1 /* 2 * Copyright (c) 2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 17 #ifndef PERMISSION_DATA_BRIEF_H 18 #define PERMISSION_DATA_BRIEF_H 19 20 #include <list> 21 #include <memory> 22 #include <mutex> 23 #include <map> 24 #include <string> 25 #include <vector> 26 #include "access_token.h" 27 #include "permission_status.h" 28 #include "generic_values.h" 29 #include "hap_token_info.h" 30 31 #include "rwlock.h" 32 33 namespace OHOS { 34 namespace Security { 35 namespace AccessToken { 36 37 typedef struct { 38 int8_t status; 39 uint8_t type; // KERNEL_EFFECT_FLAG = 0x1 << 0 HAS_VALUE_FLAG = 0x1 << 1 40 uint16_t permCode; 41 uint32_t flag; 42 } BriefPermData; 43 44 typedef struct { 45 uint16_t permCode; 46 uint16_t reserved; 47 uint32_t tokenId; 48 } BriefSecCompData; 49 50 class PermissionDataBrief final { 51 public: 52 static PermissionDataBrief& GetInstance(); 53 virtual ~PermissionDataBrief() = default; 54 55 int32_t DeleteBriefPermDataByTokenId(AccessTokenID tokenID); 56 int32_t AddBriefPermData(AccessTokenID tokenID, const std::string& permissionName, PermissionState grantStatus, 57 PermissionFlag grantFlag, const std::string& value); 58 int32_t GetBriefPermDataByTokenId(AccessTokenID tokenID, std::vector<BriefPermData>& data); 59 void ToString(std::string& info); 60 PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, int32_t opCode); 61 bool IsPermissionGrantedWithSecComp(AccessTokenID tokenID, const std::string& permissionName); 62 int32_t VerifyPermissionStatus(AccessTokenID tokenID, const std::string& permission); 63 int32_t QueryPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag); 64 void ClearAllSecCompGrantedPerm(); 65 void GetGrantedPermByTokenId(AccessTokenID tokenID, 66 const std::vector<std::string>& constrainedList, std::vector<std::string>& permissionList); 67 void GetPermStatusListByTokenId(AccessTokenID tokenID, 68 const std::vector<uint32_t> constrainedList, std::vector<uint32_t>& opCodeList, std::vector<bool>& statusList); 69 int32_t RefreshPermStateToKernel(const std::vector<std::string>& constrainedList, 70 bool hapUserIsActive, AccessTokenID tokenId, std::map<std::string, bool>& refreshedPermList); 71 void AddPermToBriefPermission( 72 AccessTokenID tokenId, const std::vector<PermissionStatus>& permStateList, bool defCheck); 73 void AddPermToBriefPermission( 74 AccessTokenID tokenId, const std::vector<PermissionStatus>& permStateList, 75 const std::map<std::string, std::string>& aclExtendedMap, bool defCheck); 76 void Update( 77 AccessTokenID tokenId, const std::vector<PermissionStatus>& permStateList, 78 const std::map<std::string, std::string>& aclExtendedMap); 79 void RestorePermissionBriefData(AccessTokenID tokenId, 80 const std::vector<GenericValues>& permStateRes, const std::vector<GenericValues> extendedPermRes); 81 int32_t StorePermissionBriefData(AccessTokenID tokenId, std::vector<GenericValues>& permStateValueList); 82 int32_t UpdatePermissionStatus(AccessTokenID tokenId, 83 const std::string& permissionName, bool isGranted, uint32_t flag, bool& statusChanged); 84 int32_t ResetUserGrantPermissionStatus(AccessTokenID tokenID); 85 int32_t GetKernelPermissions(AccessTokenID tokenId, std::vector<PermissionWithValue>& kernelPermList); 86 int32_t GetReqPermissionByName( 87 AccessTokenID tokenId, const std::string& permissionName, std::string& value, bool tokenIdCheck); 88 void GetExtendedValueList(AccessTokenID tokenId, std::vector<PermissionWithValue>& extendedPermList); 89 private: 90 bool GetPermissionBriefData(AccessTokenID tokenID, const PermissionStatus &permState, 91 const std::map<std::string, std::string>& aclExtendedMap, BriefPermData& briefPermData); 92 bool GetPermissionStatus(const BriefPermData& briefPermData, PermissionStatus &permState); 93 void GetPermissionBriefDataList(AccessTokenID tokenID, 94 const std::vector<PermissionStatus>& permStateList, 95 const std::map<std::string, std::string>& aclExtendedMap, 96 std::vector<BriefPermData>& list); 97 void AddBriefPermDataByTokenId(AccessTokenID tokenID, const std::vector<BriefPermData>& listInput); 98 void UpdatePermStatus(const BriefPermData& permOld, BriefPermData& permNew); 99 uint32_t GetFlagWroteToDb(uint32_t grantFlag); 100 void MergePermBriefData(std::vector<BriefPermData>& permBriefDataList, BriefPermData& data); 101 bool isRestrictedPermission(uint32_t oldFlag, uint32_t newFlag); 102 int32_t UpdatePermStateList(AccessTokenID tokenId, uint32_t opCode, bool isGranted, uint32_t flag); 103 int32_t UpdateSecCompGrantedPermList(AccessTokenID tokenId, const std::string& permissionName, bool isToGrant); 104 int32_t VerifyPermissionStatus(AccessTokenID tokenID, uint32_t permCode); 105 void ClearAllSecCompGrantedPermById(AccessTokenID tokenID); 106 void SecCompGrantedPermListUpdated(AccessTokenID tokenID, const std::string& permissionName, bool isAdded); 107 int32_t GetBriefPermDataByTokenIdInner(AccessTokenID tokenID, std::vector<BriefPermData>& list); 108 int32_t TranslationIntoAclExtendedMap(AccessTokenID tokenId, const std::vector<GenericValues>& extendedPermRes, 109 std::map<std::string, std::string>& aclExtendedMap); 110 void GetExtendedValueListInner(AccessTokenID tokenId, std::vector<PermissionWithValue>& extendedPermList); 111 void DeleteExtendedValue(AccessTokenID tokenID); 112 PermissionDataBrief() = default; 113 DISALLOW_COPY_AND_MOVE(PermissionDataBrief); 114 OHOS::Utils::RWLock permissionStateDataLock_; 115 std::map<uint32_t, std::vector<BriefPermData>> requestedPermData_; 116 std::map<uint64_t, std::string> extendedValue_; 117 std::list<BriefSecCompData> secCompList_; 118 }; 119 } // namespace AccessToken 120 } // namespace Security 121 } // namespace OHOS 122 #endif // PERMISSION_DATA_BRIEF_H 123