1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "privacy_kit.h"
17
18 #include <string>
19 #include <vector>
20
21 #include "constant_common.h"
22 #include "data_validator.h"
23 #include "privacy_error.h"
24 #include "privacy_manager_client.h"
25 #include "time_util.h"
26
27 namespace OHOS {
28 namespace Security {
29 namespace AccessToken {
30 namespace {
31 constexpr const int64_t MERGE_TIMESTAMP = 200; // 200ms
32 std::mutex g_lockCache;
33 struct RecordCache {
34 int32_t successCount = 0;
35 int64_t timespamp = 0;
36 };
37 std::map<std::string, RecordCache> g_recordMap;
38 }
GetRecordUniqueStr(const AddPermParamInfo & record)39 static std::string GetRecordUniqueStr(const AddPermParamInfo& record)
40 {
41 return std::to_string(record.tokenId) + "_" + record.permissionName + "_" + std::to_string(record.type);
42 }
43
FindAndInsertRecord(const AddPermParamInfo & record)44 bool FindAndInsertRecord(const AddPermParamInfo& record)
45 {
46 std::lock_guard<std::mutex> lock(g_lockCache);
47 std::string newRecordStr = GetRecordUniqueStr(record);
48 int64_t curTimestamp = TimeUtil::GetCurrentTimestamp();
49 auto iter = g_recordMap.find(newRecordStr);
50 if (iter == g_recordMap.end()) {
51 g_recordMap[newRecordStr].successCount = record.successCount;
52 g_recordMap[newRecordStr].timespamp = curTimestamp;
53 return false;
54 }
55 if (curTimestamp - iter->second.timespamp >= MERGE_TIMESTAMP) {
56 g_recordMap[newRecordStr].successCount = record.successCount;
57 g_recordMap[newRecordStr].timespamp = curTimestamp;
58 return false;
59 }
60 if (iter->second.successCount == 0 && record.successCount != 0) {
61 g_recordMap[newRecordStr].successCount += record.successCount;
62 g_recordMap[newRecordStr].timespamp = curTimestamp;
63 return false;
64 }
65 g_recordMap[newRecordStr].successCount += record.successCount;
66 g_recordMap[newRecordStr].timespamp = curTimestamp;
67 return true;
68 }
69
AddPermissionUsedRecord(AccessTokenID tokenID,const std::string & permissionName,int32_t successCount,int32_t failCount,bool asyncMode)70 int32_t PrivacyKit::AddPermissionUsedRecord(AccessTokenID tokenID, const std::string& permissionName,
71 int32_t successCount, int32_t failCount, bool asyncMode)
72 {
73 AddPermParamInfo info;
74 info.tokenId = tokenID;
75 info.permissionName = permissionName;
76 info.successCount = successCount;
77 info.failCount = failCount;
78 return AddPermissionUsedRecord(info, asyncMode);
79 }
80
AddPermissionUsedRecord(const AddPermParamInfo & info,bool asyncMode)81 int32_t PrivacyKit::AddPermissionUsedRecord(const AddPermParamInfo& info, bool asyncMode)
82 {
83 if ((!DataValidator::IsTokenIDValid(info.tokenId)) ||
84 (!DataValidator::IsPermissionNameValid(info.permissionName)) ||
85 (info.successCount < 0 || info.failCount < 0) ||
86 (!DataValidator::IsPermissionUsedTypeValid(info.type))) {
87 return PrivacyError::ERR_PARAM_INVALID;
88 }
89 if (!DataValidator::IsHapCaller(info.tokenId)) {
90 return PrivacyError::ERR_PARAM_INVALID;
91 }
92
93 if (!FindAndInsertRecord(info)) {
94 int32_t ret = PrivacyManagerClient::GetInstance().AddPermissionUsedRecord(info, asyncMode);
95 if (ret == PrivacyError::PRIVACY_TOGGELE_RESTRICTED) {
96 std::lock_guard<std::mutex> lock(g_lockCache);
97 std::string recordStr = GetRecordUniqueStr(info);
98 g_recordMap.erase(recordStr);
99 return RET_SUCCESS;
100 }
101 return ret;
102 }
103
104 return RET_SUCCESS;
105 }
106
SetPermissionUsedRecordToggleStatus(int32_t userID,bool status)107 int32_t PrivacyKit::SetPermissionUsedRecordToggleStatus(int32_t userID, bool status)
108 {
109 if (!DataValidator::IsUserIdValid(userID)) {
110 return PrivacyError::ERR_PARAM_INVALID;
111 }
112 return PrivacyManagerClient::GetInstance().SetPermissionUsedRecordToggleStatus(userID, status);
113 }
114
GetPermissionUsedRecordToggleStatus(int32_t userID,bool & status)115 int32_t PrivacyKit::GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status)
