1 /* 2 * Copyright (c) 2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef ASSET_SYSTEM_TYPE_H 17 #define ASSET_SYSTEM_TYPE_H 18 19 /** 20 * @file asset_system_type.h 21 * 22 * @brief Defines the enums, structs, and error codes used in the Asset APIs. 23 * 24 * @since 11 25 */ 26 27 #include <stdbool.h> 28 #include <stdint.h> 29 30 #ifdef __cplusplus 31 extern "C" { 32 #endif 33 34 /** 35 * @brief Enumerates the types of the asset attribute tags. 36 */ 37 typedef enum { 38 /** 39 * The asset attribute tag is a Boolean value. 40 */ 41 SEC_ASSET_TYPE_BOOL = 0x1 << 28, 42 /** 43 * The asset attribute tag is a number. 44 */ 45 SEC_ASSET_TYPE_NUMBER = 0x2 << 28, 46 /** 47 * The asset attribute tag is an array of bytes. 48 */ 49 SEC_ASSET_TYPE_BYTES = 0x3 << 28, 50 } AssetTagType; 51 52 /** 53 * @brief Defines the mask used to obtain the type of the asset attribute tag. 54 */ 55 #define SEC_ASSET_TAG_TYPE_MASK (0xF << 28) 56 57 /** 58 * @brief Enumerates the asset attribute tags. 59 */ 60 typedef enum { 61 /** 62 * Sensitive user data in the form of bytes, such as passwords and tokens. 63 */ 64 SEC_ASSET_TAG_SECRET = SEC_ASSET_TYPE_BYTES | 0x01, 65 /** 66 * Asset alias (identifier) in the form of bytes. 67 */ 68 SEC_ASSET_TAG_ALIAS = SEC_ASSET_TYPE_BYTES | 0x02, 69 /** 70 * Time when the asset is accessible. The value is of the uint32 type, which is a 32-bit unsigned integer. 71 */ 72 SEC_ASSET_TAG_ACCESSIBILITY = SEC_ASSET_TYPE_NUMBER | 0x03, 73 /** 74 * A Boolean value indicating whether the asset is available only with a lock screen password. 75 */ 76 SEC_ASSET_TAG_REQUIRE_PASSWORD_SET = SEC_ASSET_TYPE_BOOL | 0x04, 77 /** 78 * User authentication type for the asset. The value is of the uint32 type. 79 */ 80 SEC_ASSET_TAG_AUTH_TYPE = SEC_ASSET_TYPE_NUMBER | 0x05, 81 /** 82 * Validity period of the user authentication, in seconds. The value is of the uint32 type. 83 */ 84 SEC_ASSET_TAG_AUTH_VALIDITY_PERIOD = SEC_ASSET_TYPE_NUMBER | 0x06, 85 /** 86 * Challenge value, in the form of bytes, used for anti-replay during the authentication. 87 */ 88 SEC_ASSET_TAG_AUTH_CHALLENGE = SEC_ASSET_TYPE_BYTES | 0x07, 89 /** 90 * Authentication token, in the form of bytes, obtained after a successful user authentication. 91 */ 92 SEC_ASSET_TAG_AUTH_TOKEN = SEC_ASSET_TYPE_BYTES | 0x08, 93 /** 94 * Asset synchronization type. The value is of the uint32 type. 95 */ 96 SEC_ASSET_TAG_SYNC_TYPE = SEC_ASSET_TYPE_NUMBER | 0x10, 97 /** 98 * A Boolean value indicating whether the asset needs to be stored persistently. 99 * The ohos.permission.STORE_PERSISTENT_DATA permission is required if <b>OH_Asset_Add</b> is called with this tag. 100 * 101 * @permission ohos.permission.STORE_PERSISTENT_DATA 102 */ 103 SEC_ASSET_TAG_IS_PERSISTENT = SEC_ASSET_TYPE_BOOL | 0x11, 104 /** 105 * An immutable custom field, in the form of bytes. 106 */ 107 SEC_ASSET_TAG_DATA_LABEL_CRITICAL_1 = SEC_ASSET_TYPE_BYTES | 0x20, 108 /** 109 * An immutable custom field, in the form of bytes. 110 */ 111 SEC_ASSET_TAG_DATA_LABEL_CRITICAL_2 = SEC_ASSET_TYPE_BYTES | 0x21, 112 /** 113 * An immutable custom field, in the form of bytes. 114 */ 115 SEC_ASSET_TAG_DATA_LABEL_CRITICAL_3 = SEC_ASSET_TYPE_BYTES | 0x22, 116 /** 117 * An immutable custom field, in the form of bytes. 118 */ 119 SEC_ASSET_TAG_DATA_LABEL_CRITICAL_4 = SEC_ASSET_TYPE_BYTES | 0x23, 120 /** 121 * A mutable custom field, in the form of bytes. 