1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dlp_permission_stub.h"
17 #include "accesstoken_kit.h"
18 #include "bundle_mgr_client.h"
19 #include "bundle_mgr_interface.h"
20 #include "dlp_dfx_define.h"
21 #include "dlp_permission.h"
22 #include "dlp_permission_log.h"
23 #include "hap_token_info.h"
24 #include "ipc_skeleton.h"
25 #include "iservice_registry.h"
26 #include "os_account_manager.h"
27 #include "securec.h"
28 #include "string_ex.h"
29 #include "system_ability_definition.h"
30
31 using namespace OHOS::Security::AccessToken;
32 namespace OHOS {
33 namespace Security {
34 namespace DlpPermission {
35 namespace {
36 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_DLP_PERMISSION, "DlpPermissionStub"};
37 static const std::string FOUNDATION_SERVICE_NAME = "foundation";
38 const std::string PERMISSION_ACCESS_DLP_FILE = "ohos.permission.ACCESS_DLP_FILE";
39 static const std::string CRED_HAP_IDENTIFIER = "5765880207854232861";
40 } // namespace
41
GetOsAccountId(int32_t & osAccountId)42 static int32_t GetOsAccountId(int32_t &osAccountId)
43 {
44 using OHOS::AccountSA::OsAccountManager;
45 std::vector<int32_t> ids;
46 int32_t ret = OsAccountManager::QueryActiveOsAccountIds(ids);
47 if (ret != OHOS::ERR_OK) {
48 DLP_LOG_ERROR(LABEL, "Call QueryActiveOsAccountIds from OsAccountKits failed. ret:%{public}d.", ret);
49 return DLP_HAP_ID_GET_ERROR;
50 }
51 if (ids.empty() || (ids.at(0) < 0)) {
52 DLP_LOG_ERROR(LABEL, "The ids from OsAccountKits is invalid.");
53 return DLP_HAP_ID_GET_ERROR;
54 }
55 osAccountId = ids.at(0);
56 return DLP_OK;
57 }
58
GetBundleMgrsa()59 static sptr<AppExecFwk::IBundleMgr> GetBundleMgrsa()
60 {
61 auto systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
62 if (systemAbilityManager == nullptr) {
63 DLP_LOG_ERROR(LABEL, "GetBundleMgr GetSystemAbilityManager is null.");
64 return nullptr;
65 }
66 auto bundleMgrSa = systemAbilityManager->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
67 if (bundleMgrSa == nullptr) {
68 DLP_LOG_ERROR(LABEL, "GetBundleMgr GetSystemAbility is null.");
69 return nullptr;
70 }
71
72 return iface_cast<AppExecFwk::IBundleMgr>(bundleMgrSa);
73 }
74
GetAppIdentifier(const std::string & bundleName,std::string & appIdentifier,int32_t userId)75 static bool GetAppIdentifier(const std::string &bundleName, std::string &appIdentifier, int32_t userId)
76 {
77 auto bundleMgr = GetBundleMgrsa();
78 if (bundleMgr == nullptr) {
79 DLP_LOG_ERROR(LABEL, "GetAppIdentifier cant get bundleMgr.");
80 return false;
81 }
82 AppExecFwk::BundleInfo bundleInfo;
83 int ret = bundleMgr->GetBundleInfoV9(bundleName,
84 static_cast<int32_t>(AppExecFwk::GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_SIGNATURE_INFO), bundleInfo, userId);
85 if (ret != 0) {
86 DLP_LOG_ERROR(LABEL, "GetAppIdentifier failed to get bundle info for %{public}s due to errCode %{public}d.",
87 bundleName.c_str(), ret);
88 return false;
89 }
90 if (bundleInfo.signatureInfo.appIdentifier.empty()) {
91 DLP_LOG_ERROR(LABEL, "GetAppIdentifier cant get appIdentifier.");
92 return false;
93 }
94 appIdentifier = bundleInfo.signatureInfo.appIdentifier;
95 return true;
96 }
97
CheckPermissionForConnect(uint32_t callerTokenId)98 static int32_t CheckPermissionForConnect(uint32_t callerTokenId)
99 {
100 int32_t osAccountId = 0;
101 int32_t ret = GetOsAccountId(osAccountId);
102 if (ret != DLP_OK) {
103 DLP_LOG_ERROR(LABEL, "Failed to GetOsAccountId.");
104 return ret;
105 }
106
107 HapTokenInfo hapTokenInfo;
108 int32_t result = AccessTokenKit::GetHapTokenInfo(callerTokenId, hapTokenInfo);
109 if (result != 0) {
110 DLP_LOG_ERROR(LABEL, "Failed to GetHapTokenInfo.");
111 return DLP_HAP_ID_GET_ERROR;
112 }
113
114 std::string appIdentifier;
115 if (GetAppIdentifier(hapTokenInfo.bundleName, appIdentifier, osAccountId) == false) {
116 DLP_LOG_ERROR(LABEL, "Failed to check appIdentifier.");
117 return DLP_HAP_ID_GET_ERROR;
118 }
119
120 if (appIdentifier != CRED_HAP_IDENTIFIER) {
121 DLP_LOG_ERROR(LABEL, "Failed to match appIdentifier.");
122 return DLP_HAP_ID_GET_ERROR;
123 }
124 return DLP_OK;
125 }
126
CheckPermission(const std::string & permission)127 static bool CheckPermission(const std::string& permission)
128 {
129 Security::AccessToken::AccessTokenID callingToken = IPCSkeleton::GetCallingTokenID();
130 if (CheckPermissionForConnect(callingToken) == DLP_OK) {
131 DLP_LOG_INFO(LABEL, "Check permission %{public}s pass due to authenticated hap.", permission.c_str());
132 return true;
133 }
134 int res = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callingToken, permission);
