1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #define MLOG_TAG "Extension"
16
17 #include "media_datashare_ext_ability.h"
18
19 #include <cstdlib>
20
21 #include "ability_info.h"
22 #include "app_mgr_client.h"
23 #include "cloud_media_asset_manager.h"
24 #include "cloud_sync_utils.h"
25 #include "dataobs_mgr_client.h"
26 #include "datashare_ext_ability_context.h"
27 #include "hilog_wrapper.h"
28 #include "ipc_skeleton.h"
29 #include "medialibrary_command.h"
30 #include "media_app_uri_permission_column.h"
31 #include "media_datashare_stub_impl.h"
32 #include "media_file_utils.h"
33 #include "media_log.h"
34 #include "media_scanner_manager.h"
35 #include "medialibrary_appstate_observer.h"
36 #include "medialibrary_data_manager.h"
37 #include "medialibrary_bundle_manager.h"
38 #include "dfx_manager.h"
39 #include "dfx_timer.h"
40 #include "dfx_const.h"
41 #include "dfx_reporter.h"
42 #include "medialibrary_errno.h"
43 #include "medialibrary_object_utils.h"
44 #include "medialibrary_subscriber.h"
45 #include "medialibrary_uripermission_operations.h"
46 #include "multistages_capture_manager.h"
47 #ifdef MEDIALIBRARY_FEATURE_CLOUD_ENHANCEMENT
48 #include "enhancement_manager.h"
49 #endif
50 #include "napi/native_api.h"
51 #include "napi/native_node_api.h"
52 #include "os_account_manager.h"
53 #include "permission_utils.h"
54 #include "photo_album_column.h"
55 #include "runtime.h"
56 #include "singleton.h"
57 #include "system_ability_definition.h"
58 #include "uri_permission_manager_client.h"
59 #include "userfilemgr_uri.h"
60 #include "want.h"
61 #ifdef MEDIALIBRARY_SECURITY_OPEN
62 #include "sec_comp_kit.h"
63 #endif
64 #include "userfilemgr_uri.h"
65 #include "parameters.h"
66 #include "media_tool_permission_handler.h"
67 #include "grant_permission_handler.h"
68 #include "read_write_permission_handler.h"
69 #include "db_permission_handler.h"
70 #include "system_api_check_handler.h"
71 #include "userfilemgr_uri.h"
72 #ifdef MEDIALIBRARY_MTP_ENABLE
73 #include "mtp_manager.h"
74 #endif
75 #include "media_fuse_manager.h"
76
77 using namespace std;
78 using namespace OHOS::AppExecFwk;
79 using namespace OHOS::NativeRdb;
80 using namespace OHOS::DistributedKv;
81 using namespace OHOS::Media;
82 using namespace OHOS::DataShare;
83 using namespace OHOS::Security::AccessToken;
84
85 namespace OHOS {
86 namespace AbilityRuntime {
87 using namespace OHOS::AppExecFwk;
88 using DataObsMgrClient = OHOS::AAFwk::DataObsMgrClient;
89 const std::string PERM_CLOUD_SYNC_MANAGER = "ohos.permission.CLOUDFILE_SYNC_MANAGER";
90 constexpr const char *MTP_DISABLE = "persist.edm.mtp_server_disable";
91 static const set<OperationObject> PHOTO_ACCESS_HELPER_OBJECTS = {
92 OperationObject::PAH_PHOTO,
93 OperationObject::PAH_ALBUM,
94 OperationObject::PAH_MAP,
95 OperationObject::PAH_FORM_MAP,
96 OperationObject::ANALYSIS_PHOTO_ALBUM,
97 OperationObject::ANALYSIS_PHOTO_MAP,
98 OperationObject::VISION_OCR,
99 OperationObject::VISION_AESTHETICS,
100 OperationObject::VISION_VIDEO_AESTHETICS,
101 OperationObject::VISION_LABEL,
102 OperationObject::VISION_VIDEO_LABEL,
103 OperationObject::VISION_IMAGE_FACE,
104 OperationObject::VISION_VIDEO_FACE,
105 OperationObject::VISION_FACE_TAG,
106 OperationObject::VISION_OBJECT,
107 OperationObject::VISION_RECOMMENDATION,
108 OperationObject::VISION_SEGMENTATION,
109 OperationObject::VISION_COMPOSITION,
110 OperationObject::VISION_SALIENCY,
111 OperationObject::VISION_HEAD,
112 OperationObject::VISION_POSE,
113 OperationObject::VISION_TOTAL,
114 OperationObject::VISION_ANALYSIS_ALBUM_TOTAL,
115 OperationObject::GEO_DICTIONARY,
116 OperationObject::GEO_KNOWLEDGE,
117 OperationObject::GEO_PHOTO,
118 OperationObject::PAH_MULTISTAGES_CAPTURE,
119 OperationObject::STORY_ALBUM,
120 OperationObject::STORY_COVER,
121 OperationObject::STORY_PLAY,
122 OperationObject::HIGHLIGHT_DELETE,
123 OperationObject::USER_PHOTOGRAPHY,
124 OperationObject::PAH_BATCH_THUMBNAIL_OPERATE,
125 OperationObject::INDEX_CONSTRUCTION_STATUS,
126 OperationObject::MEDIA_APP_URI_PERMISSION,
127 OperationObject::PAH_CLOUD_ENHANCEMENT_OPERATE,
128 OperationObject::ANALYSIS_ASSET_SD_MAP,
129 OperationObject::ANALYSIS_ALBUM_ASSET_MAP,
130 OperationObject::CLOUD_MEDIA_ASSET_OPERATE,
131 };
132
Create(const unique_ptr<Runtime> & runtime)133 MediaDataShareExtAbility* MediaDataShareExtAbility::Create(const unique_ptr<Runtime>& runtime)
134 {
135 return new MediaDataShareExtAbility(static_cast<Runtime&>(*runtime));
136 }
137
MediaDataShareExtAbility(Runtime & runtime)138 MediaDataShareExtAbility::MediaDataShareExtAbility(Runtime& runtime) : DataShareExtAbility(), runtime_(runtime) {}
139
~MediaDataShareExtAbility()140 MediaDataShareExtAbility::~MediaDataShareExtAbility()
141 {
142 }
143
Init(const shared_ptr<AbilityLocalRecord> & record,const shared_ptr<OHOSApplication> & application,shared_ptr<AbilityHandler> & handler,const sptr<IRemoteObject> & token)144 void MediaDataShareExtAbility::Init(const shared_ptr<AbilityLocalRecord> &record,
145 const shared_ptr<OHOSApplication> &application, shared_ptr<AbilityHandler> &handler,
146 const sptr<IRemoteObject> &token)
147 {
148 if ((record == nullptr) || (application == nullptr) || (handler == nullptr) || (token == nullptr)) {
149 MEDIA_ERR_LOG("MediaDataShareExtAbility::init failed, some object is nullptr");
