1 /*
2 * Copyright (c) 2021-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hap_token_info_inner.h"
17
18 #include "accesstoken_dfx_define.h"
19 #include "accesstoken_id_manager.h"
20 #include "accesstoken_common_log.h"
21 #include "access_token_db_operator.h"
22 #include "access_token_error.h"
23 #include "data_translator.h"
24 #include "data_validator.h"
25 #include "hisysevent_adapter.h"
26 #include "json_parse_loader.h"
27 #include "short_grant_manager.h"
28 #include "token_field_const.h"
29 #include "permission_map.h"
30 #include "permission_data_brief.h"
31 #ifdef SUPPORT_SANDBOX_APP
32 #include "dlp_permission_set_manager.h"
33 #endif
34
35 namespace OHOS {
36 namespace Security {
37 namespace AccessToken {
38 namespace {
39 static const std::string DEFAULT_DEVICEID = "0";
40 static const unsigned int SYSTEM_APP_FLAG = 0x0001;
41 static const unsigned int ATOMIC_SERVICE_FLAG = 0x0002;
42 }
43
HapTokenInfoInner()44 HapTokenInfoInner::HapTokenInfoInner() : permUpdateTimestamp_(0), isRemote_(false)
45 {
46 tokenInfoBasic_.ver = DEFAULT_TOKEN_VERSION;
47 tokenInfoBasic_.tokenID = 0;
48 tokenInfoBasic_.tokenAttr = 0;
49 tokenInfoBasic_.userID = 0;
50 tokenInfoBasic_.apiVersion = 0;
51 tokenInfoBasic_.instIndex = 0;
52 tokenInfoBasic_.dlpType = 0;
53 }
54
HapTokenInfoInner(AccessTokenID id,const HapInfoParams & info,const HapPolicy & policy)55 HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id,
56 const HapInfoParams &info, const HapPolicy &policy) : permUpdateTimestamp_(0), isRemote_(false)
57 {
58 tokenInfoBasic_.tokenID = id;
59 tokenInfoBasic_.userID = info.userID;
60 tokenInfoBasic_.ver = DEFAULT_TOKEN_VERSION;
61 tokenInfoBasic_.tokenAttr = 0;
62 if (info.isSystemApp) {
63 tokenInfoBasic_.tokenAttr |= SYSTEM_APP_FLAG;
64 }
65 if (info.isAtomicService) {
66 tokenInfoBasic_.tokenAttr |= ATOMIC_SERVICE_FLAG;
67 }
68 tokenInfoBasic_.bundleName = info.bundleName;
69 tokenInfoBasic_.apiVersion = GetApiVersion(info.apiVersion);
70 tokenInfoBasic_.instIndex = info.instIndex;
71 tokenInfoBasic_.dlpType = info.dlpType;
72 PermissionDataBrief::GetInstance().AddPermToBriefPermission(id, policy.permStateList, policy.aclExtendedMap, true);
73 }
74
HapTokenInfoInner(AccessTokenID id,const HapTokenInfo & info,const std::vector<PermissionStatus> & permStateList)75 HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id,
76 const HapTokenInfo &info, const std::vector<PermissionStatus>& permStateList) : isRemote_(false)
77 {
78 permUpdateTimestamp_ = 0;
79 tokenInfoBasic_ = info;
80 PermissionDataBrief::GetInstance().AddPermToBriefPermission(id, permStateList, true);
81 }
82
HapTokenInfoInner(AccessTokenID id,const HapTokenInfoForSync & info)83 HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id,
84 const HapTokenInfoForSync& info) : isRemote_(true)
85 {
86 permUpdateTimestamp_ = 0;
87 tokenInfoBasic_ = info.baseInfo;
88 PermissionDataBrief::GetInstance().AddPermToBriefPermission(id, info.permStateList, false);
89 }
90
~HapTokenInfoInner()91 HapTokenInfoInner::~HapTokenInfoInner()
92 {
93 LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d destruction", tokenInfoBasic_.tokenID);
94 (void)PermissionDataBrief::GetInstance().DeleteBriefPermDataByTokenId(tokenInfoBasic_.tokenID);