135 if (res == Security::AccessToken::PermissionState::PERMISSION_GRANTED) {
136 DLP_LOG_INFO(LABEL, "Check permission %{public}s pass", permission.c_str());
137 return true;
138 }
139
140 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::DLP, "DLP_PERMISSION_REPORT",
141 HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", DLP_PERMISSION_VERIFY_ERROR,
142 "CALLER_TOKENID", callingToken);
143
144 DLP_LOG_ERROR(LABEL, "Check permission %{public}s fail", permission.c_str());
145 return false;
146 }
147
IsSaCall()148 static bool IsSaCall()
149 {
150 Security::AccessToken::AccessTokenID callingToken = IPCSkeleton::GetCallingTokenID();
151 Security::AccessToken::TypeATokenTypeEnum res = Security::AccessToken::AccessTokenKit::GetTokenType(callingToken);
152 return (res == Security::AccessToken::TOKEN_NATIVE);
153 }
154
CheckSandboxFlag(AccessToken::AccessTokenID tokenId,bool & sandboxFlag)155 static int32_t CheckSandboxFlag(AccessToken::AccessTokenID tokenId, bool& sandboxFlag)
156 {
157 int32_t res = AccessToken::AccessTokenKit::GetHapDlpFlag(tokenId);
158 if (res < 0) {
159 DLP_LOG_ERROR(LABEL, "Invalid tokenId, tokenId: %{public}d", tokenId);
160 return res;
161 }
162 sandboxFlag = (res == 1);
163 return DLP_OK;
164 }
165
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)166 int32_t DlpPermissionStub::OnRemoteRequest(
167 uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option)
168 {
169 DLP_LOG_INFO(LABEL, "Called, code: %{public}x, pid: %{public}d, uid: %{public}d", code,
170 IPCSkeleton::GetCallingRealPid(), IPCSkeleton::GetCallingUid());
171
172 std::u16string descripter = DlpPermissionStub::GetDescriptor();
173 std::u16string remoteDescripter = data.ReadInterfaceToken();
174 if (descripter != remoteDescripter) {
175 DLP_LOG_ERROR(LABEL, "Deal remote request fail, descriptor is not matched");
176 return DLP_SERVICE_ERROR_IPC_REQUEST_FAIL;
177 }
178
179 auto itFunc = requestFuncMap_.find(code);
180 if (itFunc != requestFuncMap_.end()) {
181 auto requestFunc = itFunc->second.funcType;
182 if (requestFunc != nullptr) {
183 int32_t res = requestFunc(data, reply);
184 #ifndef DLP_FUZZ_TEST
185 if (itFunc->second.isNeedStartTimer) {
186 DLP_LOG_DEBUG(LABEL, "enter StartTimer");
187 StartTimer();
188 }
189 #endif
190 return res;
191 }
192 }
193
194 return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
195 }
196
GenerateDlpCertificateInner(MessageParcel & data,MessageParcel & reply)197 int32_t DlpPermissionStub::GenerateDlpCertificateInner(MessageParcel& data, MessageParcel& reply)
198 {
199 if (!CheckPermission(PERMISSION_ACCESS_DLP_FILE)) {
200 return DLP_SERVICE_ERROR_PERMISSION_DENY;
201 }
202
203 sptr<DlpPolicyParcel> policyParcel = data.ReadParcelable<DlpPolicyParcel>();
204 if (policyParcel == nullptr) {
205 DLP_LOG_ERROR(LABEL, "Read dlp policy parcel fail");
206 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
207 }
208
209 sptr<IRemoteObject> obj = data.ReadRemoteObject();
210 if (obj == nullptr) {
211 DLP_LOG_ERROR(LABEL, "Read generate cert callback object fail");
212 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
213 }
214
215 sptr<IDlpPermissionCallback> callback = iface_cast<IDlpPermissionCallback>(obj);
216 if (callback == nullptr) {
217 DLP_LOG_ERROR(LABEL, "Iface cast generate cert callback fail");
218 return DLP_SERVICE_ERROR_VALUE_INVALID;
219 }
220
221 int32_t res = GenerateDlpCertificate(policyParcel, callback);
222 if (!reply.WriteInt32(res)) {
223 DLP_LOG_ERROR(LABEL, "Write generate cert result fail");
224 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
225 }
226 return DLP_OK;
227 }
228
ParseDlpCertificateInner(MessageParcel & data,MessageParcel & reply)229 int32_t DlpPermissionStub::ParseDlpCertificateInner(MessageParcel& data, MessageParcel& reply)
230 {
231 if (!CheckPermission(PERMISSION_ACCESS_DLP_FILE)) {
232 return DLP_SERVICE_ERROR_PERMISSION_DENY;
233 }
234 std::string appId;
235 if (!data.ReadString(appId)) {
236 DLP_LOG_ERROR(LABEL, "Read appId fail");
237 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
238 }
239 sptr<CertParcel> certParcel = data.ReadParcelable<CertParcel>();
240 if (certParcel == nullptr) {
241 DLP_LOG_ERROR(LABEL, "Read certParcel fail");
242 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
243 }
244 sptr<IRemoteObject> obj = data.ReadRemoteObject();
245 if (obj == nullptr) {
246 DLP_LOG_ERROR(LABEL, "Read parse cert callback object fail");
247 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
248 }
249 bool offlineAccess = false;
250 if (!data.ReadBool(offlineAccess)) {
251 DLP_LOG_ERROR(LABEL, "Read offlineAccess fail");