150 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
151 return;
152 }
153 DataShareExtAbility::Init(record, application, handler, token);
154 }
155
IsStartBeforeUserUnlock()156 static bool IsStartBeforeUserUnlock()
157 {
158 int32_t activeUserId = 0;
159 ErrCode ret = OHOS::AccountSA::OsAccountManager::GetForegroundOsAccountLocalId(activeUserId);
160 CHECK_AND_RETURN_RET_LOG(ret == ERR_OK, false,
161 "GetForegroundOsAccountLocalId fail, ret code %{public}d, result is not credible", ret);
162 MEDIA_INFO_LOG("Current active account is %{public}d ", activeUserId);
163 bool isAccountVerified = true; // Assume verified to avoid unknown killing
164 ErrCode err = AccountSA::OsAccountManager::IsOsAccountVerified(activeUserId, isAccountVerified);
165 CHECK_AND_RETURN_RET_LOG(err == ERR_OK, false,
166 "Check activeUserId fail caused by %{public}d, check result is not credible", err);
167 MEDIA_INFO_LOG("Current user verification result: %{public}d", isAccountVerified);
168 return !isAccountVerified;
169 }
170
InitPermissionHandler()171 void MediaDataShareExtAbility::InitPermissionHandler()
172 {
173 MEDIA_DEBUG_LOG("InitPermissionHandler begin");
174 // 构造鉴权处理器责任链
175 auto mediaToolPermissionHandler = std::make_shared<MediaToolPermissionHandler>();
176 auto grantPermissionHandler = std::make_shared<GrantPermissionHandler>();
177 grantPermissionHandler->SetNextHandler(mediaToolPermissionHandler);
178 auto dbPermissionHandler = std::make_shared<DbPermissionHandler>();
179 dbPermissionHandler->SetNextHandler(grantPermissionHandler);
180 auto rwPermissionHandler = std::make_shared<ReadWritePermissionHandler>();
181 rwPermissionHandler->SetNextHandler(dbPermissionHandler);
182 permissionHandler_ = std::make_shared<SystemApiCheckHandler>();
183 permissionHandler_->SetNextHandler(rwPermissionHandler);
184 MEDIA_DEBUG_LOG("InitPermissionHandler end:permissionHandler_=%{public}d", permissionHandler_ != nullptr);
185 }
186
OnStartSub(const AAFwk::Want & want)187 void MediaDataShareExtAbility::OnStartSub(const AAFwk::Want &want)
188 {
189 #ifdef MEDIALIBRARY_MTP_ENABLE
190 MtpManager::GetInstance().Init();
191 #endif
192 #ifdef MEDIALIBRARY_FEATURE_CLOUD_ENHANCEMENT
193 EnhancementManager::GetInstance().InitAsync();
194 #endif
195 }
196
CheckUnlockScene(int64_t startTime)197 static bool CheckUnlockScene(int64_t startTime)
198 {
199 if (IsStartBeforeUserUnlock()) {
200 DfxReporter::ReportStartResult(DfxType::CHECK_USER_UNLOCK_FAIL, 0, startTime);
201 MEDIA_INFO_LOG("%{public}s Killing self caused by booting before unlocking", __func__);
202 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
203 return false;
204 }
205
206 bool isMediaPathExists = MediaFileUtils::IsDirectory(ROOT_MEDIA_DIR);
207 if (!isMediaPathExists) {
208 DfxReporter::ReportStartResult(DfxType::CHECK_MEDIA_PATH_UNLOCK_FAIL, 0, startTime);
209 MEDIA_INFO_LOG("%{public}s Killing self caused by media path unmounted", __func__);
210 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
211 return false;
212 }
213
214 return true;
215 }
216
RestartCloudMediaAssetDownload()217 static void RestartCloudMediaAssetDownload()
218 {
219 std::thread([&] {
220 MEDIA_INFO_LOG("enter RestartCloudMediaAssetDownload.");
221 CHECK_AND_RETURN_INFO_LOG(CloudSyncUtils::IsCloudSyncSwitchOn(), "Cloud sync switch off");
222 if (!CloudSyncUtils::IsCloudDataAgingPolicyOn()) {
223 CloudMediaAssetManager::GetInstance().CancelDownloadCloudAsset();
224 return;
225 }
226 CloudMediaAssetManager::GetInstance().StartDownloadCloudAsset(CloudMediaDownloadType::DOWNLOAD_GENTLE);
227 }).detach();
228 }
229
OnStart(const AAFwk::Want & want)230 void MediaDataShareExtAbility::OnStart(const AAFwk::Want &want)
231 {
232 int64_t startTime = MediaFileUtils::UTCTimeMilliSeconds();
233 MEDIA_INFO_LOG("%{public}s begin.", __func__);
234 Extension::OnStart(want);
235 auto context = AbilityRuntime::Context::GetApplicationContext();
236 if (context == nullptr) {
237 DfxReporter::ReportStartResult(DfxType::START_CONTEXT_FAIL, 0, startTime);
238 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
239 return;
240 }
241 MEDIA_INFO_LOG("%{public}s runtime language %{public}d", __func__, runtime_.GetLanguage());
242 InitPermissionHandler();
243 auto dataManager = MediaLibraryDataManager::GetInstance();
244 if (dataManager == nullptr) {
245 DfxReporter::ReportStartResult(DfxType::START_DATAMANAGER_FAIL, 0, startTime);
246 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
247 return;
248 }
249 if (!CheckUnlockScene(startTime)) {
250 return;
251 }
252 auto extensionContext = GetContext();
253 int32_t sceneCode = DfxType::START_SUCCESS;
254 int32_t ret = dataManager->InitMediaLibraryMgr(context, extensionContext, sceneCode, true, true);
255 if (ret != E_OK) {
256 MEDIA_ERR_LOG("Failed to init MediaLibraryMgr");
257 if (sceneCode == DfxType::START_RDB_STORE_FAIL) {
258 DfxReporter::ReportStartResult(sceneCode, ret, startTime);
259 }
260 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
261 return;
262 }
263 dataManager->SetOwner(static_pointer_cast<MediaDataShareExtAbility>(shared_from_this()));
264
265 // Start media fuse daemon
266 MediaFuseManager::GetInstance().Start();
267
268 DfxManager::GetInstance();
269 auto scannerManager = MediaScannerManager::GetInstance();
