1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "uri_permission_manager_client.h"
17
18 #include "ability_manager_errors.h"
19 #include "hilog_tag_wrapper.h"
20 #include "if_system_ability_manager.h"
21 #include "iservice_registry.h"
22 #include "system_ability_definition.h"
23 #include "uri_permission_load_callback.h"
24
25 namespace OHOS {
26 namespace AAFwk {
27 namespace {
28 const int LOAD_SA_TIMEOUT_MS = 4 * 1000;
29 const int MAX_URI_COUNT = 500;
30 } // namespace
GetInstance()31 UriPermissionManagerClient& UriPermissionManagerClient::GetInstance()
32 {
33 static UriPermissionManagerClient instance;
34 return instance;
35 }
36
GrantUriPermission(const Uri & uri,unsigned int flag,const std::string targetBundleName,int32_t appIndex,uint32_t initiatorTokenId)37 int UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int flag,
38 const std::string targetBundleName, int32_t appIndex, uint32_t initiatorTokenId)
39 {
40 TAG_LOGD(AAFwkTag::URIPERMMGR, "targetBundleName:%{public}s", targetBundleName.c_str());
41 auto uriPermMgr = ConnectUriPermService();
42 if (uriPermMgr) {
43 return uriPermMgr->GrantUriPermission(uri, flag, targetBundleName, appIndex, initiatorTokenId);
44 }
45 return INNER_ERR;
46 }
47
GrantUriPermission(const std::vector<Uri> & uriVec,unsigned int flag,const std::string targetBundleName,int32_t appIndex,uint32_t initiatorTokenId)48 int UriPermissionManagerClient::GrantUriPermission(const std::vector<Uri> &uriVec, unsigned int flag,
49 const std::string targetBundleName, int32_t appIndex, uint32_t initiatorTokenId)
50 {
51 TAG_LOGD(AAFwkTag::URIPERMMGR, "targetBundleName:%{public}s, uriVecSize:%{public}zu", targetBundleName.c_str(),
52 uriVec.size());
53 if (uriVec.empty() || uriVec.size() > MAX_URI_COUNT) {
54 TAG_LOGE(AAFwkTag::URIPERMMGR, "uriVec empty or exceed maxSize %{public}d", MAX_URI_COUNT);
55 return ERR_URI_LIST_OUT_OF_RANGE;
56 }
57 auto uriPermMgr = ConnectUriPermService();
58 if (uriPermMgr) {
59 return uriPermMgr->GrantUriPermission(uriVec, flag, targetBundleName, appIndex, initiatorTokenId);
60 }
61 return INNER_ERR;
62 }
63
GrantUriPermissionPrivileged(const std::vector<Uri> & uriVec,uint32_t flag,const std::string & targetBundleName,int32_t appIndex,uint32_t initiatorTokenId,int32_t hideSensitiveType)64 int32_t UriPermissionManagerClient::GrantUriPermissionPrivileged(const std::vector<Uri> &uriVec, uint32_t flag,
65 const std::string &targetBundleName, int32_t appIndex, uint32_t initiatorTokenId, int32_t hideSensitiveType)
66 {
67 TAG_LOGD(AAFwkTag::URIPERMMGR, "targetBundleName:%{public}s, uriVecSize:%{public}zu",
68 targetBundleName.c_str(), uriVec.size());
69 if (uriVec.empty() || uriVec.size() > MAX_URI_COUNT) {
70 TAG_LOGE(AAFwkTag::URIPERMMGR, "uriVec empty or exceed maxSize %{public}d", MAX_URI_COUNT);
71 return ERR_URI_LIST_OUT_OF_RANGE;
72 }
73 auto uriPermMgr = ConnectUriPermService();
74 if (uriPermMgr) {
75 return uriPermMgr->GrantUriPermissionPrivileged(uriVec, flag, targetBundleName, appIndex,
76 initiatorTokenId, hideSensitiveType);
77 }
78 return INNER_ERR;
79 }
80
RevokeAllUriPermissions(const uint32_t tokenId)81 int UriPermissionManagerClient::RevokeAllUriPermissions(const uint32_t tokenId)
82 {