252 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
253 }
254 sptr<IDlpPermissionCallback> callback = iface_cast<IDlpPermissionCallback>(obj);
255 if (callback == nullptr) {
256 DLP_LOG_ERROR(LABEL, "Iface cast parse cert callback fail");
257 return DLP_SERVICE_ERROR_VALUE_INVALID;
258 }
259
260 int32_t res = ParseDlpCertificate(certParcel, callback, appId, offlineAccess);
261 if (!reply.WriteInt32(res)) {
262 DLP_LOG_ERROR(LABEL, "Write parse cert result fail");
263 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
264 }
265 return DLP_OK;
266 }
267
InstallDlpSandboxInner(MessageParcel & data,MessageParcel & reply)268 int32_t DlpPermissionStub::InstallDlpSandboxInner(MessageParcel& data, MessageParcel& reply)
269 {
270 if (!CheckPermission(PERMISSION_ACCESS_DLP_FILE)) {
271 return DLP_SERVICE_ERROR_PERMISSION_DENY;
272 }
273
274 std::string bundleName;
275 if (!data.ReadString(bundleName)) {
276 DLP_LOG_ERROR(LABEL, "Read bundle name fail");
277 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
278 }
279
280 uint32_t type;
281 if (!data.ReadUint32(type)) {
282 DLP_LOG_ERROR(LABEL, "Read auth perm type fail");
283 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
284 }
285 DLPFileAccess dlpFileAccess = static_cast<DLPFileAccess>(type);
286
287 int32_t userId;
288 if (!data.ReadInt32(userId)) {
289 DLP_LOG_ERROR(LABEL, "Read user id fail");
290 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
291 }
292
293 std::string uri;
294 if (!data.ReadString(uri)) {
295 DLP_LOG_ERROR(LABEL, "Read uri fail");
296 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
297 }
298
299 SandboxInfo sandboxInfo;
300 int32_t res = InstallDlpSandbox(bundleName, dlpFileAccess, userId, sandboxInfo, uri);
301 if (!reply.WriteInt32(res)) {
302 DLP_LOG_ERROR(LABEL, "Write install sandbox result fail");
303 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
304 }
305 if (!reply.WriteInt32(sandboxInfo.appIndex)) {
306 DLP_LOG_ERROR(LABEL, "Write sandbox index fail");
307 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
308 }
309 if (!reply.WriteUint32(sandboxInfo.tokenId)) {
310 DLP_LOG_ERROR(LABEL, "Write sandbox tokenId fail");
311 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
312 }
313 return DLP_OK;
314 }
315
UninstallDlpSandboxInner(MessageParcel & data,MessageParcel & reply)316 int32_t DlpPermissionStub::UninstallDlpSandboxInner(MessageParcel& data, MessageParcel& reply)
317 {
318 if (!CheckPermission(PERMISSION_ACCESS_DLP_FILE)) {
319 return DLP_SERVICE_ERROR_PERMISSION_DENY;
320 }
321
322 std::string bundleName;
323 if (!data.ReadString(bundleName)) {
324 DLP_LOG_ERROR(LABEL, "Read bundle name fail");
325 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
326 }
327
328 int32_t appIndex;
329 if (!data.ReadInt32(appIndex)) {
330 DLP_LOG_ERROR(LABEL, "Read sandbox index fail");
331 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
332 }
333
334 int32_t userId;
335 if (!data.ReadInt32(userId)) {
336 DLP_LOG_ERROR(LABEL, "Read user id fail");
337 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
338 }
339
340 int32_t res = UninstallDlpSandbox(bundleName, appIndex, userId);
341 if (!reply.WriteInt32(res)) {
342 DLP_LOG_ERROR(LABEL, "Write uninstall sandbox result fail");
343 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
344 }
345 return DLP_OK;
346 }
347
GetSandboxExternalAuthorizationInner(MessageParcel & data,MessageParcel & reply)348 int32_t DlpPermissionStub::GetSandboxExternalAuthorizationInner(MessageParcel& data, MessageParcel& reply)
349 {
350 if (!IsSaCall() && !CheckPermission(PERMISSION_ACCESS_DLP_FILE)) {
351 DLP_LOG_ERROR(LABEL, "Caller is not SA or has no ACCESS_DLP_FILE permission");
352 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
353 }
354 int32_t sandboxUid;
355 if (!data.ReadInt32(sandboxUid)) {
356 DLP_LOG_ERROR(LABEL, "Read sandbox uid fail");
357 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
358 }
359
360 std::unique_ptr<AAFwk::Want> want(data.ReadParcelable<AAFwk::Want>());
361 if (want == nullptr) {
362 DLP_LOG_ERROR(LABEL, "Read want fail");
363 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
364 }
365
366 SandBoxExternalAuthorType authType;
367 int32_t res = GetSandboxExternalAuthorization(sandboxUid, *want, authType);
368 if (res != DLP_OK) {
369 return res;
370 }
371
372 if (!reply.WriteInt32(authType)) {
373 DLP_LOG_ERROR(LABEL, "Write sandbox external auth type fail");
374 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
375 }
376 return DLP_OK;
377 }
378
