1 /* 2 * Copyright (c) 2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 17 #ifndef PERMISSION_DATA_BRIEF_H 18 #define PERMISSION_DATA_BRIEF_H 19 20 #include <list> 21 #include <memory> 22 #include <mutex> 23 #include <map> 24 #include <string> 25 #include <vector> 26 #include "access_token.h" 27 #include "permission_status.h" 28 #include "generic_values.h" 29 #include "hap_token_info.h" 30 31 #include "rwlock.h" 32 33 namespace OHOS { 34 namespace Security { 35 namespace AccessToken { 36 37 typedef struct { 38 int8_t status; 39 uint8_t type; // KERNEL_EFFECT_FLAG = 0x1 << 0 HAS_VALUE_FLAG = 0x1 << 1 40 uint16_t permCode; 41 uint32_t flag; 42 } BriefPermData; 43 44 typedef struct { 45 uint16_t permCode; 46 uint16_t reserved; 47 uint32_t tokenId; 48 } BriefSecCompData; 49 50 class PermissionDataBrief final { 51 public: 52 static PermissionDataBrief& GetInstance(); 53 virtual ~PermissionDataBrief() = default; 54 55 int32_t DeleteBriefPermDataByTokenId(AccessTokenID tokenID); 56 int32_t SetBriefPermData(AccessTokenID tokenID, int32_t opCode, bool status, uint32_t flag); 57 int32_t GetBriefPermDataByTokenId(AccessTokenID tokenID, std::vector<BriefPermData>& data); 58 void ToString(std::string& info); 59 PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, int32_t opCode); 60 bool IsPermissionGrantedWithSecComp(AccessTokenID tokenID, const std::string& permissionName); 61 int32_t VerifyPermissionStatus(AccessTokenID tokenID, const std::string& permission); 62 int32_t QueryPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag); 63 void ClearAllSecCompGrantedPerm(); 64 void GetGrantedPermByTokenId(AccessTokenID tokenID, 65 const std::vector<std::string>& constrainedList, std::vector<std::string>& permissionList); 66 void GetPermStatusListByTokenId(AccessTokenID tokenID, 67 const std::vector<uint32_t> constrainedList, std::vector<uint32_t>& opCodeList, std::vector<bool>& statusList); 68 int32_t RefreshPermStateToKernel(const std::vector<std::string>& constrainedList, 69 bool hapUserIsActive, AccessTokenID tokenId, std::map<std::string, bool>& refreshedPermList); 70 void AddPermToBriefPermission( 71 AccessTokenID tokenId, const std::vector<PermissionStatus>& permStateList, bool defCheck); 72 void AddPermToBriefPermission( 73 AccessTokenID tokenId, const std::vector<PermissionStatus>& permStateList, 74 const std::map<std::string, std::string>& aclExtendedMap, bool defCheck); 75 void Update( 76 AccessTokenID tokenId, const std::vector<PermissionStatus>& permStateList, 77 const std::map<std::string, std::string>& aclExtendedMap); 78 void RestorePermissionBriefData(AccessTokenID tokenId, 79 const std::vector<GenericValues>& permStateRes, const std::vector<GenericValues> extendedPermRes); 80 int32_t StorePermissionBriefData(AccessTokenID tokenId, std::vector<GenericValues>& permStateValueList); 81 int32_t UpdatePermissionStatus(AccessTokenID tokenId, 82 const std::string& permissionName, bool isGranted, uint32_t flag, bool& statusChanged); 83 int32_t ResetUserGrantPermissionStatus(AccessTokenID tokenID); 84 int32_t GetKernelPermissions(AccessTokenID tokenId, std::vector<PermissionWithValue>& kernelPermList); 85 int32_t GetReqPermissionByName( 86 AccessTokenID tokenId, const std::string& permissionName, std::string& value, bool tokenIdCheck); 87 void GetExetendedValueList(AccessTokenID tokenId, std::vector<PermissionWithValue>& extendedPermList); 88 private: 89 bool GetPermissionBriefData(AccessTokenID tokenID, const PermissionStatus &permState, 90 const std::map<std::string, std::string>& aclExtendedMap, BriefPermData& briefPermData); 91 bool GetPermissionStatus(const BriefPermData& briefPermData, PermissionStatus &permState); 92 void GetPermissionBriefDataList(AccessTokenID tokenID, 93 const std::vector<PermissionStatus>& permStateList, 94 const std::map<std::string, std::string>& aclExtendedMap, 95 std::vector<BriefPermData>& list); 96 void AddBriefPermDataByTokenId(AccessTokenID tokenID, const std::vector<BriefPermData>& listInput); 97 void UpdatePermStatus(const BriefPermData& permOld, BriefPermData& permNew); 98 uint32_t GetFlagWroteToDb(uint32_t grantFlag); 99 void MergePermBriefData(std::vector<BriefPermData>& permBriefDataList, BriefPermData& data); 100 int32_t UpdatePermStateList(AccessTokenID tokenId, uint32_t opCode, bool isGranted, uint32_t flag); 101 int32_t UpdateSecCompGrantedPermList(AccessTokenID tokenId, const std::string& permissionName, bool isToGrant); 102 int32_t VerifyPermissionStatus(AccessTokenID tokenID, uint32_t permCode); 103 void ClearAllSecCompGrantedPermById(AccessTokenID tokenID); 104 void SecCompGrantedPermListUpdated(AccessTokenID tokenID, const std::string& permissionName, bool isAdded); 105 int32_t GetBriefPermDataByTokenIdInner(AccessTokenID tokenID, std::vector<BriefPermData>& list); 106 int32_t TranslationIntoAclExtendedMap(AccessTokenID tokenId, const std::vector<GenericValues>& extendedPermRes, 107 std::map<std::string, std::string>& aclExtendedMap); 108 void GetExetendedValueListInner(AccessTokenID tokenId, std::vector<PermissionWithValue>& extendedPermList); 109 void DeleteExtendedValue(AccessTokenID tokenID); 110 PermissionDataBrief() = default; 111 DISALLOW_COPY_AND_MOVE(PermissionDataBrief); 112 OHOS::Utils::RWLock permissionStateDataLock_; 113 std::map<uint32_t, std::vector<BriefPermData>> requestedPermData_; 114 std::map<uint64_t, std::string> extendedValue_; 115 std::list<BriefSecCompData> secCompList_; 116 }; 117 } // namespace AccessToken 118 } // namespace Security 119 } // namespace OHOS 120 #endif // PERMISSION_DATA_BRIEF_H 121