• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2021-2025 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef ACCESSTOKEN_TOKEN_INFO_MANAGER_H
17 #define ACCESSTOKEN_TOKEN_INFO_MANAGER_H
18 
19 #include <algorithm>
20 #include <atomic>
21 #include <map>
22 #include <memory>
23 #include <unordered_set>
24 #include <vector>
25 
26 #include "access_token_db.h"
27 #include "access_token.h"
28 #include "atm_tools_param_info.h"
29 #ifdef TOKEN_SYNC_ENABLE
30 #include "device_manager.h"
31 #endif
32 #include "hap_token_info.h"
33 #include "hap_token_info_inner.h"
34 #include "native_token_info_base.h"
35 
36 namespace OHOS {
37 namespace Security {
38 namespace AccessToken {
39 #ifdef TOKEN_SYNC_ENABLE
40 class AccessTokenDmInitCallback final : public DistributedHardware::DmInitCallback {
OnRemoteDied()41     void OnRemoteDied() override
42     {}
43 };
44 #endif
45 
46 class AccessTokenInfoManager final {
47 public:
48     static AccessTokenInfoManager& GetInstance();
49     ~AccessTokenInfoManager();
50     void Init(uint32_t& hapSize, uint32_t& nativeSize, uint32_t& pefDefSize, uint32_t& dlpSize,
51         std::map<int32_t, TokenIdInfo>& tokenIdAplMap);
52     void InitNativeTokenInfos(const std::vector<NativeTokenInfoBase>& tokenInfos);
53     int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set<AccessTokenID>& tokenIdList);
54     std::shared_ptr<HapTokenInfoInner> GetHapTokenInfoInner(AccessTokenID id);
55     int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& infoParcel);
56     int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoBase& info);
57     int AllocAccessTokenIDEx(const HapInfoParams& info, AccessTokenID tokenId, AccessTokenIDEx& tokenIdEx);
58     int RemoveHapTokenInfo(AccessTokenID id);
59     int RemoveNativeTokenInfo(AccessTokenID id);
60     int32_t GetHapAppIdByTokenId(AccessTokenID tokenID, std::string& appId);
61     int CreateHapTokenInfo(const HapInfoParams& info, const HapPolicy& policy, AccessTokenIDEx& tokenIdEx,
62         std::vector<GenericValues>& undefValues);
63     AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex);
64     AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID);
65     int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info,
66         const std::vector<PermissionStatus>& permStateList, const HapPolicy& hapPolicy,
67         std::vector<GenericValues>& undefValues);
68     void DumpTokenInfo(const AtmToolsParamInfo& info, std::string& dumpInfo);
69     bool IsTokenIdExist(AccessTokenID id);
70     AccessTokenID GetNativeTokenId(const std::string& processName);
71     void GetRelatedSandBoxHapList(AccessTokenID tokenId, std::vector<AccessTokenID>& tokenIdList);
72     int32_t GetHapTokenDlpType(AccessTokenID id);
73     int32_t SetPermDialogCap(AccessTokenID tokenID, bool enable);
74     int32_t InitUserPolicy(const std::vector<UserState>& userList, const std::vector<std::string>& permList);
75     int32_t UpdateUserPolicy(const std::vector<UserState>& userList);
76     int32_t ClearUserPolicy();
77     bool GetPermDialogCap(AccessTokenID tokenID);
78     void ClearUserGrantedPermissionState(AccessTokenID tokenID);
79     int32_t ClearUserGrantedPermission(AccessTokenID tokenID);
80     bool IsPermissionRestrictedByUserPolicy(AccessTokenID id, const std::string& permissionName);
81     int32_t VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName);
82     int32_t VerifyNativeAccessToken(AccessTokenID tokenID, const std::string& permissionName);
83 
84 #ifdef TOKEN_SYNC_ENABLE
85     /* tokensync needed */
86     void InitDmCallback(void);
87     int GetHapTokenSync(AccessTokenID tokenID, HapTokenInfoForSync& hapSync);
88     int GetHapTokenInfoFromRemote(AccessTokenID tokenID,
89         HapTokenInfoForSync& hapSync);
90     int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSync& hapSync);
91     bool IsRemoteHapTokenValid(const std::string& deviceID, const HapTokenInfoForSync& hapSync);
92     int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID);
93     AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID);
94     int DeleteRemoteDeviceTokens(const std::string& deviceID);
95 #endif
96 
97     bool UpdateCapStateToDatabase(AccessTokenID tokenID, bool enable);
98     int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, int32_t userID);
99     int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, int32_t userID);
100     int32_t GetKernelPermissions(AccessTokenID tokenId, std::vector<PermissionWithValue>& kernelPermList);
