1 /* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef APP_FILE_SERVICE_FILE_PERMISSION 17 #define APP_FILE_SERVICE_FILE_PERMISSION 18 19 #include <deque> 20 #include <string> 21 #include <vector> 22 #ifdef SANDBOX_MANAGER 23 #include "sandbox_manager_kit.h" 24 #endif 25 26 namespace OHOS { 27 namespace AppFileService { 28 using namespace std; 29 #ifdef SANDBOX_MANAGER 30 using namespace AccessControl::SandboxManager; 31 #endif 32 constexpr const int32_t MAX_ARRAY_SIZE = 500; 33 typedef enum OperationMode { 34 READ_MODE = 1 << 0, 35 WRITE_MODE = 1 << 1, 36 CREATE_MODE = 1 << 2, 37 DELETE_MODE = 1 << 3, 38 RENAME_MODE = 1 << 4, 39 } OperationMode; 40 41 typedef enum PolicyFlag { 42 ALLOW_PERSISTENCE = 1 << 0, 43 FORBID_PERSISTENCE = 1 << 1, 44 } PolicyFlag; 45 46 enum PolicyErrorCode { 47 PERSISTENCE_FORBIDDEN = 1, 48 INVALID_MODE = 2, 49 INVALID_PATH = 3, 50 PERMISSION_NOT_PERSISTED = 4, 51 }; 52 53 enum PolicyType { 54 TEMPORARY_TYPE = 0, 55 PERSISTENT_TYPE = 1, 56 }; 57 58 struct UriPolicyInfo { 59 string uri = ""; 60 uint32_t mode = OperationMode::READ_MODE; 61 }; 62 63 struct PathPolicyInfo { 64 string path = ""; 65 uint32_t mode = OperationMode::READ_MODE; 66 }; 67 68 struct PolicyErrorResult { 69 string uri = ""; 70 PolicyErrorCode code = PolicyErrorCode::PERSISTENCE_FORBIDDEN; 71 string message = ""; 72 }; 73 74 class FilePermission { 75 public: 76 static int32_t PersistPermission(const vector<UriPolicyInfo> &uriPolicies, 77 deque<struct PolicyErrorResult> &errorResults); 78 static int32_t RevokePermission(const vector<UriPolicyInfo> &uriPolicies, 79 deque<struct PolicyErrorResult> &errorResults); 80 static int32_t ActivatePermission(const vector<UriPolicyInfo> &uriPolicies, 81 deque<struct PolicyErrorResult> &errorResults); 82 static int32_t DeactivatePermission(const vector<UriPolicyInfo> &uriPolicies, 83 deque<struct PolicyErrorResult> &errorResults); 84 static int32_t CheckPersistentPermission(const vector<UriPolicyInfo> &uriPolicies, vector<bool> &errorResults); 85 static string GetPathByPermission(const std::string &userName, const std::string &permission); 86 static int32_t CheckUriPersistentPermission(uint32_t tokenId, 87 const vector<UriPolicyInfo> &uriPolicies, 88 vector<bool> &errorResults); 89 static int32_t CheckPathPermission(uint32_t tokenId, 90 const vector<PathPolicyInfo> &uriPolicies, 91 int32_t policyType, 92 vector<bool> &errorResults); 93 static int32_t GrantPermission(const vector<UriPolicyInfo> &uriPolicies, const std::string &bundleName, 94 int32_t appCloneIndex, deque<struct PolicyErrorResult> &errorResults); 95 #ifdef SANDBOX_MANAGER 96 private: 97 static void ParseErrorResults(const vector<uint32_t> &resultCodes, 98 const vector<PolicyInfo> &pathPolicies, 99 deque<struct PolicyErrorResult> &errorResults); 100 static void ParseErrorResults(const vector<bool> &resultCodes, vector<bool> &errorResults); 101 static vector<PolicyInfo> GetPathPolicyInfoFromUriPolicyInfo(const vector<UriPolicyInfo> &uriPolicies, 102 deque<struct PolicyErrorResult> &errorResults, bool checkAccess = true); 103 static vector<PolicyInfo> GetPathPolicyInfoFromUriPolicyInfo(const vector<UriPolicyInfo> &uriPolicies, 104 vector<bool> &errorResults); 105 static vector<PolicyInfo> GetSandboxPolicyInfo(const vector<PathPolicyInfo> &pathPolicies); 106 #endif 107 }; 108 } // namespace AppFileService 109 } // namespace OHOS 110 111 #endif