122 */ 123 SEC_ASSET_TAG_DATA_LABEL_NORMAL_1 = SEC_ASSET_TYPE_BYTES | 0x30, 124 /** 125 * A mutable custom field, in the form of bytes. 126 */ 127 SEC_ASSET_TAG_DATA_LABEL_NORMAL_2 = SEC_ASSET_TYPE_BYTES | 0x31, 128 /** 129 * A mutable custom field, in the form of bytes. 130 */ 131 SEC_ASSET_TAG_DATA_LABEL_NORMAL_3 = SEC_ASSET_TYPE_BYTES | 0x32, 132 /** 133 * A mutable custom field, in the form of bytes. 134 */ 135 SEC_ASSET_TAG_DATA_LABEL_NORMAL_4 = SEC_ASSET_TYPE_BYTES | 0x33, 136 /** 137 * A mutable custom field, in the form of bytes. The information of a local tag will not be synchronized. 138 */ 139 SEC_ASSET_TAG_DATA_LABEL_NORMAL_LOCAL_1 = SEC_ASSET_TYPE_BYTES | 0x34, 140 /** 141 * A mutable custom field, in the form of bytes. The information of a local tag will not be synchronized. 142 */ 143 SEC_ASSET_TAG_DATA_LABEL_NORMAL_LOCAL_2 = SEC_ASSET_TYPE_BYTES | 0x35, 144 /** 145 * A mutable custom field, in the form of bytes. The information of a local tag will not be synchronized. 146 */ 147 SEC_ASSET_TAG_DATA_LABEL_NORMAL_LOCAL_3 = SEC_ASSET_TYPE_BYTES | 0x36, 148 /** 149 * A mutable custom field, in the form of bytes. The information of a local tag will not be synchronized. 150 */ 151 SEC_ASSET_TAG_DATA_LABEL_NORMAL_LOCAL_4 = SEC_ASSET_TYPE_BYTES | 0x37, 152 /** 153 * Return type of the queried asset. The value is of the uint32 type. 154 */ 155 SEC_ASSET_TAG_RETURN_TYPE = SEC_ASSET_TYPE_NUMBER | 0x40, 156 /** 157 * Maximum number of assets that can be returned at a time if multiple asset records match the specified conditions. 158 * The value is of the uint32 type. 159 */ 160 SEC_ASSET_TAG_RETURN_LIMIT = SEC_ASSET_TYPE_NUMBER | 0x41, 161 /** 162 * Offset that indicates the start asset when multiple asset records are returned. The value is of the uint32 type. 163 */ 164 SEC_ASSET_TAG_RETURN_OFFSET = SEC_ASSET_TYPE_NUMBER | 0x42, 165 /** 166 * Sorting order of the assets in the query result. The value is of the uint32 type. 167 */ 168 SEC_ASSET_TAG_RETURN_ORDERED_BY = SEC_ASSET_TYPE_NUMBER | 0x43, 169 /** 170 * Policy used to resolve the conflict occurred when an asset is added. The value is of the uint32 type. 171 */ 172 SEC_ASSET_TAG_CONFLICT_RESOLUTION = SEC_ASSET_TYPE_NUMBER | 0x44, 173 /** 174 * A tag whose value is a byte array indicating the update time of an Asset. 175 */ 176 SEC_ASSET_TAG_UPDATE_TIME = SEC_ASSET_TYPE_BYTES | 0x45, 177 /** 178 * A tag whose value is the uint32 type indicating the additional action. 179 */ 180 SEC_ASSET_TAG_OPERATION_TYPE = SEC_ASSET_TYPE_NUMBER | 0x46, 181 /** 182 * A tag whose value is a bool indicating whether the attributes of an asset are required to be encrypted. 183 */ 184 SEC_ASSET_TAG_REQUIRE_ATTR_ENCRYPTED = SEC_ASSET_TYPE_BOOL | 0x47, 185 /** 186 * A tag whose value is a byte array indicating the group id an asset belongs to. 187 */ 188 SEC_ASSET_TAG_GROUP_ID = SEC_ASSET_TYPE_BYTES | 0x48, 189 /** 190 * A tag whose value is a 32-bit unsigned integer indicating the type of Asset encapsulation. 191 */ 192 SEC_ASSET_TAG_WRAP_TYPE = SEC_ASSET_TYPE_NUMBER | 0x49, 193 /** 194 * Tag used to store specific user id. The value is of the uint32 type. 195 */ 196 SEC_ASSET_TAG_USER_ID = SEC_ASSET_TYPE_NUMBER | 0x100, 197 } AssetTag; 198 199 /** 200 * @brief Enumerates the result codes used in the ASSET APIs. 201 */ 202 typedef enum { 203 /** 204 * The operation is successful. 