QueryDlpFileCopyableByTokenIdInner(MessageParcel & data,MessageParcel & reply)379 int32_t DlpPermissionStub::QueryDlpFileCopyableByTokenIdInner(MessageParcel& data, MessageParcel& reply)
380 {
381 uint32_t tokenId;
382 if (!data.ReadUint32(tokenId)) {
383 DLP_LOG_ERROR(LABEL, "Read token id fail");
384 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
385 }
386 bool copyable = false;
387 int32_t res = QueryDlpFileCopyableByTokenId(copyable, tokenId);
388 if (!reply.WriteInt32(res)) {
389 DLP_LOG_ERROR(LABEL, "Write copyalbe query result fail");
390 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
391 }
392 if (!reply.WriteBool(copyable)) {
393 DLP_LOG_ERROR(LABEL, "Write copyalbe fail");
394 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
395 }
396 return DLP_OK;
397 }
398
QueryDlpFileAccessInner(MessageParcel & data,MessageParcel & reply)399 int32_t DlpPermissionStub::QueryDlpFileAccessInner(MessageParcel& data, MessageParcel& reply)
400 {
401 bool sandboxFlag;
402 if (CheckSandboxFlag(GetCallingTokenID(), sandboxFlag) != DLP_OK) {
403 return DLP_SERVICE_ERROR_VALUE_INVALID;
404 }
405 if (!sandboxFlag) {
406 DLP_LOG_ERROR(LABEL, "Forbid called by a non-sandbox app");
407 return DLP_SERVICE_ERROR_API_ONLY_FOR_SANDBOX_ERROR;
408 }
409 DLPPermissionInfoParcel permInfoParcel;
410 int32_t res = QueryDlpFileAccess(permInfoParcel);
411 if (!reply.WriteInt32(res)) {
412 DLP_LOG_ERROR(LABEL, "Write dlp file access query result fail");
413 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
414 }
415 if (!reply.WriteParcelable(&permInfoParcel)) {
416 DLP_LOG_ERROR(LABEL, "WriteParcelable fail");
417 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
418 }
419 return DLP_OK;
420 }
421
IsInDlpSandboxInner(MessageParcel & data,MessageParcel & reply)422 int32_t DlpPermissionStub::IsInDlpSandboxInner(MessageParcel& data, MessageParcel& reply)
423 {
424 bool inSandbox = false;
425 int32_t res = IsInDlpSandbox(inSandbox);
426 if (!reply.WriteInt32(res)) {
427 DLP_LOG_ERROR(LABEL, "Write sandbox query result fail");
428 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
429 }
430 if (!reply.WriteBool(inSandbox)) {
431 DLP_LOG_ERROR(LABEL, "Write sandbox flag fail");
432 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
433 }
434 return DLP_OK;
435 }
436
GetDlpSupportFileTypeInner(MessageParcel & data,MessageParcel & reply)437 int32_t DlpPermissionStub::GetDlpSupportFileTypeInner(MessageParcel& data, MessageParcel& reply)
438 {
439 std::vector<std::string> supportFileType;
440 int32_t res = GetDlpSupportFileType(supportFileType);
441 if (!reply.WriteInt32(res)) {
442 DLP_LOG_ERROR(LABEL, "Write support dlp file type query result fail");
443 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
444 }
445 size_t listNum = supportFileType.size();
446 if (!reply.WriteUint32(static_cast<uint32_t>(listNum))) {
447 DLP_LOG_ERROR(LABEL, "Write support dlp file type list num fail");
448 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
449 }
450 for (const auto& iter : supportFileType) {
451 if (!reply.WriteString(iter)) {
452 DLP_LOG_ERROR(LABEL, "Write support dlp file type string fail");
453 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
454 }
455 }
456 return DLP_OK;
457 }
458
RegisterDlpSandboxChangeCallbackInner(MessageParcel & data,MessageParcel & reply)459 int32_t DlpPermissionStub::RegisterDlpSandboxChangeCallbackInner(MessageParcel &data, MessageParcel &reply)
460 {
461 if (!CheckPermission(PERMISSION_ACCESS_DLP_FILE)) {
462 return DLP_SERVICE_ERROR_PERMISSION_DENY;
463 }
464 sptr<IRemoteObject> callback = data.ReadRemoteObject();
465 if (callback == nullptr) {
466 DLP_LOG_ERROR(LABEL, "read callback fail");
467 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
468 }
469 int32_t result = RegisterDlpSandboxChangeCallback(callback);
470 reply.WriteInt32(result);
471 return DLP_OK;
472 }
473
UnRegisterDlpSandboxChangeCallbackInner(MessageParcel & data,MessageParcel & reply)474 int32_t DlpPermissionStub::UnRegisterDlpSandboxChangeCallbackInner(MessageParcel &data, MessageParcel &reply)
475 {
476 if (!CheckPermission(PERMISSION_ACCESS_DLP_FILE)) {
477 return DLP_SERVICE_ERROR_PERMISSION_DENY;
478 }
479 bool res = false;
480 int32_t result = UnRegisterDlpSandboxChangeCallback(res);
481 if (!reply.WriteInt32(result)) {
482 DLP_LOG_ERROR(LABEL, "Write sandbox query result fail");
483 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
484 }
485 if (!reply.WriteBool(res)) {
486 DLP_LOG_ERROR(LABEL, "Write sandbox flag fail");
487 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
488 }
489 return DLP_OK;
490 }
491