83 TAG_LOGD(AAFwkTag::URIPERMMGR, "call");
84 auto uriPermMgr = ConnectUriPermService();
85 if (uriPermMgr) {
86 return uriPermMgr->RevokeAllUriPermissions(tokenId);
87 }
88 return INNER_ERR;
89 }
90
RevokeUriPermissionManually(const Uri & uri,const std::string bundleName,int32_t appIndex)91 int UriPermissionManagerClient::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName,
92 int32_t appIndex)
93 {
94 TAG_LOGD(AAFwkTag::URIPERMMGR, "call");
95 auto uriPermMgr = ConnectUriPermService();
96 if (uriPermMgr) {
97 return uriPermMgr->RevokeUriPermissionManually(uri, bundleName, appIndex);
98 }
99 return INNER_ERR;
100 }
101
VerifyUriPermission(const Uri & uri,uint32_t flag,uint32_t tokenId)102 bool UriPermissionManagerClient::VerifyUriPermission(const Uri& uri, uint32_t flag, uint32_t tokenId)
103 {
104 auto uriPermMgr = ConnectUriPermService();
105 if (uriPermMgr) {
106 return uriPermMgr->VerifyUriPermission(uri, flag, tokenId);
107 }
108 return false;
109 }
110
CheckUriAuthorization(const std::vector<std::string> & uriVec,uint32_t flag,uint32_t tokenId)111 std::vector<bool> UriPermissionManagerClient::CheckUriAuthorization(const std::vector<std::string> &uriVec,
112 uint32_t flag, uint32_t tokenId)
113 {
114 uint32_t size = uriVec.size();
115 TAG_LOGD(AAFwkTag::URIPERMMGR, "flag:%{public}u, tokenId:%{public}u", flag, tokenId);
116 std::vector<bool> errorRes(size, false);
117 if (uriVec.empty() || uriVec.size() > MAX_URI_COUNT) {
118 TAG_LOGE(AAFwkTag::URIPERMMGR, "uriVec empty or exceed maxSize %{public}d", MAX_URI_COUNT);
119 return errorRes;
120 }
121 auto uriPermMgr = ConnectUriPermService();
122 if (uriPermMgr) {
123 return uriPermMgr->CheckUriAuthorization(uriVec, flag, tokenId);
124 }
125 return errorRes;
126 }
127
ConnectUriPermService()128 sptr<IUriPermissionManager> UriPermissionManagerClient::ConnectUriPermService()
129 {
130 TAG_LOGD(AAFwkTag::URIPERMMGR, "call");
131 auto uriPermMgr = GetUriPermMgr();
132 if (uriPermMgr == nullptr) {
133 if (!LoadUriPermService()) {
134 TAG_LOGE(AAFwkTag::URIPERMMGR, "LoadUriPermService failed");
135 return nullptr;
136 }
137 uriPermMgr = GetUriPermMgr();
138 if (uriPermMgr == nullptr || uriPermMgr->AsObject() == nullptr) {
139 TAG_LOGE(AAFwkTag::URIPERMMGR, "GetUriPermMgr failed");
140 return nullptr;
141 }
142 const auto& onClearProxyCallback = [] {
143 UriPermissionManagerClient::GetInstance().ClearProxy();
144 };
145 sptr<UpmsDeathRecipient> recipient(new UpmsDeathRecipient(onClearProxyCallback));
146 uriPermMgr->AsObject()->AddDeathRecipient(recipient);
147 }
148 TAG_LOGD(AAFwkTag::URIPERMMGR, "End");
149 return uriPermMgr;
150 }
151
LoadUriPermService()152 bool UriPermissionManagerClient::LoadUriPermService()
153 {
154 TAG_LOGD(AAFwkTag::URIPERMMGR, "call");
155 auto systemAbilityMgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
156 if (systemAbilityMgr == nullptr) {
157 TAG_LOGE(AAFwkTag::URIPERMMGR, "GetSystemAbilityManager failed");
158 return false;
159 }
160
161 sptr<UriPermissionLoadCallback> loadCallback = new (std::nothrow) UriPermissionLoadCallback();
162 if (loadCallback == nullptr) {
163 TAG_LOGE(AAFwkTag::URIPERMMGR, "Create loadCallback failed");
164 return false;
165 }
166