270 if (scannerManager == nullptr) {
271 DfxReporter::ReportStartResult(DfxType::START_SCANNER_FAIL, 0, startTime);
272 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
273 return;
274 }
275 OnStartSub(want);
276 Media::MedialibrarySubscriber::Subscribe();
277 dataManager->SetStartupParameter();
278 DfxReporter::ReportStartResult(DfxType::START_SUCCESS, 0, startTime);
279 }
280
OnStop()281 void MediaDataShareExtAbility::OnStop()
282 {
283 MEDIA_INFO_LOG("%{public}s begin.", __func__);
284 auto scannerManager = MediaScannerManager::GetInstance();
285 if (scannerManager != nullptr) {
286 scannerManager->Stop();
287 }
288 MediaFuseManager::GetInstance().Stop();
289 MediaLibraryDataManager::GetInstance()->ClearMediaLibraryMgr();
290 MedialibraryAppStateObserverManager::GetInstance().UnSubscribeAppState();
291 MEDIA_INFO_LOG("%{public}s end.", __func__);
292 }
293
OnConnect(const AAFwk::Want & want)294 sptr<IRemoteObject> MediaDataShareExtAbility::OnConnect(const AAFwk::Want &want)
295 {
296 MEDIA_INFO_LOG("%{public}s begin. ", __func__);
297 Extension::OnConnect(want);
298 sptr<MediaDataShareStubImpl> remoteObject = new (nothrow) MediaDataShareStubImpl(
299 static_pointer_cast<MediaDataShareExtAbility>(shared_from_this()),
300 nullptr);
301 if (remoteObject == nullptr) {
302 MEDIA_ERR_LOG("%{public}s No memory allocated for DataShareStubImpl", __func__);
303 return nullptr;
304 }
305 MEDIA_INFO_LOG("%{public}s end.", __func__);
306 return remoteObject->AsObject();
307 }
308
GetFileTypes(const Uri & uri,const string & mimeTypeFilter)309 vector<string> MediaDataShareExtAbility::GetFileTypes(const Uri &uri, const string &mimeTypeFilter)
310 {
311 vector<string> ret;
312 return ret;
313 }
314
FillV10Perms(const MediaType mediaType,const bool containsRead,const bool containsWrite,vector<string> & perm)315 static void FillV10Perms(const MediaType mediaType, const bool containsRead, const bool containsWrite,
316 vector<string> &perm)
317 {
318 if (containsRead) {
319 if (mediaType == MEDIA_TYPE_IMAGE || mediaType == MEDIA_TYPE_VIDEO ||
320 mediaType == Media::MEDIA_TYPE_PHOTO || mediaType == Media::MEDIA_TYPE_ALBUM) {
321 perm.push_back(PERM_READ_IMAGEVIDEO);
322 } else if (mediaType == MEDIA_TYPE_AUDIO) {
323 perm.push_back(PERM_READ_AUDIO);
324 } else if (mediaType == MEDIA_TYPE_FILE) {
325 perm.push_back(PERM_READ_IMAGEVIDEO);
326 perm.push_back(PERM_READ_AUDIO);
327 perm.push_back(PERM_READ_DOCUMENT);
328 }
329 }
330 if (containsWrite) {
331 if (mediaType == MEDIA_TYPE_IMAGE || mediaType == MEDIA_TYPE_VIDEO ||
332 mediaType == Media::MEDIA_TYPE_PHOTO || mediaType == Media::MEDIA_TYPE_ALBUM) {
333 perm.push_back(PERM_WRITE_IMAGEVIDEO);
334 } else if (mediaType == MEDIA_TYPE_AUDIO) {
335 perm.push_back(PERM_WRITE_AUDIO);
336 } else if (mediaType == MEDIA_TYPE_FILE) {
337 perm.push_back(PERM_WRITE_IMAGEVIDEO);
338 perm.push_back(PERM_WRITE_AUDIO);
339 perm.push_back(PERM_WRITE_DOCUMENT);
340 }
341 }
342 }
343
FillDeprecatedPerms(const bool containsRead,const bool containsWrite,vector<string> & perm)344 static void FillDeprecatedPerms(const bool containsRead, const bool containsWrite, vector<string> &perm)
345 {
346 if (containsRead) {
347 perm.push_back(PERMISSION_NAME_READ_MEDIA);
348 }
349 if (containsWrite) {
350 perm.push_back(PERMISSION_NAME_WRITE_MEDIA);
351 }
352 }
353
ContainsFlag(const string & mode,const char flag)354 static inline bool ContainsFlag(const string &mode, const char flag)
355 {
356 return mode.find(flag) != string::npos;
357 }
358
CollectPermissionInfo(MediaLibraryCommand & cmd,const string & mode,const bool permGranted,PermissionUsedType type)359 static void CollectPermissionInfo(MediaLibraryCommand &cmd, const string &mode,
360 const bool permGranted, PermissionUsedType type)
361 {
362 if ((cmd.GetOprnObject() == OperationObject::FILESYSTEM_PHOTO) ||
363 (cmd.GetOprnObject() == OperationObject::THUMBNAIL) ||
364 (cmd.GetOprnObject() == OperationObject::THUMBNAIL_ASTC)) {
365 if (mode.find("r") != string::npos) {
366 PermissionUtils::CollectPermissionInfo(PERM_READ_IMAGEVIDEO, permGranted, type);
367 }
368 if (mode.find("w") != string::npos) {
369 PermissionUtils::CollectPermissionInfo(PERM_WRITE_IMAGEVIDEO, permGranted, type);
370 }
371 }
372 }
373
CheckOpenFilePermission(MediaLibraryCommand & cmd,string & mode)374 static int32_t CheckOpenFilePermission(MediaLibraryCommand &cmd, string &mode)
375 {
376 MEDIA_DEBUG_LOG("uri: %{private}s mode: %{private}s", cmd.GetUri().ToString().c_str(), mode.c_str());
377 MediaType mediaType = MediaFileUri::GetMediaTypeFromUri(cmd.GetUri().ToString());
378 const bool containsRead = ContainsFlag(mode, 'r');
379 const bool containsWrite = ContainsFlag(mode, 'w');
380
381 if (cmd.GetQuerySetParam(IS_TOOL_OPEN) == TOOL_OPEN_TRUE) {
382 return IsDeveloperMediaTool(cmd, mode)? E_SUCCESS : E_PERMISSION_DENIED;
383 }
384 vector<string> perms;
385 FillV10Perms(mediaType, containsRead, containsWrite, perms);
386 if ((cmd.GetOprnObject() == OperationObject::FILESYSTEM_PHOTO) ||
387 (cmd.GetOprnObject() == OperationObject::THUMBNAIL) ||
388 (cmd.GetOprnObject() == OperationObject::THUMBNAIL_ASTC)) {
389 return PermissionUtils::CheckPhotoCallerPermission(perms)? E_SUCCESS : E_PERMISSION_DENIED;
390 }
391 int32_t err = (mediaType == MEDIA_TYPE_FILE) ?
