1 /* 2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef DLP_PERMISSION_SERVICE_H 17 #define DLP_PERMISSION_SERVICE_H 18 19 #include <atomic> 20 #include <string> 21 #include <vector> 22 #include <map> 23 #include "app_state_observer.h" 24 #include "app_uninstall_observer.h" 25 #include "dlp_permission_service_stub.h" 26 #include "iremote_object.h" 27 #include "nocopyable.h" 28 #include "retention_file_manager.h" 29 #include "sandbox_config_kv_data_storage.h" 30 #include "singleton.h" 31 #include "system_ability.h" 32 33 namespace OHOS { 34 namespace Security { 35 namespace DlpPermission { 36 enum class ServiceRunningState { STATE_NOT_START, STATE_RUNNING }; 37 38 class DlpPermissionService final : public SystemAbility, public DlpPermissionServiceStub { 39 DECLARE_DELAYED_SINGLETON(DlpPermissionService); 40 DECLEAR_SYSTEM_ABILITY(DlpPermissionService); 41 42 public: 43 DlpPermissionService(int saId, bool runOnCreate); 44 void OnStart() override; 45 void OnStop() override; 46 47 bool RegisterAppStateObserver(); 48 void UnregisterAppStateObserver(); 49 50 int32_t GenerateDlpCertificate( 51 const sptr<DlpPolicyParcel>& policyParcel, const sptr<IDlpPermissionCallback>& callback) override; 52 int32_t ParseDlpCertificate(const sptr<CertParcel>& certParcel, const sptr<IDlpPermissionCallback>& callback, 53 const std::string& appId, bool offlineAccess) override; 54 int32_t InstallDlpSandbox(const std::string& bundleName, DLPFileAccess dlpFileAccess, int32_t userId, 55 SandboxInfo& sandboxInfo, const std::string& uri) override; 56 int32_t UninstallDlpSandbox(const std::string& bundleName, int32_t appIndex, int32_t userId) override; 57 int32_t GetSandboxExternalAuthorization( 58 int sandboxUid, const AAFwk::Want& want, SandBoxExternalAuthorType& authType) override; 59 60 int32_t QueryDlpFileCopyableByTokenId(bool& copyable, uint32_t tokenId) override; 61 int32_t QueryDlpFileAccess(DLPPermissionInfoParcel& permInfoParcel) override; 62 int32_t IsInDlpSandbox(bool& inSandbox) override; 63 int32_t GetDlpSupportFileType(std::vector<std::string>& supportFileType) override; 64 int32_t RegisterDlpSandboxChangeCallback(const sptr<IRemoteObject>& callback) override; 65 int32_t UnRegisterDlpSandboxChangeCallback(bool& result) override; 66 int32_t RegisterOpenDlpFileCallback(const sptr<IRemoteObject>& callback) override; 67 int32_t UnRegisterOpenDlpFileCallback(const sptr<IRemoteObject>& callback) override; 68 69 int32_t GetDlpGatheringPolicy(bool& isGathering) override; 70 int32_t SetRetentionState(const std::vector<std::string>& docUriVec) override; 71 int32_t CancelRetentionState(const std::vector<std::string>& docUriVec) override; 72 int32_t GetRetentionSandboxList(const std::string& bundleName, 73 std::vector<RetentionSandBoxInfo>& retentionSandBoxInfoVec) override; 74 int32_t ClearUnreservedSandbox() override; 75 int32_t GetDLPFileVisitRecord(std::vector<VisitedDLPFileInfo>& infoVec) override; 76 int32_t SetSandboxAppConfig(const std::string& configInfo) override; 77 int32_t CleanSandboxAppConfig() override; 78 int32_t GetSandboxAppConfig(std::string& configInfo) override; 79 int32_t IsDLPFeatureProvided(bool& isProvideDLPFeature) override; 80 int32_t SetReadFlag(uint32_t uid) override; 81 int32_t SetMDMPolicy(const std::vector<std::string>& appIdList) override; 82 int32_t GetMDMPolicy(std::vector<std::string>& appIdList) override; 83 int32_t RemoveMDMPolicy() override; 84 void StartTimer(); 85 int Dump(int fd, const std::vector<std::u16string>& args) override; 86 int32_t SetDlpFeature(const uint32_t dlpFeatureInfo, bool& statusSetInfo) override; 87 88 private: 89 bool InsertDlpSandboxInfo(DlpSandboxInfo& sandboxInfo, bool hasRetention); 90 uint32_t DeleteDlpSandboxInfo(const std::string& bundleName, int32_t appIndex, int32_t userId); 91 bool GetCallerBundleName(const uint32_t tokenId, std::string& bundleName); 92 bool RemoveRetentionInfo(std::vector<RetentionSandBoxInfo>& retentionSandBoxInfoVec, RetentionInfo& info); 93 int32_t UninstallDlpSandboxApp(const std::string& bundleName, int32_t appIndex, int32_t userId); 94 int32_t SandConfigOperateCheck(SandboxConfigOperationEnum operationEnum, std::string& bundleName, 95 int32_t& userId, AccessToken::AccessTokenID& originalTokenId); 96 int32_t SandboxConfigOperate(std::string& configInfo, SandboxConfigOperationEnum operationEnum); 97 void TerminalService(); 98 void GetCfgFilesList(std::vector<std::string>& cfgFilesList); 99 void GetConfigFileValue(const std::string& cfgFile, std::vector<std::string>& typeList); 100 void InitConfig(std::vector<std::string>& typeList); 101 void SetTimer(bool isNeedStartTimer); 102 103 std::atomic<int32_t> repeatTime_; 104 std::shared_ptr<std::thread> thread_ = nullptr; 105 std::mutex mutex_; 106 std::mutex terminalMutex_; 107 std::shared_mutex dlpSandboxDataMutex_; 108 ServiceRunningState state_; 109 sptr<AppExecFwk::IAppMgr> iAppMgr_; 110 sptr<AppStateObserver> appStateObserver_; 111 std::shared_ptr<DlpEventSubSubscriber> dlpEventSubSubscriber_ = nullptr; 112 std::map<int, DLPFileAccess> dlpSandboxData_; 113 }; 114 } // namespace DlpPermission 115 } // namespace Security 116 } // namespace OHOS 117 #endif // DLP_PERMISSION_SERVICE_H 118