116 {
117 if (!DataValidator::IsUserIdValid(userID)) {
118 return PrivacyError::ERR_PARAM_INVALID;
119 }
120 return PrivacyManagerClient::GetInstance().GetPermissionUsedRecordToggleStatus(userID, status);
121 }
122
StartUsingPermission(AccessTokenID tokenID,const std::string & permissionName,int32_t pid,PermissionUsedType type)123 int32_t PrivacyKit::StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid,
124 PermissionUsedType type)
125 {
126 if ((!DataValidator::IsTokenIDValid(tokenID)) ||
127 (!DataValidator::IsPermissionNameValid(permissionName)) ||
128 (!DataValidator::IsPermissionUsedTypeValid(type))) {
129 return PrivacyError::ERR_PARAM_INVALID;
130 }
131 if (!DataValidator::IsHapCaller(tokenID)) {
132 return PrivacyError::ERR_PARAM_INVALID;
133 }
134 return PrivacyManagerClient::GetInstance().StartUsingPermission(tokenID, pid, permissionName, type);
135 }
136
StartUsingPermission(AccessTokenID tokenID,const std::string & permissionName,const std::shared_ptr<StateCustomizedCbk> & callback,int32_t pid,PermissionUsedType type)137 int32_t PrivacyKit::StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName,
138 const std::shared_ptr<StateCustomizedCbk>& callback, int32_t pid, PermissionUsedType type)
139 {
140 if ((!DataValidator::IsTokenIDValid(tokenID)) ||
141 (!DataValidator::IsPermissionNameValid(permissionName)) ||
142 (!DataValidator::IsPermissionUsedTypeValid(type))) {
143 return PrivacyError::ERR_PARAM_INVALID;
144 }
145 if (!DataValidator::IsHapCaller(tokenID)) {
146 return PrivacyError::ERR_PARAM_INVALID;
147 }
148 return PrivacyManagerClient::GetInstance().StartUsingPermission(tokenID, pid, permissionName, callback, type);
149 }
150
StopUsingPermission(AccessTokenID tokenID,const std::string & permissionName,int32_t pid)151 int32_t PrivacyKit::StopUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid)
152 {
153 if (!DataValidator::IsTokenIDValid(tokenID) || !DataValidator::IsPermissionNameValid(permissionName)) {
154 return PrivacyError::ERR_PARAM_INVALID;
155 }
156 if (!DataValidator::IsHapCaller(tokenID)) {
157 return PrivacyError::ERR_PARAM_INVALID;
158 }
159 return PrivacyManagerClient::GetInstance().StopUsingPermission(tokenID, pid, permissionName);
160 }
161
RemovePermissionUsedRecords(AccessTokenID tokenID)162 int32_t PrivacyKit::RemovePermissionUsedRecords(AccessTokenID tokenID)
163 {
164 if (!DataValidator::IsTokenIDValid(tokenID)) {
165 return PrivacyError::ERR_PARAM_INVALID;
166 }
167 if (!DataValidator::IsHapCaller(tokenID)) {
168 return PrivacyError::ERR_PARAM_INVALID;
169 }
170 return PrivacyManagerClient::GetInstance().RemovePermissionUsedRecords(tokenID);
171 }
172
IsPermissionFlagValid(const PermissionUsedRequest & request)173 static bool IsPermissionFlagValid(const PermissionUsedRequest& request)
174 {
175 int64_t begin = request.beginTimeMillis;
176 int64_t end = request.endTimeMillis;
177 if ((begin < 0) || (end < 0) || (begin > end)) {
178 return false;
179 }
180 return DataValidator::IsPermissionUsedFlagValid(request.flag);
181 }
182
GetPermissionUsedRecords(const PermissionUsedRequest & request,PermissionUsedResult & result)183 int32_t PrivacyKit::GetPermissionUsedRecords(const PermissionUsedRequest& request, PermissionUsedResult& result)
184 {
185 if (!IsPermissionFlagValid(request)) {
186 return PrivacyError::ERR_PARAM_INVALID;
187 }
188 return PrivacyManagerClient::GetInstance().GetPermissionUsedRecords(request, result);
189 }
190
GetPermissionUsedRecords(const PermissionUsedRequest & request,const sptr<OnPermissionUsedRecordCallback> & callback)191 int32_t PrivacyKit::GetPermissionUsedRecords(
192 const PermissionUsedRequest& request, const sptr<OnPermissionUsedRecordCallback>& callback)
193 {
194 if (!IsPermissionFlagValid(request)) {
195 return PrivacyError::ERR_PARAM_INVALID;
196 }