392 (PermissionUtils::CheckHasPermission(perms) ? E_SUCCESS : E_PERMISSION_DENIED) :
393 (PermissionUtils::CheckCallerPermission(perms) ? E_SUCCESS : E_PERMISSION_DENIED);
394 CHECK_AND_RETURN_RET(err != E_SUCCESS, E_SUCCESS);
395 // Try to check deprecated permissions
396 perms.clear();
397 FillDeprecatedPerms(containsRead, containsWrite, perms);
398 return PermissionUtils::CheckCallerPermission(perms) ? E_SUCCESS : E_PERMISSION_DENIED;
399 }
400
AddHiddenAlbumPermission(MediaLibraryCommand & cmd,vector<string> & outPerms)401 static inline void AddHiddenAlbumPermission(MediaLibraryCommand &cmd, vector<string> &outPerms)
402 {
403 Media::OperationType type = cmd.GetOprnType();
404 if (type == Media::OperationType::QUERY_HIDDEN) {
405 outPerms.push_back(PERM_MANAGE_PRIVATE_PHOTOS);
406 }
407 }
408
SystemApiCheck(MediaLibraryCommand & cmd)409 static int32_t SystemApiCheck(MediaLibraryCommand &cmd)
410 {
411 static const set<OperationObject> SYSTEM_API_OBJECTS = {
412 OperationObject::UFM_PHOTO,
413 OperationObject::UFM_AUDIO,
414 OperationObject::UFM_ALBUM,
415 OperationObject::UFM_MAP,
416 OperationObject::SMART_ALBUM,
417
418 OperationObject::ALL_DEVICE,
419 OperationObject::ACTIVE_DEVICE,
420 OperationObject::PAH_FORM_MAP,
421 };
422
423 static const set<string> SYSTEM_API_URIS = {
424 // Deleting asset permanently from system is only allowed for system apps.
425 URI_DELETE_PHOTOS,
426 // Deleting asset to trash album directly without a pop-up box is only allowed for system apps.
427 UFM_DELETE_PHOTOS,
428 PAH_DELETE_PHOTOS,
429 };
430
431 OperationObject obj = cmd.GetOprnObject();
432 string uri = cmd.GetUriStringWithoutSegment();
433 if (SYSTEM_API_OBJECTS.find(obj) != SYSTEM_API_OBJECTS.end() ||
434 (SYSTEM_API_URIS.find(uri) != SYSTEM_API_URIS.end())) {
435 if (!PermissionUtils::IsSystemApp()) {
436 MEDIA_ERR_LOG("Systemapi should only be called by system applications!");
437 return E_CHECK_SYSTEMAPP_FAIL;
438 }
439 }
440 return E_SUCCESS;
441 }
442
HandleMediaVolumePerm()443 static inline int32_t HandleMediaVolumePerm()
444 {
445 return PermissionUtils::CheckCallerPermission(PERMISSION_NAME_READ_MEDIA) ? E_SUCCESS : E_PERMISSION_DENIED;
446 }
447
HandleBundlePermCheck()448 static inline int32_t HandleBundlePermCheck()
449 {
450 bool ret = PermissionUtils::CheckCallerPermission(PERMISSION_NAME_WRITE_MEDIA);
451 CHECK_AND_RETURN_RET(!ret, E_SUCCESS);
452
453 return PermissionUtils::CheckHasPermission(WRITE_PERMS_V10) ? E_SUCCESS : E_PERMISSION_DENIED;
454 }
455
HandleNoPermCheck(MediaLibraryCommand & cmd)456 static int32_t HandleNoPermCheck(MediaLibraryCommand &cmd)
457 {
458 static const set<string> NO_NEED_PERM_CHECK_URI = {
459 URI_CLOSE_FILE,
460 MEDIALIBRARY_DIRECTORY_URI,
461 };
462
463 static const set<OperationObject> NO_NEED_PERM_CHECK_OBJ = {
464 OperationObject::ALL_DEVICE,
465 OperationObject::ACTIVE_DEVICE,
466 OperationObject::MISCELLANEOUS
467 };
468
469 string uri = cmd.GetUri().ToString();
470 OperationObject obj = cmd.GetOprnObject();
471 if (NO_NEED_PERM_CHECK_URI.find(uri) != NO_NEED_PERM_CHECK_URI.end() ||
472 NO_NEED_PERM_CHECK_OBJ.find(obj) != NO_NEED_PERM_CHECK_OBJ.end()) {
473 return E_SUCCESS;
474 }
475 return E_NEED_FURTHER_CHECK;
476 }
477
HandleSecurityComponentPermission(MediaLibraryCommand & cmd)478 static int32_t HandleSecurityComponentPermission(MediaLibraryCommand &cmd)
479 {
480 if (cmd.GetUri().ToString().find(OPRN_CREATE_COMPONENT) != string::npos ||
481 cmd.GetUri().ToString().find(OPRN_SAVE_CAMERA_PHOTO_COMPONENT) != string::npos) {
482 #ifdef MEDIALIBRARY_SECURITY_OPEN
483 auto tokenId = PermissionUtils::GetTokenId();
484 if (!Security::SecurityComponent::SecCompKit::VerifySavePermission(tokenId)) {
485 MEDIA_ERR_LOG("Failed to verify save permission of security component");
486 return E_NEED_FURTHER_CHECK;
487 }
488 return E_SUCCESS;
489 #else
490 MEDIA_ERR_LOG("Security component is not existed");
491 return E_NEED_FURTHER_CHECK;
492 #endif
493 }
494 return E_NEED_FURTHER_CHECK;
495 }
496
HandleShortPermission(const MediaLibraryCommand & cmd,bool & need)497 static int32_t HandleShortPermission(const MediaLibraryCommand &cmd, bool &need)
498 {
499 need = false;
500 if (cmd.GetUriStringWithoutSegment() == PAH_CREATE_PHOTO ||
501 cmd.GetUriStringWithoutSegment() == PAH_SYS_CREATE_PHOTO) {
502 if (PermissionUtils::CheckPhotoCallerPermission(PERM_SHORT_TERM_WRITE_IMAGEVIDEO)) {
503 need = true;
504 return E_SUCCESS;
505 }
506 }
507 return E_PERMISSION_DENIED;
508 }
509
HandleRestorePermission(MediaLibraryCommand & cmd)510 static int32_t HandleRestorePermission(MediaLibraryCommand &cmd)
511 {
512 if (cmd.GetUriStringWithoutSegment() == PAH_GENERATE_THUMBNAILS_RESTORE) {
513 return PermissionUtils::CheckCallerPermission(PERM_READ_IMAGEVIDEO) ? E_SUCCESS : E_PERMISSION_DENIED;
514 }
515 return E_PERMISSION_DENIED;
516 }
