1 /* 2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef PERMISSION_MANAGER_H 17 #define PERMISSION_MANAGER_H 18 19 #include <mutex> 20 #include <vector> 21 #include <string> 22 23 #include "ability_manager_access_loader.h" 24 #include "access_token.h" 25 #include "hap_token_info_inner.h" 26 #include "iremote_broker.h" 27 #include "libraryloader.h" 28 #include "permission_def.h" 29 #include "permission_grant_event.h" 30 #include "permission_list_state.h" 31 #include "permission_list_state_parcel.h" 32 #include "permission_state_change_info.h" 33 #include "permission_status.h" 34 #include "temp_permission_observer.h" 35 36 #include "rwlock.h" 37 #include "nocopyable.h" 38 39 namespace OHOS { 40 namespace Security { 41 namespace AccessToken { 42 constexpr const char* VAGUE_LOCATION_PERMISSION_NAME = "ohos.permission.APPROXIMATELY_LOCATION"; 43 constexpr const char* ACCURATE_LOCATION_PERMISSION_NAME = "ohos.permission.LOCATION"; 44 constexpr const char* BACKGROUND_LOCATION_PERMISSION_NAME = "ohos.permission.LOCATION_IN_BACKGROUND"; 45 const int32_t ACCURATE_LOCATION_API_VERSION = 9; 46 const int32_t BACKGROUND_LOCATION_API_VERSION = 11; 47 const uint32_t PERMISSION_NOT_REQUSET = -1; 48 struct LocationIndex { 49 uint32_t vagueIndex = PERMISSION_NOT_REQUSET; 50 uint32_t accurateIndex = PERMISSION_NOT_REQUSET; 51 uint32_t backIndex = PERMISSION_NOT_REQUSET; 52 }; 53 class PermissionManager { 54 public: 55 static PermissionManager& GetInstance(); 56 PermissionManager(); 57 virtual ~PermissionManager(); 58 59 void RegisterApplicationCallback(); 60 void RegisterAppManagerDeathCallback(); 61 int VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName); 62 PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); 63 int GetReqPermissions( 64 AccessTokenID tokenID, std::vector<PermissionStatus>& reqPermList, bool isSystemGrant); 65 int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag); 66 int32_t RequestAppPermOnSetting(const HapTokenInfo& hapInfo, 67 const std::string& bundleName, const std::string& abilityName); 68 int32_t CheckAndUpdatePermission(AccessTokenID tokenID, const std::string& permissionName, 69 bool isGranted, uint32_t flag); 70 int32_t UpdatePermission(AccessTokenID tokenID, const std::string& permissionName, 71 bool isGranted, uint32_t flag, bool needKill); 72 int32_t GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag); 73 int32_t RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag); 74 int32_t GrantPermissionForSpecifiedTime( 75 AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime); 76 void GetSelfPermissionState(const std::vector<PermissionStatus>& permsList, 77 PermissionListState& permState, int32_t apiVersion); 78 int32_t AddPermStateChangeCallback( 79 const PermStateChangeScope& scope, const sptr<IRemoteObject>& callback); 80 int32_t RemovePermStateChangeCallback(const sptr<IRemoteObject>& callback); 81 bool GetApiVersionByTokenId(AccessTokenID tokenID, int32_t& apiVersion); 82 bool LocationPermissionSpecialHandle(AccessTokenID tokenID, std::vector<PermissionListStateParcel>& reqPermList, 83 std::vector<PermissionStatus>& permsList, int32_t apiVersion); 84 void NotifyPermGrantStoreResult(bool result, uint64_t timestamp); 85 void ParamUpdate(const std::string& permissionName, uint32_t flag, bool filtered); 86 void NotifyWhenPermissionStateUpdated(AccessTokenID tokenID, const std::string& permissionName, 87 bool isGranted, uint32_t flag, const std::shared_ptr<HapTokenInfoInner>& infoPtr); 88 void AddNativePermToKernel( 89 AccessTokenID tokenID, const std::vector<uint32_t>& opCodeList, const std::vector<bool>& statusList); 90 void AddHapPermToKernel(AccessTokenID tokenID, const std::vector<std::string>& permList); 91 void RemovePermFromKernel(AccessTokenID tokenID); 92 void SetPermToKernel(AccessTokenID tokenID, const std::string& permissionName, bool isGranted); 93 bool InitPermissionList(const std::string& appDistributionType, const HapPolicy& policy, 94 std::vector<PermissionStatus>& initializedList, HapInfoCheckResult& result); 95 bool InitDlpPermissionList(const std::string& bundleName, int32_t userId, 96 std::vector<PermissionStatus>& initializedList); 97 void GetStateOrFlagChangedList(std::vector<PermissionStatus>& stateListBefore, 98 std::vector<PermissionStatus>& stateListAfter, std::vector<PermissionStatus>& stateChangeList); 99 void NotifyUpdatedPermList(const std::vector<std::string>& grantedPermListBefore, 100 const std::vector<std::string>& grantedPermListAfter, AccessTokenID tokenID); 101 102 protected: 103 static void RegisterImpl(PermissionManager* implInstance); 104 private: 105 void ScopeToString( 106 const std::vector<AccessTokenID>& tokenIDs, const std::vector<std::string>& permList); 107 int32_t ScopeFilter(const PermStateChangeScope& scopeSrc, PermStateChangeScope& scopeRes); 108 int32_t UpdateTokenPermissionState( 109 AccessTokenID id, const std::string& permission, bool isGranted, uint32_t flag, bool needKill); 110 int32_t UpdateTokenPermissionStateCheck(const std::shared_ptr<HapTokenInfoInner>& infoPtr, 111 AccessTokenID id, const std::string& permission, bool isGranted, uint32_t flag); 112 bool IsPermissionVaild(const std::string& permissionName); 113 bool GetLocationPermissionIndex(std::vector<PermissionListStateParcel>& reqPermList, LocationIndex& locationIndex); 114 bool GetLocationPermissionState(AccessTokenID tokenID, std::vector<PermissionListStateParcel>& reqPermList, 115 std::vector<PermissionStatus>& permsList, int32_t apiVersion, const LocationIndex& locationIndex); 116 bool IsPermissionStateOrFlagMatched(const PermissionStatus& stata1, const PermissionStatus& stata2); 117 AbilityManagerAccessLoaderInterface* GetAbilityManager(); 118 119 PermissionGrantEvent grantEvent_; 120 static std::recursive_mutex mutex_; 121 static PermissionManager* implInstance_; 122 123 OHOS::Utils::RWLock permParamSetLock_; 124 uint64_t paramValue_ = 0; 125 126 OHOS::Utils::RWLock permToggleStateLock_; 127 DISALLOW_COPY_AND_MOVE(PermissionManager); 128 129 std::mutex abilityManagerMutex_; 130 std::shared_ptr<LibraryLoader> abilityManagerLoader_; 131 }; 132 } // namespace AccessToken 133 } // namespace Security 134 } // namespace OHOS 135 #endif // PERMISSION_MANAGER_H 136