RegisterOpenDlpFileCallbackInner(MessageParcel & data,MessageParcel & reply)492 int32_t DlpPermissionStub::RegisterOpenDlpFileCallbackInner(MessageParcel &data, MessageParcel &reply)
493 {
494 bool sandboxFlag;
495 if (CheckSandboxFlag(GetCallingTokenID(), sandboxFlag) != DLP_OK) {
496 return DLP_SERVICE_ERROR_VALUE_INVALID;
497 }
498 if (sandboxFlag) {
499 DLP_LOG_ERROR(LABEL, "Forbid called by a sandbox app");
500 return DLP_SERVICE_ERROR_API_NOT_FOR_SANDBOX_ERROR;
501 }
502 sptr<IRemoteObject> callback = data.ReadRemoteObject();
503 if (callback == nullptr) {
504 DLP_LOG_ERROR(LABEL, "read callback fail");
505 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
506 }
507 int32_t result = RegisterOpenDlpFileCallback(callback);
508 reply.WriteInt32(result);
509 return DLP_OK;
510 }
511
UnRegisterOpenDlpFileCallbackInner(MessageParcel & data,MessageParcel & reply)512 int32_t DlpPermissionStub::UnRegisterOpenDlpFileCallbackInner(MessageParcel &data, MessageParcel &reply)
513 {
514 bool sandboxFlag;
515 if (CheckSandboxFlag(GetCallingTokenID(), sandboxFlag) != DLP_OK) {
516 return DLP_SERVICE_ERROR_VALUE_INVALID;
517 }
518 if (sandboxFlag) {
519 DLP_LOG_ERROR(LABEL, "Forbid called by a sandbox app");
520 return DLP_SERVICE_ERROR_API_NOT_FOR_SANDBOX_ERROR;
521 }
522 sptr<IRemoteObject> callback = data.ReadRemoteObject();
523 if (callback == nullptr) {
524 DLP_LOG_ERROR(LABEL, "read callback fail");
525 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
526 }
527 int32_t result = UnRegisterOpenDlpFileCallback(callback);
528 if (!reply.WriteInt32(result)) {
529 DLP_LOG_ERROR(LABEL, "Write un-register open dlp file callback result fail");
530 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
531 }
532 return DLP_OK;
533 }
534
GetDlpGatheringPolicyInner(MessageParcel & data,MessageParcel & reply)535 int32_t DlpPermissionStub::GetDlpGatheringPolicyInner(MessageParcel& data, MessageParcel& reply)
536 {
537 if (!CheckPermission(PERMISSION_ACCESS_DLP_FILE)) {
538 return DLP_SERVICE_ERROR_PERMISSION_DENY;
539 }
540 bool isGathering = false;
541 int32_t res = GetDlpGatheringPolicy(isGathering);
542 if (!reply.WriteInt32(res)) {
543 DLP_LOG_ERROR(LABEL, "Write GetDlpGatheringPolicy result fail");
544 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
545 }
546 if (!reply.WriteBool(isGathering)) {
547 DLP_LOG_ERROR(LABEL, "Write isGathering fail");
548 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
549 }
550
551 return DLP_OK;
552 }
553
SetRetentionStateInner(MessageParcel & data,MessageParcel & reply)554 int32_t DlpPermissionStub::SetRetentionStateInner(MessageParcel& data, MessageParcel& reply)
555 {
556 bool sandboxFlag;
557 if (CheckSandboxFlag(GetCallingTokenID(), sandboxFlag) != DLP_OK) {
558 return DLP_SERVICE_ERROR_VALUE_INVALID;
559 }
560 if (!sandboxFlag) {
561 DLP_LOG_ERROR(LABEL, "Forbid called by a non-sandbox app");
562 return DLP_SERVICE_ERROR_API_ONLY_FOR_SANDBOX_ERROR;
563 }
564 std::vector<std::string> docUriVec;
565 if (!data.ReadStringVector(&docUriVec)) {
566 DLP_LOG_ERROR(LABEL, "Read docUriVec id fail");
567 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
568 }
569
570 int32_t result = SetRetentionState(docUriVec);
571 if (!reply.WriteInt32(result)) {
572 DLP_LOG_ERROR(LABEL, "Write sandbox query result fail");
573 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
574 }
575 if (!reply.WriteBool(result == DLP_OK)) {
576 DLP_LOG_ERROR(LABEL, "Write sandbox flag fail");
577 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
578 }
579 return DLP_OK;
580 }
581
CancelRetentionStateInner(MessageParcel & data,MessageParcel & reply)582 int32_t DlpPermissionStub::CancelRetentionStateInner(MessageParcel& data, MessageParcel& reply)
583 {
584 std::vector<std::string> docUriVec;
585 if (!data.ReadStringVector(&docUriVec)) {
586 DLP_LOG_ERROR(LABEL, "Read token id fail");
587 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
588 }
589 int32_t result = CancelRetentionState(docUriVec);
590 if (!reply.WriteInt32(result)) {
591 DLP_LOG_ERROR(LABEL, "Write sandbox query result fail");
592 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
593 }
594 if (!reply.WriteBool(result == DLP_OK)) {
595 DLP_LOG_ERROR(LABEL, "Write sandbox flag fail");
596 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
597 }
598 return DLP_OK;
599 }
600
GetRetentionSandboxListInner(MessageParcel & data,MessageParcel & reply)601 int32_t DlpPermissionStub::GetRetentionSandboxListInner(MessageParcel& data, MessageParcel& reply)
602 {
603 bool sandboxFlag;
604 if (CheckSandboxFlag(GetCallingTokenID(), sandboxFlag) != DLP_OK) {