197 return PrivacyManagerClient::GetInstance().GetPermissionUsedRecords(request, callback);
198 }
199
RegisterPermActiveStatusCallback(const std::shared_ptr<PermActiveStatusCustomizedCbk> & callback)200 int32_t PrivacyKit::RegisterPermActiveStatusCallback(const std::shared_ptr<PermActiveStatusCustomizedCbk>& callback)
201 {
202 return PrivacyManagerClient::GetInstance().RegisterPermActiveStatusCallback(callback);
203 }
204
UnRegisterPermActiveStatusCallback(const std::shared_ptr<PermActiveStatusCustomizedCbk> & callback)205 int32_t PrivacyKit::UnRegisterPermActiveStatusCallback(const std::shared_ptr<PermActiveStatusCustomizedCbk>& callback)
206 {
207 return PrivacyManagerClient::GetInstance().UnRegisterPermActiveStatusCallback(callback);
208 }
209
IsAllowedUsingPermission(AccessTokenID tokenID,const std::string & permissionName,int32_t pid)210 bool PrivacyKit::IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid)
211 {
212 if (!DataValidator::IsTokenIDValid(tokenID) && !DataValidator::IsPermissionNameValid(permissionName)) {
213 return false;
214 }
215 return PrivacyManagerClient::GetInstance().IsAllowedUsingPermission(tokenID, permissionName, pid);
216 }
217
218 #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE
RegisterSecCompEnhance(const SecCompEnhanceData & enhance)219 int32_t PrivacyKit::RegisterSecCompEnhance(const SecCompEnhanceData& enhance)
220 {
221 return PrivacyManagerClient::GetInstance().RegisterSecCompEnhance(enhance);
222 }
223
UpdateSecCompEnhance(int32_t pid,uint32_t seqNum)224 int32_t PrivacyKit::UpdateSecCompEnhance(int32_t pid, uint32_t seqNum)
225 {
226 return PrivacyManagerClient::GetInstance().UpdateSecCompEnhance(pid, seqNum);
227 }
228
GetSecCompEnhance(int32_t pid,SecCompEnhanceData & enhance)229 int32_t PrivacyKit::GetSecCompEnhance(int32_t pid, SecCompEnhanceData& enhance)
230 {
231 return PrivacyManagerClient::GetInstance().GetSecCompEnhance(pid, enhance);
232 }
233
GetSpecialSecCompEnhance(const std::string & bundleName,std::vector<SecCompEnhanceData> & enhanceList)234 int32_t PrivacyKit::GetSpecialSecCompEnhance(const std::string& bundleName,
235 std::vector<SecCompEnhanceData>& enhanceList)
236 {
237 return PrivacyManagerClient::GetInstance().
238 GetSpecialSecCompEnhance(bundleName, enhanceList);
239 }
240 #endif
241
GetPermissionUsedTypeInfos(const AccessTokenID tokenId,const std::string & permissionName,std::vector<PermissionUsedTypeInfo> & results)242 int32_t PrivacyKit::GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName,
243 std::vector<PermissionUsedTypeInfo>& results)
244 {
245 if (permissionName.empty()) {
246 return PrivacyManagerClient::GetInstance().GetPermissionUsedTypeInfos(tokenId, permissionName, results);
247 }
248
249 if (!DataValidator::IsPermissionNameValid(permissionName)) {
250 return PrivacyError::ERR_PARAM_INVALID;
251 }
252 return PrivacyManagerClient::GetInstance().GetPermissionUsedTypeInfos(tokenId, permissionName, results);
253 }
254
SetMutePolicy(uint32_t policyType,uint32_t callerType,bool isMute,AccessTokenID tokenID)255 int32_t PrivacyKit::SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute, AccessTokenID tokenID)
256 {
257 if (!DataValidator::IsPolicyTypeValid(policyType) ||
258 !DataValidator::IsCallerTypeValid(callerType) ||
259 (tokenID == 0)) {
260 return PrivacyError::ERR_PARAM_INVALID;
261 }
262 return PrivacyManagerClient::GetInstance().SetMutePolicy(policyType, callerType, isMute, tokenID);
263 }
264
SetHapWithFGReminder(uint32_t tokenId,bool isAllowed)265 int32_t PrivacyKit::SetHapWithFGReminder(uint32_t tokenId, bool isAllowed)
266 {
267 if (!DataValidator::IsTokenIDValid(tokenId)) {
268 return PrivacyError::ERR_PARAM_INVALID;
269 }
270 return PrivacyManagerClient::GetInstance().SetHapWithFGReminder(tokenId, isAllowed);
271 }
272 } // namespace AccessToken
273 } // namespace Security
274 } // namespace OHOS
275