenInfoBasic_.tokenID, tokenInfoBasic_.ver);
141 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
142 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "version error");
143 return AccessTokenError::ERR_PARAM_INVALID;
144 }
145 tokenInfoBasic_.tokenAttr = (uint32_t)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_ATTR);
146 isPermDialogForbidden_ = inGenericValues.GetInt(TokenFiledConst::FIELD_FORBID_PERM_DIALOG);
147 return RET_SUCCESS;
148 }
149
RestoreHapTokenInfo(AccessTokenID tokenId,const GenericValues & tokenValue,const std::vector<GenericValues> & permStateRes,const std::vector<GenericValues> extendedPermRes)150 int HapTokenInfoInner::RestoreHapTokenInfo(AccessTokenID tokenId,
151 const GenericValues& tokenValue,
152 const std::vector<GenericValues>& permStateRes,
153 const std::vector<GenericValues> extendedPermRes)
154 {
155 tokenInfoBasic_.tokenID = tokenId;
156 int ret = RestoreHapTokenBasicInfo(tokenValue);
157 if (ret != RET_SUCCESS) {
158 return ret;
159 }
160 Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->policySetLock_);
161 PermissionDataBrief::GetInstance().RestorePermissionBriefData(tokenId, permStateRes, extendedPermRes);
162 return RET_SUCCESS;
163 }
164
StoreHapInfo(std::vector<GenericValues> & valueList,const std::string & appId,ATokenAplEnum apl) const165 void HapTokenInfoInner::StoreHapInfo(std::vector<GenericValues>& valueList,
166 const std::string& appId, ATokenAplEnum apl) const
167 {
168 if (isRemote_) {
169 LOGI(ATM_DOMAIN, ATM_TAG, "Token %{public}u is remote hap token, will not store", tokenInfoBasic_.tokenID);
170 return;
171 }
172 GenericValues genericValues;
173 TranslationIntoGenericValues(genericValues);
174 genericValues.Put(TokenFiledConst::FIELD_APP_ID, appId);
175 genericValues.Put(TokenFiledConst::FIELD_APL, static_cast<int32_t>(apl));
176 genericValues.Put(TokenFiledConst::FIELD_DEVICE_ID, "0");
177 valueList.emplace_back(genericValues);
178 }
179
StorePermissionPolicy(std::vector<GenericValues> & permStateValues)180 void HapTokenInfoInner::StorePermissionPolicy(std::vector<GenericValues>& permStateValues)
181 {
182 if (isRemote_) {
183 LOGI(ATM_DOMAIN, ATM_TAG, "Token %{public}u is remote hap token, will not store.", tokenInfoBasic_.tokenID);
184 return;
185 }
186 Utils::UniqueReadGuard<Utils::RWLock> infoGuard(this->policySetLock_);
187 PermissionDataBrief::GetInstance().StorePermissionBriefData(tokenInfoBasic_.tokenID, permStateValues);
188 }
189
GetReqPermissionSize()190 uint32_t HapTokenInfoInner::GetReqPermissionSize()
191 {
192 std::vector<BriefPermData> briefPermDataList;
193 int32_t ret = PermissionDataBrief::GetInstance().GetBriefPermDataByTokenId(
194 tokenInfoBasic_.tokenID, briefPermDataList);
195 if (ret != RET_SUCCESS) {
196 return 0;
197 }
198 return static_cast<uint32_t>(briefPermDataList.size());
199 }
200
GetUserID() const201 int HapTokenInfoInner::GetUserID() const
202 {
203 return tokenInfoBasic_.userID;
204 }
205
GetDlpType() const206 int HapTokenInfoInner::GetDlpType() const
207 {
208 return tokenInfoBasic_.dlpType;
209 }
210
GetBundleName() const211 std::string HapTokenInfoInner::GetBundleName() const
