1 /* 2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef ACCESSTOKEN_MANAGER_SERVICE_H 17 #define ACCESSTOKEN_MANAGER_SERVICE_H 18 19 #include <string> 20 #include <vector> 21 22 #include "accesstoken_manager_stub.h" 23 #ifdef EVENTHANDLER_ENABLE 24 #include "access_event_handler.h" 25 #endif 26 #include "access_token.h" 27 #include "hap_token_info.h" 28 #include "iremote_object.h" 29 #include "nocopyable.h" 30 #include "singleton.h" 31 #include "system_ability.h" 32 #include "thread_pool.h" 33 34 namespace OHOS { 35 namespace Security { 36 namespace AccessToken { 37 enum class ServiceRunningState { STATE_NOT_START, STATE_RUNNING }; 38 class AccessTokenManagerService final : public SystemAbility, public AccessTokenManagerStub { 39 DECLARE_DELAYED_SINGLETON(AccessTokenManagerService); 40 DECLEAR_SYSTEM_ABILITY(AccessTokenManagerService); 41 42 public: 43 void OnStart() override; 44 void OnStop() override; 45 void OnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId) override; 46 void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string& deviceId) override; 47 48 AccessTokenIDEx AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy) override; 49 PermUsedTypeEnum GetPermissionUsedType( 50 AccessTokenID tokenID, const std::string& permissionName) override; 51 int32_t InitHapToken(const HapInfoParcel& info, HapPolicyParcel& policy, 52 AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) override; 53 int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) override; 54 int VerifyAccessToken(AccessTokenID tokenID, 55 const std::vector<std::string>& permissionList, std::vector<int32_t>& permStateList) override; 56 int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) override; 57 int GetReqPermissions( 58 AccessTokenID tokenID, std::vector<PermissionStatusParcel>& reqPermList, bool isSystemGrant) override; 59 PermissionOper GetSelfPermissionsState(std::vector<PermissionListStateParcel>& reqPermList, 60 PermissionGrantInfoParcel& infoParcel) override; 61 int32_t GetPermissionsStatus(AccessTokenID tokenID, std::vector<PermissionListStateParcel>& reqPermList) override; 62 int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) override; 63 int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, 64 int32_t userID) override; 65 int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, 66 int32_t userID) override; 67 int32_t RequestAppPermOnSetting(AccessTokenID tokenID) override; 68 int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) override; 69 int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) override; 70 int GrantPermissionForSpecifiedTime( 71 AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) override; 72 int ClearUserGrantedPermissionState(AccessTokenID tokenID) override; 73 int DeleteToken(AccessTokenID tokenID) override; 74 int GetTokenType(AccessTokenID tokenID) override; 75 AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex) override; 76 AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID) override; 77 int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& infoParcel) override; 78 int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set<AccessTokenID>& tokenIdList) override; 79 int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& infoParcel) override; 80 int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, 81 const HapPolicyParcel& policyParcel, HapInfoCheckResult& result) override; 82 int32_t RegisterPermStateChangeCallback( 83 const PermStateChangeScopeParcel& scope, const sptr<IRemoteObject>& callback) override; 84 int32_t UnRegisterPermStateChangeCallback(const sptr<IRemoteObject>& callback) override; 85 int32_t RegisterSelfPermStateChangeCallback(const PermStateChangeScopeParcel& scope, 86 const sptr<IRemoteObject>& callback) override; 87 int32_t UnRegisterSelfPermStateChangeCallback(const sptr<IRemoteObject>& callback) override; 88 #ifndef ATM_BUILD_VARIANT_USER_ENABLE 89 int32_t ReloadNativeTokenInfo() override; 90 #endif 91 int GetHapTokenInfoExtension(AccessTokenID tokenID, 92 HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) override; 93 AccessTokenID GetNativeTokenId(const std::string& processName) override; 94 95 #ifdef TOKEN_SYNC_ENABLE 96 int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override; 97 int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) override; 98 int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) override; 99 AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) override; 100 int DeleteRemoteDeviceTokens(const std::string& deviceID) override; 101 int32_t RegisterTokenSyncCallback(const sptr<IRemoteObject>& callback) override; 102 int32_t UnRegisterTokenSyncCallback() override; 103 #endif 104 int32_t GetKernelPermissions( 105 AccessTokenID tokenId, std::vector<PermissionWithValue>& kernelPermList) override; 106 int32_t GetReqPermissionByName( 107 AccessTokenID tokenId, const std::string& permissionName, std::string& value) override; 108 int SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfoParcel, bool enable) override; 109 void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) override; 110 int32_t InitUserPolicy(const std::vector<UserState>& userList, const std::vector<std::string>& permList) override; 111 int32_t UpdateUserPolicy(const std::vector<UserState>& userList) override; 112 int32_t ClearUserPolicy() override; 113 void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) override; 114 int32_t GetVersion(uint32_t& version) override; 115 int Dump(int fd, const std::vector<std::u16string>& args) override; 116 117 private: 118 void GetValidConfigFilePathList(std::vector<std::string>& pathList); 119 bool GetConfigGrantValueFromFile(std::string& fileContent); 120 void GetConfigValue(); 121 bool Initialize(); 122 void AccessTokenServiceParamSet() const; 123 PermissionOper GetPermissionsState(AccessTokenID tokenID, std::vector<PermissionListStateParcel>& reqPermList); 124 ServiceRunningState state_; 125 std::string grantBundleName_; 126 std::string grantAbilityName_; 127 std::string grantServiceAbilityName_; 128 std::string permStateAbilityName_; 129 std::string globalSwitchAbilityName_; 130 std::string applicationSettingAbilityName_; 131 }; 132 } // namespace AccessToken 133 } // namespace Security 134 } // namespace OHOS 135 #endif // ACCESSTOKEN_MANAGER_SERVICE_H 136