95 }
96
Update(const UpdateHapInfoParams & info,const std::vector<PermissionStatus> & permStateList,const HapPolicy & hapPolicy)97 void HapTokenInfoInner::Update(const UpdateHapInfoParams& info, const std::vector<PermissionStatus>& permStateList,
98 const HapPolicy& hapPolicy)
99 {
100 tokenInfoBasic_.apiVersion = GetApiVersion(info.apiVersion);
101 if (info.isSystemApp) {
102 tokenInfoBasic_.tokenAttr |= SYSTEM_APP_FLAG;
103 } else {
104 tokenInfoBasic_.tokenAttr &= ~SYSTEM_APP_FLAG;
105 }
106 if (info.isAtomicService) {
107 tokenInfoBasic_.tokenAttr |= ATOMIC_SERVICE_FLAG;
108 } else {
109 tokenInfoBasic_.tokenAttr &= ~ATOMIC_SERVICE_FLAG;
110 }
111 Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->policySetLock_);
112 PermissionDataBrief::GetInstance().Update(tokenInfoBasic_.tokenID, permStateList, hapPolicy.aclExtendedMap);
113 }
114
TranslateToHapTokenInfo(HapTokenInfo & infoParcel) const115 void HapTokenInfoInner::TranslateToHapTokenInfo(HapTokenInfo& infoParcel) const
116 {
117 infoParcel = tokenInfoBasic_;
118 }
119
TranslationIntoGenericValues(GenericValues & outGenericValues) const120 void HapTokenInfoInner::TranslationIntoGenericValues(GenericValues& outGenericValues) const
121 {
122 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenInfoBasic_.tokenID));
123 outGenericValues.Put(TokenFiledConst::FIELD_USER_ID, tokenInfoBasic_.userID);
124 outGenericValues.Put(TokenFiledConst::FIELD_BUNDLE_NAME, tokenInfoBasic_.bundleName);
125 outGenericValues.Put(TokenFiledConst::FIELD_API_VERSION, tokenInfoBasic_.apiVersion);
126 outGenericValues.Put(TokenFiledConst::FIELD_INST_INDEX, tokenInfoBasic_.instIndex);
127 outGenericValues.Put(TokenFiledConst::FIELD_DLP_TYPE, tokenInfoBasic_.dlpType);
128 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_VERSION, tokenInfoBasic_.ver);
129 outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_ATTR, static_cast<int32_t>(tokenInfoBasic_.tokenAttr));
130 outGenericValues.Put(TokenFiledConst::FIELD_FORBID_PERM_DIALOG, isPermDialogForbidden_);
131 }
132
RestoreHapTokenBasicInfo(const GenericValues & inGenericValues)133 int HapTokenInfoInner::RestoreHapTokenBasicInfo(const GenericValues& inGenericValues)
134 {
135 tokenInfoBasic_.userID = inGenericValues.GetInt(TokenFiledConst::FIELD_USER_ID);
136 tokenInfoBasic_.bundleName = inGenericValues.GetString(TokenFiledConst::FIELD_BUNDLE_NAME);
137 if (!DataValidator::IsBundleNameValid(tokenInfoBasic_.bundleName)) {
138 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID: 0x%{public}x bundle name is error", tokenInfoBasic_.tokenID);
139 (void)HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
140 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "bundleName error");
141 return AccessTokenError::ERR_PARAM_INVALID;
142 }
143
144 tokenInfoBasic_.apiVersion = GetApiVersion(inGenericValues.GetInt(TokenFiledConst::FIELD_API_VERSION));
145 tokenInfoBasic_.instIndex = inGenericValues.GetInt(TokenFiledConst::FIELD_INST_INDEX);
146 tokenInfoBasic_.dlpType = inGenericValues.GetInt(TokenFiledConst::FIELD_DLP_TYPE);
147
148 tokenInfoBasic_.ver = (char)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_VERSION);
149 if (tokenInfoBasic_.ver != DEFAULT_TOKEN_VERSION) {