212 {
213 return tokenInfoBasic_.bundleName;
214 }
215
GetInstIndex() const216 int HapTokenInfoInner::GetInstIndex() const
217 {
218 return tokenInfoBasic_.instIndex;
219 }
220
GetTokenID() const221 AccessTokenID HapTokenInfoInner::GetTokenID() const
222 {
223 return tokenInfoBasic_.tokenID;
224 }
225
GetHapInfoBasic() const226 HapTokenInfo HapTokenInfoInner::GetHapInfoBasic() const
227 {
228 return tokenInfoBasic_;
229 }
230
SetTokenBaseInfo(const HapTokenInfo & baseInfo)231 void HapTokenInfoInner::SetTokenBaseInfo(const HapTokenInfo& baseInfo)
232 {
233 tokenInfoBasic_ = baseInfo;
234 }
235
IsRemote() const236 bool HapTokenInfoInner::IsRemote() const
237 {
238 return isRemote_;
239 }
240
SetRemote(bool isRemote)241 void HapTokenInfoInner::SetRemote(bool isRemote)
242 {
243 isRemote_ = isRemote;
244 }
245
IsPermDialogForbidden() const246 bool HapTokenInfoInner::IsPermDialogForbidden() const
247 {
248 LOGI(ATM_DOMAIN, ATM_TAG, "%{public}d", isPermDialogForbidden_);
249 return isPermDialogForbidden_;
250 }
251
SetPermDialogForbidden(bool isForbidden)252 void HapTokenInfoInner::SetPermDialogForbidden(bool isForbidden)
253 {
254 isPermDialogForbidden_ = isForbidden;
255 }
256
GetApiVersion(int32_t apiVersion)257 int32_t HapTokenInfoInner::GetApiVersion(int32_t apiVersion)
258 {
259 uint32_t apiSize = 3; // 3: api version length
260 std::string apiStr = std::to_string(apiVersion);
261 uint32_t inputSize = apiStr.length();
262 if (inputSize <= apiSize) {
263 return apiVersion;
264 }
265 std::string api = apiStr.substr(inputSize - apiSize);
266 return std::atoi(api.c_str());
267 }
268
UpdateRemoteHapTokenInfo(AccessTokenID mapID,const HapTokenInfo & baseInfo,std::vector<PermissionStatus> & permStateList)269 void HapTokenInfoInner::UpdateRemoteHapTokenInfo(AccessTokenID mapID,
270 const HapTokenInfo& baseInfo, std::vector<PermissionStatus>& permStateList)
271 {
272 SetTokenBaseInfo(baseInfo);
273 PermissionDataBrief::GetInstance().AddPermToBriefPermission(baseInfo.tokenID, permStateList, false);
274 }
275
UpdatePermissionStatus(const std::string & permissionName,bool isGranted,uint32_t flag,bool & statusChanged)276 int32_t HapTokenInfoInner::UpdatePermissionStatus(
277 const std::string& permissionName, bool isGranted, uint32_t flag, bool& statusChanged)
278 {
279 Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->policySetLock_);
280 int32_t ret = PermissionDataBrief::GetInstance().UpdatePermissionStatus(tokenInfoBasic_.tokenID,
281 permissionName, isGranted, flag, statusChanged);
282 if (ret != RET_SUCCESS) {
283 return ret;
284 }
285 if (ShortGrantManager::GetInstance().IsShortGrantPermission(permissionName)) {
286 LOGI(ATM_DOMAIN, ATM_TAG,
287 "Short grant permission %{public}s should not be notified to db.", permissionName.c_str());
288 return RET_SUCCESS;
289 }
290 if (isRemote_) {
291 LOGI(ATM_DOMAIN, ATM_TAG, "Token %{public}u is remote hap token, will not store.", tokenInfoBasic_.tokenID);
292 return RET_SUCCESS;
293 }
294 std::vector<GenericValues> permStateValues;
295 PermissionDataBrief::GetInstance().StorePermissionBriefData(tokenInfoBasic_.tokenID, permStateValues);
