1 /* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef APP_FILE_SERVICE_FILE_PERMISSION 17 #define APP_FILE_SERVICE_FILE_PERMISSION 18 19 #include <deque> 20 #include <string> 21 #include <vector> 22 #ifdef SANDBOX_MANAGER 23 #include "sandbox_manager_kit.h" 24 #endif 25 26 namespace OHOS { 27 namespace AppFileService { 28 using namespace std; 29 #ifdef SANDBOX_MANAGER 30 using namespace AccessControl::SandboxManager; 31 #endif 32 constexpr const int32_t MAX_ARRAY_SIZE = 500; 33 typedef enum OperationMode { 34 READ_MODE = 1 << 0, 35 WRITE_MODE = 1 << 1, 36 } OperationMode; 37 38 typedef enum PolicyFlag { 39 ALLOW_PERSISTENCE = 1 << 0, 40 FORBID_PERSISTENCE = 1 << 1, 41 } PolicyFlag; 42 43 enum PolicyErrorCode { 44 PERSISTENCE_FORBIDDEN = 1, 45 INVALID_MODE = 2, 46 INVALID_PATH = 3, 47 PERMISSION_NOT_PERSISTED = 4, 48 }; 49 50 enum PolicyType { 51 TEMPORARY_TYPE = 0, 52 PERSISTENT_TYPE = 1, 53 }; 54 55 struct UriPolicyInfo { 56 string uri = ""; 57 uint32_t mode = OperationMode::READ_MODE; 58 }; 59 60 struct PathPolicyInfo { 61 string path = ""; 62 uint32_t mode = OperationMode::READ_MODE; 63 }; 64 65 struct PolicyErrorResult { 66 string uri = ""; 67 PolicyErrorCode code = PolicyErrorCode::PERSISTENCE_FORBIDDEN; 68 string message = ""; 69 }; 70 71 class FilePermission { 72 public: 73 static int32_t PersistPermission(const vector<UriPolicyInfo> &uriPolicies, 74 deque<struct PolicyErrorResult> &errorResults); 75 static int32_t RevokePermission(const vector<UriPolicyInfo> &uriPolicies, 76 deque<struct PolicyErrorResult> &errorResults); 77 static int32_t ActivatePermission(const vector<UriPolicyInfo> &uriPolicies, 78 deque<struct PolicyErrorResult> &errorResults); 79 static int32_t DeactivatePermission(const vector<UriPolicyInfo> &uriPolicies, 80 deque<struct PolicyErrorResult> &errorResults); 81 static int32_t CheckPersistentPermission(const vector<UriPolicyInfo> &uriPolicies, vector<bool> &errorResults); 82 static string GetPathByPermission(const std::string &userName, const std::string &permission); 83 static int32_t CheckUriPersistentPermission(uint32_t tokenId, 84 const vector<UriPolicyInfo> &uriPolicies, 85 vector<bool> &errorResults); 86 static int32_t CheckPathPermission(uint32_t tokenId, 87 const vector<PathPolicyInfo> &uriPolicies, 88 int32_t policyType, 89 vector<bool> &errorResults); 90 #ifdef SANDBOX_MANAGER 91 private: 92 static void ParseErrorResults(const vector<uint32_t> &resultCodes, 93 const vector<PolicyInfo> &pathPolicies, 94 deque<struct PolicyErrorResult> &errorResults); 95 static void ParseErrorResults(const vector<bool> &resultCodes, vector<bool> &errorResults); 96 static vector<PolicyInfo> GetPathPolicyInfoFromUriPolicyInfo(const vector<UriPolicyInfo> &uriPolicies, 97 deque<struct PolicyErrorResult> &errorResults); 98 static vector<PolicyInfo> GetPathPolicyInfoFromUriPolicyInfo(const vector<UriPolicyInfo> &uriPolicies, 99 vector<bool> &errorResults); 100 static vector<PolicyInfo> GetSandboxPolicyInfo(const vector<PathPolicyInfo> &pathPolicies); 101 #endif 102 }; 103 } // namespace AppFileService 104 } // namespace OHOS 105 106 #endif