101     int32_t GetReqPermissionByName(AccessTokenID tokenId, const std::string& permissionName, std::string& value);
102 
103 private:
104     AccessTokenInfoManager();
105     DISALLOW_COPY_AND_MOVE(AccessTokenInfoManager);
106 
107     int32_t AddHapInfoToCache(const GenericValues& tokenValue, const std::vector<GenericValues>& permStateRes,
108         const std::vector<GenericValues>& extendedPermRes);
109     void InitHapTokenInfos(uint32_t& hapSize, std::map<int32_t, TokenIdInfo>& tokenIdAplMap);
110     void ReportAddHapIdChange(const std::shared_ptr<HapTokenInfoInner>& hapInfo, AccessTokenID oriTokenId);
111     int AddHapTokenInfo(const std::shared_ptr<HapTokenInfoInner>& info, AccessTokenID& oriTokenId);
112     std::string GetHapUniqueStr(const std::shared_ptr<HapTokenInfoInner>& info) const;
113     std::string GetHapUniqueStr(const int& userID, const std::string& bundleName, const int& instIndex) const;
114     int32_t RegisterTokenId(const HapInfoParams& info, AccessTokenID& tokenId);
115     void GenerateAddInfoToVec(AtmDataType type, const std::vector<GenericValues>& addValues,
116         std::vector<AddInfo>& addInfoVec);
117     void GenerateDelInfoToVec(AtmDataType type, const GenericValues& delValue,
118         std::vector<DelInfo>& delInfoVec);
119     void AddTokenIdToUndefValues(AccessTokenID tokenId, std::vector<GenericValues>& undefValues);
120     int AddHapTokenInfoToDb(const std::shared_ptr<HapTokenInfoInner>& hapInfo, const std::string& appId,
121         const HapPolicy& policy, bool isUpdate, const std::vector<GenericValues>& undefValues);
122     int RemoveHapTokenInfoFromDb(const std::shared_ptr<HapTokenInfoInner>& info);
123     int CreateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync);
124     int UpdateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync);
125     void PermissionStateNotify(const std::shared_ptr<HapTokenInfoInner>& info, AccessTokenID id);
126     void DumpHapTokenInfoByTokenId(const AccessTokenID tokenId, std::string& dumpInfo);
127     void DumpHapTokenInfoByBundleName(const std::string& bundleName, std::string& dumpInfo);
128     void DumpAllHapTokenname(std::string& dumpInfo);
129     void DumpNativeTokenInfoByProcessName(const std::string& processName, std::string& dumpInfo);
130     void DumpAllNativeTokenName(std::string& dumpInfo);
131     int32_t ParseUserPolicyInfo(const std::vector<UserState>& userList,
132         const std::vector<std::string>& permList, std::map<int32_t, bool>& changedUserList);
133     int32_t ParseUserPolicyInfo(const std::vector<UserState>& userList,
134         std::map<int32_t, bool>& changedUserList);
135     int32_t UpdatePermissionStateToKernel(const std::vector<std::string>& permCodeList,
136         const std::map<AccessTokenID, bool>& tokenIdList);
137     int32_t UpdatePermissionStateToKernel(const std::map<AccessTokenID, bool>& tokenIdList);
138     void GetGoalHapList(std::map<AccessTokenID, bool>& tokenIdList,
139         std::map<int32_t, bool>& changedUserList);
140     int32_t AddPermRequestToggleStatusToDb(int32_t userID, const std::string& permissionName, int32_t status);
141     int32_t FindPermRequestToggleStatusFromDb(int32_t userID, const std::string& permissionName);
142     void GetNativePermissionList(const NativeTokenInfoBase& native,
143         std::vector<uint32_t>& opCodeList, std::vector<bool>& statusList);
144     std::string NativeTokenToString(AccessTokenID tokenID);
145     int32_t CheckHapInfoParam(const HapInfoParams& info, const HapPolicy& policy);
146     void UpdateHapToKernel(AccessTokenID tokenID, int32_t userId);
147     std::shared_ptr<HapTokenInfoInner> GetHapTokenInfoInnerFromDb(AccessTokenID id);
148     bool hasInited_;
149 
150     OHOS::Utils::RWLock hapTokenInfoLock_;
151     OHOS::Utils::RWLock nativeTokenInfoLock_;
152     OHOS::Utils::RWLock managerLock_;
153     OHOS::Utils::RWLock modifyLock_;
154 
155     std::map<int, std::shared_ptr<HapTokenInfoInner>> hapTokenInfoMap_;
156     std::map<std::string, AccessTokenID> hapTokenIdMap_;
157     std::map<uint32_t, NativeTokenInfoCache> nativeTokenInfoMap_;
158 
159     OHOS::Utils::RWLock userPolicyLock_;
160     std::vector<int32_t> inactiveUserList_;
161     std::vector<std::string> permPolicyList_;
162 };
163 } // namespace AccessToken
164 } // namespace Security
165 } // namespace OHOS
166 #endif // ACCESSTOKEN_TOKEN_INFO_MANAGER_H
167