150 LOGE(ATM_DOMAIN, ATM_TAG, "TokenID: 0x%{public}x version is error, version %{public}d",
151 tokenInfoBasic_.tokenID, tokenInfoBasic_.ver);
152 (void)HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK",
153 HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "version error");
154 return AccessTokenError::ERR_PARAM_INVALID;
155 }
156 tokenInfoBasic_.tokenAttr = (uint32_t)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_ATTR);
157 isPermDialogForbidden_ = inGenericValues.GetInt(TokenFiledConst::FIELD_FORBID_PERM_DIALOG);
158 return RET_SUCCESS;
159 }
160
RestoreHapTokenInfo(AccessTokenID tokenId,const GenericValues & tokenValue,const std::vector<GenericValues> & permStateRes,const std::vector<GenericValues> extendedPermRes)161 int HapTokenInfoInner::RestoreHapTokenInfo(AccessTokenID tokenId,
162 const GenericValues& tokenValue,
163 const std::vector<GenericValues>& permStateRes,
164 const std::vector<GenericValues> extendedPermRes)
165 {
166 tokenInfoBasic_.tokenID = tokenId;
167 int ret = RestoreHapTokenBasicInfo(tokenValue);
168 if (ret != RET_SUCCESS) {
169 return ret;
170 }
171 Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->policySetLock_);
172 PermissionDataBrief::GetInstance().RestorePermissionBriefData(tokenId, permStateRes, extendedPermRes);
173 return RET_SUCCESS;
174 }
175
StoreHapInfo(std::vector<GenericValues> & valueList,const std::string & appId,ATokenAplEnum apl) const176 void HapTokenInfoInner::StoreHapInfo(std::vector<GenericValues>& valueList,
177 const std::string& appId, ATokenAplEnum apl) const
178 {
179 if (isRemote_) {
180 LOGI(ATM_DOMAIN, ATM_TAG, "Token %{public}u is remote hap token, will not store", tokenInfoBasic_.tokenID);
181 return;
182 }
183 GenericValues genericValues;
184 TranslationIntoGenericValues(genericValues);
185 genericValues.Put(TokenFiledConst::FIELD_APP_ID, appId);
186 genericValues.Put(TokenFiledConst::FIELD_APL, static_cast<int32_t>(apl));
187 genericValues.Put(TokenFiledConst::FIELD_DEVICE_ID, "0");
188 valueList.emplace_back(genericValues);
189 }
190
StorePermissionPolicy(std::vector<GenericValues> & permStateValues)191 void HapTokenInfoInner::StorePermissionPolicy(std::vector<GenericValues>& permStateValues)
192 {
193 if (isRemote_) {
194 LOGI(ATM_DOMAIN, ATM_TAG, "Token %{public}u is remote hap token, will not store.", tokenInfoBasic_.tokenID);
195 return;
196 }
197 Utils::UniqueReadGuard<Utils::RWLock> infoGuard(this->policySetLock_);
198 (void)PermissionDataBrief::GetInstance().StorePermissionBriefData(tokenInfoBasic_.tokenID, permStateValues);
199 }
200
GetReqPermissionSize()201 uint32_t HapTokenInfoInner::GetReqPermissionSize()
202 {
203 std::vector<BriefPermData> briefPermDataList;
204 int32_t ret = PermissionDataBrief::GetInstance().GetBriefPermDataByTokenId(
205 tokenInfoBasic_.tokenID, briefPermDataList);
206 if (ret != RET_SUCCESS) {
207 return 0;
208 }
209 return static_cast<uint32_t>(briefPermDataList.size());
210 }
211
GetUserID() const212 int HapTokenInfoInner::GetUserID() const
213 {
214 return tokenInfoBasic_.userID;
215 }
216
GetDlpType() const217 int HapTokenInfoInner::GetDlpType() const
218 {
219 return tokenInfoBasic_.dlpType;
220 }
221
GetAttr() const222 AccessTokenAttr HapTokenInfoInner::GetAttr() const