517
UserFileMgrPermissionCheck(MediaLibraryCommand & cmd,const bool isWrite)518 static int32_t UserFileMgrPermissionCheck(MediaLibraryCommand &cmd, const bool isWrite)
519 {
520 static const set<OperationObject> USER_FILE_MGR_OBJECTS = {
521 OperationObject::UFM_PHOTO,
522 OperationObject::UFM_AUDIO,
523 OperationObject::UFM_ALBUM,
524 OperationObject::UFM_MAP,
525 };
526
527 OperationObject obj = cmd.GetOprnObject();
528 if (USER_FILE_MGR_OBJECTS.find(obj) == USER_FILE_MGR_OBJECTS.end()) {
529 return E_NEED_FURTHER_CHECK;
530 }
531
532 int32_t err = HandleSecurityComponentPermission(cmd);
533 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
534 return err;
535 }
536
537 vector<string> perms;
538 if (obj == OperationObject::UFM_AUDIO) {
539 perms.push_back(isWrite ? PERM_WRITE_AUDIO : PERM_READ_AUDIO);
540 } else {
541 perms.push_back(isWrite ? PERM_WRITE_IMAGEVIDEO : PERM_READ_IMAGEVIDEO);
542 }
543 AddHiddenAlbumPermission(cmd, perms);
544 return PermissionUtils::CheckCallerPermission(perms) ? E_SUCCESS : E_PERMISSION_DENIED;
545 }
546
PhotoAccessHelperPermCheck(MediaLibraryCommand & cmd,const bool isWrite)547 static int32_t PhotoAccessHelperPermCheck(MediaLibraryCommand &cmd, const bool isWrite)
548 {
549 int32_t err = HandleSecurityComponentPermission(cmd);
550 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
551 return err;
552 }
553
554 OperationObject obj = cmd.GetOprnObject();
555 if (PHOTO_ACCESS_HELPER_OBJECTS.find(obj) == PHOTO_ACCESS_HELPER_OBJECTS.end()) {
556 return E_NEED_FURTHER_CHECK;
557 }
558 vector<string> perms;
559 AddHiddenAlbumPermission(cmd, perms);
560 perms.push_back(isWrite ? PERM_WRITE_IMAGEVIDEO : PERM_READ_IMAGEVIDEO);
561 return PermissionUtils::CheckCallerPermission(perms) ? E_SUCCESS : E_PERMISSION_DENIED;
562 }
563
HandleSpecialObjectPermission(MediaLibraryCommand & cmd,bool isWrite)564 static int32_t HandleSpecialObjectPermission(MediaLibraryCommand &cmd, bool isWrite)
565 {
566 int err = HandleNoPermCheck(cmd);
567 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
568 return err;
569 }
570
571 OperationObject obj = cmd.GetOprnObject();
572 if (obj == OperationObject::MEDIA_VOLUME) {
573 return HandleMediaVolumePerm();
574 } else if (obj == OperationObject::BUNDLE_PERMISSION) {
575 return HandleBundlePermCheck();
576 }
577
578 return E_NEED_FURTHER_CHECK;
579 }
580
UnifyOprnObject(MediaLibraryCommand & cmd)581 static void UnifyOprnObject(MediaLibraryCommand &cmd)
582 {
583 static const unordered_map<OperationObject, OperationObject> UNIFY_OP_OBJECT_MAP = {
584 { OperationObject::UFM_PHOTO, OperationObject::FILESYSTEM_PHOTO },
585 { OperationObject::UFM_AUDIO, OperationObject::FILESYSTEM_AUDIO },
586 { OperationObject::UFM_ALBUM, OperationObject::PHOTO_ALBUM },
587 { OperationObject::UFM_MAP, OperationObject::PHOTO_MAP },
588 { OperationObject::PAH_PHOTO, OperationObject::FILESYSTEM_PHOTO },
589 { OperationObject::PAH_ALBUM, OperationObject::PHOTO_ALBUM },
590 { OperationObject::PAH_MAP, OperationObject::PHOTO_MAP },
591 { OperationObject::TOOL_PHOTO, OperationObject::FILESYSTEM_PHOTO },
592 { OperationObject::TOOL_AUDIO, OperationObject::FILESYSTEM_AUDIO },
593 { OperationObject::TOOL_ALBUM, OperationObject::PHOTO_ALBUM },
594 };
595
596 OperationObject obj = cmd.GetOprnObject();
597 if (UNIFY_OP_OBJECT_MAP.find(obj) != UNIFY_OP_OBJECT_MAP.end()) {
598 cmd.SetOprnObject(UNIFY_OP_OBJECT_MAP.at(obj));
599 }
600 }
601
MediatoolPermCheck(MediaLibraryCommand & cmd)602 static int32_t MediatoolPermCheck(MediaLibraryCommand &cmd)
603 {
604 if (IsMediatoolOperation(cmd)) {
605 if (!IsDeveloperMediaTool(cmd)) {
606 return E_PERMISSION_DENIED;
607 }
608 return E_SUCCESS;
609 } else {
610 return E_NEED_FURTHER_CHECK;
611 }
612 }
613
CheckPermFromUri(MediaLibraryCommand & cmd,bool isWrite)614 static int32_t CheckPermFromUri(MediaLibraryCommand &cmd, bool isWrite)
615 {
616 MEDIA_DEBUG_LOG("uri: %{private}s object: %{public}d, opType: %{public}d isWrite: %{public}d",
617 cmd.GetUri().ToString().c_str(), cmd.GetOprnObject(), cmd.GetOprnType(), isWrite);
618
619 int err = SystemApiCheck(cmd);
620 CHECK_AND_RETURN_RET(err == E_SUCCESS, err);
621 err = MediatoolPermCheck(cmd);
622 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
623 UnifyOprnObject(cmd);
624 return err;
625 }
626 err = PhotoAccessHelperPermCheck(cmd, isWrite);
627 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
628 UnifyOprnObject(cmd);
629 return err;
630 }
631 err = UserFileMgrPermissionCheck(cmd, isWrite);
632 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
633 UnifyOprnObject(cmd);
634 return err;
635 }
636 err = HandleSpecialObjectPermission(cmd, isWrite);
637 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
638 UnifyOprnObject(cmd);
639 return err;
640 }
641
642 // Finally, we should check the permission of medialibrary interfaces.
