1 /* 2 * Copyright (c) 2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef FOUNDATION_APPEXECFWK_SERVICES_BUNDLEMGR_TEST_ACCESS_TOKEN_H 17 #define FOUNDATION_APPEXECFWK_SERVICES_BUNDLEMGR_TEST_ACCESS_TOKEN_H 18 19 #include <vector> 20 #include <string> 21 #include <map> 22 23 namespace OHOS { 24 namespace Security { 25 namespace AccessToken { 26 typedef unsigned int AccessTokenID; 27 typedef unsigned int AccessTokenAttr; 28 static const int DEFAULT_TOKEN_VERSION = 1; 29 static const int FIRSTCALLER_TOKENID_DEFAULT = 0; 30 static AccessTokenID INVALID_TOKENID = 0; 31 32 enum AccessTokenKitRet { 33 RET_FAILED = -1, 34 RET_SUCCESS = 0, 35 }; 36 37 typedef struct { 38 unsigned int tokenUniqueID : 24; 39 unsigned int res : 3; 40 unsigned int type : 2; 41 unsigned int version : 3; 42 } AccessTokenIDInner; 43 44 typedef enum TypeATokenTypeEnum { 45 TOKEN_INVALID = -1, 46 TOKEN_HAP = 0, 47 TOKEN_NATIVE, 48 TOKEN_SHELL, 49 } ATokenTypeEnum; 50 51 typedef enum TypeATokenAplEnum { 52 APL_NORMAL = 1, 53 APL_SYSTEM_BASIC = 2, 54 APL_SYSTEM_CORE = 3, 55 } ATokenAplEnum; 56 57 typedef union { 58 unsigned long long tokenIDEx; 59 struct { 60 AccessTokenID tokenID; 61 AccessTokenAttr tokenAttr; 62 } tokenIdExStruct; 63 } AccessTokenIDEx; 64 65 typedef enum TypePermissionState { 66 PERMISSION_DENIED = -1, 67 PERMISSION_GRANTED = 0, 68 } PermissionState; 69 70 typedef enum TypeGrantMode { 71 USER_GRANT = 0, 72 SYSTEM_GRANT = 1, 73 } GrantMode; 74 75 typedef enum TypeATokenAvailableTypeEnum { 76 INVALID = 0, 77 NORMAL = 1, 78 MDM = 2, 79 } ATokenAvailableTypeEnum; 80 81 typedef enum TypePermissionFlag { 82 PERMISSION_DEFAULT_FLAG = 0, 83 PERMISSION_USER_SET = 1 << 0, 84 PERMISSION_USER_FIXED = 1 << 1, 85 PERMISSION_SYSTEM_FIXED = 1 << 2, 86 PERMISSION_GRANTED_BY_POLICY = 1 << 3, 87 } PermissionFlag; 88 89 class NativeTokenInfo final { 90 public: 91 ATokenTypeEnum apl; 92 std::string processName; 93 std::vector<std::string> dcap; 94 AccessTokenID tokenID; 95 AccessTokenAttr tokenAttr; 96 std::vector<std::string> nativeAcls; 97 }; 98 99 class PermissionDef final { 100 public: 101 std::string permissionName; 102 std::string bundleName; 103 int grantMode; 104 TypeATokenAplEnum availableLevel; 105 bool provisionEnable; 106 bool distributedSceneEnable; 107 bool isKernelEffect = false; 108 bool hasValue = false; 109 std::string label; 110 int labelId; 111 std::string description; 112 int descriptionId; 113 ATokenAvailableTypeEnum availableType = ATokenAvailableTypeEnum::NORMAL; 114 }; 115 116 class PermissionStateFull final { 117 public: 118 std::string permissionName; 119 bool isGeneral; 120 std::vector<std::string> resDeviceID; 121 std::vector<int> grantStatus; 122 std::vector<int> grantFlags; 123 }; 124 125 class HapInfoParams final { 126 public: 127 int userID; 128 std::string bundleName; 129 /** instance index */ 130 int instIndex; 131 /** 132 * dlp type, for details about the valid values, 133 * see the definition of HapDlpType in the access_token.h file. 134 */ 135 int dlpType; 136 std::string appIDDesc; 137 /** which version of the SDK is used to develop the hap */ 138 int32_t apiVersion; 139 /** indicates whether the hap is a system app */ 140 bool isSystemApp; 141 /* app type */ 142 std::string appDistributionType; 143 bool isRestore = false; 144 AccessTokenID tokenID = INVALID_TOKENID; 145 }; 146 147 /** 148 * @brief Declares hap info params class 149 */ 150 class UpdateHapInfoParams final { 151 public: 152 std::string appIDDesc; 153 /** which version of the SDK is used to develop the hap */ 154 int32_t apiVersion; 155 /** indicates whether the hap is a system app */ 156 bool isSystemApp; 157 /* app type */ 158 std::string appDistributionType; 159 }; 160 161 class PreAuthorizationInfo final { 162 public: 163 std::string permissionName; 164 /** Whether the pre-authorization is non-cancelable */ 165 bool userCancelable = false; 166 }; 167 168 /** 169 * @brief Whether acl check 170 */ 171 typedef enum HapPolicyCheckIgnoreType { 172 /** normal */ 173 None = 0, 174 /** ignore acl check */ 175 ACL_IGNORE_CHECK, 176 } HapPolicyCheckIgnore; 177 178 class HapPolicyParams final { 179 public: 180 /** 181 * apl level, for details about the valid values, 182 * see the definition of ATokenAplEnum in the access_token.h file. 183 */ 184 ATokenAplEnum apl; 185 std::string domain; 186 std::vector<PermissionDef> permList; 187 std::vector<PermissionStateFull> permStateList; 188 std::vector<std::string> aclRequestedList; 189 std::vector<PreAuthorizationInfo> preAuthorizationInfo; 190 HapPolicyCheckIgnore checkIgnore = HapPolicyCheckIgnore::None; 191 std::map<std::string, std::string> aclExtendedMap; 192 }; 193 194 /** 195 * @brief PermssionRule 196 */ 197 typedef enum TypePermissionRulesEnum { 198 PERMISSION_EDM_RULE = 0, 199 PERMISSION_ACL_RULE 200 } PermissionRulesEnum; 201 } // namespace AccessToken 202 } // namespace Security 203 } // namespace OHOS 204 #endif // FOUNDATION_APPEXECFWK_SERVICES_BUNDLEMGR_TEST_ACCESS_TOKEN_H