223 {
224 return tokenInfoBasic_.tokenAttr;
225 }
226
GetBundleName() const227 std::string HapTokenInfoInner::GetBundleName() const
228 {
229 return tokenInfoBasic_.bundleName;
230 }
231
GetInstIndex() const232 int HapTokenInfoInner::GetInstIndex() const
233 {
234 return tokenInfoBasic_.instIndex;
235 }
236
GetTokenID() const237 AccessTokenID HapTokenInfoInner::GetTokenID() const
238 {
239 return tokenInfoBasic_.tokenID;
240 }
241
GetHapInfoBasic() const242 HapTokenInfo HapTokenInfoInner::GetHapInfoBasic() const
243 {
244 return tokenInfoBasic_;
245 }
246
SetTokenBaseInfo(const HapTokenInfo & baseInfo)247 void HapTokenInfoInner::SetTokenBaseInfo(const HapTokenInfo& baseInfo)
248 {
249 tokenInfoBasic_ = baseInfo;
250 }
251
IsRemote() const252 bool HapTokenInfoInner::IsRemote() const
253 {
254 return isRemote_;
255 }
256
SetRemote(bool isRemote)257 void HapTokenInfoInner::SetRemote(bool isRemote)
258 {
259 isRemote_ = isRemote;
260 }
261
IsPermDialogForbidden() const262 bool HapTokenInfoInner::IsPermDialogForbidden() const
263 {
264 LOGI(ATM_DOMAIN, ATM_TAG, "%{public}d", isPermDialogForbidden_);
265 return isPermDialogForbidden_;
266 }
267
SetPermDialogForbidden(bool isForbidden)268 void HapTokenInfoInner::SetPermDialogForbidden(bool isForbidden)
269 {
270 isPermDialogForbidden_ = isForbidden;
271 }
272
GetApiVersion(int32_t apiVersion)273 int32_t HapTokenInfoInner::GetApiVersion(int32_t apiVersion)
274 {
275 uint32_t apiSize = 3; // 3: api version length
276 std::string apiStr = std::to_string(apiVersion);
277 uint32_t inputSize = apiStr.length();
278 if (inputSize <= apiSize) {
279 return apiVersion;
280 }
281 std::string api = apiStr.substr(inputSize - apiSize);
282 return std::atoi(api.c_str());
283 }
284
UpdateRemoteHapTokenInfo(AccessTokenID mapID,const HapTokenInfo & baseInfo,std::vector<PermissionStatus> & permStateList)285 void HapTokenInfoInner::UpdateRemoteHapTokenInfo(AccessTokenID mapID,
286 const HapTokenInfo& baseInfo, std::vector<PermissionStatus>& permStateList)
287 {
288 SetTokenBaseInfo(baseInfo);
289 PermissionDataBrief::GetInstance().AddPermToBriefPermission(baseInfo.tokenID, permStateList, false);
290 }
291
UpdatePermissionStatus(const std::string & permissionName,bool isGranted,uint32_t flag,bool & statusChanged)292 int32_t HapTokenInfoInner::UpdatePermissionStatus(
293 const std::string& permissionName, bool isGranted, uint32_t flag, bool& statusChanged)
294 {
295 Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->policySetLock_);
296 int32_t ret = PermissionDataBrief::GetInstance().UpdatePermissionStatus(tokenInfoBasic_.tokenID,
297 permissionName, isGranted, flag, statusChanged);
298 if (ret != RET_SUCCESS) {
299 LOGC(ATM_DOMAIN, ATM_TAG, "Update date brief failed, ret is %{public}d", ret);
300 return ret;
301 }
302 if (ShortGrantManager::GetInstance().IsShortGrantPermission(permissionName)) {
303 LOGI(ATM_DOMAIN, ATM_TAG,
304 "Short grant permission %{public}s should not be notified to db.", permissionName.c_str());
305 return RET_SUCCESS;
306 }
307 if (isRemote_) {
308 LOGI(ATM_DOMAIN, ATM_TAG, "Token %{public}u is remote hap token, will not store.", tokenInfoBasic_.tokenID);
309 return RET_SUCCESS;
310 }
311 std::vector<GenericValues> permStateValues;