167 auto ret = systemAbilityMgr->LoadSystemAbility(URI_PERMISSION_MGR_SERVICE_ID, loadCallback);
168 if (ret != 0) {
169 TAG_LOGE(AAFwkTag::URIPERMMGR, "LoadSystemAbility %{public}d failed:%{public}d",
170 URI_PERMISSION_MGR_SERVICE_ID, ret);
171 return false;
172 }
173
174 {
175 std::unique_lock<std::mutex> lock(saLoadMutex_);
176 auto waitStatus = loadSaVariable_.wait_for(lock, std::chrono::milliseconds(LOAD_SA_TIMEOUT_MS),
177 [this]() {
178 return saLoadFinished_;
179 });
180 if (!waitStatus) {
181 TAG_LOGE(AAFwkTag::URIPERMMGR, "Wait for load sa timeout");
182 return false;
183 }
184 }
185 return true;
186 }
187
GetUriPermMgr()188 sptr<IUriPermissionManager> UriPermissionManagerClient::GetUriPermMgr()
189 {
190 std::lock_guard<std::mutex> lock(mutex_);
191 return uriPermMgr_;
192 }
193
SetUriPermMgr(const sptr<IRemoteObject> & remoteObject)194 void UriPermissionManagerClient::SetUriPermMgr(const sptr<IRemoteObject> &remoteObject)
195 {
196 TAG_LOGD(AAFwkTag::URIPERMMGR, "call");
197 std::lock_guard<std::mutex> lock(mutex_);
198 uriPermMgr_ = iface_cast<IUriPermissionManager>(remoteObject);
199 }
200
OnLoadSystemAbilitySuccess(const sptr<IRemoteObject> & remoteObject)201 void UriPermissionManagerClient::OnLoadSystemAbilitySuccess(const sptr<IRemoteObject> &remoteObject)
202 {
203 TAG_LOGD(AAFwkTag::URIPERMMGR, "call");
204 SetUriPermMgr(remoteObject);
205 std::unique_lock<std::mutex> lock(saLoadMutex_);
206 saLoadFinished_ = true;
207 loadSaVariable_.notify_one();
208 }
209
OnLoadSystemAbilityFail()210 void UriPermissionManagerClient::OnLoadSystemAbilityFail()
211 {
212 TAG_LOGD(AAFwkTag::URIPERMMGR, "call");
213 SetUriPermMgr(nullptr);
214 std::unique_lock<std::mutex> lock(saLoadMutex_);
215 saLoadFinished_ = true;
216 loadSaVariable_.notify_one();
217 }
218
ClearProxy()219 void UriPermissionManagerClient::ClearProxy()
220 {
221 TAG_LOGD(AAFwkTag::URIPERMMGR, "call");
222 {
223 std::lock_guard<std::mutex> lock(mutex_);
224 uriPermMgr_ = nullptr;
225 }
226 std::unique_lock<std::mutex> lock(saLoadMutex_);
227 saLoadFinished_ = false;
228 }
229
OnRemoteDied(const wptr<IRemoteObject> & remote)230 void UriPermissionManagerClient::UpmsDeathRecipient::OnRemoteDied([[maybe_unused]] const wptr<IRemoteObject>& remote)
231 {
232 TAG_LOGE(AAFwkTag::URIPERMMGR, "call");
233 proxy_();
234 }
235
ClearPermissionTokenByMap(const uint32_t tokenId)236 int32_t UriPermissionManagerClient::ClearPermissionTokenByMap(const uint32_t tokenId)
237 {
238 TAG_LOGD(AAFwkTag::URIPERMMGR, "call");
239 auto uriPermMgr = ConnectUriPermService();
240 if (uriPermMgr) {
241 return uriPermMgr->ClearPermissionTokenByMap(tokenId);
242 }
243 return INNER_ERR;
244 }
245
246 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
Active(const std::vector<PolicyInfo> & policy,std::vector<uint32_t> & result)247 int32_t UriPermissionManagerClient::Active(const std::vector<PolicyInfo> &policy, std::vector<uint32_t> &result)
248 {
249 TAG_LOGD(AAFwkTag::URIPERMMGR, "call");
250 auto uriPermMgr = ConnectUriPermService();
251 if (uriPermMgr) {
252 return uriPermMgr->Active(policy, result);
253 }
254 return INNER_ERR;
255 }
256 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
257 } // namespace AAFwk
258 } // namespace OHOS
259