• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef OHOS_ABILITY_RUNTIME_URI_PERMISSION_MANAGER_STUB_IMPL_H
17 #define OHOS_ABILITY_RUNTIME_URI_PERMISSION_MANAGER_STUB_IMPL_H
18 
19 #include <functional>
20 #include <map>
21 #include <vector>
22 #include <unordered_set>
23 #include "app_mgr_interface.h"
24 #include "batch_uri.h"
25 #include "istorage_manager.h"
26 #include "tokenid_permission.h"
27 #include "uri.h"
28 #include "uri_permission_manager_stub.h"
29 
30 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
31 #include "policy_info.h"
32 #else
33 #include "upms_policy_info.h"
34 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
35 
36 namespace OHOS::AAFwk {
37 namespace {
38 using ClearProxyCallback = std::function<void(const wptr<IRemoteObject>&)>;
39 using TokenId = Security::AccessToken::AccessTokenID;
40 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
41 using namespace AccessControl::SandboxManager;
42 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
43 }
44 
45 struct GrantInfo {
46     unsigned int flag;
47     const uint32_t fromTokenId;
48     const uint32_t targetTokenId;
49 };
50 
51 struct GrantPolicyInfo {
52     const uint32_t callerTokenId;
53     const uint32_t targetTokenId;
EqualGrantPolicyInfo54     bool Equal(uint32_t cTokenId, uint32_t tTokenId)
55     {
56         return callerTokenId == cTokenId && targetTokenId == tTokenId;
57     }
58 };
59 
60 class UriPermissionManagerStubImpl : public UriPermissionManagerStub,
61                                      public std::enable_shared_from_this<UriPermissionManagerStubImpl> {
62 public:
63     UriPermissionManagerStubImpl() = default;
64     virtual ~UriPermissionManagerStubImpl() = default;
65 
66     /*
67     * not support local media file uri.
68     */
69     bool VerifyUriPermission(const Uri &uri, uint32_t flag, uint32_t tokenId) override;
70 
71     /*
72     * only support local file uri, not support distribute docs and content uri.
73     */
74     int GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName,
75         int32_t appIndex = 0, uint32_t initiatorTokenId = 0) override;
76 
77     /*
78     * only support local file uri, not support distribute docs and content uri.
79     */
80     int GrantUriPermission(const std::vector<Uri> &uriVec, unsigned int flag,
81         const std::string targetBundleName, int32_t appIndex = 0, uint32_t initiatorTokenId = 0) override;
82 
83     /*
84     * only support local file uri, not support distribute docs and content uri.
85     */
86     int32_t GrantUriPermissionPrivileged(const std::vector<Uri> &uriVec, uint32_t flag,
87         const std::string &targetBundleName, int32_t appIndex, uint32_t initiatorTokenId,
88         int32_t hideSensitiveType) override;
89 
90     /*
91     * only support local file uri, not support distribute docs and content uri.
92     */
93     std::vector<bool> CheckUriAuthorization(const std::vector<std::string> &uriVec, uint32_t flag,
94         uint32_t tokenId) override;
95 
96     int RevokeAllUriPermissions(uint32_t tokenId) override;
97 
98     int RevokeUriPermissionManually(const Uri &uri, const std::string bundleName,
99         int32_t appIndex = 0) override;
100 
101 private:
102     template<typename T>
103     void ConnectManager(sptr<T> &mgr, int32_t serviceId);
104 
105     std::vector<bool> VerifyUriPermissionByMap(std::vector<Uri> &uriVec, uint32_t flag, uint32_t tokenId);
106 
107     bool VerifySingleUriPermissionByMap(const std::string &uri, uint32_t flag, uint32_t tokenId);
108 
109     int32_t AddTempUriPermission(const std::string &uri, uint32_t flag, TokenId fromTokenId, TokenId targetTokenId);
110 
111     int32_t GrantUriPermissionInner(const std::vector<Uri> &uriVec, uint32_t flag,
112         uint32_t callerTokenId, uint32_t targetTokenId, const std::string &targetBundleName);
113 
114     int32_t GrantUriPermissionPrivilegedInner(const std::vector<Uri> &uriVec, uint32_t flag, uint32_t callerTokenId,
115         uint32_t targetTokenId, const std::string &targetAlterBundleName, int32_t hideSensitiveType);
116 
117     int32_t GrantBatchMediaUriPermissionImpl(const std::vector<std::string> &mediaUris, uint32_t flag,
118         uint32_t callerTokenId, uint32_t targetTokenId, int32_t hideSensitiveType);
119 
120     int32_t GrantBatchUriPermissionImpl(const std::vector<std::string> &uriVec,
121         uint32_t flag, TokenId callerTokenId, TokenId targetTokenId);
122 
123     std::vector<bool> CheckUriPermission(TokenIdPermission &tokenIdPermission, const std::vector<Uri> &uriVec,
124         uint32_t flag);
125 
126     void CheckProxyUriPermission(TokenIdPermission &tokenIdPermission, const std::vector<Uri> &uriVec, uint32_t flag,
127         std::vector<bool> &result);
128 
129     void RevokeMapUriPermission(uint32_t tokenId);
130 
131     int32_t RevokeAllMapUriPermissions(uint32_t tokenId);
132 
133     int32_t RevokeUriPermissionManuallyInner(Uri &uri, uint32_t targetTokenId);
134 
135     int32_t RevokeMapUriPermissionManually(uint32_t callerTokenId, uint32_t targetTokenId, Uri &uri);
136 
137     int32_t DeleteShareFile(uint32_t targetTokenId, const std::vector<std::string> &uriVec);
138 
139     int32_t RevokeMediaUriPermissionManually(uint32_t callerTokenId, uint32_t targetTokenId, Uri &uri);
140 
141     int32_t CheckCalledBySandBox();
142 
143     bool VerifySubDirUriPermission(const std::string &uriStr, uint32_t newFlag, uint32_t tokenId);
144 
145     bool IsDistributedSubDirUri(const std::string &inputUri, const std::string &cachedUri);
146 
147     int32_t ClearPermissionTokenByMap(const uint32_t tokenId) override;
148 
149 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
150     int32_t Active(const std::vector<PolicyInfo> &policy, std::vector<uint32_t> &result) override;
151 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
152 
153     class ProxyDeathRecipient : public IRemoteObject::DeathRecipient {
154     public:
ProxyDeathRecipient(ClearProxyCallback && proxy)155         explicit ProxyDeathRecipient(ClearProxyCallback&& proxy) : proxy_(proxy) {}
156         ~ProxyDeathRecipient() = default;
157         virtual void OnRemoteDied([[maybe_unused]] const wptr<IRemoteObject>& remote) override;
158 
159     private:
160         ClearProxyCallback proxy_;
161     };
162 
163 private:
164     std::map<std::string, std::list<GrantInfo>> uriMap_;
165     std::mutex mutex_;
166     std::mutex mgrMutex_;
167     sptr<AppExecFwk::IAppMgr> appMgr_ = nullptr;
168     sptr<StorageManager::IStorageManager> storageManager_ = nullptr;
169     std::set<uint32_t> permissionTokenMap_;
170     std::mutex ptMapMutex_;
171 };
172 }  // namespace OHOS::AAFwk
173 #endif  // OHOS_ABILITY_RUNTIME_URI_PERMISSION_MANAGER_STUB_IMPL_H
174