205 */ 206 SEC_ASSET_SUCCESS = 0, 207 /** 208 * The caller does not have the required permission. 209 */ 210 SEC_ASSET_PERMISSION_DENIED = 201, 211 /** 212 * The caller not system application. 213 */ 214 SEC_ASSET_NOT_SYSTEM_APPLICATION = 202, 215 /** 216 * The parameter is invalid. 217 */ 218 SEC_ASSET_INVALID_ARGUMENT = 401, 219 /** 220 * The asset service is unavailable. 221 */ 222 SEC_ASSET_SERVICE_UNAVAILABLE = 24000001, 223 /** 224 * The asset is not found. 225 */ 226 SEC_ASSET_NOT_FOUND = 24000002, 227 /** 228 * The asset already exists. 229 */ 230 SEC_ASSET_DUPLICATED = 24000003, 231 /** 232 * The access to the asset is denied. 233 */ 234 SEC_ASSET_ACCESS_DENIED = 24000004, 235 /** 236 * The lock screen status does not match the access control type specified. 237 */ 238 SEC_ASSET_STATUS_MISMATCH = 24000005, 239 /** 240 * The system memory is insufficient. 241 */ 242 SEC_ASSET_OUT_OF_MEMORY = 24000006, 243 /** 244 * The asset is corrupted. 245 */ 246 SEC_ASSET_DATA_CORRUPTED = 24000007, 247 /** 248 * The database operation failed. 249 */ 250 SEC_ASSET_DATABASE_ERROR = 24000008, 251 /** 252 * The cryptography operation failed. 253 */ 254 SEC_ASSET_CRYPTO_ERROR = 24000009, 255 /** 256 * The inter-process communication (IPC) failed. 257 */ 258 SEC_ASSET_IPC_ERROR = 24000010, 259 /** 260 * The Bundle Manager service is abnormal. 261 */ 262 SEC_ASSET_BMS_ERROR = 24000011, 263 /** 264 * The Account service is abnormal. 265 */ 266 SEC_ASSET_ACCOUNT_ERROR = 24000012, 267 /** 268 * The Access Token service is abnormal. 269 */ 270 SEC_ASSET_ACCESS_TOKEN_ERROR = 24000013, 271 /** 272 * The file operation failed. 273 */ 274 SEC_ASSET_FILE_OPERATION_ERROR = 24000014, 275 /** 276 * The operation for obtaining the system time failed. 277 */ 278 SEC_ASSET_GET_SYSTEM_TIME_ERROR = 24000015, 279 /** 280 * The number of cached assets exceeds the limit. 281 */ 282 SEC_ASSET_LIMIT_EXCEEDED = 24000016, 283 /** 284 * The function is not supported. 285 */ 286 SEC_ASSET_UNSUPPORTED = 24000017, 287 } AssetResultCode; 288 289 /** 290 * @brief Enumerates the types of the access control based on the lock screen status. 291 */ 292 typedef enum { 293 /** 294 * The asset can be accessed after the device is powered on. 295 */ 296 SEC_ASSET_ACCESSIBILITY_DEVICE_POWERED_ON = 0, 297 /** 298 * The asset can be accessed only after the device is unlocked for the first time. 299 */ 300 SEC_ASSET_ACCESSIBILITY_DEVICE_FIRST_UNLOCKED = 1, 301 /** 302 * The asset can be accessed only after the device is unlocked. 303 */ 304 SEC_ASSET_ACCESSIBILITY_DEVICE_UNLOCKED = 2, 305 } AssetAccessibility; 306 307 /** 308 * @brief Enumerates the user authentication types supported for assets. 309 */ 310 typedef enum { 311 /** 312 * No user authentication is required before the asset is accessed. 313 */ 314 SEC_ASSET_AUTH_TYPE_NONE = 0x00, 315 /** 316 * The asset can be accessed if any user authentication (such as PIN, facial, or fingerprint authentication) is 317 * successful. 318 */ 319 SEC_ASSET_AUTH_TYPE_ANY = 0xFF, 320 } AssetAuthType; 321 322 /** 323 * @brief Enumerates the asset synchronization types. 324 */ 325 typedef enum { 326 /** 327 * Asset synchronization is not allowed. 328 */ 329 SEC_ASSET_SYNC_TYPE_NEVER = 0, 330 /** 331 * Asset synchronization is allowed only on the local device, for example, in data restoration on the local device. 