296
297 for (size_t i = 0; i < permStateValues.size(); i++) {
298 if (permStateValues[i].GetString(TokenFiledConst::FIELD_PERMISSION_NAME) != permissionName) {
299 continue;
300 }
301 GenericValues conditions;
302 conditions.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenInfoBasic_.tokenID));
303 conditions.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName);
304 AccessTokenDb::GetInstance().Modify(
305 AtmDataType::ACCESSTOKEN_PERMISSION_STATE, permStateValues[i], conditions);
306 }
307 return RET_SUCCESS;
308 }
309
GetPermissionStateList(std::vector<PermissionStatus> & permList)310 int32_t HapTokenInfoInner::GetPermissionStateList(std::vector<PermissionStatus>& permList)
311 {
312 std::vector<BriefPermData> briefPermDataList;
313 int32_t ret = PermissionDataBrief::GetInstance().GetBriefPermDataByTokenId(
314 tokenInfoBasic_.tokenID, briefPermDataList);
315 if (ret != RET_SUCCESS) {
316 return ret;
317 }
318 for (const auto& perm : briefPermDataList) {
319 PermissionStatus fullData;
320 (void)TransferOpcodeToPermission(perm.permCode, fullData.permissionName);
321 fullData.grantStatus = static_cast<int32_t>(perm.status);
322 fullData.grantFlag = perm.flag;
323 permList.emplace_back(fullData);
324 }
325 return RET_SUCCESS;
326 }
327
UpdateStatesToDB(AccessTokenID tokenID,std::vector<PermissionStatus> & stateChangeList)328 bool HapTokenInfoInner::UpdateStatesToDB(AccessTokenID tokenID, std::vector<PermissionStatus>& stateChangeList)
329 {
330 for (const auto& state : stateChangeList) {
331 GenericValues modifyValue;
332 modifyValue.Put(TokenFiledConst::FIELD_GRANT_STATE, state.grantStatus);
333 modifyValue.Put(TokenFiledConst::FIELD_GRANT_FLAG, static_cast<int32_t>(state.grantFlag));
334
335 GenericValues conditionValue;
336 conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenID));
337 conditionValue.Put(TokenFiledConst::FIELD_PERMISSION_NAME, state.permissionName);
338
339 int32_t res = AccessTokenDb::GetInstance().Modify(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, modifyValue,
340 conditionValue);
341 if (res != 0) {
342 LOGE(ATM_DOMAIN, ATM_TAG,
343 "Update tokenID %{public}u permission %{public}s to database failed, err %{public}d ",
344 tokenID, state.permissionName.c_str(), res);
345 return false;
346 }
347 }
348
349 return true;
350 }
351
ResetUserGrantPermissionStatus(void)352 int32_t HapTokenInfoInner::ResetUserGrantPermissionStatus(void)
353 {
354 Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->policySetLock_);
355
356 int32_t ret = PermissionDataBrief::GetInstance().ResetUserGrantPermissionStatus(tokenInfoBasic_.tokenID);
357 if (ret != RET_SUCCESS) {
358 LOGE(ATM_DOMAIN, ATM_TAG, "Failed to reset user permission status.");
359 return ret;
360 }
361
362 std::vector<PermissionStatus> permListOfHap;
363 ret = GetPermissionStateList(permListOfHap);
364 if (ret != RET_SUCCESS) {
365 LOGE(ATM_DOMAIN, ATM_TAG, "Failed to get permission state list.");
366 return ret;
367 }
368
369 #ifdef SUPPORT_SANDBOX_APP
370 // update permission status with dlp permission rule.
