• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 /**
17  * @addtogroup AccessToken
18  * @{
19  *
20  * @brief Provides permission management interfaces.
21  *
22  * Provides tokenID-based application permission verification mechanism.
23  * When an application accesses sensitive data or APIs, this module can check
24  * whether the application has the corresponding permission. Allows applications
25  * to query their access token information or APL levcels based on token IDs.
26  *
27  * @since 7.0
28  * @version 7.0
29  */
30 
31 /**
32  * @file access_token.h
33  *
34  * @brief Declares typedefs, enums and const values.
35  *
36  * @since 7.0
37  * @version 7.0
38  */
39 
40 #ifndef ACCESS_TOKEN_H
41 #define ACCESS_TOKEN_H
42 
43 #include <string>
44 
45 namespace OHOS {
46 namespace Security {
47 namespace AccessToken {
48 typedef unsigned int AccessTokenID;
49 typedef uint64_t FullTokenID;
50 typedef unsigned int AccessTokenAttr;
51 static const int DEFAULT_TOKEN_VERSION = 1;
52 static const AccessTokenID INVALID_TOKENID = 0;
53 
54 /**
55  * @brief visit type
56  */
57 enum class PermUsedTypeEnum {
58     /** invalid type */
59     INVALID_USED_TYPE = -1,
60     /** normal type for permision request */
61     NORMAL_TYPE,
62     /** picker type for permision request */
63     PICKER_TYPE,
64     /** security component type for permision request */
65     SEC_COMPONENT_TYPE,
66     /** bottom of type for no use */
67     PERM_USED_TYPE_BUTT,
68 };
69 
70 /**
71  * @brief Access token kit return code
72  */
73 enum AccessTokenKitRet {
74     RET_FAILED = -1,
75     RET_SUCCESS = 0,
76 };
77 
78 /**
79  * @brief AccessTokenID 32 bits map
80  */
81 typedef struct {
82     unsigned int tokenUniqueID : 20;
83     /** reserved, default 00000 */
84     unsigned int res : 4;
85     unsigned int cloneFlag : 1;
86     /** renderflag, default 0 */
87     unsigned int renderFlag : 1;
88     unsigned int dlpFlag : 1;
89     /**
90      * token type, for details about the valid values,
91      * see the definition of ATokenTypeEnum in the access_token.h file.
92      */
93     unsigned int type : 2;
94     /** version, default 001 */
95     unsigned int version : 3;
96 } AccessTokenIDInner;
97 
98 /**
99  * @brief Token id type
100  */
101 typedef enum TypeATokenTypeEnum {
102     TOKEN_INVALID = -1,
103     TOKEN_HAP = 0,
104     TOKEN_NATIVE,
105     TOKEN_SHELL,
106     TOKEN_TYPE_BUTT,
107 } ATokenTypeEnum;
108 
109 /**
110  * @brief Apl level
111  */
112 typedef enum TypeATokenAplEnum {
113     APL_INVALID = 0,
114     APL_NORMAL = 1,
115     APL_SYSTEM_BASIC = 2,
116     APL_SYSTEM_CORE = 3,
117     APL_ENUM_BUTT,
118 } ATokenAplEnum;
119 
120 /**
121  * @brief AvailableType
122  */
123 typedef enum TypeATokenAvailableTypeEnum {
124     INVALID = -1,
125     NORMAL = 0,
126     SYSTEM,
127     MDM,
128     SYSTEM_AND_MDM,
129     SERVICE,
130     ENTERPRISE_NORMAL,
131     AVAILABLE_TYPE_BUTT,
132 } ATokenAvailableTypeEnum;
133 
134 /**
135  * @brief Token id full definition
136  */
137 typedef union {
138     unsigned long long tokenIDEx;
139     struct {
140         AccessTokenID tokenID;
141         /** tokenID attribute */
142         AccessTokenAttr tokenAttr;
143     } tokenIdExStruct;
144 } AccessTokenIDEx;
145 
146 /**
147  * @brief Permission request toggle status
148  */
149 typedef enum TypePermissionRequestToggleStatus {
150     CLOSED = 0,
151     OPEN = 1,
152 } PermissionRequestToggleStatus;
153 
154 /**
155  * @brief Permission states
156  */
157 typedef enum TypePermissionState {
158     PERMISSION_DENIED = -1,
159     PERMISSION_GRANTED = 0,
160 } PermissionState;
161 
162 /**
163  * @brief Permission grant mode
164  */
165 typedef enum TypeGrantMode {
166     /** user grant the permisson by dynamic pop-up window */
167     USER_GRANT = 0,
168     /**
169      * system grant the permission automated when
170      * the permission is decleared and app is installed
171      */
172     SYSTEM_GRANT = 1,
173 } GrantMode;
174 
175 /**
176  * @brief Permission flag
177  */
178 typedef enum TypePermissionFlag {
179     /**
180      * permission has not been set by user.
181      */
182     PERMISSION_DEFAULT_FLAG = 0,
183     /**
184      * permission has been set by user, If the permission is not granted,
185      * a permission window is allowed to apply for permission.
186      */
187     PERMISSION_USER_SET = 1 << 0,
188     /**
189      * permission has been set by user, If the permission is not granted,
190      * a permission window is not allowed to apply for permission.