643 string perm = isWrite ? PERMISSION_NAME_WRITE_MEDIA : PERMISSION_NAME_READ_MEDIA;
644 err = PermissionUtils::CheckCallerPermission(perm) ? E_SUCCESS : E_PERMISSION_DENIED;
645 CHECK_AND_RETURN_RET(err >= 0, err);
646 UnifyOprnObject(cmd);
647 return E_SUCCESS;
648 }
649
CheckIsOwner(const Uri & uri,MediaLibraryCommand & cmd,const string & mode)650 static bool CheckIsOwner(const Uri &uri, MediaLibraryCommand &cmd, const string &mode)
651 {
652 auto ret = false;
653 string unifyMode = mode;
654 if (cmd.GetTableName() == PhotoColumn::PHOTOS_TABLE || cmd.GetTableName() == AudioColumn::AUDIOS_TABLE ||
655 cmd.GetTableName() == MEDIALIBRARY_TABLE) {
656 std::vector<std::string> columns;
657 DatashareBusinessError businessError;
658 int errCode = businessError.GetCode();
659 string clientAppId = GetClientAppId();
660 string fileId = MediaFileUtils::GetIdFromUri(uri.ToString());
661 if (clientAppId.empty() || fileId.empty()) {
662 return false;
663 }
664 DataSharePredicates predicates;
665 predicates.And()->EqualTo("file_id", fileId);
666 predicates.And()->EqualTo("owner_appid", clientAppId);
667 auto queryResultSet = MediaLibraryDataManager::GetInstance()->Query(cmd, columns, predicates, errCode);
668 CHECK_AND_RETURN_RET_LOG(queryResultSet != nullptr, ret, "queryResultSet is nullptr");
669 auto count = 0;
670 queryResultSet->GetRowCount(count);
671 if (count != 0) {
672 ret = true;
673 CollectPermissionInfo(cmd, unifyMode, true,
674 PermissionUsedTypeValue::SECURITY_COMPONENT_TYPE);
675 }
676 }
677 return ret;
678 }
679
AddOwnerCheck(MediaLibraryCommand & cmd,DataSharePredicates & appidPredicates)680 static bool AddOwnerCheck(MediaLibraryCommand &cmd, DataSharePredicates &appidPredicates)
681 {
682 if (cmd.GetTableName() != PhotoColumn::PHOTOS_TABLE && cmd.GetTableName() != AudioColumn::AUDIOS_TABLE &&
683 cmd.GetTableName() != MEDIALIBRARY_TABLE) {
684 return false;
685 }
686 string clientAppId = GetClientAppId();
687 if (clientAppId.empty()) {
688 return false;
689 }
690 appidPredicates.And()->EqualTo("owner_appid", clientAppId);
691 return true;
692 }
693
AddOwnerCheck(MediaLibraryCommand & cmd,DataSharePredicates & tokenIdPredicates,vector<string> & columns)694 static bool AddOwnerCheck(MediaLibraryCommand &cmd, DataSharePredicates &tokenIdPredicates, vector<string> &columns)
695 {
696 if (cmd.GetTableName() != PhotoColumn::PHOTOS_TABLE && cmd.GetTableName() != AudioColumn::AUDIOS_TABLE &&
697 cmd.GetTableName() != MEDIALIBRARY_TABLE) {
698 return false;
699 }
700 uint32_t tokenid = PermissionUtils::GetTokenId();
701 string onClause = cmd.GetTableName() + "." + MediaColumn::MEDIA_ID + " = " +
702 AppUriPermissionColumn::APP_URI_PERMISSION_TABLE + "." + AppUriPermissionColumn::FILE_ID;
703 vector<string> clauses = { onClause };
704 tokenIdPredicates.InnerJoin(AppUriPermissionColumn::APP_URI_PERMISSION_TABLE)->On(clauses);
705 tokenIdPredicates.EqualTo(AppUriPermissionColumn::TARGET_TOKENID, to_string(tokenid));
706 for (auto &str : columns) {
707 if (str.compare(AppUriPermissionColumn::FILE_ID) == 0) {
708 str = AppUriPermissionColumn::APP_URI_PERMISSION_TABLE + "." + AppUriPermissionColumn::FILE_ID;
709 }
710 }
711 return true;
712 }
713
GetFlagFromMode(const string & mode)714 static uint32_t GetFlagFromMode(const string &mode)
715 {
716 if (mode.find("w") != string::npos) {
717 return AAFwk::Want::FLAG_AUTH_WRITE_URI_PERMISSION;
718 }
719 return AAFwk::Want::FLAG_AUTH_READ_URI_PERMISSION;
720 }
721
CheckPermissionForOpenFile(const Uri & uri,MediaLibraryCommand & command,string & unifyMode)722 int MediaDataShareExtAbility::CheckPermissionForOpenFile(const Uri &uri,
723 MediaLibraryCommand &command, string &unifyMode)
724 {
725 PermParam permParam = {
726 .isWrite = false,
727 .isOpenFile = true,
728 .openFileNode = unifyMode
729 };
730 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, E_PERMISSION_DENIED, "permissionHandler_ is nullptr");
731 int err = permissionHandler_->CheckPermission(command, permParam);
732 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
733 if (err != E_SUCCESS) {
734 err = CheckOpenFilePermission(command, unifyMode);
735 }
736 if (err == E_PERMISSION_DENIED) {
737 err = UriPermissionOperations::CheckUriPermission(command.GetUriStringWithoutSegment(), unifyMode);
738 if (!CheckIsOwner(uri, command, unifyMode)) {
739 MEDIA_ERR_LOG("Permission Denied! err = %{public}d", err);
740 CollectPermissionInfo(command, unifyMode, false,
741 PermissionUsedTypeValue::SECURITY_COMPONENT_TYPE);
742 return err;
743 } else {
744 return E_OK;
745 }
746 }
747 return err;
748 }
749
OpenFile(const Uri & uri,const string & mode)750 int MediaDataShareExtAbility::OpenFile(const Uri &uri, const string &mode)
751 {
752 #ifdef MEDIALIBRARY_COMPATIBILITY
753 string realUriStr = MediaFileUtils::GetRealUriFromVirtualUri(uri.ToString());
754 Uri realUri(realUriStr);
755 MediaLibraryCommand command(realUri, Media::OperationType::OPEN);
756
757 #else
758 MediaLibraryCommand command(uri, Media::OperationType::OPEN);
759 #endif
760
761 string unifyMode = mode;
762 transform(unifyMode.begin(), unifyMode.end(), unifyMode.begin(), ::tolower);
763 int err = CheckPermissionForOpenFile(uri, command, unifyMode);
764 CHECK_AND_RETURN_RET_LOG(err >= 0, err, "permission deny: %{public}d", err);
765 int32_t object = static_cast<int32_t>(command.GetOprnObject());
766 int32_t type = static_cast<int32_t>(command.GetOprnType());
767 DfxTimer dfxTimer(type, object, OPEN_FILE_TIME_OUT, true);
768 if (command.GetUri().ToString().find(MEDIA_DATA_DB_THUMBNAIL) != string::npos) {
769 command.SetOprnObject(OperationObject::THUMBNAIL);
770 }
771 if (command.GetUri().ToString().find(MEDIA_DATA_DB_THUMB_ASTC) != string::npos) {
772 command.SetOprnObject(OperationObject::THUMBNAIL_ASTC);
773 }
774 if (command.GetUri().ToString().find(PhotoColumn::PHOTO_CACHE_URI_PREFIX) != string::npos) {
775 command.SetOprnObject(OperationObject::FILESYSTEM_PHOTO);
776 }
777 if (command.GetUri().ToString().find(PhotoColumn::HIGHTLIGHT_URI) != string::npos) {
778 command.SetOprnObject(OperationObject::HIGHLIGHT_URI);
779 } else if (command.GetUri().ToString().find(MEDIA_DATA_DB_HIGHLIGHT) != string::npos) {
