• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef ACCESSTOKEN_TOKEN_INFO_MANAGER_H
17 #define ACCESSTOKEN_TOKEN_INFO_MANAGER_H
18 
19 #include <algorithm>
20 #include <atomic>
21 #include <map>
22 #include <memory>
23 #include <unordered_set>
24 #include <vector>
25 
26 #include "access_token.h"
27 #include "atm_tools_param_info.h"
28 #ifdef TOKEN_SYNC_ENABLE
29 #include "device_manager.h"
30 #endif
31 #include "hap_token_info.h"
32 #include "hap_token_info_inner.h"
33 #include "native_token_info_base.h"
34 
35 namespace OHOS {
36 namespace Security {
37 namespace AccessToken {
38 #ifdef TOKEN_SYNC_ENABLE
39 class AccessTokenDmInitCallback final : public DistributedHardware::DmInitCallback {
OnRemoteDied()40     void OnRemoteDied() override
41     {}
42 };
43 #endif
44 
45 class AccessTokenInfoManager final {
46 public:
47     static AccessTokenInfoManager& GetInstance();
48     ~AccessTokenInfoManager();
49     void Init();
50     void InitNativeTokenInfos(const std::vector<NativeTokenInfoBase>& tokenInfos);
51     int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set<AccessTokenID>& tokenIdList);
52     std::shared_ptr<HapTokenInfoInner> GetHapTokenInfoInner(AccessTokenID id);
53     int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& infoParcel);
54     int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoBase& info);
55     int AllocAccessTokenIDEx(const HapInfoParams& info, AccessTokenID tokenId, AccessTokenIDEx& tokenIdEx);
56     int RemoveHapTokenInfo(AccessTokenID id);
57     int RemoveNativeTokenInfo(AccessTokenID id);
58     int32_t GetHapAppIdByTokenId(AccessTokenID tokenID, std::string& appId);
59     int CreateHapTokenInfo(const HapInfoParams& info, const HapPolicy& policy, AccessTokenIDEx& tokenIdEx);
60     AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex);
61     AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID);
62     int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info,
63         const std::vector<PermissionStatus>& permStateList, const HapPolicy& hapPolicy);
64     void DumpTokenInfo(const AtmToolsParamInfo& info, std::string& dumpInfo);
65     bool IsTokenIdExist(AccessTokenID id);
66     AccessTokenID GetNativeTokenId(const std::string& processName);
67     void GetRelatedSandBoxHapList(AccessTokenID tokenId, std::vector<AccessTokenID>& tokenIdList);
68     int32_t GetHapTokenDlpType(AccessTokenID id);
69     int32_t SetPermDialogCap(AccessTokenID tokenID, bool enable);
70     int32_t InitUserPolicy(const std::vector<UserState>& userList, const std::vector<std::string>& permList);
71     int32_t UpdateUserPolicy(const std::vector<UserState>& userList);
72     int32_t ClearUserPolicy();
73     bool GetPermDialogCap(AccessTokenID tokenID);
74     void DumpToken();
75     int32_t GetCurDumpTaskNum();
76     void AddDumpTaskNum();
77     void ReduceDumpTaskNum();
78     void ClearUserGrantedPermissionState(AccessTokenID tokenID);
79     int32_t ClearUserGrantedPermission(AccessTokenID tokenID);
80     bool IsPermissionRestrictedByUserPolicy(AccessTokenID id, const std::string& permissionName);
81     int32_t VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName);
82     int32_t VerifyNativeAccessToken(AccessTokenID tokenID, const std::string& permissionName);
83 
84 #ifdef TOKEN_SYNC_ENABLE
85     /* tokensync needed */
86     void InitDmCallback(void);
87     int GetHapTokenSync(AccessTokenID tokenID, HapTokenInfoForSync& hapSync);
88     int GetHapTokenInfoFromRemote(AccessTokenID tokenID,
89         HapTokenInfoForSync& hapSync);
90     int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSync& hapSync);
91     bool IsRemoteHapTokenValid(const std::string& deviceID, const HapTokenInfoForSync& hapSync);
92     int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID);
93     AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID);
94     int DeleteRemoteDeviceTokens(const std::string& deviceID);
95 #endif
96 
97     bool UpdateCapStateToDatabase(AccessTokenID tokenID, bool enable);
98     int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, int32_t userID);