371 DlpPermissionSetManager::GetInstance().UpdatePermStateWithDlpInfo(tokenInfoBasic_.dlpType, permListOfHap);
372 std::vector<PermissionWithValue> extendedPermList;
373 PermissionDataBrief::GetInstance().GetExetendedValueList(tokenInfoBasic_.tokenID, extendedPermList);
374 std::map<std::string, std::string> aclExtendedMap;
375 for (const auto& extendedperm : extendedPermList) {
376 aclExtendedMap[extendedperm.permissionName] = extendedperm.value;
377 }
378 PermissionDataBrief::GetInstance().Update(tokenInfoBasic_.tokenID, permListOfHap, aclExtendedMap);
379 #endif
380 if (!UpdateStatesToDB(tokenInfoBasic_.tokenID, permListOfHap)) {
381 return ERR_DATABASE_OPERATE_FAILED;
382 }
383 return RET_SUCCESS;
384 }
385
RefreshPermStateToKernel(const std::vector<std::string> & constrainedList,bool hapUserIsActive,AccessTokenID tokenId,std::map<std::string,bool> & refreshedPermList)386 void HapTokenInfoInner::RefreshPermStateToKernel(const std::vector<std::string>& constrainedList,
387 bool hapUserIsActive, AccessTokenID tokenId, std::map<std::string, bool>& refreshedPermList)
388 {
389 PermissionDataBrief::GetInstance().RefreshPermStateToKernel(
390 constrainedList, hapUserIsActive, tokenId, refreshedPermList);
391 }
392
VerifyPermissionStatus(AccessTokenID tokenID,const std::string & permissionName)393 int32_t HapTokenInfoInner::VerifyPermissionStatus(AccessTokenID tokenID, const std::string& permissionName)
394 {
395 return PermissionDataBrief::GetInstance().VerifyPermissionStatus(tokenID, permissionName);
396 }
397
GetPermissionUsedType(AccessTokenID tokenID,const std::string & permissionName)398 PermUsedTypeEnum HapTokenInfoInner::GetPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName)
399 {
400 uint32_t code;
401 if (!TransferPermissionToOpcode(permissionName, code)) {
402 LOGE(ATM_DOMAIN, ATM_TAG, "permissionName is invalid %{public}s.", permissionName.c_str());
403 return PermUsedTypeEnum::INVALID_USED_TYPE;
404 }
405 return PermissionDataBrief::GetInstance().GetPermissionUsedType(tokenID, code);
406 }
407
QueryPermissionFlag(AccessTokenID tokenID,const std::string & permissionName,uint32_t & flag)408 int32_t HapTokenInfoInner::QueryPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag)
409 {
410 return PermissionDataBrief::GetInstance().QueryPermissionFlag(tokenID, permissionName, flag);
411 }
412
GetPermStatusListByTokenId(AccessTokenID tokenID,const std::vector<uint32_t> constrainedList,std::vector<uint32_t> & opCodeList,std::vector<bool> & statusList)413 void HapTokenInfoInner::GetPermStatusListByTokenId(AccessTokenID tokenID,
414 const std::vector<uint32_t> constrainedList, std::vector<uint32_t>& opCodeList, std::vector<bool>& statusList)
415 {
416 return PermissionDataBrief::GetInstance().GetPermStatusListByTokenId(
417 tokenID, constrainedList, opCodeList, statusList);
418 }
419
GetGrantedPermByTokenId(AccessTokenID tokenID,const std::vector<std::string> & constrainedList,std::vector<std::string> & permissionList)420 void HapTokenInfoInner::GetGrantedPermByTokenId(AccessTokenID tokenID,
421 const std::vector<std::string>& constrainedList, std::vector<std::string>& permissionList)
422 {
423 return PermissionDataBrief::GetInstance().GetGrantedPermByTokenId(tokenID, constrainedList, permissionList);
424 }
425
ClearAllSecCompGrantedPerm()426 void HapTokenInfoInner::ClearAllSecCompGrantedPerm()
427 {
428 PermissionDataBrief::GetInstance().ClearAllSecCompGrantedPerm();
429 }
430
IsPermissionGrantedWithSecComp(AccessTokenID tokenID,const std::string & permissionName)431 bool HapTokenInfoInner::IsPermissionGrantedWithSecComp(AccessTokenID tokenID, const std::string& permissionName)
432 {
433 return PermissionDataBrief::GetInstance().IsPermissionGrantedWithSecComp(tokenID, permissionName);