605 return DLP_SERVICE_ERROR_VALUE_INVALID;
606 }
607 if (sandboxFlag) {
608 DLP_LOG_ERROR(LABEL, "Forbid called by a sandbox app");
609 return DLP_SERVICE_ERROR_API_NOT_FOR_SANDBOX_ERROR;
610 }
611 std::string bundleName;
612 if (!data.ReadString(bundleName)) {
613 DLP_LOG_ERROR(LABEL, "Read bundle name fail");
614 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
615 }
616 std::vector<RetentionSandBoxInfo> retentionSandBoxInfoVec;
617 int32_t result = GetRetentionSandboxList(bundleName, retentionSandBoxInfoVec);
618 if (!reply.WriteInt32(result)) {
619 DLP_LOG_ERROR(LABEL, "Write sandbox query result fail");
620 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
621 }
622 size_t infoVecSize = retentionSandBoxInfoVec.size();
623 if (!reply.WriteUint32(static_cast<uint32_t>(infoVecSize))) {
624 DLP_LOG_ERROR(LABEL, "Write sandbox size result fail");
625 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
626 }
627 for (const auto& info : retentionSandBoxInfoVec) {
628 if (!reply.WriteParcelable(&info)) {
629 DLP_LOG_ERROR(LABEL, "Write sandbox size info fail");
630 }
631 }
632 return DLP_OK;
633 }
634
ClearUnreservedSandboxInner(MessageParcel & data,MessageParcel & reply)635 int32_t DlpPermissionStub::ClearUnreservedSandboxInner(MessageParcel& data, MessageParcel& reply)
636 {
637 Security::AccessToken::AccessTokenID callingToken = IPCSkeleton::GetCallingTokenID();
638 Security::AccessToken::AccessTokenID bmsToken =
639 Security::AccessToken::AccessTokenKit::GetNativeTokenId(FOUNDATION_SERVICE_NAME);
640 if (callingToken != bmsToken) {
641 return DLP_SERVICE_ERROR_PERMISSION_DENY;
642 }
643 ClearUnreservedSandbox();
644 return DLP_OK;
645 }
646
GetDLPFileVisitRecordInner(MessageParcel & data,MessageParcel & reply)647 int32_t DlpPermissionStub::GetDLPFileVisitRecordInner(MessageParcel& data, MessageParcel& reply)
648 {
649 bool sandboxFlag;
650 if (CheckSandboxFlag(GetCallingTokenID(), sandboxFlag) != DLP_OK) {
651 return DLP_SERVICE_ERROR_VALUE_INVALID;
652 }
653 if (sandboxFlag) {
654 DLP_LOG_ERROR(LABEL, "Forbid called by a sandbox app");
655 return DLP_SERVICE_ERROR_API_NOT_FOR_SANDBOX_ERROR;
656 }
657 std::vector<VisitedDLPFileInfo> infoVec;
658 int32_t res = GetDLPFileVisitRecord(infoVec);
659 if (!reply.WriteInt32(res)) {
660 DLP_LOG_ERROR(LABEL, "Write support visit file record query result fail");
661 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
662 }
663 if (res != DLP_OK) {
664 return DLP_OK;
665 }
666 size_t listNum = infoVec.size();
667 if (!reply.WriteUint32(static_cast<uint32_t>(listNum))) {
668 DLP_LOG_ERROR(LABEL, "Write support visit file record list num fail");
669 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
670 }
671 for (const auto& iter : infoVec) {
672 if (!reply.WriteParcelable(&iter)) {
673 DLP_LOG_ERROR(LABEL, "Write support visit file record docUri string fail");
674 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
675 }
676 }
677 return DLP_OK;
678 }
679
SetMDMPolicyInner(MessageParcel & data,MessageParcel & reply)680 int32_t DlpPermissionStub::SetMDMPolicyInner(MessageParcel& data, MessageParcel& reply)
681 {
682 std::vector<std::string> appIdList;
683 if (!data.ReadStringVector(&appIdList)) {
684 DLP_LOG_ERROR(LABEL, "Read appId List fail");
685 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
686 }
687 int32_t result = SetMDMPolicy(appIdList);
688 if (!reply.WriteInt32(result)) {
689 DLP_LOG_ERROR(LABEL, "Write set policy result fail");
690 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
691 }
692 return DLP_OK;
693 }
694
GetMDMPolicyInner(MessageParcel & data,MessageParcel & reply)695 int32_t DlpPermissionStub::GetMDMPolicyInner(MessageParcel& data, MessageParcel& reply)
696 {
697 std::vector<std::string> appIdList;
698 int32_t result = GetMDMPolicy(appIdList);
699 if (!reply.WriteInt32(result)) {
700 DLP_LOG_ERROR(LABEL, "Write get policy result fail");
701 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
702 }
703 size_t listNum = appIdList.size();
704 if (!reply.WriteUint32(static_cast<uint32_t>(listNum))) {
705 DLP_LOG_ERROR(LABEL, "Write appId list num fail");
706 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
707 }
708 if (!reply.WriteStringVector(appIdList)) {
709 DLP_LOG_ERROR(LABEL, "Write string vector fail");
710 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
711 }
712 return DLP_OK;
713 }
714
RemoveMDMPolicyInner(MessageParcel & data,MessageParcel & reply)715 int32_t DlpPermissionStub::RemoveMDMPolicyInner(MessageParcel& data, MessageParcel& reply)
716 {
717 int32_t result = RemoveMDMPolicy();
