1 /* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef ROSEN_RENDER_SERVICE_BASE_RS_IPC_INTERFACE_CODE_ACCESS_VERIFIER_BASE_H 17 #define ROSEN_RENDER_SERVICE_BASE_RS_IPC_INTERFACE_CODE_ACCESS_VERIFIER_BASE_H 18 19 #include <memory> 20 #include <unordered_map> 21 #include <unordered_set> 22 #include <vector> 23 #include <algorithm> 24 25 #ifdef ENABLE_IPC_SECURITY 26 #include "accesstoken_kit.h" 27 #include "access_token.h" 28 #include "ipc_skeleton.h" 29 #endif 30 31 #include "common/rs_macros.h" 32 #include "ipc_security/rs_ipc_interface_code_underlying_type.h" 33 #include "ipc_security/rs_ipc_interface_permission_type.h" 34 35 #include "nocopyable.h" 36 #include "platform/common/rs_system_properties.h" 37 38 namespace OHOS { 39 namespace Rosen { 40 class RSB_EXPORT RSInterfaceCodeAccessVerifierBase { 41 public: 42 virtual ~RSInterfaceCodeAccessVerifierBase() noexcept = default; 43 44 bool IsInterfaceCodeAccessible(CodeUnderlyingType code); 45 virtual bool IsAccessTimesVerificationPassed(CodeUnderlyingType code, uint32_t times) const; 46 static void GetAccessType(bool& isTokenTypeValid, bool& isNonSystemAppCalling); 47 48 static bool IsSystemCalling(const std::string& callingCode); 49 50 static bool IsStartByHdcd(bool isLocalSysCalling = false); 51 protected: 52 /* this class cannot be instantiated */ 53 RSInterfaceCodeAccessVerifierBase() = default; 54 55 /* specify the exclusive verification rules in the derived class */ 56 virtual bool IsExclusiveVerificationPassed(CodeUnderlyingType code) = 0; 57 58 /* specify tools for verifying the access right */ 59 #ifdef ENABLE_IPC_SECURITY 60 static Security::AccessToken::ATokenTypeEnum GetTokenType(); 61 Security::AccessToken::AccessTokenID GetTokenID() const; 62 bool CheckNativePermission(const Security::AccessToken::AccessTokenID tokenID, const std::string& permission) const; 63 bool CheckHapPermission(const Security::AccessToken::AccessTokenID tokenID, const std::string& permission) const; 64 std::string PermissionEnumToString(PermissionType permission) const; 65 bool AddPermission(CodeUnderlyingType interfaceName, const std::string& newPermission); 66 std::vector<std::string> GetPermissions(CodeUnderlyingType interfaceName) const; 67 int GetInterfacePermissionSize() const; 68 69 static bool IsSystemApp(); 70 #endif 71 bool IsAncoCalling(const std::string& callingCode) const; 72 bool IsFoundationCalling(const std::string& callingCode) const; 73 bool CheckPermission(CodeUnderlyingType code) const; 74 bool IsStylusServiceCalling(const std::string& callingCode) const; 75 76 private: 77 DISALLOW_COPY_AND_MOVE(RSInterfaceCodeAccessVerifierBase); 78 79 /* specify the communal verification rules in the base class */ 80 bool IsCommonVerificationPassed(CodeUnderlyingType code); 81 std::unordered_map<CodeUnderlyingType, std::vector<std::string>> interfacePermissions_; 82 83 }; 84 } // namespace Rosen 85 } // namespace OHOS 86 #endif // ROSEN_RENDER_SERVICE_BASE_RS_IPC_INTERFACE_CODE_ACCESS_VERIFIER_BASE_H 87