434 }
435
PermDefToString(const PermissionDef & def,std::string & info)436 void PermDefToString(const PermissionDef& def, std::string& info)
437 {
438 info.append(R"( {)");
439 info.append("\n");
440 info.append(R"( "permissionName": ")" + def.permissionName + R"(")" + ",\n");
441 info.append(R"( "bundleName": ")" + def.bundleName + R"(")" + ",\n");
442 info.append(R"( "grantMode": )" + std::to_string(def.grantMode) + ",\n");
443 info.append(R"( "availableLevel": )" + std::to_string(def.availableLevel) + ",\n");
444 info.append(R"( "provisionEnable": )" + std::to_string(def.provisionEnable) + ",\n");
445 info.append(R"( "distributedSceneEnable": )" + std::to_string(def.distributedSceneEnable) + ",\n");
446 info.append(R"( "label": ")" + def.label + R"(")" + ",\n");
447 info.append(R"( "labelId": )" + std::to_string(def.labelId) + ",\n");
448 info.append(R"( "description": ")" + def.description + R"(")" + ",\n");
449 info.append(R"( "descriptionId": )" + std::to_string(def.descriptionId) + ",\n");
450 info.append(R"( "isKernelEffect": )" + std::to_string(def.isKernelEffect) + ",\n");
451 info.append(R"( "hasValue": )" + std::to_string(def.hasValue) + ",\n");
452 info.append(R"( })");
453 }
454
PermStateFullToString(const PermissionStatus & state,std::string & info)455 void HapTokenInfoInner::PermStateFullToString(const PermissionStatus& state, std::string& info)
456 {
457 info.append(R"( {)");
458 info.append("\n");
459 info.append(R"( "permissionName": ")" + state.permissionName + R"(")" + ",\n");
460 info.append(R"( "grantStatus": ")" + std::to_string(state.grantStatus) + R"(")" + ",\n");
461 info.append(R"( "grantFlag": ")" + std::to_string(state.grantFlag) + R"(")" + ",\n");
462 std::string value;
463 (void)PermissionDataBrief::GetInstance().GetReqPermissionByName(
464 tokenInfoBasic_.tokenID, state.permissionName, value, false);
465 if (!value.empty()) {
466 info.append(R"( "value": ")" + value + R"(")" + ",\n");
467 }
468 info.append(R"( })");
469 }
470
PermToString(const std::vector<PermissionStatus> & permStateList,std::string & info)471 void HapTokenInfoInner::PermToString(const std::vector<PermissionStatus>& permStateList, std::string& info)
472 {
473 info.append(R"( "permStateList": [)");
474 info.append("\n");
475 for (auto iter = permStateList.begin(); iter != permStateList.end(); iter++) {
476 PermStateFullToString(*iter, info);
477 if (iter != (permStateList.end() - 1)) {
478 info.append(",\n");
479 }
480 }
481 info.append("\n ]\n");
482 }
483
ToString(std::string & info)484 void HapTokenInfoInner::ToString(std::string& info)
485 {
486 info.append(R"({)");
487 info.append("\n");
488 info.append(R"( "tokenID": )" + std::to_string(tokenInfoBasic_.tokenID) + ",\n");
489 info.append(R"( "tokenAttr": )" + std::to_string(tokenInfoBasic_.tokenAttr) + ",\n");
490 info.append(R"( "ver": )" + std::to_string(tokenInfoBasic_.ver) + ",\n");
491 info.append(R"( "userId": )" + std::to_string(tokenInfoBasic_.userID) + ",\n");
492 info.append(R"( "bundleName": ")" + tokenInfoBasic_.bundleName + R"(")" + ",\n");
493 info.append(R"( "instIndex": )" + std::to_string(tokenInfoBasic_.instIndex) + ",\n");
494 info.append(R"( "dlpType": )" + std::to_string(tokenInfoBasic_.dlpType) + ",\n");
495 info.append(R"( "isRemote": )" + std::to_string(isRemote_) + ",\n");
496 info.append(R"( "isPermDialogForbidden": )" + std::to_string(isPermDialogForbidden_) + ",\n");
497
498 std::vector<PermissionStatus> permStateList;
499 (void)GetPermissionStateList(permStateList);
500 PermToString(permStateList, info);
501 info.append("}");
502 }
503 } // namespace AccessToken
504 } // namespace Security
505 } // namespace OHOS
506