718 if (!reply.WriteInt32(result)) {
719 DLP_LOG_ERROR(LABEL, "Write remove policy result fail");
720 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
721 }
722 return DLP_OK;
723 }
724
SetSandboxAppConfigInner(MessageParcel & data,MessageParcel & reply)725 int32_t DlpPermissionStub::SetSandboxAppConfigInner(MessageParcel& data, MessageParcel& reply)
726 {
727 std::string configInfo;
728 if (!data.ReadString(configInfo)) {
729 DLP_LOG_ERROR(LABEL, "Read configInfo fail");
730 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
731 }
732 int32_t res = SetSandboxAppConfig(configInfo);
733 if (!reply.WriteInt32(res)) {
734 DLP_LOG_ERROR(LABEL, "Write SetSandboxAppConfig result fail");
735 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
736 }
737 return res;
738 }
739
CleanSandboxAppConfigInner(MessageParcel & data,MessageParcel & reply)740 int32_t DlpPermissionStub::CleanSandboxAppConfigInner(MessageParcel& data, MessageParcel& reply)
741 {
742 bool sandboxFlag;
743 if (CheckSandboxFlag(GetCallingTokenID(), sandboxFlag) != DLP_OK) {
744 return DLP_SERVICE_ERROR_VALUE_INVALID;
745 }
746 if (sandboxFlag) {
747 DLP_LOG_ERROR(LABEL, "Forbid called by a sandbox app");
748 return DLP_SERVICE_ERROR_API_NOT_FOR_SANDBOX_ERROR;
749 }
750 int32_t res = CleanSandboxAppConfig();
751 if (!reply.WriteInt32(res)) {
752 DLP_LOG_ERROR(LABEL, "Write CleanSandboxAppConfig result fail");
753 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
754 }
755 return res;
756 }
757
GetSandboxAppConfigInner(MessageParcel & data,MessageParcel & reply)758 int32_t DlpPermissionStub::GetSandboxAppConfigInner(MessageParcel& data, MessageParcel& reply)
759 {
760 std::string configInfo;
761 int32_t res = GetSandboxAppConfig(configInfo);
762 if (!reply.WriteInt32(res)) {
763 DLP_LOG_ERROR(LABEL, "Write support sandbox app config query result fail");
764 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
765 }
766 if (res != DLP_OK) {
767 return res;
768 }
769 if (!reply.WriteString(configInfo)) {
770 DLP_LOG_ERROR(LABEL, "Write configInfo fail");
771 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
772 }
773 return DLP_OK;
774 }
775
IsDLPFeatureProvidedInner(MessageParcel & data,MessageParcel & reply)776 int32_t DlpPermissionStub::IsDLPFeatureProvidedInner(MessageParcel& data, MessageParcel& reply)
777 {
778 bool isProvideDLPFeature;
779 IsDLPFeatureProvided(isProvideDLPFeature);
780 if (!reply.WriteBool(isProvideDLPFeature)) {
781 DLP_LOG_ERROR(LABEL, "Write isProvideDLPFeature fail.");
782 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
783 }
784 return DLP_OK;
785 }
786
SetReadFlagInner(MessageParcel & data,MessageParcel & reply)787 int32_t DlpPermissionStub::SetReadFlagInner(MessageParcel& data, MessageParcel& reply)
788 {
789 if (!CheckPermission(PERMISSION_ACCESS_DLP_FILE)) {
790 return DLP_SERVICE_ERROR_PERMISSION_DENY;
791 }
792
793 uint32_t uid;
794 if (!data.ReadUint32(uid)) {
795 DLP_LOG_ERROR(LABEL, "Read uid fail.");
796 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
797 }
798 int32_t res = SetReadFlag(uid);
799 if (!reply.WriteInt32(res)) {
800 DLP_LOG_ERROR(LABEL, "Write result fail.");
801 return DLP_SERVICE_ERROR_PARCEL_OPERATE_FAIL;
802 }
803 return res;
804 }
805
InitMDMPolicy()806 void DlpPermissionStub::InitMDMPolicy()
807 {
808 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::SET_MDM_POLICY)] = {
809 [this](MessageParcel &data, MessageParcel &reply) { return SetMDMPolicyInner(data, reply); }, true};
810 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::GET_MDM_POLICY)] = {
811 [this](MessageParcel &data, MessageParcel &reply) { return GetMDMPolicyInner(data, reply); }, true};
812 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::REMOVE_MDM_POLICY)] = {
813 [this](MessageParcel &data, MessageParcel &reply) { return RemoveMDMPolicyInner(data, reply); }, true};
814 }
815
InitTimerFuncMap()816 void DlpPermissionStub::InitTimerFuncMap()
817 {
818 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::SET_SANDBOX_APP_CONFIG)] = {
819 [this](MessageParcel &data, MessageParcel &reply) { return SetSandboxAppConfigInner(data, reply); }, true};
820 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::CLEAN_SANDBOX_APP_CONFIG)] = {
821 [this](MessageParcel &data, MessageParcel &reply) { return CleanSandboxAppConfigInner(data, reply); }, true};
822 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::GET_SANDBOX_APP_CONFIG)] = {
823 [this](MessageParcel &data, MessageParcel &reply) { return GetSandboxAppConfigInner(data, reply); }, true};