780 command.SetOprnObject(OperationObject::HIGHLIGHT_COVER);
781 }
782 if (command.GetUri().ToString().find(PhotoColumn::PHOTO_REQUEST_PICTURE) != string::npos) {
783 command.SetOprnObject(OperationObject::REQUEST_PICTURE);
784 }
785 if (command.GetUri().ToString().find(PhotoColumn::PHOTO_REQUEST_PICTURE_BUFFER) != string::npos) {
786 command.SetOprnObject(OperationObject::PHOTO_REQUEST_PICTURE_BUFFER);
787 }
788 if (command.GetUri().ToString().find(MEDIA_DATA_DB_KEY_FRAME) != string::npos) {
789 command.SetOprnObject(OperationObject::KEY_FRAME);
790 }
791 return MediaLibraryDataManager::GetInstance()->OpenFile(command, unifyMode);
792 }
793
OpenRawFile(const Uri & uri,const string & mode)794 int MediaDataShareExtAbility::OpenRawFile(const Uri &uri, const string &mode)
795 {
796 return 0;
797 }
798
Insert(const Uri & uri,const DataShareValuesBucket & value)799 int MediaDataShareExtAbility::Insert(const Uri &uri, const DataShareValuesBucket &value)
800 {
801 MediaLibraryCommand cmd(uri);
802 PermParam permParam = {
803 .isWrite = true,
804 };
805 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, E_PERMISSION_DENIED, "permissionHandler_ is nullptr");
806 int err = permissionHandler_->CheckPermission(cmd, permParam);
807 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
808 CHECK_AND_RETURN_RET(err == E_SUCCESS, err);
809 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
810 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
811 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
812 return MediaLibraryDataManager::GetInstance()->Insert(cmd, value);
813 }
814
InsertExt(const Uri & uri,const DataShareValuesBucket & value,string & result)815 int MediaDataShareExtAbility::InsertExt(const Uri &uri, const DataShareValuesBucket &value, string &result)
816 {
817 MediaLibraryCommand cmd(uri);
818 PermParam permParam = {
819 .isWrite = true,
820 };
821 bool needToResetTime = false;
822 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, E_PERMISSION_DENIED, "permissionHandler_ is nullptr");
823 int err = permissionHandler_->CheckPermission(cmd, permParam);
824 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
825 if (err != E_SUCCESS) {
826 err = HandleShortPermission(cmd, needToResetTime);
827 }
828 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
829 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
830 if (err < 0) {
831 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
832 return err;
833 }
834
835 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
836 int32_t ret = MediaLibraryDataManager::GetInstance()->InsertExt(cmd, value, result);
837 if (needToResetTime) {
838 AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
839 err = Security::AccessToken::AccessTokenKit::GrantPermissionForSpecifiedTime(tokenCaller,
840 PERM_SHORT_TERM_WRITE_IMAGEVIDEO, SHORT_TERM_PERMISSION_DURATION_300S);
841 if (err < 0) {
842 MEDIA_ERR_LOG("queryResultSet is nullptr! errCode: %{public}d", err);
843 return err;
844 }
845 }
846 return ret;
847 }
848
CheckCloudSyncPermission()849 static bool CheckCloudSyncPermission()
850 {
851 CHECK_AND_RETURN_RET_LOG(PermissionUtils::CheckCallerPermission(PERM_CLOUD_SYNC_MANAGER),
852 false, "permission denied");
853 return true;
854 }
855
Update(const Uri & uri,const DataSharePredicates & predicates,const DataShareValuesBucket & value)856 int MediaDataShareExtAbility::Update(const Uri &uri, const DataSharePredicates &predicates,
857 const DataShareValuesBucket &value)
858 {
859 MediaLibraryCommand cmd(uri);
860 if (cmd.GetOprnObject() == OperationObject::CLOUD_MEDIA_ASSET_OPERATE) {
861 if (!CheckCloudSyncPermission()) {
862 return E_PERMISSION_DENIED;
863 }
864 return CloudMediaAssetManager::GetInstance().HandleCloudMediaAssetUpdateOperations(cmd);
865 }
866 PermParam permParam = {
867 .isWrite = true,
868 };
869 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, E_PERMISSION_DENIED, "permissionHandler_ is nullptr");
870 cmd.SetDataSharePred(predicates);
871 int err = permissionHandler_->CheckPermission(cmd, permParam);
872 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
873 if (err != E_SUCCESS) {
874 err = HandleRestorePermission(cmd);
875 }
876 bool isMediatoolOperation = IsMediatoolOperation(cmd);
877 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
878 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
879
880 DataSharePredicates appidPredicates = predicates;
881 if (err != E_SUCCESS) {
882 if (isMediatoolOperation) {
883 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
884 return err;
885 }
886 if (!AddOwnerCheck(cmd, appidPredicates)) {
887 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
888 return err;
889 }
890 }
891
892 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
893 auto updateRet = MediaLibraryDataManager::GetInstance()->Update(cmd, value, appidPredicates);
894 bool cond = (err < 0 && updateRet <= 0);
895 CHECK_AND_RETURN_RET_LOG(!cond, err, "permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
896 return updateRet;
897 }
898
Delete(const Uri & uri,const DataSharePredicates & predicates)899 int MediaDataShareExtAbility::Delete(const Uri &uri, const DataSharePredicates &predicates)
900 {
901 MediaLibraryCommand cmd(uri, Media::OperationType::DELETE);
902 PermParam permParam = {
903 .isWrite = true,
904 };
905 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, E_PERMISSION_DENIED, "permissionHandler_ is nullptr");
906 cmd.SetDataSharePred(predicates);
907 int err = permissionHandler_->CheckPermission(cmd, permParam);
908 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
909 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
910 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
911 if (err != E_SUCCESS) {
912 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
913 return err;
914 }
915
916 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
917 return MediaLibraryDataManager::GetInstance()->Delete(cmd, predicates);
918 }
919
Query(const Uri & uri,const DataSharePredicates & predicates,vector<string> & columns,DatashareBusinessError & businessError)920 shared_ptr<DataShareResultSet> MediaDataShareExtAbility::Query(const Uri &uri,