191      */
192     PERMISSION_USER_FIXED = 1 << 1,
193     /**
194      * permission has been set by system,
195      * the permission can be a user_grant one which is granted for pre-authorization and is non-cancellable.
196      */
197     PERMISSION_SYSTEM_FIXED = 1 << 2,
198     /**
199      * a user_grant permission has been set by system for pre-authorization,
200      * and it is cancellable. it always works with other flags.
201      */
202     PERMISSION_GRANTED_BY_POLICY = 1 << 3,
203     /**
204      * permission has been set by security component.
205      */
206     PERMISSION_COMPONENT_SET = 1 << 4,
207     /*
208      * permission is fixed by policy and the permission cannot be granted or revoked by user
209      */
210     PERMISSION_POLICY_FIXED = 1 << 5,
211     /*
212      * permission is only allowed during the current lifecycle foreground period
213      */
214     PERMISSION_ALLOW_THIS_TIME = 1 << 6,
215 } PermissionFlag;
216 
217 /**
218  * @brief Permission operate result
219  */
220 typedef enum TypePermissionOper {
221     /** permission has been set, only can change it in settings */
222     SETTING_OPER = -1,
223     /** operate is passed, no need to do anything */
224     PASS_OPER = 0,
225     /** permission need dynamic pop-up windows to grant it */
226     DYNAMIC_OPER = 1,
227     /** invalid operation, something is wrong, see in md files */
228     INVALID_OPER = 2,
229     /** operate is forbidden */
230     FORBIDDEN_OPER = 3,
231     /** buttom of permission oper */
232     BUTT_OPER,
233 } PermissionOper;
234 
235 
236 /**
237  * @brief Permission operation result details
238  */
239 typedef enum TypePermissionErrorReason {
240     /** The operation is successful */
241     REQ_SUCCESS = 0,
242     /** The permission name is invalid */
243     PERM_INVALID = 1,
244     /** The requested has not been declared */
245     PERM_NOT_DECLEARED = 2,
246     /** The conditions for requesting the permission are not met */
247     CONDITIONS_NOT_MET = 3,
248     /** The user does not agree to the Privacy Statement */
249     PRIVACY_STATEMENT_NOT_AGREED = 4,
250     /** The permission cannot be requested in a pop-up window */
251     UNABLE_POP_UP = 5,
252     /** The service is abnormal */
253     SERVICE_ABNORMAL = 12,
254 } PermissionErrorReason;
255 
256 /**
257  * @brief Dlp types
258  */
259 typedef enum DlpType {
260     DLP_COMMON = 0,
261     DLP_READ = 1,
262     DLP_FULL_CONTROL = 2,
263     BUTT_DLP_TYPE,
264 } HapDlpType;
265 
266 /**
267  * @brief User permission policy status.
268  */
269 typedef struct {
270     /** user id */
271     int32_t userId;
272     /** active status */
273     bool isActive;
274 } UserState;
275 
276 /**
277  * @brief Dlp permission type
278  */
279 typedef enum TypeDlpPerm {
280     DLP_PERM_ALL = 0,
281     DLP_PERM_FULL_CONTROL = 1,
282     DLP_PERM_NONE = 2,
283 } DlpPermMode;
284 
285 /**
286  * @brief Atm toggle mode type
287  */
288 typedef enum TypeToggleModeType {
289     /** toggle mode is request */
290     TOGGLE_REQUEST = 0,
291     /** toggle mode is record */
292     TOGGLE_RECORD,
293 } ToggleModeType;
294 
295 /**
296  * @brief Atm tools operate type
297  */
298 typedef enum TypeOptType {
299     /** default */
300     DEFAULT_OPER = 0,
301     /** dump hap or native token info */
302     DUMP_TOKEN,
303     /** dump permission used records */
304     DUMP_RECORD,
305     /** dump permission used types */
306     DUMP_TYPE,
307     /** dump permission definition info */
308     DUMP_PERM,
309     /** grant permission */
310     PERM_GRANT,
311     /** revoke permission */
312     PERM_REVOKE,
313     /** set toggle request/record status */
314     TOGGLE_SET,
315     /** get toggle request/record status */
316     TOGGLE_GET,
317 } OptType;
318 
319 /**
320  * @brief PermssionRule
321  */
322 typedef enum TypePermissionRulesEnum {
323     PERMISSION_EDM_RULE = 0,
324     PERMISSION_ACL_RULE
325 } PermissionRulesEnum;
326 
327 /**
328  * @brief Permission change registration type
329  */
330 typedef enum RegisterPermissionChangeType {
331     /** system app register permissions state change info of selected haps */
332     SYSTEM_REGISTER_TYPE = 0,
333     /** app register permissions state change info of itself */
334     SELF_REGISTER_TYPE = 1,
335 } RegisterPermChangeType;
336 
337 /**
338  * @brief Whether acl check
339  */
340 typedef enum HapPolicyCheckIgnoreType {
341     /** normal */
342     NONE = 0,
343     /** ignore acl check */
344     ACL_IGNORE_CHECK,
345 } HapPolicyCheckIgnore;
346 
347 } // namespace AccessToken
348 } // namespace Security
349 } // namespace OHOS
350 #endif // ACCESS_TOKEN_H
351