824 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::GET_DLP_SUPPORT_FILE_TYPE)] = {
825 [this](MessageParcel &data, MessageParcel &reply) { return GetDlpSupportFileTypeInner(data, reply); }, true};
826 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::UN_REGISTER_OPEN_DLP_FILE_CALLBACK)] = {
827 [this](MessageParcel &data, MessageParcel &reply) { return UnRegisterOpenDlpFileCallbackInner(data, reply); },
828 true};
829 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::SET_NOT_RETENTION_STATE)] = {
830 [this](MessageParcel &data, MessageParcel &reply) { return CancelRetentionStateInner(data, reply); }, true};
831 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::CLEAR_UNRESERVED_SANDBOX)] = {
832 [this](MessageParcel &data, MessageParcel &reply) { return ClearUnreservedSandboxInner(data, reply); }, true};
833 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::GET_VISTI_FILE_RECORD_LIST)] = {
834 [this](MessageParcel &data, MessageParcel &reply) { return GetDLPFileVisitRecordInner(data, reply); }, true};
835 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::IS_DLP_FEATURE_PROVIDED)] = {
836 [this](MessageParcel &data, MessageParcel &reply) { return IsDLPFeatureProvidedInner(data, reply); }, true};
837 }
838
DlpPermissionStub()839 DlpPermissionStub::DlpPermissionStub()
840 {
841 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::GENERATE_DLP_CERTIFICATE)] = {
842 [this](MessageParcel &data, MessageParcel &reply) { return GenerateDlpCertificateInner(data, reply); }};
843 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::PARSE_DLP_CERTIFICATE)] = {
844 [this](MessageParcel &data, MessageParcel &reply) { return ParseDlpCertificateInner(data, reply); }};
845 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::INSTALL_DLP_SANDBOX)] = {
846 [this](MessageParcel &data, MessageParcel &reply) { return InstallDlpSandboxInner(data, reply); }};
847 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::UNINSTALL_DLP_SANDBOX)] = {
848 [this](MessageParcel &data, MessageParcel &reply) { return UninstallDlpSandboxInner(data, reply); }};
849 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::GET_SANDBOX_EXTERNAL_AUTH)] = {
850 [this](MessageParcel &data, MessageParcel &reply) { return GetSandboxExternalAuthorizationInner(data, reply); }
851 };
852 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::QUERY_DLP_FILE_ACCESS_BY_TOKEN_ID)] = {
853 [this](MessageParcel &data, MessageParcel &reply) { return QueryDlpFileCopyableByTokenIdInner(data, reply); }};
854 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::QUERY_DLP_FILE_ACCESS)] = {
855 [this](MessageParcel &data, MessageParcel &reply) { return QueryDlpFileAccessInner(data, reply); }};
856 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::IS_IN_DLP_SANDBOX)] = {
857 [this](MessageParcel &data, MessageParcel &reply) { return IsInDlpSandboxInner(data, reply); }};
858 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::REGISTER_DLP_SANDBOX_CHANGE_CALLBACK)] = {
859 [this](MessageParcel &data, MessageParcel &reply) { return RegisterDlpSandboxChangeCallbackInner(data, reply); }
860 };
861 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::UNREGISTER_DLP_SANDBOX_CHANGE_CALLBACK)]
862 = {
863 [this](MessageParcel &data, MessageParcel &reply) {
864 return UnRegisterDlpSandboxChangeCallbackInner(data, reply);
865 }
866 };
867 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::GET_DLP_GATHERING_POLICY)] = {
868 [this](MessageParcel &data, MessageParcel &reply) { return GetDlpGatheringPolicyInner(data, reply); }};
869 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::SET_RETENTION_STATE)] = {
870 [this](MessageParcel &data, MessageParcel &reply) { return SetRetentionStateInner(data, reply); }};
871 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::GET_RETENTION_SANDBOX_LIST)] = {
872 [this](MessageParcel &data, MessageParcel &reply) { return GetRetentionSandboxListInner(data, reply); }};
873 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::REGISTER_OPEN_DLP_FILE_CALLBACK)] = {
874 [this](MessageParcel &data, MessageParcel &reply) { return RegisterOpenDlpFileCallbackInner(data, reply); }};
875 requestFuncMap_[static_cast<uint32_t>(DlpPermissionServiceInterfaceCode::SET_READ_FLAG)] = {
876 [this](MessageParcel &data, MessageParcel &reply) { return SetReadFlagInner(data, reply); }};
877 InitMDMPolicy();
878 InitTimerFuncMap();
879 }
880
~DlpPermissionStub()881 DlpPermissionStub::~DlpPermissionStub()
882 {
883 requestFuncMap_.clear();
884 }
885 } // namespace DlpPermission
886 } // namespace Security
887 } // namespace OHOS
888