921 const DataSharePredicates &predicates, vector<string> &columns, DatashareBusinessError &businessError)
922 {
923 MediaLibraryCommand cmd(uri);
924 PermParam permParam = {.isWrite = false};
925 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, nullptr, "permissionHandler_ is nullptr");
926 cmd.SetDataSharePred(predicates);
927 int err = permissionHandler_->CheckPermission(cmd, permParam);
928 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
929 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
930 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
931 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
932 bool isMediatoolOperation = IsMediatoolOperation(cmd);
933 int errCode = businessError.GetCode();
934 DataSharePredicates appidPredicates = predicates;
935 if (err != E_SUCCESS) {
936 if (isMediatoolOperation) {
937 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
938 businessError.SetCode(err);
939 return nullptr;
940 }
941 auto& uriPermissionClient = AAFwk::UriPermissionManagerClient::GetInstance();
942 if (!AddOwnerCheck(cmd, appidPredicates)) {
943 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
944 businessError.SetCode(err);
945 return nullptr;
946 }
947 }
948 auto queryResultSet = MediaLibraryDataManager::GetInstance()->Query(cmd, columns, appidPredicates, errCode);
949 businessError.SetCode(to_string(errCode));
950 if (queryResultSet == nullptr) {
951 MEDIA_ERR_LOG("queryResultSet is nullptr! errCode: %{public}d", errCode);
952 businessError.SetCode(errCode);
953 return nullptr;
954 }
955 auto count = 0;
956 queryResultSet->GetRowCount(count);
957 if (err < 0 && count == 0) {
958 businessError.SetCode(err);
959 return nullptr;
960 }
961 shared_ptr<DataShareResultSet> resultSet = make_shared<DataShareResultSet>(queryResultSet);
962 return resultSet;
963 }
964
GetType(const Uri & uri)965 string MediaDataShareExtAbility::GetType(const Uri &uri)
966 {
967 MEDIA_INFO_LOG("%{public}s begin.", __func__);
968 MediaLibraryCommand cmd(uri);
969 PermParam permParam = {.isWrite = false};
970 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, "", "permissionHandler_ is nullptr");
971 int err = permissionHandler_->CheckPermission(cmd, permParam);
972 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
973 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
974 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
975 if (err != E_SUCCESS) {
976 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
977 return "";
978 }
979 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
980 string getTypeRet = MediaLibraryDataManager::GetInstance()->GetType(uri);
981 return getTypeRet;
982 }
983
BatchInsert(const Uri & uri,const vector<DataShareValuesBucket> & values)984 int MediaDataShareExtAbility::BatchInsert(const Uri &uri, const vector<DataShareValuesBucket> &values)
985 {
986 MediaLibraryCommand cmd(uri);
987 PermParam permParam = {
988 .isWrite = true,
989 };
990 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, E_PERMISSION_DENIED, "permissionHandler_ is nullptr");
991 int err = permissionHandler_->CheckPermission(cmd, permParam);
992 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
993 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
994 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
995 if (err != E_SUCCESS) {
996 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
997 return err;
998 }
999 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
1000 return MediaLibraryDataManager::GetInstance()->BatchInsert(cmd, values);
1001 }
1002
RegisterObserver(const Uri & uri,const sptr<AAFwk::IDataAbilityObserver> & dataObserver)1003 bool MediaDataShareExtAbility::RegisterObserver(const Uri &uri, const sptr<AAFwk::IDataAbilityObserver> &dataObserver)
1004 {
1005 MEDIA_INFO_LOG("%{public}s begin.", __func__);
1006 auto obsMgrClient = DataObsMgrClient::GetInstance();
1007 if (obsMgrClient == nullptr) {
1008 MEDIA_ERR_LOG("%{public}s obsMgrClient is nullptr", __func__);
1009 return false;
1010 }
1011
1012 ErrCode ret = obsMgrClient->RegisterObserver(uri, dataObserver);
1013 CHECK_AND_RETURN_RET_LOG(ret == ERR_OK, false,
1014 "%{public}s obsMgrClient->RegisterObserver error return %{public}d", __func__, ret);
1015 MEDIA_INFO_LOG("%{public}s end.", __func__);
1016 return true;
1017 }
1018
UnregisterObserver(const Uri & uri,const sptr<AAFwk::IDataAbilityObserver> & dataObserver)1019 bool MediaDataShareExtAbility::UnregisterObserver(const Uri &uri, const sptr<AAFwk::IDataAbilityObserver> &dataObserver)
1020 {
1021 MEDIA_INFO_LOG("%{public}s begin.", __func__);
1022 auto obsMgrClient = DataObsMgrClient::GetInstance();
1023 CHECK_AND_RETURN_RET_LOG(obsMgrClient != nullptr, false, "%{public}s obsMgrClient is nullptr", __func__);
1024
1025 ErrCode ret = obsMgrClient->UnregisterObserver(uri, dataObserver);
1026 CHECK_AND_RETURN_RET_LOG(ret == ERR_OK, false,
1027 "%{public}s obsMgrClient->UnregisterObserver error return %{public}d", __func__, ret);
1028 MEDIA_INFO_LOG("%{public}s end.", __func__);
1029 return true;
1030 }
1031
NotifyChange(const Uri & uri)1032 bool MediaDataShareExtAbility::NotifyChange(const Uri &uri)
1033 {
1034 auto obsMgrClient = DataObsMgrClient::GetInstance();
1035 CHECK_AND_RETURN_RET_LOG(obsMgrClient != nullptr, false, "%{public}s obsMgrClient is nullptr", __func__);
1036
1037 ErrCode ret = obsMgrClient->NotifyChange(uri);
1038 CHECK_AND_RETURN_RET_LOG(ret == ERR_OK, false,
1039 "%{public}s obsMgrClient->NotifyChange error return %{public}d", __func__, ret);
1040 return true;
1041 }
1042
NormalizeUri(const Uri & uri)1043 Uri MediaDataShareExtAbility::NormalizeUri(const Uri &uri)
1044 {
1045 MEDIA_INFO_LOG("%{public}s begin.", __func__);
1046 auto ret = uri;
1047 MEDIA_INFO_LOG("%{public}s end.", __func__);
1048 return ret;
1049 }
1050
DenormalizeUri(const Uri & uri)1051 Uri MediaDataShareExtAbility::DenormalizeUri(const Uri &uri)
1052 {
1053 MEDIA_INFO_LOG("%{public}s begin.", __func__);
1054 auto ret = uri;
1055 MEDIA_INFO_LOG("%{public}s end.", __func__);
1056 return ret;
1057 }
1058 } // namespace AbilityRuntime
1059 } // namespace OHOS
1060