312 ret = PermissionDataBrief::GetInstance().StorePermissionBriefData(tokenInfoBasic_.tokenID, permStateValues);
313 if (ret != RET_SUCCESS) {
314 return ret;
315 }
316
317 for (size_t i = 0; i < permStateValues.size(); i++) {
318 if (permStateValues[i].GetString(TokenFiledConst::FIELD_PERMISSION_NAME) != permissionName) {
319 continue;
320 }
321 GenericValues conditions;
322 conditions.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenInfoBasic_.tokenID));
323 conditions.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName);
324 (void)AccessTokenDbOperator::Modify(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, permStateValues[i], conditions);
325 }
326 return RET_SUCCESS;
327 }
328
GetPermissionStateList(std::vector<PermissionStatus> & permList)329 int32_t HapTokenInfoInner::GetPermissionStateList(std::vector<PermissionStatus>& permList)
330 {
331 std::vector<BriefPermData> briefPermDataList;
332 int32_t ret = PermissionDataBrief::GetInstance().GetBriefPermDataByTokenId(
333 tokenInfoBasic_.tokenID, briefPermDataList);
334 if (ret != RET_SUCCESS) {
335 return ret;
336 }
337 for (const auto& perm : briefPermDataList) {
338 PermissionStatus fullData;
339 (void)TransferOpcodeToPermission(perm.permCode, fullData.permissionName);
340 fullData.grantStatus = static_cast<int32_t>(perm.status);
341 fullData.grantFlag = perm.flag;
342 permList.emplace_back(fullData);
343 }
344 return RET_SUCCESS;
345 }
346
UpdateStatesToDB(AccessTokenID tokenID,std::vector<PermissionStatus> & stateChangeList)347 bool HapTokenInfoInner::UpdateStatesToDB(AccessTokenID tokenID, std::vector<PermissionStatus>& stateChangeList)
348 {
349 for (const auto& state : stateChangeList) {
350 GenericValues modifyValue;
351 modifyValue.Put(TokenFiledConst::FIELD_GRANT_STATE, state.grantStatus);
352 modifyValue.Put(TokenFiledConst::FIELD_GRANT_FLAG, static_cast<int32_t>(state.grantFlag));
353
354 GenericValues conditionValue;
355 conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenID));
356 conditionValue.Put(TokenFiledConst::FIELD_PERMISSION_NAME, state.permissionName);
357 int32_t res = AccessTokenDbOperator::Modify(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, modifyValue,
358 conditionValue);
359 if (res != 0) {
360 LOGE(ATM_DOMAIN, ATM_TAG,
361 "Update tokenID %{public}u permission %{public}s to database failed, err %{public}d ",
362 tokenID, state.permissionName.c_str(), res);
363 return false;
364 }
365 }
366
367 return true;
368 }
369
ResetUserGrantPermissionStatus(void)370 int32_t HapTokenInfoInner::ResetUserGrantPermissionStatus(void)
371 {
372 Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->policySetLock_);
373
374 int32_t ret = PermissionDataBrief::GetInstance().ResetUserGrantPermissionStatus(tokenInfoBasic_.tokenID);
375 if (ret != RET_SUCCESS) {
376 LOGE(ATM_DOMAIN, ATM_TAG, "Failed to reset user permission status.");
377 return ret;
378 }
379
380 std::vector<PermissionStatus> permListOfHap;
381 ret = GetPermissionStateList(permListOfHap);
382 if (ret != RET_SUCCESS) {
383 LOGE(ATM_DOMAIN, ATM_TAG, "Failed to get permission state list.");
384 return ret;
385 }
386
387 #ifdef SUPPORT_SANDBOX_APP
388 // update permission status with dlp permission rule.