99     int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, int32_t userID);
100     int32_t GetKernelPermissions(AccessTokenID tokenId, std::vector<PermissionWithValue>& kernelPermList);
101     int32_t GetReqPermissionByName(AccessTokenID tokenId, const std::string& permissionName, std::string& value);
102 
103 private:
104     AccessTokenInfoManager();
105     DISALLOW_COPY_AND_MOVE(AccessTokenInfoManager);
106 
107     void InitHapTokenInfos(uint32_t& hapSize);
108     int AddHapTokenInfo(const std::shared_ptr<HapTokenInfoInner>& info);
109     std::string GetHapUniqueStr(const std::shared_ptr<HapTokenInfoInner>& info) const;
110     std::string GetHapUniqueStr(const int& userID, const std::string& bundleName, const int& instIndex) const;
111     int AddHapTokenInfoToDb(const std::shared_ptr<HapTokenInfoInner>& hapInfo,
112         const std::string& appId, const HapPolicy& policy, bool isUpdate);
113     int RemoveHapTokenInfoFromDb(const std::shared_ptr<HapTokenInfoInner>& info);
114     int CreateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync);
115     int UpdateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync);
116     void PermissionStateNotify(const std::shared_ptr<HapTokenInfoInner>& info, AccessTokenID id);
117     void DumpHapTokenInfoByTokenId(const AccessTokenID tokenId, std::string& dumpInfo);
118     void DumpHapTokenInfoByBundleName(const std::string& bundleName, std::string& dumpInfo);
119     void DumpAllHapTokenname(std::string& dumpInfo);
120     void DumpNativeTokenInfoByProcessName(const std::string& processName, std::string& dumpInfo);
121     void DumpAllNativeTokenName(std::string& dumpInfo);
122     int32_t ParseUserPolicyInfo(const std::vector<UserState>& userList,
123         const std::vector<std::string>& permList, std::map<int32_t, bool>& changedUserList);
124     int32_t ParseUserPolicyInfo(const std::vector<UserState>& userList,
125         std::map<int32_t, bool>& changedUserList);
126     int32_t UpdatePermissionStateToKernel(const std::vector<std::string>& permCodeList,
127         const std::map<AccessTokenID, bool>& tokenIdList);
128     int32_t UpdatePermissionStateToKernel(const std::map<AccessTokenID, bool>& tokenIdList);
129     void GetGoalHapList(std::map<AccessTokenID, bool>& tokenIdList,
130         std::map<int32_t, bool>& changedUserList);
131     int32_t AddPermRequestToggleStatusToDb(int32_t userID, const std::string& permissionName, int32_t status);
132     int32_t FindPermRequestToggleStatusFromDb(int32_t userID, const std::string& permissionName);
133     void GetNativePermissionList(const NativeTokenInfoBase& native,
134         std::vector<uint32_t>& opCodeList, std::vector<bool>& statusList);
135     bool IsPermissionReqValid(int32_t tokenApl, const std::string& permissionName,
136         const std::vector<std::string>& nativeAcls);
137     int32_t GetNativeCfgInfo(std::vector<NativeTokenInfoBase>& tokenInfos);
138     void NativeTokenStateToString(const NativeTokenInfoBase& native, std::string& info, std::string& invalidPermString);
139     void NativeTokenToString(AccessTokenID tokenID, std::string& info);
140     int32_t CheckHapInfoParam(const HapInfoParams& info, const HapPolicy& policy);
141     void UpdateHapToKernel(AccessTokenID tokenID, int32_t userId);
142     bool hasInited_;
143     std::atomic_int32_t dumpTaskNum_;
144 
145     OHOS::Utils::RWLock hapTokenInfoLock_;
146     OHOS::Utils::RWLock nativeTokenInfoLock_;
147     OHOS::Utils::RWLock managerLock_;
148     OHOS::Utils::RWLock modifyLock_;
149 
150     std::map<int, std::shared_ptr<HapTokenInfoInner>> hapTokenInfoMap_;
151     std::map<std::string, AccessTokenID> hapTokenIdMap_;
152     std::map<uint32_t, NativeTokenInfoCache> nativeTokenInfoMap_;
153 
154     OHOS::Utils::RWLock userPolicyLock_;
155     std::vector<int32_t> inactiveUserList_;
156     std::vector<std::string> permPolicyList_;
157 };
158 } // namespace AccessToken
159 } // namespace Security
160 } // namespace OHOS
161 #endif // ACCESSTOKEN_TOKEN_INFO_MANAGER_H
162