1 /* 2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef OHOS_ABILITY_RUNTIME_URI_PERMISSION_MANAGER_INTERFACE_H 17 #define OHOS_ABILITY_RUNTIME_URI_PERMISSION_MANAGER_INTERFACE_H 18 #include <vector> 19 #include "access_token.h" 20 #include "iremote_broker.h" 21 #include "uri.h" 22 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER 23 #include "policy_info.h" 24 #else 25 #include "upms_policy_info.h" 26 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER 27 28 namespace OHOS { 29 namespace AAFwk { 30 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER 31 using namespace AccessControl::SandboxManager; 32 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER 33 class IUriPermissionManager : public IRemoteBroker { 34 public: 35 DECLARE_INTERFACE_DESCRIPTOR(u"ohos.ability.UriPermissionManager"); 36 37 /** 38 * @brief Authorize the uri permission to targetBundleName. 39 * 40 * @param uri The file uri. 41 * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. 42 * @param targetBundleName The user of uri. 43 * @return Returns true if the authorization is successful, otherwise returns false. 44 */ 45 virtual int GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, 46 int32_t appIndex = 0, uint32_t initiatorTokenId = 0) = 0; 47 48 /** 49 * @brief Authorize the uri permission to targetBundleName. 50 * 51 * @param uriVec The file urilist. 52 * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. 53 * @param targetBundleName The user of uri. 54 * @return Returns true if the authorization is successful, otherwise returns false. 55 */ 56 virtual int GrantUriPermission(const std::vector<Uri> &uriVec, unsigned int flag, 57 const std::string targetBundleName, int32_t appIndex = 0, uint32_t initiatorTokenId = 0) = 0; 58 59 /** 60 * @brief Authorize the uri permission to targetBundleName. 61 * 62 * @param uriVec The file urilist. 63 * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. 64 * @param targetBundleName The user of uri. 65 * @param appIndex The index of application in sandbox. 66 * @return Returns ERR_OK if the authorization is successful, otherwise returns error code. 67 */ 68 virtual int32_t GrantUriPermissionPrivileged(const std::vector<Uri> &uriVec, uint32_t flag, 69 const std::string &targetBundleName, int32_t appIndex, uint32_t initiatorTokenId, 70 int32_t hideSensitiveType = 0) = 0; 71 72 /** 73 * @brief Clear user's all uri authorization record with autoremove flag. 74 * 75 * @param tokenId A tokenId of an application. 76 * @return Returns true if the remove is successful, otherwise returns false. 77 */ 78 virtual int RevokeAllUriPermissions(const uint32_t tokenId) = 0; 79 80 /** 81 * @brief Clear user's uri authorization record. 82 * 83 * @param uri The file uri. 84 * @param bundleName bundleName of an application. 85 * @param appIndex The index of application in sandbox. 86 * @return Returns true if the remove is successful, otherwise returns false. 87 */ 88 virtual int RevokeUriPermissionManually(const Uri &uri, const std::string bundleName, 89 int32_t appIndex = 0) = 0; 90 91 /** 92 * @brief verify if tokenId have uri permission of flag. 93 * 94 * @param uri The file uri. 95 * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. 96 * @param tokenId A tokenId of an application. 97 */ 98 virtual bool VerifyUriPermission(const Uri& uri, uint32_t flag, uint32_t tokenId) = 0; 99 100 /** 101 * @brief verify if tokenId have uri permission of flag. 102 * 103 * @param uri The file uri. 104 * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. 105 * @param tokenId A tokenId of an application. 106 */ 107 virtual std::vector<bool> CheckUriAuthorization(const std::vector<std::string> &uriVec, 108 uint32_t flag, uint32_t tokenId) = 0; 109 110 virtual int32_t ClearPermissionTokenByMap(uint32_t tokenId) = 0; 111 112 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER 113 virtual int32_t Active(const std::vector<PolicyInfo> &policy, std::vector<uint32_t> &result) = 0; 114 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER 115 116 enum UriPermMgrCmd { 117 // ipc id for GrantUriPermission 118 ON_GRANT_URI_PERMISSION = 0, 119 120 // ipc id for RevokeAllUriPermission 121 ON_REVOKE_ALL_URI_PERMISSION, 122 123 // ipc id for RevokeUriPermisionManually 124 ON_REVOKE_URI_PERMISSION_MANUALLY, 125 126 // ipc id for VerifyUriPermission 127 ON_VERIFY_URI_PERMISSION, 128 129 // ipc id for BatchGrantUriPermission 130 ON_BATCH_GRANT_URI_PERMISSION, 131 132 //ipc id for GrantUriPermissionPrivileged 133 ON_GRANT_URI_PERMISSION_PRIVILEGED, 134 135 //ipc id for CheckUriAuthorization 136 ON_CHECK_URI_AUTHORIZATION, 137 138 //ipc id for ClearPermissionTokenByMap 139 ON_CLEAR_PERMISSION_TOKEN_BY_MAP, 140 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER 141 //ipc id for Active 142 ON_ACTIVE, 143 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER 144 }; 145 }; 146 } // namespace AAFwk 147 } // namespace OHOS 148 #endif // OHOS_ABILITY_RUNTIME_URI_PERMISSION_MANAGER_INTERFACE_H 149