332 */ 333 SEC_ASSET_SYNC_TYPE_THIS_DEVICE = 1 << 0, 334 /** 335 * Asset synchronization is allowed only between trusted devices, for example, in the case of cloning. 336 */ 337 SEC_ASSET_SYNC_TYPE_TRUSTED_DEVICE = 1 << 1, 338 /** 339 * Asset synchronization is allowed only between trusted devices, for example, in the case of cloning. 340 */ 341 SEC_ASSET_SYNC_TYPE_TRUSTED_ACCOUNT = 1 << 2, 342 } AssetSyncType; 343 344 /** 345 * @brief An enum type indicates the type of Asset encapsulation. 346 */ 347 typedef enum { 348 /** 349 * An Asset with this attribute value is never allowed to be wrapped up. 350 */ 351 SEC_ASSET_WRAP_TYPE_NEVER = 0, 352 /** 353 * An Asset with this attribute value can only be wrapped or unwrapped on devices logged in with trusted accounts. 354 */ 355 SEC_ASSET_WRAP_TYPE_TRUSTED_ACCOUNT = 1, 356 } AssetWrapType; 357 358 /** 359 * @brief Enumerates the policies for resolving the conflict (for example, duplicate alias) occurred when 360 * an asset is added. 361 */ 362 typedef enum { 363 /** 364 * Overwrite the existing asset. 365 */ 366 SEC_ASSET_CONFLICT_OVERWRITE = 0, 367 /** 368 * Throw an exception for the service to perform subsequent processing. 369 */ 370 SEC_ASSET_CONFLICT_THROW_ERROR = 1, 371 } AssetConflictResolution; 372 373 /** 374 * @brief Enumerates the types of the asset query result. 375 */ 376 typedef enum { 377 /** 378 * The query result contains the asset in plaintext and its attributes. 379 */ 380 SEC_ASSET_RETURN_ALL = 0, 381 /** 382 * The query result contains only the asset attributes. 383 */ 384 SEC_ASSET_RETURN_ATTRIBUTES = 1, 385 } AssetReturnType; 386 387 /** 388 * @brief Enumerates the types of the asset query result. 389 */ 390 typedef enum { 391 /** 392 * Trigger Sync. 393 */ 394 SEC_ASSET_NEED_SYNC = 0, 395 /** 396 * Logout account to clean cloud flag. 397 */ 398 SEC_ASSET_NEED_LOGOUT = 1, 399 /** 400 * Delete cloud data. 401 */ 402 SEC_ASSET_NEED_DELETE_CLOUD_DATA = 2, 403 } AssetOperationType; 404 405 /** 406 * @brief Defines an asset value in the forma of a binary array, that is, a variable-length byte array. 407 */ 408 typedef struct { 409 /** 410 * Size of the byte array. 411 */ 412 uint32_t size; 413 /** 414 * Pointer to the byte array. 415 */ 416 uint8_t *data; 417 } AssetBlob; 418 419 /** 420 * @brief Defines the value (content) of an asset attribute. 421 */ 422 typedef union { 423 /** 424 * Asset of the Boolean type. 425 */ 426 bool boolean; 427 /** 428 * Asset of the uint32 type. 429 */ 430 uint32_t u32; 431 /** 432 * Asset of the bytes type. 433 */ 434 AssetBlob blob; 435 } AssetValue; 436 437 /** 438 * @brief Defines an asset attribute. 439 */ 440 typedef struct { 441 /** 442 * Tag of the asset attribute. 443 */ 444 uint32_t tag; 445 /** 446 * Value of the asset attribute. 447 */ 448 AssetValue value; 449 } AssetAttr; 450 451 /** 452 * @brief Represents information about an asset. 453 */ 454 typedef struct { 455 /** 456 * Number of asset attributes. 457 */ 458 uint32_t count; 459 /** 460 * Pointer to the array of the asset attributes. 461 */ 462 AssetAttr *attrs; 463 } AssetResult; 464 465 /** 466 * @brief Represents information about a set of assets. 467 */ 468 typedef struct { 469 /** 470 * Number of assets. 471 */ 472 uint32_t count; 473 /** 474 * Pointer to the array of the assets. 475 */ 476 AssetResult *results; 477 } AssetResultSet; 478 479 #ifdef __cplusplus 480 } 481 #endif 482 483 #endif // ASSET_SYSTEM_TYPE_H