389 DlpPermissionSetManager::GetInstance().UpdatePermStateWithDlpInfo(tokenInfoBasic_.dlpType, permListOfHap);
390 std::vector<PermissionWithValue> extendedPermList;
391 PermissionDataBrief::GetInstance().GetExtendedValueList(tokenInfoBasic_.tokenID, extendedPermList);
392 std::map<std::string, std::string> aclExtendedMap;
393 for (const auto& extendedperm : extendedPermList) {
394 aclExtendedMap[extendedperm.permissionName] = extendedperm.value;
395 }
396 PermissionDataBrief::GetInstance().Update(tokenInfoBasic_.tokenID, permListOfHap, aclExtendedMap);
397 #endif
398 if (!UpdateStatesToDB(tokenInfoBasic_.tokenID, permListOfHap)) {
399 return ERR_DATABASE_OPERATE_FAILED;
400 }
401 return RET_SUCCESS;
402 }
403
RefreshPermStateToKernel(const std::vector<std::string> & constrainedList,bool hapUserIsActive,AccessTokenID tokenId,std::map<std::string,bool> & refreshedPermList)404 void HapTokenInfoInner::RefreshPermStateToKernel(const std::vector<std::string>& constrainedList,
405 bool hapUserIsActive, AccessTokenID tokenId, std::map<std::string, bool>& refreshedPermList)
406 {
407 (void)PermissionDataBrief::GetInstance().RefreshPermStateToKernel(
408 constrainedList, hapUserIsActive, tokenId, refreshedPermList);
409 }
410
VerifyPermissionStatus(AccessTokenID tokenID,const std::string & permissionName)411 int32_t HapTokenInfoInner::VerifyPermissionStatus(AccessTokenID tokenID, const std::string& permissionName)
412 {
413 return PermissionDataBrief::GetInstance().VerifyPermissionStatus(tokenID, permissionName);
414 }
415
GetPermissionUsedType(AccessTokenID tokenID,const std::string & permissionName)416 PermUsedTypeEnum HapTokenInfoInner::GetPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName)
417 {
418 uint32_t code;
419 if (!TransferPermissionToOpcode(permissionName, code)) {
420 LOGE(ATM_DOMAIN, ATM_TAG, "permissionName is invalid %{public}s.", permissionName.c_str());
421 return PermUsedTypeEnum::INVALID_USED_TYPE;
422 }
423 return PermissionDataBrief::GetInstance().GetPermissionUsedType(tokenID, code);
424 }
425
QueryPermissionFlag(AccessTokenID tokenID,const std::string & permissionName,uint32_t & flag)426 int32_t HapTokenInfoInner::QueryPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag)
427 {
428 return PermissionDataBrief::GetInstance().QueryPermissionFlag(tokenID, permissionName, flag);
429 }
430
GetPermStatusListByTokenId(AccessTokenID tokenID,const std::vector<uint32_t> constrainedList,std::vector<uint32_t> & opCodeList,std::vector<bool> & statusList)431 void HapTokenInfoInner::GetPermStatusListByTokenId(AccessTokenID tokenID,
432 const std::vector<uint32_t> constrainedList, std::vector<uint32_t>& opCodeList, std::vector<bool>& statusList)
433 {
434 return PermissionDataBrief::GetInstance().GetPermStatusListByTokenId(
435 tokenID, constrainedList, opCodeList, statusList);
436 }
437
GetGrantedPermByTokenId(AccessTokenID tokenID,const std::vector<std::string> & constrainedList,std::vector<std::string> & permissionList)438 void HapTokenInfoInner::GetGrantedPermByTokenId(AccessTokenID tokenID,
439 const std::vector<std::string>& constrainedList, std::vector<std::string>& permissionList)
440 {
441 return PermissionDataBrief::GetInstance().GetGrantedPermByTokenId(tokenID, constrainedList, permissionList);
442 }
443
ClearAllSecCompGrantedPerm()444 void HapTokenInfoInner::ClearAllSecCompGrantedPerm()
445 {
446 PermissionDataBrief::GetInstance().ClearAllSecCompGrantedPerm();
447 }
448
IsPermissionGrantedWithSecComp(AccessTokenID tokenID,const std::string & permissionName)449 bool HapTokenInfoInner::IsPermissionGrantedWithSecComp(AccessTokenID tokenID, const std::string& permissionName)
450 {
451 return PermissionDataBrief::GetInstance().IsPermissionGrantedWithSecComp(tokenID, permissionName);
452 }
453
ToString()454 std::string HapTokenInfoInner::ToString()
455 {
456 std::vector<PermissionStatus> permStateList;
457 (void)GetPermissionStateList(permStateList);
458 std::vector<NativeTokenInfoBase> tokenInfos;
459 LibraryLoader loader(CONFIG_PARSE_LIBPATH);
460 ConfigPolicyLoaderInterface* policy = loader.GetObject<ConfigPolicyLoaderInterface>();
461 if (policy == nullptr) {
462 LOGE(ATM_DOMAIN, ATM_TAG, "Dlopen libaccesstoken_json_parse failed.");
463 return "";
464 }
465 return policy->DumpHapTokenInfo(tokenInfoBasic_, isRemote_, isPermDialogForbidden_, permStateList);
466 }
467 } // namespace AccessToken
468 } // namespace Security
469 } // namespace OHOS
470